- Computers & electronics
- Software
- Alcatel Carrier Internetworking Solutions
- Network Router Switch/Router
- User manual
Alcatel Carrier Internetworking Solutions Network Router Switch/Router User manual
Add to my manuals1100 Pages
advertisement
▼
Scroll to page 2
of 1100
Part No. 060166-10, Rev. C March 2005 Omni Switch/Router ™ User Manual Release 4.5 www.alcatel.com An Alcatel service agreement brings your company the assurance of 7x24 no-excuses technical support. You’ll also receive regular software updates to maintain and maximize your Alcatel product’s features and functionality and on-site hardware replacement through our global network of highly qualified service delivery partners. Additionally, with 24-hour-a-day access to Alcatel’s Service and Support web page, you’ll be able to view and update any case (open or closed) that you have reported to Alcatel’s technical support, open a new case or access helpful release notes, technical bulletins, and manuals. For more information on Alcatel’s Service Programs, see our web page at www.ind.alcatel.com, call us at 1-800-995-2696, or email us at [email protected]. This Manual documents Release 4.5 Omni Switch/Router hardware and software. The functionality described in this Manual is subject to change without notice. Copyright© 2005 by Alcatel Internetworking, Inc. All rights reserved. This document may not be reproduced in whole or in part without the express written permission of Alcatel Internetworking, Inc. Alcatel® and the Alcatel logo are registered trademarks of Alcatel. Xylan®, OmniSwitch®, PizzaSwitch® and OmniStack® are registered trademarks of Alcatel Internetworking, Inc. AutoTracker™, OmniAccess™, OmniCore™, Omni Switch/Router™, OmniVista™, PizzaPort™, PolicyView™, RouterView™, SwitchManager™, SwitchStart™, VoiceView™, WANView™, WebView™, X-Cell™, X-Vision™ and the Xylan logo are trademarks of Alcatel Internetworking, Inc. All-In-OneSM is a service mark of Alcatel Internetworking, Inc. All other brand and product names are trademarks of their respective companies. 26801 West Agoura Road Calabasas, CA 91301 (818) 880-3500 FAX (818) 880-3505 [email protected] US Customer Support–(800) 995-2696 International Customer Support–(818) 878-4507 Internet–http://eservice.ind.alcatel.com Cautions FCC Compliance: This equipment has been tested and found to comply with the limits for Class A digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions in this guide, may cause interference to radio communications. Operation of this equipment in a residential area is likely to cause interference, in which case the user will be required to correct the interference at his own expense. The user is cautioned that changes and modifications made to the equipment without approval of the manufacturer could void the user’s authority to operate this equipment. It is suggested that the user use only shielded and grounded cables to ensure compliance with FCC Rules. This equipment does not exceed Class A limits per radio noise emissions for digital apparatus, set out in the Radio Interference Regulation of the Canadian Department of Communications. Avis de conformité aux normes du ministére des Communications du Canada Cet équipement ne dépasse pas les limites de Classe A d’émission de bruits radioélectriques pour les appareils numériques, telles que prescrites par le Réglement sur le brouillage radioélectrique établi par le ministére des Communications du Canada. Lithium Batteries Caution: There is a danger of explosion if the Lithium battery in your chassis is incorrectly replaced. Replace the battery only with the same or equivalent type of battery recommended by the manufacturer. Dispose of used batteries according to the manufacturer’s instructions. The manufacturer’s instructions are as follows: Return the module with the Lithium battery to Alcatel. The Lithium battery will be replaced at Alcatel’s factory. page iii page iv Table of Contents 1 Omni Switch/Router Chassis and Power Supplies . . . . . . . . . . . . . . . . 1-1 Omni Switch/Router User Interface (UI) Software . . . . . . . . . . . . . . . . . . . 1-2 Omni Switch/Router Network Management Software (NMS) . . . . . . . . . . . 1-2 Omni Switch/Router Distributed Switching Fabric . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 Omni Switch/Router Fabric Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4 Omni Switch/Router Applications and Configurations . . . . . . . . . . . . . . . . . . . . . . 1-5 Omni Switch/Router as the Backbone Connecting Several Networks . . . . . . . . 1-5 Omni Switch/Router as the Central Backbone Switch/Router and in the Wiring Closet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 Omni Switch/Router Chassis and Power Supplies . . OmniS/R-3 . . . . . . . . . . . . . . . . . . . . . . . . . . . OmniS/R-3 Chassis Technical Specifications OmniS/R-5 . . . . . . . . . . . . . . . . . . . . . . . . . . . OmniS/R-5 Technical Specifications . . . . . . OmniS/R-9 and OmniS/R-9P . . . . . . . . . . . . . . OmniS/R-9 Technical Specifications . . . . . . OmniS/R-9P Technical Specifications . . . . . OmniS/R-9P-48V Technical Specifications . . Omni Switch/Router Power Requirements . . . . Grounding a Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 . 1-8 . 1-9 1-10 1-12 1-13 1-15 1-16 1-17 1-18 1-21 The Omni Switch/Router Hardware Routing Engine (HRE-X) . . . . . . . . . . . . . . . 1-22 Valid HRE-X Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23 HRE-X Router Registers versus Feature Limitations . . . . . . . . . . . . . . . . . . . . 1-23 Connecting a DC Power Source to an OmniS/R-PS5-DC375 . . . . . . . . . . . . . . . . 1-24 Installing DC Power Source Wire Leads . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-24 Connecting a DC Power Source to an OmniS/R-PS9-DC725 . . . . . . . . . . . . . . . . 1-27 Installation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-27 Installing DC Power Source Wire Leads . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28 Replacing Power Supplies (9-Slot Chassis) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-30 2 The Omni Switch/Router MPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 Omni Switch/Router Management Processor Module (MPX) Features . . . . . . . . . . 2-1 MPX Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 MPX Serial and Ethernet Management Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 Ethernet Management Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 Configuring MPX Serial Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6 Flash Memory and Omni Switch/Router Software . . . . . . . . . . . . . . . . . . . . . . . . . 2-7 Flash Memory Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8 page v Table of Contents MPX Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9 Change-Over Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9 MPX Redundancy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10 3 Omni Switch/Router Switching Modules . . . . . . . . . . . . . . . . . . . . . . . . . 3-1 Required Image Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Installing a Switching Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Removing a Switching Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6 Hot Swapping a Switching Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 Diagnostic Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 Handling Fiber and Fiber Optic Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10 Gigabit Ethernet Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12 GSX-K-FM/FS/FH-2W . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12 GSX-K-FM/FS/FH-2W Technical Specifications . . . . . . . . . . . . . . . . . . . . 3-13 Auto-Sensing 10/100 Ethernet Modules . . . . . . . Ethernet RJ-45 Pinouts . . . . . . . . . . . . . . Ethernet RJ-45 Specifications . . . . . . . . . ESX-K-100C-32W . . . . . . . . . . . . . . . . . . . . . ESX-K-100C-32W Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15 3-15 3-15 3-15 3-17 Fast (100 Mbps) Ethernet Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19 ESX-K-100FM/FS-16W . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19 ESX-K-100FM/FS-16W Technical Specifications . . . . . . . . . . . . . . . . . . . . 3-20 WAN Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . WAN Pinouts . . . . . . . . . . . . . . . . . . . . . . . WAN BRI Port Specifications (S/T Interface) WAN BRI Port Specifications (U Interface) . WAN T1/E1 Port Specifications . . . . . . . . . . WAN Serial Port Specifications . . . . . . . . . . WSX-S-2W . . . . . . . . . . . . . . . . . . . . . . . . . . . WSX-S-2W Technical Specifications . . . . . . WSX-SC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . WSX-SC Technical Specifications . . . . . . . . WSX-FT1/E1-SC . . . . . . . . . . . . . . . . . . . . . . . . WSX-FT1/E1-SC Technical Specifications . . WSX-FE1-SC Cabling/Jumper Settings . . . . . WSX-BRI-SC . . . . . . . . . . . . . . . . . . . . . . . . . . WSX-BRI-SC Technical Specifications . . . . . page vi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22 3-22 3-23 3-23 3-24 3-25 3-27 3-27 3-29 3-30 3-32 3-33 3-35 3-36 3-37 Table of Contents 4 The User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 Overview of Command Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 Changing Between the CLI and UI Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Exit the Command Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 UI to CLI Command Cross Reference . . . . . . Hardware Commands . . . . . . . . . . . . . . Hardware Table . . . . . . . . . . . . . . . . Basic Switch Management Commands . . Basic Switch Management Table . . . . Network Management Commands . . . . . Network Management Table . . . . . . Layer II Switching Commands . . . . . . . . Layer II Switching Table . . . . . . . . . . Groups, VLANs, Policies Commands . . . Groups, VLANs, Policies Table . . . . . Routing Commands . . . . . . . . . . . . . . . . Routing Table . . . . . . . . . . . . . . . . . WAN Access Commands . . . . . . . . . . . . WAN Access Table . . . . . . . . . . . . . . Troubleshooting Diagnostics Commands Troubleshooting/Diagnostics Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 . 4-4 . 4-4 . 4-4 . 4-5 . 4-6 . 4-6 . 4-7 . 4-7 . 4-8 . 4-8 4-10 4-10 4-11 4-11 4-13 4-13 User Interface Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14 Main Menu Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15 General User Interface Guidelines . . . . . . . . . . . . . . . . . . Entering Command Names . . . . . . . . . . . . . . . . . . . . Quitting a Command . . . . . . . . . . . . . . . . . . . . . . . . . Scrolling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The UI Configuration Menu . . . . . . . . . . . . . . . . . . . . Configuring the System Prompt . . . . . . . . . . . . . . Configuring More Mode for the User Interface . . . Setting Verbose/Terse Mode for the User Interface Configuring the Auto Logout Time . . . . . . . . . . . . . . . Viewing Commands . . . . . . . . . . . . . . . . . . . . . . . . . Changing Passwords . . . . . . . . . . . . . . . . . . . . . . . . . Command History and Re-Executing Commands . . . . Abbreviating IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16 4-16 4-17 4-17 4-17 4-18 4-19 4-22 4-24 4-25 4-25 4-26 4-28 User Interface Display Options . . . . . . . . . . Setting Echo/NoEcho for User Entry . . . . Setting the Login Banner . . . . . . . . . . . . Creating a new Banner . . . . . . . . . . Permanent Banner . . . . . . . . . . . . . . Banners for Different Access Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30 4-31 4-31 4-32 4-32 4-32 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Login Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33 page vii Table of Contents Multiple User Sessions . . . . . . . . . . . . . . Listing Other Users . . . . . . . . . . . . . Communicating with Other Users . . . Deleting Other Sessions . . . . . . . . . . Advanced Kill Command Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33 4-34 4-35 4-35 4-37 UI Table Filtering (Using Search and Filter Commands) The Search Command . . . . . . . . . . . . . . . . . . . . . . Renewing a Search . . . . . . . . . . . . . . . . . . . . . The Filter Command . . . . . . . . . . . . . . . . . . . . . . . Combining Search and Filter Commands . . . . . . . . Using Wildcards with Search and Filter Commands . Wildcard Command Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38 4-39 4-40 4-41 4-42 4-44 4-44 5 Installing Switch Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 Using FTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 Using FTP Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Using ZMODEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4 Using ZMODEM with the load Command . . . . . . . . . . . . . . . . . . . . . . . . . 5-4 Using ZMODEM With the Boot Line Prompt . . . . . . . . . . . . . . . . . . . . . . . 5-5 6 Configuring Management Processor Modules . . . . . . . . . . . . . . . . . . . . 6-1 Changing Serial Port Communication Parameters . . . . . . . . . . . . . . . . . . . Changing Port Speed When Communication With The Switch Lost Configuring the Modem Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Modem Port Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring SLIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2 6-3 6-3 6-3 6-4 Configuring the Ethernet Management Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5 Ethernet Management Ports and Redundant Management Processor Modules . . . . 6-7 The MPM Command/Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . Displaying MPX Redundancy . . . . . . . . . . . . . . . . . . . . . . . MPM Menu Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . Using MPM Commands with Software Release 3.2 and Later . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9 . 6-9 . 6-9 6-10 Listing the Secondary MPX Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11 Transferring a File to the Secondary MPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11 Replacing a File on the Secondary MPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12 Loading a File from the Secondary MPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12 Removing a File from the Secondary MPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13 Giving Up Control to the Secondary MPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14 Setting the Load Suffix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14 Setting Automatic Config Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15 Enabling Automatic Config Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . 6-15 Disabling Automatic Config Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . 6-15 page viii Table of Contents Synchronizing Configuration Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16 Synchronizing Image Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16 Loading a File From the Primary MPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17 Gaining Control from the Primary MPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18 Resetting a Secondary MPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-19 Displaying and Setting the Swap State Displaying the Swap State . . . . . . Enabling the Swap Mode . . . . . . . Disabling the Swap Mode . . . . . . 7 Managing Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20 6-20 6-20 6-21 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 File Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 Displaying the Current Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Configuration and Log File Generation . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Changing Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Listing Switch Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3 Deleting Switch Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 Deleting Multiple Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 Deleting All Image Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 Copying System Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6 Displaying Text Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6 Editing Text Files . . . . . . . . . . . . . . . . . . . . . . . . Clearing the Text Buffer . . . . . . . . . . . . . . . . . Loading an ASCII File into the Text Buffer . . . Listing the Contents of the Text Buffer . . . . . . Adding Lines of Text to the Text Buffer . . . . . Deleting a Line of Text from the Text Buffer . Inserting a Line of Text into the Text Buffer . . Editing a Line Name of Text in the Text Buffer Creating a File Name for the Text Buffer . . . . Creating a Text File from the Text Buffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7 . 7-7 . 7-8 . 7-8 . 7-8 . 7-9 . 7-9 . 7-9 7-10 7-10 Real-World Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11 Real-World Example 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11 Real-World Example 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12 System Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-13 Checking the Flash File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-14 Creating a New File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-15 8 Switch Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1 Changing Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 Rebooting the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3 page ix Table of Contents Secure Switch Access . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring the Secure Switch Access Filter Database Configuring Secure Access Filter Points . . . . . . . . . . Enabling/Disabling Security Parameters . . . . . . . Adding Filters . . . . . . . . . . . . . . . . . . . . . . . . . . Deleting Filters . . . . . . . . . . . . . . . . . . . . . . . . . Viewing Secure Access Violations Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4 . 8-4 . 8-7 . 8-9 . 8-9 . 8-9 8-10 Managing User Login Accounts . . . . . . . . . . . . . . . . . . . . . . . . Partition Management Requirements . . . . . . . . . . . . . . . . . . Default Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding a User Account Using the UI Command Mode . . . . Adding a User Account Using the CLI Command Mode . . . . Assigning Account Privileges Using the CLI Command Mode Assigning Account Privileges Using the UI Command Mode Command Family Table . . . . . . . . . . . . . . . . . . . . . . . . Global Family Table . . . . . . . . . . . . . . . . . . . . . . . . . . . Modifying a User Account . . . . . . . . . . . . . . . . . . . . . . . . . Deleting a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11 8-11 8-12 8-12 8-13 8-13 8-16 8-18 8-19 8-20 8-20 9 Configuring Switch-Wide Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1 Summary Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1 Displaying the MIB-II System Group Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 Displaying the Chassis Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3 Displaying Current Router Interface Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4 System Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5 Displaying Basic System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6 Setting the System Date and Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8 Viewing Slot Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-14 Viewing System Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-15 Clearing System Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-16 Viewing Task Utilization Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-17 Viewing Memory Utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-19 Viewing MPX Memory Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-20 Checking the Flash File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-21 Checking the SIMM Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-21 Creating a New File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-22 Creating a SIMM File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-22 Configuring System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-23 Viewing CAM Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-24 Configuring CAM Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-25 Configuring the HRE-X Router Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-27 Configuring and Displaying the HRE-X Hash Table . . . . . . . . . . . . . . . . . . . . 9-29 page x Table of Contents Duplicate MAC Address Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-30 Multicast Claiming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-32 Disabling Flood Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-32 Saving Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-33 10 Switch Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1 Logging Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1 Configuring the Syslog Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2 Configuring Switch Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6 Displaying the Command History Entries in the MPM Log . . . . . . . . . . . . . . . . . . 10-9 Displaying the Connection Entries in the MPM Log . . . . . . . . . . . . . . . . . . . . . . .10-10 Displaying Screen (Console) Capture Entries in the MPM Log . . . . . . . . . . . . . . .10-11 Displaying Debug Entries in the MPM Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-13 Displaying Secure Access Entries in the MPM Log . . . . . . . . . . . . . . . . . . . . . . . .10-13 11 Health Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1 The Health Statistics Management Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1 Setting Resource Thresholds . . . . . . Setting Bandwidth Thresholds . . Setting Miscellaneous Thresholds Setting the Sampling Interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2 11-3 11-4 11-6 View Switch-Level Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-6 View Module-Level Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-7 View Port-Level Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-8 Reset Health Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-8 12 Network Time Protocol . . . . . . Introduction . . . . . . . . . . Stratum . . . . . . . . . . . . . . Using NTP in a Network . NTP and Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1 12-1 12-2 12-2 12-4 Network Time Protocol Management Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5 NTP Configuration Menu . . . . . . . . . . . . . . . Configuring an NTP Client . . . . . . . . . . . Configuring an NTP Client/Server . . . . . Configuring Client/Server Authentication Configuring a New Peer Association . . . . Configuring a New Server . . . . . . . . . . . Configuring a Broadcast Time Service . . Unconfigure Existing Peer Associations . Set the Server’s Advertised Precision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6 . 12-6 . 12-8 . 12-9 .12-12 .12-13 .12-13 .12-14 .12-14 page xi Table of Contents NTP Information Menu . . . . . . . . . . . . . . . . . . . . . . . . Display List of Peers the Server Knows About . . . . . Display Peer Summary Information . . . . . . . . . . . . Display Alternate Peer Summary Information . . . . . Display Detailed Information for One or More Peers Print Version Number . . . . . . . . . . . . . . . . . . . . . . Display Local Server Information . . . . . . . . . . . . . . page xii . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-15 .12-15 .12-16 .12-17 .12-18 .12-20 .12-21 NTP Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Display Local Server Statistics . . . . . . . . . . . . . . . . . . . . . . . Display Server Statistics Associated with Particular Peer(s) . . Display Loop Filter Information . . . . . . . . . . . . . . . . . . . . . Display Peer Memory Usage Statistics . . . . . . . . . . . . . . . . . Display I/O Subsystem Statistics . . . . . . . . . . . . . . . . . . . . . Display Event Timer Subsystem Statistics . . . . . . . . . . . . . . Reset Various Subsystem Statistics Counters . . . . . . . . . . . . Reset Stat Counters Associated With Particular Peer(s) . . . . . Display Packet Count Statistics from the Control Module . . . Display the Current Leap Second State . . . . . . . . . . . . . . . . Turn the Server's Monitoring Facility On or Off . . . . . . . . . . Display Data The Server's Monitor Routines Have Collected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-23 .12-23 .12-24 .12-26 .12-26 .12-27 .12-28 .12-28 .12-28 .12-29 .12-30 .12-31 .12-31 NTP Administration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Set the Primary Receive Timeout . . . . . . . . . . . . . . . . . . . . . Set the Delay Added to Encryption Time Stamps . . . . . . . . . Specify the Host Whose NTP Server We Talk To . . . . . . . . . Specify a Password to Use for Authenticated Requests . . . . . Set Key ID to Use for Authenticated Requests . . . . . . . . . . . . Set Key Type to Use for Authenticated Requests (DES|MD5) Set a System Flag (Auth, Bclient, Monitor, Stats) . . . . . . . . . . Clear a System Flag (Auth, Bclient, Monitor, Stats) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-33 .12-33 .12-33 .12-34 .12-34 .12-34 .12-35 .12-35 .12-35 NTP Access Control Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . Change the Request Message Authentication Key ID . . . . . Change the Control Message Authentication Key ID . . . . . Add One or More Key ID's to the Trusted List . . . . . . . . . Display the Trusted Key ID List . . . . . . . . . . . . . . . . . . . . Remove One or More Key ID's from the Trusted List . . . . Display the State of the Authentication Code . . . . . . . . . . Create Restrict Entry/Add Flags to Entry . . . . . . . . . . . . . . View the Server's Restrict List . . . . . . . . . . . . . . . . . . . . . . Remove Flags from a Restrict Entry . . . . . . . . . . . . . . . . . Delete a Restrict Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . Configure a Trap in the Server . . . . . . . . . . . . . . . . . . . . . Display the Traps Set in the Server . . . . . . . . . . . . . . . . . . Remove a Trap (Configured or Otherwise) from the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-36 .12-36 .12-37 .12-37 .12-37 .12-38 .12-38 .12-39 .12-40 .12-41 .12-41 .12-41 .12-42 .12-42 . . . . . . . . . . . . . . . . . . . . . . . . . . . . Table of Contents 13 SNMP (Simple Network Management Protocol) . . . . . . . . . . . . . . . . 13-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1 Configuring SNMP Parameters and Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2 Configuring a New Network Management Station . . . . . . . . . . . . . . . . . . 13-4 Viewing SNMP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-8 Trap Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-11 SNMP Standard Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-15 Extended Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-27 14 DNS Resolver and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1 Configuring the DNS Resolver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1 The Names Submenu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1 Remote Network Monitoring (RMON) Probes and Events . . . . . . . . . . . . Ethernet Probes . . . . . . . . . . . History Probes . . . . . . . . . . . . Alarm Probes . . . . . . . . . . . . . Monitoring Probes . . . . . . . . . . . . Monitoring Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3 14-3 14-3 14-3 14-3 14-4 14-5 Configuring Router Port MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-6 Restoring Router Port Mac Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-6 15 Managing Ethernet Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1 Overview of Omni Switch/Router Ethernet Modules . . . . . . . . . . . . . . . . . . . . . . 15-1 Kodiak Ethernet Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3 The Ethernet Management Menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-4 Configuring 10/100 Auto-Sensing Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-5 Connecting Kodiak Modules to Non-Auto-Negotiating Links . . . . . . . . . . 15-6 Configuring Kodiak Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-7 Viewing Configurations for 10/100 Ethernet Modules . . . . . . . . . . . . . . . . . . . . . 15-8 OmniChannel . . . . . . . . . . . . . . . . . . . . The Server Channel Feature . . . . . . . Server Channel Limitations . . . . . Creating an OmniChannel . . . . . . . . Adding Ports to an OmniChannel . . . Deleting an OmniChannel . . . . . . . . Deleting Ports from an OmniChannel Viewing OmniChannel Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-9 .15-10 .15-11 .15-11 .15-13 .15-13 .15-14 .15-14 page xiii Table of Contents 16 Managing 802.1Q Groups ............ IEEE 802.1Q Sections Not Implemented Application Example . . . . . . . . . . . . . . . . . Single vs. Multiple Spanning Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-1 16-2 16-3 16-4 Assigning an 802.1Q Group to a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-7 Configuring 802.1Q on 10/100 Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . 16-8 Configuring 802.1Q on Gigabit Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . .16-11 Modifying 802.1Q Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-12 Modifying 802.1Q Groups for 10/100 Ports . . . . . . . . . . . . . . . . . . . . . . . . . .16-12 Modifying 802.1Q Groups for Gigabit Ethernet Ports . . . . . . . . . . . . . . . . . . .16-14 Viewing 802.1Q Groups in a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-16 Viewing 802.1Q Statistics for 10/100 Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-17 Deleting 802.1Q Groups from a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-18 17 Configuring Bridging Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-1 Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-3 Bridge Management Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-4 Selecting a Default Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-7 Using the + or - to Change Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-7 Bridging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Displaying Bridge Forwarding Table . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring a Static Bridge Address . . . . . . . . . . . . . . . . . . . . . . . . . . . Modifying a Static Bridge Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deleting a Static Bridge Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Displaying Static Bridge Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . Displaying Bridge Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Displaying Media Access Control (MAC) Information for a Specific MAC address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Displaying Media Access Control (MAC) Information for all MAC addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Display Statistics of Bridge MAC Addresses . . . . . . . . . . . . . . . . . . . . . . Clear Statistics of Bridge MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . Display Remote Trunking Stations . . . . . . . . . . . . . . . . . . . . . . . . . . . . View the Domain Bridge Mapping Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-8 . 17-8 .17-10 .17-11 .17-12 .17-13 .17-14 . . . .17-16 . . . . . . . . . . . . . . . .17-17 .17-17 .17-18 .17-18 .17-19 Setting Flood Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-21 Setting Flood Limits for a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-21 Displaying Group Flood Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-22 Configuring Spanning Tree . . . . . . . . . . . . . . . Configuring Spanning Tree Parameters . . . . Display Spanning Tree Bridge Parameters . Configuring Spanning Tree Port Parameters Displaying Spanning Tree Port Parameters . page xiv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-23 .17-25 .17-28 .17-30 .17-32 Table of Contents Configuring Fast Spanning Tree . . . . . . . . . . . . . . . . . . . . . . . . . Truncating Tree Timing & Speedy Tree Protocol . . . . . . . . . . Truncating Tree Timing . . . . . . . . . . . . . . . . . . . . . . . . . Speedy Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Truncating Tree Timing & Speedy Tree Protocol Displaying Fast Spanning Tree Port Parameters . . . . . . . . . . . Enabling Fast Spanning Tree Port Parameters . . . . . . . . . . . . Disabling Fast Spanning Tree Port Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-34 .17-35 .17-35 .17-35 .17-35 .17-36 .17-38 .17-39 Configuring Source Routing . . . . SAP Filtering . . . . . . . . . . . . Enabling SAP Filtering . . Disabling SAP filtering . . Configuring SAP Filtering Viewing SAP Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-40 .17-40 .17-40 .17-41 .17-41 .17-42 Configuring Source Route to Transparent Bridging Enabling SRTB for a Group . . . . . . . . . . . . . . Disabling SRTB for a Group . . . . . . . . . . . . . . Viewing the RIF Table . . . . . . . . . . . . . . . . . . Clearing the RIF Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-43 .17-44 .17-45 .17-46 .17-47 18 Configuring Frame Translations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-1 Any-to-Any Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-1 Translating the Frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-3 The MAC Header . . . . . . . . . . . . . . . . Canonical versus Non-Canonical . . Abbreviated Addresses . . . . . . . . . Functional Addresses and Multicasts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-4 18-4 18-4 18-4 The RIF Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-5 Source Route Termination by Proxy Not Supported . . . . . . . . . . . . . . . . . . . 18-5 Encapsulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Protocols other than IP and IPX . . . . . . . . . . . . . . . . . . . . The SNAP Conversion . . . . . . . . . . . . . . . . . . . . . . . . . . . Other Conversions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Summary of Non-IPX Encapsulation Transformation Rules IPX Encapsulation Transformation Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Network Header . . . . . . . . . . . Address Mapping . . . . . . . . . . Address Mapping in IP: ARP Address Mapping in IPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-6 18-6 18-7 18-7 18-7 18-8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-9 . 18-9 . 18-9 .18-10 Frame Size Requirements . . . . . . . . . . . . . . . . . . . . . Insertion of Frame Padding . . . . . . . . . . . . . . . . . Stripping of Padding for all IEEE 802.3 Frames. No stripping of non-IPX Ethertype Frames . . . IPX Specific Stripping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-11 .18-11 .18-11 .18-11 .18-11 page xv Table of Contents MTU Handling . . . . . . . . . . . . IP Fragmentation . . . . . . . . ICMP Based MTU Discovery IPX Packet Size Negotiation Other Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-12 .18-12 .18-12 .18-12 .18-12 Banyan Vines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-13 Configuring Encapsulation Options . . . . . . . . . . . . . . . . . . Forwarding versus Flooding . . . . . . . . . . . . . . . . . . . . . Port Based Translation Options . . . . . . . . . . . . . . . . . . MAC Address Based Translation Options . . . . . . . . . . . “Native” versus “Non-Native” on Ethernet . . . . . . . . . . . “Native” versus “Non-Native” on FDDI and Token Ring No Translation on Trunk or PTOP ports . . . . . . . . . . . . The Proprietary Token Ring IPX Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-14 .18-14 .18-14 .18-14 .18-15 .18-15 .18-15 .18-15 The User Interface . . . . . . . . . . . . . . . . . . . . . The addvp, modvp and crgp Commands . . The Default Translation Option . . . . . . . . . Ethernet Factory Default Translations . . FDDI Factory Default Translations . . . . Token Ring Factory Default Translations ATM LANE Factory Default Translations The Ethertype Option . . . . . . . . . . . . . The SNAP Option . . . . . . . . . . . . . . . . The LLC Option . . . . . . . . . . . . . . . . . . Interaction with the new interface . . . . The “vi” Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-16 .18-17 .18-17 .18-18 .18-18 .18-19 .18-19 .18-20 .18-21 .18-23 .18-24 .18-24 The Switch Menu . . . . . . . . . . . . . . . . . . . Proprietary IPX Token Ring . . . . . . . . . Factory Defaults . . . . . . . . . . . . . . . . . Default Ethernet Translations . . . . . . . . Default FDDI Translations . . . . . . . . . . Default Token Ring Translations . . . . . Port Translations . . . . . . . . . . . . . . . . . Configuring Additional Ports . . . . . Displaying Ethernet Switch Statistics . . . Displaying Token Ring Switch Statistics Any to Any MAC Translations . . . . . . . Default Autoencapsulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-25 .18-25 .18-25 .18-26 .18-27 .18-28 .18-30 .18-31 .18-31 .18-35 .18-39 .18-40 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Translational Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-41 Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-41 Translations across Trunks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-41 Dissimilar LAN Switching Capabilities . . . . . . . . . . . . . . . . . . . . . Switching Between Similar LANs . . . . . . . . . . . . . . . . . . . . . . Switching Between Ethernet LANs Across a Trunked Backbone Switching Between Similar LANs across a Native Backbone . . . page xvi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-42 .18-42 .18-43 .18-44 Table of Contents 19 Managing Groups and Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-1 How Ports Are Assigned to Groups . . . . . . . . . . . . Static Port Assignment . . . . . . . . . . . . . . . . Dynamic Port Assignment (Group Mobility) How Dynamic Port Assignment Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-2 19-2 19-2 19-3 Mobile Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Mobile Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Turning Group Mobility On or Off . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding Port Membership in Mobile Groups . . . . . . . . . . . . . . . . . . How a Device Is Dropped from the Default Mobile Group (def_group) How a Port’s Primary Mobile Group Changes (move_from_def) . . . . . How a Port Ages Out of a Mobile Group (move_to_def) . . . . . . . . . . . Configuring Switch-Wide Group Mobility Variables . . . . . . . . . . . . . . . . . . Viewing Ports in a Mobile Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Viewing a Port’s Mobile Group Affiliations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-5 . 19-5 . 19-6 . 19-7 . 19-9 .19-10 .19-11 .19-12 .19-14 .19-14 Non-Mobile Groups and AutoTracker VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . .19-15 Routing in a Non-Mobile Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-15 Spanning Tree and Non-Mobile Groups . . . . . . . . . . . . . . . . . . . . . . . . .19-16 Group and Port Software Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-17 Creating a New Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 1. Entering Basic Group Information . . . . . . . . . . . . . . . . . Step 2. Configuring the Virtual Router Port (Optional) . . . . . . . . Step 3. Set Up Group Mobility and User Authentication . . . . . . Step 4. Configuring Virtual Ports . . . . . . . . . . . . . . . . . . . . . . . Step 5. Configuring AutoTracker Policies (Mobile Groups Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-18 .19-19 .19-21 .19-27 .19-28 .19-34 Creating a WAN Routing Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-35 Viewing Current Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-38 Modifying a Group or VLAN . . . . . . Viewing Your Changes . . . . Saving Your Changes . . . . . . Canceling Your Changes . . . Changing the IP Address . . . Changing the IP Subnet Mask Enabling IP or IPX Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-40 .19-41 .19-41 .19-41 .19-41 .19-41 .19-42 Deleting a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-43 Adding Virtual Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-44 Modifying a Virtual Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-45 Deleting a Virtual Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-46 Viewing Information on Ports in a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-47 Viewing Detailed Information on Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-50 Viewing Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-53 Viewing Port Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-55 page xvii Table of Contents Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How Port Mirroring Works . . . . . . . . . . . . . . . . . What Happens to the Mirroring Port . . . . . . . . . . Using Port Mirroring With External RMON Probes Setting Up Port Mirroring . . . . . . . . . . . . . . . . . . . . . Disabling Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-57 .19-57 .19-57 .19-58 .19-60 .19-60 Port Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . Port Monitoring Menu . . . . . . . . . . . . . . . . . . . RAM Disk System for Data Capture Files . . . . . Configuring RAM Drive Resources (pmcfg) . Changing the Default System Directory (cd) Starting a Port Monitoring Session (pmon) . . . . If You Chose Dump to Screen . . . . . . . . . . If You Did Not Choose Dump to Screen . . . Ending a Port Monitoring Session . . . . . . . . Viewing Port Monitoring Statistics (pmstat) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-61 .19-61 .19-62 .19-62 .19-62 .19-63 .19-64 .19-64 .19-65 .19-65 Port Mapping . . . . . . . . . . . . . . . . . . . . . . . Groups/VLANs and Port Mapping . . . The Details of Port Mapping . . . . . . . . . Who Can Talk to Whom? . . . . . . . . . Port Mapping Limitations . . . . . . . . . . . . Creating a Port Mapping Set . . . . . . . . . . Adding Ports to a Port Mapping Set . . . . Removing Ports from a Port Mapping Set Viewing a Port Mapping Set . . . . . . . . . . Deleting a Port Mapping Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-66 .19-66 .19-67 .19-68 .19-68 .19-69 .19-70 .19-71 .19-72 .19-72 Priority VLANs . . . . . . . . . . . . . . . . . . . . . . Mammoth vs. Kodiak Priority VLANs Configuring VLAN Priority . . . . . . . . . . . Viewing VLAN Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-73 .19-73 .19-74 .19-74 20 Configuring Group and VLAN Policies . . . . . . . . . . . . . . . . . . . . . . . . . 20-1 AutoTracker Policy Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-2 Defining and Configuring AutoTracker Policies . Where These Procedures Start . . . . . . . . Defining a Port Policy . . . . . . . . . . . . . . . . . Defining a MAC Address Policy . . . . . . . . . . Defining a MAC Address Range Policy . . . . . Defining a Protocol Policy . . . . . . . . . . . . . . Defining a Network Address Policy . . . . . . . Defining Your Own Rules . . . . . . . . . . . . . . Defining a Port Binding Policy . . . . . . . . . . . Defining a DHCP Port Policy . . . . . . . . . . . . Defining a DHCP MAC Address Policy . . . . . Defining a DHCP MAC Address Range Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-4 . 20-4 . 20-5 . 20-6 . 20-7 . 20-8 .20-11 .20-13 .20-15 .20-20 .20-21 .20-22 Viewing Mobile Groups and AutoTracker VLANs . . . . . . . . . . . . . . . . . . . . . . . .20-23 page xviii Table of Contents Viewing Policy Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-24 Viewing Virtual Ports’ Group/VLAN Membership . . . . . . . . . . . . . . . . . . . . . . . .20-25 View VLAN Membership of MAC Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-26 Application Example: DHCP Policies The VLANs . . . . . . . . . . . . . DHCP Servers and Clients . . DHCP Port and MAC Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-27 .20-27 .20-28 .20-29 21 Interswitch Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-1 Interswitch Protocol Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-1 XMAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . XMAP Transmission States . . . . . . . . . . . . . . Discovery Transmission State . . . . . . . . . Common Transmission State . . . . . . . . . Passive Reception State . . . . . . . . . . . . . Common Transmission and Remote Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-2 21-3 21-3 21-4 21-4 21-4 Configuring XMAP . . . . . . . . . . . . . . . . . . . . . . . Enabling or Disabling XMAP . . . . . . . . . . . . . Viewing a List of Adjacent Switches . . . . . . . . Configuring the Discovery Transmission Time Configuring the Common Transmission Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-5 21-5 21-5 21-6 21-7 VLAN Advertisement Protocol (VAP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-8 VAP and Port Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-9 Configuring VAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-9 GMAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . GMAP Updating Rules . . . . . . . . . . . . . . . . Configuring GMAP . . . . . . . . . . . . . . . . . . Enabling and Disabling GMAP . . . . . . . . . . Configuring the Gap Time . . . . . . . . . . . . . Configuring the Interpacket Update Time . . Configuring the Hold Time . . . . . . . . . . . . Displaying GMAP Statistics by MAC Address 22 Managing AutoTracker VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21-10 .21-10 .21-11 .21-11 .21-11 .21-12 .21-12 .21-13 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-1 The AutoTracker Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-2 AutoTracker VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . AutoTracker VLAN Policies . . . . . . . . . . . . . . . . . . . . . . The Default VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How Devices are Assigned to AutoTracker VLANs . . . . . The defvl Command . . . . . . . . . . . . . . . . . . . . . . . . Devices that Generate a Secondary Traffic Type . . . . Router Traffic in IP and IPX Network Address VLANs Port Policy Functionality . . . . . . . . . . . . . . . . . . . . . Frame Flooding in AutoTracker VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-3 . 22-3 . 22-4 . 22-5 . 22-5 . 22-6 . 22-7 . 22-9 .22-15 page xix Table of Contents Routing Between AutoTracker VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-15 Creating AutoTracker VLANs . . . . . . . . . . . . . . . . . . . . . . Step A. Entering Basic VLAN Information . . . . . . . . . . Step B. Defining and Configuring VLAN Policies . . . . . Step C. Configuring the Virtual Router Port (Optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-16 .22-16 .22-18 .22-19 Modifying an AutoTracker VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-24 Deleting an AutoTracker VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-26 Viewing AutoTracker VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-27 Viewing Policy Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-28 Viewing Virtual Ports’ VLAN Membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-29 View VLAN Membership of MAC Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-30 Creating a VLAN for Banyan Vines Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-31 23 Multicast VLANs ....................... How Devices are Assigned to Multicast VLANs Multicast VLANs and Multicast Claiming . . . . . Frame Flooding in Multicast VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-1 23-2 23-2 23-3 Creating Multicast VLANs . . . . . . . . . . . . . . . . . . . . . . Step A. Entering Basic Information . . . . . . . . . . . . Step B. Defining the Multicast Address . . . . . . . . . Step C. Defining the Recipients of Multicast Traffic Defining Recipients By Port . . . . . . . . . . . . . . Defining Recipients By MAC Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-4 23-5 23-6 23-7 23-7 23-8 Modifying Multicast VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-9 Deleting a Multicast VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23-11 Modifying a Multicast Address Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23-12 Viewing Multicast VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23-13 Viewing Multicast VLAN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23-14 Viewing the Virtual Interface of Multicast VLANs . . . . . . . . . . . . . . . . . . . . . . . .23-15 24 AutoTracker VLAN Application Examples . . . . . . . . . . . . . . . . . . . . . . 24-1 Application Example 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-2 VLANs Based on Logical Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-2 Application Example 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-4 VLANs in IPX Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-4 IPX VLAN Assignment at Bootup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-5 Application Example 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-7 IPX Network Address VLANs and Translated Frames . . . . . . . . . . . . . . . . . . . 24-7 Application Example 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-8 Routing in IPX Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-8 Application Example 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-10 Traversing a Backbone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-10 page xx Table of Contents 25 IP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-1 IP Routing Overview . . . . . . . . Routing Protocols . . . . . . . Transport Protocols . . . . . . Application-Layer Protocols Additional IP Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-2 25-2 25-3 25-3 25-3 Setting Up IP Routing on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-4 The Networking Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-6 The IP Submenu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-7 Viewing the Address Translation (ARP) Table . . . . . . . . . Displaying All Entries in the ARP Table . . . . . . . Adding Entries to the ARP Table . . . . . . . . . . . . . Deleting Entries from the ARP Table . . . . . . . . . . Flushing Temporary Entries from the ARP Table . Finding a Specific IP Address in the ARP Table . . Finding a Specific MAC Address in the ARP Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-8 . 25-8 . 25-9 .25-10 .25-10 .25-10 .25-11 Viewing IP Statistics and Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-12 Viewing the IP Forwarding Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-15 Adding an IP Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-17 Removing an IP Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-19 Viewing ICMP Statistics and Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-20 Using the PING Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-22 Viewing UDP Statistics and Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-24 Viewing the UDP Listener Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-25 Viewing RIP Statistics and Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-26 Viewing TCP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-27 Viewing the TCP Connection Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-29 Using the TELNET Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-30 Cancelling a Telnet request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-30 Tracing an IP Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-31 Flushing the RIP Routing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-32 Configuring IP RIP Filters . . . . . . . . . . . . . . . . . . . Adding a “Global” IP RIP Filter . . . . . . . . . . Adding an IP RIP Filter For a Specific Group IP RIP Filter Precedence . . . . . . . . . . . . . . . . . Deleting IP RIP Filters . . . . . . . . . . . . . . . . . . . ....... ....... or VLAN ....... ....... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-33 .25-33 .25-34 .25-35 .25-36 page xxi Table of Contents Displaying IP RIP Filters . . . . . . . . . . . . . . . . Displaying a List of All IP RIP Filters . . . . . Displaying a List of “Global” IP RIP Filters Displaying a List of Specific IP RIP Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-37 .25-37 .25-38 .25-38 Viewing the IP-to-MAC Address Table . . . . . . . . . . . . . Displaying All Entries in the IP-to-MAC Table . . Displaying Information for a Specific IP Address Flushing Entries from the Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-39 .25-39 .25-40 .25-40 Enabling/Disabling Directed Broadcasts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-41 Path MTU Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-42 26 UDP Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-1 UDP Relay and RIF Stripping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-1 UDP Relay Hardware/Software Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-2 UDP Relay Configuration Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-3 BOOTP/DHCP Relay . . . . . . . . . . . . . . . . . . . . . . . . Overview of DHCP . . . . . . . . . . . . . . . . . . . . . . DHCP and the OmniS/R . . . . . . . . . . . . . . . . . . BOOTP/DHCP Relay and Source Routing . . . . . . BOOTP/DHCP Relay and Authentication . . . . . . External BOOTP Relay . . . . . . . . . . . . . . . . . . . Internal BOOTP/DHCP Relay . . . . . . . . . . . . . . . Example 1 . . . . . . . . . . . . . . . . . . . . . . . . . . Example 2 . . . . . . . . . . . . . . . . . . . . . . . . . . Enabling BOOTP/DHCP Relay . . . . . . . . . . . . . . Configuring BOOTP/DHCP Relay Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-4 . 26-4 . 26-4 . 26-5 . 26-5 . 26-6 . 26-7 . 26-7 . 26-8 . 26-9 .26-10 NetBIOS Relays . . . . . . . . . . . . . . . . . . . . . Overview of NetBIOS . . . . . . . . . . . . . NetBIOS Relay Application . . . . . . . . . Configuring NBNS Relay . . . . . . . . . . . Next-Hop Addresses for NBNS . . . . Forwarding VLANs for NBNS Relay . Configuring NBDD Relay . . . . . . . . . . . Next-Hop Addresses for NBDD . . . Forwarding VLANs for NBDD Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-11 .26-11 .26-12 .26-13 .26-14 .26-15 .26-16 .26-17 .26-18 Generic Service UDP Relay . . . . Generic Services Menu . . . . Adding a Generic Service . . . Modifying a Generic Service Deleting a Generic Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-19 .26-19 .26-19 .26-21 .26-22 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Viewing UDP Relay Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-23 page xxii Table of Contents 27 IPX Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-1 Introduction . . . . . . . . . . . . . . . . . . . . . . IPX Routing Overview . . . . . . . . . . . . IPX Protocols . . . . . . . . . . . . . . . . Setting Up IPX Routing on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-1 27-2 27-2 27-3 The IPX Submenu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-4 Viewing the IPX Routing Table . . . . . . . . . . . . . . . . Displaying All Entries in the IPX Routing Table . Using IPXR with Frame Relay or ISDN Boards Displaying a List of Specific IPX Routes . . . . . . . ... ... .. ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-5 27-5 27-6 27-7 Viewing IPX Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-8 Viewing the IPX SAP Bindery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-10 Using IPXSAP with Frame Relay or ISDN Boards . . . . . . . . . . . . . . . . . . .27-11 Displaying a List of Specific SAP Servers . . . . . . . . . . . . . . . . . . . . . . . . .27-11 Adding an IPX Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-12 Removing an IPX Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-13 Turning the IPX Router Complex On and Off . . . . . . . . . . . . . . . . . . . . . . . . . . .27-14 Flushing the IPX RIP/SAP Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-15 Using the IPXPING Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-16 Configuring IPX RIP/SAP Filtering . . . . . . . . . . . . Adding a “Global” IPX RIP/SAP Filter . . . Adding an IPX RIP/SAP Filter for a Specific Deleting an IPX RIP/SAP Filter . . . . . . . . . . . . Displaying IPX RIP/SAP Filters . . . . . . . . . . . . Displaying a List of All IPX Filters . . . . . . . Displaying a List of “Global” IPX Filters . . Displaying a List of Specific IPX Filters . . . IPX RIP/SAP Filter Precedence . . . . . . . . . . . . ............. ............. Group or VLAN ............. ............. ............. ............. ............. ............. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-18 .27-19 .27-20 .27-22 .27-23 .27-23 .27-24 .27-24 .27-25 Configuring IPX Serialization Packet Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . .27-26 Enabling IPX Serialization Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-26 Disabling IPX Serialization Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-27 Configuring IPX Watchdog Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-28 Enabling IPX Watchdog Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-28 Disabling IPX Watchdog Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-29 Configuring SPX Keepalive Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-30 Enabling SPX Keepalive Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-30 Disabling SPX Keepalive Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-31 Controlling IPX Type 20 Packet Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-32 Configuring NetWare to Minimize WAN Connections . . . . . . . . . . . . . . . . . . . . .27-33 Configuring RIP and SAP Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-35 Adding a RIP and SAP Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-35 Viewing RIP and SAP Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-36 page xxiii Table of Contents Configuring Extended RIP and SAP Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-37 Enabling or Disabling Extended RIP and SAP Packets . . . . . . . . . . . . . . . . . .27-37 Viewing the Current Status of Extended Packets . . . . . . . . . . . . . . . . . . . . . .27-37 Configuring an IPX Default Route . . . . . . . . . . Adding an IPX Default Route . . . . . . . . . . . Viewing the Status of an IPX Default Route Disabling an IPX Default Route . . . . . . . . . 28 Managing WAN Switching Modules Introduction . . . . . . . . . . . . . . . Type of Service (ToS) . . . . . ToS and QoS Interaction DTR Dial Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-38 .27-38 .27-38 .27-38 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-1 28-2 28-4 28-5 Supported Physical Interfaces . . . Universal Serial Port . . . . . . . ISDN Basic Rate Interface Port Fractional T1 Port . . . . . . . . . Fractional E1 Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-6 28-6 28-6 28-6 28-6 Supported Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-7 Application Examples . . . . . . . . . . . . . . . . . . Frame Relay WSX Using Serial Ports . . . . . Back-to-Back WSX Using T1 Ports . . . . . . Combined Frame Relay with ISDN Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-7 28-7 28-8 28-9 Omni Switch/Router WAN Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28-10 Cable Interfaces for Universal Serial Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28-11 DTE/DCE Type and Transmit/Receive Pins . . . . . . . . . . . . . . . . . . . . . . . . . .28-11 Data Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28-12 Loopback Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28-13 The WAN Port Software Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . Setting Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . Modifying a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Serial Port Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ISDN-BRI Port Example . . . . . . . . . . . . . . . . . . . . . . . . . . . Fractional T1 Port Example . . . . . . . . . . . . . . . . . . . . . . . . Viewing Configuration Parameters for the WSX . . . . . . . . . . . . Viewing Parameters for all Submodules in the Chassis . . . . . Viewing Parameters for all Ports in a Single Submodule . . . Viewing Port Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . Deleting Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Obtaining Status and Statistical Information . . . . . . . . . . . . . . . Obtaining Information on All Boards in a Switch . . . . . . . . Obtaining Information on the Ports for a Single WSX Board Viewing Information on a Single Port . . . . . . . . . . . . . . . . . Configuring 31 Timeslots on a WAN E1 Port . . . . . . . . . . . . . . . page xxiv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28-14 .28-14 .28-14 .28-15 .28-21 .28-24 .28-27 .28-27 .28-28 .28-29 .28-37 .28-38 .28-38 .28-40 .28-42 .28-45 Table of Contents 29 Managing Frame Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-1 Back-to-Back Frame Relay Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . 29-3 Universal Serial Port Cable Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-4 “Physical” and “Logical” Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-4 Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-5 Virtual Circuits and DLCIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-6 WSX Self-Configuration and Virtual Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-7 Congestion Control . . . . . . . . . . . . . . . . . . . . . . . Regulation Parameters . . . . . . . . . . . . . . . Discard Eligibility (DE) Flag . . . . . . . . . . . Interaction Among Congestion Parameters Notification By BECN . . . . . . . . . . . . . . . . Notification By FECN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-8 . 29-8 . 29-9 . 29-9 .29-11 .29-12 Frame Formats Supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-13 Bridging Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-14 Frame Relay IP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-15 The Frame Relay Subnet and “Split Horizon” . . . . . . . . . . . . . . . . . . . . .29-16 Frame Relay IPX Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-18 Trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-19 Frame Relay Fragmentation Interleaving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-20 The Frame Relay Software Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-21 Setting Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-22 Modifying a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-22 Modifying a Virtual Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-29 Adding a Virtual Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-32 Viewing Configuration Parameters for the WSX . . . . . . Viewing Parameters for all WSXs in the Chassis Viewing Port Parameters . . . . . . . . . . . . . . . . . Viewing Virtual Circuit Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-33 .29-33 .29-34 .29-35 Deleting Ports and Virtual Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-36 Deleting a Virtual Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-36 Deleting a Port and Its Virtual Circuits . . . . . . . . . . . . . . . . . . . . . . . . . .29-37 Obtaining Status and Statistical Information . . . . . . . Information on All Boards in a Switch . . . . . Information on the Ports for One WSX Board Information on One Port . . . . . . . . . . . . . . . Information on One Virtual Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-38 .29-38 .29-42 .29-43 .29-51 Resetting Statistics Counters . Resetting Statistics for Resetting Statistics for Resetting Statistics for . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-54 .29-54 .29-54 .29-54 .................. a WSX Board . . . . . . . a WSX Port . . . . . . . . . a Virtual Circuit (DLCI) page xxv Table of Contents Managing Frame Relay Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-55 Configuring a Bridging Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-57 Configuring a WAN Routing Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-59 Step 1. Set Up a Frame Relay Routing Group . . . . . . . . . . . . . . . . . . . . .29-59 Step 2. Set Up a Frame Relay Routing Service . . . . . . . . . . . . . . . . . . . . .29-60 Configuring a Trunking Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-62 Viewing Frame Relay Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-64 Modifying a Frame Relay Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-65 Deleting a Frame Relay Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-66 30 Point-to-Point Protocol .............. PPP Connection Phases . . . . . . . . . . . . . . . Data Compression . . . . . . . . . . . . . . . . . . . Multi-Link PPP . . . . . . . . . . . . . . . . . . . . . Multilink Modes of Operation . . . . . . . . PPP Fragmentation Interleaving . . . . . . . . . Overview of PPP Configuration Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-1 30-1 30-2 30-2 30-3 30-3 30-4 The PPP Submenu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-6 PPP Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-6 Setting Global PPP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-7 Adding a PPP Entity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-9 Modifying a PPP Entity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-15 Viewing PPP Entity Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-16 Displaying the Configuration of All PPP Entities . . . . . . . . . . . . . . . . . . .30-16 Displaying the Configuration of a Specific PPP Entity . . . . . . . . . . . . . . .30-17 Displaying PPP Entity Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-18 Displaying the Status of All PPP Entities . . . . . . . . . . . . . . . . . . . . . . . . .30-18 Displaying the Status of a Specific PPP Entity . . . . . . . . . . . . . . . . . . . . .30-19 Deleting a PPP Entity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-21 31 WAN Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-1 Configuring WAN Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-1 The Link Submenu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-2 Adding a WAN Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-3 Adding WSX Port Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-3 Adding ISDN Call Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-4 Modifying a WAN Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-9 Modifying ISDN Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-9 Modifying WSX Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31-10 Deleting WAN Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31-11 page xxvi Table of Contents Viewing WAN Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31-12 Displaying All Existing WAN Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31-12 Displaying Information for a Specific WAN Link . . . . . . . . . . . . . . . . . . .31-13 Displaying Link Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31-15 Displaying Status for All WAN Links . . . . . . . . . . . . . . . . . . . . . . . . . . . .31-15 Displaying Status for a Specific WAN Link . . . . . . . . . . . . . . . . . . . . . . .31-16 32 Managing ISDN Ports ................................ Overview of ISDN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Basic Rate Interface (BRI) Versus Primary Rate Interface (PRI) “U”, “S/T” , and “R” Interfaces . . . . . . . . . . . . . . . . . . . . . . . The “B,” “D,” and “H” Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-1 32-1 32-1 32-2 32-2 The ISDN Submenu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-3 Switch Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-3 Modifying an ISDN Configuration Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-4 Deleting an ISDN Configuration Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-5 Viewing an ISDN Configuration Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-6 Displaying ISDN Configuration Entry Status . Displaying Status of All ISDN Ports . . . . Displaying Status of a Specific ISDN Slot Displaying Status of a Specific ISDN Port 33 Managing T1 and E1 Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-7 32-7 32-8 32-9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33-1 T1 and E1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33-2 The T1/E1 Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33-3 Configuring a T1 Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33-4 Configuring an E1 Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33-8 Viewing T1/E1 Configuration and Alarm Information . . . Viewing Information for all T1/E1 Ports in the Switch Viewing Information for T1/E1 Ports on One Module Viewing Information For a T1 Port . . . . . . . . . . . . . . Viewing Information For an E1 Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33-11 .33-11 .33-12 .33-13 .33-15 Viewing T1/E1 Local Statistics . . . . . Viewing Total Local Statistics . . . Viewing Current Local Statistics . Viewing Local Historical Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33-17 .33-17 .33-18 .33-19 Viewing T1 Remote Statistics . . . . . . . . . . . . . . . Viewing Total Remote Statistics . . . . . . . . . . Viewing Current Remote Statistics . . . . . . . . Viewing Remote Historical Statistics . . . . . . . Clearing the Framer Statistics for a T1/E1 Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33-20 .33-20 .33-21 .33-21 .33-22 page xxvii Table of Contents 34 Backup Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34-1 Backup Services Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Accessing the Backup Services Menu . . . . . . . . . . . . . . . . . . . . . . Adding a Backup Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding a backup for a Physical Port . . . . . . . . . . . . . . . . . . . . Backing Up a Frame Relay PVC . . . . . . . . . . . . . . . . . . . . . . . Modifying a Backup Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Modifying a backup for a Physical Port . . . . . . . . . . . . . . . . . . Modifying a Frame Relay PVC Backup Service . . . . . . . . . . . . Viewing Backup Service(s) Configurations . . . . . . . . . . . . . . . . . . Viewing the Configurations of All Backup Services . . . . . . . . . Viewing the Configuration of a Single Backup Service (bsview Command) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deleting a Backup Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Viewing Backup Service Statistics . . . . . . . . . . . . . . . . . . . . . . . . . Clearing Backup Service Statistics . . . . . . . . . . . . . . . . . . . . . . 35 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34-2 . 34-2 . 34-3 . 34-3 . 34-6 . 34-9 . 34-9 .34-10 .34-11 .34-11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34-11 .34-11 .34-12 .34-13 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35-1 Detecting Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35-1 Reporting Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35-3 Report Hardware Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35-3 Report Software Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35-4 Understanding Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35-5 Software Installation Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35-5 Operational Problems . . . . . . . . . Deadlocked VLAN . . . . . . . . . Probable Cause . . . . . . . . Solution . . . . . . . . . . . . . . Problems with IP Applications Probable Cause . . . . . . . . Solution . . . . . . . . . . . . . . Protocol Problems . . . . . . . . . Probable Cause . . . . . . . . Solution . . . . . . . . . . . . . . page xxviii . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35-6 35-6 35-7 35-7 35-7 35-7 35-7 35-8 35-8 35-8 Hardware Problems . . . . . . . . . . . . . LEDs Do Not Light on All Modules Probable Cause . . . . . . . . . . . Solution . . . . . . . . . . . . . . . . . Amber Color in LEDs . . . . . . . . . . Probable Cause . . . . . . . . . . . Solution . . . . . . . . . . . . . . . . . Non-Blinking OK2 LED . . . . . . . . Probable Cause . . . . . . . . . . . Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35-9 35-9 35-9 35-9 35-9 35-9 35-9 35-9 35-9 35-9 Table of Contents TEMP LED is Amber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . STA LED Is Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Probable Cause . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Switch Does Not Boot When Flash File System Is Full and Trying To Create the mpm.cnf File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Probable Cause . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding Error Messages . . . . . . . . . . . . Correcting Errors . . . . . . . . . . . . . . . . . . . . . . Module Startup/Shutdown Error Messages Serial Port Configuration Errors . . . . . . . . Module Connection Errors . . . . . . . . . . . . Chassis Error Messages . . . . . . . . . . . . . . Chassis Error Messages Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35-10 .35-10 .35-10 .35-10 .35-10 .35-10 .35-10 .35-10 .35-11 .35-11 .35-11 .35-11 .35-12 .35-12 .35-13 .35-13 36 Running Hardware Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36-1 Running Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36-2 Login to Run Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36-3 Resetting a Switching Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36-4 Disabling a Switching Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36-4 Temperature Masking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36-5 Running Hardware Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Sample Command Lines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Halting Diagnostic Tests in Progress . . . . . . . . . . . . . . . . . . . . Port Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Omni Switch/Router Port Test Wrap Cable/Plug Requirements Sample Test Session: Ethernet Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36-6 . 36-9 . 36-9 . 36-9 .36-10 .36-12 Displaying Available Diagnostic Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36-15 Configuring the Diagnostic Test Environment . . . . . . . . . . . . . . . . . . . . . . . . . . .36-16 Configuring Tests for Ethernet Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . .36-17 Running Frame Fabric Tests on Omni Switch/Routers . . . . . . . . . . . . . . . . . . . . .36-18 Running Diagnostics on an Entire Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36-20 Diagnostic Test Cable Schematics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36-22 page xxix Table of Contents A The Boot Line Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Entering the Boot Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2 Boot Prompt Basics . . . . . . . . . . . . . . . . . . . . . . . . . . Resuming Switch Boot (@) . . . . . . . . . . . . . . . Displaying Current Configuration (p) . . . . . . . Loading the Last Configured Boot File (l) . . . . Listing Available Files in the Flash Memory (L) Deleting All Files in the Flash Memory (P) . . . Deleting Specific Files in the Flash Memory (R) Saving Configuration Changes (S) . . . . . . . . . . Viewing Version Number (V) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3 A-3 A-4 A-4 A-5 A-5 A-5 A-6 A-6 Configuring a Switch with an MPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7 B Custom Cables ............................................. V.35 DTE Cable (For WSX-to-DCE Device Connection) . . . . . . . . . . . . . V.35 DCE Cable (For WSX-to-DTE Device Connection) . . . . . . . . . . . . . RS232 DTE Cable (For WSX-to-DCE Device Connection) . . . . . . . . . . . . RS232 DCE Cable (For WSX-to-DTE Device Connection) . . . . . . . . . . . . RS530 DTE Cable (For WSX-to-DCE Device Connection) . . . . . . . . . . . . RS530 DCE Cable (For WSX-to-DTE Device Connection) . . . . . . . . . . . . X.21 DTE Cable (For WSX-to-DCE Device Connection) . . . . . . . . . . . . . X.21 DCE Cable (For WSX-to-DTE Device Connection) . . . . . . . . . . . . . RS449 DTE Cable (For WSX-to-DCE Device Connection) . . . . . . . . . . . . RS-449 DCE Cable Assembly (For WSX-to-DTE Device 75W Connection) RJ-45 to DB15F Cable Assembly (For T1/E1 Port 120W Connections) . . . RJ-45 to BNC Cable Assembly (For E1 75W Port Connections) . . . . . . . . Index page xxx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1 . B-2 . B-3 . B-4 . B-5 . B-6 . B-7 . B-8 . B-9 B-10 B-11 B-12 B-13 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .I-1 1 Omni Switch/Router Chassis and Power Supplies Alcatel's Omni Switch/Router (OmniS/R) is an advanced, multi-layer switching platform (Layer 2 and 3) that supports the most demanding switch requirements. With Omni Switch/Router, network administrators can replace aging FDDI or Fast Ethernet backbones with high capacity Gigabit Ethernet backbones. ♦ Important Notes ♦ Beginning with Release 4.4, FDDI is no longer supported. Beginning with Release 4.5, ATM, Token Ring, M013, and Mammoth-based Ethernet Modules are no longer supported. Omni Switch/Router modules can be distinguished from older OmniSwitch modules by the X in the module name. For example, the ESM-100C-32W is an OmniSwitch module whereas the ESX-100C-32W is an Omni Switch/Router module. Omni Switch/Router has a distributed switching fabric. In a 9-slot chassis operating at full duplex, Omni Switch/Router offers an aggregate 22 Gigabit per second (Gbps) distributed switching fabric. In addition, Omni Switch/Router offers new high density switching modules, including auto-sensing 10/100 Ethernet modules that offer high speed network connections to servers and desktops. (See Omni Switch/Router Applications and Configurations on page 1-5 for examples.) The Omni Switch/Router Management Processor Module (MPX) module provides the core routing, VLAN MAC learning, SNMP, and file management functions for the entire Omni Switch/Router. In addition, the MPX has an Ethernet plug-in port for managing the switch. Only one MPX is required per Omni Switch/Router, but you can add another MPX for redundancy. See Chapter 2, “The Omni Switch/Router MPX,” for more information on the MPX. ♦ Important Note ♦ Omni Switch/Router switching modules require an MPX. You cannot install any version of the MPM (i.e., MPM-C, MPM 1G, MPM II, or original MPM) in a chassis with an MPX. An Omni Switch/Router Hardware Routing Engine (HRE-X). The HRE-X offers high-speed Layer 3 switching from 1.5 to 12.0 million packets per second (Mpps) in a fully loaded chassis. See The Omni Switch/Router Hardware Routing Engine (HRE-X) on page 1-22 for more information on the HRE-X. Omni Switch/Router switching modules perform software filtering, translations between dissimilar network interfaces, and hardware-based switching. Omni Switch/Router switching modules have an additional on-board interface connector for the HRE-X. Page 1-1 Currently, Omni Switch/Router switching modules consist of Gigabit Ethernet modules, autosensing Ethernet modules, Fast 10/100 Ethernet modules, 10 Mbps Ethernet modules, WAN modules, and Voice Over IP (VOIP) modules. See Chapter 3, “Omni Switch/Router Switching Modules,” for documentation. ♦ Important Note ♦ Omni Switch/Router modules require the use of an Omni Switch/Router chassis (see Omni Switch/Router Chassis and Power Supplies on page 1-7). Do not install an Omni Switch/Router module in an OmniSwitch chassis and do not install an OmniSwitch module in an Omni Switch/Router chassis. Omni Switch/Router User Interface (UI) Software Omni Switch/Router hardware uses the same User Interface (UI) commands and Network Management Software (NMS) as OmniSwitch hardware. Omni Switch/Router modules support broadcast management, multicast management, any-to-any switching, virtual LANs (VLANs), firewalls, user authentication, WAN access, and policy-based configuration. ♦ Important Note ♦ In Release 4.4 and later, the Omni Switch/Router is factory-configured to boot up in CLI (Command Line Interface) mode, rather than in UI (User Interface) mode. Chapter 4, “The User Interface,” includes documentation on changing from CLI mode to UI mode. Omni Switch/Router Network Management Software (NMS) You need Release 3.4, or higher, of Alcatel’s X-Vision Network Management Software (NMS) to operate with Omni Switch/Router hardware. Page 1-2 Omni Switch/Router Distributed Switching Fabric Omni Switch/Router Distributed Switching Fabric Many switches in the market employ a shared memory architecture, which uses a central switching engine to send data to the appropriate port. As shown in the figure below, data enters the input port (➊ below), crosses the switching fabric on its way to the central switching engine(➋ below), and again crosses the switching fabric (➌ below) before exiting the appropriate output port (❹ below). Central Switching Engine Note: Unlike distributed switch fabric, data is forced to cross switch fabric twice. ➋ ➊ Switch Fabric I/O Port ➌ I/O Port ❹ Traditional Shared Memory Architecture In contrast, Omni Switch/Router switches use a distributed switching fabric. As shown in the figure below, data enters the input port and crosses the switching fabric only once before exiting the appropriate output port. Compared to the shared memory architecture, only half as much bandwidth is required since data just crosses the switching fabric once. Switch Fabric I/O Port I/O Port Omni Switch/Router Distributed Switching Fabric Page 1-3 Omni Switch/Router Distributed Switching Fabric Omni Switch/Router Fabric Capacity In a chassis with Omni Switch/Router modules only, each Omni Switch/Router module provides 2.4 Gbps of switching capacity in full-duplex mode. In a chassis with all Omni Switch/Router modules, the Omni Switch/Router architecture provides up to a 22 Gbps distributed switching fabric. As shown in the figure below, an OmniS/R-9 with an MPX and eight (8) Omni Switch/Router switching modules provides 22 Gbps of switching capacity. An an OmniS/R-5 with an MPX and four (4) Omni Switch/Router switching modules provides 12 Gbps of switching capacity, while an OmniS/R-3 with an MPX and two (2) Omni Switch/Router switching modules provides 7 Gbps of switching capacity. Fabric Capacity (Gbps) 22 OmniS/R-9 OmniS/R-5 12 OmniS/R-3 7 1 MPX 3 5 7 9 Omni Switch/Router Switching Modules Omni Switch/Router Fabric Capacity in OmniS/R-3, OmniS/R-5 and OmniS/R-9 Chassis Page 1-4 Omni Switch/Router Applications and Configurations Omni Switch/Router Applications and Configurations Omni Switch/Router hardware is ideally suited to meet the most demanding server and backbone needs. In addition, Omni Switch/Router hardware can be integrated easily with OmniSwitches and with OmniStack workgroup switches. The examples that follow show how the Omni Switch/Router can be used as a network backbone and as the central switch/router in a wiring closet. Omni Switch/Router as the Backbone Connecting Several Networks The figure below shows how Omni Switch/Router Gigabit Ethernet and 10/100 Ethernet modules can be used as a network backbone. In this example, two networks on two different floors need high speed access to a server farm on the first floor. Server 10/100 Ethernet 3rd Floor OmniSwitch Fast Ethernet (OmniChannel) 2nd Floor 10/100 Ethernet OmniStack Gigabit Ethernet Fast Ethernet (OmniChannel) Gigabit Ethernet 1st Floor Omni Switch/Router Server Farm Using Omni Switch/Router in a Network Backbone The servers each have dedicated Gigabit Ethernet connections to Omni Switch/Router modules on the first floor. The Omni Switch/Router chassis on the first floor is connected to the network on the second floor via a Gigabit Ethernet link to the OmniStack on the second floor. The Omni Switch/Router chassis on the first floor is connected via a 10/100 Ethernet link, using OmniChannel, to the OmniSwitch chassis on the third floor containing a Fast Ethernet module, such as the ESM-100C-12. See Chapter 15, “Managing Ethernet Modules,” for more information on OmniChannel. Page 1-5 Omni Switch/Router Applications and Configurations Omni Switch/Router as the Central Backbone Switch/Router and in the Wiring Closet The figure below shows Omni Switch/Router chassis used in the wiring closet and as a network backbone switch/router connecting the wiring closets and server farm. On the third floor, an Omni Switch/Router chassis connects a mixture of 10BaseT and 100BaseTx workstations with an auto-sensing Ethernet module. In addition, this Omni Switch/Router chassis connects the workstations to a local server with a Gigabit Ethernet module. On the second floor, an Omni Switch/Router connects legacy Token Ring workstations. On the first floor, the Omni Switch/Router connects the networks on the upper floors to the server farm using a Gigabit Ethernet module. Server 3rd Floor 10/100 Ethernet Omni Switch/Router 2nd Floor Token Ring Omni Switch/Router Gigabit Ethernet Gigabit Ethernet 1st Floor Omni Switch/Router Server Farm Using Omni Switch/Router in the Wiring Closet Page 1-6 Omni Switch/Router Chassis and Power Supplies Omni Switch/Router Chassis and Power Supplies The Omni Switch/Router chassis houses the MPX, switching modules, and one or two power supplies. The modular design of the chassis provides the ability to configure your Omni Switch/Router to meet your networking needs. The Omni Switch/Router chassis also offer such failure resistant features as redundant MPXs, redundant power supplies, and hot swapping of switching modules. (See Chapter 3, “Omni Switch/Router Switching Modules,” for more information on hot swapping switching modules.) There are three (3) different versions of the Omni Switch/Router chassis. The OmniS/R-3, a three-slot version, is documented in OmniS/R-3 on page 1-8. The OmniS/R-5, a five-slot version, is documented in OmniS/R-5 on page 1-10. A nine-slot version called the OmniS/R-9 is documented in OmniS/R-9 and OmniS/R-9P on page 1-13. The OmniS/R-3, OmniS/R-5 and OmniS/R-9 chassis, the MPX module, and several switching modules have met FCC Class B requirements. ♦ Note ♦ In the current release, a maximum of seven (7) 32-port switching modules (e.g., ESX-100C-32W) is supported in 9-slot Omni Switch/Router chassis. Slot 1 is reserved for the MPX; you cannot install a switching module in Slot 1. You can install a switching module in Slot 2 (if an MPX is installed in Slot 1) or an MPX. When dual-redundant MPXs are installed, one of them must be installed in Slot 1 and the other in Slot 2. On the OmniS/R-3, Slot 3 is reserved for a switching module. On the OmniS/R-5, Slots 3 through 5 are reserved for switching modules. On the OmniS/R-9, Slots 3 through 9 are reserved for switching modules. ♦ Important Note ♦ You must have an MPX acting as the management module; you cannot use any version of the MPM. Warning If you have any empty switching module slots in either an OmniS/R-3 (3-slot) or OmniS/R-5 (5-slot) chassis, you must cover them with blank panels (available from Alcatel) to prevent your chassis from overheating. Covering empty slots forces air to flow directly over the power supplies, thereby cooling them. If the power supplies are not properly cooled, they will overheat and shut down. Page 1-7 Omni Switch/Router Chassis and Power Supplies OmniS/R-3 The OmniS/R-3 chassis features three slots for an MPX and specific switching modules (contact your Alcatel sales representative for information on module availability). Slots are numbered from 1 to 3 starting with the topmost slot. A built-in power supply is located on the right side of the chassis, and a fan cooling system is located on the left side of the chassis. The chassis can be rack-mounted. You can view all cabling, power supplies, module interfaces, and LEDs at the front of the chassis. The OmniS/R-3 uses a built-in AC power supply that has a capacity of 32.8 Amps at 5 volts and 3 amps at 12 volts for 200 Watts of output power. The OmniS/R-3 does not support a Backup Power Supply (BPS). ♦ Caution ♦ Do not connect the power connector on the back of the OmniS/R-3 to data communication equipment. T Management Processor Module (MPX) R E TH E 2 A LIN C O C T K L K C O N S O LE O M O D E M 1 T S PR EM E C I P K P S PS 2 1 O N E MPX 10 O R X TX X TX 2 R K 2 X 1 R K 1 2 LI N K TX O 1 GSX-K sm A Switching Modules C A B T_ A T_ C 2 62 TM X R A TX R R E C _B D E R _A D E X 2 R K R B O TX 1 A K Y E L,F E R F O A LA R M ASX 622 sm OmniS/R-3 Chassis ♦ Important Note ♦ Slot 1 (the top slot) on the OmniS/R-3 is reserved for an MPX module. Slot 2 can accommodate either a second (optional) MPX module or a Switching module. Slot 3 (the bottom slot) is reserved for a Switching module. Contact your Alcatel sales representative for information regarding module availability. Page 1-8 Omni Switch/Router Chassis and Power Supplies OmniS/R-3 Chassis Technical Specifications Total Module Slots 3 Total Slots for Switching Modules 2 Physical Dimensions 5.25” (13.34 cm) high, 17.13” (43.51 cm) wide, 13.00” (33.02 cm) deep Weight 18 lb. (8.18 kg), fully populated with modules and power supplies. Switching Backplane Up to 7 Gbps (aggregate) switching fabric capacity Voltage Range 85-270 VAC, 47 to 63 Hz, auto-ranging and auto-sensing Current Draw 3.8 Amps at 100/115 VAC 1.7 Amps at 230 VAC Watts (Output) 200 Current Provided 32.8 Amps at +5 Volts 3 Amps at +12 Volts Heat Generation Approximately 1020 BTUs per hour Temperature Operating Range 0 to 45 degrees Celsius 32 to 113 degrees Fahrenheit Humidity 5% to 90% Relative Humidity (Operating) 0% to 95% Relative Humidity (Storage) Altitude Sea level to 10,000 feet (3 km) Agency Listings UL 1950 CSA-C22.2 EN60950 FCC Part 15, Subpart B (Class A) EN55022, 1987/EN50081 FCC Class B C.I.S.P.R. 22: 1985 EN50082-1, 1992 IEC 801-2, 1991 IEC 801-3, 1984 IEC 801-4, 1988 VCCI V-3/94.04 (Class A & Class B) EN 61000-4-2: 1995 EN 61000-4-3: 1995 EN 61000-4-4: 1995 EN 61000-4-5: 1995 EN 61000-4-6: 1996 EN 61000-4-8: 1993 EN 61000-4-11: 1994 ENV 50204: 1996 Page 1-9 Omni Switch/Router Chassis and Power Supplies OmniS/R-5 The OmniS/R-5 chassis has five slots for an MPX and switching modules (see figure below). Slots are numbered from 1 to 5 starting with the topmost slot. Slots for two power supplies are located at the bottom of the chassis. ♦ Warning ♦ If you have an OmniS/R-5 with a single power supply, do not remove the cover on the empty power supply slot. In addition, if you have any empty switching module slots in an OmniS/R-5, you must cover them with blank panels (available from Alcatel) to prevent your chassis from overheating. Covering empty slots forces air to flow directly over the power supplies, thereby cooling them. If the power supplies are not properly cooled, they will overheat and shut down. The entire chassis can be wall-mounted or rack-mounted. You can view all cabling, power supplies, module interfaces, and LEDs at the front of the chassis. Omni Switch/Router Management Processor Module (MPX) Switching Modules PS1 (Power Supply 1) PS2 (Power Supply 2) The OmniS/R-5 The OmniS/R-5 uses the MPX. Slot 1 is reserved for the MPX; you cannot install a switching module in Slot 1. You can install a switching module in Slot 2 (if an MPX is installed in Slot 1) or an MPX. When dual-redundant MPXs are installed, one of them must be installed in Slot 1 and the other in Slot 2. Slots 3 through 5 are reserved for switching modules. Page 1-10 Omni Switch/Router Chassis and Power Supplies The OmniS/R-5 provides bays for two power supplies. The power supplies are self-enclosed to allow safe hot-insertion and hot-removal. When two power supplies are installed, they share the electrical load. If one should fail, the remaining power supply automatically takes up the load without any disruption to the operation. See Chapter 1, “Omni Switch/Router Chassis and Power Supplies,” for more information on installing and removing power supplies. See OmniS/R-5 Technical Specifications on page 1-12 for more information. The OmniS/R-5 uses one of the following power supplies: OmniS/R-PS5-375 The standard power supply. It can provide 375 Watts of power. OmniS/R-PS5-DC375 A -48 volt (input voltage) DC version of the OmniS/R-PS5-375 power supply. This power supply can provide 375 Watts of power. It requires the use of 12 to 14 gauge wire for connections to the DC power source. See Connecting a DC Power Source to an OmniS/R-PS5-DC375 on page 1-24 for more information. ♦ Caution ♦ This unit may be equipped with two power connections. To reduce the risk of electrical shock, disconnect both power connections before servicing the unit. ♦ VORSICHT ♦ Das Gerat kann mit zwei Netzanschlussen ausgestattet sein. Um einen elektrischen Schlag zu vermeiden, immer beide Anschlusse vor der Wartung vom Netz trennen. Page 1-11 Omni Switch/Router Chassis and Power Supplies OmniS/R-5 Technical Specifications Total Module Slots 5 Total Slots for Switching Modules 4 Physical Dimensions 12.25” (31.12 cm) high, 17.14” (43.54 cm) wide, 13” (33.02 cm) deep Weight approximately 55 lb. (24.09 kg), fully populated with modules and power supplies. Switching Backplane Up to 12 Gbps (aggregate) switching fabric capacity Voltage Range 90-265 VAC, 47 to 63 Hz auto-ranging and auto-sensing. Current Draw 6 Amps at 100/115 VAC; 3 Amps at 230 VAC Watts (Output) 375 Current Provided 60 Amps at 5 Volts (V1) 5 Amps at 12 Volts (V2) 3 Amps at 3.3 Volts (V3) 5.1 Amps at 1.5 Volts (V4) Temperature Operating Range 0 to 45 degrees Celsius 32 to 113 degrees Fahrenheit Humidity 5% to 90% Relative Humidity (Operating) 0% to 95% Relative Humidity (Storage) Altitude Sea level to 10,000 feet (3 km) Heat Generation 1280 BTUs per hour (one power supply) Agency Listings UL 1950 CSA-C22.2 EN60950 FCC Part 15, Subpart B (Class A) EN55022, 1987/EN50081 FCC Class B C.I.S.P.R. 22: 1985 EN50082-1, 1992 IEC 801-2, 1991 IEC 801-3, 1984 IEC 801-4, 1988 VCCI V-3/94.04 (Class A & Class B) EN 61000-4-2: 1995 EN 61000-4-3: 1995 EN 61000-4-4: 1995 EN 61000-4-5: 1995 EN 61000-4-6: 1996 EN 61000-4-8: 1993 EN 61000-4-11: 1994 ENV 50204: 1996 Page 1-12 Omni Switch/Router Chassis and Power Supplies OmniS/R-9 and OmniS/R-9P The OmniS/R-9 and OmniS/R-9P chassis have nine slots for an MPX and switching modules (see figure below). Slots are numbered from 1 to 9 starting with the left-most slot. Slots for two power supplies are located at the bottom of the chassis. A separate, removable fan tray containing four fans is located above the power supply module bays. Switching Modules Omni Switch/Router Management Processor Module (MPX) Fan Tray Lifting Handle PS1 (Power Supply 1) PS2 (Power Supply 2) The OmniS/R-9 A fully loaded OmniS/R-9 weighs nearly 100 lbs. Therefore, it is recommended that if you are rack-mounting the chassis you use a rack mount shelf instead of just brackets. Using a shelf will ensure that the weight of the chassis can be supported. In addition, the OmniS/R-9 contains side handles to make lifting and installation easier. The OmniS/R-9 uses the MPX. Slot 1 is reserved for the MPX; you cannot install a switching module in Slot 1. You can install a switching module in Slot 2 (if an MPX is installed in Slot 1) or an MPX. When dual-redundant MPXs are installed, one of them must be installed in Slot 1 and the other in Slot 2. Slots 3 through 9 are reserved for switching modules. ♦ Important Note ♦ You must have an MPX acting as the management module; you cannot use any version of the MPM. See Chapter 2, “The Omni Switch/Router MPX,” for more information on the MPX. Page 1-13 Omni Switch/Router Chassis and Power Supplies The OmniS/R-9 and OmniS/R-9P provide bays for two power supplies. The power supplies are self-enclosed to allow safe hot-insertion and hot-removal. When two power supplies are installed, they share the electrical load. If one should fail, the remaining power supply automatically takes up the load without any disruption to the operation. See Chapter 1, “Omni Switch/Router Chassis and Power Supplies,” for additional information on installing and removing power supplies. The OmniS/R-9 uses the following power supply: OmniS/R-PS9-650 The standard power supply. It can provide 650 Watts of power. The OmniS/R-9P uses the following power supply: OmniS/R-PS9-725 This power supply can provide 725 Watts of power. The OmniS/R-9P-48V uses the following power supply: OmniS/R-PS9-DC725 A -48 Volt (input voltage) DC version of the OmniS/R-PS9-725 power supply. This power supply can provide 725 Watts of power. It requires the use of 12 to 14 gauge wire for connections to the DC power source. See Connecting a DC Power Source to an OmniS/R-PS9-DC725 on page 1-27 for more information. For additional information, see OmniS/R-9 Technical Specifications on page 1-15, OmniS/R-9P Technical Specifications on page 1-16 and OmniS/R-9P-48V Technical Specifications on page 1-17. ♦ Caution ♦ This unit may be equipped with two power connections. To reduce the risk of electrical shock, disconnect both power connections before servicing the unit. ♦ VORSICHT ♦ Das Gerat kann mit zwei Netzanschlussen ausgestattet sein. Um einen elektrischen Schlag zu vermeiden, immer beide Anschlusse vor der Wartung vom Netz trennen. Page 1-14 Omni Switch/Router Chassis and Power Supplies OmniS/R-9 Technical Specifications Total Module Slots 9 Total Slots for Switching Modules 8 Physical Dimensions 24.50” (62.23 cm) high, 16.60” (42.16 cm) wide, 13.25” (36.66 cm) deep Weight 96 lb. (43.55 kg), fully populated with modules and power supplies. Switching Backplane Up to 22 Gbps (aggregate) switching fabric capacity Voltage Range 90-264 VAC, 47 to 63 Hz Current Draw 12 Amps at 100/115 VAC; 6 Amps at 230 VAC Watts (Output) 650 Current Provided 120 Amps at 5 Volts 4 Amps at 12 Volts 6 Amps at 3.3 Volts 8 Amps at 1.5 Volts Temperature Operating Range 0 to 45 degrees Celsius 32 to 113 degrees Fahrenheit Humidity 5% to 90% Relative Humidity (Operating) 0% to 95% Relative Humidity (Storage) Altitude Sea level to 10,000 feet (3 km) Heat Generation 2219 BTUs per hour (one power supply) Agency Listings UL 1950 CSA-C22.2 EN60950 FCC Part 15, Subpart B (Class A) EN55022, 1987/EN50081 FCC Class B C.I.S.P.R. 22: 1985 EN50082-1, 1992 IEC 801-2, 1991 IEC 801-3, 1984 IEC 801-4, 1988 VCCI V-3/94.04 (Class A & Class B) EN 61000-4-2: 1995 EN 61000-4-3: 1995 EN 61000-4-4: 1995 EN 61000-4-5: 1995 EN 61000-4-6: 1996 EN 61000-4-8: 1993 EN 61000-4-11: 1994 ENV 50204: 1996 Page 1-15 Omni Switch/Router Chassis and Power Supplies OmniS/R-9P Technical Specifications Total Module Slots 9 Total Slots for Switching Modules 8 Physical Dimensions 24.50” (62.23 cm) high, 16.60” (42.16 cm) wide, 13.25” (36.66 cm) deep Weight 96 lb. (43.55 kg), fully populated with modules and power supplies. Switching Backplane Up to 22 Gbps (aggregate) switching fabric capacity Voltage Range 85-270 VAC, 47 to 63 Hz Current Draw 12 Amps at 100/115 VAC; 6 Amps at 230 VAC Watts (Output) 725 Current Provided 120 Amps at 5 Volts 6 Amps at 12 Volts 6 Amps at 3.3 Volts 8 Amps at 1.5 Volts Temperature Operating Range 0 to 70 degrees Celsius 32 to 158 degrees Fahrenheit Humidity 5% to 90% Relative Humidity (Operating) 0% to 95% Relative Humidity (Storage) Altitude Sea level to 10,000 feet (3 km) Heat Generation 2219 BTUs per hour (one power supply) Agency Listings UL 1950; CSA-C22.2 #950-M90; TUV EN60950; CB Certification IEC 950; FCC Title 47 CRF Part 15, Subpart B (Class A & Class B); IEC EN55022, 1995 (Class A & Class B) CISPR 22, 1995; IEC 1000-3-2; IEC 1000-3-3 (EN60555-2); IEC 1000-4-2 (EN61000-4-2, per EN50082-1, 1992); IEC 1000-4-3 (EN61000-4-3, per EN50082-1, 1992); IEC 1000-4-4 (EN61000-4-4) Level 4; IEC 1000-4-5 (EN61000-4-5) Level 4; IEC 1000-4-6 (EN61000-4-6); IEC 1000-4-8 (EN61000-4-8); IEC 1000-4-11 (EN61000-4-11); EN50204: 1996. Page 1-16 Omni Switch/Router Chassis and Power Supplies OmniS/R-9P-48V Technical Specifications Total Module Slots 9 Total Slots for Switching Modules 8 Physical Dimensions 24.50” (62.23 cm) high, 16.60” (42.16 cm) wide, 13.25” (36.66 cm) deep Weight 96 lb. (43.55 kg), fully populated with modules and power supplies. Switching Backplane Up to 22 Gbps (aggregate) switching fabric capacity Voltage Range 40-60 VDC Current Draw 23 Amps Watts (Output) 725 Current Provided 120 Amps at 5.15 VDC 6 Amps at 12 VDC 6 Amps at 3.3 VDC 8 Amps at 1.5 VDC Temperature Operating Range 0 to 70 degrees Celsius 32 to 158 degrees Fahrenheit Humidity 5% to 90% Relative Humidity (Operating) 0% to 95% Relative Humidity (Storage) Altitude Sea level to 10,000 feet (3 km) Heat Generation 2219 BTUs per hour (one power supply) Agency Listings UL 1950; CSA-C22.2 #950-M90; TUV EN60950; CB Certification IEC 950; FCC Title 47 CRF Part 15, Subpart B (Class A & Class B); IEC EN55022, 1995 (Class A & Class B) CISPR 22, 1995; IEC 1000-3-2; IEC 1000-3-3 (EN60555-2); IEC 1000-4-2 (EN61000-4-2, per EN50082-1, 1992); EN55024 IEC 1000-4-3 (EN61000-4-3, per EN50082-1, 1992); IEC 1000-4-4 (EN61000-4-4) Level 4; IEC 1000-4-5 (EN61000-4-5) Level 4; IEC 1000-4-6 (EN61000-4-6); IEC 1000-4-8 (EN61000-4-8); IEC 1000-4-11 (EN61000-4-11); ENV 50204: 1996. Page 1-17 Omni Switch/Router Chassis and Power Supplies Omni Switch/Router Power Requirements Always make sure that the total power requirements of the modules in your chassis do not exceed the limits of your power supply. To check the power consumption of your configuration, refer to the tables on the following pages and add up the DC Current Draw of all modules in your switch. The tables beginning on page 1-19 list modules without an HRE-X and the tables beginning on page 1-20 list modules with an HRE-X. The total power consumption of all your modules should be below the current provided by your power supply, which is listed in OmniS/R-3 on page 1-8 for the OmniS/R-3, OmniS/R-5 on page 1-10 for the OmniS/R-5 and OmniS/R-9 and OmniS/R-9P on page 1-13 for the OmniS/R-9 and OmniS/R-9P. For power consumption and FCC compliance information for Omni Switch/Router VoIP modules, consult your VoIP User Manual. ♦ Caution ♦ It is possible, but not recommended, to have a configuration in which the current draw of the installed modules exceeds the power provided by a single power supply. However, such a configuration would require two power supplies and would not allow you to have power redundancy. Page 1-18 Omni Switch/Router Chassis and Power Supplies Module Power Requirements without an HRE-X Module Description DC Current Draw (Amps) FCC Class Approval MPX Management Processor Module. 3.75 B ESX-K-100C-32W Advanced auto-Sensing 10/100 Ethernet module with thirty-two (32) RJ-45 ports. 10.25 B ESX-K-100FM/FS-16W Advanced Fast Ethernet (100 Mbps) module with sixteen (16) fiber MT-RJ ports. 9.75 B GSX-K-FM/FS-2W Advanced Gigabit Ethernet module with two (2) fiber SC ports. 5.25 B (STP cable) A (UTP cable) WSX-S-2W WAN module with 2 serial ports 4.75 B WSX-SC-4W WAN module with 4 serial ports 6.25 B WSX-SC-8W WAN module with 8 serial ports 8.25 B WSX-BRI-SC-1W WAN ISDN module with 1 serial and 1 BRI port 5.75 B WSX-BRI-SC-2W WAN ISDN module with 2 serial and 2 BRI ports 7.25 B WSX-FT1-SC-1W WAN module with 1 serial and 1 T1 or E1 port 5.75 A WSX-FE1-SC-1W WAN module with 1 serial and 1 T1 or E1 port 5.75 B WSX-FT1-SC-2W WAN module with 2 serial and 2 T1 or E1 ports 7.25 B WSX-FE1-SC-2W WAN module with 2 serial and 2 T1 or E1 ports 7.25 B Page 1-19 Omni Switch/Router Chassis and Power Supplies Module Power Requirements with an HRE-X Module Description DC Current Draw (Amps) FCC Class Approval MPX-L3 Management Processor Module. 5.25 B ESX-K-100C-32W-L3 Advanced auto-Sensing 10/100 Ethernet module with thirty-two (32) RJ-45 ports. 11.75 B ESX-FM-24W-L3 10 Mbps Ethernet module with twenty-four (24) fiber VF-45 ports 14.5 B ESX-K-100FM/FS16W-L3 Advanced Fast Ethernet (100 Mbps) module with sixteen (16) fiber MT-RJ ports. 11.25 B GSX-K-FM/FS-2W-L3 Advanced Gigabit Ethernet module with two (2) fiber SC ports. 6.75 B (STP cable) A (UTP cable) WSX-S-2W-L3 WAN module with 2 serial ports 6.25 B (STP cable) A (UTP cable) WSX-SC-4W-L3 WAN module with 4 serial ports 7.75 B (STP cable) A (UTP cable) WSX-SC-8W-L3 WAN module with 8 serial ports 9.75 B (STP cable) A (UTP cable) WSX-BRI-SC-1W-L3 WAN ISDN module with 1 serial and 1 BRI port 7.25 B (STP cable) A (UTP cable) WSX-BRI-SC-2W-L3 WAN ISDN module with 2 serial and 2 BRI ports 8.75 B (STP cable) A (UTP cable) WSX-FT1-SC-1W-L3 WAN module with 1 serial and 1 T1 or E1 port 7.25 B (STP cable) A (UTP cable) WSX-FE1-SC-1W-L3 WAN module with 1 serial and 1 T1 or E1 port 7.25 B (STP cable) A (UTP cable) WSX-FT1-SC-2W-L3 WAN module with 2 serial and 2 T1 or E1 ports 8.75 B (STP cable) A (UTP cable) WSX-FE1-SC-2W-L3 WAN module with 2 serial and 2 T1 or E1 ports 8.75 B (STP cable) A (UTP cable) Page 1-20 Omni Switch/Router Chassis and Power Supplies Grounding a Chassis Omni Switch/Routers have two grounding screw holes on the back of the chassis. These holes use 10-32 screws and are approximately 1 inch apart. In addition, these holes do not have paint and are surrounded by a small paint-free rectangular section, which provides for a good connection contact. The figure below shows the location of the grounding screw holes on the back of an OmniS/R-9. They are located approximately four (4) inches from the bottom of the chassis and approximately one (1) inch from the left-hand side of the rear of the chassis. Lifting Handle Grounding Screw Holes Grounding Screw Holes on an OmniS/R-9 On an OmniS/R-5, the grounding screw holes are located approximately one (1) inch from the bottom of the chassis and approximately one (1) inch from the left-hand side of the rear of the chassis. On an OmniS/R-3, they are located approximately four (4) inches from the bottom of the chassis and approximately one (1) inch from the left-hand side of the rear of the chassis. Page 1-21 The Omni Switch/Router Hardware Routing Engine (HRE-X) The Omni Switch/Router Hardware Routing Engine (HRE-X) The Omni Switch/Router Hardware Routing Engine (HRE-X) is available for the MPX and all Omni Switch/Router switching modules. The HRE-X is a submodule, which plugs into an Omni Switch/Router module, that provides high speed Layer 3 distributed routing for IP and IPX traffic. The HRE-X intercepts frames from the switching logic and determines if a frame should be switched or routed. If a frame needs to be routed, the HRE-X will automatically add the appropriate routing information. Backplane Connector HRE-X Module Front Panel MPX with an HRE-X The HRE-X has the following restrictions: • You must have Release 3.4.4 software, or later, on your Omni Switch/Router. • Do not install an HRE-X on an MPX unless it is Revision A10, or later. • Do not install an HRE-X on a GSX-FM/FS-4W unless it is Revision B04, or later. Page 1-22 The Omni Switch/Router Hardware Routing Engine (HRE-X) Each HRE-X routes up to 1.5 million packets per second. In an OmniS/R-9 with an HRE-X on every switching module, for example, you could have up to 12 Mpps routed throughput. On a per switch basis, the HRE-X also supports over 256,000 route entries and 64,000 Next Hop destinations. Valid HRE-X Configurations You can configure an Omni Switch/Router chassis in one of two ways: with an HRE-X on every single Omni Switch/Router switching module (distributed routing) or a single HRE-X on the MPX (centralized routing). In this configuration, you must install an HRE-X on every single switching module in the chassis. In addition, you cannot install an HRE-X on the MPX. For example, in an OmniS/R-9 with a single MPX, you would need eight (8) HRE-Xs for all the switching modules. As a general rule, this configuration is recommended in networks of more than four subnets from any one switch. Distributed Routing. Centralized Routing. In this configuration, you must install the HRE-X on the MPX but not on any Omni Switch/Router switching modules. The HRE-X will perform routing for all Omni Switch/Router switching modules in the chassis. As a general rule, this configuration is recommended for networks of two to four subnets from any one switch. HRE-X Router Registers versus Feature Limitations The HRE-X has three (3) registers that can be programmed with a MAC address and mask that allows it to recognize which destination MAC addresses it should act as a router for. IP Routing, Virtual Router Redundancy Protocol (VRRP), ATM Classical IP (CIP), and Channelized DS3 (i.e., M013) utilize at least one of these registers for their operation. This leads to a restriction of the combination of these features that can be supported on an Omni Switch/Router at any given time. ♦ Important Note ♦ ATM and M013 are not supported in Release 4.5. The HRE-X registers are programmed on a first come, first served basis. Any attempt to program more than three registers fails. In current release, the order which these features program the HRE-X is as follows: 1. ATM CIP 2. IP Routing (Note: If there is a second base MAC configured on the MPX, then it will also take a second register.) 3. M013 4. VRRP For example, if a switch has two base MACs and a CIP group, then no other features can be configured. Any combination of the above features will work given the available HRE-X registers. IP routing always takes one register (two in the dual base MAC case), leaving the other features to compete for the remaining two (one in the dual base MAC case). The other features attempt to program a register only if they are enabled. ♦ Note ♦ ATM CIP is limited to 128 end node route cache entries. Page 1-23 Connecting a DC Power Source to an OmniS/R-PS5-DC375 Connecting a DC Power Source to an OmniS/R-PS5-DC375 The OmniS/R-5 can use a DC power supply called the OmniS/R-5-DC375. This power supply contains a female power connector as shown in the figure below. This supply requires the use of 12 gauge wire. A clamp inside each connector keeps the power wire tightly in place during operation. This connector has side screws that can be used to remove the connector. OmniS/R-PS5-DC375 (-)/(+)/GND GND = OmniS/R-5 DC Power Supply Connector Style Installing DC Power Source Wire Leads These instructions describe how to connect your 3-wire DC power source to the power connector on your DC power supply. A small flat-tip screwdriver and a wire stripper are required for this procedure. 1. Prepare the three (3) wires—12 gauge—that will plug into the power supply. First, make sure they are not plugged into the 48-volt power source. 2. Next, use a wire stripper to carefully strip about a half-inch off the end of each wire, removing the outer insulation to expose the copper core. 3. Twist the loose strands of copper wire together so that they form a tight braid. If possible, solder the entire braid of wire together for better conductivity. 4. Open the wire bay door for one of the three (3) power connector holes. The front of this connector contains a row of square holes. It also contains three (3) circular holes on top that contain screws; you loosen the screws in these holes to open the wire bay doors (square holes) on the connector front so that you can insert the wire lead. a. Insert a small flat-tip screwdriver into one of the top three (3) screw holes. b. Loosen the screw so that the door for the wire bay on the connector front opens. Page 1-24 Connecting a DC Power Source to an OmniS/R-PS5-DC375 Loosen Screw. (-)/(+)/GND Door inside square hole will open when screw is loosened in top circular hole. Opening Wire Bay on Screw-Style Connector 5. Insert the appropriate wire lead into the open circular hole. The silkscreen above each hole indicates which power lead—negative (-), positive (+), or ground (GND)—to plug into which hole. The lead you insert must match the lead attached to the 48-volt power source (i.e., negative to negative, positive to positive, ground to ground). ♦ Warning ♦ You must plug DC wire leads into the correct holes in the DC power connector. Use the labels above the DC power connector as a guide to positive, negative, and ground connections. If you plug wire leads into wrong holes the power supply will not work and could result in damage. Push the wire in far enough such that it reaches the back wall of the connector, about a half inch inside. (-)/(+)/GND This end would plug into the negative (-) power source. The middle lead would plug into the positive (+) power source and the rightmost lead would plug into the ground (GND). Inserting the Wire Lead Into the Circular Hole 6. Close the wire bay. Use the small screwdriver (from Step 4a) to tighten the screw above the wire bay into which you inserted the wire lead. The wire lead should be securely attached inside the connector. You should be able to pull on the wire and not dislodge it. Page 1-25 Connecting a DC Power Source to an OmniS/R-PS5-DC375 7. Repeat Steps 4 through 6 for the remaining two wire leads. Be sure that the end of each lead attaches to the same power source that you connected to on the power supply (i.e., negative to negative, positive to positive, ground to ground). Page 1-26 Connecting a DC Power Source to an OmniS/R-PS9-DC725 Connecting a DC Power Source to an OmniS/R-PS9-DC725 The OmniS/R-9P can use a DC power supply called the OmniS/R-PS9-DC725. This power supply contains a female power connector as shown in the figure below. This supply requires the use of 10 gauge wire. A clamp inside each connector keeps the power wire tightly in place during operation. OmniS/R-PS9-DC725 GND/(+)/(-) GND = OmniS/R-9P DC Power Supply Connector Style Installation Requirements Caution: To reduce the risk of electric shock or energy hazards: • The branch circuit overcurrent protection must be rated at a minimum of 30 A (amperes) for the OmniS/R-9P PS9-DC725. • Use 10 gauge (AWG - American Wire Gauge) solid copper conductors only for the OmniS/R-9P PS9-DC725. • A readily-accessible disconnect device that is suitably approved and rated shall be incorporated in the field wiring. • This device is to be installed in a restricted access area in accordance with the NEC (National Electrical Code) or the authority having jurisdiction. • Connect this device to a reliably grounded SELV (Safety Extra Low Voltage) or a centralized DC source. Page 1-27 Connecting a DC Power Source to an OmniS/R-PS9-DC725 Installing DC Power Source Wire Leads These instructions describe how to connect your 3-wire DC power source to the power connector on your DC power supply. A small flat-tip screwdriver and a wire stripper are required for this procedure. 1. Prepare the three (3) wires—10 gauge—that will plug into the power supply. First, make sure they are not plugged into the 48-volt power source. 2. Next, use a wire stripper to carefully strip about a half-inch off the end of each wire, removing the outer insulation to expose the copper core. 3. Twist the loose strands of copper wire together so that they form a tight braid. If possible, solder the entire braid of wire together for better conductivity. 4. Open the wire bay door for one of the three (3) power connector holes. The front of the power connector contains a row of square holes. It also contains three (3) circular holes (located directly above the square holes) that contain screws; you loosen the screws in these holes to open the wire bay doors (square holes) on the connector front so that you can insert the wire leads into the power connector. a. Insert a small flat-tip screwdriver into one of the three (3) screw holes. b. Loosen the screw so that the door for the wire bay on the connector front opens. Loosen Screw. GND/(+)/(-) Door inside square hole will open when screw is loosened in circular hole directly above it. Opening Wire Bay on DC Power Supply Connector 5. Insert the appropriate wire lead into the open circular hole. The silkscreen above each hole indicates which power lead—ground (GND), positive (+), or negative (-)—to plug into which hole. The lead you insert must match the lead attached to the 48-volt power source (i.e., ground to ground, positive to positive, negative to negative). ♦ Warning ♦ You must plug DC wire leads into the correct holes in the DC power connector. Use the labels above the DC power connector as a guide to ground, positive and negative connections. If you plug wire leads into the wrong holes, the power supply will not work and could result in damage. Push the wire in far enough so that it reaches the back wall of the connector, about a half inch inside. Page 1-28 Connecting a DC Power Source to an OmniS/R-PS9-DC725 GND/(+)/(-) This end would plug into the ground (GND). The middle lead would plug into the positive (+) power source and the rightmost lead would plug into the negative (-) power source. Inserting the Wire Lead Into the Circular Hole 6. Close the wire bay door. Use the small screwdriver (from Step 4a) to tighten the screw above the wire bay into which you inserted the wire lead. The wire lead should be securely attached inside the connector. You should be able to pull on the wire and not dislodge it. 7. Repeat Steps 4 through 6 for the remaining two wire leads. Be sure that the end of each lead attaches to the same power source that you connected to on the power supply (i.e., ground to ground, positive to positive, negative to negative). Page 1-29 Replacing Power Supplies (9-Slot Chassis) Replacing Power Supplies (9-Slot Chassis) If a power supply ever needs to be replaced in an Omni Switch/Router 9-slot Chassis (e.g., OmniS/R-9 or OmniS/R-9p), it is strongly recommended that power supplies not be mixed, except under the conditions and exceptions shown in the following table. ♦ Note ♦ In all cases, swapping operations must be made with the power switch of the replacement power supply turned OFF. Failure to turn the power switch off during the swapping operation may cause the data switch to reset and restart. Replacing Power Supplies (9-Slot Chassis) Page 1-30 If One of Two Power Supplies Fails Revision Replace With 650-watt Pre-M1 Both Power Supplies Two 650-watt (Revision M1+) or two 725-watt Power Supplies 650-watt M1 or later Failed Power Supply One 650-watt (Revision M1+) or one 725-watt Power Supply 725-watt Any Failed Power Supply One 725-watt Power Supply 2 The Omni Switch/Router MPX Omni Switch/Router Management Processor Module (MPX) Features The MPX provides such system services as maintenance of user configuration information, downloading of switching module software, basic bridge management functions, basic routing functions, the SNMP management agent, access to the User Interface software, and Advanced Routing. In addition, the MPX can operate in a redundant configuration with another MPX. ♦ Important Note ♦ If you have a single MPX in your chassis, it must be installed in Slot 1. With the optional HRE-X, which is described in Chapter 1, “Omni Switch/Router Chassis and Power Supplies,” you can increase routing performance to 1.5 million packets per second. MPX Technical Specifications Flash Memory 8 MB (32 MB maximum); 16 MB required for Release 4.4 and later SIMM (DRAM) Memory 32 MB (128 MB maximum); 64 MB required for Release 4.4 and later SDRAM Memory 16 MB MAC Addresses Supported 4096 Switching Backplane Up to 22 Gbps (aggregate) switching fabric capacity Serial Ports 2 (1 male DB9 modem connector and 1 female DB9 console connector) Ethernet (10 Mbps) Switch Management Ports 1 copper RJ-45 or fiber (ST) port for switch management functions. Current Draw 3.75 amps without an HRE-X 5.25 amps with an HRE-X ♦ Warning ♦ Do not install any version of the MPM (i.e, MPM-C, MPM-1G, MPM-II, MPM-III, or original MPM) in a chassis with an MPX or any OmniSwitch switching module. Installing an MPM in a chassis with an MPX can cause physical damage. Page 2-1 Omni Switch/Router Management Processor Module (MPX) Features Label . This label will indicate the Warning Label. This label indicates Ethernet management port type. It will read either MPX 10 mm (multimode fiber Ethernet port) or MPX 10 (copper RJ-45 Ethernet port). PS K1 K2 O O 1 PS 2 MPX 10 mm CLASS 1 LASER PRODUCT that the module contains an optical transceiver (on the MPXs with fiber ST Ethernet ports only). PS1 (Power Supply 1 Status). This dual-state LED is on Green when the switch is receiving the proper voltage from Power Supply 1. It is on Amber when Power Supply 1 is on, but not supplying the correct amount of voltage to power the switch, or is installed and turned off. The PS1 LED is Off when the Power SupModule ply 1 is not present. Status PS2 (Power Supply 2 Status). LEDs This dual-state LED is on Green when the Omni Switch/Router is receiving the proper voltage from Power Supply 2. It is on Amber when Power Supply 2 is on, but not supplying the correct amount of voltage to power the switch, or is installed and turned off. The PS2 LED is Off when Power Supply 2 is not present. SE M TE I PR C OK1 (Hardware Status). This dualstate LED is on Green when the MPX has passed power-on hardware diagnostics successfully. On Amber when the hardware has failed diagnostic tests. If the OK1 LED is alternating Green and Amber, then file system compaction is in progress. P M O D EM Caution Module Status LEDs C O N SO LE Do not power down the Omni Switch/Router or insert any modules while the OK1 LED is alternating Green and Amber. If you do, file corruption may result and you will not be able to restart the switch. L O C K N LI T AC OK2 (Software Status). Blinking Green ET H X ER R N ET Caution Do not insert or remove any modules while the MPX OK2 LED is blinking Amber. If you do, file corruption may result and you will not be able to restart the switch. TX when the MPX has successfully loaded software to the switching modules. Blinking Amber when the MPX is in a transitional state, such as when it first boots up. If the OK2 LED blinks Amber for an extended period of time (i.e., more than a minute), then you should reboot the switch. TEMP (Temperature). On Yellow to warn that the internal switch temperature is approaching maximum operating limits. Note that this LED comes on before the temperature limit is reached. PRI (Primary MPX). On Green when this MPX is the active, or controlling, MPX. It is also on Green when this is the only MPX installed in the switch. SEC (Secondary MPX). On Green when this MPX is the secondary MPX in a redundant MPX configuration. As the secondary MPX, this module is in hot standby mode. Omni Switch/Router Management Processor Module (MPX) Status LEDs Page 2-2 Omni Switch/Router Management Processor Module (MPX) Features MPX 10 K1 K2 O O 1 PS 2 PS SE M TE I PR C Modem Connector. A male serial DB9 DTE connector for switch file transfers and network management functions. P M O Console Connector. A female serial DB-9 DCE connector for switch file transfers and network management functions. D EM The MPX module includes one row of LEDs for the Ethernet management port. C O N SO LE ET H ER N ET COL (Collision). On Yellow when a collision has been detected on the port. L O C K N LI T AC ACT (Activity). On Green when data is transmitted or received on the Ethernet management port. Port LEDs LINK (Link Status/Disabled). On Green continuously when a good cable connection exists. Off when a good connection does not exist. Ethernet Management Port. Copper RJ-45 (shown here) and fiber ST ports are available for rapid switch file transfers and network management functions. MPX Management Connectors Page 2-3 MPX Serial and Ethernet Management Ports MPX Serial and Ethernet Management Ports You can gain access to switch management software through one of the two serial (RS-232) ports on the MPX or the Ethernet management port. The two serial ports are configured with 9-pin “D” connectors (DB-9) per the IBM AT serial port specification. One port, called the “modem” port, is male and the other, called the “console” port, is female. See MPX Management Connectors on page 2-3 for illustrations of these ports. The modem port is a Data Terminal Equipment (DTE) connector, which is typically connected to a modem. You can also connect directly from this port to a PC or terminal with a standard null-modem cable available in most computer equipment stores. ♦ Note ♦ The modem port is hard-wired for DTE communication; you do not need to set any jumpers. The console port is a Data Communication Equipment (DCE) connector, which can be directly connected to a PC, terminal, or printer. MPX Console Port Specifications 1 Pin Number Standard Signal Name 1 Not Used 2 RD From MPX 3 TD To MPX 4, Not Used 5 GND 6 Not Used 7 Not Used 8 Not Used 9 Not Used Shell Shield GND 5 6 9 MPX Console Port Page 2-4 Direction MPX Serial and Ethernet Management Ports MPX Modem Port Specifications 1 Pin Number Standard Signal Name Direction 1 Not Used 2 RD To MPX 3 TD From MPX 4, DTR From MPX 5 GND 6 DSR To MPX 7 RTS From MPX 8 CTS To MPX 9 Not used Shell Shield GND 5 6 9 MPX Modem Port Ethernet Management Port The MPX also supports an out-of-band Ethernet port for high-speed uploads and switch management functions. With this port, you can access the Omni Switch/Router over a network via Telnet or FTP. You can use the Boot prompt to configure an IP address for the Ethernet management port or you can use the ethernetc command, which is described in Chapter 6, “Configuring Management Processor Modules.” After you have assigned an IP address to the Ethernet management port, you can use it to Telnet into the UI. See Appendix A, “The Boot Line Prompt,” for documentation on configuring the Ethernet management port with the boot prompt. ♦ Important Note ♦ On some revisions of the MPX, you must configure the Ethernet management port with the boot prompt before you can use the ethernetc command. See the table on the following page for available Ethernet management port types. Page 2-5 MPX Serial and Ethernet Management Ports MPX Model Ethernet Management Port Type (Cable Type) Max. Cable Distance MPX-T RJ-45 (UTP) 100 meters MPX-FL ST (Multimode fiber) 2 kilometers Configuring MPX Serial Ports The serial communications parameters for the two MPX serial ports are set by default to the following: • • • • • 9600 bits per second (bps) 8 data bits 1 stop bit no parity no hardware flow control (Windows 95) Each serial port supports serial data rates of 1200, 9600, 19200, and 38400 bps. However, you must remove the default baud rate shunt (E1), which fixes the baud rate at 9600 bps, before you can change the baud rate. This shunt is located near the front end of the MPX’s circuit board, just to the right of the Ethernet management port. To change the serial port configuration parameters, use the ser command, which is described in detail in Chapter 6, “Configuring Management Processor Modules.” Page 2-6 Flash Memory and Omni Switch/Router Software Flash Memory and Omni Switch/Router Software Flash memory on the MPX holds the Omni Switch/Router’s executable images and configuration data. When a switching module comes online, the MPX downloads the appropriate image file for that module to that module’s memory. Image files (those with the img extension) contain executable code for different switching modules and software features. The following table lists Omni Switch/Router image files that may be present in MPX flash memory along with the module(s) or feature with which the file is used. File Name Modules/Function Used With mpx.img mpx.cmd mpm.cfg mpm.cnf MPX desx.img Ethernet port stress test software diagx.img Diagnostics software esx.img All GSX and ESX modules fwdx.img IP Fastpath and Firewall software gated.img Advanced Routing software ipcntrl.img IP control software ipms.img IPMS software isdn.img WSX-BRI-SC mrd.img Advanced Routing software ntp.img Network Time Protocol (NTP) software policy.conf PolicyManager file comprised of a MAC address and time that uniquely identifies the switch(es) to which the policy applies policy.img PolicyView software qos.img Quality of Service (QOS) software rav.img RADIUS authentication software t1e1drv.img WSX-FT1/E1-SC text_cfg.img Text-based configuration software vrrp.img VRRP software vsmboot.asc Boot file for Voice Over IP (VOIP) modules vsx.img Voice Over IP (VOIP) modules web.img HTTP browser client software wsx.img WSX-S-2W, WSX-SC-4W, WSX-SC-8W (Frame Relay and PPP software) Page 2-7 Flash Memory and Omni Switch/Router Software Flash Memory Guidelines The switch alters flash memory contents when a software command requests a configuration change, when a remote administrator downloads a new executable image, or when the switch fails and a record of the failure is written to flash memory. These operations require available space in flash memory. In general the flash memory on the switch should always have at least 75000 bytes available at all times. In a switch with 8 MB of flash memory, for example, the images in flash should never exceed 7.45 MB. (You can view how much flash memory is available through the ls command.) This will allow enough room in flash for booting and configuration file expansions. If your flash memory exceeds this amount, then you need to delete some images from flash. In addition, the flash file system has a limit of 256 files, including configuration, logging, and other files. When this 256-file limit is reached, configuration file expansions will cease and new files will not be able to be loaded. This file limit applies even if there is enough memory available in flash. Not all image files in flash memory are required—only those that must be used with the switching modules in your Omni Switch/Router. You can remove any files that are not required for your Omni Switch/Router configuration by using the rm command. For example, if you do not have T1/E1 ports, you could remove the t1e1drv.img file. Page 2-8 MPX Redundancy MPX Redundancy In order to provide greater reliability, Omni Switch/Router supports two MPXs in a primary/secondary redundant configuration. If the primary MPX fails, the secondary MPX takes over without any operator intervention. ♦ Warning ♦ Do not install any version of the MPM (i.e, MPM-C, MPM 1G, MPM II, or original MPM) in a chassis with an MPX. Installing an MPM in a chassis with an MPX can cause physical damage. If you want to configure an Omni Switch/Router chassis in a redundant configuration, you must use two MPXs. When you have two MPXs in one chassis, they must be installed in Slots 1 and 2, and only one can be active. MPXs will assume one of the following roles. • Primary - The MPX that is currently active and processing commands. It is also the MPX that is communicating via Telnet, FTP, etc. • Secondary - An MPX that is currently not the primary. It has sufficient software to communicate with the primary MPX. (For full redundancy, the secondary MPX should also have the same software version as the primary and its configuration should be in sync with the primary.) In this state, it is capable at any time of assuming the primary role. The LEDs on each MPX reflect the same status with the exception that the primary’s PRI LED is on whereas the secondary’s SEC LED is on. Also, the secondary MPX’s OK2 LED will not flash amber during board transitions. See Omni Switch/Router Management Processor Module (MPX) Status LEDs on page 2-2 for locations of the LEDs. ♦ Important Note ♦ To support redundancy, your MPX must be Revision A14 or higher. Change-Over Procedure The secondary MPX continuously monitors the primary MPX. This monitoring serves two purposes: 1) to notify the secondary MPX that the primary is alive and processing, and 2) to update the configuration and thus keep the two MPXs in sync. If the secondary MPX detects that the primary is no longer operational, it will begin to take over as primary. When a secondary MPX becomes primary it resets all the other modules in the chassis and performs a primary MPX initialization. There are four states for an MPX configuration. You can view the current MPX state through the slot command. These states are described in the table below. Note that for a primary/secondary configuration to be in a “redundant” state, the relationship between the two MPXs must meet the conditions shown in the table. Page 2-9 MPX Redundancy MPX State Requirement for State Redundant Both MPXs are running the same version of software and the configurations are in sync. Configuration Fallback Both MPXs are running the same version of software but the configurations are different. Software Fallback The MPXs are running different versions of software, and their configurations may be the same or different. None There is only one MPX installed in the chassis. The primary MPX has the ability to transfer files to and from the secondary MPX. In the condition where the secondary MPX has an older version of software (Software Fallback), it is not desirable to update the configuration file of the secondary. It is therefore the default not to update the configuration file on the secondary if the secondary is running an earlier version of software. You can force the update using appropriate commands in the mpm menu. (See Chapter 6, “Configuring Management Processor Modules,” for more information on commands in the mpm menu.) ♦ Note ♦ Do not remove a primary MPX without performing a renounce command (described in Chapter 6, “Configuring Management Processor Modules”) first. MPX Redundancy Commands A set of commands exists to monitor the primary and secondary MPXs. These commands are covered in detail in Chapter 6, “Configuring Management Processor Modules.” Note that you can attach a terminal to both MPXs in a chassis; however, you will see a different responses depending on which is primary and which is secondary. You should execute all UI commands from the primary MPX except for those commands specifically addressing the secondary MPX. For example, commands are available to control and monitor the secondary MPX from the primary MPX (e.g., the sls command lists files on the secondary MPX from the primary MPX). Page 2-10 3 Omni Switch/Router Switching Modules Omni Switch/Router switching modules perform software filtering, translations between dissimilar network interfaces, and hardware-based switching. Omni Switch/Router switching modules have an additional on-board interface connector for the HRE-X. Currently, Omni Switch/Router switching modules consist of Gigabit Ethernet modules, autosensing 10/100 Ethernet modules, Fast (100 Mbps) Ethernet modules, 10 Mbps Ethernet modules, Voice Over IP (VOIP) modules, and WAN modules. ♦ Important Note ♦ Omni Switch/Router modules require the use of an Omni Switch/Router chassis (see Chapter 1, “Omni Switch/Router Chassis and Power Supplies”). Do not install an Omni Switch/Router module in an OmniSwitch chassis and do not install an OmniSwitch module in an Omni Switch/Router chassis. Gigabit Ethernet Modules • GSX-K-FM/FS/FH-2W Advanced 2-port Gigabit Ethernet switching module 10/100 Ethernet Modules • ESX-K-100C-32W Advanced 32-port auto-sensing 10/100 Ethernet switching module Fast (100 Mbps) Ethernet Modules • ESX-K-100FM/FS-16W Advanced 16-port Fast Ethernet (100 Mbps) switching module WAN Modules • WSX-S-2W 2 serial ports that support the frame relay or PPP protocol. • WSX-SC-4W/8W 4 or 8 serial ports that support the frame relay or PPP protocol. • WSX-FT1/E1-SC-1W/2W 1 or 2 T1/E1 ports and one or two serial ports that support the frame relay or PPP protocol • WSX-BRI-SC-1W/2W 1 or 2 UPS (Universal Serial Port) and 1 or 2 ISDN-BRI ports that support Frame Relay or PPP Voice Over IP Modules Voice Over IP (VOIP) modules for the Omni Switch/Router are listed below and are documented in the VoIP User Manual. • VSX-A 4, 6, 8, 14, or 16 analog RJ-11 ports supporting FXS and FXO interfaces, including T.38 FAX • VSX-VSD 2 or 4 digital T1 or E1 (Euro PRI and Qsig) ports, including T.38 FAX Page 3-1 Omni Switch/Router Hardware Routing Engine The HRE-X offers high-speed Layer 3 switching from 1.5 to 12.0 million packets per second (Mpps) in a fully loaded chassis. See Chapter 1, “Omni Switch/Router Chassis and Power Supplies,” for more information on the HRE-X. ♦ Important Note ♦ Omni Switch/Router switching modules require an MPX. You cannot install any version of the MPM (i.e, MPM-III, MPM-C, MPM-1G, MPM-II, or original MPM) in a chassis with an MPX. See Chapter 2, “The Omni Switch/Router MPX,” for more information on the MPX. Page 3-2 Required Image Files See the table below for the required images files for the MPX and switching modules. You must load the image file (or files) listed for the corresponding module or it will not run. Required Image Files Module Image File(s) MPX mpx.img, fpx.img ESX-K-100C-32W esx.img ESX-K-100FM/FS-16W esx.img GSX-K-FM/FS/FH-2W esx.img VSX-VSA vsx.img, text_cfg.img, vsmboot.asc VSX-VSD vsx.img, text_cfg.img, vsmboot.asc WSX-S-2W wsx.img WSX-SC-4W wsx.img WSX-SC-8W wsx.img WSX-BRI-SC-1W/2W wsx.img, isdn.img WSX-FT1-SC-1W/2W wsx.img, t1e1drv.img WSX-FE1-SC-1W/2W wsx.img, t1e1drv.img Page 3-3 Installing a Switching Module Installing a Switching Module All switching modules can be inserted and removed from the switch chassis while power is on or off without disrupting the other modules. A standard screwdriver is required for installing and removing switching modules. You can also hot swap modules of the same type while the switch is active. Switching modules may be installed in any slot other than Slot 1. (Slot 1 is reserved for an MPX.) In a setup with redundant MPX modules, Slots 1 and 2 are reserved for the MPXs. Additional modules can be installed in any available slot. (OmniS/R-3 slots are numbered 1 to 3 starting from the topmost slot. OmniS/R-5 slots are numbered 1 to 5 starting from the topmost slot. OmniS/R-9 slots are numbered 1 to 9 starting from the left.) ♦ Anti-Static Warning ♦ Before handling a switching module, free your hands of static by wearing a grounding strip, or by grounding yourself properly. Static discharge can damage the components on the switching module. To insert a switching module follow these instructions: 1. Holding the module firmly in both hands, carefully slide it into the card guide. The front panel connectors and LEDs should face outward. In a 9-slot Omni Switch/Router, the component side of the board should face right (toward the power supply). In a 3- or 5slot Omni Switch/Router, the component side should face up. The module should slide in easily. A large amount of force is not necessary and should not be used. If any resistance is encountered, check to be sure that the module is aligned properly in the card guide. Switch Module Slide Card In Card Guides Page 3-4 Installing a Switching Module 2. Once the module is in the slot, close the two card ejectors (one on each end of the module) by pressing them in toward the module until they snap into place. 3. Use a standard screwdriver to tighten the two screw fasteners to secure the module inside the chassis. The screws should be tight enough such that a screwdriver would be necessary to loosen the screws. Page 3-5 Installing a Switching Module Removing a Switching Module To remove a switching module, follow the instructions below. If you are “hot swapping” the modules (i.e., removing and inserting while power is on), see Hot Swapping a Switching Module on page 3-7. ♦ Anti-Static Warning ♦ Before handling a switching module, free your hands of static by wearing a grounding strip, or by grounding yourself properly. Static discharge can damage the components on your switching module. 1. Loosen the screw fasteners at the top and bottom of the switching module using a standard screwdriver. 2. Gently unlock the two card ejectors by pulling them out away from the module. 3. With both hands, carefully pull the module free of the chassis enclosure. Page 3-6 Hot Swapping a Switching Module Hot Swapping a Switching Module You may remove and insert switching modules while the switch is running. This technique is referred to as “hot swapping.” When you hot swap, you must replace the module with the same module type as the one you removed. For example, if you remove an ESX switching module you must replace it with another ESX switching module. ♦ Note ♦ You cannot hot swap a module into a previously empty slot. To use an empty slot, you must power down your chassis. Perform the following steps to safely hot swap a switching module. (You cannot hot swap a primary MPX module.) Since this procedure could possibly disrupt the network, it is best to hot swap during network down times. 1. At the system prompt, enter swap on <minutes> where minutes is the number of minutes you want the switch to be in swap mode (the default is 5 minutes). A message similar to the following will be displayed. Swap is ON for 5 minutes The swap mode must be enabled (ON) to insert a switching module. If not, the system may halt or restart. (See Chapter 6, “Configuring Management Processor Modules,” for more information on the swap command.) ♦ Caution ♦ Modules can only be reset and hot-swapped when the MPX’s OK2 light is in its normal flashing green state. 2. Enter reset, followed by the slot number of the switching module you want to hot swap, then followed by the word disable. (See Chapter 36, “Running Hardware Diagnostics,” for more information on the reset command.) For example, if you want to hot swap the switching module in slot 4, you would enter reset 4 disable at the system prompt. Next, the switch will prompt you to confirm the reset. The following is an example of the display for an ESX module. The display for other types of switching modules will be similar. Resetting slot of type F-Ether/M may crash system Attempt reset anyway {Y/N}? (N) : Press y and then press <Enter>. If the switching module is in slot 4, a message similar to the following will be displayed. resetting slot 4 to disable 3. The MPX’s OK2 LED will flash amber 1 or 2 times, then return to normal flashing green. The switching module’s OK1 LED will turn amber and the OK2 LED will not be illuminated. Remove all cables attached to ports on the switching module that you are going to swap out. Page 3-7 Hot Swapping a Switching Module 4. Carefully remove the switching module from the chassis and put it in a safe place. (See Removing a Switching Module on page 3-6 for instructions on removing a switching module.) The MPX’s OK2 LED will flash amber 1 or 2 times, then return to normal flashing green. In addition, the swap time will reset to its original value. (For example, if you set the swap time to 15 minutes in step 1, you will have 15 minutes again, regardless of how much time has elapsed.) ♦ Warning ♦ Removing or inserting the switching module while the MPX’s OK2 LED is flashing amber can cause the system to reset. 5. Carefully insert the new switching module into the chassis. (See Installing a Switching Module on page 3-4 for instructions on inserting a switching module.) ♦ Caution ♦ When re-installing a module during a hot swap, it must make a proper connection to the switch backplane. The connection is made when you close the card ejectors. Always close the card ejectors firmly and briskly, without hesitation. Closing them too slowly can cause the switch to halt or restart. The MPX’s OK2 LED will flash amber 1 or 2 times, then return to normal flashing green. If, after hot-swapping modules, the MPX’s OK2 LED continues to flash amber for more than about 8 seconds, it means that the switch needs to be reset. The swap time will again reset to its original value. 6. Re-insert the cables that were removed in step 3 into the new switching module. 7. Enter reset followed by the slot number for the new switching module. For example, if the new switching module is in slot 4, you would enter reset 4 at the system prompt. Next, the switch will prompt you to confirm the reset. The following is an example of the display for an ESX module. The display for other types of switching modules will be similar. Resetting slot of type F-Ether/M may crash system Attempt reset anyway {Y/N}? (N) : Press y and then press <Enter>. If the switching module is in slot 4, a message similar to the following will be displayed. resetting slot 4 to enable 8. The MPX’s OK2 LED will flash amber 1 or 2 times, then return to normal flashing green. The switching module’s OK1 LED will turn from amber to solid green and the OK2 LED will be blinking green. If the OK1 LED on the switching module is amber, then the hardware has failed diagnostics or the corresponding image file for the module is not in flash memory. If the OK2 LED on the switching module is solid amber, then the module failed to download software from the MPX. Page 3-8 Diagnostic Tests 9. If the hot swapping mode has not timed out, enter swap off at the system prompt. Something like the following will then be displayed. Swap is OFF, timeout is 5 minutes usage swap { ON [ minutes ] | OFF [ minutes ] } Diagnostic Tests All switching modules are subjected to extensive power-on diagnostics during the Power-On Self-Test cycle (POST). These diagnostics are designed to be as extensive as possible without causing disruption to external networks or requiring special test connections. While the diagnostics are running, the MPX OK2 LED will be flashing green. LEDs on the switching module can provide information on the success or failure of these tests. Also refer to Chapter 35, “Troubleshooting,” for information on error conditions reflected in the LED displays. More extensive diagnostic tests are available for off-line testing of switching modules. See Chapter 36, “Running Hardware Diagnostics,” for further information. Page 3-9 Handling Fiber and Fiber Optic Connectors Handling Fiber and Fiber Optic Connectors Using fiber is extremely simple, but a few important rules should always be followed: Step 1. Use Premium Grade Jumper Cables with Duplex SC Connectors There are many brands of fiber optic jumper cables, with a wide range of quality between each manufacturer. Premium cables do three things well: • They provide a good polish on the fiber optic connector endface (where the light exits the cable). Endface geometries must be exceptionally precise and aligned to extremely tight tolerances. The better the endface geometry, the lower the loss and more consistent the connection. Poor connector interfaces will reflect light back into the laser, causing an increase in laser noise. • They mate well with other connector interfaces. Chances are the manufacturer of the jumper cable will not be the same as the manufacturer of the transceiver connector interface. Premium jumper cables mechanically align themselves well into most transceiver interfaces. This provides both better performance as well as better repeatability. You will always see a variance in transceiver power due to connector alignment, often as much as 0.3 to 0.7 dB. Good jumper cables help reduce this variance. • They continue to mate well after many insertions and removals. Premium grade jumper use premium connectors that maintain their mechanical integrity up to and beyond 2000 insertion cycles. For better repeatability, always use duplex (two connectors fused together and terminated to two cables) SC connectors on your jumper cables when connecting to a fiber-optic transceiver. Two simplex connectors inserted into a transceiver interface will often have up to 3 dB greater variation in repeatability compared to duplex connectors. Never bend the fiber optic cable beyond its recommended minimum bend radius (1.2 inches minimum). This introduces bend losses and reflections that will degrade the performance of your system. It can also damage the fiber, although fiber is much tougher than most would assume. Still, it is highly recommended to buy only jumper cables with 3mm Kevlar jacketing, which offer superior protection and longer life. Step 2. Keep Your Fiber Optic Connectors Clean Unlike electrical connectors, fiber-optic connectors need to be extremely clean to ensure good system performance. Microscopic particles on the connector endface (where the light exits the connector) can degrade the performance of your system, often to the point of failure. If you have low-power output from a fiber-optic transceiver or a fault signal from your equipment, cleaning your fiber-optic connectors should always be done before trouble shooting. Follow the steps below to clean your fiber optic connector: 1. Hold the connector cleaner tool in the palm of your left hand and, with the silver shutter upwards, rotate the cloth-forwarding lever (located on the right side of the tool) with your thumb away from your body. As the lever winds the cleaning cloth inside the case, it simultaneously opens the silver shutter located at the top of the unit. Page 3-10 Handling Fiber and Fiber Optic Connectors 2. Keeping your thumb pressed on the cloth-forwarding lever, press the optical plug ferrule endface against the cleaning cloth and drag the plug down toward your body (there should be arrows on the top of the tool that indicate the proper wiping direction). The connector is now clean. 3. Release the cloth-forwarding lever, allowing it to return to its initial position. A cleaning cloth reel can enable over 400 cleanings and is replaceable. When cables are not being used, always put the plastic or rubber endcaps back on the connector to ensure cleanliness. Step 3. Keep the Transceiver Interface Clean If you have cleaned your connectors, but still experience low-power output from a fiber-optic transceiver or a fault signal from your equipment, you should clean the transceiver interface by blowing inert dusting gas inside the transceiver interface. This removes dust and other small particles that may block the optical path between the optics of the transceiver and the connector’s endface. Step 4. Attenuate Properly Often equipment using laser-based transceivers need to have the optical path attenuated when performing loop-back testing or testing between two pieces of equipment. Too much optical power launched into the receiver will cause saturation and result in system failure. If you are using single mode fiber and you do not know the power output of the laser, it is always best to use a 10 dB attenuator when testing. Using the wrong type of attenuator will introduce problems, most notably reflection of light back into the laser, often resulting in excess noise and causing system failure. Inline attenuators eliminate the need for additional jumper cables and thus reduce the number of connection interfaces. This increases the integrity of the optical path resulting in a more accurate test. Page 3-11 Gigabit Ethernet Modules Gigabit Ethernet Modules Gigabit Ethernet connections can be used as network backbones or in a wiring closet. The following Omni Switch/Router Gigabit Ethernet modules are available: • GSX-K-FM/FS/FH-2W Advanced switching module with two (2) Gigabit Ethernet backbone connections using fiber (SC) connectors. This module is described and illustrated in the following sections. ♦ Note ♦ Wait at least five (5) seconds after a cable is pulled from a GSX module before reinserting it. This will prevent packets from being dropped. GSX-K-FM/FS/FH-2W The GSX-K-FM/FS/FH-2W Gigabit Ethernet backbone switching module contains two fiber SC connectors that support two fully switched 1000Base-LX (long-distance fiber transmissions) or 1000Base-SX (short-distance fiber transmission ports). The GSX-K-FM/FS/FH-2W can be used as a backbone connection in networks where Gigabit Ethernet is used as the backbone media. The GSX-K-FM/FS/FH-2W can be factory configured with intermediate-reach single mode or multimode fiber ports (see GSX-K-FM/FS/FH-2W Technical Specifications on page 3-13 for more information). The intermediate-reach single mode version is referred to as the GSX-K-FS2W; the long-reach single mode version is referred to as the GSX-K-FH-2W; and the multimode version is referred to as the GSX-K-FM-2W. The ports are color coded to differentiate the mode: multimode connectors are black, longhaul single mode connectors are yellow, and intermediate-reach single mode connectors are blue. (See Handling Fiber and Fiber Optic Connectors on page 3-10 for proper handling of SC connectors and fiber-optic cable.) The GSX-K-FM/FS/FH-2W takes advantage of new Gigabit Ethernet/Fast Ethernet ASIC technology known as “Kodiak.” This module provides 4 priority levels and 256 queues per Kodiak ASIC. ♦ Note ♦ Kodiak-based modules support up to 4 levels of priority (0-1, 2-3, 4-5, 6-7). This is not compatible with the implementation of VLAN priority of Mammoth-based modules. Kodiak based priority VLANs can only be used with other Kodiak based priority VLANs. With the optional HRE-X you can increase routing performance to 1.5 million packets per second per module and up to 12 Mpps in a fully-loaded 9-slot chassis. Page 3-12 Gigabit Ethernet Modules GSX-K-FM/FS/FH-2W Technical Specifications Number of ports 2 Connector Type SC Standards Supported 802-3z, 1000Base-LX, and 1000Base-SX Data Rate 1 Gigabit per second (full duplex) Maximum Frame Size 1,518 bytes MAC Addresses Supported 8,192 Connections Supported 1000Base-LX or 1000Base-SX connection to backbone or server Cable Supported Multimode and single mode Output Optical Power -9.5 to -4 dBm (Multimode) -9.5 to -3 dBm (Intermediate-reach single mode) 0 to +5 dBm (Long-reach single mode) Input Optical Power -17 to 0 dBm (Multimode) -20 to -3 dBm (Intermediate-reach single mode) -24 to -3 dBm (Long-reach single mode) Cable Distance Multimode fiber: ≈ 220 m Intermediate-reach single mode fiber: ≈ 10 km Long-reach single mode fiber: ≈ 70 km Current Draw 5.25 amps without an HRE-X 6.75 amps with an HRE-X ♦ Special Note ♦ The single mode version of this module has been deemed: CLASS 1 LASER PRODUCT LASER KLASSE 1 LUOKAN 1 LASERLAITE APPAREIL A LASER DE CLASSE 1 to IEC 825:1984/CENELEC HD 482 S1. Page 3-13 Gigabit Ethernet Modules Module Label. This label will indicate GSX-K sm CLASS 1 LASER PRODUCT Warning Label. This label indicates that the module contains an optical transceiver. O the GSX-K-FM/FS/FH-2W type. It will read either GSX-K mm (multimode cable), GSX-K sm (intermediate-reach single mode cable), or GSX sm K long reach ( long-reach single-mode cable). K1 O K2 1 2 X R TX K N LI This Gigabit Ethernet module includes one row of LEDs for each port. The LEDs for a given port dis- Port play in the row labeled with the LEDs port number. Definitions for the LEDs are given below. Module O K 1 ( H a r d w a r e S t a t u s ) . O n Green when the module has LEDs passed diagnostic tests successfully. On Red when the hardware has failed diagnostics. OK2 (Software Status). Blinking RX (Receive). On Green when TX the corresponding port is receiving data. 1 R TX (Transmit). On Green when X the corresponding port is transmitting data. LINK (Link Status/Disabled). TX 2 R X On Green when the corresponding port has a valid physical link and a signal is present. Under normal conditions, this LED should always be on when a cable is connected. Green when the module software was downloaded successfully and the module is communicating with the MPX . Blinking Red when the module is in a transitional state. On solid Red if the module failed to download software from the MPX. SC connectors will be color coded to indicate multimode (Black) or intermediate-reach single mode (Blue). 2-Port Advanced Gigabit Ethernet Switching Module Page 3-14 Auto-Sensing 10/100 Ethernet Modules Auto-Sensing 10/100 Ethernet Modules Alcatel’s Omni Switch/Router 10/100 Ethernet modules can be used to connect networks with a mix of 10 Mbps and 100 Mbps workstations or as a network backbone. The following Omni Switch/Router 10/100 and Fast Ethernet modules are available: • ESX-K-100C-32W Advanced switching module with thirty-two (32) auto-sensing 10/100 Mbps desktop connections using RJ-45 ports. This module is described and illustrated in the following sections. Ethernet RJ-45 Pinouts The figure and table below illustrate the pinouts used on RJ-45 ports in Omni Switch/Router 10/100 Ethernet modules. Ethernet RJ-45 Specifications 1 8 Pin Number Standard Signal Name 1 RD + 2 RD – 3 TD + 4, Not Used 5 Not Used 6 TD – 7 Not Used 8 Not Used ESX-K-100C-32W The ESX-K-100C-32W Omni Switch/Router 10/100 Ethernet switching module contains 32 ports that each support a fully switched 10 or 100 Mbps connection in full- or half-duplex mode. This module offers high density 10/100 connectivity for desktop connections. Each port can auto-sense the connection speed and automatically switch at that speed. You configure whether you want to use the auto-sensing functionality through the 10/100cfg command. By default, each port is configured to operate in half-duplex, auto-sensing mode. You can configure full-duplex mode on each port through 10/100cfg. Auto-sensing may be disabled to allow you to manually configure ports through the 10/100cfg command. An additional software command, 10/100vc, allows you to view the current line speed and link mode of each port connection. The 10/100cfg and 10/100vc commands are described in Chapter 15, “Managing Ethernet Modules.” Page 3-15 Auto-Sensing 10/100 Ethernet Modules The 32 RJ-45 ports may connect to unshielded or shielded twisted pair (UTP) cable (see ESXK-100C-32W Technical Specifications on page 3-17 for more information). Each port may connect to a single high-speed device or a hub serving multiple devices. The ESX-K-100C-32W can be used in the wiring closet with a mix of 100 Mbps Ethernet devices and 10 Mbps Ethernet devices that are transitioning to higher speed connections. Module ports are divided into four (4) banks of eight (8) ports. Ports are numbered from 1 to 8 within each of the four banks. The four banks are labelled A, B, C, and D. This grouping simplifies the display of LEDs, which are organized as a matrix (see 32-Port Advanced AutoSensing 10/100 Ethernet Switching Module on page 3-18). Software commands will number these ports 1 through 32, with Port A1 as 1, Port B1 as 9, C1 as 17, D1 as 25, etc. The ESX-K-100C-32W takes advantage of new Gigabit Ethernet/Fast Ethernet ASIC technology known as “Kodiak.” This module provides 4 priority levels and 256 queues per Kodiak ASIC. ♦ Note ♦ Kodiak-based modules support up to 4 levels of priority (0-1, 2-3, 4-5, 6-7). This is not compatible with the implementation of VLAN priority of Mammoth-based modules. Kodiak based priority VLANs can only be used with other Kodiak based priority VLANs. With the optional HRE-X you can increase routing performance to 1.5 million packets per second per module and up to 12 Mpps in a fully-loaded 9-slot chassis. Page 3-16 Auto-Sensing 10/100 Ethernet Modules ESX-K-100C-32W Technical Specifications Number of ports 32 Connector Type RJ-45 Standards Supported IEEE 802.3; IAB RFCs 826, 894 Data Rate 10 or 100 Mbps (full or half duplex) Maximum Frame Size 1,518 bytes MAC Addresses Supported ESX-K-100C-32W: 1,024 ESX-K-100C-32W4: 4,096 Connections Supported 10BaseT hub or device 100BaseTx hub or device Cable Supported 10BaseT Unshielded twisted-pair (UTP) 100BaseTx Unshielded twisted-pair: Category 5, EIA/TIA 568 Shielded twisted-pair Category 5, 100 ohm Maximum Cable Distance 100 m Current Draw 10.25 amps without an HRE-X 11.75 amps with an HRE-X Page 3-17 Auto-Sensing 10/100 Ethernet Modules ESX-K 10/100 OK1 A C 7 1 3 4 5 6 8 7 8 8 6 7 5 4 5 6 8 2 3 3 1 4 6 7 1 4 5 2 2 3 2 B D Each LED corresponds to a port on the module. When an LED is on Port Green continuously, a good cable LEDs connection exists. The LED will blink Green when traffic is transmitted or received on the port. 2x 3x A 5x 4x 7x 8x 1x 2x 3x B 5x 4x 7x 8x 1x 2x 3x C 5x 4x 7x 8x 1x 2x 3x D 5x 4x 7x 8x A 1x Green when the module software was downloaded successfully and the module is communicating with the MPX. Blinking Amber when the module is in a transitional state. On solid Amber if the module failed to download software from the MPX. 1 OK2 (Software Status). Blinking OK2 OK1 (Hardware Status). On Green when the module has passed diagnostic tests successfully. On Amber when the hardware has failed diagnostics or if the corresponding Module image file for the module is not in LEDs flash memory. 6x B 6x C 6x D 6x 32-Port Advanced Auto-Sensing 10/100 Ethernet Switching Module Page 3-18 Fast (100 Mbps) Ethernet Modules Fast (100 Mbps) Ethernet Modules Alcatel’s Omni Switch/Router Fast Ethernet modules can be used to connect networks with 100 Mbps workstations or as a network backbone. The following Omni Switch/Router Fast Ethernet modules are available: • ESX-K-100FM/FS-16W Advanced switching module with sixteen (16) Fast Ethernet (100 Mbps) backbone connections using MT-RJ ports. This module is described and illustrated in the following sections. ESX-K-100FM/FS-16W The ESX-K-100FM/FS-16W Omni Switch/Router Fast Ethernet switching module has sixteen (16) fiber MT-RJ ports that each support a fully-switched 100 Mbps connection in full-duplex mode. This module provides high-speed backbone connectivity. It also supports backbone features such as 802.1q and OmniChannel. Each port uses the full 100 Mbps of bandwidth in each direction (see ESX-K-100FM/FS-16W Technical Specifications on page 3-20). The single mode version is referred to as the ESX-K-100FS-16W; the multimode version is referred to as the ESXK-100FM-16W. Multimode and single mode connectors are differentiated by color: multimode connectors are black and single mode connectors are blue. ♦ Note ♦ If your network currently uses SC connectors, you can order MT-RJ-to-SC cables from Alcatel. The MT-RJ fiber port supports full-duplex operation. You can configure half-duplex mode on each port through 10/100cfg. An additional software command, 10/100vc, allows you to view the current line speed and link mode of each port connection. The 10/100cfg and 10/100vc commands are described in Chapter 15, “Managing Ethernet Modules.” The ESX-K-100FM/FS-16W is best used as a backbone connection in networks where Fast Ethernet is used as the backbone media. Each 100Base-Fx port may also connect to a single hightraffic device, such as a mail or file server. The ESX-K-100FM/FS-16W takes advantage of new Gigabit Ethernet/Fast Ethernet ASIC technology known as “Kodiak.” This module has provides 4 priority levels and 256 queues per Kodiak ASIC. ♦ Note ♦ Kodiak-based modules support up to 4 levels of priority (0-1, 2-3, 4-5, 6-7). This is not compatible with the implementation of VLAN priority of Mammoth-based modules. Kodiak based priority VLANs can only be used with other Kodiak based priority VLANs. With the optional HRE-X you can increase routing performance to 1.5 million packets per second per module and up to 12 Mpps in a fully-loaded 9-slot chassis. Page 3-19 Fast (100 Mbps) Ethernet Modules ESX-K-100FM/FS-16W Technical Specifications Page 3-20 Number of ports 16 Connector Type MT-RJ Standards Supported IEEE 802.3; IAB RFCs 826, 894 Data Rate 100 Mbps (full duplex) Maximum Frame Size 1,518 bytes MAC Addresses Supported 8,192 Connections Supported 100Base-Fx connection to backbone or server Cable Supported Multimode: 62.5/125 micron multimode fiber Single mode: single mode fiber Optical output power Multimode: -19 to -14 dBm Single-mode: -20 to -14 dBm Optical receiver sensitivity Multimode: -31 dBm Max. Single-mode: -31 dBm Max. Cable Distance Multimode: approximately 2 km Single-mode: approximately 15 km Current Draw 9.75 amps without an HRE-X 11.25 amps with an HRE-X Fast (100 Mbps) Ethernet Modules Module Label. This label will indicate ESX-K 100 sm CLASS 1 LASER PRODUCT Warning Label. This label indicates that the module contains an optical transceiver). O K1 O K2 9 5 1 13 14 15 16 2 Module O K 1 ( H a r d w a r e S t a t u s ) . O n Green when the module has LEDs passed diagnostic tests successfully. On Red when the hardware has failed diagnostics. 3 4 8 12 Each LED corresponds to a port on the module. When an LED is on Port Green continuously, a good cable connection exists. The LED will LEDs blink Green when traffic is transmitted or received on the port. the ESX-100FM/FS-16W type. It will read either ESX-K 100 mm (multimode cable) or ESX-K 100 sm (single mode cable). OK2 (Software Status). Blinking 1 2 3 4 Green when the module software was downloaded successfully and the module is communicating with the MPX . Blinking Red when the module is in a transitional state. On solid Red if the module failed to download software from the MPX. 5 6 7 8 9 MT-RJ connectors will be color coded to indicate multimode (Black) or single mode (Blue). 10 11 12 13 14 15 16 16-Port Advanced Fast Ethernet Switching Module Page 3-21 WAN Modules WAN Modules The Omni Switch/Router currently supports the following Wide Area Network (WAN) modules: • WSX-S-2W Provides two serial ports that support Frame Relay or PPP. • WSX-SC Provides four or eight serial ports that support Frame Relay or PPP with data compression. • WSX-FT1/E1-SC Provides one or two T1/E1 ports and one or two serial ports that support Frame Relay or PPP with data compression. • WSX-BRI-SC Provides one or two Universal Serial Ports (USPs) ports and one or two ISDN-BRI ports that support Frame Relay or PPP with data compression. All of these modules are described and illustrated in the sections beginning on page 3-27. A WSX switching module is actually a submodule, or daughtercard, that attaches to an Omni Switch/Router High-Speed Module (HSX). The HSX contains RISC processors, RAM for holding software image files, ASICs for performing switching, and Content Addressable Memory (CAM) for storing MAC addresses. You plug your cable into the WSX submodule, but it is the HSX module that connects to the switch’s backplane. WAN Pinouts The figures and tables on the following pages illustrate the pinouts used on Omni Switch/Router WAN modules. Please note that the signal commonly knows as “remote loopback” (LL) is not supported on the WAN serial port (see WAN Serial Port Specifications on page 3-25). In addition, CTP2, CTP1, and CTP0 are assigned to CS(B), DR(B), and CD(B), respectively, on the serial port. The later are not used in the cable configurations that require the former. See Appendix B, “Custom Cables,” for information on cables used to connect the serial connector to different interface types. Page 3-22 WAN Modules WAN BRI Port Specifications (S/T Interface) 1 8 Pin Number Standard Signal Name 1 Not Used 2 Not Used 3 Rcv + from TE 4, Rcv - from TE 5 Xmt + from TE 6 Xmt - from TE 7 Not Used 8 Not Used WAN BRI Port Specifications (U Interface) 1 8 Pin Number Standard Signal Name 1 Not Used 2 Not Used 3 Xmt to /Rcv from Network 4, Xmt to /Rcv from Network 5 Not Used 6 Not Used 7 Not Used 8 Not Used Page 3-23 WAN Modules WAN T1/E1 Port Specifications 1 8 Pin Number Standard Signal Name 1 Rx_Ring 2 Rx_Tip 3 Chassis GND 4, Tx_Ring 5 Tx_Tip 6 Chassis GND 7 Chassis GND (A jumper is provided for connecting Pins 7 and 8 to the chassis ground, if required.) 8 Chassis GND (A jumper is provided for connecting Pins 7 and 8 to the chassis ground, if required.) 1 13 14 26 WAN Serial Port Numbering Page 3-24 WAN Modules WAN Serial Port Specifications Alcatel SPI EIA-530 RS-449 Generic Signal Name Source Mnemonic Pin Mnemonic Pin Mnemonic Pin Shield -- Shield 1 -- 1 -- 1 Signal Ground -- AB 7 AB 7 SG 19 Transmitted Data DTE TD(A) 2 BA(A) 2 SD(A) 4 TD(B) 14 BA(B) 14 SD(B) 22 Received Data DCE RD(A) 3 BB(A) 3 RD(A) 6 RD(B) 16 BB(B) 16 RD(B) 24 TC(A) 15 DB(A) 15 ST(A) 5 TC(B) 12 DB(B) 12 ST(B) 23 TC(A) 17 DD(A) 17 RT(A) 8 TC(B) 9 DD(B) 9 RT(B) 26 XC(A) 24 DA(A) 24 TT(A) 17 XC(B) 11 DA(B) 11 TT(B) 35 RS(A) 4 CA(A) 4 RS(A) 7 RS(B) 19 CA(B) 19 RS(B) 25 CS(A) 5 CB(A) 5 CS(A) 9 CS(B) 13 CB(B) 13 CS(B) 27 DR(A) 6 CC(A) 6 DM(A) 11 DR(B) 22 CC(B) 22 DM(B) 29 TR(A) 20 CD(A) 20 TR(A) 12 TR(B) 23 CD(B) 23 TR(B) 30 CD(A) 8 CF(A) 8 RR(A) 13 CD(B) 10 CF(B) 10 RR(B) 31 Local Loopback DTE LL 18 LL 18 LL 10 Remote Loopback DTE RL 21 RL 21 RL 14 Ring Indicator DCE RI/TM 25 -- -- -- -- Test Mode DCE RI/TM 25 TM 25 TM 18 Cable Type 4 -- CTP4 18 n/c n/c Cable Type 3 -- CTP3 26 n/c n/c Cable Type 2 -- CTP2 13 Cable Type 1 -- CTP1 22 Cable Type 0 -- CTP0 10 Transmit Clock DCE Receive Clock DCE Ext. Transmit Clock DTE Request To Send DTE Clear To Send DCE Data Set Ready DCE Data Terminal Ready DTE Data Carrier Detect DCE continued on next page... Page 3-25 WAN Modules WAN Serial Port Specifications (cont.) X.21/X.26 RS232 Generic Signal Name Source Mnemonic Pin Mnemonic Pin Mnemonic Pin Shield -- -- 1 -- A -- 1 Signal Ground -- G 8 102 B AB 7 Transmitted Data DTE T(A) 2 103(A) P BA 2 T(B) 9 103(B) S Received Data DCE R(A) 4 104(A) R BB 3 R(B) 11 104(B) T -- -- 114(A) Y DB 15 114(B) AA DD 17 DA 24 Transmit Clock DCE Receive Clock Page 3-26 V.35 DCE S(A) 6 115(A) V S(B) 13 115(B) X B(A) 7 113(A) U B(B) 14 113 W C(A) 3 105 C CA 4 C(B) 10 Ext. Transmit Clock DTE Request To Send DTE Clear To Send DCE -- -- 106 D CB 5 Data Set Ready DCE -- -- 107 E CC 6 Data Terminal Ready DTE -- -- 108 H CD 20 Data Carrier Detect DCE I(A) 5 109 F CF 8 I(B) 12 Local Loopback DTE -- -- 141 L LL 18 Remote Loopback DTE -- -- 140 N RL 21 Ring Indicator DCE -- -- 125 J CE 22 Test Mode DCE -- -- 142 NN TM 25 Cable Type 4 -- n/c n/c Cable Type 3 -- n/c n/c Cable Type 2 -- Cable Type 1 -- Cable Type 0 -- WAN Modules WSX-S-2W The WSX-S-2W supports two (2) serial ports, which can provide access rates from 9.6 Kbps to 2 Mbps. The WSX-S-2W also supports three types of clocking (internal, external, and split). See WSX-S-2W Technical Specifications on page 3-27 for more information. ♦ Note ♦ The WSX-S-2W does not support hardware compression. The WSX-S-2W can sense and auto-configure for any of five serial cable types (RS-232, V.35, X.21, RS-530, and RS-449). A WSX-S-2W port is normally considered a physical DTE device. It can be turned into a physical DCE device—for speed or clocking purposes— by plugging in a DCE cable. The WSX-S-2W senses whether a DCE or DTE cable is connected. Software in the switch allows you to configure parameters for the Frame Relay or Point-toPoint Protocol (PPP). Software commands allow you to view the status of the WAN connection at the WSX-S-2W board, port, or virtual circuit level. Extensive statistics are provided at each level. Software commands for Frame Relay are described in Chapter 29, “Managing Frame Relay”; commands for PPP are described in Chapter 30, “Point to Point Protocol.” With the optional HRE-X you can increase routing performance to 1.5 million packets per second per module and up to 12 Mpps in a fully-loaded 9-slot chassis. WSX-S-2W Technical Specifications Number of ports 2 Connector Type High-density 26-pin shielded serial Protocols Supported Frame Relay and Point-to-Point (PPP) Data Rates Supported 9.6, 19.2, 56, 64, 128, 256, 512, 768, 1024, 1536, 2048 Kbps Clocking Internal, External, or Split Virtual Circuits Supported Permanent Virtual Circuits (PVCs) MAC Addresses Supported 4,096 Connections Supported Physical Data Terminal Equipment (DTE) or Data Communication Equipment (DCE) Cable Supported DTE or DCE in the following types: R2-232, V.35, X.21, RS-530, RS-449 Power Consumption 5.25 amps (without an HRE-X) 6.75 amps (with an HRE-X) Page 3-27 WAN Modules WSX O K1 O TX X R A OK2 (Software Status). Blinking 1 2 Green when the module software was downloaded successfully and the module is communicating with the MPX . Blinking Amber when the module is in a transitional state. On solid Amber if the module failed to download software from the MPX. 1 TX (Transmit). On “half- ST tinuously when the port connection is operational. Off when the port is disabled or the cable is detached. Blink- Port ing On/Off if cable is attached LEDs but receive control data is detected as down. This LED also blinks during initialization, diagnostics, or when invalid data is being exchanged on the port. K2 STA (Status). On Green con- OK1 (Hardware Status). On Green when the module has Module passed diagnostic tests successfully. On Amber when the LEDs hardware has failed diagnostics or if the corresponding image file for the module is not in flash memory. bright” Green when idle and Green with occasional flickers when the port is transmitting data. 2 RX (Receive). On “half-bright” Green when idle and Green with occasional flickers when the corresponding port is receiving data. 2-Port WAN Frame Relay Switching Module Page 3-28 WAN Modules WSX-SC The WSX-SC supports 4 or 8 serial ports, each of which can provide access rates from 9.6 Kbps to 2 Mbps. The 4-port version is referred to as the WSX-SC-4W, and the 8-port version is referred to as the WSX-SC-8W. The WSX-SC supports STAC hardware compression and three types of clocking (internal, external, and split). See WSX-SC Technical Specifications on page 3-30 for more information. The WSX-SC can sense and auto-configure for any of five serial cable types (RS-232, V.35, X.21, RS-530, and RS-449). A WSX-SC port is normally considered a physical DTE device. It can be turned into a physical DCE device—for speed or clocking purposes— by plugging in a DCE cable. The WSX-SC board senses whether a DCE or DTE cable is connected. Software in the switch allows you to configure parameters for the Frame Relay or Point-toPoint Protocol (PPP). Software commands allow you to view the status of the WAN connection at the WSX-SC board, port, or virtual circuit level. Extensive statistics are provided at each level. Software commands for Frame Relay are described in Chapter 29, “Managing Frame Relay”; commands for PPP are described in Chapter 30, “Point to Point Protocol.” With the optional HRE-X you can increase routing performance to 1.5 million packets per second per module and up to 12 Mpps in a fully-loaded 9-slot chassis. Page 3-29 WAN Modules WSX-SC Technical Specifications Number of ports 4 or 8 Connector Type High-density 26-pin shielded serial Protocols Supported Frame Relay and Point-to-Point (PPP) Data Rates Supported 9.6, 19.2, 56, 64, 128, 256, 512, 768, 1024, 1536, 2048 Kbps Compression Hardware-based using STAC 9705 Clocking Internal, External, or Split Virtual Circuits Supported Permanent Virtual Circuits (PVCs) MAC Addresses Supported 4,096 Connections Supported Physical Data Terminal Equipment (DTE) or Data Communication Equipment (DCE) Cable Supported DTE or DCE in the following types: R2-232, V.35, X.21, RS-530, RS-449 Power Consumption WSX-SC-4W without an HRE-X: 6.25 amps WSX-SC-4W with an HRE-X: 7.75 amps WSX-SC-8W without an HRE-X: 8.25 amps WSX-SC-8W with an HRE-X: 9.75 amps Page 3-30 WAN Modules WSX O The module includes one row of LEDs for each port. The LEDs for a given port are located in the row labeled with the port number. If the WSX module includes a total of eight ports, then the module contains two sets of four rows of LEDs. The second set of LEDs are located above the second set of ports. K1 Please refer to 2-Port WAN Module Frame Relay Switching Module on page 3-28 for further LEDs information on these LEDs. O K2 TX X R A ST 1 2 3 4 Ports 1 through 4 3 1 4 2 STA (Status). On Green con- TX X R A ST 5 6 7 8 tinuously when the port connection is operational. Off when the port is disabled or the cable is detached. Blinking On/Off if cable is attached but receive control data is detected as down. This LED also blinks during initialization, diagnostics, or when invalid data is being Port exchanged on the port. LEDs TX (Transmit). On “halfbright” Green when idle and Green with occasional flickers when the port is transmitting data. RX (Receive). On “half-bright” Ports 5 through 8 3 1 4 2 Green when idle and Green with occasional flickers when the corresponding port is receiving data. 8-Port WAN Frame Relay Switching Module Page 3-31 WAN Modules WSX-FT1/E1-SC The WSX-FT1/E1-SC module contains one or two T1 or E1 ports and one or two serial ports. T1 and E1 ports use RJ-48C connectors. The T1 version of this module is referred to as the WSX-FT1-SC; the E1 version is referred to as the WSX-FE1-SC. You can configure these ports to run either Frame Relay or the Point-to-Point Protocol (PPP). See WSX-FT1/E1-SC Technical Specifications on page 3-33 for more information. This module includes an integrated CSU/DSU to enable direct connection to a T1/E1 device, such as a PBX, or a T1/E1 line to a service provider. You can configure physical port parameters through software commands. Configuration options include frame format, facility datalink, and line coding. In addition, the switch can store up to 24 hours of local and remote statistics. See Chapter 33, “Managing T1 and E1 Ports,” for more information on software-configurable parameters. The WSX-FT1/E1-SC also supports STAC hardware compression. With the optional HRE-X you can increase routing performance to 1.5 million packets per second per module and up to 12 Mpps in a fully-loaded 9-slot chassis. Page 3-32 WAN Modules WSX-FT1/E1-SC Technical Specifications Number of ports 1 or 2 T1 or E1 ports 1 or 2 Universal Serial ports Connector Types T1/E1: RJ-48C Serial: High-density, 26-pin shielded Standards Supported RFCs 1406, 1213, 1659 Frame Formats T1: Superframe, Extended Superframe, Unframed E1: E1, E1-CRC, E1-MF, E1-CRC-MF, Unframed Line Coding T1: B8ZS or AMI E1: HDB3 or AMI Data Rates Supported T1: 1.544 Mbps E1: 2.048 Mbps Serial: 56, 64, 128, 256, 384, 512, 768, 1024, 1536, 1544, 2048 Kbps Compression Hardware-based using STAC 9705 Facility Datalink Protocol ANSI T1.403 and AT&T 54016 MAC Addresses Supported 4,096 Connections Supported Physical Data Terminal Equipment (DTE) or Data Communication Equipment (DCE) Cable Supported Serial Ports DTE or DCE of the following types: R2-232, V.35, X.21, RS-530, RS-449 Cable Distance T1/E1 (short haul): 200 meters T1/E1 (long haul): 1829 meters Power Consumption WSX-FT1/E1-SC-1W without an HRE-X: 5.75 amps WSX-FT1/E1-SC-1W with an HRE-X: 7.25 amps WSX-FT1/E1-SC-2W without an HRE-X: 7.25 amps WSX-FT1/E1-SC-2W with an HRE-X: 8.75 amps Page 3-33 WAN Modules WSX This module includes one set of LEDs for each port. The LEDs for a given port are located above the port. If the WSX module includes four ports, then the module contains two sets of LEDs. The second set of LEDs are located above the third and fourth ports. O K1 O K2 Please refer to 2-Port WAN Module Frame Relay Switching Module on page 3-28 for further LEDs information on these LEDs. STA (Status). On Green conM AL T A AC ST 1 2 X A TX R ST 1 tinuously when the port connection is operational. Off when the port is disabled or Serial the cable is detached. Blink- Port ing On/Off if cable is attached LEDs but receive control data is detected as down. This LED also blinks during initialization, diagnostics, or when invalid data is being exchanged on the port. 2 TX (Transmit). On “half- bright” Green when idle and Green with occasional flickers when the port is transmitting data. Port 1: T1 or E1 Port 2: Serial RX (Receive). On “half-bright” Green when idle and Green with occasional flickers when the corresponding port is receiving data. ALM (Alarm). On Green when the M AL T AC A ST 1 2 A X TX R ST Port 3: T1 or E1 1 Port 4: Serial T1/E1 Port LEDs port is enabled and a signal is present. On Yellow when an error has occurred on the port. ACT (Activity). On Green when the T1 or E1 port is transmitting or receiving data. 2 STA (Status). On Green continuously when the port connection is operational. Off when the port is disabled or the cable is detached. WAN 2-Port Serial and 2-Port Fractional T1/E1 Switching Module Page 3-34 WAN Modules WSX-FE1-SC Cabling/Jumper Settings The WSX-FE1-SC supports both twisted pair (120 Ohm) and coaxial (75 Ohm) cable types. The default is 120 Ohm. You must set a pair of jumpers (JP2 and JP4) on the back of the board to correspond to the type of cable you are using. For more detailed information on the types of cables to use with this module, see Appendix B, “Custom Cables.” The illustration below shows the correct jumper positions. ♦ Note ♦ JP3 is reserved. Do not set a jumper across JP3. Coax Twisted Pair JP4 JP2 Cable Termination Jumpers for WSX-FE1-SC Page 3-35 WAN Modules WSX-BRI-SC The ISDN Basic Rate Interface WAN Switching Module (WSX-BRI-SC) supports either one (1) serial port and one (1) BRI port or two (2) serial ports and two (2) BRI ports. The version with 1 serial port and 1 BRI port is referred to as the WSX-BRI-SC-1W; the version with 2 serial ports and 2 BRI ports is referred to as the WSX-BRI-SC-2W. See WSX-BRI-SC Technical Specifications on page 3-37 for more information. The serial port on a WSX-BRI-SC module is essentially the same as the serial ports found on the WSX-SC module. A WSX-BRI-SC serial port can detect, and configure itself, for any of five serial cable types (RS-232, V.35, X.21, RS-530, and RS-449). A WSX-BRI-SC serial port is normally considered a physical DTE device, but it can be turned into a physical DCE device—for speed or clocking purposes—by simply plugging in a DCE cable. The WSX-BRI-SC internally senses whether a DCE or DTE cable is connected and configures itself appropriately. The BRI port on the WSX-BRI-SC board can be configured as either a “U” or an “S/T” type of interface (the board is shipped set to “U”). Either type of interface supports two “B” channels operating at 56/64 Kbps and one “D” channel operating at 16 Kbps. Software running in the switch allows you to configure the operation of the Point-to-Point Protocol (PPP) over the serial port or the BRI port. The serial port can also support the Frame Relay protocol. The software commands used to configure PPP are described in Chapter 30, “Point-to-Point Protocol.” The software commands used to configure Frame Relay are described in Chapter 29, “Managing Frame Relay.” The software commands used to configure the WAN “links” that support PPP connections are described in Chapter 31, “WAN Links.” Finally, the software commands used to manage the ISDN ports are described in Chapter 32, “Managing ISDN Ports.” With the optional HRE-X you can increase routing performance to 1.5 million packets per second per module and up to 12 Mpps in a fully-loaded 9-slot chassis. Page 3-36 WAN Modules WSX-BRI-SC Technical Specifications Number of ports 1 or 2 pairs of a serial port and an ISDN Basic Rate Interface (BRI) port Serial Connector Type High-density 26-pin shielded serial BRI Connector Type RJ-45 Protocols Supported Point-to-Point Protocol (PPP); Frame Relay (supported on the serial port only) Data Rates Supported 2 “B” Channels at 56/64 Kbps 1 “D” Channel at 16 Kbps Compression Hardware-based using STAC 9705 MAC Addresses Supported 4,096 Serial Port Connections Supported Physical Data Terminal Equipment (DTE) or Data Communication Equipment (DCE) Serial Cables Supported DTE or DCE in the following types: R2-232, V.35, X.21, RS-530, RS-449 BRI Port Connections Supported “U” interface or “S/T” interface (jumper-selectable; “U” is shipping default) Maximum Cable Distance BRI: 100 m Switch Types Supported National ISDN-1, AT&T 5ESS, Northern Telecom DMS100, ETSI Euro-ISDN Net3 ISDN Standards Supported Q.921, Q.931, I.430, T1.601 Power Consumption WSX-BRI-SC-1W without an HRE-X: 4.75 amps WSX-BRI-SC-1W with an HRE-X: 6.25 amps WSX-BRI-SC-2W without an HRE-X: 5.25 amps WSX-BRI-SC-2W with an HRE-X: 6.75 amps Page 3-37 WAN Modules WSX O K1 O K2 Please refer to 2-Port WAN Module Frame Relay Switching Module on page 3-28 for further LEDs information on these LEDs. X ST AC 1 A TX R ST The WSX-BRI module includes one set of LEDs for each port. The LEDs for a given port are located in the set labeled with the port number. If the HSX module contains two WSXBRI daughter cards, the second set of ports (one Serial and one BRI) are numbered as Ports 3 and 4 respectively, and include their own separate set of LEDs that function exactly like those related to Ports 1 and 2. 2 U IF T A STA (Status). On Green con- Port 1: Serial Port 1 tinuously when the port connection is operational. Off when the port is disabled or the cable is detached. Blinking On/Off if cable is attached but receive control data is detected as down. This LED also blinks during initialization, diagnostics, or when invalid data is being exchanged on the port. 2 Port 2: BRI Port (“U” or “S/T”) TX (Transmit). On “half- bright” Green when idle and Green with occasional flickers when the port is transmitting data. RX (Receive). On “half-bright” A X TX R ST 1 2 IF U T AC A ST Green when idle and Green with occasional flickers when Port the corresponding port is LEDs receiving data. ACT (Activity). On Green when the ISDN-BRI port is sending or receiving data. 1 2 UIF (“U” Interface). On Green when the ISDN-BRI port is configured as a “U” type of interface. Off when the port is configured as an “S/T” type of interface. Port 3: Serial Port Port 4: BRI Port (“U” or “S/T”) STA (Port 2/4 Status). On Green continuously when the port connection is operational. Off when the BRI port is disabled or the cable is detached. This LED blinks during initialization. WAN 2-Port Serial and 2-Port BRI-ISDN Switching Module Page 3-38 WAN Modules Jumper Configuration for the “U” Interface (this is how the board is shipped) This is a simplified view of the bottom lower-right quadrant of the WSX-BRI submodule. Immediately above the BRI port are three jumper blocks labelled J14, J15, and J16. About two inches above and to the right is another jumper labeled J13. J13, J14, and J16 are used to switch between the “U” and “S/T” interfaces. J15 is used to set transmit and receive termination for the “S/T” interface. U S J13 Part Number and Serial Number label J16 J15 J14 The gray boxes are the jumper blocks S U S U TT S U RT TT RT S U BRI Port U S The small labels next to the jumper pins at J13, J14, and J16 indicate which pins must be bridged to set the BRI port to either the “U” or the “S/T” interface. J13 Part Number and Serial Number label J16 Small labels under the pins at J15 indicate which pins must be bridged to set Transmit Termination (tt) and Receive Termination (rt) to the “on” or “off” position (the two sets of letters with a line over them indicate the “off” settings). S U J15 S U J14 S U RT TT TT RT S U BRI Port Jumper Configuration for the “S/T” Interface (transmit/receive termination are set to “on”) Page 3-39 WAN Modules Page 3-40 4 The User Interface In order to configure parameters and statistics on the switch, you may connect it to a terminal, such as a PC or UNIX workstation, using terminal emulation software. The command interfaces used on the switch are part of the MPX executable image. When a switch boots up, the boot monitor handles the loading of this executable image and system startup. Once the image is loaded and initialized, the CLI starts. You access the command interfaces through a connection with the switch. This connection can be made directly to the serial port, through a modem, or over a network via Telnet. You can have up to four simultaneous connections to an Omni Switch/Router. (Please see Multiple User Sessions on page 4-33 for further details.) For Telnet access, you must first set up an IP address for the switch. See the Getting Started Guide that came with your switch for information on setting up an IP address and logging in. Overview of Command Interfaces The Alcatel Omni Switch/Router has two different command interfaces available for configuring parameters and viewing statistics. They are the User Interface (UI) and the Command Line Interface (CLI). Prior to software Release 4.4, the switch automatically booted up in the UI mode. In Release 4.4 and later, the Omni Switch/Router is factory-configured to boot up in the CLI mode. ♦ Terminology Notes♦ Command interface generically refers to any mechanism resident in the software that allows a user to change switch configurations or to display statistics. The UI is the original command interface used exclusively on all Alcatel Omni Switch/Router and OmniAccess products. The UI has its commands grouped into functional menus. Prior to software Release 4.1, the UI was the only command interface supported on the Omni Switch/Router products. The CLI is Alcatel’s text-based configuration interface that allows you to configure Omni Switch/Router and OmniAccess products using single-line text commands. The CLI was implemented in software Release 4.1 and higher. In release 4.4 and later it is the default interface. Page 4-1 Overview of Command Interfaces Changing Between the CLI and UI Modes Once you log on to the switch, the following screen displays. You must press the <Enter> key to start the command interface. ************************************************************************************* Alcatel Omni Switch/Router Copyright (c), 1994-2002 Alcatel Internetworking, Inc. All rights reserved. Omni Switch/Router is a trademark of Alcatel Internetworking, Incorporated, registered in the United States Patent and Trademark Office. Press ENTER to start -> After you press <Enter>, the CLI starts automatically and the following text displays. Entering command line interface. -> At this point, you are in the CLI mode and may configure the switch or display statistics using the commands described in the Text-Based Configuration CLI Reference Guide. If you want to use the UI command interface, type ui and press <Enter>. This causes the switch to leave the CLI mode and enter the UI mode, provided you are using a login with Read/Write privileges. You can verify that you are in the UI mode by typing ? to display the top-level menu for the UI as shown below. / %? Command --------------File Summary VLAN Networking Interface Security System Services Switch Help Diag Quit/Logout ? Main Menu -------------------------------------------------------------------------------------------Manage system files Display summary info for VLANs, bridge, interfaces, etc. VLAN management Configure/view network parameters such as routing, etc. View or configure the physical interface parameters Configure system security parameters View/set system-specific parameters1 View/set service parameters Enter Any to Any Switching menu Help on specific commands Display diagnostic level commands Log out of this session Display the current menu contents To change from the UI mode back to the CLI mode, type cli and press <Enter>. ♦ Note ♦ Note the default command prompt for the UI is / %. The default command prompt for the CLI is ->. You can change the UI system prompt by using the uic command. Page 4-2 Overview of Command Interfaces Exit the Command Interface To exit your current session with the switch from the CLI or the UI mode, type either quit or logout at the prompt, then press <Enter>. Your session is immediately terminated. ♦ Note ♦ If you forget which command interface mode you are in, type the ? character. If you are in the UI mode, the Main Menu will display as shown above. If you are in the CLI mode, the switch will show the following display. ^NO, SHOW, VOICE, SYSTEM, ACCOUNTING, . . . -> Page 4-3 UI to CLI Command Cross Reference UI to CLI Command Cross Reference The chapters in this Users Guide are organized around the UI commands as they are grouped into menus and sub-menus. Even though the Omni Switch/Router software has been changed to boot up in the CLI mode, the Users Guide conforms to its original design. The CLI commands are fully documented in the Text-Based Configuration CLI Reference Guide. This section presents the key UI commands that are explained in this User’s Manual along with their CLI equivalents. Where the CLI commands support partition management, these tables also list the partition management family to which the commands belong. Hardware Commands The hardware section of this manual set consists of Chapters 1 through 3. There are relatively few UI commands in this section because these chapters cover the hardware elements of the switch. The commands defined in these chapters are listed in the Hardware Table beginning on page 4-4. Hardware Table Chapter UI Command Equivalent CLI Commands PM Family 1, “OSR Chassis/Power Supplies” No UI commands are defined in this chapter. N/A N/A 2, “MPX” ethernetc ethernet management port view ethernet manage port GF-interface 3, “OSR Switching Modules 10/100cfg 10/100vc ethernet view interface fastethernet GF-interface Basic Switch Management Commands The table beginning on page 4-5 summarizes the features supported in the UI and the CLI for Chapters 4 through 11. Page 4-4 UI to CLI Command Cross Reference Basic Switch Management Table Chapter UI Command Equivalent CLI Commands PM Family 4, “The User Interface” alert, echo, history, kill, ping, pwd, timeout, who alert, echo, history, kill, ping, password, timeout, who No PM Support lookup, save, summary, uic, write Unsupported 5, “Installing Switch Software” ftp load primary, secondary ftp load primary, secondary GF-Ftp GF-File 6, “Configuring Management Processor Modules” configsync ethernetc imgsync mpm mpmget mpmload mpmreplace mpmrm mpmstore renounce secreset slipc sls swap syncctl takeover configuration copy ethernet management port image copy view mpm command load primary mpm file load secondary mpm file replace secondary mpm file remove secondary mpm file store secondary mpm file takeover reload secondary mpm slip view secondary mpm file swap configuration auto-copy takeover GF-File 7, “Managing Files” cd cp load newfs ftp ls pwd rm imgcl cd copy load newfs ftp ls password rm imgcl GF-CD GF-System GF-System GF-System GF-FTP GF-LS 18-User GF-RM GF-System 8, “Switch Security” pw reboot useradd userdel usermod userview asacfg secdefine password reboot now user no user user view user ldap server secure access filter secure access no filter view secure access filter security security custom security no custom 18-User GF-Reboot 18-User 18-User 18-User 18-User 1-Configuration GF-System GF-System GF-System GF-System GF-System GF-System Unsupported No PM Support secapply layer2auth, privs, secapply, secdefine, seclog, security continued on next page... Page 4-5 UI to CLI Command Cross Reference Basic Switch Management Table (continued) Chapter UI Command Equivalent CLI Commands PM Family 9, “Switch-Wide Parameters” cacheconfig camstat dt hrexassign hrexdisplay hrexhashopt hrexutil info memstat modvp newfs saveconfig slot syscfg systat configuration cache camstat dt hrexassign hrexdisplay hrexhashopt hrexutil info memstat modvp newfs configuration cache save slot syscfg systat No PM Support camcfg, fsck, sc, si, ss, taskstat Unsupported secdefine secapply secure access filter secure access no filter view secure access filter security security custom security no custom caplog, cmdlog, syslog, conlog, debuglog, swlogc Unsupported hdcfg health hmstat hpstat hreset health threshold view health statistics view health statistics view health statistics health statistics reset 10, “Switch Logging” 11, “Health Statistics” GF-System GF-System Network Management Commands The table on page 4-6 summarizes the commands supported in the UI and the CLI for Chapters 12 through 14. Network Management Table Chapter UI Command Equivalent CLI Commands PM Family 12, “Network Time Protocol” ntconfig, ntstats, ntadmin, ntaccess Unsupported No PM Support 13, “Configuring SNMP” snmpc snmps view snmp set snmp 6-SNMP 14, “RMON and DNS Resolver” res probes events names res view rmon probes view rmon events view dns GF-System chngmac Unsupported Page 4-6 UI to CLI Command Cross Reference Layer II Switching Commands The table on page 4-7 summarizes the features supported in the UI and the CLI for Chapters 15 through 18. Layer II Switching Table Chapter UI Commands Equivalent CLI Commands PM Family 15, “Managing Ethernet Modules” addprtcnl chnlinfo crechnl delchnl delprtchnl eth10/100vc eth10/100cfg static agg view statis linkagg number static linkagg number type no static linkgg number static agg no view interface fastethernet interface ethernet GF-Interface 16, “Managing 802.1Q Groups” cas, das, mas, vas All commands used to create, delete, modify and view a service, plus the message command are supported. GF-System 17, “Configuring Bridging Parameters” fddi, fsmt, fsid, fsmtc, fsstatus, fmac, fmaddr, fmstats, fmctrs, fport, fportstatus, fportctrs, fportc, macstat, slipc Supported 5-Bridge maccirstat, selgp, srsf, srtbcfg, srtbclrrif, srtbrif Unsupported actfstps, bps, dbrmap, fc, flc, fls, fs, fstps, fwt, macinfo, modvp, rts, srtbrif, stc, sts, stpc, stps, swchmac Supported autoencaps, ethdef, facdef, propipx, swchmac, trdef Unsupported 18, “Configuring Frame Translations” 5-Bridge Page 4-7 UI to CLI Command Cross Reference Groups, VLANs, Policies Commands The table beginning on page 4-8 summarizes the features supported in the UI and the CLI for Chapters 19 through 24. Groups, VLANs, Policies Table Chapter UI Command Equivalent CLI Commands PM Family 19, “Managing Groups and Ports” swch vi port encapsulation view group rules 2-Group autoencaps, ethdef, facdef, propipx, swchmac, trdef Unsupported 20, “Group and VLAN Policies” addqgp addvp cas cats group num 802.1q group num interface fddi svc, group 802.1q atm service group elan group group num no 802.1q group no elan group mobility group mobility view group group router, vlan router port mapping ingress no port mapping port mapping view port mapping port monitor configuration port monitor view port monitor resume port monitor group priority num view group priority no group group no interface view group auto view group virtual errors view group rules view ethernet view group virtual statistics view group virtual (ports) view group mobility crgp dats delqgp gmcfg gmstat gp modvl pmapcr pmapdel pmapmod pmapv pmcfg pmon pmstat pmp prty_mod prty_disp rmgp rmvp vats ve vi viqgp vs via vpl 21, “InterSwitch Protocols” at, br, pmd, prty_mod, vlan, vigl, viqgp Unsupported atvl fwtvl modatvl view vlan rules view group mac group mac, vlanmac, vlan user, vlan port, vlan chcp port, vlan dhcp mac, vlan protocol, vlan binding ip, vlan binding vap port vlan ip, vlan ipx view vlan rules view vlan rules vlap vap viatrl vivl vlap 2-Group 6-Group GF-System GF-System continued on next page... Page 4-8 UI to CLI Command Cross Reference Group, VLANs, Policies Table (continued) Chapter UI Commands Equivalent CLI Commands PM Family 22, “Managing AutoTracker VLANs” gmap, gmapst gmapgaptime gmapholdtime gmapuptime xmapst xmapls xmapcmntime xmapdisctime gmap gmap gap time gmap hold time gmap up time xmap, view xmap status view xmap, view xmap xmap common time xmap discovery time 6-Group 23, “Multicast VLANs” cats cratvl 6-Group rmatvl vag vats viatrl vimcvl vivl vpl group elan vlan, vlan router ip, vlan router ipx, vlan mac, vlan user, vlan dhcp port vlan dhcp nac, vlan protocol, vlan binding ip, vlan binding mac, vlan binding port vlan ip, vlan ipx multicast vlan, multicast vlan port multicast vlan mac, vlan protocol vlan binding ip, vlan binding mac vlan binding port, multicast vlan descr vlan default view group mac view group authenticated group mobility group authentication, group authentication protocol view multicast vlan group mac, group mac range, group user, group port, group dhcp port, group dhcp mac, group dhcp range group protocol, group binding ip, group protocol mac, group binding port, group ip, group ipx, vlan mac, vlan user, vlan port, vlan dhcp port, vlan dhcp mac, vlan protocol, vlan binding protocol, vlan binding mac, vlan binding port, vlan ip, vlan ipx no vlan view group authenticated view group auto view vlan rules view multicast vlan ports view group ports, view group vports view group mobility atvl, vigl, xip Unsupported crmcvl, modmcvl rmmcvl vimcrl vimcvl multicast vlan no multicast vlan view multicast vlan rules view multicast vlan crmcvl defvl fwtvl gmcfg gmstat mag mcvl modatvl 24, “AutoTracker VLAN Examples” GF-System Page 4-9 UI to CLI Command Cross Reference Routing Commands The table beginning on page 4-10 summarizes the features supported in the UI and the CLI for Chapters 25 through 27. Routing Table Chapter UI Command Equivalent CLI Commands PM Family 25, “IP Routing” All IP Routing commands are supported in the CLI. All IP Routing commands are supported in the CLI. 3-IP Routing GF-System 26, ”UDP Forwarding” aisr events icmps ipfilter ipmac ipr ips names ping probes ripflush rips risr snmpc iproute view rmon events view icmp rip filter view mac view ip route view ip traffic ip [no] domain-lookup ping view rmon probes ripflush rips no ip route snmp config, snmp community, snmp trap, broadcast, snmp trap unicast snmp station view snmp telnet ip-address view tcp users view tcp trace view udp users view ucp arp, clear arp-cache, view arp 3-IP Routing snmps telnet tcpc tcps traceroute udpl udps xlat 27, “IPX Routing” Page 4-10 chngmac, flush, flconfig, ipclass, ipdirbrcast, names, probes Unsupported relayc relays ip helper view ip helper stats avlbootmode, edit Unsupported No PM Support UI to CLI Command Cross Reference WAN Access Commands The table beginning on page 4-11 summarizes the features supported in the UI and the CLI for Chapters 28 through 34. WAN Access Table Chapter UI Command Equivalent CLI Commands PM Family 28, “WAN Switching Modules” wpadd wpdelete aaa 10-WAN 29, “Managing Frame Relay” fradd, frmodify dlci description status cir bc be bridge-group bridgepmode bridge check fcs strip routing-group trunking-group payload-compress FRF9 stac interface clock source clock rate lmi-type intf-type lmi-t391 dte lmi-n391 dte lmi-n392 dte lmi-n393 dte lmi-n392 dce lmi-n393 dce 10-WAN ppp-global authentication ppp-global sent-username ppp-global compress ppp-global bridging status ppp-global ip config admin status ppp-global ipx-status interface encapsulation ppp description status multilink compression bridge-group bridging bridge-mode bridge-check fcs strip routing-group ip status remote ip ip-address ipx-status authentication local-username sent-username max failure max configure max terminate retry timeout value 10-WAN frmodify 30, “Point-to-Point Protocol (PPP)” pppglobal pppadd, pppmodify continued on next page... Page 4-11 UI to CLI Command Cross Reference WAN Access Table (continued) Chapter UI Command Equivalent CLI Commands PM Family 31, “WAN Links” linkadd, linkmodify interface dialer status description inactivity-timer min call duration max call duration direction organization carrier delay timeout max retries retry delay failure delay phone number speed caller-id 10-WAN 32, “Managing ISDN Ports” isdnm interface bri switch-type spid1 phone 1 spid2 phone2 10-WAN 33, “Managing T1 and E1 Ports” temod, teccfg, tecfg channel-group description framing cablelength linecode fdl clock source loopback signalmode snmp trap link-status yellow send code non-facility signaling 10-WAN tebcfg bert pattern UI commands only. Unsupported 34, “Backup Services” Page 4-12 No PM Support UI to CLI Command Cross Reference Troubleshooting Diagnostics Commands The table beginning on page 4-13 summarizes the features supported in the UI and the CLI for Chapters 35 and 36 and Appendices A and B. Troubleshooting/Diagnostics Table Chapter/ Appendices UI Command Equivalent CLI Commands PM Family 35, “Troubleshooting” uic Unsupported No PM Support 36, “Running Hardware Diagnostics” diag Unsupported No PM Support A, “Boot Line Prompt” ethernetc ethernet manager port No PM Support B, “Custom Cables” No UI commands in this Appendix. No CLI commands in this Appendix No PM Support Page 4-13 User Interface Menu User Interface Menu This menu provides a top-level view of all UI menus. The commands are grouped together in the form of sub-menus. Within each sub-menu there is a set of commands and/or another sub-menu. Command --------------File Summary VLAN Networking Interface Security System Services Switch Help Diag Quit/Logout ? Main Menu -------------------------------------------------------------------------------------------Manage system files Display summary info for VLANs, bridge, interfaces, etc. VLAN management Configure/view network parameters such as routing, etc. View or configure the physical interface parameters Configure system security parameters View/set system-specific parameters1 View/set service parameters Enter Any to Any Switching menu Help on specific commands Display diagnostic level commands Log out of this session Display the current menu contents ♦ Note ♦ Although the commands are grouped in a sub-menu structure, any command may be entered from any submenu. You are not restricted to the commands listed in the current sub-menu. Page 4-14 Main Menu Summary Main Menu Summary These menus, their sub-menus, and sub-options are described in this manual. The following provides a brief overview of each item on this main menu. File. Contains options for downloading system software, listing software files, copying files, editing files, and deleting files. This menu is fully described in Chapter 7, “Managing Files.” Summary. Provides very basic information on the physical switch, such as its name, MAC address, and resets. It also provides options for viewing the virtual interface and information on the MIB. This menu is described in Chapter 9, “Switch-Wide Parameters.” VLAN. The main menu for configuring Groups, virtual ports, and AutoTracker VLANs. This menu also contains a sub-menu for configuring bridging parameters, such as Spanning Tree. Groups and ports are described in Chapter 19, “Managing Groups and Ports.” VLANs are described in Chapter 22, “Managing AutoTracker VLANs” and Chapter 23, “Multicast VLANs.” Bridging parameters are described in Chapter 17, “Configuring Bridging Parameters.” Networking. Contains menu options for managing internetworking protocols, such as SNMP and RMON (described in Chapters 13 and 14, respectively), IP (described in Chapter 25, “IP Routing,”) and IPX (described in Chapter 27, “IPX Routing”). Interface. The main menu for configuring parameters and viewing statistics for switching modules. This menu has sub-menus for managing Frame Relay and Fast Ethernet switching modules. In addition it includes a sub-option for configuring SLIP. These sub-menus are described in Chapters 15 through 16 and Chapter 29. Security. This menu contains options for changing a password and rebooting the system. It is described in Chapter 8, “Switch Security.” System. Contains a wide array of options for configuring and viewing information on a variety of switch functions. Options include displays of switch slot contents, configuring serial ports, and viewing CAM information. Commands used to configure User Interface display options are described in User Interface Display Options on page 4-30. Other System menu commands are described in Chapter 9, “Configuring Switch-Wide Parameters.” The System menu also includes a sub-menu option that provides additional commands for configuring the MPX module. This sub-menu is described in Chapter 6, “Configuring Management Processor Modules.” Services. Provides options for creating, modifying, viewing, and deleting Frame Relay services. Frame Relay services include bridging, routing, and trunking. Frame Relay services are described in Chapter 29, “Managing Frame Relay.” Switch. Provides options to precisely define frame translations. A MAC-layer type (Ethernet, Token Ring, etc.) may have more than one type of frame format, such as Ethernet or 802.3. But, by default, each MAC-layer type defaults to certain frame format upon translation. This menu allows you to define translations for each frame format. This menu is described in Chapter 18, “Configuring Frame Translations.” Help. Provides textual help on how to use the UI and on each menu or sub-menu. For the item of interest, enter help <sub-menu name> Page 4-15 General User Interface Guidelines Diag. This menu, fully available to the diag login account, contains commands to run diagnostic tests. It is described in Chapter 36, “Running Hardware Diagnostics.” Quit. ? Logs you out of the UI. You can also enter logout to exit. Displays the options for current menu. General User Interface Guidelines You can monitor and configure your switch in the following various ways: • The User Interface (UI): The UI is the original method of switch configuration. It is a textbased and menu-driven interface to which you can connect through the serial port, through a modem, or over a network via Telnet. You can have up to four simultaneous UI connections to an Omni Switch/Router. For Release 4.4 and later, the default for switch monitoring and configuration is the CLI mode. If you are using a login account with permission to use the UI command, you can enter the UI mode by entering the ui command at the CLI system prompt. • X-Vision: This purchasable network management software program consists of several powerful sub-applications that help you manage and monitor your network. X-Vision allows you to connect and configure multiple switches simultaneously. For more information, refer to X-Vision’s on-line help. • The Command Line Interface (CLI): The CLI is a new feature included with Release 4.1 that allows you to configure Omni Switch/Routers using single-line text-based commands that are entered through the local console. Improved readability, easy text editing of the configuration files, and simple cloning of switch configurations are among some of the advantages of the CLI. For more information, refer to the Text-Based Configuration CLI Reference Guide. Entering Command Names The UI is not case sensitive for commands, meaning that you may enter upper or lower case as you desire. However, command line assignments, configuration input, and logins are case sensitive. Except for the logout and quit commands, you only need to enter as much of the command that is unique. For example, if you want to execute the switch command you need only enter swi. If you enter only sw, the system will respond with a choice of the following: switch swch swchmac swap If you set the switch to the verbose mode you will see additional information on the screen (see Setting Verbose/Terse Mode for the User Interface on page 4-22). Non-unique command match, possible commands: switch Enter Any to Any Switching Menu swch Configure Any To Any Switching Port Translations swchmac View Per Mac Translation Options swap Change swap status of chassis swlogc Configure Switch Logging source/destination mapping and priority levels Page 4-16 General User Interface Guidelines ♦ Note ♦ If you cannot see a UI command confirmation prompt or if you do not get the command prompt after the completion of a command, press the <Enter> key to regain the prompt. Quitting a Command Many of the commands give you a list of parameters to change. With most commands you can enter in quit if you want to exit the command without making changes. If the quit parameter is not available, press Ctrl-d to abort the command without making changes. Scrolling If the screen scrolls up too far to read you can stop the incoming data by pressing Ctrl-s. The screen will stop and allow you to read the data. Press Ctrl-q to continue the data transmission. The UI Configuration Menu The User Interface (UI) Configuration menu consolidates the following UI commands into a single, easy-to-use menu: • chpr • more • ver • ter • timeout ♦ Note ♦ The switch’s prompt, more, verbose/terse, and timeout functions remain fully supported. However, if you enter any of the commands listed above, you will be redirected to the UI Configuration menu. To access the UI Configuration menu, type uic at the system prompt and press <Enter>. The following screen will be displayed: UI Configuration 1) Prompt 2) More 21) Lines 3) Verbose 4) Timeout : ‘$Menu-Path% ’ : on : 22 lines : off : 5 minutes Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) : Refer to the following sections for information on using the UI Configuration menu. Page 4-17 General User Interface Guidelines Configuring the System Prompt The uic submenu is listed under the system menu. The uic submenu allows you to change the system prompt. The prompt can be made up of literal information, system variable information, or a combination of the two. Literal information means that the prompt will reflect exactly what you type at the uic submenu. For example, Marketing 1 or Enter command:. System variable information means that the prompt will reflect the switch’s variable information, such as the current menu-path or the system name. Use $Menu-Path (case sensitive) to have the system prompt display the current menu-path name. Use $SysName to have the system prompt display the system name. You can also mix variables and literals such as $Menu-Path -> or $SysName Enter command:. ♦ Note ♦ The default system prompt is ->. To change the system prompt, type uic at the user prompt and press <Enter>. A screen similar to the following will be displayed. UI Configuration 1) Prompt 2) More 21) Lines 3) Verbose 4) Timeout : ‘$Menu-Path% ’ : on : 22 lines : off : 5 minutes Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) : Next, type 1=, followed by the desired prompt information, and press <Enter>. For example: 1=$SysName -> After you press <Enter>, the screen will be redrawn. Note that the prompt information at line 1 of the uic submenu has been changed. UI Configuration 1) Prompt 2) More 21) Lines 3) Verbose 4) Timeout : ‘$SysName -> ’ : on : 22 lines : off : 5 minutes Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) : Type save at the submenu prompt and press <Enter>. The system prompt has been successfully changed. Page 4-18 General User Interface Guidelines Configuring More Mode for the User Interface Enabling More Mode The more mode allows you to specify the maximum number of lines that will be scrolled to your workstation’s display. However, before you can specify the maximum number of lines that can be displayed, you must first verify that the more mode is enabled. To enable the more mode, type uic at the user prompt and press <Enter>. A screen similar to the following will be displayed. UI Configuration 1) Prompt 2) More 21) Lines 3) Verbose 4) Timeout : ‘$Menu-Path% ’ : off : 22 lines : off : 5 minutes Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) : Next, type 2=on at the submenu prompt and press <Enter>. The screen will be redrawn. Note that more mode is now set to on. UI Configuration 1) Prompt 2) More 21) Lines 3) Verbose 4) Timeout : ‘$Menu-Path% ’ : on : 22 lines : off : 5 minutes Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) : The switch’s default output display is 22 lines. If you want to change this value, type 21=, followed by the maximum number of lines to be displayed, and press <Enter>. For example: 21=50. After you press <Enter>, the screen will be redrawn. Note that the output display value at line 21 of the uic submenu has been changed. UI Configuration 1) Prompt 2) More 21) Lines 3) Verbose 4) Timeout : ‘$Menu-Path% ’ : on : 50 lines : off : 5 minutes Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) : Be sure to type save at the submenu prompt and press <Enter>. More mode is now enabled. Changing the More Mode Line Value If the switch’s more mode has already been enabled and you want to change the maximum number of lines to be displayed on your workstation, type uic at the user prompt and press <Enter>. Page 4-19 General User Interface Guidelines A screen similar to the following will be displayed. UI Configuration 1) Prompt 2) More 21) Lines 3) Verbose 4) Timeout : ‘$Menu-Path% ’ : on : 22 lines : off : 5 minutes Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) : Type 21=, followed by the maximum number of lines to be displayed, and press <Enter>. (The value may range from 0 to 2147483647.) For example: 21=2000. After you press <Enter>, the screen will be redrawn. Note that the output display value at line 21 of the uic submenu has been changed. UI Configuration 1) Prompt 2) More 21) Lines 3) Verbose 4) Timeout : ‘$Menu-Path% ’ : on : 2000 lines : off : 5 minutes Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) : Type save at the submenu prompt and press <Enter>. The more mode line value has been successfully changed. Page 4-20 General User Interface Guidelines Disabling More Mode To disable more mode, type uic at the user prompt and press <Enter>. A screen similar to the following will be displayed. UI Configuration 1) Prompt 2) More 21) Lines 3) Verbose 4) Timeout : ‘$Menu-Path% ’ : on : 22 lines : off : 5 minutes Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) : Next, type 2=off at the submenu prompt and press <Enter>. The screen will be redrawn. Note that more mode is now set to off. UI Configuration 1) Prompt 2) More 21) Lines 3) Verbose 4) Timeout : ‘$Menu-Path% ’ : off : 22 lines : off : 5 minutes Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) : Type save at the submenu prompt and press <Enter>. More mode is now disabled. ♦ Reminder ♦ The switch’s table filtering feature cannot be used when the more mode is disabled. For more information on UI table filtering, refer to UI Table Filtering (Using Search and Filter Commands) on page 4-38. Page 4-21 General User Interface Guidelines Setting Verbose/Terse Mode for the User Interface Enabling Verbose Mode When verbose mode is enabled, you are not required to enter a question mark in order to view the switch’s configuration menus. Instead, menus are displayed automatically. For example, if verbose mode is enabled and you enter summary at the user prompt, the Summary menu will be displayed automatically, as shown below: Command ss sc si Summary Menu Display MIB-II System group variables OmniSwitch chassis summary Current interface status Main File Interface Security Summary VLAN System Services Networking Help The switch’s default verbose mode setting is off, or disabled. To enable verbose mode, type uic at the user prompt and press <Enter>. A screen similar to the following will be displayed. UI Configuration 1) Prompt 2) More 21) Lines 3) Verbose 4) Timeout : ‘$Menu-Path% ’ : on : 22 lines : off : 5 minutes Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) : Next, type 3=on at the submenu prompt and press <Enter>. The screen will be redrawn. Note that verbose mode is now set to on. UI Configuration 1) Prompt 2) More 21) Lines 3) Verbose 4) Timeout : ‘$Menu-Path% ’ : on : 22 lines : on : 5 minutes Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) : Type save at the submenu prompt and press <Enter>. You will be returned to the user prompt. Verbose mode is now enabled. Page 4-22 General User Interface Guidelines Disabling Verbose Mode Although the terse command is no longer supported as of Release 4.1, disabling verbose mode via the uic submenu is the command equivalent. When verbose mode is disabled, configuration menus will not be displayed automatically. To display a current menu when verbose mode is disabled, you must type a question mark (?) and then press <Enter>. To disable verbose mode, type uic at the user prompt and press <Enter>. A screen similar to the following will be displayed. UI Configuration 1) Prompt 2) More 21) Lines 3) Verbose 4) Timeout : ‘$Menu-Path% ’ : on : 22 lines : on : 5 minutes Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) : Next, type 3=off at the submenu prompt and press <Enter>. The screen will be redrawn. Note that verbose mode is now set to off. UI Configuration 1) Prompt 2) More 21) Lines 3) Verbose 4) Timeout : ‘$Menu-Path% ’ : on : 22 lines : off : 5 minutes Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) : Type save at the submenu prompt and press <Enter>. Verbose mode is now disabled. Page 4-23 General User Interface Guidelines Configuring the Auto Logout Time When the switch detects no user activity on the UI for a certain period of time, it automatically logs the user out of the system. By default, this automatic logout occurs after 4 minutes of console inactivity. You can configure the automatic logout to range from 1 minute to 35,791,394 minutes. To set a new automatic logout time, type uic at the user prompt and press <Enter>. A screen similar to the following will be displayed. UI Configuration 1) Prompt 2) More 21) Lines 3) Verbose 4) Timeout : ‘$Menu-Path% ’ : off : 22 lines : off : 5 minutes Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) : Next, type 4=on, followed by the desired automatic logout time, and press <Enter>. For example: 4=15. After you press <Enter>, the screen will be redrawn. Note that the automatic logout time at line 4 of the uic submenu has been changed. UI Configuration 1) Prompt 2) More 21) Lines 3) Verbose 4) Timeout : ‘$Menu-Path% ’ : on : 22 lines : off : 15 minutes Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) : Be sure to type save at the submenu prompt and press <Enter>. The automatic logout time has been successfully changed. ♦ Note ♦ The automatic logout value you enter takes effect immediately; you do not have to reboot the switch. In addition, the timeout parameter you enter is saved. Later sessions using this account will have the same automatic logout parameter until you change it. Page 4-24 General User Interface Guidelines Viewing Commands If at any time you are not sure of the commands available, enter ? and you will be given a list of the commands in the current sub-menu. Following each list of commands is a list of submenus. You can go directly to any sub-menu in the list. You can specify whether the full menu will be displayed when you enter a command for a menu or sub-menu and the amount of information you receive when you run the help command. (Refer to Setting Verbose/Terse Mode for the User Interface on page 4-22 for more information.) Additionally, there is a lookup facility to assist with administrative tasks. You can look up any command name or prefix as follows: lookup vlans or to see all commands starting with v use: lookup v* To see all commands available, enter: lookup * Changing Passwords The pw command is used to change passwords and is described in Chapter 8, “Switch Security.” Page 4-25 General User Interface Guidelines Command History and Re-Executing Commands The history command displays up to 50 commands numbered in order with the most recently executed command listed last. The following is a typical example of the history command. 1: view mpx.cmd 2: vlan 3: at 4: atvl 5: vimcvl 6: mcvl 7: vivl 8: fwtvl 9: xlat 10: history In the example above, the history command is listed last because it is the one that was executed most recently. If you want to re-execute the last command, enter two exclamation points (!!). In the example above, you could re-execute the history command by entering !! at the system prompt. You can also display a specific number of commands by entering history followed by a number less than or equal to the number of commands in the history buffer. For example, if you entered history 5 in the example above you would see the following: 7: vivl 8: fwtvl 9: xlat 10: history 11:history 5 The UI also provides several other ways to re-execute earlier commands. For example, you can re-execute a specific command shown in the history list by entering an exclamation point (!) followed by the number to the left of that command shown in the history list. In the example at the beginning of this section, entering !2 would re-execute the vlan command. You can also re-execute a command a set number of commands back by entering an exclamation point and a minus sign (!-) followed by that set number of commands back. In the example at the beginning of this section, entering !-3 would re-execute the fwtvl command. Page 4-26 General User Interface Guidelines In addition, you can re-execute a command by entering an exclamation point (!) followed by the first character(s) of the most recently executed command. In the example at the beginning of this section, entering !vim would re-execute the vimcvl command. Entering !vi however, would re-execute the vivl command because it is the most recently executed command beginning with vi. You can also re-execute the most recently executed command containing a string of characters by entering an exclamation point and a question mark (!?), followed by the string of characters, and an optional question mark (?) which acts as a “wild card.” In the example at the beginning of this section, entering !?lan? at the system prompt would re-execute the vlan command. Entering !?la? however, would re-execute the xlat command because it is the most recently executed command containing la. Commands in the history buffer can be modified by adding a parameter, when it is applicable. For example, if you entered !7 3/1 in the example at the beginning of this section you would execute the command vivl 3/1. Page 4-27 General User Interface Guidelines Abbreviating IP Addresses The Omni Switch/Router software provides the user with a more concise way to enter the dotted decimal format of a 32-bit IP address. The new syntax conforms to the traditional Internet interpretation. Several examples of abbreviated IP addresses are shown in the table below. The first column of the table lists examples of abbreviated IP addresses, and the second column shows how the system interprets the abbreviated address. Abbreviated IP Address Formats Sample User Entry IP Address 198 0.0.0.198 198. 198.0.0.0 198.. 198.0.0.0 198... 198.0.0.0 198.206 198.0.0.206 198..206 198.0.0.206 198..206. 198.0.206.0 198...206 198.0.0.206 198.206. 198.206.0.0 198.206.. 198.206.0.0 198.206.182 198.206.0.182 198..206.182 198.0.206.182 198.206..182 198.206.0.182 198.206.182. 198.206.182.0 198.206.182.158 198.206.182.158 As shown in the table above, the system performs two important steps to ensure that the IP address is valid. First, it puts zeroes when you do not specify the number. Second, the system will insert as many zeroes as needed to the right of a period. Page 4-28 General User Interface Guidelines This abbreviated IP address format can be used with the ftp, telnet, crgp, modvl, ping, snmpc, and xlat commands. For example, to ping the IP address 198.0.0.2, you can abbreviate this IP address by entering ping 198.2 at the system prompt. After you answer a few prompts (see Chapter 25, “IP Routing” for more information on the ping command), something similar to the following will be displayed. Ping starting, hit <Enter> to stop PING 198.0.0.2: 64 data bytes [0 ] T ----198.0.0.2 PING Statistics---1 packets transmitted, 0 packets received, 100% packet loss In addition, the IP subnet mask 255.255.0.0 can be abbreviated in the following ways: • 255.255. • 255.255.. Page 4-29 User Interface Display Options User Interface Display Options The System menu several commands to configure help information, character display, and the system prompt for the UI. Enter system at the system prompt to enter the System menu. Press the question mark (?) to see the System menu commands, as shown below. Command info dt ser mpm slot systat taskstat memstat fsck newfs syscfg uic camstat camcfg hrex ver/ter echo/noecho chpr logging health cli/exit saveconfig cacheconfig System Menu Basic info on this system Set system date and time View or configure the DTE or DCE port Configure a Management Processor Module View Slot Table information View system stats related to system, power and environment View task utilization stats View memory use statistics Perform a file system check on the flash file system Erase all files from /flash & create a new file system View/Configure info related to this system UI configuration; change - prompt, timeout, more, verbose. View CAM info and usage Configure CAM info and usage Enter HRE-X management command sub-menu Enables/disables automatic display of menus on entry (obsolete, use ‘uic’ command) Enable/disable character echo Change the prompt for the system (obsolete, use ‘uic’ command) View system logs. Set health parameters or view health statistics Enter command line interface Dump the cache configuration content to the mpm.cfg file. Set the flag to use cache configuration only. Main File Interface Security Summary VLAN System Services Networking Help For information on the info, dt, ser, slot, systat, taskstat, memstat, fsck, newfs, syscfg, camstat, and hrex commands, refer to Chapter 9, “Switch-Wide Parameters.” The mpm command is described in Chapter 6, “Configuring Management Processor Modules.” The ver/ ter and chpr commands are described earlier in Setting Verbose/Terse Mode for the User Interface on page 4-22. The echo/noecho command is described in the following section. The cli command is described earlier in Changing Between the CLI and UI Modes on page 4-2. The logging command is described in Chapter 10, “Switch Logging.” camcfg, ♦ Note ♦ The ver/ter, and chpr commands now appear as items in the UI Configuration menu (displayed through the uic command). If you enter the ver/ter and chpr commands, a message will advise you to use the uic command, and the UI Configuration menu will automatically display. For more information on the UI Configuration menu, refer to The UI Configuration Menu on page 4-17. Page 4-30 User Interface Display Options Setting Echo/NoEcho for User Entry You can determine whether your entries will appear by enabling the echo for user entries. The default is to echo all characters. To enable the echo, enter echo at the system prompt. Everything you enter will be displayed. For example, if you enter history at the system prompt, it will be displayed on your terminal, as shown in the example below. / %history If your terminal echoes characters locally it is a good idea to set the UI to noecho to avoid repeated characters. To disable the echo, enter noecho at the system prompt. For example, if your terminal echoes characters locally, you would see something like the following if you entered history. / %history If your terminal does not echo characters locally, nothing you enter will be displayed. For example, if you enter history at the system prompt, it will not be displayed on your terminal, as shown in the example below. /% Setting the Login Banner The login banner feature allows you to change the banner that displays whenever someone logs into the UI. This feature can be used to display messages about user authorization and security. You can display the same message for all login sessions or you can display different messages for login sessions initiated by the console, ftp or Telnet access. The default login message looks like this: This product includes software developed by the University of California Berkeley and its contributors. Welcome to the Alcatel Omni Switch/Router ! Version 4.4 login: Here is an example of a banner that has been changed: This product includes software developed by the University of California Berkeley and its contributors. * * * LOGIN ALERT * * * This is a secure device. Unauthorized use of this switch will result in criminal prosecution. login: Page 4-31 User Interface Display Options Creating a new Banner Three steps are required to change the login banner. They are listed here. • Create a text file containing the new banner in the switch’s flash directory. • Add the UI_add_do_alert() command syntax to the switch’s mpx.cmd file. • Enable the feature by executing the alert {console | telnet | ftp} command. To create the text file containing your banner you may use the create file command in the UI’s edit buffer sub-menu. This method allows you to create the file in the flash directory without leaving the UI console session. You can also create the text file in an external editor (such as MS Wordpad) and ftp the file to the switch’s flash directory. In either case, be sure to remember the name of your file. To add the ui_add_do_alert() command syntax to the switch’s mpx.cmd file, use the edit command of the UI’s file sub-menu. (For information on using the file sub-menu, refer to Chapter 7, “Managing Files”). To enable the new login banner, add the alert {console |telnet | ftp} syntax to the mpx.cmd file, using the edit command of the UI’s file sub-menu. This command will cause the banner message to display at each login until the switch is rebooted. After a reboot, the switch will not display the banner unless the alert command is executed again. Permanent Banner If you want the banner message to display after the system has been rebooted, you must add additional lines to the mpx.cmd file. The following example lists the commands you must add to the mpx.cmd file. This example uses a banner text file with the name “banner.txt”. cmDoDump=1 cmInit ui_add_do_alert() change_prompt_file(“console”, “banner.txt”) change_prompt_file(“telnet”, “banner.txt”) ♦ Note ♦ Any commands added to the mpx.cmd file must be added after the lines cmDoDump=1 and cmInit. If the commands in the mpx.cmd file are not in the proper order the switch may not boot properly. Banners for Different Access Methods You may use different banners for sessions accessed by console, Telnet or ftp methods. To do this, create different text files for each banner with unique filenames. When you add the commands to the mpx.cmd file, use the filenames to associate the banner with the session access methods. Here is an example: cmDoDump=1 cmInit ui_add_do_alert() change_prompt_file(“console”, “console_banner.txt”) change_prompt_file(“telnet”, “telnet_banner.txt”) change_prompt_file(“ftp”, “telnet_banner.txt”) Page 4-32 Login Accounts Login Accounts The UI provides three default login accounts—Administrator, User and Diagnostics. The Administrator login provides full access to all functions. The initial login name for an Administrator account is admin. The Diagnostics login also has full access to all switch functions plus a special sub-menu with a set of switching module tests. The initial login name for Diagnostics is diag. The User login has read-only privileges to the switch. The initial login name for a User account is user. The password for each of these default login accounts is switch. ♦ Note ♦ In software release 4.3, the user login account with read-only privileges is not included automatically. ♦ Note ♦ You can configure new and delete existing login accounts with the useradd UI command, that is described in Chapter 8, “Switch Security.” Multiple User Sessions You can have up to four simultaneous connections to an Omni Switch/Router. One connection can be made to the console port, two can be made through Telnet, and one connection can be made to the modem port if you are connecting to an Omni Switch/Router. ♦ Note ♦ For software Releases 4.4 and later, more than one login account with write privileges can be active at the same time. For software Release 4.3 and earlier, only one login account with write privileges was allowed on the switch at the same time. In this case, the first switch user who logged on as either admin or diag would be the only user with the write privilege. Subsequent users who logged on as either admin or diag would not have the write privilege and would be unable to perform any functions that change switch parameters. These users would also see a message that informs them they do not have the write privilege when they log on. For example, a user who logs on as admin when another user already has the write privilege will see the following message: You are logged in as 'admin' without the WRITE privilege. The WRITE privilege is currently in use by another user. However, users who log on as either admin or diag without the write privilege can “kill” the session of the user with the write privilege and gain that privilege for themselves. This is described in Deleting Other Sessions on page 4-35. If you try to log on when the limit of user has been reached (e.g., you attempt a Telnet connection when there are two users currently connected through Telnet), you will see the following message: Sorry, reached maximum number of sessions. Page 4-33 Multiple User Sessions Listing Other Users To display all the users currently logged on to the switch, type who at the system prompt. The following is an example of the display shown where two Telnet sessions are logged in, one as admin and the other as user. SESSION 3 4 USER READ admin 000000008007fffd (123.456.78.910) rrtest1 000000008007fffd (123.456.78.910) PRIVILEGES WRITE 000000008007fffd GLOBAL 00000000007fffff TTY 000000008007fffd 0000000000000000 /pty/telnetB /pty/telnetA You can also display information about just your session by typing who am i at the system prompt. The following is a typical example of the output. SESSION 3 USER READ admin 000000008007fffd (123.456.78.910) PRIVILEGES WRITE 000000008007fffd TTY GLOBAL 00000000007fffff /pty/telnetA The following sections describe the parameters shown by the who command. SESSION. The session number of the user. A 0 indicates that the user is connected through the console port, a 1 indicates that the user is connected through the modem port, and a 2 or 3 indicates that the user is connected through Telnet. The session number is used with the write and kill commands described in Communicating with Other Users on page 4-35 and Deleting Other Sessions on page 4-35, respectively. USER. The administrative level of the user. This will be admin, user or diag. PRIVILEGES. The privilege level of the user. The READ, WRITE and GLOBAL privileges are indicated in hexadecimal numbers. TTY. Type of connection. This shows whether the user is connected by Telnet, the modem port, or the console port. If the connection is via Telnet, the IP address of the connecting workstation is also shown. Page 4-34 Multiple User Sessions Communicating with Other Users If you want to send a message to another user, enter write followed by the user’s session number. If you wanted to send a message to a user connected on the console port (session 0), you would enter write 0 at the system prompt. The switch would then display Enter message. (End with CTRL-D or 'exit') Everything you type now will by sent to the user connected on the console port until you press CTRL-D or enter exit on a line by itself. Here is an example of the write command: write 0 I need the write privilege exit The user receiving the message would see the following: Message from user 'admin' on session 3. I need the write privilege End of message. If you enter an invalid session number, the switch will display an error message. For example, if you entered write 1 at the system prompt and no user was connected through the modem port (session 1), the switch would display ERROR: Session 1 is an invalid session number. Note After you have received a message or after you have written a message you must press the <Enter> key to regain the system prompt. Deleting Other Sessions If you are logged on as admin or diag, you can kill the session of another user. For example, if you want the write privilege and you are logged on as diag or admin, you must end the session of the user who currently has the write privilege with the kill command. The syntax for the kill command is as follows: kill [[-t <timeout>] -f] <session_number> The session_number is assigned by the switch and can be displayed with the who command, which is described in Listing Other Users on page 4-34. If you do not use the -f option, then the system will wait until the other user presses <Enter> or finishes his current command. If you do use this option, then the other user’s session will be terminated immediately. The -t option can be used with the -f option to set the amount of time before the other user’s session is terminated. See Advanced Kill Command Options on page 4-37 for descriptions of the -f and -t options. Page 4-35 Multiple User Sessions For example, to end the session of the user connected to the console port (session 0) and let him finish his current command, you would enter kill 0 at the system prompt. The system would then display something similar to the following: Press <Enter> to cancel. Trying............................................................................... The user losing the write privilege would see something similar to the following: Your session will be killed by user 'admin' on session 3 as soon as you finish this command or press return. After the user with the session being killed has finished his work, he will be logged off. If the user who was logged off had the write privilege, you will gain the write privilege and a message similar to the following will be displayed. Done. You have gained the WRITE privilege You can use the who command to confirm that you now have the write privilege. In addition, the session number used in the kill command must be valid. If, for example, you entered kill 1 and no user was connected to the modem port (session 1), the system would display the following: ERROR: Session 1 is an invalid session number. Also, you cannot use the kill command to end your own session. For example, if your session number is 3 and you entered kill 3 the system would display the following: ERROR: You cannot kill your own session. Instead, use the quit or logout command if you want to log out. Page 4-36 Multiple User Sessions Advanced Kill Command Options You can also kill the session of a user immediately by adding the parameter -f followed by the session number of the user. This option will kill the user’s session before he can finish his current command. In addition, this option will end the user’s sessions without waiting for him to press <Enter>. This option can be used to log off a user with the write privilege who forgot to log out and then gain the write privilege for yourself. If you wanted to kill the session of the user with a session number of 2 immediately, you would enter kill -f 2 at the system prompt. The default timeout for the kill command is 2 seconds. You can modify the duration of the timeout by using -t option in conjunction with the -f option. To use the timeout option, enter kill, followed by -t, the number of seconds for the timeout, -f, and the session number of the user. For example, if you wanted to kill the session of the user with a session number of 2 in 15 seconds, you would enter kill -t15 -f 2 at the system prompt. The valid range for the timeout is 1 to 240 seconds. ♦ Note ♦ You cannot use the timeout option (-t) unless you also use the -f option. Page 4-37 UI Table Filtering (Using Search and Filter Commands) UI Table Filtering (Using Search and Filter Commands) The amount of information displayed in UI tables can be extensive, especially with larger networks. Common UI commands, such as ipr, vivl, macinfo, and fwt, often return multi-page tables. The user can locate specific information in these large tables through the More? UI prompt. The More? prompt appears whenever the maximum number of table entries designated by the more command has been reached (the more command’s default is 22 lines). Note that if a table exceeds 22 lines, and the more mode has been configured to display more than 100 lines, the following message appears: Screen Size larger than 100 Lines, Displaying with 22 Lines (Press Any Key) After pressing any key, only the page of the table is displayed, followed by the More? prompt. ♦ Important Note ♦ The switch’s more mode is active by default. If the more mode is turned off, the Search and Filter commands cannot be used. For more information on the more command, see The UI Configuration Menu on page 417. A typical More? UI prompt will look like this: 1 4/6 Brg/ 1/ na 0020da:030995 Tns DFLT Enabld Inactv Disabl AutoSw 1 4/7 Brg/ 1/ na 0020da:030996 Tns DFLT Enabld Inactv Disabl AutoSw 1 4/8 Brg/ 1/ na 0020da:030997 Tns DFLT Enabld Inactv Disabl AutoSw 1 5/1 Brg/ 1/ na 0020da:854050 Tns DFLT Enabld Inactv Disabl AutoSw More? [<SP>,<CR>,/,F,N,Q,?] At the More? prompt, the user is given a list of options, which includes the Search (/) and Filter (F) commands: <SP> Press <SP> (space bar) to display the next page of information. <CR> Press <CR> (character return) to display the next line of information. / Press / to enter the Search mode. F Press F to enter the Filter mode. N Press N to renew the search, starting from the next line in the UI table. Q Press Q to exit the More? prompt. ? Press ? to enter the More? command Help Menu. These commands are available for admin and diag login sessions. Please refer to the following sections for more information on the Search and Filter commands, as well as renewing a search, combining Search and Filter commands, and using wildcards. Page 4-38 UI Table Filtering (Using Search and Filter Commands) The Search Command Starting from the page being displayed, the Search command (/) searches all lines of a UI table for a specified text pattern (up to 80 characters). The first line containing the pattern is brought to the top of the page, followed by any remaining lines in the table. Searches cannot be limited to a specific column or heading. To use the Search command, type / at the More? prompt, followed by the text pattern you are looking for, then press <Enter>. ♦ Important Note ♦ The Search command is case sensitive. When using this command, be sure to type the text pattern exactly as it would appear in the UI table. Real World Example The following example uses the Search command to locate a specific MAC address in the table. (Before using this example, be sure that the more mode is enabled and the default is set at 22 lines. For more information, refer to page 4-38.) macinfo 1. Type macinfo and press <Enter>. The following screen will be displayed: Enter MAC address ([XXYYZZ:AABBCC] or return for none) : Press <Enter> again. A screen similar to the following will be displayed: Enter Slot Number (1-5) : Type the slot number for the module containing the relevant MAC address information (e.g. 3), then press <Enter>. A table similar to the following will be displayed: Total number of MAC addresses learned for this slot: 58 Non-Canonical Group CAM Sl/ If/ Service/ In MAC Address MAC Address T ID Indx ----------------------- -------------------------- ------------------------ --- -------- -------3/ 1/ Brg/ 1 00A0C9:064D04 000593:60B220 E 1 7024 3/ 1/ Brg/ 1 006008:C1D7C2 000610:83EB43 E 1 7030 3/ 1/ Brg/ 1 0020DA:88F110 00045B:118F08 E 1 70E6 3/ 1/ Brg/ 1 0020DA:B6FF12 00045B:6DFF48 E 1 7094 3/ 1/ Brg/ 1 0020DA:8A7DC0 00045B:51BE03 E 1 705A 3/ 1/ Brg/ 1 0020DA:A67FA2 00045B:65FE45 E 1 7120 3/ 1/ Brg/ 1 0020DA:024F75 00045B:40F2AE E 1 710C 3/ 1/ Brg/ 1 0020DA:9B88E4 00045B:D91127 E 1 70EE 3/ 1/ Brg/ 1 0020DA:9C062B 00045B:3960D4 E 1 7074 3/ 1/ Brg/ 1 0020DA:79F062 00045B:9E0F46 E 1 70D2 3/ 1/ Brg/ 1 006008:991CA7 000610:9938E5 E 1 701C 3/ 1/ Brg/ 1 0020DA:936A8F 00045B:C956F1 E 1 712A 3/ 1/ Brg/ 1 0020DA:9CEAC5 00045B:3957A3 E 1 70CC 3/ 1/ Brg/ 1 0020DA:9B9B54 00045B:D9D92A E 1 70D6 3/ 1/ Brg/ 1 0020DA:7AAE24 00045B:5E7524 E 1 70B8 3/ 1/ Brg/ 1 0020DA:A9EEB3 00045B:9577CD E 1 710A 3/ 1/ Brg/ 1 0020DA:8DB20B 00045B:B14DD0 E 1 7080 3/ 1/ Brg/ 1 0020DA:9F6B82 00045B:F9D641 E 1 70F4 3/ 1/ Brg/ 1 0020DA:8762A3 00045B:E146C5 E 1 7126 3/ 1/ Brg/ 1 006008:C1D7C2 000610:83EB43 E 1 7030 More? [<SP>,<CR>,/,F,N,Q,?] Last Exp S Seen Timer ---- --------- ----------T 134 300 T 115 300 T 46 300 T 66 300 T 83 300 T 27 300 T 34 300 T 45 300 T 76 300 T 52 300 T 117 300 T 23 300 T 53 300 T 50 300 T 58 300 T 34 300 T 72 300 T 42 300 T 24 300 T 115 300 Note that, because the information in the table exceeds the more command’s default page size of 22 lines, the More? prompt appears at the bottom of the screen. Page 4-39 UI Table Filtering (Using Search and Filter Commands) 2. Type / at the More? prompt. The Search prompt (/) will appear automatically. At the Search prompt, enter the text pattern for the desired MAC address. For example: /0020DA:9E479D Press <Enter>. A screen similar to the following will be displayed: Searching ........ 3/ 3/ 3/ 3/ 3/ 3/ 3/ 3/ 3/ 3/ 1/ 1/ 1/ 1/ 1/ 1/ 1/ 1/ 1/ 1/ Brg/ Brg/ Brg/ Brg/ Brg/ Brg/ Brg/ Brg/ Brg/ Brg/ 1 1 1 1 1 1 1 1 1 1 0020DA:9E479D 0020DA:9D0D1B 0020DA:97CDE0 00A0C9:8DED5B 0020DA:92A152 0020DA:8528D5 0020DA:93BF73 0020DA:B956B5 0020DA:730F03 0020DA:8BA710 00045B:79E2B9 00045B:B9B0D8 00045B:E9B307 000593:B1B7DA 00045B:49854A 00045B:A114AB 00045B:C9FDCE 00045B:9D6AAD 00045B:CEF0C0 00045B:D1E508 E E E E E E E E E E 1 1 1 1 1 1 1 1 1 1 702C 7030 70E6 7094 705A 7120 710C 70EE 7074 70D2 T T T T T T T T T T 138 67 122 114 97 102 130 56 68 99 300 300 300 300 300 300 300 300 300 300 Note that the line containing information for the specified MAC address (0020DA:9E479D) now appears at the top of the screen, followed by any remaining lines in the UI table. (In this case, the last line of the macinfo UI table contains MAC address 0020DA:8BA710, as shown). Renewing a Search If you execute the Search command and the resulting page still exceeds the maximum number of table entries designated by the more command, you can renew the Search. Do this by typing n at the More? prompt. The Search command will scan the remainder of the table and display the next line containing the desired text pattern at the top of the screen. Page 4-40 UI Table Filtering (Using Search and Filter Commands) The Filter Command The Filter command filters unwanted information from a UI table by displaying only those lines containing a specified text pattern (up to 80 characters). Once the Filter command has been executed, the Filter mode remains active until the end of the UI table has been reached, or until the user exits the current UI table. Like the Search command, the Filter command cannot be limited to a specific column or heading. To use the Filter command, type f at the More? prompt, followed by the text pattern you want displayed in the UI table, then press <Enter>. ♦ Important Note ♦ The Filter command is case sensitive. When using this command, be sure to type the text pattern exactly as it would appear in the UI table. Real World Example The following example uses the Filter command to display only those lines containing Lane services in the vivl table. (Before using this example, be sure that the more mode is enabled and the default is set at 22 lines. For more information, refer to page 4-38.) 1. Type vivl and press <Enter>. A table similar to the following will be displayed: Virtual Interface VLAN Membership Slot / Intf / Service / Instance Group Member of VLAN# ----------------------------------------- --------------------------------1 /1 /Rtr /1 1 1 1 /1 /Rtr /2 33 1 1 /1 /Rtr /3 111 1 1 /1 /Rtr /4 33 2 1 /1 /Rtr /5 1 3 1 /1 /Rtr /6 1 4 1 /1 /Rtr /7 33 7 1 /1 /Rtr /8 33 3 1 /1 /Rtr /9 1 5 1 /1 /Rtr /10 1 6 1 /1 /Rtr /11 33 5 1 /1 /Rtr /12 33 6 1 /1 /Rtr /13 999 1 2 /1 /Lne /1 1 1 2 /1 /Lne /2 111 1 3 /1 /Brg /1 33 14 3 /2 /Brg /1 1 1 3 /3 /Brg /1 1 1 3 /4 /Brg /1 1 1 More? [<SP>,<CR>,/,F,N,Q,?] Note that, because the information in the table exceeds the more command’s default of 22 lines, the More? prompt appears at the bottom of the screen. Page 4-41 UI Table Filtering (Using Search and Filter Commands) 2. Type f at the More? prompt. The Filter prompt (f/) will appear automatically. At the Filter prompt, enter the desired text pattern (remember to type the text pattern exactly as it would appear in the UI table): f/Lne Press <Enter>. A screen similar to the following will be displayed: Filtering ....... 2 /1 2 /1 /% /Lne /Lne /1 /2 1 111 1 1 Note that only those lines containing Lane services are now displayed on the screen. All other table entries have been filtered from the UI. Combining Search and Filter Commands If you receive a More? prompt after using the Filter command, the filtered information still exceeds the maximum number of table entries designated by the more command. To further refine your results, you can combine the Search and Filter commands. To combine the Search and Filter commands, type / at the Filter mode’s More? prompt, followed by a revised text pattern of up to 80 characters. Note that you can combine the Search and Filter commands only after you have executed a Filter command and received a More? prompt at the bottom of the resulting page. ♦ Reminder ♦ Both the Search and Filter commands are case sensitive. When using these commands, be sure to type the text pattern exactly as it would appear in the text UI table. Real World Example The following example combines the Search and Filter commands to find specific IP address information in the ipr table. (Before using this example, be sure that the more mode is enabled and the default is set at 22 lines. For more information, refer to page 4-38.) Page 4-42 UI Table Filtering (Using Search and Filter Commands) 1. Type ipr and press <Enter>. A table similar to the following will be displayed: IP ROUTING TABLE ----------------------------128 routes in routing table Group:VLAN Network Mask Gateway Metric Id Protocol -------------------------------------------------------------------------------------------------------------------------155.5.0.0 255.255.0.0 155.5.4.33 1 1:5 DIRECT 155.6.0.0 255.255.0.0 155.6.4.33 1 1:6 DIRECT 155.155.0.0 255.255.0.0 155.155.4.33 1 1:1 DIRECT 172.17.0.0 255.255.0.0 172.17.6.122 1 999:1 DIRECT 172.31.0.0 255.255.0.0 172.31.4.33 1 33:3 DIRECT 172.32.0.0 255.255.0.0 172.32.4.33 1 33:2 DIRECT 172.33.0.0 255.255.0.0 172.33.4.33 1 33:1 DIRECT 172.35.0.0 255.255.0.0 172.35.4.33 1 33:5 DIRECT 172.36.0.0 255.255.0.0 172.36.4.33 1 33:6 DIRECT 172.37.0.0 255.255.0.0 172.37.4.33 1 33:7 DIRECT 172.111.0.0 255.255.0.0 172.111.4.33 1 111:1 DIRECT 198.168.12.0 255.255.0.0 192.168.12.1 1 1:1 DIRECT 198.168.13.0 255.255.0.0 192.168.13.1 1 1:1 DIRECT More? [<SP>,<CR>,/,F,N,Q,?] Note that, because the information in the table exceeds the more command’s default of 22 lines, the More? prompt appears at the bottom of the screen. 2. Use the Filter command to display all IP network addresses within the IP Routing table that contain 198. To do this, type f at the More? prompt, followed by the specified text pattern: f/198 Press <Enter>. A screen similar to the following is displayed: Filtering ....... 198.168.12.0 255.255.0.0 198.168.13.0 255.255.0.0 198.168.236.0 255.255.0.0 198.168.237.0 255.255.0.0 198.168.238.0 255.255.0.0 198.168.239.0 255.255.0.0 198.168.240.0 255.255.0.0 198.168.241.0 255.255.0.0 198.168.242.0 255.255.0.0 198.206.181.0 255.255.255.0 198.206.183.0 255.255.255.0 198.206.184.0 255.255.255.0 198.206.185.0 255.255.255.0 198.206.186.0 255.255.255.0 198.206.187.0 255.255.255.0 198.206.188.0 255.255.255.0 198.206.189.0 255.255.255.0 198.206.190.0 255.255.255.0 198.206.191.0 255.255.255.0 198.206.192.0 255.255.255.0 198.206.193.0 255.255.255.0 198.206.194.0 255.255.255.0 More? [<SP>,<CR>,/,F,N,Q,?] 198.168.12.1 198.168.13.1 172.16.255.254 172.16.255.254 172.16.255.254 172.16.255.254 172.16.255.254 172.16.255.254 172.16.255.254 172.16.255.254 172.16.255.254 172.16.255.254 172.16.255.254 172.16.255.254 172.16.255.254 172.16.255.254 172.16.255.254 172.16.255.254 172.16.255.254 172.16.255.254 172.16.255.254 172.16.255.254 1 1 4 4 4 4 4 4 4 2 3 3 3 2 2 2 3 2 2 2 2 2 1:1 1:1 1:1 1:1 1:1 1:1 1:1 1:1 1:1 1:1 1:1 1:1 1:1 1:1 1:1 1:1 1:1 1:1 1:1 1:1 1:1 1:1 DIRECT DIRECT DIRECT DIRECT DIRECT DIRECT DIRECT DIRECT DIRECT DIRECT DIRECT DIRECT DIRECT DIRECT DIRECT DIRECT DIRECT DIRECT DIRECT DIRECT DIRECT DIRECT Because the filtered information in the table still exceeds the more command’s default of 22 lines, the More? prompt appears at the bottom of the screen. Page 4-43 UI Table Filtering (Using Search and Filter Commands) 3. In order to further refine your results, you can now combine the Search and Filter commands. In this example, you will search for IP addresses beginning 198.206.2. To do this, enter / at the Filter mode’s More? prompt, followed by the specified text pattern: /198.206.2 Press <Enter>. A screen similar to the following is displayed: Filtering and Searching ... 198.206.200.0 255.255.255.0 198.206.201.0 255.255.255.0 198.206.202.0 255.255.255.0 198.206.203.0 255.255.255.0 /Networking/IP % 172.16.255.254 172.16.255.254 172.16.255.254 172.16.255.254 2 2 2 2 1:1 1:1 1:1 1:1 DIRECT DIRECT DIRECT DIRECT Note that the IP address, 198.206.200.0, now appears at the top of the screen, followed by any remaining lines in the table. (In this case, the last line of the ipr table contains information for IP address 198.206.203.0, as shown). Using Wildcards with Search and Filter Commands Wildcards allow users to substitute symbols (* or ?) for text patterns while using the Search and Filter commands. Any number of wildcards can be used within a single search string. In addition, multiple character (*) and single character (?) wildcards can be combined within a single search string. Wildcard Command Options Multiple Characters An asterisk (*) is used as a wildcard for multiple characters in a text pattern. For example, the Filter pattern /*.img will filter out all lines from the UI table except those containing any text followed by .img. This wildcard can also be used within a specific text pattern. For example, the Filter pattern /1*6 will filter out all lines from the UI table except those containing 1, followed by any number of characters, then 6. For example: 1:3/6 or 33:3/1 or 16. Page 4-44 Virtual port (#66) UI Table Filtering (Using Search and Filter Commands) Single Characters A question mark (?) is used as a wildcard for a single character in a text pattern. For example, the Search pattern f/127.?.0.1 will locate the first line in a UI table containing 127. followed by any single character, and then the remaining text pattern .0.1. For example: 127.0.0.1. ♦ Note ♦ If you use a wildcard at the Search command and the resulting page still exceeds the maximum number of table entries designated by the more command, you can renew the search, starting from the next line containing the text pattern. Do this by typing n at the More? prompt. Note that you can renew a search only while in Search and Search/Filter modes. Page 4-45 UI Table Filtering (Using Search and Filter Commands) Page 4-46 5 Installing Switch Software User Interface software comes pre-loaded on your MPX. You do not have to reload unless you are upgrading, backing up, or reloading due to file corruption. There are different methods for loading software into your switch. The method you use depends on your hardware configuration and the condition of the switch. These methods are: • FTP Server - The Omni Switch/Router has a built-in FTP server. If you have FTP client software, you can FTP to the switch and load new software. • FTP Client - The Omni Switch/Router can also be an FTP client. You can use this by connecting a terminal to the switch and using the set of FTP commands in the User Interface. You can also do this through a telnet session. • ZMODEM - You can load software directly through the serial port with any terminal emulator that supports the ZMODEM protocol. You can do this using the file commands in the User Interface or through the boot line prompt. Note that a ZMODEM transfer of larger files can take several minutes to complete. Do Not Mix Software Versions When loading software, ensure that the versions of software for all the modules are from the same release. Mixing earlier versions of software with current versions can cause the switch to reset or hang. File Transfer/Corruption Problems If at anytime, a file transfer fails, a fragment of the file may be left on your system. This remaining file is corrupted. You should delete the file fragment and reload the file before continuing. If the MPX image file (mpx.img) is corrupted, you will receive a message during the boot sequence requesting you to delete the file. You should delete the file and reload it using ZMODEM through the boot line prompt. See Using ZMODEM With the Boot Line Prompt on page 5-5 for information on loading through the boot prompt. Page 5-1 Using FTP Server Using FTP Server The Omni Switch/Router is an FTP server. Using any compatible FTP client software you can load software to and from the switch. Consult the manual that came with your FTP client software package. The following are general instructions on how to FTP to the switch. 1. You will need to configure the IP address in the switch. If you have not done this, refer to the Getting Started Guide that came with your switch. 2. Use your FTP client software just as you would with any FTP server. When you connect to the switch you will be able to see the files contained in the flash directory. It is the only directory in the switch. 3. Note that because of the organization of files in the switch, any time a file is deleted, the flash memory is compacted. Depending on the number of files in the switch and where they are located in memory, this compaction can take anywhere from a few seconds to a couple of minutes. 4. When you transfer a file to the switch and one of the same name exists, the old file must first be deleted. You first delete the old file, then the compaction takes place, and then you can transfer the new file. When you begin your transfer, you may not see anything happening for approximately 2 minutes due the file compaction procedure. After compaction, the file will be transferred. Page 5-2 Using FTP Client Using FTP Client The User Interface contains several FTP commands. Using these commands is similar to using FTP on a UNIX system. Follow the steps below to start the FTP Client. 1. Log on to the switch and type ftp. For instructions on logging into the switch see the Getting Started Guide that came with your switch. 2. The system will prompt for a host. It saves the last host name or IP address used. If it’s the one you want, press <Enter> or enter the new address. 3. The system will prompt for a user name. It saves the last user name. If it’s the one you want, press <Enter> or enter the new user name. 4. The system will prompt for a password. Enter your password. 5. After logging onto the system you will receive the ftp> prompt. Type a question mark (?) to review the ftp commands. These commands are described in Chapter 7, “Managing Files.” The following screen displays: Supported commands: ascii binary bye dir get help put pwd quit lpwd cd hash remotehelp delete ls user ascii Set transfer type to ASCII (7-bit). binary Set transfer type to binary (8-bit). bye Close gracefully. cd Change to a new directory on the remote machine. delete Delete a file on the remote machine. dir Obtain a long listing on the remote machine. get Retrieve a file from the remote machine. hash Print the hash symbol (#) for every block of data transferred. This command toggles hash enabling and disabling. ls Summary listing of the current directory on the remote host. put Send a file to the remote machine. pwd Display the current (present) working directory on the remote host. quit Close gracefully. remotehelp List the commands that the remote FTP server supports. user Send new user information. lpwd Display the current (present) working directory on the local host. ? Summarize this list. If you lose communications while running ftp, you may receive the following message: Waiting for reply (Hit ^C to abort)........... 6. You may press <cntl-c> to abort the ftp or wait until the communication failure is resolved and the ftp transfer will continue. Note that Sun OS systems lose echo when you use the cntl-c key combination. Page 5-3 Using ZMODEM Using ZMODEM Normally you use FTP to transfer files to and from the switch. It is faster than using the serial port. A ZMODEM transfer can take several minutes. There are generally two situations which would require you to use the serial port to load software: • You do not have access to an FTP client or server program. If the switch is up and running, you can use the File commands to load software. • You have deleted the image software files in the switch. If you are in this situation, the only way to load software is using ZMODEM with the boot line prompt. To use ZMODEM, you must have a terminal emulator that supports the ZMODEM protocol. There are many packages on the market and they operate differently; therefore instructions on how to use them are beyond the scope of this document. Consult the user manual which came with your terminal emulation software. Before doing a serial port transfer, you should set the baud rate to the highest possible (however, it is not recommended that you run it at 38.4 Kbps). Running at 19200 is twice as fast as 9600. To set the baud rate, use the ser command. For more information on the ser command, see Chapter 6, “Configuring Management Processor Modules.” Note If a file you are transferring already exists in the switch’s flash memory, you must remove the file before transferring the new file via ZMODEM. Using ZMODEM with the load Command If your switch is up and running, log on to the switch. Type ls to list the files in flash memory. If the file you are going to transfer exists, you must delete it first with the rm command. From the File menu, type ? to list the file commands. The command you use to start the ZMODEM process is load. The load command does not support speeds greater than 19,200 bauds. /File % load The Console (DCE) port is currently running at 19200 baud Type ‘y’ to start ZMODEM download, ‘q’ to quit (y) : y Upload directory: /flash ZMODEM ready to receive file, please start upload (or send 5 CTRL-X’s to abort). **B0100000023be50 Activate the ZMODEM transfer according to the instructions that came with your terminal emulation software. When the transfer is completed use ls again to list the file or files you have loaded. Page 5-4 Using ZMODEM Using ZMODEM With the Boot Line Prompt If you encounter the situation where you have deleted some or all of the files in your switch, you may need to load files through the boot line prompt. This load procedure is done before the switch has booted. If there is no software available in the switch, then it cannot boot until you reload the software. Using ZMODEM with the boot prompt is similar to using it with the load command. This section covers only specific step-by-step instructions to load a file using ZMODEM at the [boot]: prompt. Before doing this you may want to familiarize yourself with the boot line commands. See Appendix A, “Boot Line Prompt,” for more information. ♦ Important Note ♦ Loading software through the boot prompt should only be done when the switch is off line and not being used for normal network traffic. Set Up the Correct Baud Rate 1. Connect a terminal to the console port. The terminal must be set to the last values set in the switch before it was powered down. For example if you were running at 19200,8,n,1, you must set your terminal to these values. Note If you have deleted or lost your configuration file (mpm.cfg), the console port values will revert back to the factory settings which are 9600,8,n,1. If you are not sure what baud rate your switch is running, try the last known value. If your terminal displays garbage, keep changing the baud rate on your terminal emulator until you see normal ASCII characters. 2. If the switch is on, switch it off for a few seconds, then back on. You should see the boot start up on your screen. You will see the following: System Boot Press any key to stop auto-boot... 2 The number 2 shown above counts down to 0. To stop the boot, you must press a key before the number counts down to 0. If you miss this, simply turn the switch off for a few seconds, then back on to restart the process. Note that if there is no software in the switch it will not be able to boot and will eventually end up at the [boot] prompt anyway. Page 5-5 Using ZMODEM The [boot] Prompt The [boot] prompt has its own set of commands that are built into the switch. You do not need to have files or software loaded to use this set of commands. You can perform many of the functions that the MPX software does; however, the purpose of these commands are to reload software in order to get the switch up and running. To see a list of the boot commands, type ? at the [boot]: prompt. The following screen displays: [Boot]: ? ? - print this list Q - boot (load and go) p - print boot params c - change boot params l - load boot file g adrs - go to adrs d adrs [,n] - display memory m adrs - modify memory f adrs, nbytes, value - fill memory t adrs, adrs, nbytes - copy memory e - print fatal exception n netif - print network interface device address L - list ffs files P - Purge system: remove ALL ffs files R file [files] - remove ffs file(s) S - save boot configuration V - display bootstrap version $dev(0,procnum)host:/file h=# e=# b=# g=# u=usr [pwr=passwd] f=# tn=targetname s=script o=other Boot flags: 0x02 - load local system symbols 0x04 - don’t autoboot 0x08 - quick autoboot (no countdown) 0x20 - disable login security 0x40 - use bootp to get boot parameters 0x80 - use tftp to get boot image 0x100 - use proxy arp 0x1000 - factory reset available boot devices: sl ffs zm [Boot:] Note that these commands are all case sensitive. Type L to lists the files in flash memory. This will help you determine what files may be missing. If the file you are going to transfer exists, you must delete it first with the R command. You may want to purge memory and reload all the files. To purge the flash memory, type in the P command. Warning After using the P command, there will be no files in flash and you will have to reload them all with ZMODEM. Page 5-6 Using ZMODEM Starting a ZMODEM Transfer at the [boot] Prompt 1. Type c to change boot parameters. You will be changing the boot device to zm. This will tell the system to load files from a ZMODEM connection instead of flash memory. [Boot]: c ‘.’ = clear field; ‘-’ = go to previous field; ^D = quit Boot device : zm 2. Type zm at this prompt. You will be prompted for more parameters. Just hit <Enter> to accept the defaults. Boot file : /flash/mpx.img Local SLIP adr : Startup script: /flash/mpx.cmd Console params : 9600,n8lc Modem params : 9600,n8l Boot flags :0xb Other: dvip:no_name, 198.206.183.253, 255.255.255.0, 198.206.183.255; [Boot]: 3. When you complete the command, the system will return to the [Boot]: prompt. Type in the “at” command (@ ) to load the boot parameters. [Boot]: @ Boot device : zm Boot file : /flash/mpx.img Startup script: /flash/mpx.cmd Console params : 9600,n8lc Modem params : 9600,n8l Boot flags :0xb Other: dvip:no_name, 198.206.183.253, 255.255.255.0, 198.206.183.255; Attaching network interface lo0... done. Disk load or Boot load (D/B/Q)? -> d 4. At the Disk load or Boot load {D/B/Q}? -> prompt, type in d to tell the system to load from a disk. The system is prepared to accept a ZMODEM transfer, and displays the following: Upload directory: /flash ZMODEM ready to receive file, please start upload (or send 5 CTRL-X’s to abort). **B0100000023be50 5. Activate the ZMODEM transfer according to the instructions that came with your terminal emulation software. 6. When the transfer is completed use L (case sensitive) to list the files you have loaded. 7. Repeat this procedure for every file that you want to load. Page 5-7 Using ZMODEM Page 5-8 6 Configuring Management Processor Modules The management processor module (MPX on the Omni Switch/Router) coordinates control of the Omni Switch/Router by providing access to the User Interface (UI) software, maintaining user configuration information, downloading switching module software, managing basic bridge functions, maintaining basic routing functions, and managing the SNMP management agent. Switching modules are dependent on the MPX for downloading software and for receiving initialization and configuration information. In addition, the Network Management System (NMS) depends on the MPX to send and receive SNMP messages for managing the switch. ♦ Important Note ♦ All of the UI commands described in this chapter also work with the Omni Switch/Router MPX. The Omni Switch/Router also support two MPXs with one acting as the primary and with one acting as the secondary. If the primary MPX fails, the secondary MPX can take over automatically. Operating with redundant MPXs can also help avoid network downtime. ♦ Note ♦ When you have two MPXs in one chassis, they must be installed in slots 1 and 2, and only one will be active. The primary MPX executes all the commands and, when needed, sends requests to the secondary MPX. The secondary MPX continuously monitors the primary MPX. For more information on MPXs, see Chapter 2, “The Omni Switch/Router MPX.” The UI provides commands to configure the serial port, to configure the Ethernet management port, and a set of commands to monitor and configure primary and secondary MPXs. These commands are described in the pages that follow. Page 6-1 Changing Serial Port Communication Parameters Changing Serial Port Communication Parameters The serial communications parameters for the two MPX ports are set by default to the following: • • • • 9600 bits per second (bps) 8 data bits 1 stop bit no parity To change the serial port configuration parameters, follow the steps below: 1. Log into the switch. For instructions on logging in, see your Getting Started Guide. 2. At the system prompt, type ser. 3. You will see the following message: Port to configure? {(C)onsole,(M)odem} (Console) : Press C if you want to configure the console port (female, DCE) parameters, or type M to configure the modem port (male, DTE) parameters. The default is the Console Port (C). 4. The current port values are shown, followed by a prompt to change the speed value. Current Console (DCE) configuration: 9600 bps, 8 data bits, None parity, 1 stop bit, running Console (shell) Speed (9600): Enter the speed (in bits per second) at which you want the port to operate, or simply press <Enter> to accept the default in parentheses. Valid values are 1200, 9600, 19200, and 38400 bps. 5. The following prompt displays: Data size {7/8} bits (8) : Enter the data size in bits (7 or 8). The default is 8. Press <Enter> to accept the default in parentheses. 6. The following prompt displays: Parity { (N)one/(E)ven/(O)dd } (None) : Enter the parity (none, even, odd) and press <Enter>. The default is None. 7. The following prompt displays: Stop bits {0/1/2} (1): Enter the number of stop bits (0, 1, or 2) and press <Enter>. The default is 1. 8. The following prompt displays: Mode {(D)own,(C)onsole,(A)uxConsole,(S)LIP} (C) : Page 6-2 Changing Serial Port Communication Parameters Enter the port mode and press <Enter>. This option defaults to console for a console connection and down for a modem connection. You can also configure the port for SLIP. If you are configuring the modem port, you should plan the mode configuration carefully. See Configuring the Modem Port on page 6-3 for further information. ♦ Important Note ♦ You cannot configure the console port as an auxiliary port (AuxConsole). 9. The following prompt displays: Set (and save) these settings {(S)ave/(Q)uit) (Save) : Enter save to accept the parameters you entered and exit, or enter quit to exit this command without saving your changes. Changing Port Speed When Communication With The Switch Lost When you cannot communicate with the switch, there is an alternative method you can use to toggle through the various serial port speed options. The port defaults to 9600 bps. But if you send a Break signal (by pressing the BREAK key), the port speed will change to the next higher speed. When it reaches the highest speed (38400 bps), it toggles back to the lowest speed (1200 bps). You cycle through the port speeds in the following order: 9600–19200–– 38400–1200. ♦ Note ♦ On the MPX you must remove the default baud rate shunt (E1), which fixes the baud rate at 9600 bps, before you can change the baud rate. This shunt is located near the front end of the circuit board, just to the right of the Ethernet management port. Configuring the Modem Port If you plan to use the modem port as your main connection to User Interface software, then you need to make sure its mode and jumper settings are configured correctly. Modem Port Mode The ser command allows you to configure an active modem port to SLIP, console, or auxiliary console mode. When using a modem, it is recommended that you configure the two ports as follows: modem port mode=SLIP console port mode=console This configuration allows you to use the modem port to access User Interface software through a SLIP connection. The console port is used as an optional way to access software. ♦ Please Note ♦ You need Release 3.2 or above to use the modem and console ports simultaneously. Another valid configuration is as follows: modem port mode=console console port mode=down Page 6-3 Changing Serial Port Communication Parameters This configuration does not allow you to use the console port as an optional access method since it is configured down. Using a cross-over cable, you could access the modem port through an attached PC. If you could not use the modem port for some reason, you would have to reboot the switch to get back, or—if the cable connection were the problem—use a cross-over cable to connect through a PC. A third valid configuration that keeps both ports active is: modem port mode=console console port mode=SLIP This configuration allow you to use the modem port regularly and use a SLIP connection to access switch software through the console port. A fourth valid configuration that keeps both ports active is: modem port mode=auxiliary console port mode=console This configuration allow you to use the console and modem ports simultaneously to access switch software. Configuring SLIP To configure SLIP, enter the slipc command. If you enter the command and SLIP is not running on any ports, the system displays the following message: Current SLIP configuration SLIP not running on any ports, do you want to configure it? Yes, No {Y/N} (Y) : Enter y to display current information. Enter n to skip the display. To configure the required SLIP parameters, complete the following steps: 1. Type slipc at the prompt and press <Return>. 2. Enter a valid IP address. 3. Enter a valid remote IP address. You can use the ping command to validate the connection’s integrity. Page 6-4 Configuring the Ethernet Management Port Configuring the Ethernet Management Port To configure the Ethernet management port, you use the ethernetc command. To use this command, enter ethernetc at the system prompt. A screen similar to the following will be displayed. Ethernet Port Configuration 1) Port Admin status UP 2) IP Address 3) Subnet Mask 4) Bcast Address 5) Gateway Address 6) Remote Host Address 7) RIP Mode : Yes : 198.206.184.175 : 255.255.255.0 : 198.206.184.255 : 198.206.184.254 : UNSET : Inactive Command {Item=Value/?/Help/Quit/Redraw/Save} (Redraw) : The question mark option (?) and the Help option provide reference and instructional information on using this command. The Redraw option refreshes the screen. You make changes by entering the line number for the option you want to change, an equal sign (=), and then the value for the new parameter. When you are done entering all new values, type save at the colon prompt (:) and all new parameters will be saved. If you do not want to save the changes enter quit or Ctrl-D. ♦ Important Note ♦ On some revisions of the MPX, you must configure the Ethernet management port with the boot prompt before you can use the ethernetc command. See Appendix A, “The Boot Prompt,” for more information on configuring the Ethernet management port with the boot prompt. The configurable options displayed by the ethernetc command are described below. 1) Port Admin status UP Enter 1=Yes (the default) to enable the Ethernet management port or 1=No to disable it. Page 6-5 Configuring the Ethernet Management Port 2) IP Address Enter an IP address for the Ethernet management port in dotted decimal or hexadecimal notation (the default is 192.168.11.1). For example, to change the Ethernet management port’s IP address to 198.206.184.170, enter 2=198.206.184.170 at the prompt. ♦ Note ♦ This IP address must not be on the same subnet as any other IP router on the switch. 3) Subnet Mask Enter an IP subnet mask in dotted decimal or hexadecimal notation (the default is 255.255.255.0). If no mask is provided, the switch will try to determine the mask using Internet Control Message Protocol (ICMP) requests. For example, to change the subnet mask to 255.255.255.254, enter 3=255.255.255.254 at the prompt. 4) Bcast Address The default broadcast address is automatically derived from the default VLAN IP address class (the default is 192.255.255.255). You can enter a new address in dotted decimal or hexadecimal notation. For example, to change the broadcast address to 198.206.184.255, enter 4=198.206.184.255 at the prompt. 5) Gateway Address You can enter an IP address for the first hop router to a remote host (if the host is on a different IP net) in dotted decimal or hexadecimal notation. The default is 192.168.1.1. For example, to change this address to 198.206.184.170, enter 5=198.206.184.170 at the prompt. 6) Remote Host Address You can enter an IP address for a a remote host (if the host is on a different IP net) in dotted decimal or hexadecimal notation. The default is 192.168.1.1. For example, to change this address to 198.206.184.170, enter 5=198.206.184.170 at the prompt. 7) RIP Mode This parameter is an informational field, which shows that the RIP mode is inactive. You cannot modify this parameter. Page 6-6 Ethernet Management Ports and Redundant Management Processor Modules Ethernet Management Ports and Redundant Management Processor Modules If redundant MPXs both have Ethernet management ports (EMPs), both EMPs in the switch will have the same IP address if automatic file synchronization is enabled. If both EMPs are plugged into the same subnet, the UI will show that there are duplicate IP addresses on the network. To get around this duplicate IP address problem, you must disable automatic file synchronization and then you must configure different IP addresses for the two EMPs. To do this, perform the following steps: 1. On the primary management module, enter syncctl at the system prompt. (See Setting Automatic Config Synchronization on page 6-15 for more information on the syncctl command.) 2. If automatic file synchronization is already disabled, simply press <Enter>. If it is enabled, enter disable at the prompt. 3. Enter ethernetc at the prompt. (See Configuring the Ethernet Management Port on page 6-5 for more information on the ethernetc command.) 4. Enter 2= followed by the IP address for the EMP on the primary management module. 5. Enter save at the prompt to save the IP address. 6. Enter renounce at the prompt to make the primary management module the secondary module and the secondary module primary. 7. Log into the now primary management module. 8. On the now primary management module, enter syncctl at the system prompt. 9. If automatic file synchronization is already disabled, simply press <Enter>. If it is enabled, enter disable at the prompt. 10. Enter ethernetc at the prompt. 11. Enter 2= followed by the IP address for the EMP on the management module. Page 6-7 Ethernet Management Ports and Redundant Management Processor Modules 12. Enter save at the prompt to save the IP address. 13. Enter renounce at the prompt to make the management module that was originally the primary one primary again. Page 6-8 The MPM Command/Menu The MPM Command/Menu The mpm command has two functions: displaying the MPX redundancy configuration and entering the mpm menu. Displaying the MPX redundancy is described below and the mpm menu is described in MPM Menu Commands on page 6-9. Displaying MPX Redundancy You can display the number of MPXs, their location in the switch, and the MPX redundancy configuration of the switch by entering mpm at the system prompt. The following is a typical example of the message that displays when you enter mpm for a switch without a redundant MPX. Currently this slot 1 holds the Primary MPM; there is no secondary MPM. The following is a typical example of the message that displays when you enter mpm for a switch with redundant MPXs on the primary MPX. Currently this slot 1 holds the Primary MPM and slot 2 holds the secondary. The following is a typical example of the message that displays when you enter mpm for a switch with redundant MPXs on the secondary MPX. Currently slot 1 holds the Primary MPM; this slot 2, holds the secondary MPM. MPM Menu Commands The mpm command also takes you to the mpm menu which contains the commands needed to configure single and redundant MPXs. With a serial or modem connection, you can communicate with either the primary or secondary MPX by connecting to the respective RS232 connectors. With a telnet connection, however, you can only communicate with the primary MPX. Type a ? to list the mpm commands. One set of commands will be displayed if you are connected to the primary MPX and another command will be displayed if you are connected to the secondary MPX. If you are connected to the primary MPX, you will see the following. Command sls mpmstore mpmreplace mpmload mpmrm renounce nisuf syncctl configsync imgsync secreset swap Redundancy Menu List the contents of the Secondary /flash and /simm directories Store file to Secondary /flash or /simm directory Replace file on Secondary /flash or /simm directory Load file from Secondary MPM Remove file from Secondary MPM Give up control to Secondary Set load suffix for NI image files Enable/Disable synchronization of configuration data Synchronize configuration data Synchronize Image (Executable) files Reset Secondary MPM Change swap status of chassis Page 6-9 The MPM Command/Menu All of the mpm menu commands, except for the nisuf and swap commands, function only if you have redundant MPXs. If you are connected to the secondary MPX, type a ? to list the mpm commands shown below. Command mpmget takeover Redundancy Menu Get file from Primary MPM Become Primary All of the mpm commands are described in the sections that follow. Using MPM Commands with Software Release 3.2 and Later In Release 3.2 and later, the commands in the mpm menu support the use of more than one flash directory. Since more than one flash directory can exist, you must indicate which flash directory you want to use when you access a secondary MPX from a primary MPX and when you access a primary MPX from a secondary MPX. All of these commands begin with the prefix mpm and are listed below. mpmstore mpmreplace mpmload mpmrm mpmget To indicate which flash directory you want to use, enter a slash (/), the name of the directory, and another slash (/) before the file name in all commands that begin with the prefix mpm. For example, to transfer the asm.img file from the /simm directory on the secondary MPX to the primary MPX when you have logged into the secondary MPX, enter mpmget /simm/asm.img at the system prompt. ♦ Important Note ♦ In the current release, you must indicate the name of the flash directory in commands that begin with the prefix mpm even if you have just one flash directory on both MPXs. Page 6-10 Listing the Secondary MPX Files Listing the Secondary MPX Files The sls command lists the files in the secondary MPX module. This is similar to the ls command; however, it lists files in the secondary MPX. To list files in the secondary MPX, enter sls at the system prompt. The following is a typical example. /flash/esm.img /flash/mesm.img /flash/mpm.img /flash/rav.img /flash/mpm.cnf /flash/mpm.log /flash/mpm.cfg /flash/mpm.cmd /flash/gated.img 27204 27561 1790889 83588 32768 18072 32768 32 547041 7/14/99 7/14/99 7/14/99 7/14/9 1/ 1/70 7/30/99 7/30/99 1/ 1/70 8/27/9 11:39 11:39 11:39 11:39 00:00 13:51 14:40 00:00 16:01 /flash has 1071449 bytes free. /simm Not present. The sls command lists every file in the secondary MPX’s flash memory followed by its size (in bytes), creation date, and creation time. The three-letter file name suffix indicates the type of file which includes configuration (cnf and cfg), command (cmd), and image (img). The image file suffix can be changed for both the primary and secondary MPXs with the nisuf command, which is described in Setting the Load Suffix on page 6-14. Transferring a File to the Secondary MPX The mpmstore command transfers a file in the flash memory of the primary MPX to the flash memory of the secondary MPX. To use this command, enter mpmstore, followed by a space, a slash (/), the name of the flash directory, another slash (/), and the name of the file you want to transfer. For example, to transfer the file mpm.log from the /flash directory on the primary MPX to the secondary MPX, for example, you would enter mpmstore /flash/mpm.log at the system prompt. The following will be displayed. Transferring... If the file already exists on the target MPX, something similar to the following message will be displayed. File mpm.log exists on slot 2 Use the mpmreplace command, which is described in Replacing a File on the Secondary MPX on page 6-12, to replace a file that already exists. Page 6-11 Replacing a File on the Secondary MPX Replacing a File on the Secondary MPX The mpmreplace command replaces a file on the secondary MPX. It works like a combination of mpmrm, which is described in Removing a File from the Secondary MPX on page 6-13, and mpmstore, which is described in Transferring a File to the Secondary MPX on page 6-11. To use this command, enter mpmreplace, followed by a space, a slash (/), the name of the flash directory, another slash (/), and the name of the file you want to replace. For example, to replace the file mpm.log on the secondary MPX with the file mpm.log from the /flash directory on the primary MPX, for example, you would enter mpmreplace /flash/mpm.log at the system prompt. The following will be displayed. Deleting. Transferring If the file already exists on the target MPX and it is identical to the one you are transferring, something similar to the following message. File mpm.log is identical on Primary and Secondary 2 If the files are identical, the mpmreplace command will terminate and the file will not be replaced. Loading a File from the Secondary MPX The mpmload command loads a file from the flash memory of the secondary MPX into the flash memory of the primary MPX. To use this command, enter mpmload, followed by a space, a slash (/), the name of the flash directory, another slash (/), and the name of the file you want to load. For example, to load the file mpm.log from the /flash directory on the secondary MPX into the primary MPX, for example, you would enter mpmload /flash/mpm.log at the system prompt. Page 6-12 Removing a File from the Secondary MPX Removing a File from the Secondary MPX The mpmrm command removes (deletes) a file from the flash memory of the secondary MPX. To use this command, enter mpmrm, followed by a space, a slash (/), the name of the flash directory, another slash (/), and the name of the file you want to remove. ♦ Note ♦ You can only remove a single file with the mpmrm command. You cannot use wildcards to remove multiple files. For example, to remove the file mpm.log from the /flash directory on the secondary MPX in slot 2, for example, you would enter mpmrm /flash/mpm.log at the system prompt. Something similar to the following will be displayed. Checking for /flash/mpm.log on slot 2 After a brief moment, the file will be deleted from the secondary MPX and something similar to the following will be displayed. Deleting /flash/mpm.log on slot 2 . Done. ♦ Warning ♦ You cannot recover a file once it has been deleted with the mpmrm command. Page 6-13 Giving Up Control to the Secondary MPX Giving Up Control to the Secondary MPX The renounce command tells the primary MPX to give up control and become the secondary MPX. It does this by issuing a request to the secondary MPX to take control. You must be logged into the primary MPX to use this command. If you are logged into the secondary MPX, use the takeover command, which is described in Gaining Control from the Primary MPX on page 6-18. ♦ Warning ♦ The renounce command should only be used during network down times since it could cause network interruptions. To transfer control from primary MPX to the secondary MPX, enter renounce at the system prompt. The following prompt will display. Confirm? (n): Press y to transfer control to the secondary MPX or press n to cancel the command (the default is n). If you enter y, the switch will reset after displaying the following message. System going down immediately... The switch will reboot and the original secondary MPX will be the primary once the switch comes back up. Setting the Load Suffix The nisuf command sets the load suffix for the switch’s executable image files. (The factory default suffix is img.) ♦ Warning ♦ The nisuf command should only be used when it is necessary to have two versions of the software on the switch at the same time and the user is directly connected to the console for reboot. You can change it by typing the nisuf command followed by the new suffix. For example, to change the load suffix from img to bin, enter nisuf bin at the system prompt. The following message will then be displayed. Changing load suffix from img to bin You should create or load new image files with the new suffix as soon as possible because the switch will not recognize the files with the old suffix as image files. See Chapter 5, “Installing Switch Software,” and Chapter 7, “Managing Files,” for information on loading and creating files. Page 6-14 Setting Automatic Config Synchronization Setting Automatic Config Synchronization The syncctl command sets the automatic configuration synchronization to Enabled or Disabled. If it is Enabled, then the MPX primary/secondary pair will continue to maintain synchronization automatically. This means that when the configuration file (mpm.cfg) is updated in the primary MPX, it will automatically be updated in the secondary MPX, keeping the two MPXs in sync. Enabling Automatic Config Synchronization To enable synchronization between the primary and secondary MPXs, enter syncctl at the system prompt. The following prompt will then be displayed if synchronization is not enabled. Desired state (enable): Press <Enter> to enable synchronization or enter disable to cancel. If you enabled synchronization, the following will be displayed. Configuration synchronization is now Enabled Note that automatic configuration synchronization is disabled unless all image (img) and Programmable Gate Array (PGA) files in the switch are synchronized first. See Synchronizing Image Files on page 6-16 for information on the imgsync command, which synchronizes image and PGA files. The interval between updates is 5 minutes. The primary MPX will copy any changes to the secondary MPX after 5 minutes have elapsed since the last update. Disabling Automatic Config Synchronization To disable synchronization between the primary and secondary MPXs, enter syncctl at the system prompt. The following prompt will then be displayed if synchronization is enabled. Desired state (disable): Press <Enter> to disable synchronization or enter enable to cancel. If you disabled synchronization, the following will be displayed. Configuration synchronization is now Disabled If automatic config synchronization is Disabled, the configuration file in the secondary MPX will be unaffected if you change the configuration file in the primary MPX. Page 6-15 Synchronizing Configuration Data Synchronizing Configuration Data The configsync command copies the configuration files (mpm.cnf and mpm.cfg) in the primary MPX to the secondary MPX. You can run this command whether or not automatic config synchronization is on. For example, to copy the configuration file from the primary MPX to the secondary MPX, you would enter configsync at the system prompt. Something similar to the following will be displayed. Syncing Config file Config files are currently synchronized. See Setting Automatic Config Synchronization on page 6-15 for information on setting automatic config synchronization. Synchronizing Image Files The imgsync command copies all of the image (executable) files in the primary MPX to the secondary MPX. When used in conjunction with the configsync command, it ensures that the two MPXs are running exactly the same versions of software and are in sync (i.e., have the same configuration). To synchronize all the image files, enter imgsync at the system prompt. When you run imgsync you will be asked if you want to synchronize the cmd file and/or PGA files if they are found to be different. ♦ Note ♦ If any PGA file is being used by a Token Ring module and you choose to sync the cmd file, then the PGA file that is in use will be synced even if you do not choose to synchronize PGA files. Something similar to the following prompt will be displayed. Sync cmd file (y) : Press y to sync the cmd file or press n to skip this file (the default is y). If you have any PGA files, you will be asked if you want to sync those files. In addition, if the secondary MPX has any additional image, then the following prompt will be displayed. Remove Additional images from Secondary (n) : Press y to remove any extra image on the secondary MPX or press n to keep these files (the default is n). After you answer all the prompts, something similar to the following will be displayed. 8 files to be synchronized 1 file to be synchronized Syncing Deleting /flash/mpx.cmd.................. Replacing /flash/mpx.cmd..... Page 6-16 Loading a File From the Primary MPX Loading a File From the Primary MPX The mpmget command loads a file from the primary MPX and copies it into the secondary MPX. This command is only available and can only be run from a secondary MPX. To use this command, enter mpmget, followed by a space, a slash (/), the name of the flash directory, another slash (/), and the name of the file you want to transfer. For example, to load the file mpm.log from the /flash directory on the primary MPX to the secondary MPX you would enter mpmget /flash/mpm.log at the system prompt. After a brief moment, the file will be transferred into the secondary MPX. The following would then be displayed. Transferring .. Complete Page 6-17 Gaining Control from the Primary MPX Gaining Control from the Primary MPX The takeover command tells the secondary MPX to take control and become the primary MPX. It does this by issuing a request to the primary MPX to relinquish control. You must be logged into the secondary MPX to use this command. If you are logged into the primary MPX, use the renounce command, which is described in Giving Up Control to the Secondary MPX on page 614. ♦ Warning ♦ The takeover command should only be used during network down times since it could cause network interruptions. To transfer control from primary MPX to the secondary MPX, enter takeover at the system prompt. The following prompt will display. Confirm? (n): Press y to transfer control to the secondary MPX or press n to cancel the command (the default is n). If you enter y, the switch will reset after displaying the messages similar to the following. System going down immediately... Please standby, chassis configuration changing (Hit ^C to abort).....Taking over as Primary ... Alcatel SNMP Agent Operational. The switch will reboot and the original secondary MPX will be the primary once the switch comes back up. Page 6-18 Resetting a Secondary MPX Resetting a Secondary MPX The secreset command initiates a soft reset on the secondary MPX. Conceptually, resetting a secondary MPX with this command is similar to switching off power to the module; the MPX will be in the same state after a reset as it is after a power on. To reset a secondary MPX, enter secreset at the system prompt. Messages similar to the following will display: Module 1 changed while Swap OFF Syncing configuration data with secondary 1 .. complete ♦ Note ♦ To reset a switching module, use the reset command, which is described in Chapter 36, “Running Hardware Diagnostics.” Page 6-19 Displaying and Setting the Swap State Displaying and Setting the Swap State The swap command displays or alters the swap state of the chassis. The swap state must be on in order to hot swap modules. If not, the system may halt or restart. While the swap state is on, performance may decrease. Therefore, the swap state should only be turned on when you want to hot swap modules. See Chapter 3, “Omni Switch/Router Switching Modules,” for instructions on hot swapping a switching module. Displaying the Swap State To display the current swap state of the chassis, enter swap at the system prompt. If the swap mode is OFF (the default for the switch), something similar to the following will be displayed. Swap is OFF, timeout is 5 minutes usage swap { ON [ minutes ] | OFF [ minutes ] } If the swap mode is ON, something similar to the following will be displayed. Swap is ON, expires in 4 minutes usage swap { ON [ minutes ] | OFF [ minutes ] } The swap mode must be enabled (ON) to hot swap a switching module. If not, the system may halt or restart. See the subsection below for instructions on enabling the swap mode. Enabling the Swap Mode To turn the swap mode ON, enter swap on at the system prompt. (The default for swap mode is 5 minutes). Something similar to the following will be displayed. Swap is ON for 5 minutes When you turn the swap state on, you set a timer which determines how long the system will remain in swap state. After the timer expires, the system will automatically turn off the swap state. If you want to vary the amount of time that the swap mode is enabled, enter swap on followed by the number of minutes you want the swap mode enabled. You can set the swap state from 1 to 227,055 minutes. To set the swap mode on for 10 minutes, for example, enter swap on 10 at the system prompt. The following will then be displayed. Swap is ON for 10 minutes Save minutes value {Y/N}? (N) : Press y and then press <Enter> to save the new value. If you don’t want save, just press <Enter> and the default value will not change. You can also turn off the swap immediately as shown in Disabling the Swap Mode on page 6-21. Page 6-20 Displaying and Setting the Swap State Disabling the Swap Mode Normally, the swap mode will timeout and no user intervention is required. However, you can manually turn the swap mode off. This function is particularly useful since the performance of the switch can be adversely affected if the swap mode is enabled. To turn the swap mode off immediately, enter swap off at the system prompt. The swap mode will be disabled and something similar to the following will be displayed. Swap is OFF, timeout is 5 minutes Page 6-21 Displaying and Setting the Swap State Page 6-22 7 Managing Files Depending on the model type and configuration, an Alcatel switch has anywhere from 8 or 16 MB of usable flash memory. This memory is used to store files, including executable files (used to operate switching modules), configuration files, and switch usage log files. Through the User Interface (UI), you can load, copy, and delete any of these files types. In addition, the UI has commands for displaying, creating, and editing ASCII (text-based) files. All commands described in this chapter will work with files located in the /flash directory on either the primary or secondary MPX. However, these commands work only with the files that reside on the MPX to which you are connected. See Chapter 6, “Configuring Management Processor Modules,” for more information on commands for working with redundant MPXs. UI commands for file maintenance are grouped into two menus: the File menu and System menu. File menu commands are listed below. For a list of System menu commands, see System Menu on page 7-13. File Menu The File menu contains commands for loading, listing, copying, and deleting individual switch files. To access the File menu, enter file at the UI prompt. If verbose mode is enabled, the following list of commands will be displayed automatically. If verbose mode is disabled, press the question mark (?) to display the following list of commands. (For information on enabling verbose mode, refer to the uic command description in Chapter 4, “The User Interface.”) Command --------------load ftp pwd ls rm cp view edit imgcl Main Interface File Menu ----------------------------------------------------------------------------------Download system software using the serial interface Download from an FTP server Display the current working directory List the contents of the current working directory (default working directory is /flash) Remove a file Copy a file View an ASCII file Edit buffer locally Remove all image files File Security Summary System VLAN Services Networking Help All commands in the File menu, except for the load and ftp commands, are described in the following sections. For instructions on using the ftp and load commands, refer to Chapter 5, “Installing Switch Software.” ♦ Note ♦ If you want to use the rm, cp, imgcl, and the edit submenu commands, you must be logged in as admin or diag. See Chapter 4, “The User Interface,” for more information on login accounts. Page 7-1 Displaying the Current Directory Displaying the Current Directory To display the switch’s current directory, enter pwd at the system prompt. The working directory will be the /flash memory system and the corresponding directory information will be displayed: /flash Configuration and Log File Generation The mpm.cnf, mpm.cfg, and mpm.log files are generated automatically by the switch and placed in flash memory during the boot process; you do not have to load them. ♦ Important ♦ If you remove the configuration files (mpm.cnf and mpm.cfg) from your switch, all of your switch’s nondefault configuration settings will be deleted at the next boot sequence. Use caution when removing configuration files and be sure to create backup copies if you want to safeguard your current configuration. Changing Directories You can change the working directory with the cd command. For example: cd test at the system prompt. To change the working directory back to /flash file system, enter cd flash at the system prompt. Page 7-2 Listing Switch Files Listing Switch Files You can use the ls command to list the files in the primary MPX’s flash memory. To use this command, enter ls at the system prompt. A screen similar to the following will be displayed. mpx.cmd mpm.log mpx.img esx.img mpm.cfg mpm.cnf 18 18072 1573617 24289 1024 32768 05/30/98 13:04 06/15/98 17:57 06/18/98 12:16 06/18/98 12:18 01/01/70 00:00 06/18/98 12:27 1858057 bytes free. The ls command lists all the files in the current working directory of the primary MPX’s flash memory, followed by its size (in bytes), creation date, and creation time. The three-letter file extension indicates the type of file. Examples include configuration (cnf and cfg), command (cmd), image (img), Programmable Gate Array (.pga), etc. The ls command also lists the total number of bytes of free memory in flash memory. ♦ Note ♦ If you are connected to the primary MPX and you want to display the files in a secondary MPX, use the sls command, which is further detailed in Chapter 6, “Configuring Management Processor Modules.” Page 7-3 Deleting Switch Files Deleting Switch Files You can use the rm command to delete files in the primary MPX’s flash memory. To use this command, enter rm, followed by the name of the file you want to delete. For example, to delete the file mpm.log, you would enter rm mpm.log at the UI prompt. The following screen will be displayed: File system compaction in progress... The switch will take a few seconds to delete the file and compact the flash memory. ♦ Note ♦ If you are connected to the primary MPX and you want to remove files from a secondary MPX, use the mpmrm command, which is described in Chapter 6, “Configuring Management Processor Modules.” Deleting Multiple Files You can remove multiple files either by entering multiple file names in the command line or by using wildcards. When entering multiple file names, be sure to include a space between each file name you want to delete. For example, to remove both the mpm.cfg and mpm.cnf files, you would enter the following: rm mpm.cfg mpm.cnf Wildcards let you substitute an asterisk (*) for file name text. You can remove all files with the same extension by entering rm, followed by an asterisk (*), a period (.), and the file extension. For example, if you want to delete all the files with the log extension, enter *.old at the UI prompt. The following message will be displayed: Remove the following? /flash/mpm.log.old /flash/mpm.old Are you sure you want to remove this? (n) Press the y key to delete the selected files or press <Enter> to cancel. If you press the y key, the following will be displayed: ...2 files removed The switch will take a few seconds to delete the file and compact the flash memory. ♦ Note ♦ If you want to delete all the image files (i.e., files with the img extension), you can use the imgcl command, which is described in Deleting All Image Files on page 7-5. Page 7-4 Deleting Switch Files Deleting All Image Files You can use the imgcl command to delete all executable (image) files. The files deleted by the imgcl command include the MPX boot file (mpx.img), and all executable switching module files (the factory default is all files ending with the .img extension). ♦ Important ♦ You should only use the imgcl command during network down times and when you are connected to the switch through the serial port. To use this command, enter imgcl at the system prompt. A screen similar to the one shown below will be displayed. Remove the following? /flash/esx.img /flash/mpx.img Are you sure you want to remove them? (n) Press the y key to delete all the image files or press <Enter> to cancel. If you press the y key, the switch will spend several minutes deleting the image files. ♦ Note ♦ If you want to delete all files in flash memory, you can use the newfs command, which is described in Creating a New File System on page 7-15. After you have deleted all the old image files, you must load new image files using FTP or ZMODEM so the switch can function. See Chapter 5, “Installing Switch Software,” for instructions on using the ftp and load commands. Page 7-5 Copying System Files Copying System Files You can use the cp command to copy files. This is particularly useful if you want to make backups of important files. To use this command, enter cp, followed by the name of the original file you want to copy, and then by the name that you wish to give the duplicate file. For example, to make a duplicate of the file mpx.cmd that is to be called mpx.bak, enter cp mpx.cmd mpx.bak at the system prompt. The following information will be displayed: /flash/mpx.cmd -> /flash/mpx.bak : 100% Displaying Text Files You can use the view command to display the contents of ASCII (text-based) files. To use this command, enter view, followed by the name of the file you want to display. To display the mpx.cmd file, for example, enter view mpx.cmd at the system prompt. A screen similar to the one shown below will be displayed. cmDoDump=1 cmInit Note that if you try to view a file with non-ASCII characters, an error message will be displayed. For example, if you use the view command on the file mpm.cfg, the following error message will appear: The file mpm.cfg has non-printable characters, can't view ♦ Note ♦ You can edit text files with the edit sub-menu commands, which are described in Editing Text Files on page 7-7. Page 7-6 Editing Text Files Editing Text Files The commands in the Edit sub-menu (also called the Text Buffer or Edit Buffer) are used to create new text files and to modify existing text files. To enter the edit sub-menu, enter edit at the system prompt. If verbose mode is enabled, the following list of commands will be displayed automatically. If verbose mode is disabled, press the question mark (?) to display the following list of commands. (For information on enabling verbose mode, refer to the uic command description in Chapter 4, “The User Interface.”) Command --------------ab cb db eb ib lb nb rb wb Main Interface Edit Menu -------------------------------------------------------Append line(s) to the buffer Clear the buffer Delete line from the buffer Edit a buffer line Insert buffer line List contents of the buffer Name file for buffer Read file into buffer Write buffer to file File Security Summary System VLAN Services Networking Help The Edit sub-menu commands are outlined in the following sections. You can edit up to 100 lines of text. Each line of text can be up to 97 characters long. ♦ Note ♦ When you edit text files, you will normally use several of the Edit sub-menu commands to produce the results you want. SeeReal-World Example 1 on page 7-11 or Real-World Example 2 on page 7-12 for examples of how to use multiple commands from the Edit submenu. Clearing the Text Buffer You can use the cb command to clear the Edit buffer’s memory so you can create a new text file. To use the cb command, enter cb at the system prompt. Page 7-7 Editing Text Files Loading an ASCII File into the Text Buffer You can use the rb command to load—or read—an existing ASCII file in flash memory to the Edit buffer’s memory. To use this command, enter rb, followed by the file you wish to edit. For example, to edit the mpx.cmd file, enter rb mpx.cmd at the system prompt. ♦ Loading Binary Files ♦ You can load a binary file into the Edit buffer but you will not be able to edit it. Listing the Contents of the Text Buffer The lb command is used to list the contents of the Edit buffer’s memory. To use this command, enter lb at the system prompt. If there is something in the buffer, the system will display the contents numbered from the zero. The following display is a typical example: 00: cmDoDump=1 01: cmInit If there is nothing in the buffer, nothing will be displayed. Adding Lines of Text to the Text Buffer You can use the ab command to manually add lines of text to the Edit sub-menu. Note that the lines you enter are appended at the end of the buffer. For example, if there are 10 lines of text in the buffer, you will begin entering text at the 11th line. If the buffer is empty, the line of text you enter will be the first line of text in the buffer. To add text to the buffer, enter ab at the system prompt. A screen similar to the one shown below will be displayed: 02 : Enter your text and press the <Enter> key to add the text to the buffer. If the buffer is not full, the system will prompt you to enter another line of text. If the buffer is full (i.e., there are 100 lines in the text buffer), the following message will be displayed. Buffer Full! To exit the ab command, type a period (.) and press <Enter>. Page 7-8 Editing Text Files Deleting a Line of Text from the Text Buffer You can use the db command to delete a specific line in the text buffer. To use this command, enter db, followed by line number of the line of text you want delete, which is shown by the lb command. For example, to delete the third line of text in the text buffer, enter db 3 at the system prompt. Enter the lb command again to view the contents of the buffer. Note that the text that appeared at line 3 has been deleted. Inserting a Line of Text into the Text Buffer You can use the ib command to insert a line of text between two existing lines in the buffer. To use this command, enter ib, followed by the number of the line where you want the new text to appear. For example, if you want to add the text, atm_use_mbus=3, between lines 00 and 01 in the buffer, enter ib 1 at the system prompt. The following screen will be displayed: 01: Enter the line of text, atm_use_mbus=3. At the system prompt, enter the lb command to view the contents of the buffer. If the original text buffer looked like this, 00: cmDoDump=1 01: cmInit the revised text buffer, with the inserted text, will now appear as follows: 00: cmDoDump=1 01: atm_use_mbus=3 02: cmInit Editing a Line Name of Text in the Text Buffer You can use the eb command to edit an existing line of text in the buffer. To use this command, enter eb, followed by the line number of the text you want to edit. For example, if you want to edit the text at line 01, enter eb 1 at the system prompt. The following screen will be displayed: 01: Enter the text as you want it to appear and press <Enter>. Enter the lb command again to list the contents of the text buffer. Note that the buffer now reflects the edited line of text. Page 7-9 Editing Text Files Creating a File Name for the Text Buffer If no file name has been created for the text buffer, the following message is displayed whenever the lb command is executed: Work buffer is unnamed Use the nb command to create a name for the text buffer. To use this command, enter nb, followed by the name you wish to give the text buffer. For example, if you want to name the buffer mpx.cmd, enter nb mpx.cmd at the system prompt. The following screen is displayed, showing the current working directory (/flash), followed by the new name for the text buffer (/mpx.cmd): Work buffer name is: /flash/mpx.cmd Creating a Text File from the Text Buffer The wb command is used to create—or write—a text file from the text buffer. To use this command, enter wb followed by the name of the output file. For example, if you want to create the file switch.txt, enter wb switch.txt at the system prompt. The following screen is displayed: Work buffer name is: /flash/switch.txt Writing Changes to Existing Files You can also use the wb command to overwrite changes to an existing file. For example, if you want to overwrite changes to the file mpx.cmd, enter wb mpx.cmd at the system prompt. The following screen is displayed: /flash/mpx.cmd exists in /flash. Overwrite it? (y) Press <Enter> to create the text file from the text buffer. The computer will take a few seconds as it overwrites the file, and the following information is displayed: File system compaction in progress... At the system prompt, enter the lb command to view the name of the buffer. Note that the work buffer is now named /flash/mpx.cmd. Page 7-10 Real-World Examples Real-World Examples As noted on page 10-7, when you edit text files, you will normally use several of the Edit submenu commands to produce the results you want. The following two examples, Real-World Example 1 and Real-World Example 2, are actual multi-command procedures that you may encounter as you work with your switch. Real-World Example 1 cp mpx.cmd mpx.bak rb mpx.cmd lb 00: cmDoDump=1 01: cmInit nb mpx.cmd Work buffer name is: /flash/mpx.cmd ab 02 : 02 : reg_port_rule=1 03 : No line 3 inserted lb 00: cmDoDump=1 01: cmInit 02: reg_port_rule=1 Work buffer name is: /flash/mpx.cmd wb /flash/mpx.cmd exists in /flash. Overwrite it? (y) File system compaction in progress... view mpx.cmd cmDoDump=1 cmInit reg_port_rule=1 Page 7-11 Real-World Examples Real-World Example 2 cp mpx.cmd mpx.bak rb mpx.cmd lb 00: cmDoDump=1 01: cmInit 02: reg_port_rule=1 nb mpx.cmd Work buffer name is: /flash/mpx.cmd db 2 lb 00: cmDoDump=1 01: cmInit ib 1 01 : 01 : rifStripping=1 lb 00: cmDoDump=1 01: rifStripping=1 02: cmInit Work buffer name is: /flash/mpx.cmd wb /flash/mpx.cmd exists in /flash. Overwrite it? (y) File system compaction in progress... view mpx.cmd cmDoDump=1 cmInit rifStripping=1 Page 7-12 System Menu System Menu The System menu contains two commands, fsck and newfs, for checking and deleting all files in the flash memory. To access the System menu, enter system at the UI prompt. If verbose mode is enabled, the following list of commands will be displayed automatically. If verbose mode is disabled, press the question mark (?) to display the following list of commands. (For information on enabling verbose mode, refer to the uic command description in Chapter 4, “The User Interface.”) Command --------------info dt ser mpm slot systat taskstat memstat fsck newfs syscfg uic camstat camcfg hrex ver/ter echo/noecho chpr logging health cli saveconfig cacheconfig Main Interface System Menu ----------------------------------------------------------------------------------Basic info on this system Set system date and time View or configure the DTE or DCE port Configure a Management Processor Module View Slot Table information View system stats related to system, power and environment View task utilization stats View memory use statistics Perform a file system check on the flash file system Erase all file from /flash and create a new file system Configure info related to this system UI configuration; change - prompt, timeout, more, verbose. View CAM info and usage Configure CAM info and usage Enter HRE-X management command sub-menu Enables/disables automatic display of menus on entry (obsolete) Enable/disable character echo Change the prompt for the system (obsolete, use ‘uic’ command View system logs. Set health parameters or view health statistics Enter command line interface Dump the cache configuration content to the mpm.cnf file. Set the flag to use cache configuration only. File Security Summary System VLAN Services Networking Help Page 7-13 Checking the Flash File System Checking the Flash File System The fsck command performs a file system check of flash memory, which consists of the flash file system. All image files are stored in flash memory and loaded into system memory when the switch boots up. The command also provides diagnostic information in the event of file corruption. To perform a file system check of flash memory, enter fsck at the system prompt. A screen similar to the following will be displayed: Your bootroms support Flash File System Version 2 and greater. Out of 16 file descriptors in use, 0 of these are opened on the /flash device. Performing a file system check using manual mode. If a file is encountered with a potential problem, you may wish to consider preserving it for technical support analysis... Flash file system check in progress... Checking root file system... OK Performing file consistency check... Done. There doesn't appear to be a system problem related to the Flash File system or kernel file system data structures. If you are experiencing problems with the flash file system, perhaps try using the "info", "systat", or "memstat" commands. They may indicate some other condition (such as low memory) which could prohibit correct operation of the file system. If the fsck command detects a problem with the flash file system, a message will be displayed indicating the problem, along with any steps needed to resolve it. Each logical file system must be checked independently. Page 7-14 Creating a New File System Creating a New File System The newfs command removes a complete flash file system and all files within it, replacing it with a new empty flash file system. Use this command when you want to reload all files in the file system, or in the unlikely event that the flash file system becomes corrupted. To create a new file system and re-initialize the flash memory, enter newfs at the system prompt. The following will be displayed. You are about to destroy all files on file system /flash. If you are experiencing problems with the flash file system, you might want to use the "fsck" command to help determine where problems may exist. Are you absolutely sure you want to strip the current file system and create a new one? (n) Press <Enter> to cancel, or enter y to create a new file system. If you enter y, you will have to load new software into the switch. ♦ Warning ♦ Do not power-down the switch after running the newfs command until you reload your image and configuration files. Otherwise, you will have to reload the image files at the boot monitor prompt using the serial interface (e.g., ZMODEM), which can take several minutes. Also, before you execute the newfs command, you may also want to preserve your configuration file by saving it to another host. You can now download new files via FTP or ZMODEM. Page 7-15 Creating a New File System Page 7-16 8 Switch Security Commands listed in the Security menu are for configuring system security parameters such as the password and logout time. The menu also provides a command for rebooting the switch. Enter security at the prompt to enter the Security menu. Press ? to see the following list of commands: Command pw reboot timeout layer2auth seclog secdefine secapply useradd usermod userdel asacfg userview auth Security Menu Set a new password for a login account Reboot this system (allowed if the user is “admin”) Configure Auto Logout Time (obsolete, use “uic” command) Enable/Disable layer2 user authentication Display Secure Access log file entries Define Secure Access filter(s) Apply Secure Access filter(s) Create a new user for a login account Modify a user’s privileges Remove a user Configure Authenticated Switch Access View the users in the local user database Enter the Authentication menu Main File Interface Security Summary VLAN System Services Networking Help The pw, reboot, seclog, secdefine, and secapply commands are described in this chapter. The useradd, usermod, userview and userdel commands are also described in this chapter. For information about the layer2auth and asacfg command as well as the authentication (auth) submenu, see the Switched Network Services User Manual. Page 8-1 Changing Passwords Changing Passwords The switch provides three types of login accounts by default—Administrator, User and Diagnostics. The Administrator login provides full READ/WRITE access to all command families. The login name for the Administrator account is admin. The login name for the default User account is user and provides READ ONLY access to the switch’s command families except for the global family, and NO WRITE privileges. The Diagnostics login has full READ/WRITE access to all command families plus a command for running switching module tests. The login name for Diagnostics is diag. The initial password for all three accounts is switch. If you log in as diag you can change the passwords for the diag and admin login accounts. If you log in as admin, however, you can only change the password for the admin login account. To change the password, complete the following steps. Remember that the User Interface does not echo (display) the password characters. 1. From the prompt, type pw <account-name> The <account-name> is the user login name (diag, admin) for which you want to change the password. The following prompt displays: Changing password for account:<account-name> Old password: 2. Enter the old password and press <Enter>. If you enter the old password incorrectly, the following message displays: Authentication failure and the command will terminate. You will then need to start over from Step 1 above. If you answered the old password correctly, the following prompt displays: New password: 3. Enter the new password (you are allowed up to 18 characters) and press <Enter>. The following prompt displays: Retype new: 4. Re-enter the new password to confirm it and press <Enter>. ♦ Note♦ It is recommended that you change the password from the default for all login accounts. The passwords are stored encrypted in the mpm.cnf file. If you forget your password, you will have to delete the mpm.cnf file which will cause the passwords to revert to the default. ♦ Caution ♦ Deleting the mpm.cnf file will also remove all of your configuration data and restore everything back to factory settings. Page 8-2 Rebooting the Switch Rebooting the Switch The reboot command should only be executed during network down time and when no data is being transmitted across the network. Also, you should ensure that all configuration information has been saved first. Note that the reboot command is only available to the admin and the diag logins. ♦ Caution ♦ Rebooting the switch will disconnect a Telnet connection to the User Interface and will interrupt the network connections on the switching modules. To reboot the switch from the command line, enter reboot at the prompt and press <Enter>. The following prompt will display: Confirm? (n) : Enter Y. The following message displays: Locking file system...locked System going down immediately... switch[489917b0]: System rebooted by admin The switch will now take at least a minute to start up again. (If you are connected to the User Interface with a serial connection, the console displays start-up related information.) The login message displays when the reboot is complete: Welcome to the Alcatel Omni Switch/Router! (Serial # xxxx) login : Page 8-3 Secure Switch Access Secure Switch Access Secure Switch Access is a filtering program that prevents unauthorized access to the switch by allowing you to define a list of filters and filter points. For Secure Switch Access, filters are lists of source traffic that are allowed onto the switch. Filter points operate on IP protocols that include FTP, Telnet, SNMP, TFTP, HTTP, and a custom IP protocol. Whenever any of these filter points is enabled, all filters configured for that protocol are applied to incoming traffic using the filter point protocol. All access violations are logged. If a filtering point is not enabled, it is accessible to all users. Configuring the Secure Switch Access Filter Database Use the secdefine command to view and configure the database of secure access filters. This database includes information on filter names, source IP addresses, source MAC addresses, and the physical ports receiving data. The following is a sample secdefine display: Secure Access Filter Database List (l) : Create (c): Delete (d): Modify (m): Find (f): Help (h): Quit (q): Enter selection: Select an option by entering the relevant letter at the selection prompt. To exit this menu, enter q (quit). Descriptions and sample displays for each of the options are as follows: List This is a list of all defined filters. A filter determines what traffic is allowed on the switch. The list includes information on the filter’s name, IP Address, MAC Address, and physical port receiving the user’s data. The following is a sample display: Source IP Source MAC Slot Port Filter Name Address Address # # --------------------------------------------------------------------------------------------------------Engineering 198.34.56.10 0:23:da:67:97:e4 4 1 Test ANY ANY 7 3 Accounting 172.14.25.13 0:32:e4:a3:6f:e4 2 1 HR 198.34.56.15 ANY ANY ANY The value ANY displays if a field is left blank when configuring filter information through the Create (c) option. The ANY value signifies a “don’t care” condition. When an inbound packet is checked against a Filter Name to establish authorized access, the ANY fields are not checked. Page 8-4 Secure Switch Access Create This option allows you to create a new filter in the secure access database. The following is a sample display: Create Filter -----------------Enter Filter Name: Enter IP Address ( [a.b.c.d] ) : Enter MAC Address ( [XXYYZZ: AABBCC] ) : Is this MAC in Canonical or Non-Canonical (C or N) [C] : Enter Slot : Enter Port : After you have created a filter, the information is automatically saved in the secure access database, and the secdefine submenu re-displays. To review your new configuration, simply select the list (l) option. Descriptions of the fields are as follows: The name of the new filter. The name is required and must be at least one character long and no more than 25 characters. Enter Filter Name: Enter IP Address ( [a.b.c.d] ): The allowed IP address. The address must be in the displayed format ( [a.b.c.d] ). If you enter a value here, the user may access the switch only from this IP address. If you leave this field blank, a value of ANY will display in the secure access list, allowing access to the switch from any IP address. Enter MAC Address ( ( [XXYYZZ: AABBCC] )): The allowed MAC address. The address must be in the displayed format (( [XXYYZZ: AABBCC] ) ). If you enter a value here, a user may access the switch only from this source MAC address. If you leave this field blank, a value of ANY will display in the secure access list, allowing this user access to the switch from any MAC address. Is this MAC in Canonical or Noncanonical (C or N) [C] : The format of the specified MAC address. Typically, ethernet MAC addresses are in canonical format while token ring and addresses are in noncanonical format. The default is canonical (C). This parameter is not required. Enter Slot: The module on the switch receiving data from the specified IP or MAC address. If you leave this field blank, a value of ANY will display in the secure access list, allowing data from the specified IP or MAC address to be sent through any module on the switch. Enter Port: The port on the module receiving data from the specified IP or MAC address. If you enter a value here, you should also specify a slot in the above field. If you leave this field blank, a value of ANY will display in the secure access list, allowing data from the specified IP or MAC address to be sent through any port on the module (if one is specified) or on the switch (if no slot is specified). Delete This option allows you to delete a filter from the secure access list. The screen displays similar to the following: Delete Filter -----------------Enter Filter Name: If you enter a filter name here, that filter will be immediately deleted from the secure access database. Page 8-5 Secure Switch Access Modify This option allows you to modify information about an existing secured access filter. Enter the name of the filter you wish to modify, as follows: Modify Filter ----------------Filter Name: Test The filter’s existing information will display. For example: Source IP Source MAC Slot Port Filter Name Address Address # # ----------------------------------------------------------------------------------------------------------Test ANY 10.2.8.13 5 2 Enter IP Address ( [a.b.c.d] ) : Enter MAC Address ( [XXYYZZ: AABBCC] ) : Is this MAC in Canonical or Non-Canonical (C or N) [C] : Enter Slot : Enter Port : To change a value, type in the new value at the prompt. If you do not wish to modify a particular field, press Enter and the existing user information will remain unchanged. To change a field to ANY privilege, enter a value of 0, an asterisk (*), or ANY at the prompt. Descriptions of the fields in the above display are provided earlier under the option ‘‘List’’ on page 8-4. Find This option allows you to find information about a specified filter in the secured access database. You must know the filter’s name in order to use this search feature. The following is a sample display: Find Filter -------------Filter Name: Test To find a filter in the database, enter the name of the filter at the prompt. If the filter you enter is a valid one, information on that filter will display similar to the following: Source IP Source MAC Slot Port Filter Name Address Address # # ----------------------------------------------------------------------------------------------------------Test ANY 10.2.8.13 5 2 Page 8-6 Secure Switch Access Configuring Secure Access Filter Points The secapply command allows you to view the list of secure access filter points, to enable/ disable security globally or for a specific IP protocol filter point, and to define a filter list for each filter point. To use this command, enter: secapply A screen similar to the following displays: Secure Access Filter Points 1) FTP Security 11) Filter List 2) Telnet Security 21) Filter List 3) SNMP Security 31) Filter List 4) TFTP Security 41) Filter List 5) HTTP Security 51) Filter List 6) Custom Security 61) Filter List 62) Protocol 63) Port Service 7) One-touch Global Security : 71) One-touch Filter List : Enabled : Test, Engineering : Disabled : Test : Enabled : : Enabled : Manufacturing : Disabled : : Enabled : HR : : : Command { Item=Value/?/Help?Quit/Redraw/Save} (Redraw) : ♦ Note ♦ If security is enabled for a filter point and there are no names defined on its list, then the filter point is essentially inaccessible to all users. For example, in the above sample display, SNMP is not accessible to any user. You can enter commands by entering just the first letter of the command. For example, select by entering q and pressing <Enter>.The question mark option (?) and the Help option provide reference and instructional information on using this command. The Quit option exits this command without saving configuration changes. The Redraw option refreshes the screen. Quit When you are done entering new values, type save at the prompt and all new settings will be saved. The following option is available for all filter points: Filter List Applies the filter name(s) defined through the secdefine command for this filter point. Filter points are disabled by default. The different filter points are defined as follows: Page 8-7 Secure Switch Access 1) FTP Security Indicates whether or not secure access is enabled for File Transfer Protocol (FTP) on the switch. Enabled means secure access is enabled for FTP services, and only filters on FTP’s filter list have authorization. Disabled indicates that secure access is not enabled for FTP services, and all users can access the switch through FTP. 2) Telnet Security Indicates whether or not secure access is enabled for Telnet service on the switch. Enabled means secure access is enabled, and only filters on Telnet’s filter list have authorization. Disabled indicates that secure access is not enabled for Telnet service, and all users can access the switch through Telnet. 3) SNMP Security Indicates whether or not security is enabled for Simple Network Management Protocol (SNMP) on the switch. Enabled means security is enabled for SNMP services, and only filters on SNMP’s filter list are authorized. Disabled indicates that secure access is not enabled for SNMP services, and all users can access the switch through SNMP. 4) TFTP Security Indicates whether or not security is enabled for Trivial File Transfer Protocol on the switch. means security is enabled for TFTP services, and only users on TFTP’s filter list are authorized. Disabled indicates that security is not enabled for TFTP services, and all users can access the switch through TFTP. Enabled 5) HTTP Security Indicates whether or not security is enabled for HyperText Transfer Protocol (HTTP) on the switch. Enabled means that security is enabled for HTTP, and only filters on HTTP’s filter list are authorized. Disabled indicates that security is not enabled for HTTP, and all users can access the switch through HTTP. 6) Custom Security Configures whether or not security is enabled for the custom IP protocol specified in line 62. Enabled means that security is enabled for the custom IP protocol, and only filters on that protocol’s filter list are authorized. Disabled indicates that security is not enabled for the custom IP protocol, allowing all users access to the switch through that protocol. 62) Protocol (Available for Custom Security only.) The IP protocol number to be included as a secured access protocol (IP protocol field in the IP header). You may define only one custom IP protocol. 63) Port Service (Available for Custom Security only.) The Custom IP protocol’s destination port (port field in the IP header) Page 8-8 Secure Switch Access 7) One-touch Security Configures the same Security value for all secure access protocols. Enabled enables security for all secure access filter points. Disabled disables security for all secure access filter points. Any value configured for individual security parameters overrides the global setting. If you wish to set a different value for Telnet Security, for example, enter the line number for Telnet, followed by an equal sign (=) and the new value. 71) One-touch Filter List Configures a single filter list for all security filter points. Enabling/Disabling Security Parameters To change any of the Security values, enter the line number for the parameter, followed by an equal sign (=), and then enabled or e for enable or disabled or d for disable at the prompt. For example, to enable security for Telnet, enter the following: 2=e Adding Filters To add a filter, at the command prompt, enter the line number for the parameter, followed by an equal sign (=), and then the filter’s name at the prompt. For example: 21=Test ♦ Note ♦ If the filter does not exist in the secure access database, the system prompts you to create the filter. To view the list of secure access filters, use the secdefine command. For more information, see ‘‘Configuring the Secure Switch Access Filter Database’’ on page 8-4. Enter save to save the new filter. Deleting Filters To remove an existing filter from a filter list, at the command prompt, enter the line number for the parameter, followed by an equal sign (=), a negative sign (-), and then the filter’s name as follows: 11= -Engineering To remove all filters in a list, include an asterisk after the negative sign. For example: 4= -* Enter save to save the change. Page 8-9 Secure Switch Access Viewing Secure Access Violations Log The seclog command displays a log of all secure access violations. ♦ Note ♦ To log access violations on the switch, use the swlogc command. For more information on the swlogc command, see Chapter 10, “Switch Logging.” To view the secure access violations log, enter seclog The following is a sample display: Secure Access Violations Log Time -----------------------12:49:02 03:15:34 Protocol ------------FTP Telnet Source IP -------------172.23.8.801 198.20.2.101 Attempts -------------1 10 Slot/ Intf ------5/1 2/3 Elapsed Time (secs) ------------------23 240 Descriptions of the fields are as follows: Time. The first time the access violation occurred. Protocol. The IP protocol for which the violation occurred. Source IP. The source IP address of the unauthorized user. Attempts. The number of access attempts made by this user within the sample period (5 minutes). Slot/Intf. The physical port that received the unauthorized user information. Elapsed Time (secs). The duration (in seconds) from the first unauthorized access to the end of the sampling period. Secure access violations will take 5 minutes to display in the log file. Page 8-10 Managing User Login Accounts Managing User Login Accounts Prior to software release 4.4, the switch provided security in the form of privilege control for individual login accounts by allocating each user accounts READ or WRITE privileges. Software release 4.4 contains a partition management feature that enhances the privilege capability with an authorization scheme based on the functional capacity assigned to each user. The purpose of partition management is to provide a mechanism in the switch operating system for system administrators to control access while maintaining enough flexibility to use the switch’s full range of services. This is normally done for security reasons. System administrators can partition access to the switch by restricting a user’s ability to perform certain switch commands or to use certain command groups. ♦ Terminology Notes♦ A user account refers to the user’s ability to log onto the switch and perform certain functions. From the user’s perspective, it consists of the login name and a password. A privilege refers to the user’s ability or permission from the system administrator to execute a command. Partition Management Requirements Partition management is available only for user login accounts that have no permission to use the UI command mode. Where a user account has permission to use the UI mode, partition management is effectively destroyed for that user account. To maintain partition management capability for a user account, that account must be restricted to using the CLI mode only. Refer to ‘‘Assigning Account Privileges Using the UI Command Mode’’ on page 8-16 or ‘‘Assigning Account Privileges Using the CLI Command Mode’’ on page 8-13 for information on restricting use UI commands. ♦ Note♦ Not all UI commands have CLI equivalents. Also, not all CLI commands support partition management. For detailed information, refer to the UI to CLI Cross Reference Tables in Chapter 4 of this manual. Page 8-11 Managing User Login Accounts Default Accounts Initially each switch is preconfigured with three default logins (admin, user and diag). See Chapter 4, “The User Interface,” for more information about login accounts. If you are logged into an account with the WRITE privilege to the USER command you may create or delete login accounts as described in this section. You may also create new user accounts. ♦ Note♦ At least one user account with WRITE privileges to use the USER family of commands is required on the switch at all times. If you attempt to remove or modify the only user account to READ-ONLY privilege, the switch will reject the modification command. There are several commands available for modifying the user login accounts on the switch. To see a list of all user accounts currently available on the switch, use the userview command in the UI mode. Adding a User Account Using the UI Command Mode To add a user account you must be logged into an account with administrative privileges. 1. At the system prompt enter the useradd command. The following prompt displays: Enter Username: ( ) : 2. Enter the desired user name. The following prompt displays: Force Password change on next login [y/n] ? (y) : 3. Press <Enter> to force a password change at the next login for this user, or enter n to keep the configured password. The following prompt displays: Enter password: ( ) : 4. Enter the desired password. The following prompt displays: Enter new password again: ( ) : 5. Enter the desired password again. In this example, the username “TechPubs1” is entered. A message similar to the following displays: User TechPubs1 user privileges (0:0:0) : The user login account “TechPubs1” is now active on the switch. At this point the new account has permission to log onto and off of the switch. To add other privileges refer to ‘‘Assigning Account Privileges Using the UI Command Mode’’ on page 8-16 or to ‘‘Assigning Account Privileges Using the CLI Command Mode’’ on page 813. Page 8-12 Managing User Login Accounts Adding a User Account Using the CLI Command Mode To add a user account from the CLI mode, you must be logged into an account with administrative privileges. Enter the following at the command prompt. user user_name <password user_password> where user_name is the new user login account name and user_password is the new user login account password. Both these values are specified by the user. For the user name “Techpubs1”, the following message is displayed: User Techpubs1 created. If you do not specify a password when you create the new account, switch becomes the default password. ♦ Note♦ It is recommended that you change the password from the default for all login accounts. Both the user account name and the password are limited to 16 text characters. The new login account and password will take effect at the user’s next login session. Assigning Account Privileges Using the CLI Command Mode A user account’s READ and WRITE privileges can be assigned for all commands or for various subsets of commands. The command subsets referred to as command families are shown here: config, vlan, iprout, ipxrout, bridge, snmp, xswitch, hrefilter, atmser, atmup, cem, csm, pnni, atmacct, voip, mpoa, mpls and user. In addition to assigning privileges according to command families, an administrator can restrict the user account’s ability to execute specific commands. Here is a list of commands that can be restricted from a user account. system, status, slot, timeout, prompt, define, prefix, reboot, telnet, ftp, ping, swap, reset, cd, ls, rm, file, interface, ethernet, gated, and ui. ♦ Warning♦ If partition management is intended for a user account, that account cannot have permission to use the UI command or the UI mode. Page 8-13 Managing User Login Accounts User Write Privileges To assign privileges to a user account, you must be logged into an account with WRITE privileges to the USER family of commands. Enter the following command at the system prompt. user userId [write list-of-families] where userId indicates the name assigned to the user account for which you want to assign READ and WRITE privileges. The list-of-families parameter indicates the switch command families and the specific commands for which the user account will receive READ and WRITE privileges. Command families must be separated by commas. User Read Privileges To assign READ-ONLY privileges to a user account, you must be logged into an account with WRITE privileges to the USER family of commands. Enter the following command at the system prompt. user userId [read list-of-families] where userId indicates the name assigned to the new login account for which you want to assign READ-ONLY privileges. The list-of-families parameter indicates the switch command families and the specific commands for which the user account will receive READ-ONLY privileges. For a list of command families and specific commands, refer to the ‘‘Assigning Account Privileges Using the UI Command Mode’’ section on page 8-16 or to ‘‘Adding a User Account Using the CLI Command Mode’’ on page 8-13. Removing Privileges You can remove READ and WRITE privileges from a user created login account if you are logged into an account with WRITE privileges to the USER command family. Use the following command: user userId no write list-of-families You can remove READ-ONLY privileges from a user created login account by using the following command: user userId no read list-of-families For both these commands, the userId parameter indicates the name assigned to the user created login account for which you want to remove privileges. The list-of-families parameter indicates the switch command families and the specific commands from which you want to remove READ or WRITE privileges. Page 8-14 Managing User Login Accounts Miscellaneous CLI Privileges Commands The following is a list of privileges-related CLI commands. For more details on these commands and other CLI commands, refer to the Text-Based Configuration CLI Reference Guide. • To create a new user login account, use the following command: user user_name [password user-password] where user_name is the new user login account name and user-password is the new user password. Both these values are defined by the user. • To set or change the password of the current user account, use the following command: password password Where password is the new password for this user account. • To delete a login account, use the following command: no user user_name where user_name is the current login you want to delete. • To view user privileges for a specific user login account, use the following command: view user [user_name] where user_name is the name of the user login account for which you will view privileges. Page 8-15 Managing User Login Accounts Assigning Account Privileges Using the UI Command Mode When you add a new user login account, the account has permission to log in and to log out. If you want the new account to have additional privileges you must add them separately. To add privileges to a user account, you must be logged into an account with administrative privileges. From the system prompt enter the usermod command. The following prompt displays: Enter Username : ( ) : Enter the login name of the user account you are modifying. The following screen will display. - CONFIG : NO - GROUP : NO - IPROUT : NO - IPXROUT : NO - BRIDGE : NO - SNMP : NO - XSWITCH : NO - HREFILTER : NO - ATMSER : NO - ATMUP : NO - CEM : NO - CSM : NO - PNNI : NO - ATMACCT : NO - VOIP : NO - MPOA : NO - MPLS : NO - USER : NO Subsets of the global family: - SYSTEM : NO - STATUS : NO - SLOT : NO - TIMEOUT : NO - PROMPT : NO - DEFINE : NO - PREFIX : NO - REBOOT : NO - TELNET : NO - FTP : NO - PING : NO - SWAP : NO - RESET : NO - CD : NO - LS : NO - FM : NO - FILE : NO - INTERFACE : NO - ETHERNET : NO - GATED : NO - UI : NO 1. MODIFY ONE FAMILY RIGHTS 2. SET ALL READ RIGHTS 3. SET ALL WRITE RIGHTS 4. SET NO READ RIGHTS 5. SET NO WRITE RIGHTS 6. MODIFY ONE GLOBAL SUBSET 7. SET NO GLOBAL SUBSET 8. SET ALL GLOBAL SUBSET [ 1 TO 8, (c)ancel or (s)sav] ( ) : Page 8-16 Managing User Login Accounts This screen displays the default privileges for a new user login account. Note that the default privileges give the new user neither read nor write permission. To grant privileges to the user account, enter a number from 1 to 5 as indicated in the display. To set WRITE privileges for a single family of commands, enter 1 and press <Enter>. The display will prompt you for the family number as shown here: Give the family number : ( ) : Enter the number of the command family for which you want to set WRITE privileges. Refer to the ‘‘Command Family Table’’ on page 8-18 for the number. For example, if you wanted to enable WRITE privileges for the Bridge command family, enter the number 5 as shown here. Give the family number : ( ) : 5 The following will display. Give rights on family BRIDGE 0. NO 1. READ 2. WRITE 3. READ&WRITE (): Enter the number 2 at the prompt to assign WRITE privileges. The following shows a portion of the display. User ‘TechPubs1’ user privileges (0:0X20:0) : - CONFIG : NO - GROUP : NO - IPROUT : NO - IPXROUT : NO - BRIDGE : READ & WRITE - SNMP : NO - XSWITCH : NO (Continued) The privilege listed next to Bridge shows WRITE. This indicates that the user ‘‘TechPubs1’’ now has WRITE privileges for the Bridge family of commands. Page 8-17 Managing User Login Accounts Command Family Table Number 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Command Family Configuration Group IP Routing IPX Routing Bridge SNMP QOS Policy HRE Filter ATM Service WAN CSM PNNI ATM Accounting Voice Over IP MPOA MPLS (unsupported) User The global family contains commands that apply globally to the switch rather than to individual applications or services. Privileges for global family commands can be set on an individual command basis or altogether so the privilege applies to the whole global family. If you want to set privileges for the global commands, you must enter 6, 7 or 8 when the screen prompt displays the following: 1. MODIFY ONE FAMILY RIGHTS 2. SET ALL READ RIGHTS 3. SET ALL WRITE RIGHTS 4. SET NO READ RIGHTS 5. SET NO WRITE RIGHTS 6. MODIFY ONE GLOBAL SUBSET 7. SET NO GLOBAL SUBSET 8. SET ALL GLOBAL SUBSET [ 1 TO 8, (c)ancel or (s)save] ( ) : To give the user account the privilege to set all global commands, enter the numeral 8. To deny the user the privilege to set any of the global commands, enter the numeral 7. To set individual global commands, enter the number 6. If you are assigning privileges on an individual command basis the display will look like this: [ 1 TO 8, (c)ancel or (s)sav] ( ) : 6 Give the subset number : ( ) : Enter the number of the command for which you want to set WRITE privileges. Refer to the ‘‘Global Family Table’’ on page 8-19 for the number. Page 8-18 Managing User Login Accounts Global Family Table Number 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 Global Family System Status Slot Timeout Prompt Define Prefix Reboot Telnet FTP Ping Swap Reset CD LS RM File Interface Ethernet Gated UI For example, if you wanted to assign the user account the privilege to use the define command, enter the number 6 as shown here. Give the family number : ( ) : 6 The following will display. Give rights on subset DEFINE 0. NO 1. YES (): If you enter 1, all the command families will display and the DEFINE command under the global family will be shown as follows: - DEFINE : YES After you set the user account privileges, the switch displays the current configuration. At this point you may enter s to save your configuration or c to cancel. ♦ Warning♦ If partition management is implemented on a user account, that account must have the UI command family set to NO privilege. If an account has the privilege to use the UI command, partition management is effectively destroyed for that account. Page 8-19 Managing User Login Accounts Modifying a User Account You can use the usermod command to modify account privileges as shown here. You must be logged into a user account with administrative privileges. 1. At the system prompt enter the usermod command. A prompt similar to the following displays: Enter Username: ( ) : 2. Enter the name assigned to the user account you want to modify. A screen similar to the following displays where the account name is TechPubs1. User ‘TechPubs1’ is configured with the following privileges: READ 1. READ 2. WRITE 3. ADMIN 4. FORCE new password Select the privilege(s) number to add/remove. [ 1, 2, 3 (c)ancel or (s)ave] (c) : ♦ Note ♦ See ‘‘Managing User Login Accounts’’ on page 8-11 for definitions of the privileges. 3. Enter the number for the privilege you want to add or remove. The entry acts as a toggle to turn the privilege on or off for the user. In the current example, if you enter 2 at the prompt, a screen similar to the following displays: User ‘TechPubs1’ is configured with the following privileges: READ WRITE 4. After modifying the privileges for the user, enter s at the selection prompt to save the change(s). Deleting a User To delete a user from the user database, you must be logged into an account with administrative privileges. 1. At the system prompt, enter the userdel command. The following prompt displays: Enter Username to remove: ( ) : 2. Enter the username for the user you want to delete. A message similar to the following displays: User ‘TechPubs1’ was removed. ♦ Note ♦ All users but one may be deleted from the switch, provided that the one remaining user is configured with all privileges. Page 8-20 9 Configuring Switch-Wide Parameters The switch provides commands to display and configure parameters on a switch-wide basis. These commands are grouped into two menus: the Summary menu and the System menu. Descriptions for commands in the Summary menu begin below; descriptions for commands in the System menu begin on page 9-5. In addition, this chapter contains documentation for configuring HRE-X ports (described in Configuring the HRE-X Router Port on page 9-27) duplicate MAC address support (described in Duplicate MAC Address Support on page 9-30), multicast claiming (described in Multicast Claiming on page 9-32), disabling flood limits (described in Disabling Flood Limits on page 932), and saving configurations (described in Saving Configurations on page 9-33). Summary Menu The Summary menu consists of commands for displaying summary switch information. To access this menu, enter summary at the UI prompt. Type the question mark (?) to see the following list of commands. Command ss sc si Summary Menu Display MIB-II System group variables Display a summary of the chassis (type, id, serial no., base mac, etc.) Current interface status Main File Interface Security Summary VLAN System Services Networking Help The Summary menu commands are described in the sections that follow. Page 9-1 Displaying the MIB-II System Group Variables Displaying the MIB-II System Group Variables MIB-II is a core set of definitions created to define the SNMP-based management framework. This MIB module contains definitions for both end systems and routers using the Internet protocol suite. To display the MIB-II system group variables, enter ss at the system prompt. A screen similar to the following will be displayed. System description: Alcatel Omni Switch/Router System Object ID: 1.3.6.1.4.1.800.3.1.1.2. Agent Up Time: 5 days, 00:28:14.38 Contact: Administrator Name: TechWrite Location: Bldg 46 Device Services: DataLink/Subnetwork Layer Internetwork Layer Host Layernetwork Layer Application Layer (Rlogin, Telnet, FTP) The fields displayed by the ss command are described below. System description. The specific type of chassis, which can be an OmniSwitch, OmniAccess, or Omni Switch/Router. This field is set by the syscfg command, which is described in Configuring System Information on page 9-23. System Object ID. The MIB entry for the switch (where the object ID starts). This is read only. This value helps you locate Alcatel-specific variables in the MIB tree. Agent Up Time. The time (in days, hours, minutes, and seconds) since the switch was re-initial- ized. Contact. The name of a person to contact about this switch. This field is set by the syscfg command, which is described in Configuring System Information on page 9-23. Name. The name the system administrator assigned to this switch (the node’s fully qualified domain name, by convention). This field is set by the syscfg command, which is described in Configuring System Information on page 9-23. Location. The physical location of the switch. This field is set by the syscfg command, which is described in Configuring System Information on page 9-23. Device Services. The type of services provided by the switch. Supported service types are listed below: • Data Link /Subnetwork Layer • Internetwork Layer • Host Layer • Application Layer (Rlogin Telnet, FTP) Page 9-2 Displaying the Chassis Summary Displaying the Chassis Summary To display the chassis summary information, enter sc at the system prompt. A screen similar to the following will be displayed. Type: Chassis ID: Description: Backplane: Master MPM Serial No.: Physical Changes: Logical Changes: Number of Resets: Base MAC Address: Free Slots: Omni Switch/Router XFRAME 9-slot Alcatel DESCRIPTION NOT SET. 5 SLOT 52601675 7 0 26 00:20:da:02:04:80 0 The fields displayed by the sc command are described below. Type. The description of the specific type of chassis or device. Chassis ID. The chassis ID for this switch. Description. The description of this chassis. This field is set by the syscfg command, which is described in Configuring System Information on page 9-23. Backplane. The style of backplane in this chassis. Master MPM Serial No. Physical Changes. The serial number for the primary MPX. The number of physical changes that has occurred since the last reset or power-on. Logical Changes. The number of logical changes that has occurred since the last reset or power-on. Number of Resets. The number (mpm.cnf) was first removed. Base MAC Address. Free Slots. of times this switch has been reset since the configuration file The base MAC address for the primary MPX. The number of front panel slots not occupied by a switching module. Page 9-3 Displaying Current Router Interface Status Displaying Current Router Interface Status To display current interface status information, enter si at the system prompt. A screen similar to the following will be displayed. Interface Summary Status 4 Interfaces Logical Interface -------------1 2 3 4 Interface Type ---------------------------Slip Virtual Router Virtual Router SoftwareLoopback Administrative Status ----------------------Enabled Enabled Enabled Enabled Operational Status --------------------Enabled Active Active Enabled The fields displayed by the si command are described below. Logical Interface. Interface Type. A number, in sequence, that has been assigned to the virtual router port. The type of interface, which can be virtual router (the standard interface type), SLIP, and software loopback. Administrative Status. Whether the administrator has enabled or disabled the port. The port can be enabled by the administrator but still be made inactive by the system. Operational Status. system software. Page 9-4 Whether the port is active (operational) or inactive. This status is set by the System Menu System Menu The System menu contains commands to view or set system-specific parameters. To access this menu, enter system at the UI prompt to enter the System menu. If you are not in verbose mode, press a question mark (?) and then press <Enter> to display the commands in the system menu, as shown below. Command info dt ser mpm slot systat taskstat taskshow memstat fsck newfs syscfg uic camstat camcfg hrex ver/ter echo/noecho chpr logging health cli saveconfig cacheconfig System Menu Basic info on this system Set system date and time View or configure the DTE or DCE port Configure a Management Processor Module View Slot Table information View system stats related to system, power and environment View task utilization stats View detailed task information View memory use statistics Perform a file system check on the flash file system Erase all file from /flash and create a new file system View/Configure info related to this system UI configuration; change - prompt, timeout, more, verbose. View CAM info and usage Configure CAM info and usage Enter HRE-X management command sub-menu Enables/disables automatic display of menus on entry (obsolete) Enable/disable character echo Change the prompt for the system (obsolete, use ‘uic’ command View system logs. Set health parameters or view health statistics Enter command line interface Dump the cache configuration content to the mpm.cnf file. Set the flag to use cache configuration only. Main File Interface Security Summary VLAN System Services Networking Help All of the System menu commands—except for the mpm, ver, ter, echo, noecho, chpr, logging, health, and cli commands—are described in the following sections. The uic, ver/ter, echo, noecho, chpr, and cli commands are described in Chapter 4, “The User Interface.” The mpm command is described in Chapter 6, “Configuring Management Processor Modules.” ♦ Note ♦ The ver, ter, and chpr commands now appear as items in the UI Configuration menu (displayed through the uic command). If you enter the ver/ter and chpr commands, a message will advise you to use the uic command, and the UI Configuration menu will automatically display. For more information on the UI Configuration menu, refer to Chapter 4, “The User Interface.” Page 9-5 Displaying Basic System Information Displaying Basic System Information To display basic information on the switch, enter info at the system prompt. The following display is a typical example. System Make: Alcatel OmniSwitch System Type: 5-slot OmniSwitch Description: DESCRIPTION NOT SET. Backplane: 9 SLOT Bus Speed: 1200 XFRAME Physical changes to the system since power-up or reset: Logical changes to the system since power-up or reset: Number of Resets to this system: 2 0 8 The attached MPM, slot 1, is the Primary Automatic configuration synchronization is enabled System base MAC Address: Number of Free Slots: Action on Cold Start: Action on Reset: 00:20:da:04:21:f0 0 Load & go Restart VBus Mode : Mode 1 Script File: Boot File: Ni Image Suffix: /flash/mpx.cmd /flash/mpx.img img The fields displayed by the info command are described below. System Make. The description of the specific type of chassis or device. System Type. The OmniSwitch type. Description. A description of the chassis and product. This field is set by the syscfg command, which is described in Configuring System Information on page 9-23. Backplane. The style of backplane used in this chassis. Bus Speed. The speed of backplane, in Mbs, used in this chassis. Physical Changes to the system since power-up or reset. The number of physical changes that has occurred since the last reset or power-on. Logical Changes to the system since power-up or reset. occurred since the last reset or power-on. Page 9-6 The number of logical changes that has Displaying Basic System Information No. of Resets to the System. The number of times this switch has been reset since the last cold start. ♦ Note ♦ The info command will also display the number of MPXs, their location in chassis, and which one is the primary and which one is the secondary. In addition, it also displays whether automatic configuration synchronization is enabled. See Chapter 6, “Configuring Management Processor Modules,” for more information on redundant MPXs and automatic configuration synchronization. System Base MAC Address. Number of Free Slots. Action on Cold Start. Action on Reset. The base MAC address for the primary MPX in chassis. The number of slots not occupied by a module. The action taken when you switch the power on. The action taken when you reboot. Script File. The name of the command file (mpx.cmd is the default) containing user-configurable commands. Boot File. The boot file (mpx.img is the default) used by the switch when it boots up or reboots. Ni Image Suffix. The name of the file extension (img is the default) indicating that the file is an executable binary file. See Chapter 6, “Configuring Management Processor Modules,” to change this suffix. Page 9-7 Setting the System Date and Time Setting the System Date and Time The dt command allows you to set the local date, time, and time zone. Additionally, you can set the system clock to run on Universal Time Coordinate (UTC or GMT). If applicable, you can also configure Daylight Savings Time (DST) parameters. To view or make changes to date, time, time zone, and DST for the switch, enter dt at the System prompt. This command displays a screen similar to the following: Modify Date and Time Configuration 1) Local time 2) Local date 3) Timezone (-13 . . 12, name) 4) Daylight Savings Time active {Item=Value/?/Help/Quit/Redraw/Save} : 1:45:41 :01/15/01 : MST UTC-7 hrs : DisabledCommand (Redraw) : To use the dt command, you must have UI write privileges. Enter the line number for the variable that you would like to change, an equal sign (= ), and then the new value for the variable. For example, to set a new date, you would enter: 2=4/20/99 After you have made changes, enter save to save your changes and to exit the dt menu. If you do not wish to make any changes, enter quit at the system prompt. The following sections describe the variables on this screen. 1) Local time Indicates the current and local time. To set the time, enter the line number for Local Time (1) followed by the new time. The time format is as follows: HH:MM:SS where HH is the hour to be set based on a 24 hour (military) clock, MM is the minutes to be set, and SS is the seconds to be set. For example, if you wanted to set the time to 3:15 p.m., you would enter: 1=15:15:00 2) Local date The current and local date. To set the date, enter the line number for Local Date (2) followed by the new date. The date format is as follows: MM/DD/YY where MM is the month to be set, DD is the day to be set, and YY is the last two digits of the year to be set. Remember to include a slash (/) between the month and the day and between the day and the year. For example, if you wanted to set the date to January 15, 2001, you would enter: 2=01/15/01 Page 9-8 Setting the System Date and Time 3) Timezone This parameter specifies the time zone for the switch and sets the system clock to run on UTC time (or Greenwich Mean Time). Additionally, if Daylight Savings Time is enabled (see option 4 below), the clock automatically sets up default DST parameters (if applicable) for the local time zone. The local time remains active for all User Interface commands and other subsystems that require the local time. To set the time zone for the switch, you may use one of two methods: a. Enter the line number for Timezone (3) followed by the hour(s) offset from UTC. This can be a number from -13 to +12. The number you enter will set the system clock x hours from the local time. For example, if the local time, 1:45:00, is seven hours behind UTC time, you would enter: 3=-7 This specification sets the UTC time to 8:45:00, seven hours ahead of the local time, 1:45:00. b. Enter the line number for Timezone (3) followed by the time zone name. There is a limited number of time zone names available. For example, if the local time zone name is Mountain Standard Time (MST), you would enter: 3=MST This specification automatically sets the switch to -7 hours, the number of hours MST is offset from UTC. Daylight Savings Time. The software will automatically configure DST values for a specified time zone. However, the user can manually modify DST values. Non-integer Offsets. Non-integer offsets are acceptable for Timezone. Some parts of the world are offset from UTC by increments of 15, 30, or 45 minutes. India, for example, is offset from UTC by 5 hours and 30 minutes. If you wanted to enter the time zone offset for India, for example, you would type the line number for Timezone (3), followed by the non-integer hour offset in the HH:MM format, as follows: 3=05:30 where the value of 05:30 is five hours and thirty minutes offset from UTC. ♦ Note ♦ The switch automatically enables UTC. However, if you do not want your system clock to run on UTC, simply enter the offset +0 for the Timezone parameter. This sets UTC to run on local time. The table on the following page lists the options available for Timezone names: Page 9-9 Setting the System Date and Time Timezone and DST Parameters Abbr. Name Hours from UTC DST Start DST End DST Change NZST New Zealand +12:00 1st Sunday in Oct. at 2:00 a.m. 3rd Sunday in March at 3:00 a.m. 1:00 ZP11 No standard name +11:00 No default No default No default AEST Australia East +10:00 Last Sunday in Oct. at 2:00 a.m. Last Sunday in March at 3:00 a.m. 1:00 GST Guam +10:00 No default No default No default ACST Australia Central Time +9:30 Last Sunday in Oct. at 2:00 a.m. Last Sunday in March at 3:00 a.m. 1:00 JST Japan +9:00 No default No default No default KST Korea +9:00 No default No default No default AWST Australia West Time +8:00 No default No default No default ZP8 China, Manila, Philippines +8:00 No default No default No default ZP7 Bangkok +7:00 No default No default No default ZP6 No standard name +6:00 No default No default No default ZP5 No standard name +5:00 No default No default No default ZP4 No standard name +4:00 No default No default No default MSK Moscow +3:00 Last Sunday in March at 2:00 a.m. Last Sunday in Oct. at 3:00 a.m. 1:00 EET Eastern Europe +2:00 Last Sunday in March at 2:00 a.m. Last Sunday in Oct. at 3:00 a.m. 1:00 CET Central Europe +1:00 Last Sunday in March at 2:00 a.m. Last Sunday in Oct. at 3:00 a.m. 1:00 MET Middle European Time +1:00 Last Sunday in March at 2:00 a.m. Last Sunday in Oct. at 3:00 a.m. 1:00 BST British Standard Time +0:00 Last Sunday in March at 1:00 a.m. Last Sunday in Oct. at 3:00 a.m. 1:00 WET Western Europe +0:00 Last Sunday in March at 1:00 a.m. Last Sunday in Oct. at 3:00 a.m. 1:00 Page 9-10 Setting the System Date and Time Timezone and DST Parameters Con’t Abbr. Name Hours from UTC DST Start DST End DST Change GMT Greenwich Mean Time +0:00 No default No default No default WAT West Africa -1:00 No default No default No default ZM2 No standard name -2:00 No default No default No default ZM3 No standard name -3:00 No default No default No default NST Newfoundland -3:30 1st Sunday in April at 2:00 a.m. Last Sunday in Oct. at 2:00 a.m. 1:00 AST Atlantic Standard Time -4:00 1st Sunday in April at 2:00 a.m. Last Sunday in Oct. at 2:00 a.m. 1:00 EST Eastern Standard Time -5:00 1st Sunday in April at 2:00 a.m. Last Sunday in Oct. at 2:00 a.m. 1:00 CST Central Standard Time -6:00 1st Sunday in April at 2:00 a.m. Last Sunday in Oct. at 2:00 a.m. 1:00 MST Mountain Standard Time -7:00 1st Sunday in April at 2:00 a.m. Last Sunday in Oct. at 2:00 a.m. 1:00 PST Pacific Standard Time -8:00 1st Sunday in April at 2:00 a.m. Last Sunday in Oct. at 2:00 a.m. 1:00 AKST Alaska -9:00 1st Sunday in April at 2:00 a.m. Last Sunday in Oct. at 2:00 a.m. 1:00 HST Hawaii -10:00 No default No default No default ZM11 No standard name -11:00 No default No default No default Page 9-11 Setting the System Date and Time 4) Daylight Savings Time active Enables and disables DST (Daylight Savings Time). To enable DST, enter: 4=Enable To disable DST, enter: 4=Disable If DST is disabled, options 41-49 will not be displayed. 41) DST Start Month Indicates which month of the year DST starts. To set the month when DST should start, enter the sequential number of the month (January=1, February=2, . . . December=12). For example, if you want DST to begin in April, you would enter the line number for DST Start Month (41) and the month, as follows: 41=4 42) DST Start Week Indicates which week in a month DST starts. To set the week DST should start, enter the sequential number of the week. The possible values are 1st (1), 2nd (2), 3rd (3), 4th (4), and Last. For example, if you want DST to start on the 3rd Tuesday of a month, you would enter the line number for DST Start Week (42) and the week, as follows: 42=3 43) DST Start Day Indicates which day of the week DST starts. To set the day DST should start, enter the sequential number of the day (Sunday=1, Monday=2, . . . Saturday=7). For example, if you want DST to begin on Friday, you would enter the line number for DST Start Day (43) and the day, as follows: 43=6 44) DST Start Time Indicates what time of day (in local time) DST starts. To set the time DST should start, enter the time in the form HH:MM, where HH is the clock hours of a 24 hour (military) clock and MM is the clock minutes that DST should start. For example, if you want DST to start at 1:00 a.m., you would enter the line number for DST Start Time (44) and the time, as follows: 44=1:00 45) DST End Month Indicates which month of the year DST ends. To set the month DST should end, enter the sequential number of the month (January=1, February=2, . . . December=12). For example, if you want DST to end in April, you would enter the line number for DST End Month (45) and the month, as follows: 45=4 Page 9-12 Setting the System Date and Time 46) DST End Week Indicates which week in a month DST ends. To set the week DST should end, enter the sequential number of the week. The possible values are 1st (1), 2nd (2), 3rd (3), 4th (4), and Last. For example, if you want DST to end on the last Tuesday of a month, you would enter the line number for DST End Week (46) and the week, as follows: 46=Last 47) DST End Day Indicates which day of the week DST ends. To set the day DST should end, enter the sequential number of the day (Sunday=1, Monday=2, . . . Saturday=7). For example, if you want DST to end on Wednesday, you would enter the line number for DST End Day (47) and the day, as follows: 47=4 48) DST End Time Indicates what time of day (in local time) DST ends. To set the time DST should end, enter the time in the form of HH:MM, where HH is the clock hours of a 24 hour (military) clock and MM is the clock minutes that DST should end. For example, if you want DST to end at 2:00 a.m., you would enter the line number for DST End Time (48) and the time, as follows: 48=2:00 49) DST Offset Indicates the amount of time to change the local time when DST changes. To set how much time DST should change, enter the change in the form of HH:MM, where HH is the clock hours and MM is the clock minutes that DST should change. For example, if you want the local time to move 1 hour when DST changes, you would enter the line number for DST Offset and the hour, as follows: 49=1:00 Page 9-13 Viewing Slot Data Viewing Slot Data You can view slot table information by entering the slot command. To view information on a particular slot, enter the slot command together with the slot number. For example, to view information for slot 1, enter slot 1 at the system prompt. You can also view information on all slots in the switch at the same time in a table. To view data, for all slots in the switch, enter slot at the system prompt. A table similar to the following will be displayed. Slot ------1* Module-Type Adm-Status HW Board Mfg Firmware-Version Part-Number Oper-Status Rev Serial # Date Base-MAC-Address ---------------------------------------------------------------------------------------------------------------------------MPM Enabled L3 52601675 01/05/01 4.305002600 Operational 00:20:da:04:21:f0 2 HSM 2-1 FDDI 3 HSM 3-1 ATM 4 Ether/8 5 F-Ether/M Enabled Enabled B11 53404264 01/19/01 4.3 05003106 Operational 00:20:da:02:28:60 D 53404104 01/24/01 05003706 L 53404645 01/21/01 4.3 05003106 Operational 00:20:da:04:87:30 B 53404116 01/11/01 05004400 Enabled D 53404229 01/07/01 4.3 05000014 Operational 00:20:da:03:09:90 Enabled A5 73250839 01/07/01 4.3 05015906 Operational 00:20:da:85:40:50 Enabled The fields display by the slot command are described below. Slot. The slot number for the MPX or switching module. Module-Type. The type of module in this slot. Part-Number. The factory-assigned part number. Adm-Status. The administration status. This can be enabled or disabled by the operator through the reset command, which is described in Chapter 36, “Running Hardware Diagnostics.” Oper-Status. The operational status. Whether the port is Up (Operational), Down, or Unknown. (Unknown means uninitialized or that the module is in a transitional state.) HW Rev. The revision number for this module. This number may be helpful when troubleshooting. Board Serial #. Mfg Date. Serial number for this module. The manufacturing date for this module. Firmware-Version. The version of the module’s firmware. All modules should use the same version of software. Base-MAC-Address. Page 9-14 The base MAC address(es) of this module. Viewing System Statistics Viewing System Statistics The systat command displays statistics related to system, power, and environment. To view these parameters, enter systat at the system prompt. A screen similar to the following will be displayed. System Uptime MPM Transmit Overruns MPM Receive Overruns MPM total memory MPM free memory MPM CPU Utilization ( 5 sec) MPM CPU Utilization ( 60 sec) Power Supply 1 State Power Supply 2 State Temperature Sensor 1 days, 12:09:22.64 :0 : 22 : 16 MB : 6522536 bytes : 5% ( 0% intr 0% kernel 3% task 95% idle) : 5% ( 0% intr 0% kernel 3% task 96% idle) : OK : Not Present : OK - Under Threshold Temperature Temperature Alarm Masking : 37:00c 98.60f : Disabled The fields displayed by the systat command are described below. System Uptime. The time since the last boot that the system has been running, displayed in days, hours, minutes, and seconds (to the nearest hundredth). MPM Transmit Overruns. The number of times a VSE transmit buffer could not be allocated by a task on the MPX. MPM Receive Overruns. The number of times packets were dropped because the bus had more packets to deliver than the MPX could handle. This is a “receive overrun” condition which can happen when a storm occurs or when the switch is first powered up and many unknown MAC frames are being forwarded to the MPX. MPM total memory. The amount of total memory installed on the MPX. MPM Free Memory. The amount of free, or unused, memory available in the MPX. This data is also displayed by the memstat command, which is described in Viewing MPX Memory Statistics on page 9-20. MPM CPU Utilization (5 seconds). The amount of time, by percent, the MPX processor actually worked during the last 5 seconds. MPM CPU Utilization (60 sec). The amount of time, by percent, that the MPX processor actually did work during the last minute. Power Supply 1 State. Valid states are OK, Not Present, and Bad. A power supply that has been turned off will be in the Bad state. If not installed, it will be in the Not Present state. Power Supply 2 State. Valid states are OK, Not Present, and Bad. A power supply that has been turned off will be in the Bad state. If not installed, it will be in the Not Present state. Temperature Sensor. Indicates whether the MPX temperature sensor detects overheating. Valid states are Under Threshold, Over Threshold, and Not Present. Temperature. Indicates the switch temperature Celsius and Fahrenheit. Temperature Alarm Masking. Indicates whether temperature alarm masking is Enabled or Disabled. You enable masking through the maskta command, which is described in Chapter 36, “Running Hardware Diagnostics.” Page 9-15 Clearing System Statistics Clearing System Statistics You may want to clear statistics for a specific module, port or service for dialogistic or accounting purposes. To clear switch statistics enter clearstat at the system prompt. A screen similar to the following will display. Usage: clearstat slot [,port] [,service] [,instance] As indicated in the prompt, you can clear all statistics from a module by entering the slot number as shown here: clearstat 3 This entry will clear all statistics for the module located in slot 3. If you want to clear statistics for a specific port, service or instance, enter the clearstat command followed by the appropriate numbers. You must use a comma (,) to separate the slot number from the port, service and instance numbers. The following command will clear all statistics for port 1 of the module located in slot 3. clearstat 3,1 ♦ Caution♦ When the clearstat command is used, no notification is sent to the SNMP manager about the cleared statistics. Use of this command can cause unpredictable results with your NMS statistics. Page 9-16 Viewing Task Utilization Statistics Viewing Task Utilization Statistics The taskstat command displays the task utilization statistics of the switch. To display the task utilization statistics, enter taskstat <task-number> <sample-period> at the system prompt. The <task-number> is an optional number of tasks and the <sample-period> is an optional sample period of 1 to 60 seconds. You must enter the <task-number> if you want to enter the <sample-period>. The default number for <task-number> is 5 and the default sample period for <sample-period> is 5 seconds. To display the task utilizations statistics for 10 tasks over a 20-second period, for example, enter taskstat 10 20 at the system prompt. A screen similar to the following will display. Task Name ----------------tUi_shellt0 tCMProber tUi_shellC tSnmp_agent tNetTask tTelnetOut0 tif_vbInput vseReceive tTelnetIn0 bslMgr Utilization (20 secs) -----------------------------0.76% 0.70% 0.60% 0.34% 0.32% 0.19% 0.19% 0.11% 0.08% 0.07% All Other Tasks: ------------------------------Total Task Utilization: 0.68% 4.04% The taskstat command displays the tasks in descending order in terms of the switch’s CPU utilization. You may use the taskstat 0 command if you want to list utilization statistics for all the tasks executed by the switch. The taskshow command displays a table listing all tasks and their priority, status and memory allocation. A partial table is shown here. NAME ENTRY TID PRI STATUS PC SP ERRNO DELAY -----------------------------------------------------------------------------------------------------------------------------------------tExcTask _excTask 499f7f20 0 PEND 4892067c 499f7d38 9 0 tLogTask _logTask 499f5598 0 PEND 4892067c 499f53b0 0 0 tCMWatcher _cmWatchdogK 4999f108 0 DELAY 4893c028 4999efb8 0 5 tHelperTask _exc2Task 499fc018 2 PEND 4892067c 499fbe30 0 0 tAscSTimer _ascSessTime 49a53498 10 DELAY 4893c028 49a53348 0 170 bpeMgr _bpm_initial 46037630 20 PEND 4892a41c 46037430 3d0002 0 ipxTimer _ipxTimerTas 49a83168 49 DELAY 4893c028 49a83010 0 26 ipxGapper _ipxGapperTa 49a7cdc0 49 PEND 4892067c 49a7cb70 0 0 tNetTask _netTask 499eee40 50 PEND 4892a0a4 499eec68 0 0 ipx _ipxMain 49fe0350 50 PEND 4892a41c 49fe0168 3d0002 0 The fields displayed by the taskshow command are described below. NAME. Name of the task whose statistics are being shown. ENTRY. TID. Shows the routines that are currently being executed by the specified task. Address of the task listed in this row. Page 9-17 Viewing Task Utilization Statistics PRI. Priority of the specified task. STATUS. Current status of the specified task. PC. Program Counter. The program counter identifies the routing code as it enters the stack. SP. Stack pointer. The stack pointer points to the code being loaded when the status is taken. ERRNO. DELAY. Page 9-18 Error number indicator. The time elapsed between task routines. Viewing Memory Utilization Viewing Memory Utilization The leak monitor diagnostic utility is used to display information about memory utilization. This utility requires the use of three UI commands: leakstart, leakstop and leakdumpall. ♦ Note♦ You may want to log this operation to a text file to make it easier to view the data. To start the utility, enter leakstart at the system prompt. This command starts a leak monitor daemon that gathers memory information in the background until you stop it by using the leakstop command. The leakstop command stops the leak monitor daemon from recording data and preserves the data already recorded. To view the memory utilization information enter the following command leakdumpall at the system prompt. This command dumps all memory recorded by the leak daemon. A screen similar to the following will display. Outstanding Memory - at TUE Task ID ======== 49a69a58 49559bb8 49559bb8 49559bb8 APRI 24 Name Functi 1 Functi 2 ======= ======== ======== tUi_she 484fe4do 484f1284 t_AtmMg 49db6e90 49d6a780 t_AtmMg 49db6e90 49d4be4c tUi_she 49db6e90 49d9cce4 19:00:29 Functi 3 ======== 484ffbc8 49d4c3bd 49d8639c 49d9c910 Address ======= 4800ef28 4800ef88 4800efb8 4800f050 2001 Len Time === ====================== 9 TUE APR 24 18:06:4 7 2001 16 TUE APR 24 18:06:4 6 2001 64 TUE APR 24 18:06:4 6 2001 4 TUE APR 24 18:06:4 6 2001 End of memory report. The length of the display shown will vary depending on the length of time between use of the leakmon command and the leakstop command. The fields displayed by the leakdumpall command are described below. Task ID. Name. The address of the task that is allocating the block of memory. Name of the task that is allocating the block of memory. Functi 1, 2, 3. These three columns indicate functions entered above the malloc package. Function 1 is the function that called malloc. Function 2 is the function that called Function 1. Function 3 is the function that called Function 2. Address. Length. Time. The starting address space for the memory that was allocated. The length of the block requested on the alloc( ) call The timestamp taken when the alloc call occurred. Page 9-19 Viewing MPX Memory Statistics Viewing MPX Memory Statistics The memstat command displays the MPX’s memory statistics. The statistics will tell you how memory is currently being used and help determine if memory problems exist, such as memory exhaustion. To view the MPX’s memory statistics, enter memstat at the system prompt. A screen similar to the following will be displayed. Summary of Memory Usage status bytes -----------------current free 4761672 alloc 6429088 cumulative alloc 24942880 MPM total memory blocks ----------- avg block --------------- max block ---------------- 64 9114 74401 705 4719704 - 148235 168 - : 16MB The fields displayed by the memstat command are described below. status. The statistics appear in two groups: current and cumulative. The current status shows free and allocated memory. The cumulative status shows only allocated memory. Cumulative memory is the total amount of memory that has been allocated since the switch was started up. This value increases each time a memory allocation takes place. It can never decrease. bytes. The number of bytes for free and allocated memory. blocks. Block size is dynamic and depends upon memory usage and the amount of fragmen- tation. avg block. The average block indicates the average size of all the memory blocks. max block. The maximum block indicates the largest free memory block available. When this value drops to around 10K it usually indicates that the free memory is highly fragmented and probably near exhaustion. MPM total memory. Page 9-20 The total number of megabytes available in the MPX’s memory. Checking the Flash File System Checking the Flash File System The fsck command performs a file system check of flash memory, which consists of the flash file system. Image files are stored in flash memory and loaded into system memory when the switch boots up. It also provides diagnostics in the case of file corruption. To perform a file system check of flash memory, enter fsck at the system prompt. A screen similar to the following will be displayed. Your bootroms support Flash File System Version 2 and greater. Out of 16 file descriptors in use, 0 of these are opened on the /flash device. Performing a file system check using manual mode. If a file is encountered with a potential problem, you may wish to consider preserving it for technical support analysis... Flash file system check in progress... Checking root file system... OK Performing file consistency check... Done. There doesn't appear to be a system problem related to the Flash File system or kernel file system data structures. If you are experiencing problems with the flash file system, perhaps try using the "info", "systat", or "memstat" commands. They may indicate some other condition (such as low memory) which could prohibit correct operation of the file system. If the fsck command finds a problem with the flash file system, a message will be displayed detailing the problems found and/or actions taken to correct those problems. Checking the SIMM Files Each logical file system (/flash and /simm) must be checked independently. If you have installed the 32 or 56 Mb SIMM upgrade and you want to check the SIMM’s memory, enter cd /simm at the system prompt before you execute the fsck command. Page 9-21 Creating a New File System Creating a New File System The newfs command removes a complete flash file system and all files within it. It then creates a new flash file system, which is empty. You can use this command when you want to reload all files in the file system from a readily-accessible backup device or in the unlikely event that the flash file system becomes corrupted. ♦ Important Note♦ Before you execute the newfs command you should preserve your configuration file by saving it to another host. To re-initialize the flash memory, enter newfs at the system prompt. The following screen will display. You are about to destroy all files on file system /flash. If you are experiencing problems with the flash file system, you might want to use the "fsck" command to help determine where problems may exist. Are you absolutely sure you want to strip the current file system and create a new one? (n) Enter y to re-initialize the flash memory or n to cancel (the default is n). If you enter y, you will have to load new software into the switch. ♦ Warning ♦ Do not power-down the switch after running the newfs command until you reload your image and configuration files. If you do, you will have to reload the image files at the boot monitor prompt using the serial interface (e.g., ZMODEM), which can take several minutes. You can then download new files via FTP or ZMODEM. Creating a SIMM File System If you have installed the 32 or 56 Mb SIMM upgrade and you want to create a new file system in the SIMM’s memory, enter cd /simm at the system prompt before you execute the newfs command. Page 9-22 Configuring System Information Configuring System Information You can enter or modify a description of a switch, its location, and a contact person. Although this information is not required, you may find it helpful in managing the switch. To enter or modify the switch descriptions, perform the following steps. 1. At the system prompt, enter syscfg The current system information will appear with a prompt asking if you want to change any of the information; for example: System Contact System Name System Location System Description Duplicate MAC Aging Timer Change any of the above {Y/N}? (N) : : Usenet : Testnet4 : Calabasas : Marketing_testnet : 0 (not configured) If you enter n, the syscfg command will exit and no changes will made (the default is n). If you enter y, the current system information will be displayed line by line. To keep the current value (shown in brackets) for a line, press <Enter> . To change a value, enter the new value and press <Enter> . ♦ Important Note ♦ Except for the Duplicate MAC Aging Timer field, all changes you make take place immediately. If you entered y, something similar to the following will be displayed. System Contact (Usenet) : 2. Enter the new system contact or just press <Enter> to accept the default. A screen similar to the following will be displayed. System Name (no_name) : 3. Enter the new system name or just press <Enter> to accept the default. A screen similar to the following will be displayed. System Location (Unset) : 4. Enter the new system location or just press <Enter> to accept the default. A screen similar to the following will be displayed. System Description (DESCRIPTION NOT SET.) : 5. Enter the new system description or just press <Enter> to accept the default. A screen similar to the following will be displayed. Duplicate Mac Aging Timer : The Duplicate MAC Aging Timer indicates the time, in seconds, duplicate MACs remain in CAM if there is no traffic from those MACs. After this time, inactive MACs will age out of the CAM. You must reset the switch before this parameter takes effect. Duplicate MAC addresses will display as normal MAC addresses in other software commands, such as fwt and macinfo. See Duplicate MAC Address Support on page 9-30 for further discussion. 6. Enter a new duplicate MAC aging timer value (the valid range is from 10 to 1000000) or just press <Enter> to accept the default. Page 9-23 Viewing CAM Information Viewing CAM Information The camstat command displays information and usage about the content addressable memory (CAM) on each switching module in the chassis. To view this CAM information, enter camstat at the system prompt. Something similar to the following will be displayed. Slot -----MPM 2 3 4 5 # of CAMs --------------1 4 (2 + 2) 1 (1 + 0) 1 (1 + 0) 4 (2 + 2) Cfg Usage ---------------------NA 0 0 0 0 Max Avail --------------------NA 3966 1008 1004 4093 Actual Usage ----------------------NA 0 0 0 0 The fields displayed by the camstat command are described below. Slot. The slot number of the switching module for which CAM information is provided. # of CAMs. The number of CAM chips installed on the switching module. Cfg Usage. The number of CAM entries this module is configured to support. By default a module will use the maximum amount of entries supported by on-board CAM. However, you can alter this default through the camcfg command (described in Configuring CAM Distribution on page 9-25) to make the most efficient use of the CAM distributed among all switching modules in the chassis. Up to 31.25 K of CAM is supported over all modules in an Omni Switch/Router. Max Avail. The number of CAM entries available. This number will be less than the number of CAM entries configured because some entries will be used by learned MAC addresses (shown in the Actual Usage column) and others are used internally by the OmniSwitch. Actual Usage. The number of MAC addresses learned by the module in this slot. ♦ Note ♦ For CAM statistics for an entire chassis, use the hdstat command, which is described in Chapter 11, “Health Statistics.” Page 9-24 Configuring CAM Distribution Configuring CAM Distribution CAM (Content Addressable Memory) on switching modules is used to look up the MAC address of endstations attached to the modules. You can use the camstat command to display each module’s CAM usage. See Viewing CAM Information on page 9-24 for more information on the camstat command. The Omni Switch/Router supports approximately 31.25 K of usable CAM among all the switching modules in a chassis. (A small amount of CAM memory is reserved by the Omni Switch/Router for its processing.) When each switching module in a 9-slot chassis has 1 K of CAM, the 31.25 K limitation is not reached since only 8 K (assuming 8 switching modules) is used. However, when some switching modules use 4 K or 8 K of CAM the 31.25 K limitation could be reached quickly. For example, if all the switching modules in a fully-loaded 9-slot chassis have 4 K CAMs you would exceed the 31.25 K limit. In this configuration, the Omni Switch/Router would subtract 256 K of available CAM memory from the first switching module to initialize and 512 K of available CAM memory from the last switching module to initialize. If you need to configure CAM usage use the camcfg command, which is described below. ♦ Important Note ♦ If you use a configuration file (e.g., mpm.cfg) from an OmniSwitch on an Omni Switch/Router, any CAM configuration settings will be ignored. The camcfg command allows you to individually allocate CAM space to switching modules. This command configures the maximum entries a switching module may use, freeing up overall CAM space in the chassis so that some modules can use more of their on-board CAM. Follow these two additional rules: • The CAM memory size for a switching module must be configured to at least one-half of the total memory available on the switching module. For example, if your switching module has 2 K of CAM memory, you must allocate at least 1 K of CAM to that switching module. • The amount of CAM memory allocated for a switching module must be a whole-number multiple of 1024 (e.g., 1024, 2048, etc.). Follow these steps to configure the number of CAM entries used by a switching module: 1. Enter camcfg followed by the slot number for the module that you want to configure. You can configure the CAM on switching modules only, not on the MPX. For example, to configure CAM for the module in slot 3, enter camcfg 3 2. The system displays a prompt asking for the number of CAM entries to use for this module. Enter maximum number of CAM entries for slot 3 (1024): Enter the number of CAM entries to use for this module. The current value is listed in parentheses. The value you enter must be equal to or less than the total number of entries available on board this module. For example, you could not configure 2048 entries for a switching module with only 1K of CAM. Page 9-25 Configuring CAM Distribution A message similar to the following will display: Slot 3 Configured to learn 256 MACs will round up to 256 MACs This configuration will take effect only after system reboot 3. The new CAM configuration will take effect after you reboot the system. For this reason, you may want to configure the CAM for all modules in this system. Reboot the system and check the updated CAM configurations through the camstat command. Page 9-26 Configuring the HRE-X Router Port Configuring the HRE-X Router Port Various services in the switch use the HRE-X router port MAC registers. The registers are allocated as the services are loaded at startup. The hrex submenu contains five commands for use with the Hardware Routing Engines (HREs). The hrexassign command allows you to configure the switch so that registers are reserved for particular services. The hrexdisplay command allows you to view your current configuration. To display the hrex submenu, enter hrex at the system prompt. A screen similar to the following is displayed. Command HRE-X Management Menu --------------------------------------------------------------------------------------------------------------hrexassign Assign an HRE-X router port MAC register to a service hrexdisplay Display HRE-X router port MAC register assignments hrexutil Display HRE-X Pseudo CAM and cache utilization hrexhashopt Optimize HRE-X Pseudo CAM hash function for current data hrexhashdflt Restore default HRE-X Pseudo CAM hash function To view the current HRE-X configuration enter hrexdisplay at the system prompt. A screen similar to the following is displayed. Reg -----1 2 3 Configured ---------------Any Any Any Actual ----------------Routing Unused Unused The fields displayed by the hrexdisplay command are described below: Reg. The number of the MAC registers. Configured. Actual. The service type assigned to the register. The service that is actively using the register. To reserve a register for a particular service, you can assign the registers to the service. To assign the registers on the HRE-X router port, enter hrexassign at the system prompt. A screen similar to the following is displayed. hrexassign <register number> <service type> The <register number> is either 1, 2 or 3 referring to the MAC register. The <service type> parameter specifies the service configured to the registers. The service types are shown on the screen display are defined here. This register is not reserved to a particular service. any. routing. cip. This register is assigned to standard routing. This register is assigned to Classical IP m013. This register is assigned to Channelized DS-3 module (WSX-M013). mpoa. This register is assigned to Multiprotocol Over ATM vrrp. This register is assigned to Virtual Router Redundancy Protocol. Page 9-27 Configuring the HRE-X Router Port For example, to assign register 3 to the Classical IP service enter hrexassign 3 cip at the system prompt. A screen similar to the following is displayed. HRE-X RPM 3 configured for “CIP”; reboot to make effective. As indicated on the screen, the register assignment will not take effect until the switch is rebooted. If you use the hrexdisplay command after making a the register assignment shown in the above example, a screen similar to the following is displayed. Reg Configured Actual ------------------------------------1 Any Routing 2 Any Unused 3 CIP Routing Configuration changed since last reboot. This indicates that register 3 is assigned to the CIP service but is actually using the Routing service. Also, the message at the bottom of the table indicates that the HRE-X configuration has changed since the last reboot of the switch. After a reboot, the hrexdisplay command will display the following screen. Reg -----1 2 3 Page 9-28 Configured Actual -------------------------------Any Routing Any Unused Routing Routing Configuring the HRE-X Router Port Configuring and Displaying the HRE-X Hash Table The HRE-Xs use a hardware implemented hash table to route packets for transmission. The switch employs a default hash function that works well in a broad range of data environments. In rare cases, you may want to change the hash table configuration to optimize it for your particular data flow. This should be done with care because the data population will change over time. A hash function that works well for one set of data may not work as well for another. Also, note that optimizing the hash function will cause all of the current entries in the HRE-X to be cleared and then relearned; therefore, this should be done with extreme caution. Two HRE-X commands are used to optimize the hash function. They are the hrexutil and the hrexhashopt commands. The hrexutil command displays the current utilization of the hash table. To view the HRE-X Utilization table, enter hrexutil at the system prompt. A screen similar to the following is displayed. HRE-X Utilization ---------------Hash Collisions Cache Collision Length - Total: Total: Total: Max: 65536 131072 40960 3 Free: Free: Free: Avg: 65528 131069 40949 1 The fields displayed by the hrexutil command are described below: Hash. The number of entries in the hash table. Total. The total number of units available. Free. The number of units that are not yet used. Collisions. Cache. The number of entries that have hashed to the same index in the hash table. The number of modifications required to route a packet. Collision Length. The length of the longest (Max) collision list and the average length (Avg) of the collision lists. The hrexhashopt command causes the switch to compute an optimized hash function based on the data currently in the HRE-X. This function is saved in the configuration file so it will be present after a reboot. To use the hrexhashopt command, enter hrexhashopt at the system prompt. The screen does not display a confirmation message after this command. You can verify optimization by observing the changes in the HRE-X Utilization. After using hrexhashopt, the maximum and average collision lengths should be reduced as shown in the HRE-X Utilization table shown above. If they are not, you should consider returning to the default hash function by using the hrexhashdflt command. To use the hrexhashdflt command, enter hrexhashdflt at the system prompt. The screen does not display a confirmation message after this command. The hrexhashdflt command will return the hash function back to the default value. Page 9-29 Duplicate MAC Address Support Duplicate MAC Address Support When the switch sees the same MAC address sending traffic on a different switch port (a Duplicate MAC Address), it assumes the original network device moved. The switch sends a trap notifying network management of this station move event. It sends one trap for a device move within the same Group and another trap for a device move outside of the home Group. A station move trap is normally sent after an actual station move. However, certain network configurations assign the same MAC address to different network devices (physical and virtual) as standard practice. In these situations, the duplicate MAC address appears as a station move when it is really a normal occurrence in these network configurations. These network configurations that use the same MAC address for different devices include: • LAN Emulation under Cisco routers. Cisco routers use the same MAC address for each LAN Emulation Client (LEC). In LAN Emulation, each ELAN needs to be treated as a separate LAN and should therefore have a separate MAC address. • IBM Front End Processor (FEP). Many IBM FEPs use the same MAC address assigned to the connecting devices for the purpose of redundancy. • DECnet networks. The DECnet protocol assigns the special MAC address, AA000400XXYY (XXYY is an internal protocol ID) to each DECnet station or routing device regardless of the number of physical interfaces. Initially, duplicate MAC addresses in these special situations may be no more of a problem than extra traps being sent for an event (station move) that did not really happen. However, when a large number of these network devices send the same MAC address out the same port, flooding can occur and the switch will eventually shut the port down. To prevent a port from being shut down, the switch needs some way of knowing the duplicate MAC addresses originating from the port are not an error condition. The switch will treat duplicate MAC addresses as separate addresses as long as they are learned from a different Group as the original MAC. Each duplicate MAC address will use one entry in the CAM. Up to 32 duplications of the same MAC address are supported. Duplicate MAC addresses learned from virtual ports within the same Group are treated as station moves and will generate corresponding traps. If the MAC address moves from one VLAN to another VLAN within the same Group, the switch will not treat the MAC addresses as separate. Page 9-30 Duplicate MAC Address Support If your network supports duplicate MAC addresses, there may be a significant performance impact due to the following reasons: • A MAC address is usually stored only in the CAM of the switching module where its destination address is located. If duplicate MAC addresses are treated as separate addresses, then the same MAC address may have to be stored in the CAM of multiple switching modules, not just the module that originally learned the address. • Every duplicate MAC address becomes a CAM table entry, so there will be less room in the CAM for other entries to be learned. Since up to 32 duplications of a single MAC address are possible, this CAM can become crowded with these duplicate entries. You can reduce the impact of a crowded CAM by configuring the Duplicate MAC Aging Timer in the syscfg command, which is described in Configuring System Information on page 923. This timer allows you to age out Duplicate MAC CAM entries from devices that are inactive for the time period you specify. • Extra search time will be required for each lookup of the same MAC address since it is treated as a separate entry in the CAM. In addition to these performance impacts, you will lose the tracking of legitimate station moves. No traps will be sent for Duplicate MAC addresses that appear in different Groups. Page 9-31 Multicast Claiming Multicast Claiming Multicast claiming can be enabled for networks with heavy multicast traffic. When enabled, multicast claiming frees the MPX from processing multicast packets by off-loading this traffic to the switching modules. When multicast claiming is enabled, the switch “claims” destination multicast addresses and places them in the CAMs of all switching modules in the switch. You can enable multicast claiming by adding the following line to the mpx.cmd file: bslLearnMcPkt=1 You can use the edit command to make this change. (See Chapter 7, “Managing Files,” for instructions on using the edit command.) You will need to reboot the switch for this parameter to take effect. Multicast claiming can later be disabled by changing the setting for this parameter to zero (0), as follows: bslLearnMcPkt=0 An alternative method for managing multicast traffic is through the use of Multicast VLANs. See Chapter 27, “Managing AutoTracker” and Chapter 28, “Managing Multicast VLANs” for further information. Disabling Flood Limits Two UI commands are available for controlling flood limits for individual ports and Groups. The modvp command (described in Chapter 24, “Managing Groups and Ports”) allows you to control the flood limits for a specific port. The flc command (described in Chapter 22, “Configuring Bridging Parameters”) allows you to configure flood limits for all ports in a group. You can also disable flood limits on a switch-wide basis by adding the following line to the mpx.cmd file: disableFloodLimiting=1 You can use the edit command to make this change. See Chapter 11, “Managing Files,” for instructions on using the edit command. You will need to reboot the switch for this parameter to take effect. Page 9-32 Saving Configurations Saving Configurations Under normal conditions, configurations you make using the UI are written into cache and automatically saved into the switch’s flash memory. In this case, it is not necessary to issue a special command to save your configurations. When you use the UI to enter multiple configurations, periodically the switch will display the following message. File system compaction in progress . . . This message indicates that the switch is compacting data in the cache buffer before writing it into the mpm.cnf file. This message normally disappears after a few seconds. ♦ Warning ♦ It is highly recommended that you use the default setting and allow the switch’s save function to operate automatically. You can change the switch’s save function so that the cache is not saved automatically by executing the cacheconfig command. To turn off the switch’s automatic save function, enter cacheconfig on at the system prompt. The following message will display. Cache Configuration is now on ♦ Warning ♦ Any configurations you enter before executing the saveconfig command will not be saved in case of system failure or reboot. Once cacheconfig is implemented, you must use the saveconfig command to manually synchronize your configurations into flash memory. When you execute the saveconfig command at the system prompt, the following message will display. File system compaction in progress . . . The UI does not indicate when the cacheconfig function is in operation. However, if you attempt a reboot the following message will display if you are in the cache configuration mode. !!!Warning!!! You are in the cache configuration mode. Please enter ‘n’/’N’ to the following confirm prompt. Then enter the UI command “saveconfig”, or enter the CLI command “dump configuration cache” to save the current configuration to mpm.cnf in the flash. Otherwise, all/some your configuration changes will be lost! Confirm? (n) : This message gives you the opportunity to execute the saveconfig command prior to the reboot. Page 9-33 Saving Configurations To determine whether you are in the cache configuration mode, enter the cacheconfig command. If cache config is operational the following message will display one of the following messages. Cache Configuration is currently on. or Cache Configuration is currently off. To turn off the cache configuration mode, enter the following command at the system prompt. cacheconfig off The following message will display. File system compaction in progress . . . Cache Configuration is now off Page 9-34 10 Switch Logging Logging Overview Whether you are troubleshooting, configuring, or simply monitoring the switch, you may find it useful to view a history of various switch activities. The Logging submenu contains a list of commands for viewing and configuring logging on the system. To enter the logging submenu, enter logging at the system prompt. Enter a question mark (?) and then press <Enter> to display the following list of commands: Command syslog swlogc cmdlog conlog caplog debuglog seclog Logging Menu Change the syslog parameters (not part of Switch Logging feature). Configure Switch Logging source/destination mapping and priority levels. Show UI Command entries in the mpm.log file Show Connection entries (logins/logouts) entries in the mpm.log file Show Screen Capture entries in the mpm.log file. Show Debug message entries in the mpm.log file Display Secure Access log file entries. Commands in the submenu are described here. System Log Messages The syslog command is used to configure how system log messages, like diagnostic and error messages, are handled on the switch. See Configuring the Syslog Parameters on page 10-2. Switch Logging Parameters The swlogc and remaining commands in the submenu are part of the Switch Logging feature, which is a separate logging mechanism. The swlogc command is used for configuring the logging parameters of various switch activities such as FTP and Telnet, and is described in Configuring Switch Logging on page 10-6. The other commands listed in the submenu above are support commands for Switch Logging. • cmdlog command—displays the UI command entries in the mpm.log file, which is one of the possible destinations for Switch Logging data. See Displaying the Command History Entries in the MPM Log on page 10-9. • conlog command—displays the connection entries in the mpm.log file. See Displaying the Connection Entries in the MPM Log on page 10-10. • caplog command—displays the screen capture entries in the mpm.log file. See Displaying Screen (Console) Capture Entries in the MPM Log on page 10-11. • debuglog command—shows the debug entries in the mpm.log file. See Displaying Debug Entries in the MPM Log on page 10-13. • seclog command—shows the Secure Access violation event entries in the mpm.log file. See Displaying Secure Access Entries in the MPM Log on page 10-13. Page 10-1 Configuring the Syslog Parameters Configuring the Syslog Parameters Syslog messages are messages generated by individual processes in the switch. These messages contain information for conditions that range from debugging to emergency error conditions. The syslog command allows you to control how these messages will be handled. You can designate what kinds of messages you will see and where the messages will be sent. This syslog implementation is compatible with the standard BSD UNIX implementation for syslog services. To see the current syslog configuration, enter syslog at the system prompt. A screen similar to the following will be displayed. SYSLOG current configuration: 1) Log host 2) Log host IP 3) Syslog port (514) 4) Default facility code 41) Override internals 5) Default priority mask 51) Override internals 52) Display internals 6) Console logging 7) Log Task ID 71) Use Task Name 8) Message tag - UNDEFINED - 514 - local0 - no - emerg - no - no - yes - yes - no - switch (save/quit/cancel) : Select the number of the item you want to change. To change any of the values on the previous page, enter the line number, followed by an equal sign (=), and then the new value. For example, to turn off console logging, enter: 6=no The question mark (?) option refreshes the screen. To update the values you have changed, enter save. If you do not want to save the changes enter quit or cancel, or press Ctrl-D. The parameters displayed by the syslog command are described below. Log host The name of the host where you want the syslog messages sent. The Domain Name Server (DNS) must be configured for this to work. Use the res command to configure the DNS. (The res command is described in Chapter 14, “RMON and DNS Resolver.”) Log host IP The IP address of the host where you want the syslog messages sent. If the IP address and the Log host name disagree, the IP address takes precedence. Syslog port (514) The port to which the syslog messages will be sent on the specified host. Port 514 is the normal port number used and is the default. Page 10-2 Configuring the Syslog Parameters Default facility code The facility code is used to identify which sub-system generated the syslog message. Note that this code is used only as a default for tasks that do not have a facility code. See the table below for a list of the facility codes. The default is local0. Syslog Facility Codes Facility Source LOG_KERN Messages generated by the kernel LOG_USER Message generated by random user processes LOG_MAIL The mail system LOG_DAEMON System daemons LOG_AUTH The authorization system LOG_LPR The line printer spooling system LOG_NEWS Reserved for the USENET system LOG_UUCP Reserved for the UUCP system LOG_CRON The cron/at facility LOG_LOCAL0-7 Reserved for local use Override internals This setting will force all syslog messages to use the default facility code specified in Default facility code instead of their own predefined facility codes. Default priority mask The mask for the priority code. Indicates the type of syslog message. Note that this mask is used only as a default for tasks that do not have a priority code. Priority codes for syslog messages are usually hardcoded. The following table is a list of priority codes. Page 10-3 Configuring the Syslog Parameters Syslog Priority Codes Level Value Meaning LOG_EMERG 0 FATAL system event LOG_ALERT 1 FATAL subsystem event LOG_CRIT 2 Problem, subsystem unstable LOG_ERR 3 Problem, bad event, recoverable LOG_WARNING 4 Unexpected, non-fatal event LOG_NOTICE 5 normal but significant condition LOG_INFO 6 info LOG_DEBUG 7 Internal debug messages Override internals This field will force all syslog messages to use the default priority mask specified instead of their own predefined priority masks. Display internals This field allows the user to display the task log level. Enter 52=yes to display the submenu below. If, for example, you wanted to change the priority mask CM via kern from “warn” to “alert,” you would enter 4=alert. Note that this change will take place immediately and you do not need to enter save for it to take effect. Type save, quit, or cancel and then press <Enter> to return to the main syslog menu. Internal task syslog configuration: (NOTE: changes take effect immediately and are NOT saved across reboots!) 0) 1) 2) 3) 4) 5) 6) 7) 8) 9) 10) PPM via kern LPM via kern VPM via kern SNMP via kern CM via kern ATMmgr via kern atmLANE via kern Q93bif via kern ILMIif via kern SSI0 via kern atmSNMP via kern - alert - alert - alert - alert - warn - alert - alert - alert - alert - alert - alert Console logging Determines whether or not you want to see syslog messages on your console (terminal). If set to yes, the messages will be displayed on either an ASCII terminal connected to the console port or via a Telnet session. Page 10-4 Configuring the Syslog Parameters Log Task ID Determines whether or not you want to see the task ID that can be included in the syslog message. Use Task Name This allows the user to display descriptive task names for syslog messages (see the Display sub-menu above) instead of numeric codes. internals Message tag Text of up to 10 characters that is added to every message leaving the switch. It is useful when multiple switches send messages to the same host. Page 10-5 Configuring Switch Logging Configuring Switch Logging Switch logging is a feature that allows you to activate and configure the logging of various types of switch information. Once you activate logging for a specific facility through the switch logging command, you may also decide whether the log output should display on the console, be saved to a file, or be both displayed and saved to a file. To enter the switch logging submenu, enter swlogc at the system prompt. A screen similar to the following displays: CONFIGURATION MENU FOR SWITCH LOGGING 1) Security Logging 11) Output to File 12) Output to Console 2) FTP Logging 21) Output to File 22) Output to Console 3) Flash File Logging 31) Output to Console 4) Screen Capture 41)Output to File 5) Console Event Logging 51) Output to File 52) Output to Console 6) User Interface Logging 61) Output to File 62) Output to Console 7) Telnet Logging 71) Output to File 72) Output to Console 8) Log File (mpm.log) Size 9) Return Logging to Default Configuration : Disabled : Yes : No : Disabled : Yes : No : Disabled : Yes : Disabled : Yes : Disabled : Yes : No : Disabled : Yes : No : Disabled : Yes : No : 20000 bytes : No Command {Item/ Item=Value/ ?/ Help/ Quit/ Cancel/ Save} (Redraw) : The logging types are described here: 1) Security Logging Enabling security logging allows you to view all security violations that occur within the switch. Set to enable to activate logging for any security violations that occur within the switch. Set to disable to de-activate logging for security violations. ♦ Note ♦ Security Logging must be enabled in order to display the Secure Switch Access violations log (seclog). 2) FTP Logging FTP Session Events is a record of all FTP (File Transfer Protocol) activities since logging was activated. Once you enable FTP Logging by entering 2=enable, you may view it through the conlog command (described in Displaying the Connection Entries in the MPM Log on page 1010). To disable FTP Session Events logging, enter 2=disable. Page 10-6 Configuring Switch Logging 3) Flash File Logging Flash file logging records debug information from the code that manages the switch logging feature itself (previously called “flash file system logging”). To enable flash file logging, enter 3=enable. To disable flash file logging, enter 3=disable. Flash file logging messages cannot be saved in the mpm.log file, but flash file logging messages may be displayed on the console by entering 31=yes. To disable sending flash file logging messages to the console, enter 31=no. 4) Screen Capture Screen logging captures screen text for logging. To enable screen logging, enter 4=enable. To disable screen logging, enter 4=disable. Note that since screen text already goes to the screen, logging output to the screen is not permitted. If you want to display the screen capture entries for all logged users, use the caplog command (for more information, see Displaying Screen (Console) Capture Entries in the MPM Log on page 10-11). ♦ Note ♦ The screen capture feature has not yet been implemented. 5) Console Event Logging Console Session Events is a record of all console login activities in the switch, including user names, and connection times. Once you enable Console Event logging by entering 5=enable, you may view it through the conlog command (described in Displaying the Connection Entries in the MPM Log on page 10-10). To disable logging for Console Events, enter 5=disable. Note that logging output to the console is not permitted. 6) User Interface Logging User Interface Logging is executed on the switch since the UI log was activated. Once you enable UI logging by entering 6=enable, you may view it through the cmdlog command (described in Displaying the Command History Entries in the MPM Log on page 10-9). To disable logging for the UI, enter 6=disable. 7) Telnet Logging Telnet Logging is a record of all Telnet activities since Telnet logging was activated. Once you enable Telnet logging by entering 7=enable, you may view it through the conlog command (described in Displaying the Connection Entries in the MPM Log on page 10-10). To disable logging for Telnet, enter 7=disable. 8) Log File Size Use this parameter to set the mpm.log file size. The default is 20,000 bytes. The maximum number of bytes is dependent upon the available flash in your system. If you set a file that is too large, the command will tell you the maximum allowed size. (This is half of the remaining free space in your flash file system.) The minimum file size is 3,240 bytes. 9) Return Logging to Default Configuration Use this parameter to return all of the switch logging options to their default values. Enter 9=yes to reset the configuration at reboot. To keep the same logging configuration at the next reboot, make sure this parameter is set to no. Page 10-7 Configuring Switch Logging In addition to enabling or disabling each type of logging, you can also specify whether to output the log to a file or to the console: Output to File Set to yes (y) to store the log messages in the mpm.log file. Set to no (n) to disable sending log messages to this file. (This option is not available for flash file logging or screen capture.) Output to Console Set to yes to display the log messages on the console screen. Set to no to disable the screen as an output device for Security Logging. Page 10-8 Displaying the Command History Entries in the MPM Log Displaying the Command History Entries in the MPM Log The cmdlog command displays a list commands executed since User Interface (UI) facility logging was activated by the swlogc command (described in Configuring Switch Logging on page 10-6). To display this data, enter cmdlog at the system prompt. The following is a sample display. User ----------admin admin admin admin admin admin admin Line ----------------------198.206.187.113 198.206.187.113 198.206.187.113 console console 198.206.187.113 198.206.187.113 Time --------------------------08/14/00 16:42 08/14/00 16:42 08/14/00 16:43 08/15/00 10:28 08/15/00 10:28 08/15/00 14:03 08/15/00 14:05 User Input --------------------------cmdlog xlat conlog logging ? taskstat taskstat The fields displayed by the cmdlog command are described below. User. The login name of the user who executed the command. Line. The login type of the user who executed the command. If, for example, the user was connected through the console port, “console” will be displayed. If the user was connected through Telnet, on the other hand, then the IP address of that user will be displayed. Time. The time that the command was executed. User Input. The actual text (up to 32 characters) that the user entered at the system prompt. ♦ Note ♦ If you just want to display the commands executed during the current session you can use the history command, which is described in Chapter 4, “The User Interface.” Page 10-9 Displaying the Connection Entries in the MPM Log Displaying the Connection Entries in the MPM Log The conlog command displays a list of connections made since console event, FTP, or Telnet logging was activated by the swlogc command (described in Configuring Switch Logging on page 10-6). To display this data, enter conlog at the system prompt. A screen similar to the following will be displayed. User -------- Line ----------- Peer --------------- Start ---------------- Finish ------------------ admin admin admin admin admin Telnet Telnet Telnet console Telnet 198.206.187.113 198.206.187.113 198.206.187.113 08/14/00 09:47 08/20/00 09:47 08/20/00 09:55 08/20/00 10:35 08/20/00 11:02 09:47 (00:00) 09:53 (00:05) 10:00 (00:05) logged in (00:27) logged in (00:00) 198.206.187.113 The fields displayed by the conlog command are described below. User. The name of the user who made the connection to the switch. Line. The login type of connection to the switch (e.g., a Telnet or console port connection). Peer. If the user was connected through Telnet, then the IP address of the user will be displayed. If the user was connected through the console port, then this field will be blank. Start. The time that the connection started. Finish. Displays the time the connection terminated or logged in for sessions that are still current. The value in parenthesis is the duration of the session, in minutes. Page 10-10 Displaying Screen (Console) Capture Entries in the MPM Log Displaying Screen (Console) Capture Entries in the MPM Log The caplog command displays the screen capture entries in the mpm.log file. (Note: This feature is not yet implemented.) In order to view screen capture entries through this command, you must first enable the Screen Capture log facility through the swlogc command (see Configuring Switch Logging on page 10-6). To display screen capture entries in the log, enter caplog at the system prompt. A screen similar to the following will be displayed. 1) Console 2) Modem 3) Telnet (0) 4) Telnet (1) 5) Telnet (2) 6) Telnet (3) select ? Select which user’s screen entries you would like to view by entering the user’s line number at the prompt. For example, if you enter 1 at the select ? prompt, a screen similar to the following displays: =======================Start Screen Capture Display for Console================== / % systat System Uptime MPM Transmit Overruns MPM Receive Overruns MPM total memory MPM CPU Utilization (5 sec) MPM CPU Utilization (60 sec) Power Supply 1 State Power Supply 2 State Temperature Temperature Sensor Temperature Alarm Masking : 0 days, 01:01:47.01 :0 :0 : 18548968 bytes : 3 % ( 0% kernel 1% task 97% idle) : 4% ( 0% intr 0% kernel 2% task 96% idle)\ : OK : Not Present : 32.00c 89.60f : OF - Under Threshold : Disabled =======================End Screen Capture Display for Console================== The options displayed by the caplog command are described below. 1) Console. 2) Modem. Displays screen capture entries for the user logged in from the console. Displays screen capture entries for the user logged in from the modem. 3) Telnet (0). Displays screen capture entries for the user logged in from the first telnet session. Page 10-11 Displaying Screen (Console) Capture Entries in the MPM Log 4) Telnet (1). Displays screen capture entries for the user logged in from the second telnet session. 5) Telnet (2). Displays screen capture entries for the user logged in from the third telnet session. 6) Telnet (3). session. Page 10-12 Displays screen capture entries for the user logged in from the fourth telnet Displaying Debug Entries in the MPM Log Displaying Debug Entries in the MPM Log The debuglog command displays the debug entries in the mpm.log file. (Note: Currently there are no facilities using debugging.) Below is a sample display of the debuglog command. Task Name -------------------------------tUdpRelay Time --------------------14:33:36 Debug Message --------------------------------------------------------Undersized DHCP req rcvd; discarding The fields displayed by the debuglog command are described here. Task Name. Time. The task that generated the debug message. The time the message was generated by the task. Debug Message. Information relevant to debugging. Displaying Secure Access Entries in the MPM Log The seclog command displays the secure access violation event entries in the mpm.log file. To display this data, enter seclog at the system prompt. A screen similar to the following will be displayed. Secure Access Violations Log Time -----------------------12:49:02 03:15:34 Protocol ------------FTP Telnet Source IP -------------172.23.8.801 198.20.2.101 Attempts -------------1 10 Slot/ Intf ------5/1 2/3 Elapsed Time (secs) ------------------23 240 Descriptions of the fields are as follows: Time. The first time the access violation occurred. Protocol. The IP protocol for which the violation occurred. Source IP. The source IP address of the unauthorized user. Attempts. The number of access attempts made by this user within the sample period (5 minutes). Slot/Intf. The physical port that received the unauthorized user information. Elapsed Time (secs). The duration (in seconds) from the first unauthorized access to the end of the sampling period (5 minutes). Secure access violations will take 5 minutes to display in the log file. Page 10-13 Displaying Secure Access Entries in the MPM Log Page 10-14 11 Health Statistics The health statistics feature monitors the consumable resources of a switch, and provides a single integrated source for Network Management Software (NMS), such as X-Vision, to use in obtaining statistics on switch performance. With the health statistics, the user can set specific threshold levels for consumable resources in the switch. Such resources include bandwidth capacity, CAM and CPU usage, and RAM memory usage. If a threshold for a particular resource is exceeded, a notification is sent to the NMS via an SNMP trap. ♦ Important ♦ You must configure your NMS to accept traps from the monitored switch. X-Vision allows you to set which network management stations receive traps. For more information, see the X-Vision online help. The health statistics software monitors the resource utilization levels and thresholds of a switch, and at fixed intervals collects the current values for each resource being monitored. After obtaining the statistics, the health statistics software checks to see if any rising or falling threshold crossings occurred since its last poll by comparing the current poll data with the previous poll data. If a threshold crossing has occurred, a trap is sent to NMS (such as XVision), allowing the system administrator to pinpoint possible performance issues. Through the UI (user interface), threshold levels can be set, the sampling interval can be changed, and statistics (for a switch, module, or port) can be viewed or cleared. The Health Statistics Management Menu To access the Health menu, log on to a switch via a Telnet or console session, and type the following command: health If the session is in terse mode, you will need to type ? to see the menu. If you are in verbose mode, the following screen is displayed: Command -----------------hdcfg hdstat hmstat hpstat hreset Health Menu ----------------------------------------------------------------------Set or view parameters View device-level statistics View module-level statistics View port-level statistics Reset health statistics Main File Interface Security /System/Health % Summary System VLAN Services Networking Help The hdcfg command allows you to set global thresholds for the switch. The hdstat, hmstat, hpstat commands allow you to view the statistics on a switch, module, or port level, respectively. The hreset command resets the statistics for this switch. Page 11-1 Setting Resource Thresholds Setting Resource Thresholds The health statistics software operates by monitoring set threshold levels on consumable resources. When a resource exceeds a set level, a trap is generated and sent. These threshold levels are set for the entire switch (or device) by using the hdcfg command. To set the threshold level for a switch’s consumable resources, enter the hdcfg command at the system prompt. The following screen appears: Device-level Resource Monitoring Configuration 1) Set Bandwidth Thresholds : 2) Set Miscellaneous Thresholds : 3) Set Sampling Interval : There are three sets of resources that are configurable: • Bandwidth thresholds. These settings allow you to set a percentage of available bandwidth for received traffic, sent traffic, and the backplane. For more information on setting bandwidth thresholds, see Setting Bandwidth Thresholds on page 11-3. • Miscellaneous thresholds. These settings allow to set a percentage for memory usage, VCC usage, virtual port usage, and temperature. For more information on setting miscellaneous thresholds, see Setting Miscellaneous Thresholds on page 11-4. • Sampling interval. The sampling interval is the number of seconds between health statistics checks. For information on how to set the sampling interval, see Setting the Sampling Interval on page 11-6. Page 11-2 Setting Resource Thresholds Setting Bandwidth Thresholds Bandwidth is a measure of the amount of traffic a switch can handle for receiving, sending, and on the backplane. The health statistics allow you to sent a percentage of available bandwidth, at which an SNMP trap is generated to alert the network administrator that the threshold has been exceeded. To set the threshold levels for switch bandwidth: 1. Enter health at a system prompt. The health menu (described above) displays. 2. Enter a 1 at the health menu prompt. The following menu displays: Bandwidth Resource Monitoring Configuration 1) Receive Threshold 2) Transmit/Receive Threshold 3) Backplane Threshold : 80 : 80 : 80 3. Threshold values are measured as a percentage of the total capacity of the resource. To change a threshold or sampling interval value, type the index for the field, followed by an equals sign, then the new value. For example, to change the Receive Threshold to 50 percent, you would type the following at the prompt: 1=50 The Receive Threshold would now be set to 50 percent of its total capacity (bandwidth). 4. When you have finished entering the new values, you must enter save to keep the new configuration settings. ♦ Note ♦ Changing a threshold value sets the value for all levels of the switch (switch, module, and port). You cannot set different threshold values for each level. Below is a description of the fields in the hdcfg command menu. The default for all monitored resources is eighty (80) percent of the maximum capacity of the resource. Receive Threshold The receive threshold sets a percentage of total bandwidth of the switch, module, or port. When the amount of received data exceeds this percentage, an SNMP trap is sent. Transmit/Receive Threshold The transmit/receive threshold sets a percentage of the total bandwidth of the switch, module, or port. When the amount of transmitted and received data exceeds this percentage, an SNMP trap is sent. Page 11-3 Setting Resource Thresholds Backplane Threshold The backplane threshold sets a percentage of total backplane bandwidth of the switch, module, or port. When backplane usage exceeds this percentage, an SNMP trap is sent. ♦ Note ♦ When “U-turn” switching (i.e., data enters a module port and is transmitted from a port on the same module) is employed, the backplane threshold reading will not be correct. Switched frames are not transmitted over the backplane but are counted by health statistics, causing the backplane percentage reading to be higher than it should be. Setting Miscellaneous Thresholds The miscellaneous thresholds cover consumable resources such as memory, VCCs, temperature, and virtual ports. The health statistics allow you to sent a percentage the available resource, at which an SNMP trap is generated to alert the network administrator that the threshold has been exceeded. To set the threshold levels for switch bandwidth: 1. Enter health at a system prompt. The health menu (described above) displays. 2. Enter a 2 at the health menu prompt. The following menu displays: Miscellaneous Resource Monitoring Configuration 1) CAM Threshold 2) CPU Threshold 3) Memory Threshold 4) VCC Threshold 5) Temperature Threshold 6) Virtual Port Threshold : 80 : 80 : 80 : 80 : 80 : 80 3. Threshold values are measured as a percentage of the total capacity of the resource. To change a threshold or sampling interval value, type the index for the field, followed by an equals sign, then the new value. For example, to change the CAM Threshold to 50 percent, you would type the following at the prompt: 1=50 The CAM Threshold would now be set to 50 percent of its total capacity (memory). 4. When you have finished entering the new values, you must enter save to keep the new configuration settings. ♦ Note ♦ Changing a threshold value sets the value for all levels of the switch (switch, module, and port). You cannot set different threshold values for each level. Page 11-4 Setting Resource Thresholds CAM Threshold (MPM/HRE or NI) The CAM threshold sets a percentage of the total amount of space available for storing the cache tables. Cache tables maintain associations between received MAC addresses and the ports they were received on. For the switch level, the CAM threshold separately monitors the MPX and the HRE-X daughtercard (if it is installed) CAM tables. For the module level, it monitors the switching module CAM tables. CAM thresholds are not available on the port level. When this percentage is exceeded, an SNMP trap is sent. CPU Threshold The CPU threshold sets a percentage of the total amount of processing ability for the MPX. When the CPU usage exceeds this percentage, an SNMP trap is sent. The CPU threshold is only used for the switch level. Memory Threshold The memory threshold sets a percentage of the total amount to MPX RAM memory for the switch. When RAM usage exceeds this percentage, an SNMP trap is sent. The memory threshold is only used for the switch level. VCC Threshold This value is a number set as a percent. VCC Threshold is equal to the total number of active VCCs divided by the switch VCC capacity. When this value is exceeded, an SNMP trap is sent. Temperature Threshold This threshold sets the number of degrees for the switch at which an SNMP trap is sent. This threshold is measured in degrees Celsius. The range is from 0 to 100. Virtual Port Threshold This threshold sets a percentage of the total number of available virtual ports for the switch. When the set percentage of available virtual ports is exceeded, an SNMP trap is sent. Page 11-5 View Switch-Level Statistics Setting the Sampling Interval The sampling interval is the time interval between polls of the switch’s consumable resources to see if it is performing within the set thresholds. To set the amount of time between polls: 1. Enter health at a system prompt. The health menu (described above) displays. 2. Enter a 3 at the health menu prompt. The following menu displays: Resource Monitoring Interval Configuration 1) Sampling Interval :5 3. To change the sampling interval, enter a 1, and equal sign, and the new interval in seconds. For example, to change the sampling interval to 4 seconds, you would enter the following: 1=4 4. When you have finished entering the new value, you must enter save to keep the new configuration setting. Sampling Interval This sets the number of seconds between internal polling intervals. The health statistics compares the current poll statistics with the last poll statistics to determine whether or not to send a trap. The default for the Sampling Interval is five (5) seconds. View Switch-Level Statistics To view the statistics for the entire switch, enter the hdstat command at a system prompt. The following table is displayed: Device Resources ---------------Receive Transmit/Receive Backplane CAM [MPM] CAM [HRE] CPU Memory Temperature Virtual Ports Limit -------80 80 80 80 80 80 80 45 80 Curr ------00 00 01 00 00 93* 50 44 11 1 Min Avg -------00 00 01 00 00 13 50 44 11 1 Hr Avg -----00 00 01 00 00 13 50 44 11 1 Hr Max -----00 00 01 00 00 22 50 44 11 /System/Health % Statistics are displayed as percentages of the total resource capacity, and represent data taken from the last sampling interval. If a threshold for a resource was exceeded, then that statistic is marked with an asterisk (*). ♦ Important Note ♦ The hdstat command displays CAM usage for the entire chassis. To see CAM usage for switching modules only, use the camstat command as described in Chapter 9, “Switch Wide Parameters.” Page 11-6 View Module-Level Statistics For field descriptions of the device resources column, see Setting Bandwidth Thresholds on page 11-3 and Setting Miscellaneous Thresholds on page 11-4 above. ♦ Note ♦ When calculating percentages, the health statistics cannot display less than one percent. If a single packet is sent through a port, for example, the receive resource usage is represented as one percent. The following section describes the statistics displayed using the hdstat command. Limit The set threshold for this resource. You can set the resource levels using the hdcfg command. See Setting Resource Thresholds on page 11-2 for specific procedures. Current The current resource usage. This number is a percentage of the total resource capacity. 1 Minute Average The average percent of resource use for the last sixty seconds. 1 Hour Average The average percent of resource use for the last sixty minutes. 1 Hour Maximum The maximum percent of resource use for the last sixty minutes. View Module-Level Statistics To view module level statistics, type the hmstat command at a system prompt followed by the slot number. For example, to view the statistics for a module in slot three, type the following: hmstat 3 The following screen is displayed: Slot 3 Resources ----------------Receive Transmit/Receive Backplane CAM Limit -------80 80 80 80 Curr ------00 00 95* 00 1 Min Avg -------00 00 00 00 1 Hr Avg ------00 00 00 00 1 Hr Max ------00 00 00 00 /System/Health % Statistics are displayed as percentages of the total resource capacity, and represent data taken from the last sampling interval. If a threshold for a resources was exceeded, then that statistic is marked with an asterisk (*). For descriptions of the monitored resources, see Setting Bandwidth Thresholds on page 11-3 and Setting Miscellaneous Thresholds on page 11-4 above. Page 11-7 View Port-Level Statistics For descriptions of the statistics, see View Switch-Level Statistics on page 11-6. ♦ Note ♦ The CPU and memory resources are not applicable to the module level statistics display, and therefore are not shown. View Port-Level Statistics To view port-level statistics, type the hpstat command at a system prompt as shown: hpstat <slot>/<port> where <slot> is the slot number and <port> is the port number. For example to view port 1 on slot 3, enter the following: hpstat 3/1 The following screen is displayed: Port 3/1 Resources -----------------Receive Transmit/Receive Backplane Limit -------80 80 80 Curr ------00 92* 00 1 Min Avg -------00 00 00 1 Hr Avg ------00 00 00 1 Hr Max ------00 00 00 /System/Health % Statistics are displayed as percentages of the total resource capacity, and represent data taken from the last sampling interval. If a threshold for a resource was exceeded, then that statistic is marked with an asterisk (*). For descriptions of the monitored resources, see Setting Bandwidth Thresholds on page 11-3 and Setting Miscellaneous Thresholds on page 11-4 above. For descriptions of the statistics, see View Switch-Level Statistics on page 11-6. Reset Health Statistics To reset the health statistics for the switch, type the hreset command at a system prompt. The following message is displayed: Are you sure you want to reset health statistics? (n) : To confirm your choice to clear the switch health statistics, type y at the prompt. After you confirm your choice, the following confirmation notice is displayed: RESET HEALTH STATISTICS ♦ Note ♦ The hreset command clears the statistics for the entire switch. You cannot clear statistics for the module or port level only. Page 11-8 12 Network Time Protocol Introduction The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source, such as a radio or satellite receiver. It provides client time accuracies within a millisecond on LANs, and up to a few tens of milliseconds on WANs relative to a primary server synchronized to Coordinated Universal Time (UTC) (via a Global Positioning Service receiver, for example). Typical NTP configurations utilize multiple redundant servers and diverse network paths in order to achieve high accuracy and reliability. Some configurations include cryptographic authentication to prevent accidental or malicious protocol attacks. It is important for networks to maintain accurate time synchronization between network nodes. The standard timescale used by most nations of the world is based on a combination of Universal Coordinated Time (UTC) (representing the Earth's rotation about its axis) and the Gregorian Calendar (representing the Earth's rotation about the Sun). The UTC timescale is disciplined with respect to International Atomic Time (TAI) by inserting leap seconds at intervals of about 18 months. UTC time is disseminated by various means, including radio and satellite navigation systems, telephone modems, and portable clocks. Special purpose receivers are available for many time-dissemination services, including the Global Position System (GPS) and other services operated by various national governments. For reasons of cost and convenience, it is not possible to equip every computer with one of these receivers. However, it is possible to equip some computers with these clocks, which then act as primary time servers to synchronize a much larger number of secondary servers and clients connected by a common network. In order to do this, a distributed network clock synchronization protocol is required which can read a server clock, transmit the reading to one or more clients, and adjust each client clock as required. Protocols that do this include the Network Time Protocol (NTP). Page 12-1 Stratum Stratum is the term used to define the relative proximity of a node in a network to a time source (such as a radio clock). Stratum 1 is the server connected to the time source itself. (In most cases the time source and the stratum 1 server are in the same physical location.) An NTP client or server connected to a stratum 1 source would be stratum 2. A client or server connected to a stratum 2 machine would be stratum 3, and so on, as demonstrated in the diagram below. Time Source (UTC) Omni Switch/Routers running NTP Stratum 1 Stratum 2 Stratum 3 The farther away from stratum 1 a device is, the more likely there will be discrepancies or errors in the time adjustments done by NTP. A list of stratum 1 and 2 sources available to the public can be found on the Internet. ♦ Note ♦ It is not required that NTP be connected to an officially recognized time source (for example, a radio clock). NTP can use any time source to synchronize time in the network. Using NTP in a Network NTP operates on the premise that there is one true standard time (defined by UTC), and that if several servers claiming synchronization to the standard time are in disagreement, then one or more of them must be out of synchronization or not functioning correctly. The stratum gradiation is used to qualify the accuracy of a time source along with other factors such as advertised precision and the length of the network path between connections. NTP operates with a basic distrust of time information sent from other network entities, and is most effective when multiple NTP time sources are integrated together for checks and crosschecks. To achieve this end, there are several modes of operation that an NTP entity can use when synchronizing time in a network. These modes help predict how the entity behaves when requesting or sending time information, listed below: • A switch can be a client of an NTP server (usually of a lower stratum), receiving time information from the server but not passing it on to other switches. • A switch can be a client of an NTP server, and in turn be a server to another switch or switches. • A switch (regardless of its status as either a client or server) must be peered with another switch. Peering allows NTP entities in the network of the same stratum to regard each other as reliable sources of time and exchange time information. Examples of these are shown in the simple network diagram on the following page: Page 12-2 Time Source (UTC) 1a NTP Servers 1b Stratum 1 Peer Association 2b 2a NTP Client/ Servers Stratum 2 Peer Association Stratum 3 3b 3a NTP Clients Peer Association Servers 1a and 1b receive time information from, or synchronize with, a UTC time source such as a radio clock. (In most cases, these servers would not be connected to the same UTC source, though it is shown this way for simplicity.) Servers 1a and 1b become stratum 1 NTP servers and are peered with each other, allowing them to check UTC time information against each other. These machines support machines 2a and 2b as clients, and these clients are synchronized to the higher stratum servers 1a and 1b. Clients 2a and 2b are also peered with each other for time checks, and become stratum 2 NTP servers for more clients (3a and 3b, which are also peered). In this hierarchy, the stratum 1 servers synchronize to the most accurate time source available, then check the time information with peers at the same stratum. The stratum 2 machines synchronize to the stratum 1 servers, but do not send time information to the stratum 1 machines. Machines 2a and 2b in turn provide time information to the stratum 3 machines. It is important to consider the issue of robustness when selecting sources for time synchronization. It is suggested that at least three sources should be available, and at least one should be “close” to you in terms of network topology. It is also suggested that each NTP client is peered with at least three other same stratum clients, so that time information crosschecking will be performed. Page 12-3 When planning your network, it is helpful to use the following general rules: • It is usually not a good idea to synchronize a local time server with a peer (in other words, a server at the same stratum), unless the latter is receiving time updates from a source that has a lower stratum then from where the former is receiving time updates. This minimizes common points of failure. • Peer associations should only be configured between servers at the same stratum level. Higher Strata should configure lower Strata, not the reverse. • It is inadvisable to configure time servers in a domain to a single time source. Doing so invites common points of failure. NTP and Authentication NTP is designed to use either DES or MD5 encryption authentication to prevent outside influence upon NTP timestamp information. This is done by using a key file. The key file is loaded into the switch memory, and consists of a text file that lists key identifiers that correspond to particular NTP entities. If authentication is enabled on an NTP switch, any NTP message sent to the switch must contain the correct key ID in the message packet to use in decryption. Likewise, any message sent from the authentication enabled switch will not be readable unless the receiving NTP entity possesses the correct key ID. Key files are created by a system administrator independent of the NTP protocol, and then placed in the switch memory. An example of a key file is show below: 1 2 14 15 N M M A 29233e0461ecd6ae RIrop8KPPvQvYotM sundial sundial # des key in NTP format # md5 key as an ASCII random string # md5 key as an ASCII string # des key as an ASCII string In a key file, the first token is the key number ID, the second is the key format, and the third is the key itself. (The text following a “#” is not counted as part of the key, and is used merely for description.) There are 4 key formats: N Indicates a DES key written as a hex number, in NTP standard format with the high order bit of each octet being the odd parity bit. M Indicates an MD5 key written as a 1 to 31 character ASCII string with each character standing for a key octet. A Indicates a DES key written as a 1 to 8 character string in 7-bit ASCII format, where each character stands for a key octet string. S Indicates a DES key written as a hex number in the DES standard format, with the low order bit of each octet being the odd parity bit. For information on activating authentication, specifying the location of a key file, and configuring key IDs for switches, see the following sections: • Configuring an NTP Client on page 12-6 • Configuring a New Peer Association on page 12-12 • Configuring a New Server on page 12-13 • Configuring a Broadcast Time Service on page 12-13 Page 12-4 Network Time Protocol Management Menu Network Time Protocol Management Menu To access the NTP management menu, connect to a switch via a console or telnet session and enter NTP at the system prompt. If you are in verbose mode, or enter a question mark (?) at the prompt, the following screen is displayed: Command --------------Ntconfig Ntinfo Ntstats Ntadmin Ntaccess NTP Management Menu -------------------------------------------------------Enter the NTP configuration menu Enter the NTP information menu Enter the NTP statistics menu Enter the NTP administration menu Enter the NTP access control menu Main File Summary VLAN Networking Interface Security System Services Help Ntconfig. This command accesses the NTP configuration menu, which allows you to configure this NTP device, add or remove peer associations, add an NTP server, configure this NTP device’s broadcast time, and set or change this NTP device’s fudge factor. See NTP Configuration Menu on page 12-6 for more information on the NTP configuration menu. Ntinfo. This command accesses the NTP information menu, which allows you to view a list of all peers for this NTP device, display a list of peers with summary information (in two different formats), display detailed information for one or more peers, and display local server information. See NTP Information Menu on page 12-15 for more information. Ntstats. This command accesses the NTP statistics menu, which allows you to view the statistics for the loop filter, peer memory usage, I/O subsystem, local server, event time subsystem, packet counts, leap second state, clock status, monitoring routines data. See NTP Statistics Menu on page 12-23 for more information. Ntadmin. This command accesses the NTP administration menu, which allows you to set the receive timeout, set an encryption delay, specify a remote NTP server, set a password and key ID for this NTP device, set and clear a system flag, and restart the NTP software. See NTP Administration Menu on page 12-33 for more information. Ntaccess. This command accesses the NTP access control menu, which allows you to change the authentication key ID for request and control messages, reinitalize the key ID list, add a key ID to or remove a key ID from the trusted list, display the state of the authentication code, create or remove restrict and add flags to an entry, view a servers restriction list, remove a restriction entry from this NTP device, and configure, remove or view traps set in the server. See NTP Access Control Menu on page 12-36 for more information. Page 12-5 NTP Configuration Menu NTP Configuration Menu To view the NTP configuration menu, enter the ntconfig command at the system prompt. If you are in verbose mode the NTP configuration menu is displayed. Otherwise, enter a question mark (?) at the prompt to display this menu: Command --------------ntpiconfig ntpaddpeer ntpaddserv ntpbcast ntpunconfig ntpprec ntpfudge NTP Configuration Menu -------------------------------------------------------Initial NTP configuration configure a new peer association configure a new server configure broadcasting time service unconfigure existing peer assocations set the server's advertised precision set/change one of a clock's fudge factors Related Menus: Ntconfig Ntinfo Ntstats Ntadmin Ntaccess The main menu options are shown in the Related Menus list for quick access if you need to change menus. A switch can be configured to act as an NTP client, or an NTP client/server. An NTP client receives updates from an NTP server without passing on time information to other clients, while and NTP client/server receives time information from a server, and acts as a server for other clients in a higher stratum. Configuring an NTP Client To set up the NTP client, use the ntpiconfig command as follows: 1. Enter the command as shown, at the system prompt: ntpiconfig The following menu appears: NTP Startup Configuration 1) Response timeout 2) Authentication delay 3) Authentication key file name 4) NTP client mode 5) Enable monitor 6) Enable NTP server :0 : No : UNSET : Ucast : No : No 2. Adjust the configurable variables for this NTP client as needed by entering the line number, and equal sign, and a new value at the system prompt, as shown: <lineNumber>=<value> For example, to change the Response timeout to 10, you would enter 1 (the line number for Response timeout), an equal sign (=), and the number 10 (the new value), as shown: 1=10 After enabling NTP for this switch, you need to configure at least one peer association, unless you will be supplying time synchronization. In that case, you need to configure a reference clock. For information on adding a peer association, see Configuring a New Peer Association on page 12-12. Page 12-6 NTP Configuration Menu Field Descriptions The following section describes the fields displayed using the ntpconfig command. 1) Response timeout This field sets the timeout period for responses to server queries. Server queries come from the server responsible for providing this client with NTP time information. The default is 8000 milliseconds. 2) Authentication delay This field sets a specified time interval that is added to timestamps included in requests to the server that required authentication. Typically this delay is needed in cases of long delay paths, or of servers whose clocks are unsynchronized. 3) Authentication key file name The key file is a file that holds the NTP authentication keys used during remote access or configuration of the server responsible for this client. This fields allows you to specify the name of the key file. The key file should be kept in the /flash directory of the switch. Specifying a key file expands the NTP Startup Configuration menu. For more information on configuring authentication, see Configuring Client/Server Authentication on page 12-9. 4) NTP client mode This field allows you to set how the client mode of this device sends its server queries. The options are U (for unicast), B (for broadcast), or M (for multicast). Setting the NTP client mode to broadcast or multicast expands the NTP Startup Configuration menu. A suboption for the NTP client mode appears, allowing you to specify the broadcast or multicast address, as shown: 41) NTP multicast address : Enter the broadcast of multicast address at the prompt by typing line number 41, and equal sign (=), and the IP address. For example, to specify a multicast address of 204.0.1.1, you would enter the following: 41=204.0.1.1 5) Enable monitor This field turns NTP monitoring on or off. Entering yes activates NTP monitoring, while entering no deactivates this function. The statistics for monitoring can be viewed using the ntpmon command in the statistics menu. See NTP Statistics Menu on page 12-23 for more information. 6) Enable NTP server This field allows you to enable the server portion of the NTP software for this NTP device. When set to yes, this device can act as an NTP server for other clients. When set to no, this device is only a client of another NTP server. Page 12-7 NTP Configuration Menu Configuring an NTP Client/Server A switch can be configured to act both as a client and a server. If you want to run both the client and server portions of the NTP software, follow the steps below: 1. Enter the command as shown, at the system prompt: ntpiconfig The following menu appears: NTP Startup Configuration 1) Response timeout 2) Authentication delay 3) Authentication key file name 4) NTP client mode 5) Enable monitor 6) Enable NTP server :0 : No : UNSET : Ucast : No : No 2. Adjust the configurable variables for this NTP client as needed by entering the line number, and equal sign, and a new value at the system prompt, as shown: <lineNumber>=<value> For example, to change the Response timeout to 10, you would enter 1 (the line number for Response timeout), an equal sign (=), and the number 10 (the new value), as shown: 1=10 3. Enable the NTP server by entering a 6, an equal sign (=), and yes at the prompt, as shown: 6=yes The NTP Startup Configuration menu expands to display new options. The menu now appears similar to the following: NTP Startup Configuration 1) Response timeout 2) Authentication delay 3) Authentication key file name 4) NTP client mode 5) Enable monitor 6) Enable NTP server 61) Client limit 62) Client limit period 63) Enable server authentication 64) Advertised precision 65) Broadcast delay :0 : No : UNSET : Ucast : No : No :3 : 3600 : No : -7 :0 4. Adjust the configurable variables for this NTP server as needed by entering the line number, and equal sign, and a new value at the system prompt, as shown: <lineNumber>=<value> For example, to change the Client limit to 10, you would enter 61 (the line number for Client limit), an equal sign (=), and the number 10 (the new value), as shown: 61=10 Page 12-8 NTP Configuration Menu Field Descriptions The following section describes the expanded menu options. 61) Client limit This field allows you to set a specific number of clients that are allowed to make requests of the server during a specified time period. Setting this field to 0 allows an unlimited number of clients to connect to the server. 62) Client limit period This field allows you to set the client limit time period (in seconds). This along with the client above determine how many clients are allowed to make requests of this server. limit field 63) Enable server authentication This field enables the authentication of unsynchronized peers. If set to yes, NTP only synchronizes with peers that has been authenticated with the correct key ID. 64) Advertised precision Sets the precision which the server advertises to the specified value. This should be a negative integer in the range -4 through -20. 65) Broadcast delay This fields allows you to set a specified network delay time. Normally, NTP automatically compensates for the network delay between the broadcast/multicast server and the client. If this calibration fails, the delay set here is used instead. Configuring Client/Server Authentication In order to use authentication, you must specify a key file. A key file contains the keys necessary for NTP to decode encrypted NTP messages. To specify a key file, follow the steps below: 1. Enter the command as shown, at the system prompt: ntpiconfig The following menu appears: NTP Startup Configuration 1) Response timeout 2) Authentication delay 3) Authentication key file name 4) NTP client mode 5) Enable monitor 6) Enable NTP server :0 : No : UNSET : Ucast : No : No Page 12-9 NTP Configuration Menu 2. Adjust the configurable variables for this NTP client as needed by entering the line number, and equal sign, and a new value at the system prompt, as shown: <lineNumber>=<value> For example, to change the Response timeout to 10, you would enter 1 (the line number for Response timeout), an equal sign (=), and the number 10 (the new value), as shown: 1=10 3. Enable authentication by entering a 3, and equal sign (=), and a key file name at the prompt, as shown: 3=ntp.keys The NTP Startup Configuration menu expands to display new options. The menu now appears similar to the following: NTP Startup Configuration 1) Response timeout 2) Authentication delay 3) Authentication key file name 31) Configuration info authentication key 32) Control request authentication key 33) Configuration change authentication key 4) NTP client mode 5) Enable monitor 6) Enable NTP server :0 : No : ntp.keys : : : : Ucast : No : No 4. Adjust the configurable variables for authentication as needed by entering the line number, and equal sign, and a new value at the system prompt, as shown: <lineNumber>=<value> For example, to change the Configuration info authentication key to 10, you would enter 1 (the line number for Configuration info authentication key), an equal sign (=), and the number 10 (the new value), as shown: 1=10 Page 12-10 NTP Configuration Menu Field Descriptions The following section describes the expanded menu options. 31) Configuration info authentication key The number of the key in the key file used to authenticate configuration information. Configuration information sets configuration parameters. For more information on the key file, see NTP and Authentication on page 12-4. 32) Control request authentication key The number of the key in the key file used authenticate control requests. Control requests come from other NTP clients and servers. For more information on the key file, see NTP and Authentication on page 12-4. 33) Configuration change authentication key The number of the key in the key file used authenticate configuration change requests. Configuration change requests come from other NTP clients and servers. For more information on the key file, see NTP and Authentication on page 12-4. Page 12-11 NTP Configuration Menu Configuring a New Peer Association When you have configured the NTP client and/or server, you will need to set at least one peer association for the switch. An NTP peer is a machine of the same stratum that will compare and check time information sent from the switch, and in turn send time information to the switch. To configure a new peer, enter the ntpaddpeer command in the following manner: ntpaddpeer <address> [<keyId> <version> <minpol>] [prefer] where <address> is the either the domain name or IP address of the peer machine. The optional configuration items are described below: <keyId>. An unsigned 32-bit integer key identifier for encryption authentication. The default is for no key ID. <version>. The version of NTP being used. The options are versions 1, 2, or 3. If no number is entered, it is assumed that version 3 is being used. <minpol>. The minimum poll interval for time checks to this peer. The number entered is seconds raised to the power of 2. prefer. An identifier that marks this peer as a preferred source of time information. In a situation where multiple peers could provide time information to this client, the preferred peer is the one that is used. For example, to add a peer with an address of 1.1.1.1, a key identifier of 5, using version 3 of NTP, minimum poll of 16 seconds, and marked as a preferred server, you would enter the following: ntpaddpeer 1.1.1.1 5 3 4 prefer When you have finished press <return>. A brief message appears confirming the addition of a new peer. Page 12-12 NTP Configuration Menu Configuring a New Server For the switch to synchronize its time, you must specify a server, or servers, from which the switch receives time information. This is done with the ntpaddserv command. To add a synchronization server to a switch, use the command that follows: ntpaddserv <address> [<keyId><version><minpol>] [prefer] where <address> is the either the domain name or IP address of the server. The optional configuration items are described below: <keyId>. An unsigned 32-bit integer key identifier for encryption authentication. The default is no key ID. <version>. The version of NTP being used. The options are versions 1, 2, or 3. If no number is entered, it is assumed that version 3 is being used. <minpol>. The minimum poll interval for time checks to this server. The number entered is seconds raised to the power of 2. prefer. An identifier that marks this peer as a preferred source of time information. In a situation where multiple peers could provide time information to this client, the preferred peer is the one that is used. For example, to add a peer with an address of 1.1.1.1, a key identifier of 5, using version 3 of NTP, with a poll time of 16, and marked as a preferred server, you would enter the following: ntpaddpeer 1.1.1.1 5 3 4 prefer When you have finished press <return>. A brief message appears confirming the addition of a new server. Configuring a Broadcast Time Service The NTP server can be configured to operate in broadcast mode, where the server sends periodic broadcast messages to a client population by using the broadcast or multicast address specified. To configure the server to use a broadcast or multicast address, enter the ntpbcast command as shown: ntpbcast <address> [<keyId>] [<version>] [<minpol>] where <address> is the either the domain name or the broadcast or multicast address. ♦ Important Note ♦ A multicast address of 224.0.1.1 has been assigned to NTP. Presently, this is the only address that should be used for multicast messages. The optional configuration items are described below: <keyId>. An unsigned 32-bit integer key identifier for encryption authentication. The default is no key ID. <version>. The version of NTP being used. The options are versions 1, 2, or 3. If no number is entered, it is assumed that version 3 is being used. <minpol>. The minimum poll interval for time checks to this server. The number entered is in seconds raised to the power of 2. Page 12-13 NTP Configuration Menu For example, to add broadcast address 1.1.1.1 with a key identifier of 5, using version 3 of NTP, and a minimum poll time of 16 seconds, you would enter the following: ntpbcast 1.1.1.1 5 3 4 When you have finished press <return>. A brief message appears confirming the addition of a new server. Unconfigure Existing Peer Associations You can remove server, peer, or reference clock associations for this switch using the ntpuncommand. This will remove a selected address from this switch’s list of configured addresses. To do this, enter the ntpunconfig command as follows: config ntpunconfig <address> where <address> is the either the domain name or IP address of the association. For example, to remove a peer association with address 1.1.1.1, enter the following: ntpunconfig 1.1.1.1 When you have finished press <return>. A brief message appears confirming the addition of a new server. You can remove multiple addresses at one time by adding additional addresses to the command. For example, to remove a peer association with address 1.1.1.1 and a reference clock association with address 1.1.1.2, enter: ntpunconfig 1.1.1.1 1.1.1.2 When you have finished press <return>. A brief message appears confirming the removal of the association. Set the Server’s Advertised Precision If necessary, you can adjust the server’s advertised precision. The precision of a server is a signed integer indicating the precision of the clocks in seconds to the nearest power of 2. It determines how accurate the clock is under normal circumstances, and allows NTP to determine which is the best time source for synchronization. To set the servers advertised precision, enter the ntpprec command as shown: ntpprec <interval> where <interval> is the signed integer in seconds. This number must be between -4 and -20. For example, to set the server’s advertised precision to -5, you would enter the following: ntpprec -5 When you have finished press <return>. A brief message appears confirming the change of the advertised precision. ♦ Note ♦ The determination of a server’s advertised precision in based largely on the clock type used as the ultimate time source (stratum 1). Page 12-14 NTP Information Menu NTP Information Menu To view the NTP configuration menu, enter the ntinfo command at the system prompt. If you are using verbose mode, the NTP configuration menu is displayed. Otherwise, enter a question mark (?) at the prompt to display this menu: Command --------------ntplpeers ntppeers ntpdmpeers ntpshowpeer ntpvers ntpinfo NTP Information Menu -------------------------------------------------------display list of peers the server knows about display peer summary information display peer summary info the way Dave Mills likes it display detailed information for one or more peers print version number display local server information Related Menus: Ntconfig Ntinfo Ntstats Ntadmin Ntaccess The main menu options are shown in the Related Menus list for quick access if you need to change menus. Display List of Peers the Server Knows About The ntplpeers command is used to display a brief list of all NTP associations related to this switch (servers, peers, etc.). To display a list of NTP associations, enter the ntplpeers command at the system prompt. A display similar to the following is shown: client 1.1.1.1 client 1.1.1.2 sym_active 1.1.1.3 The list shows the mode this switch is using in relation to the association, and the address of the remote association. The address is either a domain name or an IP address. The available modes are as follows: Symmetric Active (1) A host in this mode sends periodic messages regardless of the reachability state of stratum of its peer. By operating in this mode the host announces its willingness to synchronize and be synchronized by the peer. Symmetric Passive (2) This type of association is ordinarily created upon the arrival of a message from a peer operating in the symmetric active mode and persists only as long as the peer is reachable and operating at a stratum level less than or equal to the host; otherwise the association is dissolved. The association will always persist until at least one message has been sent in reply. By operating in this mode the host announces its willingness to synchronize and be synchronized by the peer. Client (3) A host operating in this mode sends periodic messages regardless of the reachability state of stratum of its peer. By operating in this mode the host, usually a LAN workstation, announces its willingness to be synchronized, but not to synchronize the peer. Page 12-15 NTP Information Menu Server (4) This type of association is ordinarily created upon arrival of a client request message and exists only in order to reply to that request, after which the association is dissolved. By operating in this mode the host, usually a LAN time server, announces its willingness to synchronize, but not be synchronized by the peer. Broadcast (5) A host operating in this mode sends periodic messages regardless of the reachability state or stratum of the peers. By operating in this mode, the host, usually a LAN time server operating on a a high-speed broadcast medium, announces its willingness to synchronize all peers, but not be synchronized by any of them. ♦ Note ♦ The mode of the switch in relation to the remote association is determined when you create the association. See NTP Configuration Menu on page 12-6 for more information on creating NTP associations. Display Peer Summary Information The ntppeers command displays a more detailed version of the ntplpeers command. To display a list of peers that includes summary information, enter the ntppeers command at the system prompt. A screen similar to the following appears: remote local st poll reach delay offset disp ====================================================================== = 1.1.1.1 0.0.0.5 16 64 0 0.00000 0.00000 16.0000 + 1.1.1.2 0.0.0.5 1 64 0 0.00000 0.00000 16.0000 = 1.1.1.3 0.0.0.5 2 64 0 0.00000 0.00000 16.0000 The symbols at the very left of this table note the relationship (mode) of the switch to the remote association. The section below is a key for interpreting these symbols: Page 12-16 + The switch is in symmetric active mode. - The switch is in symmetric passive mode. = The switch is in client mode. ^ The switch is broadcasting to this address. ~ The switch is receiving broadcasts from this address. * The switch is currently synchronizing with this address. NTP Information Menu Field Descriptions The following sections describe the fields displayed using the ntppeers command Remote. The IP address of the remote association. Local. The local interface address assigned by NTP to the 0.0.0.0, then the local address has yet to be determined. remote association. If this address is St. The stratum level of the remote peer. If this number is 16, the remote peer has not been synchronized. Poll. The polling interval, in seconds. Reach. The reachability register of the remote association, in octal format. This number is determined by the NTP algorithm. Delay. The currently estimated delay of this remote association, in seconds. This time is determined by the NTP algorithm. Offset. The currently estimated offset of this remote association, in seconds. This time is determined by the NTP algorithm. Disp. The currently estimated dispersion of this remote association, in seconds. This time is determined by the NTP algorithm. Display Alternate Peer Summary Information The ntpdmpeers command displays a more detailed version of the ntpshowpeer command with a slightly different output than the ntppeers command. To display a list of peers that includes summary information, enter the ntpdmpeers command at the system prompt. A screen similar to the following appears: remote local st poll reach delay offset disp ====================================================================== + 1.1.1.1 0.0.0.5 16 64 0 0.00000 0.00000 16.0000 + 1.1.1.2 0.0.0.5 1 64 0 0.00000 0.00000 16.0000 * 1.1.1.3 0.0.0.5 2 64 0 0.00000 0.00000 16.0000 This table is identical to the ntppeers command except for the symbols displayed on the far left side. A key for the symbols is provided below: . Indicates that the remote association was cast aside during the false ticker detection. + Indicates that the remote association was accepted and not discarded by the false ticker detection. * Indicates the remote association the switch is currently synchronizing with. Page 12-17 NTP Information Menu Display Detailed Information for One or More Peers The ntpshowpeer command allows you to view detailed NTP information about any remote associations of this switch. To view detailed NTP information about a remote association enter the ntpshowpeer command in the following manner: ntpshowpeer <address> where <address> is the either the domain name or IP address of the remote association. For example, to show information for a peer with IP address 1.1.1.4, enter: ntpshowpeer 1.1.1.4 A screen similar to the following is displayed: remote 1.1.1.4, local 0.0.0.6 hmode sym_active, pmode server, stratum 16, precision -7 leap 11, refid [0.0.0.0], rootdistance 0.00000, rootdispersion 0.00000 ppoll 6, hpoll 6, keyid 0, version 3, association 41807 valid 0, reach 000, unreach 0, flash 000, boffset 0.00391, ttl/mode 0 timer 32s, flags config, bclient reference time: 00000000.00000000 Thu, Feb 7 1936 6:28:16.000 originate timestamp: 00000000.00000000 Thu, Feb 7 1936 6:28:16.000 receive timestamp: 00000000.00000000 Thu, Feb 7 1936 6:28:16.000 transmit timestamp: 00000000.00000000 Thu, Feb 7 1936 6:28:16.000 filter delay: 0.00000 0.00000 0.00000 0.00000 0.00000 0.00000 0.00000 0.00000 filter offset: 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 filter order: 7 6 5 4 3 2 1 0 offset 0.000000, delay 0.00000, dispersion 16.00000, selectdisp 0.00000 It is possible to display information from more than one remote association by adding more addresses when entering the ntpshowpeer command. For example, to display information on a peer with IP address 1.1.1.4 and a peer with IP address 1.1.1.5, enter: ntpshowpeer 1.1.1.4 1.1.1.5 Field Descriptions The following section describes the fields displayed using the ntpshowpeer command. Remote. The IP address of the remote association. Local. The local interface address assigned by NTP to the 0.0.0.0, then the local address has yet to be determined. remote association. If this address is Hmode. The host mode of this remote association. There are five possible modes: symmetric active, symmetric passive, client, server, and broadcast. The displayed mode is assumed if this association becomes the switch’s host NTP server. For a description of the modes, see Display List of Peers the Server Knows About on page 12-15. For a description of how to set a switch host NTP server, see Specify the Host Whose NTP Server We Talk To on page 12-34. Pmode. The peer mode of this remote association. There are five possible modes: symmetric active, symmetric passive, client, server, and broadcast. The displayed mode is assumed if this association becomes the switch’s host NTP server. For a description of the modes, see Display List of Peers the Server Knows About on page 12-15. For a description of how to configure a peer, see Configuring a New Peer Association on page 12-12 Stratum. The stratum level of the remote peer. If this number is 16, the remote peer has not been synchronized. Page 12-18 NTP Information Menu Precision. The advertised precision of this association, which is a number from -4 to -20. For information on setting the advertised precision, see Configuring an NTP Client on page 12-6 and Set the Server’s Advertised Precision on page 12-14. Leap. The status of leap second insertion for this association. Leap seconds are seconds that are added to the timestamp of an NTP entity to correct accumulated time errors. The possible values are: 00 No warning. 01 Last minute has 61 seconds. 10 Last minute has 59 seconds. 11 Alarm condition (clock not synchronized). Refid. This is a 32-bit code identifying the particular reference clock. In the case of stratum 0 (unspecified) or stratum 1 (primary reference source), this is a four-octet, left-justified, zeropadded ASCII string. In the case of stratum 2 and greater (secondary reference) this is the four-octet Internet address of the peer selected for synchronization. Rootdistance. This is a signed fixed-point number indicating the total roundtrip delay to the primary reference source at the root of the synchronization subnet, in seconds. Note that this variable can take on both positive and negative values, depending on clock precision and skew. Rootdispersion. This is a signed fixed-point number indicating the maximum error relative to the primary reference source at the root of the synchronization subnet, in seconds. Only positive values are possible. Ppoll. The poll time for this association when it is a peer. This number is the minimum interval between transmitted messages, in seconds as a power of two. For instance, a value of six indicates a minimum interval of 64 seconds. Hpoll. The poll time for this association when it is a host. This number is the minimum interval between transmitted messages, in seconds as a power of two. For instance, a value of six indicates a minimum interval of 64 seconds. KeyID. This is an integer identifying the cryptographic key used to generate the message authentication code. Version. The version of NTP this association is using; the options are 1, 2, or 3. Association. The number of seconds since this NTP entity was associated with the switch. Valid. This is an integer counter indicating the valid samples remaining in the filter register. It is used to determine the reachability state of an association, and when the poll interval should be increased or decreased. Reach. This is a shift register used to determine the reachability status of this peer. The NTP algorithm uses this when determining timestamp information. Unreach. Flash. The number of times this NTP entity was unreachable. This field displays the number of error bits from the packet procedure. Boffset. This field displays the default broadcast delay in seconds. TTL/mode. This fields displays the Time-to-Live (TTL) time in seconds and the mode (unicast, multicast, or broadcast) of NTP messages sent to a broadcast address. For information on configuring an NTP broadcast address, see Configuring a Broadcast Time Service on page 1213. Timer. Shows the number of seconds until the next NTP message is sent to an association. Page 12-19 NTP Information Menu Flags Config. This counter lists what flags have been configured for this NTP entity. For more information about setting flags, see Set a System Flag (Auth, Bclient, Monitor, Stats) on page 12-35. Reference Time. This is the local time, in timestamp format, when the local clock was last updated. If the local clock has never been synchronized, the value is zero. Originate Timestamp. This is the local time, in timestamp format, of the peer when its last NTP message was sent. If the peer becomes unreachable the value is set to zero. Receive Timestamp. This is the local time, in timestamp format, when the latest NTP message from the peer arrived. If the peer becomes unreachable the value is set to zero. Transmit Timestamp. This is the local time, in timestamp format, when the last NTP message was sent from this association. Filter delay. NTP comes with various filter routines as part of the algorithm that determines timestamp information. This field shows the delay in seconds the NTP algorithm uses to correct for delays caused by messages traversing through the NTP filters. Filter offset. NTP comes with various filter routines as part of the algorithm that determines timestamp information. This counter indicates the offset of the peer clock relative to the local clock due to filters. Filter order. The order in which NTP messages pass through filters. Delay. The currently estimated delay of this remote association, in seconds. This number indicates the roundtrip delay of the peer clock relative to the local clock over the network path between them, in seconds. Note that this variable can take on both positive and negative values, depending on clock precision and skew-error accumulation. This time is determined by the NTP algorithm. Offset. The currently estimated offset of this remote association, in seconds. This counter indicates the offset of the peer clock relative to the local clock. This time is determined by the NTP algorithm. Disp. The currently estimated dispersion of this remote association, in seconds. This counter indicates the maximum error of the peer clock relative to the local clock over the network path between them, in seconds. Only positive values greater than zero are possible. This time is determined by the NTP algorithm. Print Version Number The ntpvers is used to show the version number of the xntp file. To display the version number, enter the ntpvers command at the system prompt. A message similar to the following is shown: xntp Fri Apr 9 22:52:46 PDT 1999 (1) Page 12-20 NTP Information Menu Display Local Server Information The ntpinfo command is used to display information about the local switch’s implementation of NTP. To view local switch NTP information, enter the ntpinfo command at the system prompt. A screen similar to the following is shown: system peer: system peer mode: leap indicator: stratum: precision: root distance: root dispersion: reference ID: reference time: system flags: frequency: stability: broadcastdelay: authdelay: 0.0.0.0 unspec 11 16 -7 0.00000 s 0.00000 s [0.0.0.0] 00000000.00000000 Thu, Feb 7 1936 6:28:16.000 monitor stats 0.000 ppm 0.000 ppm 0.003906 s 0.000122 s Field Descriptions The following section explains the fields shown using the ntpinfo command. System peer. The IP address of the switch. System peer mode. The peer mode of this remote association. There are five possible modes: symmetric active, symmetric passive, client, server, and broadcast. The displayed mode is assumed if this association becomes the switch’s host NTP server. For a description of the modes, see Display List of Peers the Server Knows About on page 12-15. For a description of how to configure a peer, see Configuring a New Peer Association on page 12-12. Leap indicator. The status of leap second insertion for this association. Leap seconds are seconds that are added to the timestamp of an NTP entity to correct accumulated time errors. The possible values are: 00 No warning. 01 Last minute has 61 seconds. 10 Last minute has 59 seconds. 11 Alarm condition (clock not synchronized) Stratum. The stratum level of the remote peer. If this number is 16, the remote peer has not been synchronized. Precision. The advertised precision of the switch. It will be a number between -4 and -20. Root distance. This is a signed fixed-point number indicating the total roundtrip delay to the primary reference source at the root of the synchronization subnet, in seconds. Note that this variable can take on both positive and negative values, depending on clock precision and skew. Rootdispersion. This is a signed fixed-point number indicating the maximum error relative to the primary reference source at the root of the synchronization subnet, in seconds. Only positive values are possible. Reference ID. This is a 32-bit code identifying the particular reference clock. In the case of stratum 0 (unspecified) or stratum 1 (primary reference source), this is a four-octet, left-justified, zero-padded ASCII string. In the case of stratum 2 and greater (secondary reference) this is the four-octet Internet address of the peer selected for synchronization. Page 12-21 NTP Information Menu Reference time. This is the local time at which the local clock was last set or corrected. System Flags. This counter lists what flags have been configured for this NTP entity. For more information about setting flags, see Set a System Flag (Auth, Bclient, Monitor, Stats) on page 12-35. Frequency. A number indicating the local clock’s frequency in relation to a reference clock’s Pulse per Second (PPS). If the clock is running in perfect synchronization, this number should be 1. Otherwise, it will be slightly lower or higher in order to compensate for the time difference. Stability. The residual frequency error (in seconds) remaining after the system frequency correction is applied. Broadcastdelay. The broadcast delay, in seconds, of this association. For information on how to set the broadcast delay, see Configuring a Broadcast Time Service on page 12-13. Authdelay. The authentication delay, in seconds, of this association. For information on how to set the authentication delay, see Set the Delay Added to Encryption Time Stamps on page 1233. Page 12-22 NTP Statistics Menu NTP Statistics Menu To view the NTP Statistics Menu, enter the ntstats command at the system prompt. If you are in verbose mode the NTP configuration menu is displayed. Otherwise, enter a question mark (?) at the prompt to display this menu: Command --------------ntpstat ntppstat ntploopinfo ntpmem ntpio ntptimer ntpreset ntppreset ntpctlstat ntpleap ntpmon ntpmlist NTP Statistics Menu -------------------------------------------------------display local server statistics display server statistics associated with particular peer(s) display loop filter information display peer memory usage statistics display I/O subsystem statistics display event timer subsystem statistics reset various subsystem statistics counters reset stat counters associated with particular peer(s) display packet count statistics from the control module display the current leap second state turn the server's monitoring facility on or off display data the server's monitor routines have collected Related Menus: Ntconfig Ntinfo Ntstats Ntadmin Ntaccess The main menu options are shown in the Related Menus list for quick access if you need to change menus. Display Local Server Statistics The ntpstat command allow you to view statistics for the local NTP entity (switch). To view statistics, enter the ntpstat command at the system prompt. A display similar to the following is displayed: system uptime: time since reset: bad stratum in packet: old version packets: new version packets: unknown version number: bad packet length: packets processed: bad authentication: limitation rejects: 0 0 0 0 16 0 0 0 0 0 Page 12-23 NTP Statistics Menu Field Descriptions The following section describes the fields displayed using the ntpstat command. system uptime. The number of seconds the local NTP server has been associated with the switch. time since reset. The number of seconds since the last time the local NTP server was restarted. bad stratum in packet. The number of NTP packets received that had a corrupted stratum bit in the data of the packet. old version packets. The number of NTP packets received that were of an older version of NTP (either version 1 or 2). new version packets. The number of NTP packets received that were version 3 of NTP. unknown version number. The number of NTP packets received for which the version was unknown (most likely due to packet corruption). bad packet length. The number of NTP packets received that did not fit the NTP packet structure (most likely due to packet corruption). packets processed. The total number of NTP packets processed. bad authentication. The number of NTP packets rejected because they did not meet authentica- tion standards. limitation rejects. The number of NTP packets rejected because there were restrictions set on their point of origin. For information on setting restrictions, see Create Restrict Entry/Add Flags to Entry on page 12-39. Display Server Statistics Associated with Particular Peer(s) The ntppstat command allows you to view statistics for a specific NTP peer. To view statistics for a peer, enter the ntppstat command as shown: ntppstat <ipAddress> where <ipAddress> is the address of the peer for which you want to view statistics. For example, to view statistics for a peer with IP address 131.218.18.4, enter the following: ntppstat 131.216.18.4 A screen similar to the following displays: remote host local interface time last received time until next send reachability change packets sent packets received bad authentication bogus origin duplicate bad dispersion bad reference time candidate order Page 12-24 : 131.216.18.4 : 0.0.0.0 : 9s : 6s : 2973s : 184 : 181 :2 :2 :6 : 69 :1 :1 NTP Statistics Menu Field Descriptions The following section describes the fields displayed using the ntppstat command. remote host. The IP address of the host whose statistics you are viewing. local interface. The local interface address assigned address is 0.0.0.0, then the local address has yet to by NTP to the remote association. If this be determined. time last received. The number of seconds since the last NTP message packet was received from another NTP entity in the network. time until next send. The number of seconds until this NTP peer sends out an NTP message packet. reachability change. This field displays the number of times this client/server’s reachability has changed. packets sent. The number of NTP message packets this peer has sent out. packets received. The number of NTP message packets this peer has received. bad authentication. The number NTP message packets this peer has rejected due to failed authentication. bogus origin. The number of times a response packet from another NTP entity doesn’t match the request packet sent out by this client/server. duplicate. The number of identical NTP message packets this peer has received. bad dispersion. The number of packets that were discarded due to overly large error disper- sions. bad reference time. The number of packets that were discarded because the contained reference time didn’t match the local peer expectation. candidate order. A number that represents this client/server’s synchronization order. A lower number represents a reliable synchronization source. Page 12-25 NTP Statistics Menu Display Loop Filter Information The loop filter is used to control and correct the phase of timestamps as processed by the local clock. The loop filter examines timestamps sent to and from the local clock and can adjust them to account for natural wander and jitter. To view the statistics of the loop filter, enter the ntploop command at the system prompt. A screen similar to the following is shown: offset: frequency: poll adjust: watchdog timer: 0.000000 s 0.000 ppm 0 0s All of these field variables are determined by the NTP algorithm Field Descriptions The following section describes the fields displayed using the ntploop command. offset. The currently estimated offset of this remote association, in seconds. This counter indicates the offset of the peer clock relative to the local clock. frequency. A number indicating the local clock’s frequency in relation to a reference clock’s Pulse per Second (PPS). If the clock is running in perfect synchronization, this number should be 1. Otherwise, it will be slightly lower or higher in order to compensate for the time discrepancy between the reference clock and the local clock. poll adjust. The number of times the poll time has been adjusted to conform to the network. watchdog timer. The number of seconds since the local clock for this client/server was last adjusted. Display Peer Memory Usage Statistics The memory usage for the NTP information on the switch can be displayed using the ntpmem command. To view memory information, enter the ntpmem command at the system prompt. A screen similar to the following is shown: time since reset: total peer memory: free peer memory: calls to findpeer: new peer allocations: peer demobilizations: hash table counts: 0 15 11 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 Field Descriptions The following section describes the fields displayed using the ntpmem command. time since reset. The number of seconds since the last reset of NTP (usually a reboot of the switch). total peer memory. The total number of NTP associations possible for this switch. free peer memory. The number of available spots on this switch for NTP associations. Page 12-26 NTP Statistics Menu calls to findpeer. The number of times the switch sent an NTP packet of any kind to a configured NTP association. new peer allocations. The number of new NTP associations created since the last restart. peer demobilizations. The number NTP associations lost since the last restart. hash table counts. The number of peer tables hashed to the index. Display I/O Subsystem Statistics The ntpio command allows you to view general statistics on received and transmitted NTP packets for this switch. To view the I/O statistics, enter the ntpio command at the system prompt. A screen similar to the following is displayed: time since reset: receive buffers: free receive buffers: used receive buffers: low water refills: dropped packets: ignored packets: received packets: packets sent: packets not sent: interrupts handled: received by int: 0 10 9 0 0 0 0 18 17 0 18 18 Field Descriptions The following section describes the fields displayed using the ntpio command. time since reset. receive buffers. The number of seconds since the last restart of NTP. The number of switch receive buffers currently allocated by this NTP entity. free receive buffers. The number of free receive buffers. used receive buffers. low water refills. The number of times memory has been added. dropped packets. ignored packets. The number of packets discarded due to lack of resources (i.e., memory). The number of packets ignored by this client/server. received packets. packets sent. The number of receive buffers being used. The total number of NTP packets received by the switch. The total number of NTP packets sent by the switch. packets not sent. The number of NTP packets generated but not sent due to restrictions. For information on NTP restrictions, see Create Restrict Entry/Add Flags to Entry on page 12-39. interrupts handled. The number of times NTP information was interrupted in the process of transmitting or receiving. received by int. The number of packets received by interrupts. Page 12-27 NTP Statistics Menu Display Event Timer Subsystem Statistics The ntptimer command allows you to view significant NTP events that have occurred on this switch. To view significant NTP events, enter the ntptimer command at the system prompt. A screen similar to the following is displayed: time since reset: alarms handled: alarm overruns: calls to transmit: 0 0 0 0 Field Descriptions The following section describes the fields displayed using the ntptimer command. time since reset. The number of seconds since the last reset of NTP. alarms handled. The number of NTP alarms generated by this switch. NTP alarms occur when the NTP algorithm determines that an NTP entity is out of synchronization. alarm overruns. The number of times the NTP alarm routine was backed up. calls to transmit. The number of requests from other NTP entities for information, either configuration, statistical, or timestamp. Reset Various Subsystem Statistics Counters To reset the counters displayed for the commands used in the NTP Statistics Menu (ntpstat, ntploopinfo, ntpio, and ntptimer), use the ntpreset command. To reset the statistics, enter the ntpreset command at the system prompt followed by one or more of the following flags: • io • sys • mem • timer • auth • allpeers A brief message is displayed confirming the command. Reset Stat Counters Associated With Particular Peer(s) It is possible to remotely reset statistics for other NTP associations from the switch. To reset statistics for an NTP association, enter the ntppreset command as follows: ntppreset <address> where <address> is the either the domain name or IP address of the remote association. For example, to reset statistics for a peer with IP address 1.1.1.4, enter: ntppreset 1.1.1.4 Page 12-28 NTP Statistics Menu It is possible to reset the statistics for more than one NTP association at a time by adding more than one address to the command. For example, to reset statistics for a peer with IP address 1.1.1.4 and a peer with IP address 1.1.1.5, you would enter: ntppreset 1.1.1.4 1.1.1.5 A brief message is displayed confirming the command. Display Packet Count Statistics from the Control Module In a comprehensive network-management environment, facilities should exist to perform routine NTP control and monitoring functions. The control module of NTP is responsible for sending and receiving control messages. To display the statistics for the control module, enter the ntpctlstat command at the system prompt. A screen similar to the following is shown: time since reset: requests received: responses sent: fragments sent: async messages sent: error msgs sent: total bad pkts: packet too short: response on input: fragment on input: error set on input: bad offset on input: bad version packets: data in pkt too short: unknown op codes: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Field Descriptions The following section describes the fields displayed using the ntpctlstat command. time since reset. The number of seconds since the last reset of NTP (usually a switch reboot). requests received. The number of NTP requests received from any NTP association. responses sent. The number of NTP messages sent from this switch in response to NTP association requests. fragments sent. The number of NTP messages sent from this switch that did not contain all appropriate NTP data. This can occur if timestamp information from other NTP entities is judged by this switch to be incorrect. async messages sent. The number of async trap packets sent. error msgs sent. The number of error messages sent from the switch to other NTP entities because the switch was not able to respond to the NTP entity’s request. total bad pkts. The total number of packets received that NTP was not able to read. packet too short. The number of packets received that NTP rejected because the packet was the incorrect length. response on input. The number of packets received that required the switch to respond to the sender with an NTP message. fragment on input. The number of packets received that the switch that did not contain complete NTP data. error set on input. The number of input control packets received with the error bit set. Page 12-29 NTP Statistics Menu bad offset on input. The number of NTP timestamps received that the switch disallowed because the added time offset parameter appeared to be incorrect. This can occur if an NTP entity becomes unsynchronized and generates false timestamp information. bad version packets. The number of packets received where the version number of NTP was undefinable. This is usually caused by packet corruption. data in pkt too short. The number of packets received that NTP rejected because the packet information was incomplete. unknown op codes. The number of NTP packets received that contained an unreadable request or information. This is usually caused by packet corruption. Display the Current Leap Second State If necessary, NTP adds or subtracts a second from the timestamps sent out on the network to correct for errors in time information. These modifications are called leap seconds. To display leap second information for the switch, enter the ntpleap command at the system prompt. A screen similar to the following is displayed: sys.leap: leap.indicator: leap.warning: leap.bits: time to next leap interrupt: date of next leap interrupt: calls to leap process: leap more than month away: leap less than month away: leap less than day away: leap in less than 2 hours: leap happened: 11 (clock out of sync) 00 (leap controlled by lower stratum) 00 (leap controlled by lower stratum) 00 (no leap second scheduled) 1s Tue, Jul 6 1999 12:38:45 0 0 0 0 0 0 Field Descriptions The following section describes the fields displayed using the ntpleap command. sys.leap. The current status of the leap second monitor. There are four possible codes: 00 No warning. 01 Last minute has 61 seconds. 10 Last minute has 59 seconds. 11 Alarm condition (clock not synchronized) leap.indicator. leap.warning. leap.bits. The number of leap seconds that occurred during the current day. The number of leap seconds that will occur in the current month. The number of leap bits set within the last hour. time to next leap interrupt. A leap interrupt occurs when the NTP algorithm examines the topology of the network and determines if a leap second is needed (it may or may not be necessary at the time of the interrupt). This counter displays seconds until the next interrupt. date of next leap interrupt. The time, in standard date notation, of the next leap interrupt after the most current leap interrupt is finished. calls to leap process. The number of times a leap second has been added or subtracted. leap more than month away. Page 12-30 A scheduled leap second insertion more than a month away. NTP Statistics Menu leap less than month away. A scheduled leap second insertion less than a month away. leap less than day away. A scheduled leap second insertion less than a day away. leap in less than 2 hours. A scheduled leap second insertion less than two hours away. leap happened. The date of the last leap second insertion. Turn the Server's Monitoring Facility On or Off The Server Monitoring Facility keeps track of all NTP association for this switch. When it is On, it is possible to display a list of all NTP associations. For more information on displaying the Monitoring Facility list of NTP associations, see Display Data The Server's Monitor Routines Have Collected on page 12-31. To turn the Monitoring Facility on or off, enter the ntpmon command as shown: ntpmon <on:off> where <on:off> is the status of the monitoring facility. For example, to turn the facility on, enter: ntpmon on Display Data The Server's Monitor Routines Have Collected If the NTP monitoring facility is turned on, you can display a list of all known NTP associations with general information using the ntpmlist command. To display a list of collected monitoring statistics, enter the ntpmlist command at the system prompt. A screen similar to the following is displayed: remote address port local address count m ver drop last first ======================================================================= 127.0.0.1 1025 127.0.0.1 1 7 3 0 0 0 This table is useful in establishing which entity is associated with the switch, and if entities have formed associations independent of administrator configuration (for example, if a user sets up an association with NTP without notifying the network administrator). Page 12-31 NTP Statistics Menu Field Descriptions The following section describes the fields displayed using the ntpmlist command. remote address. The IP address of the remote association. port. The port the association was learned on and on which the association communicates with the switch. ♦ Note ♦ This is the TCP and UDP definition of a port, not a switch interface port. local address. The local interface address for this association as created by the NTP configuration on the switch. count. m. The number of NTP packets received from this association. The mode the NTP associations uses in relation to the switch. ver. The version of NTP the association is using (1,2, or 3) drop. The number of NTP packets received from this association that were dropped (due to restrictions, bad packet data, etc.). last. The number of seconds since the last NTP message was received from this association. first. The number of seconds since the first NTP message was received from this association. Page 12-32 NTP Administration Menu NTP Administration Menu To view the NTP Administration Menu, enter the ntadmin command at the system prompt. If you are using verbose mode the NTP configuration menu is displayed. Otherwise, enter a question mark (?) at the prompt to display this menu: Command --------------ntptimeo ntpdelay ntphost ntppasswd ntpkeyid ntpkeytype ntpdisable ntpenable NTP Administration Menu -------------------------------------------------------set the primary receive time out set the delay added to encryption time stamps specify the host whose NTP server we talk to specify a password to use for authenticated requests set keyid to use for authenticated requests set key type to use for authenticated requests (des|md5) clear a system flag (auth, bclient, monitor, stats) set a system flag (auth, bclient, monitor, stats) Related Menus: Ntconfig Ntinfo Ntstats Ntadmin Ntaccess The main menu options are shown in the Related Menus list for quick access if you need to change menus. Set the Primary Receive Timeout The ntptimeo command allows you to specify the number of milliseconds the server waits for a response to queries before the operation times out. The default is 8000 milliseconds. To change the timeout, enter the ntptimeo command as shown: ntptimeo <value> where <value> is the number of milliseconds of the new timeout length. For example, to set the timeout value to 3000 milliseconds, enter the following: ntptimeo 3000 To view the current timeout setting with out changing it, enter the ntptimeo command with no value. A message similar to the following is shown: primary timeout is 6000 ms Set the Delay Added to Encryption Time Stamps The ntpdelay command specifies a set time interval to add to timestamps included in server requests that require authentication. This can be used to enable server configuration over long delay network paths or between machines whose clocks are not synchronized. To set the delay time, enter the ntpdelay command as shown: ntpdelay <value> where <value> is the number of milliseconds of the new delay time length. For example, to set the delay value to 30 milliseconds, enter the following: ntpdelay 30 To view the current delay setting with out changing it, enter the ntpdelay command with no value. A message similar to the following is shown: delay 30 ms Page 12-33 NTP Administration Menu Specify the Host Whose NTP Server We Talk To The ntphost command specifies the name of the NTP server to which server queries are sent. This can be a domain name or an IP address. The default is localhost (the local server). To change the NTP server for the switch, enter the ntphost command as shown: ntphost <address> where <address> is the either the domain name or IP address of the NTP server. For example, to configure the switch to use an NTP server with an IP address of 1.1.1.4, enter: ntphost 1.1.1.4 To view the current NTP server used by the switch, enter the ntphost command at the prompt with no address. A message similar to the following is shown: current host is 1.1.1.4 Specify a Password to Use for Authenticated Requests The ntppasswd command allows you to specify a password that must be entered when making configuration requests. The password must correspond to the key configured for use by the NTP server. To specify a password: 1. Enter the ntppasswd command at the system prompt. A prompt displays asking for the Key ID number for the server, as shown: Keyid: Enter the key ID number for the server (as specified in the key file) and press <return>. 2. The following prompt appears requesting a password, as shown: Password: Enter the new password. This password is now required before making a configuration request of the server. Set Key ID to Use for Authenticated Requests The ntpkeyid command allows you to specify a key number to be used to authenticate configuration requests. This must correspond to the key number the server has been configured to use in the key file. To set a new key ID, enter the ntpkeyid command as shown: ntpkeyid <value> where <value> is the new key ID number. For example, to set the key ID to 2, you would enter the following: ntpkeyid 2 To view the currently configured key ID, enter the ntpkeyid command at the prompt and press <return>. A message similar to the following is shown: keyid is 2 Page 12-34 NTP Administration Menu Set Key Type to Use for Authenticated Requests (DES|MD5) NTP supports two types of encryption: DES or MD5. If you decide to use encryption to authenticate NTP information and configuration requests, you must specify which type of encryption to use. To specify an encryption type enter the ntpkeytype command as shown: ntpkeytype <value> where <value> is either DES or MD5. For example, to set the key type to MD5, you would enter: ntpkeytype MD5 To view the currently specified key type, enter the ntpkeytype command at the system prompt, and press <return>. A message similar to the following is displayed: keytype is MD5 Set a System Flag (Auth, Bclient, Monitor, Stats) The ntpenable command provides a way to enable various server options by creating flags added to NTP messages sent to the server. To set a system flag, enter the ntpenable command as shown: ntpenable <flag> where <flag> is the type of flag the server will receive. There are six flag types that can be set: auth This flag causes the server to synchronize with unconfigured peers only if the peer has been correctly authenticated using a trusted key and key identifier. The default for this flag is disabled (off). bclient This flag causes the server to listen for a message from a broadcast or multicast server, following which an association is automatically instantiated for that server. The default for this flag is disabled (off). monitor This flag enables the monitoring facility. The default for this flag is disabled (off). stats This flag enables the statistics facility file generator. The default for this flag is enable (on). When you have finished specifying a flag, press <enter>. A brief message appears to confirm the operation. Clear a System Flag (Auth, Bclient, Monitor, Stats) The ntpdisable command allows you to remove previously set flags from NTP messages sent to the server. To disable a flag, enter the ntpdisable command as follows: ntpdisable <flag> where <flag> is the type of flag the server will receive. There are six flag types that can be set and removed. The flags are described in the section Set a System Flag (Auth, Bclient, Monitor, Stats) on page 12-35. Page 12-35 NTP Access Control Menu NTP Access Control Menu To view the NTP Access Control Menu, enter the ntaccess command at the system prompt. If you are using verbose mode the NTP configuration menu is displayed. Otherwise, enter a question mark (?) at the prompt to display this menu: Command --------------ntpreqk ntpctlk ntpckey ntpvkey ntpdkey ntpauth ntpcres ntpvres ntpmres ntpdres ntpctrap ntpvtrap ntpdtrap NTP Access Control Menu -------------------------------------------------------change the request message authentication keyid change the control message authentication keyid add one or more key ID's to the trusted list display the trusted key ID list remove one or more key ID's from the trusted list display the state of the authentication code create restrict entry/add flags to entry view the server's restrict list remove flags from a restrict entry delete a restrict entry configure a trap in the server display the traps set in the server remove a trap (configured or otherwise) from the server Related Menus: Ntconfig Ntinfo Ntstats Ntadmin Ntaccess The main menu options are shown in the Related Menus list for quick access if you need to change menus. Change the Request Message Authentication Key ID There are two types of messages an NTP entity can send to another NTP entity: request and control. Request messages ask for information from the NTP entity such as timestamp information, statistics, etc. It is possible to change the authentication key identifier for request messages sent from the switch to another NTP entity. To change the authentication key ID, enter the ntpreqk command as shown: ntpreqk <value> where <value> is the new key ID. Press <return>, and a brief message is displayed confirming the operation. ♦ Note ♦ The authentication key ID must match in both the switch sending the message and the switch receiving the message. Page 12-36 NTP Access Control Menu Change the Control Message Authentication Key ID There are two types of messages an NTP entity can send to another NTP entity: request and control. Control messages attempt to change the configuration of the NTP entity in some fashion. It is possible to change the authentication key identifier for control messages sent from the switch to another NTP entity. To change the authentication key ID, enter the ntpctlk command as shown: ntpctlk <value> where <value> is the new key ID. Press <return>, and a brief message is displayed confirming the operation. ♦ Note ♦ The authentication key ID must match in both the switch sending the message, and the switch receiving the message. Add One or More Key ID's to the Trusted List The trusted list in the key file is a list of all keys that are considered authentic and uncompromised. Messages from an NTP entity using one of these keys are accepted and acted upon. It is possible to add a key to the trusted list. To add a key ID to the trust list in the key file, enter the ntpckey command as shown: ntpckey <value> where <value> is the new key ID to be added to the trusted list. For example, to add key ID 5 to the trusted list, enter the following: ntpckey 5 A brief message is displayed confirming the operation. ♦ Note ♦ Adding a key ID using the ntpckey command adds the key to the working version of the key file in the switch’s RAM. If you reset the switch or re-initialize NTP, the added key is lost. Display the Trusted Key ID List The trusted list in the key file is a list of all keys that are considered authentic and uncompromised. Messages from an NTP entity using one of these keys are accepted and acted upon. To display a list of the trusted keys for this NTP client or server, enter the ntpvkey command at the system prompt. A list of the key numbers accepted by this client or server is displayed. For more information on authentication, see NTP and Authentication on page 12-4. Page 12-37 NTP Access Control Menu Remove One or More Key ID's from the Trusted List The trusted list in the key file is a list of all keys that are considered authentic and uncompromised. Messages from an NTP entity using one of these keys are accepted and acted upon. It is possible to remove a key from the trusted list. To remove a key ID from the trusted list, enter the ntpdkey command as shown: ntpdkey <value> where <value> is the new key ID to be remove from the trusted list. For example, to remove key ID 5 from the trusted list, enter the following: ntpdkey 5 A brief message is displayed confirming the operation. ♦ Note ♦ Removing a key ID using the ntpdkey command removes the key from the working version of the key file in the switch’s RAM. If you reset the switch or reinitialize NTP, the removed key is reinstated. Display the State of the Authentication Code The ntpauth command allows you to look at the statistics of the authentication routine. These statistics consist of counters for various functions of the authentication code. To view the statistics of the authentication code, enter the ntpauth command at the system prompt. A screen similar to the following is shown: time since reset: key lookups: keys not found: uncached keys: encryptions: decryptions: 0 0 0 0 0 0 Field Descriptions The following sections explains the fields displayed using the ntpauth command. time since reset. key lookups. The number of seconds since the last restart of the switch. The number of times the switch has examined the key file to find a key. keys not found. The number of times the switch failed to find a key in its key file. uncached keys. The number of keys added to the key file using the ntpckey command. encryptions. The number of times the switch sent NTP messages or information out in encrypted form. decryptions. The number of times the switch received NTP messages of information that was encrypted, and successfully decrypted the information. Page 12-38 NTP Access Control Menu Create Restrict Entry/Add Flags to Entry It is possible to place restriction flags on specific NTP entities in relation to the switch. Restriction flags prevent messages or information coming from the NTP entity from affecting the switch. To create a restriction flag, enter the ntpcres command as shown: ntpcres <address> <mask> <restriction> where <address> is the IP address of the NTP entity, <mask> is the entity’s subnet mask, and <restriction> is the specific flag you want to place on the entity. For example to put an ignore restriction on an entity with address 1.1.1.1 and a subnet mask of 255.255.0.0, enter the following: ntpcres 1.1.1.1 255.255.0.0 ignore The following is a list of possible restriction flags that can be used: ignore Ignore all packets from hosts which match this entry. If this flag is specified neither queries nor time server polls will be responded to. noquery Ignore all NTP information queries and configuration requests from the source. Time service is not affected. nomodify Ignore all NTP information queries and configuration requests that attempt to modify the state of the server (i.e., run time reconfiguration). Queries which return information are permitted. notrap Decline to provide control message trap service to matching hosts. The trap service is a subsystem of the control message protocol which is intended for use by remote event logging programs. lowpriotrap Declare traps set by matching hosts to be low priority. The number of traps a server can maintain is limited (the current limit is 3). Traps are usually assigned on a first come, first serve basis, with later trap requestors being denied service. This flag modifies the assignment algorithm by allowing low priority traps to be overridden by later requests for normal priority traps. For more information on setting traps see Configure a Trap in the Server on page 12-41 noserve Ignore NTP packets other than information queries and configuration requests. In effect, time service is denied, though queries may still be permitted. nopeer Provide stateless time service to polling hosts, but do not allocate peer memory resources to these hosts even if they otherwise might be considered useful as future synchronization partners. notrust Treat these hosts normally in other respects, but never use them as synchronization sources. Page 12-39 NTP Access Control Menu limited These hosts are subject to a limitation of the number of clients from the same net. Net in this context refers to the IP notion of net (class A, class B, class C, etc.). Only the first client limit hosts that have shown up at the server and that have been active during the last client limit period (in seconds) are accepted. Requests from other clients from the same net are rejected. Only time request packets are taken into account. Query packets sent by the ntpq and xntpdc programs are not subject to these limits. A history of clients is kept using the monitoring capability of xntpd. Thus, monitoring is always active as long as there is a restriction entry with the limited flag. For more information on enabling monitoring, see Turn the Server's Monitoring Facility On or Off on page 12-31. ntpport This is actually a match algorithm modifier, rather than a restriction flag. Its presence causes the restriction entry to be matched only if the source port in the packet is the standard NTP UDP port (123). Both ntpport and non-ntpport may be specified. The ntpport is considered more specific and is sorted later in the list. View the Server's Restrict List The ntpvres command allows you to view a list of all the configured restrictions for the switch. To view a list of configured restriction, enter the ntpvres command at the system prompt. A screen similar to the following appears: address mask count flags ============================================================== 0.0.0.0 0.0.0.0 12 none 127.0.0.1 255.255.255.255 0 ntpport, ignore Field Descriptions The following section describes the fields displayed with the ntpvres command. address. mask. The IP address of the NTP entity for which flags have been configured. The subnet mask of the NTP entity for which flags have been configured. count. The number of NTP messages from the NTP entity that have been affected by the configured flags. flags. The flags configured for this NTP entity. For a description of all possible flags, see Create Restrict Entry/Add Flags to Entry on page 12-39. Page 12-40 NTP Access Control Menu Remove Flags from a Restrict Entry It is possible to place restriction flags on specific NTP entities in relation to the switch. Restriction flags prevent messages or information coming from the NTP entity from affecting the switch. To remove a restriction flag from an NTP entity, enter the ntpmres command as shown: ntpmres <address> <mask> <restriction> where <address> is the IP address of the NTP entity, <mask> is the entity’s subnet mask, and <restriction> is the specific flag you want to remove from the entity. For example, to remove an ignore restriction from an entity with address 1.1.1.1 and a subnet mask of 255.255.0.0, enter the following: ntpmres 1.1.1.1 255.255.0.0 ignore Delete a Restrict Entry To remove an entry completely from the restriction list, enter the ntpdres command in the following manner: ntpdres <address> <mask> where <address> is the IP address of the NTP entity, and <mask> is the entity’s subnet mask. For example to remove an entity with address 1.1.1.1 and a subnet mask of 255.255.0.0, enter the following: ntpmres 1.1.1.1 255.255.0.0 This entity will no longer be listed in the restriction list and has no restriction flags placed on messages it sends to the switch. Configure a Trap in the Server The ntpctrap command allows you to set a trap receiver for the given address and port number. The trap receiver will log event messages and other information for the server in a log file. To create a trap receiver, enter the ntpctrap command in the following manner: ntpctrap <address> [<port>] [<interface>] where address is the IP address of the switch. There are two optional items you can specify: port The port on the switch used for sending NTP messages. If no port is specified, a default port of 18447 is used. ♦ Note ♦ This is the TCP and UDP definition of a port, not a switch interface port. interface The local interface address for this NTP entity. If no interface is specified, the interface for the local NTP entity is used. For more information on interface addresses, see Display Peer Summary Information on page 12-16. Page 12-41 NTP Access Control Menu Display the Traps Set in the Server The ntpvtrap command allows you to view a list of trap receivers set for the server. To view the trap list, enter the ntpvtrap command at the system prompt. A display similar to the following is shown: address 127.0.0.1, port 18447 interface: 0.0.0.5, configured set for 0 seconds, last set 0 seconds ago sequence 1, number of resets 1 Field Descriptions The following section describes the fields shown with the ntpvtrap command. address. port. The address of the server where the trap was set. The port on which the server is listening for NTP messages. ♦ Note ♦ This is the TCP and UDP definition of a port, not a switch interface port. interface. The local interface address of the NTP server. set for n seconds. last set. The time the trap was initially set. The time in seconds from when the last trap was set for this server. sequence. The number of times the trap was set. number of resets. The number of times the trap has been reset. Remove a Trap (Configured or Otherwise) from the Server The ntpdtrap command allows you to remove a trap receiver for the given address. The trap receiver will log event messages an other information for the server in a log file. To delete a trap receiver, enter the ntpdtrap command in the following manner: ntpctrap <address> [<port>] [<interface>] where address is the IP address of the switch. There are two optional items you can specify: port. The port on the switch used for sending NTP messages. ♦ Note ♦ This is the TCP/IP and UDP definition of a port, not a switch interface port. interface. Page 12-42 The local interface address for this NTP entity. For more information on interface addresses, see Display Peer Summary Information on page 12-16. 13 SNMP (Simple Network Management Protocol) Introduction Simple Network Management Protocol (SNMP) is an application layer protocol that allows network devices to exchange management information. SNMP works by sending messages, called protocol data units (PDUs), to network devices. Network administrators use SNMP to monitor network performance and to solve network problems. An SNMP-managed network is comprised of three fundamental parts: agents, managed devices, and network management systems (NMSs). An agent, which resides within a managed device (i.e., a switch), is responsible for translating its local knowledge of management information into a form compatible with SNMP. When certain defined asynchronous events occur within a switch, the managed device sends traps, using the SNMP protocol, to a designated NMS. The NMS then views and monitors the switch’s information through management software applications such as HP Open View or X-Vision. SNMP parameters and traps are configurable through the snmpc command. For more information on this command, refer to Configuring SNMP Parameters and Traps on page 13-2. You can view SNMP statistics through the snmps command. For more information on this command, refer to Viewing SNMP Statistics on page 13-8. Both of these commands are also listed on the Networking menu. Page 13-1 Configuring SNMP Parameters and Traps Configuring SNMP Parameters and Traps The snmpc command allows you to configure SNMP parameters and set traps that will be sent to network management stations. The snmpc command also enables you to add, modify, or delete SNMP parameters. The snmpc command is listed under the Networking menu. For more information about the networking menu, see Chapter 25, “IP Routing.” To configure SNMP parameters, enter the following command: snmpc A screen similar to the following displays: SNMP current configuration: 1) 2) 3) 4) 5) 6) 7) Process SNMP Packets Utilization Threshold Set Community Name Get Community Name Trap Community Name Broadcast Traps 0 Unicast Traps - enabled - 60% - public - public - public - disabled - disabled (save/quit/cancel) : • To change a value, enter the number corresponding to that value, an equal sign (=), and the new value. For example, to enable broadcast traps, enter 5=enabled. • To clear an entry, specify the value as a period (.), as in 2=. Note that true/false values and enabled/disabled values cannot be cleared. • To save all your modifications, enter save. • To cancel all your modifications, enter Cancel or Ctrl-C . • To view the parameters currently configured, enter a question mark (?). 1) Process SNMP Packets To enable or disable SNMP, enter 1, an equal sign (=), and the enable or disable command. The following is an example: 1=enable 2) Utilization Threshold Utilization is the percentage of time that a resource is in use over a given period of time. Setting the Utilization Threshold places an upper limit on system utilization. To set this value, enter 2, an equal sign (=), and an integer between 1 and 99 to represent percentage of time in use. The default Utilization Threshold is 60%. 2=60% Page 13-2 Configuring SNMP Parameters and Traps 3) Set Community Name The Set Community Name variable is a password (up to 16 characters) that enables NMS stations to read and write objects through SNMP. The default Set Community Name is “public,” which allows all NMS stations read access to readable objects. If you want to specify a Set Community Name password, enter a 2, an equal sign (=), and the new Set Community Name. The following is an example: 2=alpha ♦ Note ♦ Set Community Names with spaces must be enclosed in quotations (e.g., “test lab”). 4) Get Community Name The Get Community Name variable is a password (up to 16 characters) that enables NMS stations to read objects defined in the MIBs. The default Get Community Name is “public,” which allows all NMS station read access to readable objects. If you want to specify a Get Community Name password, enter a 2, an equal sign (=), and the new Get Community Name. The following is an example display: 2=beta ♦ Note ♦ Get Community Names with spaces must be enclosed in quotations (e.g., “data center”). 5) Trap Community Name The Trap Community Name (up to 16 characters) is a password that enables NMS stations to collect traps (provided the NMS stations are configured with the same corresponding Trap Community Name). The default Trap Community Name is “public,” which allows the switch to send traps to all NMS stations configured with the Trap Community Name, “public.” If you want to specify a Trap Community Name password, enter a 4, an equal sign (=), and the new Trap Community Name. The following is an example display. 4=trap1 ♦ Note ♦ Trap Community Names with spaces must be enclosed in quotations (e.g., “trap 1”). Page 13-3 Configuring SNMP Parameters and Traps 6) Broadcast Traps When broadcast traps are enabled, the switch transmits traps to all NMS stations in the default group. If you enable this parameter, unicast traps (see option 6 below) will automatically be disabled. The default for broadcast traps is disabled. To enable broadcast traps, enter the following command: 5=enabled The following prompt displays: UDP destination port (162): Enter the UDP destination port for the traps. UDP port 162 is the default port and is commonly used for traps; however, the destination port can be re-defined to accommodate a network management station using a nonstandard port. ♦ Note ♦ The destination port configured here must correspond to the UDP destination port configured at the receiving network management station(s). 7) Unicast Traps When unicast traps are enabled, the switch transmits traps only to the IP address(es) defined in the snmpc list below this field. ♦ Note ♦ If both broadcast and unicast traps are disabled, then the switch does not transmit any traps. If you enable this parameter, broadcast traps (see option 5 above) will automatically be disabled. The default for unicast traps is disabled. To enable unicast traps, enter the following command: 6=enabled Configuring a New Network Management Station a. To define a new network management station, enter 8, followed by an equal sign (=), and the IP address of the network management station to receive traps. You can define a maximum of ten network management stations. They must be numbered sequentially from 8 through 17. If network management stations are already shown on the display for this menu, use the next highest number to add another station. The following is an example of how to define the first network management station: 8=123.12.1.1 The following prompt displays: Enter trap mask words 0:1 (ffffffff:ffffffff): Each trap in the switch is assigned a mask that consists of “words”. The mask value ffffffff:ffffffff indicates that all traps are enabled for words 0 and 1. If you want to accept this default (all traps enabled for words 0 and 1), press <Enter>. If you want to enable one or more specific traps for words 0 and 1, you must calculate their bit configurations and enter the new mask value at the prompt. Trap types and their bit positions are listed in the tables beginning on page 13-11. Page 13-4 Configuring SNMP Parameters and Traps Here is a sample configuration for setting a combination of traps. Bit Configurations for Setting Traps word 0 (4 bytes) 00 00 00 00 word 1 (4 bytes) : 00 00 00 00 bit 0 Example: bit 0 To set a combination of trap types, add the hex values of the bits as follows: Trap Type Bit Settings Word 0 Word 1 tempAlarm 00 00 00 00 : 00 00 00 01 risingAlarm 00 00 40 00 : 00 00 00 00 fallingAlarm 00 00 80 00 : 00 00 00 00 portPartitioned 00 00 00 00 : 00 00 02 00 Total = 00 00 C0 00 : 00 00 02 01 You would then enter the total mask value of the traps, as follows: Enter trap mask words 0:1 (ffffffff:ffffffff): 0000C000:00000201 This setting would enable only these four traps for words 0 and 1. b. The following prompt displays: Enter trap mask words 2:3 (ffffffff:ffffffff): Enter the trap type(s) for words 2 and 3. If you want to accept the default (all traps enabled for words 2 and 3), press <Enter>. To set one or more specific traps, again calculate the bit configurations and enter the new mask value at the prompt. c. The following prompt displays: Enter destination port (162): Enter the UDP destination port for the traps configured above. If you choose the default in field four, port 162, press <Enter> at the prompt. d. The following prompt displays: NMS state (on): Indicate whether or not traps will be sent to this Network Management Station (the NMS defined in step a). If the NMS state is enabled (on), the NMS will be notified of traps. Press <Enter> to accept the default (on). If the NMS state is disabled (off), the NMS will not be notified of traps. Page 13-5 Configuring SNMP Parameters and Traps e. The following prompt displays: Special Access? (no): yes Select whether or not this Network Management Station has special access. If you enter yes, this NMS will have administrative privileges such as modifying, deleting, or adding to other trap entries as well as its own. Without special access, an NMS can only update its own entry. If you choose the default, no, simply press <Enter> at the prompt. Save your configuration by typing save and then <Enter>. f. After you have saved your configuration, the prompt re-displays. The above entries will create an NMS number 8 in the list. Traps will be sent to the IP address specified for that NMS station (provided the NMS state is on and unicast traps are enabled). To view your new SNMP configuration, enter the snmpc command. The following is a sample display of the output from the snmpc command after the above sample configuration: SNMP current configuration: 1) 2) 3) 4) 5) 6) 7) 8) Process SNMP Packets Utilization Threshold Set Community Name Get Community Name Trap Community Name Broadcast Traps 1 Unicast Traps NMS IP address - enabled - 60% - admin - public - trap1 - disabled - enabled - 123.12.1.1 /162 --bffffffff:ffffffff (on) (SA) -- ffffffff:fffffffff (save/quit/cancel) : The values that appear to the immediate right of the NMS IP address are: the UDP destination port number (162), the trap bit masks (ffffffff:bfffffff), the functional state of the NMS (on), and the special access (SA) status (this does not appear if you selected no for special access in step above). To add network management stations to this current SNMP configuration, enter the next highest entry number from the last defined NMS. For example, if you wanted to add another NMS to the above sample configuration, you would enter the following: 9=123.22.2.2 Page 13-6 Configuring SNMP Parameters and Traps Please note that any additional NMS entries must have a unique IP address. Repeat steps b through f to continue configuring additional NMS entries. Once you save your configuration and re-enter the snmpc command at the prompt, the screen refreshes to include the new NMS entry. The following is a sample display: SNMP current configuration: 1) 2) 3) 4) 5) 6) 7) 8) Process SNMP Packets Utilization Threshold Set Community Name Get Community Name Trap Community Name Broadcast Traps 1 Unicast Traps NMS IP address 9) NMS IP address - enabled - 60% - public - public - public - disabled - enabled - 123.12.1.1 - 123.22.2.2 /162 -- ffffffff:bfffffff (on) (SA -- ffffffff:fffffffff) /162 -- ffffffff:ffffffff (on) -- ffffffff:fffffffff (save/quit/cancel) : g. To delete an IP address added to this list, enter the NMS index number of the entry followed by the decimal (.) character. The following example would delete the NMS IP address listed at number 9. 9=. Page 13-7 Configuring SNMP Parameters and Traps Viewing SNMP Statistics The snmps command is used to display SNMP statistics. The command displays the SNMP activities since the last time the switch was powered on, or since the last Reset was executed. It also displays a list of the current traps. The snmps command is listed on the Networking menu. For more information about the networking menu, see Chapter 25, “IP Routing.” To display SNMP statistics, enter the following command: snmps A screen similar to the following displays: SNMP Statistics In Total Packets 67 Bad Versions 0 Bad Community Names 0 Bad Community Use 0 Bad Type Discards 0 ASN Parse Errors 0 Too Big Errors 0 No Such Name Errors 0 Bad Value Errors 0 Read Only Errors 0 General Errors 0 Total Variable Requests 186 Total Set Variable Requests 0 Get Requests 17 Get Next Requests 50 Set Requests 0 Get Responses 0 Authentication Trap Enables: 0 Traps 0 Out 67 0 1 0 0 0 0 0 0 67 0 Trap generation is ENABLED to these management stations: 198.206.1.1 /162 -- ffffffff:bfffffff (on ) 198.2.1.1 /162 -- ffffffff:7fffffff (off) (SA) Total Packets The total number of packets received and sent. Bad Versions The total number of SNMP messages delivered to the switch SNMP protocol entity that were for an unsupported SNMP version. Bad Community Names The total number of SNMP message names delivered to the switch SNMP protocol entity that used an unknown SNMP community name. Bad Community Use The total number of SNMP messages delivered to the SNMP protocol entity which represented an SNMP operation that was not allowed by the SNMP community named in the message. Page 13-8 Configuring SNMP Parameters and Traps Bad Type Discards The total number of SNMP entries discarded because the request type was not recognized. ASN Parse Errors The total number of ASN.1 or BER errors encountered by the SNMP protocols entity when decoding received SNMP Messages. Too Big Errors The total number of SNMP PDUs delivered to the SNMP protocol entity with a value in the error-status field of ‘tooBig’. No Such Name Error The total number of SNMP PDUs delivered to the SNMP protocol entity with value in the errorstatus field of ‘noSuchName’. Bad Value Errors The total number of valid SNMP PDUs delivered to the SNMP protocol entity with a value in the error-status field of ‘readOnly.’ It is a protocol error to generate an SNMP PDU that contains the value ‘readOnly’ in the error-status field; as such this object is provided as a means of detecting incorrect implementations of the SNMP. Read Only Errors The total number of valid SNMP PDUs delivered to the SNMP protocol entity for with an errorstatus field value of ‘Read Only’. General Errors The total number of SNMP PDUs delivered to the switch SNMP protocol entity with an errorstatus field value of ‘GenError’. Total Variable Requests The total number of MIB objects from which Requests have been retrieved successfully by the SNMP protocol entity as the result of receiving valid SNMP Get-Request and Get-Next PDUs. Total Set Variable Requests The total number of MIB objects from which Requests have been retrieved successfully by the SNMP entity as the result of receiving valid SNMP Set-Request PDUs. Get Requests The total number of SNMP Get-Request PDUs accepted and processed by the switch SNMP protocol entity. Page 13-9 Configuring SNMP Parameters and Traps Get Next Requests The total number of SNMP Get-Next PDUs accepted and processed by the switch SNMP protocol entity. Set Requests The total number of SNMP Set-Request PDUs which have been accepted and processed by the switch SNMP protocol entity. Get Responses The total number of SNMP Response PDUs accepted and processed by the switch SNMP protocol entity. Authentication Trap Enables Indicates whether the SNMP agent Enable process is permitted to generate authentication-failure traps. The value of this object overrides any configuration information, providing a means to enable all authentication-failure traps. Traps The number of SNMP Trap PDUs generated by the SNMP protocol entity. Traps are broadcast only. Traps are broadcast only This appears if traps are set to broadcast. The address is the broadcast address of the default VLAN of AutoTracker group 1. Trap generation is ENABLED to these management stations This appears if you have used the snmpc command to set up one or more management stations to receive traps. The trap tables on the following pages list the traps that are currently supported. Page 13-10 Trap Tables Trap Tables The following table is a summary list of the supported SNMP traps and their values. Trap or Mask Name Object ID Bit Position Hex Value Page coldStart 1.3.6.1.2.1.11.0 (word 0) 0 (word 0) 1 13-15 warmStart 1.3.6.1.2.1.11.1 (word 0) 1 (word 0) 2 13-16 linkDown 1.3.6.1.2.1.11.2 (word 0) 2 (word 0) 4 13-16 linkUp 1.3.6.1.2.1.11.3 (word 0) 3 (word 0) 8 13-17 authentication failure 1.3.6.1.2.1.11.4 (word 0) 4 (word 0) 10 13-17 egpNeighborLoss 1.3.6.1.2.1.11.5 (word 0) 5 (word 0) 20 13-18 frDLCIStatusChange 1.3.6.1.2.1.11.7 (word 0) 7 (word 0) 80 13-18 ipxTrapCircuitDown 1.3.6.1.4.1.23.2.5.5.1 (word 0) 8 (word 0) 100 13-19 ipxTrapCircuitUp 1.3.6.1.4.1.23.2.5.5.2 (word 0) 9 (word 0) 200 13-19 newRoot 1.3.6.1.2.17.0.1 (word 0) 10 (word 0) 400 13-19 topologyChange 1.3.6.1.2.17.0.2 (word 0) 11 (word 0) 800 13-20 atmfVpcChange 1.3.6.1.4.1.353.0.1 (word 0) 12 (word 0) 1000 13-21 atmfVccChange 1.3.6.1.4.1.353.0.2 (word 0) 13 (word 0) 2000 13-22 rising Alarm 1.3.6.1.2.16.0.1 (word 0) 14 (word 0) 4000 13-23 falling Alarm 1.3.6.1.2.16.0.2 (word 0) 15 (word 0) 8000 13-24 dsx3LineStatusChange 1.3.6.1.2.1.10.20.15.0.1 (word 0) 16 (word 1) 1 0000 13-25 dsx1LineStatusChange 1.3.6.1.2.1.10.18.15.0.1 (word 0) 17 (word 1) 2 0000 13-26 MPLS_LDP_ THRESHOLD_MASK * (word 0) 18 (word 0) 4 0000 POS3_STAT_CHANGE_ MASK * (word 0) 19 (word 0) 8 0000 IMA_FAILURE_ ALARM_MASK * (word 0) 20 (word 0) 10 0000 SYSLOG_TRAP_MASK * (word 0) 29 (word 0) 2000 0000 NMS_MASTER_MASK * (word 0) 30 (word 0) 4000 0000 NMS_TRAP_DISABLE_ MASK * (word 0) 31 (word 0) 8000 0000 * This mask name does not necessarily match the trap name. Page 13-11 Trap Tables Trap or Mask Name Object ID Bit Position Hex Value Page tempAlarm 1.3.6.1.4.1.800.3.1.1.4.0.1 (word 1) 0 (word 1) 1 13-27 moduleChange 1.3.6.1.4.1.800.3.1.1.4.0.2 (word 1) 1 (word 1) 2 13-28 powerEvent 1.3.6.1.4.1.800.3.1.1.4.0.3 (word 1) 2 (word 1) 4 13-29 controllerEvent 1.3.6.1.4.1.800.3.1.1.4.0.4 (word 1) 3 (word 1) 8 13-30 loginViolation 1.3.6.1.4.1.800.3.1.1.4.0.5 (word 1) 4 (word 1) 10 13-31 macVlanViolation 1.3.6.1.4.1.800.3.1.1.4.0.6 (word 1) 5 (word 1) 20 13-31 macDuplicatePort 1.3.6.1.4.1.800.3.1.1.4.0.7 (word 1) 6 (word 1) 40 13-32 portLinkUpEvent 1.3.6.1.4.1.800.3.1.1.4.0.8 (word 1) 7 (word 1) 80 13-33 portLinkDownEvent 1.3.6.1.4.1.800.3.1.1.4.0.9 (word 1) 8 (word 1) 100 13-34 portPartitioned 1.3.6.1.4.1.800.3.1.1.4.0.10 (word 1) 9 (word 1) 200 13-35 portRecordMismatch 1.3.6.1.4.1.800.3.1.1.4.0.11 (word 1) 10 (word 1) 400 13-36 groupChange 1.3.6.1.4.1.800.3.1.1.4.0.14 (word 1) 13 (word 1) 2000 13-37 vlanChange 1.3.6.1.4.1.800.3.1.1.4.0.15 (word 1) 14 (word 1) 4000 13-38 portMove 1.3.6.1.4.1.800.3.1.1.4.0.16 (word 1) 15 (word 1) 8000 13-39 moduleResetReload 1.3.6.1.4.1.800.3.1.1.4.0.17 (word 1) 16 (word 1) 1 0000 13-40 systemEvent 1.3.6.1.4.1.800.3.1.1.4.0.18 (word 1) 17 (word 1) 2 0000 13-41 vlanRouteTableFull 1.3.6.1.4.1.800.3.1.1.4.0.19 (word 1) 18 (word 1) 4 0000 13-42 sapTableFull 1.3.6.1.4.1.800.3.1.1.4.0.20 (word 1) 19 (word 1) 8 0000 13-42 atmSSCOPstate 1.3.6.1.4.1.800.3.1.1.4.0.21 (word 1) 20 (word 1) 10 0000 13-43 ilmiState 1.3.6.1.4.1.800.3.1.1.4.0.22 (word 1) 21 (word 1) 20 0000 13-43 atmConnection 1.3.6.1.4.1.800.3.1.1.4.0.23 (word 1) 22 (word 1) 40 0000 13-44 atmService 1.3.6.1.4.1.800.3.1.1.4.0.24 (word 1) 23 (word 1) 80 0000 13-45 dlciNew 1.3.6.1.4.1.800.3.1.1.4.0.27 (word 1) 26 (word 1) 400 0000 13-46 dlciDel 1.3.6.1.4.1.800.3.1.1.4.0.28 (word 1) 27 (word 1) 800 0000 13-47 dlciUp 1.3.6.1.4.1.800.3.1.1.4.0.29 (word 1) 28 (word 1) 1000 0000 13-48 dlciDn 1.3.6.1.4.1.800.3.1.1.4.0.30 (word 1) 29 (word 1) 2000 0000 13-49 portManualForwarding Mode 1.3.6.1.4.1.800.3.1.1.4.0.31 (word 1) 30 (word 1) 4000 0000 13-50 fddiCFStateChange 1.3.6.1.4.1.800.3.1.1.4.0.32 (word 1) 31 (word 1) 8000 0000 13-51 duplicateIPaddress 1.3.6.1.4.1.800.3.1.1.4.0.35 (word 2) 2 (word 2) 4 13-52 duplicateMACaddress 1.3.6.1.4.1.800.3.1.1.4.0.36 (word 2) 3 (word 2) 8 13-53 Page 13-12 Trap Tables Trap or Mask Name Object ID Bit Position Hex Value Page healthThresholdRising 1.3.6.1.4.1.800.3.1.1.4.0.37 (word 2) 4 (word 2) 10 13-54 healthThresholdFalling 1.3.6.1.4.1.800.3.1.1.4.0.38 (word 2) 5 (word 2) 20 13-54 healthThresholdDevice 1.3.6.1.4.1.800.3.1.1.4.0.39 (word 2) 6 (word 2) 40 13-55 healthThresholdModule 1.3.6.1.4.1.800.3.1.1.4.0.40 (word 2) 7 (word 2) 80 13-55 xylanXIPXMAPPort StatusChange 1.3.6.1.4.1.800.3.1.1.4.0.41 (word 2) 8 (word 2) 100 13-56 xylanSIPXMAPPortState Change 1.3.6.1.4.1.800.3.1.1.4.0.42 (word 2) 9 (word 2) 200 13-57 clkBusLineStateChange 1.3.6.1.4.1.800.3.1.1.4.0.45 (word 2) 10 (word 2) 400 13-60 xylanXIPGMAPFailed Update 1.3.6.1.4.1.800.3.1.1.4.0.44 (word 2) 11 (word 2) 800 13-59 avlAuthAttempt 1.3.6.1.4.1.800.3.1.1.4.0.43 (word 2) 16 (word 2) 1 0000 13-58 mcpStatisticsOverflow 1.3.6.1.4.1.800.3.1.1.4.0.67 (word 2) 18 (word 2) 4 0000 13-62 mcpShortCut 1.3.6.1.4.1.800.3.1.1.4.0.68 (word 2) 19 (word 2) 8 0000 13-66 mcpIngressRetryTime 1.3.6.1.4.1.800.3.1.1.4.0.69 (word 2) 20 (word 2) 10 0000 13-67 vrrpTrapNewMasterOut 1.3.6.1.2.1.46.1.3.1.0.3 (word 2) 21 (word 2) 20 0000 13-68 vrrpAuthFailure 1.3.6.1.2.1.46.1.3.1.0.4 (word 2) 22 (word 2) 40 0000 13-69 blind-violation 1.3.6.1.4.1.800.3.1.1.1.0.46 (word 2) 23 (word 2) 80 0000 13-61 mpcStatisticsOverflow 1.3.6.1.4.1.800.3.1.1.1.0.47 (word 2) 18 (word 2) 4 0000 13-62 fddiLerFlagChange 1.3.6.1.4.1.800.3.1.1.4.0.65 (word 3) 0 (word 3) 1 13-63 fddiCLTFailCntIncr 1.3.6.1.4.1.800.3.1.1.4.0.66 (word 3) 1 (word 3) 2 13-64 oamVCAIS 1.3.6.1.4.1.800.3.1.1.4.0.71 (word 3) 10 (word 3) 400 13-70 oamVCRDI 1.3.6.1.4.1.800.3.1.1.4.0.72 (word 3) 11 (word 3) 800 13-71 oamVCLOC 1.3.6.1.4.1.800.3.1.1.4.0.73 (word 3) 12 (word 3) 1000 13-72 oamVCUnsuccessLoop 1.3.6.1.4.1.800.3.1.1.4.0.74 (word 3) 13 (word 3) 2000 13-73 oamVPAIS 1.3.6.1.4.1.800.3.1.1.4.0.75 (word 3) 14 (word 3) 4000 13-74 oamVPRDI 1.3.6.1.4.1.800.3.1.1.4.0.76 (word 3) 15 (word 3) 8000 13-75 oamVPLOC 1.3.6.1.4.1.800.3.1.1.4.0.77 (word 3) 16 (word 3) 1 0000 13-76 oamVPUnsuccessLoop 1.3.6.1.4.1.800.3.1.1.4.0.78 (word 3) 17 (word 3) 2 0000 13-77 accountEvent 1.3.6.1.4.1.800.3.1.1.4.0.86 (word 3) 21 (word 3) 20 0000 13-78 Over1Alarm 1.3.6.1.4.1.800.3.1.1.4.0.87 (word 3) 22 (word 3) 40 0000 13-78 Page 13-13 Trap Tables Trap or Mask Name Object ID Bit Position Hex Value Page Under1Event 1.3.6.1.4.1.800.3.1.1.4.0.88 (word 3) 23 (word 3) 80 0000 13-79 Over2Alarm 1.3.6.1.4.1.800.3.1.1.4.0.89 (word 3) 24 (word 3) 100 0000 13-79 Under2Event 1.3.6.1.4.1.800.3.1.1.4.0.90 (word 3) 25 (word 3) 200 0000 13-80 Over3Alarm 1.3.6.1.4.1.800.3.1.1.4.0.91 (word 3) 26 (word 3) 400 0000 13-80 Under3Event 1.3.6.1.4.1.800.3.1.1.4.0.92 (word 3) 27 (word 3) 8000 0000 13-81 NoDeviceAlarm 1.3.6.1.4.1.800.3.1.1.4.0.93 (word 3) 28 (word 3) 1000 0000 13-81 FileAlarm 1.3.6.1.4.1.800.3.1.1.4.0.94 (word 3) 29 (word 3) 2000 0000 13-82 ldpPeerCreate 1.3.6.1.4.1.800.3.1.1.4.0.80 (word 3) 5 (word 3) 20 13-83 ldpPeerDelete 1.3.6.1.4.1.800.3.1.1.4.0.81 (word 3) 6 (word 3) 40 13-84 ldpSessionCreate 1.3.6.1.4.1.800.3.1.1.4.0.82 (word 3) 17 (word 3) 80 13-85 ldpSessionDelete 1.3.6.1.4.1.800.3.1.1.4.0.83 (word 3) 8 (word 3) 100 13-86 lecStateChangeEvent 1.3.6.1.4.1.800.3.1.1.4.0.96 (word 2) 26 (word 2) 40 0000 13-87 Page 13-14 Trap Tables SNMP Standard Traps This section lists the standard traps that are defined within RFC (MIB) documents. These traps signify events as they occur on common network devices. The following information on traps is provided in the tables. Trap. The object name of the trap as it is defined in the corresponding MIB (Management Information Base). Alcatel supports standardized and proprietary MIBS. Object ID. The SNMP object identifier (OID) for this trap. Description. A brief explanation describing the circumstances under which a specific trap is generated. Bit Position. The trap’s specific position in a bit mask (a bit mask is a binary notation which represents a combination of all four trap words). By mapping a specific trap to its binary position, you can determine whether or not a trap is enabled. For example, a trap is enabled if its corresponding bit is set to 1 and disabled if its corresponding bit is set to 0. Word. A word is a set of four consecutive bytes within a system’s memory. Alcatel allocates a total of four words for trap representation. Each of the 32 bit positions within a word corresponds to a specific trap. The first word, Word 0, contains only standard traps as they are defined within RFC (MIB) documents. Words 1, 2, and 3 contain Alcatel-specific traps. Hex Value. The resulting hexadecimal value of the bit mask. Trap Text and Variable Description. Trap text is a brief statement containing additional information that can help you narrow down the source of the trap, such as slot/port numbers, module types, and MAC addresses (variable descriptions have been added for your convenience). When a specific trap is triggered, it may display in various text formats, depending on the software application through which it is viewed. The trap text in the following tables are examples of trap text displayed through the HP OpenView Alarm Log and the Traps window in X-Vision Discovery. For more information on X-Vision, see the on-line documentation included with the application. Trap coldStart Object ID 1.3.6.1.2.1.11.0 Description The sending protocol entity is re-initializing itself such that the agent’s configuration or the protocol entity implementation may be altered. Bit Position (Word 0) 0 Hex Value (Word 0) 1 Trap Text and Variable Descriptions Cold Start Page 13-15 Trap Tables Trap warmStart Object ID 1.3.6.1.2.1.11.1 Description The sending protocol entity is re-initializing itself such that neither the agent’s configuration nor the protocol entity implementation may be altered. Bit Position (Word 0) 1 Hex Value (Word 0) 2 Trap Text and Variable Descriptions Warm Start Trap linkDown Object ID 1.3.6.1.2.1.11.2 Description The sending protocol entity recognizes a failure in one of the communication links represented in the agent’s configuration. Bit Position (Word 0) 2 Hex Value (Word 0) 4 Trap Text and Variable Descriptions Link Down (port 1) Port Index. The physical port number that identifies the failed communication link. Page 13-16 Trap Tables Trap linkUp Object ID 1.3.6.1.2.1.11.3 Description The sending protocol entity recognizes that one of the communication links represented in the agent’s configuration has come up. Bit Position (Word 0) 3 Hex Value (Word 0) 8 Trap Text and Variable Descriptions Link Up (port 1) Port Index. The physical port number that identifies where the communication link has come up. Trap authenticationFailure Object ID 1.3.6.1.2.1.11.4 Description The sending protocol entity is the addressee of a protocol message that is not properly authenticated. Bit Position (Word 0) 4 Hex Value (Word 0) 10 Trap Text and Variable Descriptions Authentication Failure Page 13-17 Trap Tables Trap egpNeighborLoss Object ID 1.3.6.1.2.1.11.5 Description An EGP neighbor for whom the sending protocol entity was an EGP peer has been marked down and the peer relationship no longer exists. Bit Position (Word 0) 5 Hex Value (Word 0) 20 Trap Text and Variable Descriptions Neighbor Loss (neigh addr 192.168.10.1) Neighbor IP Address. The IP address of this entry’s EGP neighbor. Trap frDLCIStatusChange Object ID 1.3.6.1.2.1.11.6 Description This trap is sent when the indicated virtual circuit has changed state. It has either been created or invalidated, or has toggled between the active and inactive states. However, if the reason for the state change is due to the DLCMI going down, traps should not be generated for each DLCI. Bit Position (Word 0) 7 Hex Value (Word 0) 80 Variable Description frCircuitIfIndex - The ifIndex value of the ifEntry this virtual circuit is lay- ered into. frcircuitDlci - The DLCI for this virtual circuit. frCircuitState - Indicates whether this virtual circuit Page 13-18 is active or inactive. Trap Tables Trap ipxTrapCircuitDown Object ID 1.3.6.1.4.1.23.2.5.5.1 Description This trap indicates that the specified circuit has gone down. Bit Position (Word 0) 8 Hex Value (Word 0) 100 Variable Description ipxCircSysInstance - The identifier of this instance of IPX. ipxCircIndex - The identifier of this circuit, for this instance Trap ipxTrapCircuitUp Object ID 1.3.6.1.4.1.23.2.5.5.2 Description This trap indicates that the specified circuit has come up. Bit Position (Word 0) 9 Hex Value (Word 0) 200 Variable Description ipxCircSysInstance - The identifier of this instance of IPX. ipxCircIndex - The identifier of this circuit, for this instance Trap Type newRoot Object ID 1.3.6.1.2.1.17.0.1 Description Sent by a bridge that became the new root of the Spanning Tree. Bit Position (Word 0) 10 Hex Value (Word 0) 400 Trap Text and Variable Descriptions of IPX. of IPX. Spanning Tree: A new agent has become the root of the Spanning Tree. Page 13-19 Trap Tables Trap topologyChange Object ID 1.3.6.1.2.1.17.0.2 Description A bridge’s configured ports either transitioned from Learning state to Forwarding state or from Forwarding state to Blocking state. This trap will not be sent if a newRoot trap was sent for the same transition. Bit Position (Word 0) 11 Hex Value (Word 0) 800 Trap Text and Variable Descriptions Page 13-20 Spanning Tree: A configured port’s state has transitioned. Trap Tables Trap atmfVpcChange Object ID 1.3.6.1.4.1.353.0.1 Description Either a permanent VPC was added or deleted at this ATM interface, or an existing VPC was modified. Bit Position (Word 0) 12 Hex Value (Word 0) 1000 Trap Text and Variable Descriptions A permanent VPC has been added or deleted at this ATM Interface, or the attributes of an existing VPC have been modified (index 0, Vpi 2, Status 3) Port Index. The port number of this ATM interface. Valid values range from 0 to 2147483647. VPI. The Virtual Path Identifier at this ATM interface. Valid values range from 0 to 4095. Operational Status . The present operating status of the VPC. The following integers are valid values: 1 unknown 2 end2endUp 3 end2endDown 4 localUpEnd2endUnknown 5 localDown Page 13-21 Trap Tables Trap atmfVccChange Object ID 1.3.6.1.4.1.353.0.2 Description Either a permanent VCC was added or deleted at this ATM interface, or an existing VCC was modified. Bit Position (Word 0) 13 Hex Value (Word 0) 2000 Trap Text and Variable Descriptions A permanent VCC has been added or deleted at this ATM Interface, or the attributes of an existing VPC have been modified (index 0, Vpi 2, Vci 6, status 3) Operational Status . The present operational status of the VCC. The following integers are valid values: 1 unknown 2 end2endUp 3 end2endDown 4 localUpEnd2endUnknown 5 localDown Port Index. The port number which identifies this ATM interface. Valid values range from 0 to 2147483647. VPI. The Virtual Channel Identi- fier at this ATM interface. Valid values range from 0 to 4095. For virtual interfaces, this value has no meaning and is set to zero. VCI. The Virtual Channel Identifier at this ATM interface. Valid values range from 0 to 65535. For virtual interfaces, this value has no meaning and is set to zero. Page 13-22 Trap Tables Trap risingAlarm Object ID 1.3.6.1.2.1.16.0.1 Description The value of an Ethernet statistical variable (i.e., a member of the Ethernet statistics group as defined by RFC 1757) has exceeded its rising threshold. The variable’s rising threshold and whether it will generate an SNMP trap for this condition are configured by a network management station running RMON. Bit Position (Word 0) 14 Hex Value (Word 0) 4000 Trap Text and Variable Descriptions Variable. The MIB object identifier for the variable being sampled. Alarm Index . An index value for this entry in the alarm table. Each entry defines a diagnostic sample at a particular interval for an object on the device. An RMON alarm entry crossed its rising threshold (index 25 var 2 type 1 value 201 rising threshold 200) Value . The value of the statistic during the last sampling period. For example, if the sample method is Delta Value, this value will be the difference between the samples at the beginning and end of the period. If the sample method is Absolute Value, this value will be the sampled value at the end of the period. This is the value that is compared with the rising threshold. Sampling Method. The method of sampling the selected variable and calculating the value for comparison with the thresholds. Possible values are integers 1 and 2: 1 Absolute Value. The value of the selected variable will be compared directly with the thresholds at the end of the sampling interval. 2 Delta Value. The value of the selected variable at the last sample will be subtracted from the current value, and the difference compared with the thresholds. Rising Threshold. A threshold for the sampled statistic. This trap is generated when the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold. After a rising event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches the Falling Threshold value. Page 13-23 Trap Tables Trap fallingAlarm Object ID 1.3.6.1.2.1.16.0.2 Description The value of an Ethernet statistical variable (i.e., a member of the Ethernet statistics group as defined by RFC 1757) has dipped below its falling threshold. The variable’s falling threshold and whether it will generate an SNMP trap for this condition are configured by a network management station running RMON. Bit Position (Word 0) 15 Hex Value (Word 0) 8000 Trap Text and Variable Descriptions Variable. The MIB object identifier for the variable being sampled. Alarm Index. An index value for this entry in the alarm table. Each entry defines a diagnostic sample at a particular interval for an object on the device. An RMON alarm entry crossed its falling threshold (index 25 var 2 type 1 value 100 falling threshold 9) Value. The value of the statis- tic during the last sampling period. For example, if the sample method is Delta Value, this value will be the difference between the samples at the beginning and end of the period. If the sample method is Absolute Value, this value will be the sampled value at the end of the period. This is the value that is compared with the falling threshold. Sampling Method. The method of sampling the selected variable and calculating the value for comparison with the thresholds. Possible values are: 1 Absolute Value. The value of the selected variable will be compared directly with the thresholds at the end of the sampling interval. 2 Delta Value. The value of the selected variable at the last sample will be subtracted from the current value, and the difference compared with the thresholds. Falling Threshold . A threshold for the sampled statistic. This trap is generated when the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was more than this threshold. After a falling event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches the Rising Threshold value. Page 13-24 Trap Tables Trap Type dsx3LineStatusChange Object ID 1.3.6.1.2.1.10.30.15.0.1 Description The value of an instance dsx3LineStatus changed. Bit Position (Word 0) 16 Hex Value (Word 1) 1 0000 Trap Text and Variable Descriptions Line Status Change (line status 1, last change 4) DSX3 Line Status. The line status of the interface. It contains loopback, failure, received alarm, and transmitted alarm information. Valid values range from 1 to 8191. Last Change. The last value of MIB II’s sysUpTime object at the time this DS3 entered its current line status state. If the current state was entered prior to the last re-initialization of the proxyagent, this value is zero. Page 13-25 Trap Tables Trap dsx1LineStatusChange Object ID 1.3.6.1.2.1.10.18.15.0.1 Description The value of an instance dsx1LineStatus changed. Bit Position (Word 0) 17 Hex Value (Word 1) 2 0000 Trap Text and Variable Descriptions Line Status Change (line status 1, last change 2) DSX1 Line Status. The line status of the interface. It contains loopback, failure, received alarm, and transmitted alarm information. Valid values range from 1 to 8191. Last Change. The last value of MIB II’s sysUpTime object at the time this DS1 entered its current line status state. If the current state was entered prior to the last re-initialization of the proxyagent, this value is zero. Page 13-26 Trap Tables Extended Traps This section lists Alcatel-specific traps. These extended traps are generated specifically by Alcatel switch devices. Trap Type tempAlarm Object ID 1.3.6.1.4.1.800.3.1.1.4.0.1 Description The temperature sensor(s) have detected a temperature in the chassis that exceeds the threshold. These sensors are physically located on the MPX module, but can detect temperature changes throughout the chassis. Bit Position (Word 1) 0 Hex Value (Word 1) 1 Trap Text and Variable Descriptions Temperature Sensor has changed state to Over Threshold Page 13-27 Trap Tables Trap Type moduleChange Object ID 1.3.6.1.4.1.800.3.1.1.4.0.2 Description A module was either inserted or removed from the chassis. In some cases, this trap may also be generated when a module is reset. Bit Position (Word 1) 1 Hex Value (Word 1) 2 Trap Text and Variable Descriptions Module was inserted or removed from chassis (slot 4, subunit 1, type 10) Slot Number . The slot number on the front of the chassis where this module was inserted or removed. Submodule Type. Indicates the submodule that was inserted or removed. Typically this value will be 1, meaning the base module was inserted or removed. If this value is 2, then HSX module 1 was moved. If this value is 3, then HSX module 2 was moved. Module Type. Indicates the module type that was inserted or removed. The following integers are valid values: 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Page 13-28 HSM MPM ESM 8-port 10BASE-T ESM 16-port TSM 6-port UTP/STP FSM FDDI module FSM CDDI module ESM 4-port ASM .5 MB multi-mode ESM 12-port 10BASE-T ESM 6-port universal module MPM version II ATM DS-3 FSM FDDI single mode ASM .5 MB single mode ASM UTP ESM 8-port fiber 21 22 23 24 25 26 27 28 29 30 33 34 35 36 37 39 ESM 12-port Telco TSM fiber ASM 2 MB multi-mode ASM 2 MB single mode WSM WSM BRI HSM2 base slot type PizzaSwitch reserved TSM CD-6 ASM 2 MB single mode 10Meg Ether Universal ATM E3 (European) Ether 100 FX Sngl Full Dup Ether 100 FX Multi Full Dup Ether 100 TX CU Full Dup PizzaPort (repeater) Trap Tables Trap Type powerEvent Object ID 1.3.6.1.4.1.800.3.1.1.4.0.3 Description A power supply was either inserted or removed from the chassis, or there is a problem with the power supply. This trap is also generated when a power supply is switched on or off. Bit Position (Word 1) 2 Hex Value (Word 1) 4 Trap Text and Variable Descriptions Power Supply was inserted or removed from chassis or has a problem (ps1 3, ps2 2) Power Supply Status. The current state of power supply 1 (ps1) and power supply 2 (ps2). The following integers are valid values: 1 Unknown. 2 No power supply present. 3 Power supply okay. 4 Power supply bad. Page 13-29 Trap Tables Trap Type controllerEvent Object ID 1.3.6.1.4.1.800.3.1.1.4.0.4 Description A chassis controller (MPX) lost or gained the state of the master. Bit Position (Word 1) 3 Hex Value (Word 1) 8 Trap Text and Variable Descriptions Chassis controller (MPX) lost or gained master control (slot 1, state 3) Slot . The slot number of the MPX that has lost or gained master control. Valid values are: 1 Slot Number 1 2 Slot Number 2 State . The current state of the MPX in the slot. The following integers are valid values: 1 Unknown 2 Invalid 3 Master 4 Slave Page 13-30 Trap Tables Trap Type loginViolation Object ID 1.3.6.1.4.1.800.3.1.1.4.0.5 Description A login attempt for the User Interface (UI) failed due to an incorrect login ID or an invalid password. Three (3) consecutive unsuccessful attempts will trigger this alarm. Bit Position (Word 1) 4 Hex Value (Word 1) 10 Trap Text and Variable Descriptions Login Attempt failed due to invalid ID or password. Trap Type macVlanViolation Object ID 1.3.6.1.4.1.800.3.1.1.4.0.6 Description Data from a MAC address that previously came from one a port with a VLAN-ID different from the VLAN where the frame had been previously received. Bit Position (Word 1) 5 Hex Value (Word 1) 20 Trap Text and Variable Descriptions Receiving Port VLAN ID has changed (bridge address 0036589adf01) MAC Address. The MAC address from which data has come from two different ports in two different groups. Page 13-31 Trap Tables Trap Type macDuplicatePort Object ID 1.3.6.1.4.1.800.3.1.1.4.0.7 Description Data from a MAC address that previously came from a source port different from the port where the frame previously was received although they both ports belong to the same VLAN. Bit Position (Word 1) 6 Hex Value (Word 1) 40 Trap Text and Variable Descriptions VLAN Receiving Port has changed (bridge address 00145221cd02) MAC Address. The MAC address from which data has come from two different ports in the same group. Page 13-32 Trap Tables Trap Type portLinkUpEvent Object ID 1.3.6.1.4.1.800.3.1.1.4.0.8 Description A physical, logical, or virtual port was enabled. These ports may be enabled through the UI or Switch Manager. Note that if you enable a physical port, any associated logical and virtual ports will also be enabled. And if you enable a logical port, such as an ATM service, associated virtual ports will be enabled. Bit Position (Word 1) 7 Hex Value (Word 1) 80 Trap Text and Variable Descriptions Physical, logical or virtual port was enabled (slot 2 IF 2 type 203 instance 1) Slot Number . The slot number for the module that contains this port. Port Number. The port number on this module that was enabled. Port Type . The physical type of this port. The following integers are valid values: 1 Unknown 2 Other 3 Router 4 Bridge 5 Trunk 6 ATM trunk port 7 ATM LAN Emulation port 8 Classical IP 9 ATM MUX 203 Ethernet 10BASE-T 204 Ethernet 100BASE-T 205 Token Ring 4 mbs 206 Token Ring 16 mbs 207 FDDI 208 CDDI 209 ATM 25 mbs 210 ATM 50 mbs 211 DS-1 212 DS-3 213 OC-3 214 OC-12 215 OC-48 Physical Instance. The specific instance of this slot/port/ type. In most cases this value will be 1 (only one instance of the port), but an ATM port may have multiple instances. Possible values range from 1 to 254. Page 13-33 Trap Tables Trap Type portLinkDownEvent Object ID 1.3.6.1.4.1.800.3.1.1.4.0.9 Description A physical, logical, or virtual port was disabled. These ports may be disabled through the UI or Switch Manager. Note that if you disable a physical port, any associated logical and virtual ports will also be disabled. And if you disable a logical port, such as an ATM service, associated virtual ports will also be disabled. Bit Position (Word 1) 8 Hex Value (Word 1) 100 Trap Text and Variable Descriptions Physical, logical or virtual port was disabled (slot 2 IF 2 type 203 instance 1) Slot Number . The slot number for the module that contains this port. Port Number . The port number on this module that was disabled. Port Type . The physical type of this port. The following integers are valid values: 1 Unknown 2 Other 3 Router 4 Bridge 5 Trunk 6 ATM trunk port 7 ATM LAN Emulation port 8 Classical IP 9 ATM MUX 203 Ethernet 10BASE-T 204 Ethernet 100BASE-T 205 Token Ring 4 mbs 206 Token Ring 16 mbs 207 FDDI 208 CDDI 209 ATM 25 mbs 210 ATM 50 mbs 211 DS-1 212 DS-3 213 OC-3 214 OC-12 215 OC-48 Physical Instance. The specific instance of this slot/port/ type. In most cases this value will be 1 (only one instance of the port), but an ATM port may have multiple instances. Possible values range from 1 to 254. Page 13-34 Trap Tables Trap Type portPartitioned Object ID 1.3.6.1.4.1.800.3.1.1.4.0.10 Description The physical port detected jabber (i.e., the port has transitioned through enable/disable states more than 50 times in the past 200 ms). Jabber may be produced by a bad port connection, such as a faulty cable. Bit Position (Word 1) 9 Hex Value (Word 1) 200 Trap Text and Variable Descriptions Port jabber detected (enabled/disabled faster than 50 times in 200 ms) (slot 2, IF 2, type 203, instance 1) Slot Number. The slot number for the module that contains this port. Port Number . The port number on this module that detected jabber. Physical Instance. The specific instance of this slot/port/type. In most cases this value will be 1 (only one instance of the port), but an ATM port may have multiple instances. Possible values range from 1 to 254. Port Type. The physical type of this port. The following integers are valid values: 1 Unknown 2 Other 3 Router 4 Bridge 5 Trunk 6 ATM trunk port 7 ATM LAN Emulation port 8 Classical IP 9 ATM MUX 203 Ethernet 10BASE-T 204 Ethernet 100BASE-T 205 Token Ring 4 mbs 206 Token Ring 16 mbs 207 FDDI 208 CDDI 209 ATM 25 mbs 210 ATM 50 mbs 211 DS-1 212 DS-3 213 OC-3 214 OC-12 215 OC-48 Page 13-35 Trap Tables Trap Type portRecordMismatch Object ID 1.3.6.1.4.1.800.3.1.1.4.0.11 Description The port configuration is different from the previous configuration. Typically this trap is generated when a NIC of one type is swapped for a different type (i.e., Ethernet for FDDI, ATM for Token Ring, etc.). Bit Position (Word 1) 10 Hex Value (Word 1) 400 Trap Text and Variable Descriptions Port configuration different than previously detected (slot 2, IF 2, type 203, instance 1) Slot number . The slot number for the module that contains this port. Port number . The port number on this module that has a different configuration. Port Type . The physical type of Physical Instance. The specific instance of this slot/port/type. In most cases this value will be 1 (only one instance of the port), but an ATM port may have multiple instances. Possible values range from 1 to 254. Page 13-36 this port. The following integers are valid values: 1 Unknown 2 Other 3 Router 4 Bridge 5 Trunk 6 ATM trunk port 7 ATM LAN Emulation port 8 Classical IP 9 ATM MUX 203 Ethernet 10BASE-T 204 Ethernet 100BASE-T 205 Token Ring 4 mbs 206 Token Ring 16 mbs 207 FDDI 208 CDDI 209 ATM 25 mbs 210 ATM 50 mbs 211 DS-1 212 DS-3 213 OC-3 214 OC-12 215 OC-48 Trap Tables Trap Type groupChange Object ID 1.3.6.1.4.1.800.3.1.1.4.0.14 Description A Group was either created or deleted through the UI or Switch Manager. Bit Position (Word 1) 13 Hex Value (Word 1) 2000 Trap Text and Variable Descriptions Group created or deleted (vlan 2 admin status 4) Group number. The Group number that has been created or deleted. Administrative Status . The administrative status for this group. Possible options are: 1 Disabled. All ports in this Group are disabled. 2 Enabled. All ports in this Group are enabled. 3 Deleted. This Group was deleted, and all attached virtual ports and routers are detached and deleted. 4 Created. This Group has been created. 5 Modify. This Group has been modified. Page 13-37 Trap Tables Trap Type vlanChange Object ID 1.3.6.1.4.1.800.3.1.1.4.0.15 Description A VLAN was either created or deleted through the UI or Switch Manager. Bit Position (Word 1) 14 Hex Value (Word 1) 4000 Trap Text and Variable Descriptions VLAN Change created or deleted (group 2, admin status 4) Group number. The Group number to which this VLAN belongs. Administrative status. The administrative sta- tus are 1 2 3 4 5 Page 13-38 for this VLAN. The following integers valid values: Enabled. Disabled. Deleted. This VLAN was deleted. Created. This Group has been created. Modify. This Group has been modified. Trap Tables Trap Type portMove Object ID 1.3.6.1.4.1.800.3.1.1.4.0.16 Description The specified port has moved from a Group or has had its configuration changed. Bit Position (Word 1) 15 Hex Value (Word 1) 8000 Trap Text and Variable Descriptions Port VLAN, group or configuration change (slot 2, IF 8, type 4, instance 1) Slot number . The slot number for the module that contains this port. Port number. The port number on this module that was changed. Port Type. The physical type of this port. The following integers are valid values: 1 Unknown 2 Other 3 Router 4 Bridge 5 Trunk 6 ATM trunk port 7 ATM LAN Emulation port 8 Classical IP 9 ATM MUX 203 Ethernet 10BASE-T 204 Ethernet 100BASE-T 205 Token Ring 4 mbs 206 Token Ring 16 mbs 207 FDDI 208 CDDI 209 ATM 25 mbs 210 ATM 50 mbs 211 DS-1 212 DS-3 213 OC-3 214 OC-12 215 OC-48 Physical Instance. The specific instance of this slot/port/type. In most cases this value will be 1 (only one instance of the port), but an ATM port may have multiple instances. Possible values range from 1 to 254. Page 13-39 Trap Tables Trap moduleResetReload Object ID 1.3.6.1.4.1.800.3.1.1.4.0.17 Description The specified module has been either reset or reloaded. A reload may occur during a firmware download. Bit Position (Word 1) 16 Hex Value (Word 1) 1 0000 Trap Text and Variable Descriptions Submodule Type. Indicates the submodule that was reset or reloaded. Typically this value will be 1, meaning the base module was reset or reloaded. If this value is 2, then HSX module 1 was affected. If this value is 3, then HSX module 2 was affected. .Slot number. The slot number of the module that was reset or reloaded. Module reset or reloaded by chassis manager (slot 4 subunit 1 type 6 status 3) Module Type. Indicates the module type that was reset or reloaded. The following integers are valid values: 4 5 6 7 8 9 10 11 12 HSM MPM ESM 8-port 10BASE-T ESM 16-port TSM 6-port UTP/STP FSM FDDI module FSM CDDI module ESM 4-port ASM .5 MB multi-mode 13 14 15 16 17 18 19 20 21 22 23 24 ESM 12-port 10BASE-T ESM 6-port universal module MPM version II ATM DS-3 FSM FDDI single mode ASM .5 MB single mode ASM UTP ESM 8-port fiber ESM 12-port Telco TSM fiber ASM 2 MB multi-mode ASM 2 MB single mode Operational State. Indicates the current state of the module that was reset or reload- ed. 1 2 3 4 5 6 7 8 9 10 Page 13-40 The following integers are valid values: Unknown state. The module may have failed low-level self-test. Invalid. The module may exist, by the chassis does not have control of it. Operational. The module is running fine with no errors. Disabled. The module has been set to disable through the UI or SNMP. Reset. The module has been reset. Loading. The module is in the middle of loading. Testing. The module is in self-test. Warning. A warning was detected during operation. Non-fatal error. A non-fatal error was detected during operation. Fatal error. A fatal error occurred during operation. The module may or may not be functional. Trap Tables Trap Type systemEvent Object ID 1.3.6.1.4.1.800.3.1.1.4.0.18 Description A potentially fatal error occurred in the system. Bit Position (Word 1) 17 Hex Value (Word 1) 2 0000 Trap Text and Variable Descriptions Potentially fatal error occurred (trap 10) Event Trap Type . A number that identifies the specific error that occurred in the system. The following integers are valid values: 10 Unspecified Log Event 11 Log file full 12 Log file erased 20 Unspecified memory event 21 Memory shortage 30 Unspecified CPU event 31 Long term CPU overload 32 Short term CPU overload 40 Unspecified ffs event 41 Attempt to write to full ffs 42 System/user directed purge 43 Removed imgs/cfgs 44 Exec file removed 45 Config file removed 46 Exec file updated 47 Config file updated 50 Unspecified chassis event 51 Module failed to init 52 Module failed to load 53 Module startup failed 54 Module failed 55 Driver failed Page 13-41 Trap Tables Trap Type vlanRouteTableFull Object ID 1.3.6.1.4.1.800.3.1.1.4.0.19 Description The IP or IPX route table is full. Bit Position (Word 1) 18 Hex Value (Word 1) 4 0000 Trap Text and Variable Descriptions IP or IPX route table is full on insertion. Trap Type sapTableFull Object ID 1.3.6.1.4.1.800.3.1.1.4.0.20 Description The SAP table is full upon insertion. Bit Position (Word 1) 19 Hex Value (Word 1) 8 0000 Trap Text and Variable Descriptions Page 13-42 SAP table full on insertion. Trap Tables Trap Type atmSSCOPstate Object ID 1.3.6.1.4.1.800.3.1.1.4.0.21 Description A specified port changed. Bit Position (Word 1) 20 Hex Value (Word 1) 10 0000 Trap Text and Variable Descriptions Signalling state changed (slot 3 port 1) S l o t n u m b e r . The slot number where this ASM module is located. Port number . The port number on this ASM module where the signalling state has changed. Trap Type ilmiState Object ID 1.3.6.1.4.1.800.3.1.1.4.0.22 Description The ILMI state for the specified port changed. This change of state indicates whether address registration was successful, and whether the switch knows the network prefix provided by the external ATM switch. Bit Position (Word 1) 21 Hex Value (Word 1) 20 0000 Trap Text and Variable Descriptions ILMI state changed (slot 3 port 1) S l o t n u m b e r . The slot number where this ASM module is located. Port number. The port number on this ASM module where the ILMI state has changed. Page 13-43 Trap Tables Trap Type atmConnection Object ID 1.3.6.1.4.1.800.3.1.1.4.0.23 Description The specified ATM VCC was created or deleted. Bit Position (Word 1) 22 Hex Value (Word 1) 40 0000 Trap Text and Variable Descriptions ATM VCC created or deleted (slot 3, port 1, Vpi 0, Vci 100, admin status 2) Slot Number . The slot number where this ASM module is located. Port Number. The port number on the ASM module where this VCC was created or deleted. VPI Number . The virtual path identifier for this virtual connecVCI Number . The virtual channel identifier for this virtual connection. Admin Status. Indicates the current status of this ATM VCC. The following integers are valid values: 1 Disabled. This VCC was disabled. 2 Enabled. This VCC was enabled. 3 Deleted. This VCC was deleted. Page 13-44 Trap Tables Trap Type atmService Object ID 1.3.6.1.4.1.800.3.1.1.4.0.24 Description The specified ATM service (Port-to-Port Bridging, Trunking, LAN Emulation, etc.) was created or deleted. Bit Position (Word 1) 23 Hex Value (Word 1) 80 0000 Trap Text and Variable Descriptions ATM service created or deleted (slot 3, port 1, service 2, admin status 2) Slot Number . The slot number where this ASM module is located. Port Number. The port number on the ASM module where the service was created or deleted. Service Number . The ATM service number assigned to this service when it was set up. Admin Status. The current status of this ATM VCC. The following integers are valid values: 1 Disabled. This VCC has disabled. 2 Enabled. This VCC was enabled. 3 Deleted. This VCC was deleted. Page 13-45 Trap Tables Trap Type dlciNew Object ID 1.3.6.1.4.1.800.3.1.1.4.0.27 Description Frame Relay DLCI was created. Bit Position (Word 1) 26 Hex Value (Word 1) 400 0000 Trap Text and Variable Descriptions Frame Relay DLCI created (slot 3 port 1 DLCI Number 100) S l o t n u m b e r . The slot number where this Frame Relay module is located. Port number . The port number on this Frame Relay module where the DLCI was created. DLCI Number. The number of the DLCI that was created. Page 13-46 Trap Tables Trap Type dlciDel Object ID 1.3.6.1.4.1.800.3.1.1.4.0.28 Description Frame Relay DLCI was deleted. Bit Position (Word 1) 27 Hex Value (Word 1) 800 0000 Trap Text and Variable Descriptions Frame Relay DLCI deleted (slot 3 port 1 DLCI Number 100) S l o t n u m b e r . The slot number where this Frame Relay module is located. Port number . The port number on this Frame Relay module where the DLCI was deleted. DLCI number. The number of the DLCI that was just deleted. Page 13-47 Trap Tables Trap Type dlciUp Object ID 1.3.6.1.4.1.800.3.1.1.4.0.29 Description Frame Relay DLCI changed to active state. Bit Position (Word 1) 28 Hex Value (Word 1) 1000 0000 Trap Text and Variable Descriptions Frame Relay DLCI Changed to Active (slot 3 port 1 DLCI Number 100) Slot Number . The slot number where this Frame Relay module is located. Port Number . The port number on this Frame Relay module where the DLCI was activated. DLCI Number. The number of the DLCI that was just activated. Page 13-48 Trap Tables Trap Type dlciDn Object ID 1.3.6.1.4.1.800.3.1.1.4.0.30 Description Frame Relay DLCI changed to inactive state. Bit Position (Word 1) 29 Hex Value (Word 1) 2000 0000 Trap Text and Variable Descriptions Frame Relay DLCI Changed to Inactive (slot 3 port 1 DLCI Number 100) Slot Number . The slot number where this Frame Relay module is located. Port Number . The port number on this Frame Relay module where the DLCI was de-activated. DLCI Number. The number of the DLCI that was just de-activated. Page 13-49 Trap Tables Trap Type portManualForwardingMode Object ID 1.3.6.1.4.1.800.3.1.1.4.0.31 Description The specified port was placed into manual mode forwarding as its default setting. Bit Position (Word 1) 30 Hex Value (Word 1) 4000 0000 Trap Text and Variable Descriptions Slot Number . The slot number Port number . The port number on the module. where this port is located. Port placed into manual mode forwarding (slot 3, port 1, type 1, instance 1 Port Type . The physical type of this port. The following integers are valid values: 1 Unknown 2 Other 3 Router 4 Bridge 5 Trunk 6 ATM trunk port 7 ATM LAN Emulation port 8 Classical IP 9 ATM MUX 203 Ethernet 10BASE-T 204 Ethernet 100BASE-T 205 Token Ring 4 mbs 206 Token Ring 16 mbs 207 FDDI 208 CDDI 209 ATM 25 mbs 210 ATM 50 mbs 211 DS-1 212 DS-3 213 OC-3 214 OC-12 215 OC-48 Physical Instance. The specific instance of this slot/port/type. In most cases this value will be 1 (only one instance of the port), but an ATM port may have multiple instances. Possible values range from 1 to 254. Page 13-50 Trap Tables Trap Type fddiCFStateChange Object ID 1.3.6.1.4.1.800.3.1.1.4.0.32 Description The specified FDDI physical port changed from wrap configuration state. Bit Position (Word 1) 31 Hex Value (Word 1) 8000 0000 Trap Text and Variable Descriptions FDDI physical port changes from wrap configuration state (index 1, state 2) SMT Index. A unique value for each SMT (Station Management Station). The value for each SMT must remain constant at least from one re-initialization of the entity’s network management system to the next re-initialization. SMT State. The attachment configuration for the station or concentrator. The following integers are valid values: 1 isolated 2 local_a 3 local_b 4 local_ab 5 local_s 6 wrap_a 7 wrap_b 8 wrap_ab 9 wrap_s 10 c_wrap_a 11 c_wrap_b 12 c_wrap_s 13 thru Page 13-51 Trap Tables Trap Type duplicateIPaddress Object ID 1.3.6.1.4.1.800.3.1.1.4.0.35 Description The switch detected a duplicate IP address. Bit Position (Word 2) 2 Hex Value (Word 2) 4 Trap Text and Variable Descriptions IP Address. The IP address of the station that reported the duplicate IP address. MAC Address. The MAC address of the station that reported the duplicate IP address. Duplicate IP address detected (IP addr 192.168.10.1, Mac 0036589adf01, slot 3, IF 4, dup Mac 00145221cd02, dup slot 1, dup IF 3 Port Number. The port on the module of the reporting station from which the trap was sent. Slot Number . The slot number of the reporting station from which the trap was sent. Page 13-52 Duplicate Slot. The slot number on the reporting station where the duplicate address was discovered. D u p l i c a t e M A C . The MAc address associated with the duplicated IP address. Duplicate Port. The port on the module of the reporting station where the duplicate address was discovered. Trap Tables Trap Type duplicateMACaddress Object ID 1.3.6.1.4.1.800.3.1.1.4.0.36 Description The switch detected a duplicate MAC address of one of its own router ports. Bit Position (Word 2) 3 Hex Value (Word 2) 8 Trap Text and Variable Descriptions Duplicate MAC address detected (Mac 00145221cd02, slot 2, IF 3, time 4 MAC Address . The router port’s MAC address for which the last duplicate S l o t . The slot MAC address was detected. number where the duplicate MAC address was last received. Interface . The inter- face number where the duplicate MAC address was last received. Time . The time, in seconds, when the duplicate MAC was detected. Page 13-53 Trap Tables Trap Type healthThresholdRising Object ID 1.3.6.1.4.1.800.3.1.1.4.0.37 Description At least one of the user-specified thresholds was exceeded. Bit Position (Word 2) 4 Hex Value (Word 2) 10 Trap Text and Variable Descriptions Thresh-hold rising trap Trap Type healthThresholdFalling Object ID 1.3.6.1.4.1.800.3.1.1.4.0.38 Description At least one of the user-specified thresholds was exceeded during the previous cycle and none of them are exceeded in the current cycle. Bit Position (Word 2) 5 Hex Value (Word 2) 20 Trap Text and Variable Descriptions Page 13-54 Thresh-hold falling trap Trap Tables Trap Type healthThresholdDevice Object ID 1.3.6.1.4.1.800.3.1.1.4.0.39 Description At least one of the device-level threshold crossing was detected. Bit Position (Word 2) 6 Hex Value (Word 2) 40 Trap Text and Variable Descriptions Device-level threshold crossing is detected (Data 0a 09 0d 53 00 00 00 00 00 00 00 00 00 00 00 00) Data . An octet string that represents the contents of device-level rising/falling threshold trap. Trap Type healthThresholdModule Object ID 1.3.6.1.4.1.800.3.1.1.4.0.40 Description At least one module-level threshold crossing was detected. Bit Position (Word 2) 7 Hex Value (Word 2) 80 Trap Text and Variable Descriptions Module-level threshold crossing is detected (count 2, data 0a 09 0d 53 00 00 00 00 00 00 00 00 00 00 00 00)) Count. The number of modules with threshold crossing data in modulelevel rising/falling threshold traps. Data . An octet string that represents the contents of device-level rising/falling threshold trap. Page 13-55 Trap Tables Trap Type xylanXIPXMAPPortStatusChange Object ID 1.3.6.1.4.1.800.3.1.1.4.0.41 Description An XMAP turned on or off. Bit Position (Word 2) 8 Hex Value (Word 2) 100 Trap Text and Variable Descriptions The status of an XMAP-tracked virtual port has changed (port 1, reason 2) Port Number. The virtual port number of the port that most recently changed. Reason. The reason for the last port status change. The following integers are valid values: 0 No trap was sent. 1 A port was added. 2 A change of information on an existing port. 3 A port was deleted. Page 13-56 Trap Tables Trap Type xylanXIPXMAPPortStateChange Object ID 1.3.6.1.4.1.800.3.1.1.4.0.42 Description An XMAP turned on or off. Bit Position (Word 2) 9 Hex Value (Word 2) 200 Trap Text and Variable Descriptions The state of the XMAP agent has changed to (state 1) Operating State . The XMAP’s operating state. The following integers are valid values: 1 inactive 2 active Page 13-57 Trap Tables Trap Type avlAuthAttempt Object ID 1.3.6.1.4.1.800.3.1.1.4.0.43 Description Indicates the last authenticated VLAN attempt. Bit Position (Word 2) 16 Hex Value (Word 2) 1 0000 Trap Text and Variable Descriptions User. The last user who made an authen- tication attempt. The last VLAN authentication attempt was: (user 1, event 2, MAC 0036589adf01, port 4, slot 5) Event Type. The last authorizaMAC Address. The last MAC address to make an authentication attempt. tion attempt type. The following integers are valid values: 1 Successful login 2 Failed Login Attempt 3 Logout/Drop Port. The last port number from which the authentication attempt originated. Slot. The last slot number from which the authentication attempt originated. Page 13-58 Trap Tables Trap Type xylanXIPGMAPFailedUpdate Object ID 1.3.6.1.4.1.800.3.1.1.4.0.44 Description GMAP is unable to update the forwarding database to reflect information in its internal database. Bit Position (Word 2) 11 Hex Value (Word 2) 800 Trap Text and Variable Descriptions Reason. The reason for the last GMAP update was not applied. The following integers are valid values: 1 The target group is an authenticated group. 2 The update would conflict with a binding rule. 3 The update would create two different group entries for the same protocol. 4 The update would create two different protocol entries for the same group. 5) The target group is not mobile. GMAP is unable to update the forwarding database (reason 1, port 2, Mac 0036589adf01, protocol 4, group 5) MAC Address . The last MAC address for which a GMAP change was not applied. Group. The group identifier of the last GMAP change that was not applied. Port . The virtual port number of the last port on which the GMAP change was not applied. Protocol . The protocol identifier of the last GMAP change that was not applied. Page 13-59 Trap Tables Trap Type clkBusLineStateChange Object ID 1.3.6.1.4.1.800.3.1.1.4.0.45 Description Either the bus line’s status changed (active or inactive) or clock switching occurred. Bit Position (Word 2) 10 Hex Value (Word 2) 400 Trap Text and Variable Descriptions Bus Line’s status changed (bus line 1, operating state 1) or clock switching has occurred. Operating State. The bus line’s Bus Line. The specific bus line where the status change occurred. The following integers are valid values: 1 8 khz 2 19 mhz Page 13-60 operating state. The following integers are valid values: 1 inactive 2 active Trap Tables Trap Type bind-violation Object ID 1.3.6.1.4.1.800.3.1.1.1.0.46 Description A configured binding rule was violated. Bit Position (Word 2) 23 Hex Value (Word 2) 80 0000 Trap Text and Variable Descriptions IP Address. The IP address for which this binding is configured. VLAN ID . The VLAN ID for which this rule is configured. Group ID . The group ID of the VLAN for which this rule is configured. A binding rule has been violated (groupId 1, vlanId 2, IP 192.168.10.1 3, Mac 0036589adf01, protocol 5, port 6, rule 4, index 8) Protocol. The protocol for which this binding is configured. R u l e I n d e x . The index which uniquely defines the rule for this VLAN. Port . The port for which this binding is configured. MAC Address. The MAC address for which this binding is configured. Rule . The rule for which this binding is configured. Page 13-61 Trap Tables Trap Type mpcStatisticsOverflow Object ID 1.3.6.1.4.1.800.3.1.1.4.0.47 Description An entry in the mpcStatisticsTable reached the threshold value. Bit Position (Word 2) 18 Hex Value (Word 2) 4 0000 Trap Text and Variable Descriptions MPC: Statistics threshold value reached (MpcIndex, Insufficient resources replies.) MPC Index. A unique number that identi- fies a conceptual row in the mpcConfigTable. Insufficient resources replies. The reply from the MPC Statistics Table came back as insufficient resources. Page 13-62 Trap Tables Trap Type fddiLerFlagChange Object ID 1.3.6.1.4.1.800.3.1.1.1.0.65 Description The LER (Link Error Rate) flag on a port changed from CLEAR to SET. Bit Position (Word 3) 0 Hex Value (Word 3) 1 Trap Text and Variable Descriptions FDDI: Link Error Rate on a port is set (SMTIndex 1, port 2, LerFlag 3) SMT Index . A unique value for each SMT (Station Management). The value for each SMT must remain constant at least from one re-initialization of the entity’s network management system to the next re-initialization. Port index. A unique value for each port with in a given SMT, which is the same as the corresponding resource index in SMT. The value for each port must remain constant at least from one re-initialization of the entity’s network management system to the next reinitialization. LER Flag . The condition becomes active when the value of the fddiPRTLerEstimate is less than or equal to fddimibPORTLerEstimate. The following integers are valid values: 1 True 2 False Page 13-63 Trap Tables Trap Type fddiLCTFailCntIncr Object ID 1.3.6.1.4.1.800.3.1.1.1.0.66 Description The LCT (Link Confidence Test) flag on a port incremented. Bit Position (Word 3) 1 Hex Value (Word 3) 2 Trap Text and Variable Descriptions Fddi: Link Confidence Test flag on a port incremented (SMTIndex 1, port index 2, failure counts 3 Port Index . A unique value for each port within a given SMT, which is the same as the corresponding resource index in SMT. The value for each port must remain constant at least from one re-initialization of the entity’s network management system to the next re-initialization. Failure Counts . The count of the consecutive times the link confidence test (LCT) failed during connection management. Page 13-64 SMT Index. A unique value for each SMT. The value for each SMT must remain constant at least from one re-unitization of the entity’s network management system to the next re-initialization. Trap Tables Trap Type mpcStatisticsOverflow Object ID 1.3.6.1.4.1.800.3.1.1.1.0.67 Description The statisticsNum value of the mpcStatisticsTable reached the threshold value. Bit Position (Word 2) 18 Hex Value (Word 2) 4 0000 Variables mpcIndex mpcStatRxMpoaResolveReplyInsufECResources Trap Text and Variable Descriptions GMAP is unable to update the forwarding database (index 1, MPOA replies 3) MPC Index . A unique number that identifies a conceptual row in the mpcConfigTable. MPOA Resolution Replies. The number of MPOA Resolution Replies received with an MPOA CIE Code of 0x81. Page 13-65 Trap Tables Trap Type mpcShortCut Object ID 1.3.6.1.4.1.800.3.1.1.4.0.68 Description The established shortcut path either closed or failed to complete the path. Bit Position (Word 2) 19 Hex Value (Word 2) 8 0000 Variables mpcRowStatus lecControlDirectVci mpcFlowDetectProtocol mpcIngressCacheDestAddr, mpcIngressCacheDestAtmAddr mpcIndex mpcMpsIndex Trap Text and Variable Descriptions Row Status . This object allows creation and deletion of MPOA clients. GMAP is unable to update the forwarding database (rowStatus 1, control direct Vci 2, protocol 4, dest addr 192.168.40.12, dest ATM addr 3903488001bc900001020000090020da00000900, index 1, mps index 2) Control Direct VCI . The VCI that identifies the VCC at the point where it connects to a LANE client. If the Control Direct VCC does not exist, this value is zero. Destination ATM Address. The destina- tion ATM address received in the MPOA Resolution Reply. Protocol. The protocol on which flow detection is performed. Destination Address . The destination internetwork layer address. MPC Index. A unique number that identi- fies a conceptual row in the mpcConfigTable. MPC MPS Index. The MPS’s index that is used to identify a row in the mpcConig Table. Page 13-66 Trap Tables Trap Type mpcIngressRetryTimeOut Object ID 1.3.6.1.4.1.800.3.1.1.4.0.69 Description The retry time exceeded the MPC-p5 time. Bit Position (Word 2) 20 Hex Value (Word 2) 10 0000 Variables mpcIndex mpcRetryTimeMaximum mpcIngressCacheDestAddr mpcIngressCacheDestAtmAddr mpcFlowDetectProtocol mpcMpsIndex Trap Text and Variable Descriptions Maximum Retry MPC Index. A unique number that identi- Time. The MPC-p5 fies a conceptual row in the mpcConfig- cumulative maximum value for Table. retry time. GMAP is unable to update the forwarding database (index 1, max time 5, dest addr 192.168.40.12, ATM addr 3903488001bc900001020000090020da00000900, protocol 1) Detect Protocol . The Destination Address . The destination internetwork layer address. Destination ATM Address. protocol on which flow detection is performed. The destination ATM address received in the MPOA Resolution Reply. Page 13-67 Trap Tables Trap Type vrrpTrapNewMaster Object ID 1.3.6.1.2.1.46.1.3.1.0.3 Description The sending agent has transitioned from “Backup” state to “Master” state. Bit Position (Word 2) 21 Hex Value (Word 2) 20 0000 Trap Text and Variable Descriptions Agent has transitioned from Backup to Master state (If index 1, vrid 2) Interface Index Number . A unique value that identifies the sending agent. Virtual Router ID . The number that identifies the virtual router on this VRRP. Possible values range from 1 to 255. Page 13-68 Trap Tables Trap Type vrrpAuthFailure Object ID 1.3.6.1.2.1.46.1.3.1.0.4 Description A packet was received from a router whose authentication key or authentication type conflicts with this router’s authentication key or type. Bit Position (Word 2) 22 Hex Value (Word 2) 40 0000 Trap Text and Variable Descriptions A packet with a wrong authentication key or type is received (If index 1, vrid 2, source 192.168.10.1, error type 3) Interface Index Number . A unique Packet Source IP. The IP address of an inbound VRRP packet. value that identifies the sending agent. Error Type. The type of configuration Virtual Router ID. The number that identifies the virtual router on this VRRP. Possible values range from 1 to 255. conflict. The following integers are valid values: 1 Invalid authentication type 2 Mismatched authentication 3 Authentication Failure Page 13-69 Trap Tables Trap Type oamVCAIS Object ID 1.3.6.1.4.1.800.3.1.1.1.0.71 Description The specified connection is in the VC-AIS state. Bit Position (Word 3) 10 Hex Value (Word 3) 400 Variables xylanOamF5VCSlotIndex xylanOamF5VCPortIndex xylanOamF5VCVpiIndex xylanOamF5VCVciIndex Trap Text and Variable Descriptions The specified connection is in VC-AIS state. (Slot 1, Port 2, VPI 2, VCI 1) Slot Number. The slot number for the specified connection. Port Number . The port number for the specified connection. VPI . The virtual path identifier for the specified connection. VCI. The virtual circuit identifier for the specified connection. Page 13-70 Trap Tables Trap Type oamVCRDI Object ID 1.3.6.1.4.1.800.3.1.1.1.0.72 Description The specified connection is in the VC-RDI state. Bit Position (Word 3) 11 Hex Value (Word 3) 800 Variables xylanOamF5VCSlotIndex xylanOamF5VCPortIndex xylanOamF5VCVpiIndex xylanOamF5VCVciIndex Trap Text and Variable Descriptions The specified connection is in VC-RDI state. (Slot 1, Port 2, VPI 2, VCI 1) Slot Number. The slot number for the specified connection. Port Number . The port number for the specified connection. VPI . The virtual path identifier for the specified connection. VCI. The virtual circuit identifier for the specified connection. Page 13-71 Trap Tables Trap Type oamVCLOC Object ID 1.3.6.1.4.1.800.3.1.1.1.0.73 Description The specified connection is in the VC-LOC state. Bit Position (Word 3) 12 Hex Value (Word 3) 1000 Variables xylanOamF5VCSlotIndex xylanOamF5VCPortIndex xylanOamF5VCVpiIndex xylanOamF5VCVciIndex Trap Text and Variable Descriptions The specified connection is in VC-LOC state. (Slot 1, Port 2, VPI 2, VCI 1) Slot Number. The slot number for the specified connection. Port Number . The port number for the specified connection. VPI . The virtual path identifier for the specified connection. VCI. The virtual circuit identifier for the specified connection. Page 13-72 Trap Tables Trap Type oamVCUnsuccessLoop Object ID 1.3.6.1.4.1.800.3.1.1.4.0.74 Description The specified connection is in the Unsuccessful Loopback state. Bit Position (Word 3) 13 Hex Value (Word 3) 2000 Variables xylanOamF5VCSlotIndex xylanOamF5VCPortIndex xylanOamF5VCVpiIndex xylanOamF5VCVciIndex Trap Text and Variable Descriptions The specified connection is in VC-UnsuccessLoop state. (Slot 1, Port 2, VPI 2, VCI 1) Slot Number. The slot number for the specified connection. Port Number . The port number for the specified connection. VCI. The virtual circuit identifier for the specified connection. VPI . The virtual path identifier for the specified connection. Page 13-73 Trap Tables Trap Type oamVPAIS Object ID 1.3.6.1.4.1.800.3.1.1.4.0.75 Description The specified VP connection is in the VP-AIS state. Bit Position (Word 3) 14 Hex Value (Word 3) 4000 Variables xylanOamF5VCSlotIndex xylanOamF5VCPortIndex xylanOamF5VCVpiIndex Trap Text and Variable Descriptions The specified connection is in VP-AIS state. (Slot 1, Port 2, VPI 2, VCI 1) Slot Number. The slot number for the specified connection. Port Number . The port number for the specified connection. VPI . The virtual path identifier for the specified connection. VCI. The virtual circuit identifier for the specified connection. Page 13-74 Trap Tables Trap Type oamVPRDI Object ID 1.3.6.1.4.1.800.3.1.1.4.0.76 Description The specified VP connection is in the VP-RDI state. Bit Position (Word 3) 15 Hex Value (Word 3) 8000 Variables xylanOamF5VCSlotIndex xylanOamF5VCPortIndex xylanOamF5VCVpiIndex Trap Text and Variable Descriptions The specified connection is in VP-LOC state. (Slot 1, Port 2, VPI 2, VCI 1) Slot Number. The slot number for the specified connection. Port Number . The port number for the specified connection. VPI . The virtual path identifier for the specified connection. VCI. The virtual circuit identifier for the specified connection. Page 13-75 Trap Tables Trap Type oamVPLOC Object ID 1.3.6.1.4.1.800.3.1.1.4.0.77 Description The specified VP connection is in the VP-LOC state. Bit Position (Word 3) 16 Hex Value (Word 3) 1 0000 Variables xylanOamF5VCSlotIndex xylanOamF5VCPortIndex xylanOamF5VCVpiIndex Trap Text and Variable Descriptions The specified connection is in VPUnsuccessLoop state. (Slot 1, Port 2, VPI 2, VCI 1) Slot Number. The slot number for the specified connection. Port Number . The port number for the specified connection. VPI . The virtual path identifier for the specified connection. VCI. The virtual circuit identifier for the specified connection. Page 13-76 Trap Tables Trap Type oamVPUnsuccessLoop Object ID 1.3.6.1.4.1.800.3.1.1.4.0.78 Description The specified VP connection is in the unsuccessful loopback state. Bit Position (Word 3) 17 Hex Value (Word 3) 2 0000 Variables xylanOamF5VCSlotIndex xylanOamF5VCPortIndex xylanOamF5VCVpiIndex Trap Text and Variable Descriptions The specified connection is in VP-RDI state. (Slot 1, Port 2, VPI 2, VCI 1) Slot Number. The slot number for the specified connection. Port Number . The port number for the specified connection. VPI . The virtual path identifier for the specified connection. VCI. The virtual circuit identifier for the specified connection. Page 13-77 Trap Tables Trap accountEvent Object ID 1.3.6.1.4.1.800.3.1.1.4.0.86 Description An account event is generated to signal that a new accounting file is available on the switch Bit Position (Word 3) 21 Hex Value (Word 3) 20 0000 Variable Description chasAccountName - Path name of the most recently terminated account- ing file. chasAccountFileCount - The number of terminated accounting files await- ing collection and removal by an external accounting collection agent. Trap Over1Alarm Object ID 1.3.6.1.4.1.800.3.1.1.4.0.87 Description This alarm is generated when the filling level exceeds the first threshold. It signals that the switch changes over to the alternate collection device. Bit Position (Word 3) 22 Hex Value (Word 3) 40 0000 Variable Description - The amount of buffer taken up by accounting data. Value shown as a percentage of the buffer size. chasAccountThreshold1 - The first filling level of the intermediate storage area for accounting data. Crossing this threshold generates a warning. Value shown as a percentage of the buffer size. chasAccountDeviceInUse - The IP address of the collection device with which a TCP connection was most recently established. Page 13-78 chasAccountFilingLevel Trap Tables Trap Type Under1Event Object ID 1.3.6.1.4.1.800.3.1.1.4.0.88 Description This event is generated when the filling level goes below the first threshold. This event is for information only. Bit Position (Word 3) 23 Hex Value (Word 3) 80 0000 Variable Description - The amount of buffer taken up by accounting data. Value shown as a percentage of the buffer size. chasAccountThreshold1 - The first filling level of the intermediate storage area for accounting data. Crossing this threshold generates a warning. Value shown as a percentage of the buffer size. Trap Over2Alarm Object ID 1.3.6.1.4.1.800.3.1.1.4.0.89 Description This alarm is generated when the filling level exceeds the second threshold. It signals that the switch changes over to the alternate collection device. Bit Position (Word 3) 24 Hex Value (Word 3) 100 0000 Variable Description - The amount of buffer taken up by accounting data. Value shown as a percentage of the buffer size. chasAccountThreshold2 - The second filling level of the intermediate storage area for accounting data. Crossing this threshold generates a warning. Value shown as a percentage of the buffer size. chasAccountDeviceInUse - The IP address of the collection device with which a TCP connection was most recently established. chasAccountFilingLevel chasAccountFilingLevel Page 13-79 Trap Tables Trap Under2Event Object ID 1.3.6.1.4.1.800.3.1.1.4.0.90 Description This event is generated when the filling level is lowered below the second threshold. Bit Position (Word 3) 25 Hex Value (Word 3) 200 0000 Variable Description - The amount of buffer taken up by accounting data. Value shown as a percentage of the buffer size. chasAccountThreshold2 - The second filling level of the intermediate storage area for accounting data. Crossing this threshold generates a warning. Value shown as a percentage of the buffer size. Trap Over3Alarm Object ID 1.3.6.1.4.1.800.3.1.1.4.0.91 Description This event is generated when the filling level exceeds the third threshold. It signals that the switch is now in congestion. Bit Position (Word 3) 26 Hex Value (Word 3) 400 0000 Variable Description - The amount of buffer taken up by accounting data. Value shown as a percentage of the buffer size. chasAccountThreshold3 - The third filling level of the intermediate storage area for accounting data. Crossing this threshold generates a warning. Value shown as a percentage of the buffer size. chasAccountDeviceInUse - The IP address of the collection device with which a TCP connection was most recently established. Page 13-80 chasAccountFilingLevel chasAccountFilingLevel Trap Tables Trap Under3Event Object ID 1.3.6.1.4.1.800.3.1.1.4.0.92 Description This event is generated when the filling level goes below the third threshold. Bit Position (Word 3) 27 Hex Value (Word 3) 8000 0000 Variable Description - The amount of buffer taken up by accounting data. Value shown as a percentage of the buffer size. chasAccountThreshold3 - The third filling level of the intermediate storage area for accounting data. Crossing this threshold generates a warning. Value shown as a percentage of the buffer size. Trap Type NoDeviceAlarm Object ID 1.3.6.1.4.1.800.3.1.1.4.0.93 Description This alarm is generated when the TCP connection establishment fails with both the primary and the secondary collection devices. Bit Position (Word 3) 28 Hex Value (Word 3) 1000 0000 Variable Description chasAccountDevicePrimary chasAccountFilingLevel - The IP address of the primary collection device. chasAccountDeviceSecondary - The IP address of the secondary collection device. Page 13-81 Trap Tables Trap FileAlarm Object ID 1.3.6.1.4.1.800.3.1.1.4.0.94 Description This alarm is generated when too many files are awaiting collection. Bit Position (Word 3) 29 Hex Value (Word 3) 2000 0000 Variable Description chasAccountFileCount - The number of terminated accounting files await- Trap Type fantrayEvent Object ID 1.3.6.1.4.1.800.3.1.1.4.0.1 Description A fantrayEvent trap occurs when a problem condition is recognized on a chassis fan tray. Bit Position (Word 3) 30 Hex Value (Word 3) 4000 0000 Variable Description fantray1State - Status of fan tray 1. chasAccountDeviceSecondary - Status Page 13-82 ing collection and removal by an external accounting collection agent. of fan tray 2. Trap Tables Trap Type ldpPeerCreate Object ID 1.3.6.1.4.1.800.3.1.1.4.0.80 Description A LDP peer is identified by the LDP hello mechanism and a peer entry is created. Bit Position (Word 3) 5 Hex Value (Word 3) 20 Variables mplsLdpEntityID mplsLpdPeerIndex mplsLdpPeerID Trap Text and Variable Descriptions Peer Entity is Created. (EntityId 1, PeerIndex 2, PeerId 3) EntityId . The identification number assigned to the new entity. PeerIndex . The index number assigned to the peer. PeerId. The identification number assigned to the peer. Page 13-83 Trap Tables Trap Type ldpPeerDelete Object ID 1.3.6.1.4.1.800.3.1.1.1.0.81 Description An LDP peer is lost and the peer entry is deleted. Bit Position (Word 3) 6 Hex Value (Word 3) 40 Variables mplsLdpEntityID mplsLpdPeerIndex mplsLdpPeerID Trap Text and Variable Descriptions Peer Entity is Deleted. (EntityId 1, PeerIndex 2, PeerId 3) EntityId . The identification number of the deleted entity. PeerIndex. The index number of the deleted peer. PeerId. The identification number of the deleted peer. Page 13-84 Trap Tables Trap Type ldpSessionCreate Object ID 1.3.6.1.4.1.800.3.1.1.4.0.82 Description An LDP session with the peer is established and a session entry is created. Bit Position (Word 3) 17 Hex Value (Word 3) 80 Variables mplsLdpEntityID mplsLpdPeerIndex mplsLdpPeerID mplsLdpSessionIndex Trap Text and Variable Descriptions LDP Session Created. (EntityId 1, PeerIndex 2, PeerId 3, Session Id 4) EntityId . The identification number assigned to the newentity. PeerIndex. The index number of the peer with which the session is created. PeerId. The identification number of peer with which the session is created. SessionId . The identification number of the new session. Page 13-85 Trap Tables Trap Type ldpSessionDelete Object ID 1.3.6.1.4.1.800.3.1.1.4.0.83 Description An LDP session with the peer is lost and the session entry is deleted. Bit Position (Word 3) 8 Hex Value (Word 3) 100 Variables mplsLdpEntityID mplsLpdPeerIndex mplsLdpPeerID mplsLdpSessionIndex Trap Text and Variable Descriptions LDP Session Deleted. (EntityId 1, PeerIndex 2, PeerId 3, Session Id 4) EntityId. The identification number of the deleted entity. PeerIndex. The index number of the peer with whom the session entry was lost. PeerId. The identification number of the peer with whom the session entry was lost. SessionId. The identification number of the deleted session. Page 13-86 Trap Tables Trap Type lecStateChangeEvent Object ID 1.3.6.1.4.1.800.3.1.1.4.0.96 Description A trap message is sent to a network manager when a LEC status changes. Bit Position (Word 2) 26 Hex Value (Word 3) 40 00000 Variables lecID lecActualLanName lecAtmAddress, xylanLecSlotNumber xylanLecPortNumber xylanLecServiceNumber lecInterfaceState xylanReasonOfChange Page 13-87 Trap Tables Trap Text and Variable Descriptions Service Instance. The specific instance of E L A N N a m e . The name of the ELAN whose status changed to generate this trap. this service. In most cases this value will be 1 but an ATM port may have multiple instances LEC Status Change (ELAN Name, Service Instance, New state, previous state). New State. The new, current status of the LEC that changed to generate this trap. Displayed as an integer as shown below in the State List. State List 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. Page 13-88 none timeout undefined error version not supported invalid request parameters duplicate LAN destination duplicate ATM address insufficient resources access denied invalid requester id invalid LAN destination invalid ATM address no configuration leconfigureError insufficient information Previous State. The previous status of the LEC that changed to generate this trap. Displayed as an integer as shown below in the State List. 14 DNS Resolver and RMON Introduction This chapter describes commands related to the Domain Name Server (DNS) resolver and remote network monitoring (RMON) feature in the switch. This chapter also describes how to configure router port MAC addresses with the chngmac command. The commands for these features are available from the Networking submenu, which is described in Chapter 25, “IP Routing.” Configuring the DNS Resolver The Names Submenu The Names command takes you to the Names submenu. The one command in this menu, res, is used to view and to configure the Domain Name Server (DNS) resolver. You can configure up to three Domain Name Servers. The switch searches all three servers until it resolves the name to an IP address or until it fails to find the name. To display the Names submenu, enter the following command: names A screen similar to the following displays: Command -----------res Resolver Configuration Menu -------------------------------------------------------View/Configure the DNS resolver Main File Summary VLAN Networking Interface Security System Services Help To configure one or more Domain Name Servers, enter the following command: res If the resolver function has not been enabled, a screen similar to the following displays: DNS Resolver Configuration 1) Resolver Enabled : No Command {Item=Value/?/Help/Quit/Redraw/Save} (Redraw) : Page 14-1 Configuring the DNS Resolver To enable the resolver function, enter 1=y. A screen similar to the following then displays: DNS Resolver Configuration 1) Resolver Enabled 2) Domain 3) Server Address 1 4) Server Address 2 5) Server Address 3 : Yes : UNSET : UNSET : UNSET : UNSET Command {Item=Value/?/Help/Quit/Redraw/Save} (Redraw) : The prompts allow you to enter a Domain Name and up to three Domain Name Servers (identified by their IP addresses). • To change a value, enter the number corresponding to that value, an (=), then the new value. For example, to set a Domain Name to Company.Com, enter 2=Company.Com. • To clear an entry, specify the value as (.) as in 2=. • To save all your modifications, enter save • To cancel all your modifications, enter quit • To view the parameters currently configured, enter ? Page 14-2 Remote Network Monitoring (RMON) Remote Network Monitoring (RMON) Remote Network Monitoring (RMON) allows you to set up remote monitoring within your Omni Switch/Router. RMON consists of “probes” and “events.” There are two commands in the Networking menu, probes and events, which you can use to monitor, activate and inactivate probes and events. Be aware that you cannot create probes from within the switch’s User Interface; to do so requires a network application such as HP ProbeView. Probes and Events A probe is a task that runs in the switch. By using probes instead of sending repetitive inquiries to the switch, network traffic is significantly reduced. There are three different kinds of probes: Ethernet, History, and Alarm. A network management station (NMS) can configure either History or Alarm probes (a maximum of 16 is allowed). The status of a probe can be one of the following: • Creating - The probe is under creation. • Active - The probe is active. • Inactive - The probe is inactive. An event is an action that takes place based on an alarm condition detected by a probe. The event can take the form of an SNMP trap message and/or a log entry describing the alarm. Ethernet Probes An Ethernet probe monitors a selected Ethernet interface (port) and tracks Ethernet statistics. An Ethernet probe is automatically created on each Ethernet interface that is enabled. If the interface becomes disabled, that Ethernet probe is deleted. History Probes A History probe keeps a running history of all the statistics it has collected. When you set up a history probe you assign a sampling interval and a total number of samples to be taken. It keeps this information in a set of rotating buffers, so that it always retains the most recent samples. The sampling rate is configurable from 1 second to 3600 seconds (1 hour). The total number of samples is configurable, however, it is limited by system resources (memory) available. The more samples you request, the more system resources needed. You may request as many samples as you want but the system will only grant as many as it has available. Alarm Probes An Alarm probe generates an alarm if the variable you are monitoring exceeds a set limit. To set up an Alarm probe you need to select a variable (Ethernet statistic) that you want to monitor. You set an upper and lower threshold that you will allow this variable to reach. If it crosses the threshold, an event is triggered which results in the sending of an SNMP trap and/ or the logging of the alarm. There are two ways an Alarm probe monitors variables. One is by absolute value. For example, if you set an upper limit of 100, an alarm will be generated if the variable exceeds 100. The other is a delta value where you can set the amount of change allowable; for example, you could set the delta range to 10. If the current sample differs from the previous sample by more than 10, an alarm will be generated. Page 14-3 Remote Network Monitoring (RMON) The Alarm probe attempts to prevent a flood of alarms from being generated by fluctuating values. It does so by continuously comparing the upper and lower limits. What this means is that the first time either an upper or lower limit is exceeded, an alarm will be generated. However, if the variable moves back inside the limit, then out again, another alarm will not be generated unless the opposite limit is exceeded. For example, consider a situation where an upper limit of 75 and a lower limit of 25 is set. The variable goes to 76. An alarm is generated. If it drops to 74 then goes back up to 76, no alarm will be generated. Only when the variable drops below 25 will another alarm be generated. If it goes back up to 76 then another alarm will be generated, etc. This procedure prevents a flood of alarms from being generated if the value fluctuates between 74 and 76. Monitoring Probes The probes command is used to monitor, activate, and inactivate existing probes (remember, you cannot create probes in the switch’s UI). You can do three things with the command: 1. View all the current probes. 2. View a specific probe. 3. Activate or inactivate a History or Alarm Probe. (You can only do this with the “admin” login.) The probes command has three optional parameters. The format is: probes [active | inactive] [n] where: active - activates an existing probe inactive n - inactivates an existing probe - is the entry number of the probe to view If you enter the probes command without parameters, it displays all the current probes. RMON Probe Summary Entry Slot/Port 1 2/ 1 2 2/ 1 3 2/ 1 Flavor Ethernet History Alarm Status Active Active Active Time System Resources 0 hrs 39 mins 312 bytes 0 hrs 4 mins 3656 bytes 0 hrs 0 mins 1336 bytes Entry The entry number in the list of probes (1-16). Slot/Port The slot port number (interface) that this probe is monitoring. Flavor Ethernet, History, or Alarm. Status Creating, Active, or Inactive. Page 14-4 Remote Network Monitoring (RMON) Time Time since the last change in status. System Resources Amount of memory that has been allocated to this probe. To see the detail for each of the probes enter the probes command followed by the entry number as shown below. /Networking % probes 1 RMON Probe Summary Entry Slot/Port Flavor Status Time System Resources 1 2/ 1 Ethernet Active 0 hrs 39 mins 312 bytes Probe’s Owner: Omni Switch/Router Ethernet probe on slot 2 port 1 /Networking % probes 2 RMON Probe Summary Entry Slot/Port Flavor Status Time System Resources 2 2/ 1 History Active 0 hrs 4 mins 3656 bytes Probe’s Owner: andy History Control Buckets Requested = 60 History Control Buckets Granted = 60 History Control Interval = 60 seconds History Sample Index = 6 /Networking % probes 3 RMON Probe Summary Entry Slot/Port Flavor Status 3 2/ 1 Alarm Active Probe’s Owner: andy Alarm Rising Threshold Alarm Falling Threshold Alarm Rising Event Index Alarm Falling Event Index Alarm Interval Alarm Sample Type Alarm Startup Alarm Alarm Variable Time System Resources 0 hrs 0 mins 1336 bytes = = = = = = = = 3000 3000 1 3 30 seconds delta value rising or falling alarm ethernet octets received Monitoring Events The events command has one optional parameter. The format is: events [clear] where: clear - clears the event log. (You can only do this with the “admin” login.) RMON Logged Events Summary Entry 1 Time 0 hrs 26 mins Description Rising threshold alarm for etherStatsOctets on slot 2 port 1 2 0 hrs 27 mins Rising threshold alarm for etherStatsOctets on slot 2 port 1 Page 14-5 Configuring Router Port MAC Addresses Configuring Router Port MAC Addresses You can use the chngmac command if you want to configure a locally administered address (LAA) for a group that has an IP router port, IPX router port, or both. To use this command, enter chngmac followed by the number of the group you want to modify (the default group number is 1). ♦ Important Note ♦ You must add chngmacFlag=1 to the end of the mpx.cmd file and then reboot the switch to use the chngmac command. See Chapter 7, “Managing Files,” for information on editing system files. For example, if you want to modify a MAC address in Group 2, you would enter: chngmac 2 at the system prompt. Something similar to the following would then be displayed: Current MAC address is factory default Enter Router Port's MAC address ([XXYYZZ:AABBCC]) : Enter the router port MAC address. (It cannot be a multicast address.) If you enter an incorrect address, the following will be displayed: Invalid input format -- usage [XXYYZZ:AABBCC]. and the chngmac command will terminate. If you enter a correct address, the following would then be displayed: Is MAC address in Canonical or Non-Canonical (C or N) [C] : Enter C if the address is canonical or N if it is non-canonical (the default is canonical). Note that if you execute the chngmac command again it will display the user-defined instead of “factory default.” Restoring Router Port Mac Addresses If you want to restore the MAC address to the factory default, enter chngmac followed by the group number. When the system asks for the MAC address, enter 000000:000000. For example, to restore router port configured MAC address 003030:000001 in Group 2 to the factory default, enter chngmac 2 at the system prompt. The following would then be displayed: Configured MAC Address: Canonical Non-Canonical 003030:000001 000c0c:000080 {Address 000000:000000 requests use of factory default} Enter Router Port's MAC address ([XXYYZZ:AABBCC]) : Note that the chngmac command displayed the user-defined instead of “factory default.” Enter 000000:000000 at the prompt. Page 14-6 15 Managing Ethernet Modules Overview of Omni Switch/Router Ethernet Modules This chapter describes User Interface commands for Ethernet, Fast Ethernet, and Gigabit Ethernet modules. This chapter documents User Interface (UI) commands to manage Omni Switch/Router Ethernet modules. For documentation on Command Line Interface (CLI) commands to manage Ethernet modules, see the Text-Based Configuration CLI Reference Guide. ♦ Important Notes ♦ In Release 4.4 and later, the Omni Switch/Router is factory-configured to boot up in CLI (Command Line Interface) mode, rather than in UI (User Interface) mode. See Chapter 4, “The User Interface,” for documentation on changing from CLI mode to UI mode. In Release 4.5 and later, Mammoth-based Ethernet and early-generation Ethernet modules are no longer supported. Port Mirroring and Port Monitoring Port Mirroring and Port Monitoring can be used on all Ethernet modules. Both Port Mirroring and Port Monitoring are described at the end of Chapter 19, “Managing Groups and Ports.” Fast Ethernet Backbones Fast Ethernet ports can be used as backbone links. The switch has two features that can improve the performance and flexibility of Ethernet backbones. OmniChannel aggregates the bandwidth of up to four (4) Fast Ethernet ports. This feature allows you to scale Fast Ethernet links from 100 Mbps to 800 Mbps in 100 Mbps increments. OmniChannel is described in OmniChannel on page 15-9. Fast Ethernet ports also support the 802.1Q tagging mechanism, enhancing the compatibility of ports with other vendors’ equipment. 802.1Q is described in Chapter 16, “Managing 802.1Q Groups.” Gigabit Ethernet Modules Gigabit Ethernet modules can be used as backbone links and used to support high-speed servers. Kodiak Gigabit Ethernet modules support 802.1Q hardware tagging. See Chapter 16, “Managing 802.1Q Groups,” for more information on 802.1Q hardware tagging for Gigabit Ethernet Modules. ♦ Note ♦ For Kodiak-based 10/100 Ethernet modules, 802.1Q is supported over OmniChannel. See Chapter 16, “Managing 802.1Q Groups” for more information. Page 15-1 Overview of Omni Switch/Router Ethernet Modules Variety of Connector Options Ethernet and Fast Ethernet modules are available in a variety of connector types. On the OmniSwitch, Fast Ethernet modules use copper RJ-45 and fiber SC connectors. On the Omni Switch/Router, 10/100 Ethernet modules use copper RJ-45 connectors and the ESX-100FM/FS12W Fast Ethernet module uses fiber MT-RJ connectors. On the OmniSwitch, Ethernet 10 Mbps modules are available with copper RJ-45, fiber SC, Telco (RJ-21), BNC, and AUI connectors. On the Omni Switch/Router, the 10 Mbps ESX-FM-24W uses fiber VF-45 connectors. Gigabit Ethernet modules on the OmniSwitch and Omni Switch/Router use fiber SC connectors. Refer to Chapter 3, “Omni Switch/Router Switching Modules,” for information on Omni Switch/Router Ethernet hardware. Three Generations of Modules Ethernet modules in Release 3.1 and later contained advanced chip technology referred to as “Mammoth.” This technology boosted the port density of modules, increasing the port count available in each chassis. The Mammoth technology also included ports with 10/100 autosensing capability. This generation of Ethernet modules also uses a different set of software commands to configure and monitor ports. Ethernet modules in Release 4.3 and later contain another chip technology referred to as “Kodiak.” The new Kodiak-based modules combine several features of the Mammoth and early Ethernet modules. They support priority VLANs with 4 separate levels of priority; in addition, ESX-K Series Kodiak-based Ethernet modules support the addition of a server version of the OmniChannel. For information on priority VLANs, see Chapter 19, “Managing Groups and Ports.” For information on OmniChannel and Server Channel features, see OmniChannel on page 15-9. The following table outlines the Kodiak Ethernet modules. ♦ Important Note ♦ In Release 4.5 and later, Mammoth-based Ethernet and early-generation Ethernet modules are no longer supported. Page 15-2 Overview of Omni Switch/Router Ethernet Modules Kodiak Ethernet Modules Ethernet Module (Chassis Type) Speed Supported (per port) Software Configurable? Commands Available OmniChannel Supported? ESX-K-100C-32W (Omni Switch/Router) 10/100 Mbs Yes 10/100cfg 10/100vc Yes ESX-K-100FM/FS-16W (Omni Switch/Router) 100 Mbs Yes 10/100cfg 10/100vc Yes GSX-K-FM/FS-2W (Omni Switch/Router) 1000 Mbs Yes 10/100cfg 10/100vc No ESX-K Series Modules and Optimized Ports Kodiak-based modules will flood packets with unknown destination addresses on ports configured for optimized device mode. To prevent this condition, the following command can be entered into the mpx.cmd file: MamOptSwitchPorts=1 If the port is set to optimized and has not learned a MAC address, it will flood these packets out regardless if the above condition is used. If the above flag is set, the port will not flood multicast packets. ♦ Note ♦ For information on editing the mpx.cmd text files, see Chapter 7, “Managing Files.” Port Partitioning Ethernet10BaseT, 10/100BaseT and 100BaseF boards can detect certain cabling errors and/or physical media misconfigurations which could lead to multiple retries or reception of multiple spurious frames, affecting performance of attached devices. In this event, the system will partition the affected port, which will be marked in the vi menu with Inactive (Inactv) operational status. (See Chapter 19, “Managing Groups and Ports,” for information about the vi command.) If a cable drop is detected, the system will remove the partitioned state, bringing the port back into a normal state once the link is detected. If the original cabling problem has not been corrected, the link may become partitioned again. In this event, normal operation will be enabled when the problem has been corrected. Page 15-3 The Ethernet Management Menus The Ethernet Management Menus The eth100 and 10/100 sub-menus are described in this chapter. These sub-menus are part of the physical interface sub-menu, which appears similar to the following display: Command --------------slipc atm eth100 10/100 tok Physical Interface Menu -------------------------------------------------------Configure SLIP (Serial Line IP) on a TTY Port Enter the ATM Management sub-menu Enter the 100BaseT sub-menu Enter the 10/100BaseT sub-menu Enter the Token Ring Management sub-menu Main File Interface Security Summary VLAN System Services Networking Help The eth100 sub-menu contains commands for early generation Fast Ethernet modules. The 10/100 sub-menu has commands for Kodiak Ethernet modules. When you enter eth100 at a system prompt, you enter the early generation Fast Ethernet submenu. This sub-menu displays as follows: Command --------------eth100vc eth100cfg 100BaseT Menu -------------------------------------------------------View 100BaseT Port Configuration Table Configure 100BaseT Port Parameters Main File Interface Security Summary VLAN System Services Networking Help ♦ Important Note ♦ In Release 4.5 and later, early-generation Ethernet modules are no longer supported. When you enter 10/100 at a system prompt, you enter the Kodiak Ethernet configuration submenu. This sub-menu displays as follows: Command 10/100 Menu --------------- -------------------------------------------------------10/100vc View 10/100 Port Configuration Table 10/100cfg Configure 10/100 Port Parameters crechnl Create a Fast Ethernet Channel delechnl Delete a Fats Ethernet Channel addprtchnl Add port/s to a fast Ethernet Channel delprtchnl Delete port/s from a fast Ethernet Channel chnlinfo Display channel configuration parameters Main File Interface Security Summary VLAN System Services Networking Help Descriptions for these commands begin on page 15-5. The commands in this sub-menu below crechnl are used to configure OmniChannel; documentation for OmniChannel begins on page 15-9. Page 15-4 Configuring 10/100 Auto-Sensing Ports Configuring 10/100 Auto-Sensing Ports The 10/100cfg command allows you to enable auto-negotiation, as well as configure link speed (10 or 100 Mbps) and the link mode (full or half-duplex) on 10/100 Ethernet ports on the ESX-K-100C-32W modules on the Omni Switch/Router. Follow these steps to configure a 10/100 port: 1. Enter 10/100cfg at the system prompt and press <Enter>. 2. The system displays a prompt asking for the slot and port number: Enter Slot/Interface : Enter the slot number, a slash (/), and the port number of the Ethernet port that you want to configure. Press <Enter>. 3. The system prompts you to enable or disable auto-sensing: Autonegotiate [y,n, or quit] (Currently enabled (y)) : Enter y to enable auto-negotiation or n to disable auto-negotiation. Auto-negotiation can be used to determine the link speed and the link mode (full or half) of the connection. If you choose y to enable auto-negotiation, the system will automatically detect whether the connection speed of the attached device is 10 Mbps or 100 Mbps. It can also determine whether the link mode of the connection is half- or full-duplex. ♦ Note ♦ Auto-negotiated ports on GSX modules display inactive ports as 1000 Mbps/full duplex. If you enable auto-negotiation, continue with Step 6. If you choose n to disable auto-negotiation, then you will be prompted for the Line Speed. Continue on with the next step. 4. If you chose to disable auto-sensing, then the following prompt displays showing the current line speed: Line Speed [100 or 10] (Currently 100) : Select whether you want the port to operate at 10 Mbps or 100 Mbps. The port will operate at this speed until you change it through the 10/100cfg command later. Press <Enter> after you enter the Line Speed. The new line speed will take effect; no reboot is required. Continue with the next step. 5. The following prompt displays, showing the current link mode: Link Mode [Full, Half] (Currently (H)alf Duplex) : Enter F to set the port to full-duplex mode or H to set the port to half-duplex mode. In full-duplex mode, the full 100 or 10 Mbps of bandwidth is used for data traveling on each direction of the cable. Press <Enter> after you enter the Mode. The new mode will take effect; no reboot is required. You have completed the configuration of this port. Page 15-5 Configuring 10/100 Auto-Sensing Ports 6. Since you have enabled auto-negotiation, the port will automatically sense the line speed of the connection. You can also further enable auto-negotiation for the link mode. When the following prompt displays: Link Mode [Half or Auto] (Currently (H)alf Duplex) : select whether you want the port to auto-sense the duplex mode (Auto) or whether you want the port to default to half-duplex mode (Half). Enter an A for auto-sensing or enter an H for half-duplex. If you set the mode to half-duplex, then the port will always run in half-duplex. If you set the mode to Auto, then the port will automatically detect whether the connection is halfor full-duplex and then operate in that mode. You have completed the configuration of this port. Connecting Kodiak Modules to Non-Auto-Negotiating Links The ESX-K-100C-32W can auto-negotiate link speed. However, if you hard-configure (autonegotiation disabled) a Kodiak 10/100 module port for 10 Mbps, then you should not connect that port to a non-auto-negotiating 100 Mbps port or device. Page 15-6 Configuring Kodiak Ethernet Ports Configuring Kodiak Ethernet Ports The 10/100cfg command allows you to configure the link mode (full or half-duplex) for ports on newer Kodiak Ethernet modules. This procedure describes how to configure Ethernet modules on the Omni Switch/Router. Follow these steps to configure a Kodiak Ethernet port: 1. Enter 10/100cfg at the system prompt and press <Enter>. 2. The system displays a prompt asking for the slot and port number: Enter Slot/Interface : Enter the slot number, a slash (/), and the port number of the Ethernet port that you want to configure. Press <Enter>. 3. The following prompt displays, showing the current link mode: Link Mode [Full, Half] (Currently (H)alf Duplex) : Enter F to set the port to full-duplex mode or H to set the port to half-duplex mode. In full-duplex mode, the full 100 or 10 Mbps of bandwidth is used for data traveling on each direction of the cable. Press <Enter> after you enter the Mode. The new mode will take effect; no reboot is required. Page 15-7 Viewing Configurations for 10/100 Ethernet Modules Viewing Configurations for 10/100 Ethernet Modules The 10/100vc command allows you to view the current status of newer Ethernet modules (see Kodiak Ethernet Modules on page 15-3). These modules support 100 Mbps, or 1000 Mbps Ethernet. Ethernet 10/100 ports (e.g., ESX-K-100C-32) can auto-sense the connection speed of the attached device. Entering 10/100vc displays information similar to the following: 10/100 Configure Values for all slots Slot/ Intf ----5/ 1 5/ 2 5/ 3 5/ 4 5/ 5 5/ 6 5/ 7 5/ 8 Slot/Intf. DETECTED SET AutoLine Duplex Line Duplex negotiate Speed Mode Speed Mode ----------- ------------- -----------enabled ? ? auto half-d enabled 10 HALF-D auto half-d enabled 100 HALF-D auto half-d enabled 100 HALF-D auto half-d enabled ? ? auto half-d enabled 10 HALF-D auto half-d enabled 100 HALF-D auto half-d enabled ? ? auto half-d The slot and port number (Intf) where this Ethernet port is located. Auto-negotiate. Indicates whether auto-negotiation is enabled on a 10/100 port. If enabled, the port will automatically sense whether the attached device operates at 10 Mbps or 100 Mbps and adjust accordingly. If disabled, the port does not automatically detect the connection speed and instead uses the line speed you configure through the 10/100cfg command. You enable or disable auto-negotiation through 10/100cfg. A value of n/a in this column means the port does not support auto-sensing and the line speed defaults to either 10 or 100 Mbps. The next set of columns are divided into DETECTED and SET. The columns under DETECTED are the current operational Line Speed or Duplex Mode. The columns under SET are the configured values; these configured values will either be defaults or the values configured through 10/100cfg. Line Speed. Indicates the speed (in Mbps) at which the port is currently operating (DETECTED) or configured to operate (SET). DETECTED values will be 10 (Mbps), 100 (Mbps), or a question mark (?). A question mark (?) in this column indicates the port is not connected to a device. SET values will be auto, 10 (Mbps,) or 100 (Mbps). The auto setting means auto-sensing is enabled and the Line Speed will equal the speed for which the attached device is configured. Duplex Mode. Indicates whether the port is operating (DETECTED) or configured (SET) for halfor full-duplex mode. DETECTED values will be half-duplex (HALF-D), full-duplex (FULL-D), or a question mark (?). A question mark (?) in this column indicates the port is not connected to a device. SET values will be auto-sensing (auto), half-duplex (half-d), or full-duplex (full-d). If this value is auto, then the switch automatically sets the duplex mode to the network device’s setting. If this value is half-d, then the port will always run in half-duplex mode. If this value is full-d, then the port will always run in full-duplex mode. You configure the duplex mode through the 10/100cfg command. Note that you can only configure a 10/100 port for full-duplex if you disable auto-sensing. Page 15-8 OmniChannel OmniChannel OmniChannel allows you to increase the bandwidth of Fast backbones by combining the capacity of up to four (4) Fast Ethernet ports into one channel. The combined channel operates within Spanning Tree as one virtual port, and can provide up to 800 Mbps (in full-duplex mode) of bandwidth. (In full-duplex mode, 400 Mbps is supported in each direction of the OmniChannel.) This feature is useful for Ethernet-intensive networks that need to increase bandwidth capacity without setting up ATM backbones using OC-3 or OC-12 connections. The OmniChannel feature operates on 10/100 and 100 Mbps Ethernet ports employing Kodiak chip technology, such as those modules listed in the table, Kodiak Ethernet Modules on page 15-3. OmniChannel does not operate on 10 Mbps ports or on early-generation Fast Ethernet ports. ESX ESX 2 K1 K O O 2 K1 K O O 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 FD D H T AC FD D H T AC Tx Tx #1 #1 X R X R TX TX Link 1 #2 #2 X R X R TX TX #3 #3 X R X R TX #4 #4 TX Link 2 X R X R TX TX #5 #5 X R X R TX TX Link 3 #6 #6 X R X R TX TX #7 #7 X R X R TX TX Link 4 #8 #8 X R X R Up to Four 100 Mbps Links May Comprise an OmniChannel Backbone Page 15-9 OmniChannel ♦ Note ♦ For Kodiak-based 10/100 Ethernet modules, 802.1Q is supported over OmniChannel. See Chapter 16, “Managing 802.1Q Groups” for more information. OmniChannel balances the traffic load among links by MAC address. MAC addresses are assigned to physical links in the OmniChannel in a round-robin fashion. The first MAC address learned will transmit and receive data on the first link. The second MAC address learned will transmit and receive over the second link, and so on regardless of the bandwidth requirements of each MAC address. The Server Channel Feature For ESX-K Series Kodiak-based Ethernet boards, you can create an OmniChannel that connects to a server instead of another Omni Switch/Router. The intention of the Server Channel is to give the user the option to increase the bandwidth between a server and Omni Switch/Router for more client request support. This functionality is especially useful for internet servers such as B2C and B2B servers. ESX-K 2 K1 K O O 1 2 3 4 5 6 7 8 FD D H T AC Tx #1 X R Link 1 TX #2 X R TX #3 X R Link 2 #4 TX X R TX #5 X R Link 3 TX #6 X R TX #7 X R Link 4 TX #8 X R Up to Four 100 Mbps Links May Comprise a Server Channel backbone Page 15-10 OmniChannel Server Channel Limitations The following are limitations to creating a server channel on the Omni Switch/Router: • The maximum number of Server Channels in the whole box is not fixed; however, it is suggested that no more than 16 be created on the same switch. • Each Server Channel can support up to 4 ports. • Within one Server Channel, all of channel ports must be on the same slot. • Within one Server Channel, all of channel ports must be in one VLAN. • A port cannot be configured as Server Channel and Omni Channel port at the same time. • Currently, Server Channel cannot be used with 802.1Q. Creating an OmniChannel You use the crechnl command to create an OmniChannel. Follow these steps: 1. Enter crechnl. 2. The following prompt displays: Channel Number (2): Enter the identification number you want to assign to this OmniChannel. By default, the software lists the next available channel number in parentheses. (In this example, the next available channel number is 2.) If you want to select the default, simply press <Enter>. Otherwise, enter the desired channel number and press <Enter>. 3. The following prompt displays: Channel type (1) omni_chnl (2) server_chnl If the far end of the link is another Omni Switch/Router, you need to create an OmniChannel. Select 1 and proceed to the next step. If the far end of the link is a server, select 2 to create a Server Channel. 4. The following prompt displays: To select a port, use the convention - Slot/Physical Port. For eg. 2/1 is used to select Physical Port 1 on Slot 2 Primary Slot/Port: Enter the slot and port that the switch will initially use as the Spanning Tree virtual port for this channel. Each OmniChannel is considered a single virtual port within the network, so only one physical port will participate in Spanning Tree. ♦ Note ♦ After a reboot or after a loss of a connection, the first port in an OmniChannel that the switch brings up will become the primary port. Therefore, one of the ports you choose as the secondary port (explained in Step 5 below) could become the primary port and thus participate in Spanning Tree. Page 15-11 OmniChannel If the port you enter is already part of another OmniChannel, then it cannot be used in a second OmniChannel. The following message displays for those ports that are already part of another OmniChannel: Primary port in use 5. The following prompt displays: To select a port, use the convention - Slot/Physical Port. For eg. 2/1 is used to select Physical Port 1 on Slot 2 Secondary Slot/Port: Enter the other ports that will be used in this OmniChannel. Up to four (4) Fast Ethernet Ports may participate in an OmniChannel. Therefore, you can specify up to three (3) additional ports which will initially become secondary ports. These secondary ports must be on the same module as the primary port. Secondary ports do not participate in the Spanning Tree algorithm; they are used for data transmission only. ♦ Note ♦ As explained in Step 4 above, a port that you initially configure as a secondary port can become a primary port. Specifying a Range of Ports. To specify a range of ports, enter the slot number, a slash (/), the port number for the first secondary port, a dash (-), and the port number for the last secondary port. For example, to specify ports 3, 4, and 5 on the Fast Ethernet module in slot 2 as secondary ports in an OmniChannel, you would enter: 2/3-5 Specifying Multiple Ports. To specify multiple ports (on the same module) that are not physically contiguous, enter the slot number, a slash (/), the port number for the first secondary port, a comma (,), and then the slot and port for the next secondary port. For example, to specify ports 3 and 5 on the Fast Ethernet module in slot 2, you would enter: 2/3, 2/5 The order in which you specify secondary ports is important. In the event of a failure on the primary port, the first secondary port specified will become the primary port in the OmniChannel and participate in Spanning Tree. Messages will display, informing you that secondary ports were saved in flash memory: Successfully saved sec port in flash Successfully saved sec port in flash Page 15-12 OmniChannel Adding Ports to an OmniChannel After you create an OmniChannel with the crechnl command, you can add more secondary ports to the same channel as long as the channel contains less than 4 ports. You use the addprtchnl command to add ports to an OmniChannel. Follow these steps: 1. Enter addprtchnl. 2. The following prompt displays: Channel Number : Enter the channel number to which you want to add secondary ports. You can check the current port assignments for a given OmniChannel by using the chnlinfo command, which is described in Viewing OmniChannel Parameters on page 15-14. 3. The following prompt displays: To select a port, the convention - Slot/Physical Port or Slot/Phy. Port Range. For eg. 2/1 is used to select Physical Port 1 on Slot 2 and 2/2-4 selects physical ports 2,3 and 4 on Slot 2 Slot/Port(s): Enter the additional ports that will be part of this OmniChannel. All the ports you enter will initially be secondary ports (i.e., they do not participate in the Spanning Tree algorithm and are used for data transmission only). You can specify up to 4 ports on an OmniChannel; only 3 of the ports can be secondary ports. Specifying a Range of Ports. To specify a range of ports, enter the slot number, a slash (/), the port number for the first secondary port, a dash (-), and the port number for the last secondary port. For example, to specify ports 3, 4, and 5 on the Fast Ethernet module in slot 2 as secondary ports in an OmniChannel, you would enter: 2/3-5 Specifying Multiple Ports. To specify multiple ports (on the same module) that are not physically contiguous, enter the slot number, a slash (/), the port number for the first secondary port, a comma (,), and the slot and port for the next secondary port. For example, to specify ports 3 and 5 on the Fast Ethernet module in slot 2, you would enter: 2/3, 2/5 Messages will display, informing you that secondary ports were saved in flash memory: Successfully saved sec port in flash Successfully saved sec port in flash Deleting an OmniChannel You can delete any existing OmniChannel through the delchnl command. Follow these steps: 1. Enter delechnl. 2. The following prompt displays: Channel to be deleted: Enter the channel number that you want to delete. You can obtain information on a channel through the chnlinfo command, which is described in Viewing OmniChannel Parameters on page 15-14. Press <Enter> and the channel, along with all port assignments, will be deleted. Page 15-13 OmniChannel Deleting Ports from an OmniChannel You can delete ports from an OmniChannel using the delprtchnl command. Follow these steps: 1. Enter delprtchnl. 2. The following prompt displays: Channel Number : Enter the channel number on which you want to delete ports. You can check the current port assignments for a given OmniChannel by using the chnlinfo command, which is described in Viewing OmniChannel Parameters on page 15-14. 3. The following prompt displays: To select a port, the convention - Slot/Physical Port or Slot/Phy. Port Range. For eg. 2/1 is used to select Physical Port 1 on Slot 2 and 2/2-4 selects physical ports 2,3 and 4 on Slot 2 Slot/Port(s): Enter the port(s) that you want to delete from this OmniChannel. Important Note If you delete the primary port a secondary port will become the new primary port. The secondary port that will take over this role is the first secondary port specified through the crechnl command. Deleting a Range of Ports. To delete a range of ports, enter the slot number, a slash (/), the port number for the first port, a dash (-), and the port number for the last port. For example, to delete ports 3, 4, and 5 on the Fast Ethernet module in slot 2, you would enter: 2/3-5 Deleting Multiple Ports. To delete multiple ports (on the same module) that are not physically contiguous, enter the slot number, a slash (/), the port number for the first port, a comma (,), and the slot and port for the next port. For example, to delete ports 3 and 5 on the Fast Ethernet module in slot 2, you would enter: 2/3, 2/5 Viewing OmniChannel Parameters You can view the current configuration parameters and port assignments for an OmniChannel by using the chnlinfo command. Follow these steps: 1. Enter chnlinfo. 2. The following prompt displays: Enter channel number for which information is required: Enter the channel number for which you want to view information. If you want to view information on all OmniChannels in the switch, simply press <Enter>. Page 15-14 OmniChannel 3. A screen similar to the following displays: Displaying channel 2 Channel Id Phy. Port Port Status Mac Count ===================================================================== 2 5/6 5/7 Inactive Inactive 0 0 3 5/3 5/4 5/5 Active Active Active 35 34 34 The following sections describe the variables in this table. Channel Id. The identification number assigned to this OmniChannel during the crechnl configuration procedure. Phy. Port. The physical slot and port number for all ports included in the OmniChannel. The slot number is listed first, then a slash (/), and the port number on the Ethernet module. Port Status. The current operational status of this physical port. If the port is Active, then a cable is connected and data is capable of passing to and from the port. If the port is Inactive, then a cable may not be attached or the port is inoperational for hardware or software reasons. Mac Count. The current number of MAC addresses that have been learned on this port. A separate MAC count is given for each physical port in the OmniChannel. Page 15-15 OmniChannel Page 15-16 16 Managing 802.1Q Groups This chapter documents User Interface (UI) commands to manage 802.1Q groups. For documentation on Command Line Interface (CLI) commands to manage 802.1Q groups, see the Text-Based Configuration CLI Reference Guide. ♦ Important Notes ♦ In Release 4.4 and later, the Omni Switch/Router is factory-configured to boot up in CLI (Command Line Interface) mode, rather than in UI (User Interface) mode. See Chapter 4, “The User Interface,” for documentation on changing from CLI mode to UI mode. In Release 4.5 and later, Mammoth-based Ethernet modules are no longer supported. 802.1Q is an IEEE standard for sending frames through the network tagged with VLAN identification. Alcatel has developed its own implementation of VLANs that closely follows the IEEE standard (and enhances it). However, Alcatel VLANs and 802.1Q VLANs cannot interoperate without special configuration. If your network uses 802.1Q tagging, you will need to create 802.1Q groups and specify ports that will handle 802.1Q traffic. This can be done for 10/100, Fast Ethernet and Gigabit Ethernet Kodiak ASIC-based modules. Up to 64 groups can be supported using multiple spanning tree on an 802.1Q link for Kodiak ASIC-based Fast Ethernet and Gigabit Ethernet modules. For Release 4.4 and later, Kodiak ASIC-based 10/100 Ethernet modules support 802.1Q traffic over OmniChannel in multiple spanning tree mode. However, you must first create an OmniChannel before creating 802.1Q groups. See Chapter 15, “Managing Ethernet Modules” for information about OmniChannel. See Single vs. Multiple Spanning Tree on page 16-4 for information on single and multiple spanning tree. Support for 802.1Q in the Omni Switch/Router allows you to set up port-based groups that interoperate with 802.1Q-compliant equipment from other networking vendors. Ports added to an 802.1Q group are done using Ethernet switch services. When using the service commands to add ports to an 802.1Q group, multiple spanning tree instances on a single port are supported. See Single vs. Multiple Spanning Tree on page 16-4 for additional information on the differences between single and multiple spanning tree. The 802.1Q specification defines trunk and access ports (and links). Trunk links are LAN segments used for multiplexing VLANs between VLAN bridges. All devices that are directly connected to a trunk link must be VLAN-aware. Access links are LAN segments used to multiplex one or more VLAN-unaware devices into a port of a VLAN bridge. (This also includes a hybrid with some tagged and some untagged Groups.) ♦ Note ♦ The use of the word trunk in this document should not be confused with the IEEE use of trunking with link aggregation (such as OmniChannel and IEEE 802.3ad). The general meaning of a trunk is an inter-switch link over which different types of traffic are multiplexed. Page 16-1 IEEE 802.1Q Sections Not Implemented Some portions of the 802.1Q specification have not yet been implemented in the Omni Switch/Router. These include the following: • The tunneling of non-canonical 802.5 frames is not supported, since the Alcatel Omni S/R handles such traffic by frame translations. This tunneling mode of operation involves the Token Ring Encapsulation Flag in the 802.1Q header. It is not set or interpreted in the Alcatel Omni S/R implementation. • The Alcatel Omni S/R implementation does not support the SNAP-encoded Tag Header (which is intended for Token Ring LANs). Only the Ethernet-encoded 4-byte Tag Header is supported (and only Ethernet LANs are supported). • Alcatel Omni S/R does not support the Generic Attribute Registration Protocol (GARP) Multicast Registration Protocol (GMRP) and GARP VLAN Registration Protocol (GVRP) that are defined in 802.1Q. Page 16-2 Application Example The following diagram illustrates a simple 802.1Q application: Group 2 Group 2 E A B 12345678 123456 Switch X Groups 2 and 3 F 12345678 123456 Switch Y G C Group 3 Group 3 H D Simple 802.1Q Application In the above diagram, the PC devices (endstations) need to be segmented into different 802.1Q VLANs. The switch port to which each device attaches is assigned to an 802.1Q group (Group 2 for endstations A, B, E, and F, and Group 3 for endstations C, D, G, and H). The ports connecting Switch X and Switch Y are also added to 802.1Q groups 2 and 3. All of the switch ports that handle 802.1Q traffic are now capable of passing 802.1Q information. Prior to Release 4.4, only Mammoth ASIC-based Ethernet, Fast Ethernet and Gigabit Ethernet modules could be part of an 802.1Q group. For Release 4.4 and later, Kodiak ASIC-based 10/ 100, Fast Ethernet and Gigabit Ethernet modules also support 802.1Q groups. In either configuration, existing policies for a group will not be affected by the group’s support for 802.1Q. ♦ Important Note ♦ Kodiak ASIC-based 10/100 Ethernet modules support 802.1Q traffic over OmniChannel in multiple spanning tree mode. However, for 802.1Q support over OmniChannel, you must first create an OmniChannel before creating 802.1Q groups. See Chapter 15 for information about OmniChannel. For information on the differences between single and multiple spanning tree, see Single vs. Multiple Spanning Tree on page 16-4. By matching switch ports with 802.1Q groups, you are statically assigning the port to the group. Once assigned, an 802.1Q port cannot be dynamically assigned to another group. However, the same switch port can be statically assigned to more than one 802.1Q group. Page 16-3 Single vs. Multiple Spanning Tree In previous releases of the Omni Switch/Router software (4.0 and earlier), spanning tree support was done on a per port basis. In other words, a physical port could only participate in one instance of a spanning tree on the network. If a network is passing both untagged and IEEE tagged frames, single spanning tree support could lead to packets being lost. Lost packets could occur if a port specifically assigned to handle one type of traffic (e.g., IEEE 802.1Q) is blocked by spanning tree, forcing traffic for that port to move to a port not assigned to handle IEEE 802.1Q traffic. VLAN 1 12345678 12345678 123456 123456 VLAN 2 Switch 1 Switch 3 VLAN 2 Blocked Physical Port VLAN 1 12345678 123456 Switch 2 Port Based Spanning Tree In the above diagram, the physical connection between Switch 1 and Switch 2 is blocked by spanning tree. No traffic can pass over the connected ports. Release 4.1 (and later) of the Omni Switch/Router allows for multiple spanning tree instances on a single port. Put another way, a port can be part of separate spanning trees, with no impact on packet delivery. This is done by basing spanning tree configuration on groups rather than physical ports. VLAN 1 12345678 12345678 123456 123456 Switch 1 Switch 3 VLAN 2 (Blocked) VLAN 2 VLAN 2 VLAN 1 (Blocked) VLAN 1 12345678 123456 Switch 2 Group Based Spanning Tree The above diagram shows how traffic on VLAN 1 is blocked between Switch 1 and Switch 2, Page 16-4 while VLAN 2 traffic is allowed to pass. The reverse is true for Switch 1 and Switch 3 (i.e., VLAN 2 traffic is blocked, while VLAN 1 traffic is allowed to pass). Service commands are used in Ethernet modules to assign groups to 10/100 and Gigabit ports. The cas, das, mas, and vas commands create, delete, modify, and view trunk services created to handle 802.1Q traffic over an Ethernet backbone. This trunk service, coupled with the default bridging service, allows you to pass both tagged and untagged frames over the same port. The following diagram shows the logical structure of the trunked 802.1Q groups: Group 2 (802.1Q) Group 1 (Untagged) Group 3 (802.1Q) Default Bridging Service 802.1Q Trunking Services Logical Ports Physical Port Logical Configuration of Multiple Groups on a Single Port In the above diagram, Groups 2 and 3 have been trunked to the physical port with an 802.1Q trunking service. Page 16-5 Since spanning tree is group based, the physical port in the above diagram participates in three spanning tree instances: one for untagged traffic and two for 802.1Q tagged traffic. Both types of frames can now pass through the same port. ♦ Important Notes ♦ Since a trunk is a service, and Alcatel switches have a 16 (10/100) or 15 (Gigabit) services per port limit, only 15 or 14 802.1Q groups can be added to the same port. In both cases, a default bridge service occupies one of the service slots. For Kodiak ASIC-based Fast Ethernet and Gigabit Ethernet modules, up to 64 groups are supported using multiple spanning tree on an 802.1Q link. To support 64 groups, the following lines should be added into the mpx.cmd file : MaxEthQGroups=64 MaxGigaQGroups=64 See Chapter 7, “Managing Files,” for more information on editing text files. Page 16-6 Assigning an 802.1Q Group to a Port Assigning an 802.1Q Group to a Port Previous versions of the Omni Switch/Router (version 4.0 and earlier) only allowed for single spanning tree configured 802.1Q groups using the addqgp, viqgp, and delqgp menu commands. These commands were invalidated in the 4.1 release and replaced by the cas, mas, vas, and das service commands. The procedure for assigning an 802.1Q group to a port is slightly different, depending on whether the port is a 10/100 or Gigabit Ethernet module port. (For additional information on Gigabit and Kodiak-based Ethernet modules, see Chapter 15, “Managing Ethernet Modules.”) Up to 64 groups can be supported using multiple spanning tree on an 802.1Q link for Kodiak ASIC-based Fast Ethernet and Gigabit Ethernet modules. ♦ Important Notes ♦ For Release 4.4 and later, Kodiak ASIC-based 10/100 Ethernet modules support 802.1Q traffic over OmniChannel in multiple spanning tree mode. However, you must first create an OmniChannel before creating 802.1Q groups. See Chapter 15, “Managing Ethernet Modules” for information about OmniChannel. For information about the differences between single and multiple spanning tree, see Single vs. Multiple Spanning Tree on page 16-4. In most of the procedures described in this section, the screens displayed vary, depending on what type of board and ASIC you are using. By viewing the front panel of your module, it should be easy to determine which procedure applies to you. Ethernet modules are designated by ESX-K. Gigabit modules are designated by either GSX-K. Modules with a K on the front panel are Kodiak ASIC-based modules. For example, a module with designation GSX-K is a Gigabit module using a Kodiak ASIC. For information on assigning an 802.1Q group to a 10/100 port, see Configuring 802.1Q on 10/100 Ethernet Ports on page 16-8. For information on assigning an 802.1Q group to a Gigabit port, see Configuring 802.1Q on Gigabit Ethernet Ports on page 16-11. ♦ Note ♦ 802.1Q Omni Switch/Router tagging does not work with OmniCore 5200 tagging unless the OmniCore software is version 3.0.19 or later. Page 16-7 Assigning an 802.1Q Group to a Port Configuring 802.1Q on 10/100 Ethernet Ports Use the cas command to assign 802.1Q groups to 10/100 ports. To use this command, follow the steps below. 1. Enter cas at the system prompt, as shown: cas <slot>/<port> where <slot> is the slot of the module, and <port> is the port number that is to be added to the group. For example, to add port 3 on slot 5, you would enter: cas 5/3 2. If you have a legacy 10/100 board, the following screen displays: Slot 3 Port 5 Ethernet 802.1Q Service 1) Description 2) Group ID 3) Tag 4) Priority 5) Mode Multiple Spanning Tree (3) Single Spanning Tree (4) : : : : : If you have a Kodiak 10/100 board, the following screen displays: Slot 3 Port 5 Ethernet 802.1Q Service 1) Description 2) Group ID 3) Tag 5) Mode Multiple Spanning Tree (3) Single Spanning Tree (4) : : : : You can modify the parameters by entering the line number, an equal sign, and the value for the parameter. For example, to change the Group ID to 5, you would enter 2 (the line number for Group ID), an equal sign (=), and a 5 (the group number), as shown: 2=5 3. Remember to save your changes by entering save at the system prompt when you have finished with the configuration. ♦ Important Notes ♦ Because 802.1Q support over OmniChannel is supported only in Multiple Spanning Tree mode on Kodiak 10/100 Ethernet boards, the Mode screen option is not configurable for this feature. For 802.1Q support over OmniChannel, you must first create an OmniChannel before creating 802.1Q groups. See Chapter 15, “Managing Ethernet Modules” for information about OmniChannel. Page 16-8 Assigning an 802.1Q Group to a Port The following sections describe the parameters shown in the screen on the preceding page. Description A textual description (up to thirty characters) for the service created when adding the port to a group. Group ID The number of the group to which the port is to be added. Tag A simple identifier that is added to 802.1Q packets for identification. This value can be any number between 1 and 4094. Priority/Priority Remap Values If the module uses a Kodiak ASIC, this field is labeled either Priority or Priority Remap Values. In single spanning tree mode, it is Priority. In multiple spanning tree mode, it is Priority Remap Values. See Mode below for more detailed information. ♦ Important Notes ♦ ESX-K and GSX-K Kodiak ASIC-based modules support 802.1p traffic prioritization. For chassis configurations that include only ESX-K, GSX-K and/or WSX series modules, 802.1p priority bits can be carried inbound on a tagged port (configured with multiple spanning tree 802.1Q) across the backplane. This priority information is used at the egress port to queue the packet, and is sent out in the packet whether the egress port is tagged or not. The ESX-K and GSX-K modules can also remap incoming priority on an ingress port. If priority remapping has been configured, the new priority will be carried across the backplane. The priority information is used to queue the packet, and is sent out in the packet if the egress port is tagged. Mode This field allows you to choose either multiple or single spanning tree. This option only appears if the module uses 10/100 Ethernet ports. Once you select a type of spanning tree for a port, the port automatically retains the spanning tree selection for any other group it is added to. Page 16-9 Assigning an 802.1Q Group to a Port For example, suppose that Port 3/1 is assigned to be in Group 2, and to use single spanning tree. If the port were to be assigned to another group, it would automatically set itself to use single spanning tree for that group as well. When you set the Mode of the service, the cas screen changes to accommodate the selection and allows you to set the priority of the service. If you select single spanning tree, for example, the screen changes to the following display, as shown: Slot 3 Port 5 Ethernet 802.1Q Service 1) Description 2) Group ID 3) Tag 4) Priority 5) Mode : : : : :4 If you select multiple spanning tree, the screen changes to the following display, as shown: Slot 2 Port 1 Ethernet 802.1Q Service 1. Description (30 chars max) : 2. Group ID :0 3. Tag :0 4. Priority Remap Values : 40. 0 - 0 41. 1 - 1 42. 2 - 2 43. 3 - 3 44. 4 - 4 45. 5 - 5 46. 6 - 6 47. 7 - 7 5. Mode :3 The incoming priority level of the packet can be remapped to any value between 0 and 7, with 7 being the highest priority. To set a value of 5 for an incoming priority value of 4, for example, you would enter 44=5. For more information on single vs. multiple spanning tree, see Single vs. Multiple Spanning Tree on page 16-4. Page 16-10 Assigning an 802.1Q Group to a Port Configuring 802.1Q on Gigabit Ethernet Ports Use the cas command to assign 802.1Q groups to Gigabit ports. To use this command, follow the steps below. 1. Enter cas at the system prompt, as shown: cas <slot>/<port> where <slot> is the slot of the module, and <port> is the port number that is to be added to the group. For example, to add port 3 on slot 5, you would enter: cas 5/3 2. If you have a Kodiak Gigabit module, the following prompt displays: Slot 3 Port 5 Ethernet 802.1Q Service 1. Description (30 chars max) : 2. Group ID :0 3. Tag :0 4. Priority Remap Values : 40. 0 - 0 41. 1 - 1 42. 2 - 2 43. 3 - 3 44. 4 - 4 45. 5 - 5 46. 6 - 6 47. 7 - 7 You can modify the parameters by entering the line number, an equal sign, and the value for the parameter. For example, to change the Group ID to 5, you would enter 2 (the line number for Group ID), an equal sign (=), and a 5 (the group number), as shown: 2=5 3. Remember to save your changes by typing save at the system prompt when you have finished with the configuration. Most of the fields are the same as described in Configuring 802.1Q on 10/100 Ethernet Ports on page 16-8. Page 16-11 Modifying 802.1Q Groups Modifying 802.1Q Groups 802.1Q groups for both 10/100 and Gigabit Ethernet ports can be modified using the mas command. The procedure is slightly different in each case. The screens for the mas command change, depending on whether you have a legacy Ethernet board or a Kodiak ASIC-based Ethernet board. Modifying 802.1Q Groups for 10/100 Ports To modify the configuration of an 802.1Q group for 10/100 ports, use the mas command as shown: mas <slot>/<port> <instance> where <slot> is the slot number of the module on the switch, <port> is the port number where the service was created, and <instance> is the identifier for the service on this port. For example, to modify 802.1Q service instance 1 on port 5 of slot 2, enter: mas 2/5 1 If this is a legacy Ethernet module, the screen appears as shown: Slot 2 Port 5 Ethernet 802.1Q Service 1) Tag 2) Priority :3 :0 If this is a Kodiak ASIC-based module, the screen appears as shown: Slot 2 Port 5 Ethernet 802.1Q Service 1. Description (30 chars max) : 2. Tag :0 3. Priority Remap Values : 30. 0 - 0 31. 1 - 1 32. 2 - 2 33. 3 - 3 34. 4 - 4 35. 5 - 5 36. 6 - 6 37. 7 - 7 To change a field setting, enter the line number, an equal sign, and the new value. For example, to change the Priority setting to 7, you would enter a 3 (the line number for priority), an equal sign (=), and a 37, as shown: 3=37 ♦ Important Notes ♦ ESX-K and GSX-K Kodiak ASIC-based modules support 802.1p traffic prioritization. For chassis configurations that include only ESX-K, GSX-K and/or WSX series modules, 802.1p priority bits can be carried inbound on a tagged port (configured with multiple spanning tree 802.1Q) across the backplane. This priority information is used at the egress port to queue the packet, and is sent out in the packet whether the egress port is tagged or not. Page 16-12 Modifying 802.1Q Groups The ESX-K and GSX-K modules can also remap incoming priority on an ingress port. If priority remapping has been configured, the new priority will be carried across the backplane. The priority information is used to queue the packet, and is sent out in the packet if the egress port is tagged. Remember to save the changes to the service by entering save at the system prompt when finished. To find the instance of a port service, use the vas command. See Viewing 802.1Q Groups in a Port on page 16-16 for more information. Page 16-13 Modifying 802.1Q Groups Modifying 802.1Q Groups for Gigabit Ethernet Ports To modify the configuration of an 802.1Q group for Gigabit ports, use the mas command as shown: mas <slot>/<port> <instance> where <slot> is the slot number of the module on the switch, <port> is the port number where the service was created, and <instance> is the identifier for the service on this port. For example, to modify 802.1Q service instance 1 on port 5 of slot 2, enter: mas 2/5 1 If this is a legacy Ethernet module, the screen appears as shown: Slot 2 Port 5 Ethernet 802.1Q Service 1) Tag 2) Priority :3 :0 If this is a Kodiak ASIC-based module, the screen appears as shown: Slot 2 Port 5 Ethernet 802.1Q Service 1. Description (30 chars max) : 2. Tag :0 3. Priority Remap Values : 30. 0 - 0 31. 1 - 1 32. 2 - 2 33. 3 - 3 34. 4 - 4 35. 5 - 5 36. 6 - 6 37. 7 - 7 To change a field setting, enter the line number, an equal sign, and the new value. For example, to change the Priority setting to 7, you would enter a 3 (the line number for priority), an equal sign (=), and a 37, as shown: 3=37 ♦ Important Notes ♦ ESX-K and GSX-K Kodiak ASIC-based modules support 802.1p traffic prioritization. For chassis configurations that include only ESX-K, GSX-K and/or WSX series modules, 802.1p priority bits can be carried inbound on a tagged port (configured with multiple spanning tree 802.1Q) across the backplane. This priority information is used at the egress port to queue the packet, and is sent out in the packet whether the egress port is tagged or not. The ESX-K and GSX-K modules can also remap incoming priority on an ingress port. If priority remapping has been configured, the new priority will be carried across the backplane. The priority information is used to queue the packet, and is sent out in the packet if the egress port is tagged. Page 16-14 Modifying 802.1Q Groups Remember to save the changes to the service by entering save at the system prompt when finished. To find the instance of a port service, use the vas command. See Viewing 802.1Q Groups in a Port on page 16-16 for more information. ♦ Note ♦ Tags (field number 1) do not apply if proprietary tagging is used on this port. Page 16-15 Viewing 802.1Q Groups in a Port Viewing 802.1Q Groups in a Port To view which ports use which 802.1Q groups, enter the vas command at the system prompt, as shown: vas <slot>/<port> where <slot> is the slot number of the module on the switch and <port> is the port number where the service was created. For example, to view an 802.1Q service on port 5 of slot 2, enter: vas 2/5 A screen similar to the following is displayed: Slot/Port/Inst Vport Group Tag ============ 2 5 1 ===== 33 ===== 2 ==== 2 Priority Tagging Mode Description or PriorityRemap ============= ============= ========== 4 Mult STree As a variation of this command, it is possible to enter vas without a slot or port number. This will display all services configured for the switch. ♦ Note ♦ The above screen is for Gigabit ports. The display is slightly different for 10/100 ports. See descriptions below for more details. The following section describes the fields displayed using the vas command. Slot. The slot number of the switch on which the service is located. Port. The port number of the slot on which the service is located. Instance. The service identifier for the 802.1Q service. This is assigned when the service is created. Vport. Group. Tag. The virtual port number that the service uses. The group identifier for the group attached to this service. The tag information entered into tagged frames, as specified when creating the service. Priority or PriorityRemap. The priority number assigned to packets from this service. Tagging Mode. This field displays different information depending on whether the switch ports are 10/100 or Gigabit. If the ports are 10/100 or Kodiak-based Gigabit, this field shows either multiple or single spanning tree. For 802.1Q support over OmniChannel on Kodiak 10/100 Ethernet boards, this field will display as Mult S Tree. Description. A textual description used to identify the service. For more information on single vs. multiple spanning tree, see Single vs. Multiple Spanning Tree on page 16-4. Page 16-16 Viewing 802.1Q Statistics for 10/100 Ports Viewing 802.1Q Statistics for 10/100 Ports The viqs command provides a display of statistics for 802.1Q groups assigned to 10/100 ports. Enter the viqs command, as shown: viqs <slot>/<port> <groupId> where <slot> is the slot number of the module on the switch, <port> is the port number where the service was created, and <groupId> is the number of the group that the port belongs to. For example, to view an 802.1Q service for group 2 on port 5 of slot 2, enter: viqs 2/5 2 A screen similar to the following displays: Physical Port ------------2/5 Physical Port. Group Id (802.1Q) -------------2 Transmit Pkts -------------29 Received Pkts -------------0 Transmit Octets -------------41 Received Octets --------------0 The slot and port number for this port. Group Id (802.1Q ). The 802.1Q group to which this port was assigned. Transmit/Received Pkts. The number of packets transmitted and received on this port. Transmit/Received Octets. The number of bytes transmitted and received on this port. Page 16-17 Deleting 802.1Q Groups from a Port Deleting 802.1Q Groups from a Port 802.1Q groups for both 10/100 and Gigabit Ethernet ports can be deleted using the das command. The procedure is slightly different in each case. To delete an 802.1Q group from a 10/100 port using single spanning tree, use the das command, as shown: das <slot>/<port> <instance> <groupId> where <slot> is the slot number of the module on the switch, <port> is the port number where the service was created, <instance> is the identifier for the service on this port, and <groupId> is the number of the group that the port belongs to. For example, to delete an 802.1Q service for group 2, instance 1 on port 5 of slot 2, enter: das 2/5 1 2 To delete 802.1Q groups from a Gigabit port or 10/100 ports using multiple spanning tree, enter the das command, as shown: das <slot>/<port> <instance> where <slot> is the slot number of the module on the switch, <port> is the port number where the service was created, and <instance> is the identifier for the service on this port. For example, to delete 802.1Q service instance 1 on port 5 of slot 2, enter: das 2/5 1 In either case, a message will appear, confirming the delete operation: 802.1Q service deleted for Group ID 3 on 3/9 (slot/Port) ♦ Important Notes ♦ You must delete X802.1Q groups in the same order on both ends of the link. For example, if you delete groups 1, 2, 3, 4, and 5 on the local switch, you must delete the same five groups in the same order on the remote switch. If groups are not deleted in this manner, X802.1Q packets will not be routed correctly. To delete 802.1Q support over OmniChannel, you must first delete the 802.1Q service before you delete the OmniChannel. Page 16-18 17 Configuring Bridging Parameters This chapter describes how to configure and maintain bridging parameters. Bridges are devices that interconnect LANs using one (or more) of the available standards such as transparent bridging, source route bridging, or source route to transparent bridging. Bridges primarily operate at Layer 2 of the OSI reference model, which controls data flow, transmission errors, physical addressing, and access to physical medium. There are different types of bridging that are used to manage networks: • Transparent Bridging. Used mainly in Ethernet environments, packets are usually forwarded without any changes being made to the packet. An ethernet environment is shown in the diagram below: Transparent Bridge Segment 2 Segment 1 • Source Route Bridging. Used mainly in Token Ring environments, packets are transmitted along routes predetermined by explorer frames sent along multiple paths. Source Route Bridging modifies the routing information of the packet as it traverses the network. A token ring environment is shown in the diagram below: Source Route Bridge Segment 1 Segment 2 Page 17-1 • Source Route to Transparent Bridging. Used in mixed Ethernet and Token Ring environments, this protocol provides easy translation between transparent and source route bridging. A mixed ethernet and token ring environment is shown in the diagram below: SRTB Bridge Segment 1 Segment 2 Spanning tree and fast spanning tree are also used to prevent physical loops in the network from creating excess traffic by blocking packet transmission on one or more ports. This chapter describes the commands used for configuring various bridging commands for the above mentioned protocols, as well as diagnostic, spanning tree and fast spanning tree information. ♦ Important Notes ♦ In Release 4.4 and later, the Omni Switch/Router is factory-configured to boot up in CLI (Command Line Interface) mode, rather than in UI (User Interface) mode. See Chapter 4, “The User Interface,” for documentation on changing from CLI mode to UI mode. Beginning with Release 4.4, FDDI is no longer supported. Beggining with Release 4.5, Token Ring and ATM are no longer supported. Page 17-2 Configuration Overview Configuration Overview When configuring bridging parameters, you will need to perform at least some of the following steps: Step 1. Select a group The bridging menu commands operate only on the currently selected group (or, for certain commands, VLAN). You can select a group with the selgp command. For information on using these commands, see Selecting a Default Group on page 17-7. Step 2. Configure Bridging Parameters There are several commands that allow you to configure and view basic bridging functions such as static MAC addresses, bridge forwarding tables, MAC information and statistics, and remote Trunking stations. Many of these commands are useful in diagnosing network problems, as they allow you to find specific MAC addresses and the port on which they were learned. For information on these commands, see Bridging Commands on page 17-8. Step 3. Enable Spanning Tree (Optional) Spanning tree is an algorithm that helps prevent broadcast storms by blocking ports in the network from transmitting data. If you plan to use spanning tree, you can use the spanning tree commands to configure and view IEEE and IBM Spanning Tree. For information on using spanning tree commands, see Configuring Spanning Tree on page 17-23. Step 4. Enable Fast Spanning Tree (Optional) Fast Spanning Tree is an algorithm that helps provide quick recovery from link, port and device failures on a network, by bringing blocked secondary links into forwarding mode as quickly as possible. You can the Fast Spanning Tree commands in the Bridge Management Menu to view and enable/disable Fast Spanning Tree parameters on a selected group or VLAN. For information on using Fast Spanning Tree commands, see Configuring Fast Spanning Tree on page 17-34. Page 17-3 Bridge Management Menu Bridge Management Menu To view the Bridge Management Menu, enter the br command at the system prompt. If you are in verbose mode, the following table appears outlining the commands available to you. If you are not in verbose mode, enter a ? at the prompt to display the Bridge Management Menu. Command --------------fls flc sts fstps actfstps stc stps stpc srs src srsf srtbcfg srtbrif srtbclrrif fwt fs fc bps macinfo macstat macclrstat selgp rts dbrmap +/- Bridge Management Menu ---------------------------------------------------------------------------------------------Display Flood Limit of selected Group Configure Flood Limit on selected Group Display Spanning Tree parameters on selected Group Display Fast Spanning Tree port parameters on selected VLAN Activate Fast Spanning Tree port parameters on selected VLAN Configure Spanning Tree parameters on selected Group Display Spanning Tree Port parameters on selected VLAN Configure Spanning Tree Port parameters on selected VLAN Display Source Routing parameters on selected Group Configure Source Routing parameters on selected Group Enable or disable Source Routing SAP Filter Support View and configure Source Route to Transparent Bridging View learned RIF from Source Route to Transparent Bridging Table View and Clear learned RIF from Source Route to Transparent Bridging Table Display Bridge Forward table on selected VLAN Display Bridge Static Address Configure Bridge Static Address Display Bridge Port Statistics on selected VLAN Locate learned Bridge MAC address in this chassis Show statistics of Bridge MAC address Clear statistics of Bridge MAC address A Group can be selected for the bridge operations or to generate MIB reports Display remote Trunking Stations discovered View the Domain Bridge Mapping table Select next / previous VLAN Details on commands included in the Bridge Management Menu commands are given in the following sections: Setting the Default Group. These commands allow you to choose which group you are modifying or viewing, and include the selgp, +, and - commands. For more information, see: • Selecting a Default Group on page 17-7 • Using the + or - to Change Groups on page 17-7 for more information. Page 17-4 Bridge Management Menu Bridging Commands. These commands allow you to view bridge forward tables, create and view static address tables, display bridge port statistics, view MAC address information, view remote trunking stations, and view the domain bridge mapping table. Commands in this section include fwt, fs, fc, bps, macinfo, macstat, macclrstat, rts, and dbrmap. For more information, see: • Displaying Bridge Forwarding Table on page 17-8 • Configuring a Static Bridge Address on page 17-10 • Displaying Static Bridge Addresses on page 17-13 • Displaying Bridge Port Statistics on page 17-14 • Displaying Media Access Control (MAC) Information for a Specific MAC address on page 17-16 • Display Statistics of Bridge MAC Addresses on page 17-17 • Clear Statistics of Bridge MAC Addresses on page 17-18 • Display Remote Trunking Stations on page 17-18 • View the Domain Bridge Mapping Table on page 17-19 Setting Flood Limits. These commands allow you to configure and view flood limits for a specific group using the flc and fls commands. For more information, see: • Setting Flood Limits for a Group on page 17-21 • Displaying Group Flood Limits on page 17-22 Configuring Spanning Tree. These commands allow you to configure and view IEEE and IBM Spanning Tree for a specific group, and include the stc, sts, stpc and stps commands. (The stc and sts commands can also be used to configure and view Fast Spanning Tree for a selected VLAN.) For more information, see: • Configuring Spanning Tree Parameters on page 17-25 • Display Spanning Tree Bridge Parameters on page 17-28 • Configuring Spanning Tree Port Parameters on page 17-30 • Displaying Spanning Tree Port Parameters on page 17-32 Page 17-5 Bridge Management Menu Configuring Fast Spanning Tree. These commands allow you to configure and view Fast Spanning Tree for a specific group or VLAN, and include the actfstps and fstps commands. Information is also included on configuring the Truncating Tree Timing and Speedy Tree Protocol features. For more information, see: • Configuring Truncating Tree Timing & Speedy Tree Protocol on page 17-35 • Displaying Fast Spanning Tree Port Parameters on page 17-36 • Enabling Fast Spanning Tree Port Parameters on page 17-38 • Disabling Fast Spanning Tree Port Parameters on page 17-39 Page 17-6 Selecting a Default Group Selecting a Default Group Most commands in the Bridge Management Menu allow you to specify a group when entering the command at the system prompt. If you do not specify a group when entering a command, the bridge operations are performed on the currently selected group. ♦ Note ♦ You can view the current groups in the switch by entering gp at any prompt. To select a group, enter the selgp command as follows: selgp <group number> where <group number> is the number of the group you wish to modify or view. For example, to select Group 2 you would enter selgp and the number 2 as shown: selgp 2 A message confirming the selection of the new group ID followed by the group description. Group number: 2 is now selected (New GROUP (#1)). Using the + or - to Change Groups At any time from the system prompt, you can select a different group by typing a plus (+) to move up one group, or a minus (-) to move back one group. For example, if you are currently working on Group 4 and wish to change to Group 3, you would enter a - at the system prompt. The following message displays to confirm the change: Currently GROUP 3 is selected (New GROUP (#3)) Page 17-7 Bridging Commands Bridging Commands The Bridge Management menu provides several commands that are useful in pinpointing problems in the network. The commands allow you to lookup specific MAC addresses and where they were learned, create and view static bridge addresses, view information on remote trunking stations, view MAC address statistics for a group or a port, or look up information on domain mappings. Many times a network problem can be tracked down by viewing MAC address information, finding out where it came from, and where it forwards data. The following sections detail the specific bridging commands that perform these functions. Displaying Bridge Forwarding Table You can display the MAC addresses and their forwarding and filtering information for a given group. The information in the table is used by the transparent bridging function in determining how to propagate a received frame. To display the information for a group in the switch follow these steps: 1. Enter the fwt command at the system prompt as follows: fwt <group number> where <group number> is the number of the group for which you want to view MAC addresses. For example, to view MAC addresses for group 2, you would enter: fwt 2 As a variation of this command, you can enter the fwt command without a group ID. This will display MAC addresses for the currently selected group in this switch. For information on selecting a group, see Selecting a Default Group on page 17-7. 2. Once you have entered the group number you will be prompted for a slot and port, as shown: Enter Slot/Interface (return for all ports): 3. Enter the slot and interface (port) number and press <return>. For example, to view MAC addresses for port 2 on slot 3, enter 3/2 as shown: Enter Slot/Interface (return for all ports): 3/2 The following screen appears listing the MAC addresses on this port: Total number of MAC addresses learned for VLAN 2: 8 Non-Canonical Group Sl/If/Srvc/In MAC Address MAC Address T ID ----------------- ------------------------ ------------------------ -- --------3/1/ Brg/ 1 0020DA:A373B0 00045B:C5CE0D E 2 3/1/ Brg/ 1 0020DA:8656F0 00045B:616A0F E 2 3/1/ Brg/ 1 00045B:ED48C0 00045B:2251A1 E 2 3/1/ Brg/ 1 000077:8DDBB9 00045B:65EE22 E 2 3/1/ Brg/ 1 000039:F5520C 0009E4:3ED444 E 2 3/1/ Brg/ 1 009027:17F7EB 00045B:2D43EF E 2 3/1/ Brg/ 1 0020DA:0C41E5 00045B:ED48C0 E 2 3/1/ Brg/ 1 0020DA:9645A1 0000EE:B1DB9B E 2 Page 17-8 CAM Indx ------305A 3060 3080 3010 300E 3018 3078 304E Last Exp ATM S Seen Timer VCI -- -------- --------- ------T 11 300 T 11 300 T 29 300 T 29 300 T 35 300 T 59 300 T 26 300 T 18 300 Bridging Commands Field Descriptions The following section explains the fields displayed with the fwt command. Sl/In/Srvc/In. The slot number (Sl), interface (port) number (In), type of service (Src), and service instance (In). For example, a bridge service on port 1 of slot 3 would be: 3/1/Brg/1 Services provide connection options for switches in a LAN, between LANs, or in a WAN. Other possible services include trunking, routing, and LANE. It is possible to have more than one instance of a service if there are more than one connections on a single port. MAC Address. The learned MAC address for this port. Non-Canonical MAC address. The non-canonical version of the learned MAC address. The noncanonical MAC address is different from a canonical MAC address in that the order in which the address information is sent is different. Ethernet uses canonical address, while other media (e.g., token ring, FDDI) use non-canonical. T. The protocol type of this MAC address. There are two possibilities: E Ethernet F FDDI T Token Ring Group ID. The associated group ID for this learned MAC address. CAM Indx. The index number to the Content-Addressable Memory (CAM), where the MAC addresses are stored, in hexadecimal form. S. The source of the MAC address (how it was learned). There are two possibilities: T Transparent Bridge S Source Route Frame. Last Seen. Exp. Timer. The time in seconds since this MAC address was last seen on this port. There are three possibilities for this column: Value The configured ageing timer, in seconds, for this MAC address is shown. Once this time period is exceeded, the MAC address is removed from the CAM. STATIC This MAC address was manually assigned to this group and will not age out. OPSWT This MAC address was learned on an optimized switch port and will not age out. ATM VCI. The ATM Virtual Channel Identifier (VCI) for this MAC address entry. The VCI is shown for any media that uses Virtual Circuits (ATM, LANE). Page 17-9 Bridging Commands Configuring a Static Bridge Address You can configure static bridge address information by entering the fc command. A static bridge address is a fixed MAC address bridge that does not change or age out. To configure a static MAC address follow these steps: 1. Enter the fc command as follows: fc <groupNumber> where <groupNumber> is the number of the group for which you want to create a static bridge MAC address. For example, to set up a static bridge address for Group 2, you would enter the following: fc 2 As a variation of this command, you can enter the fc command at the system prompt with no group number. This will allow you to set up a static bridge address on the currently selected group. For information on selecting a group, see Selecting a Default Group on page 17-7. The system displays the following: Bridge Static Address for Group 2 (New GROUP (#2)) Index -------1 MAC Address Slot/Intf/Service/Inst (A) ----------------------- -----------------------------21A33E:00B001 3/ 1/ Brg/1 Static Status (B) ------------------permanent The entries can be modified by specifying the index and column. For Static Status, use 2 to delete, 3 for Permanent, 4 for Delete on Reset, 5 for Delete on Timeout To add an entry: Use command 'add MAC addr, receiving port, static status'. Receiving port and Status must be provided. Port could either be slot/intf or virtual port begin with v. For non-canonical MAC format add 'nc' before MAC. ie: add 123456:7890AB, 2/3, 3 or add nc001122:334455, v99, 3 NOTE: add command will be executed immediately. save|cancel|next only applies to existing entry. add|save|cancel|next : 2. To add an entry, use the format as described in the above screen: add [MAC Addr], [Slot/Intf], [Static Status] For example, to add a permanent non-canonical MAC address of 123456:123456 to port 2 of slot 3, you would enter the following: add nc123456:123456, 3/2, 3 When you complete the operation by pressing <return>, an entry with MAC address 123456:123456, on slot 2, port 3, with a Static Status of Permanent is created. 3. Type save at the fc command prompt to save the entry. If you do not save the entry before exiting the fc command, the static bridge address is not created. ♦ Note ♦ The newly created static bridge address will not show up in the fc command table until you have exited the fc command by typing cancel at the command prompt. Page 17-10 Bridging Commands Field Descriptions The following section describes the fields in the fc command table. Index. A number assigned to the row to identify a previously created static bridge address, when modifying the address. MAC address. The canonical MAC address for this static bridge. Slot/Intf/Service/Inst. The slot number, interface (port) number, type of service, and service instance. For example, a bridge service on port 1 of slot 3 would be: 3/1/Brg/1 Static Status. The status of the static MAC address as determined when created. The Status will be one of the following: Invalid This entry was deleted within the current session. Permanent This entry is in use and will remain so until it is deleted from the table. See Deleting a Static Bridge Address on page 17-12 for specific information. deleteOnReset This entry is in use and will remain so until the bridge is reset. deleteOnTimeOut This entry is currently in use and will remain so until it is aged out. Modifying a Static Bridge Address Once you have created a static bridge address, you can modify its interface assignment or its status. To modify a static bridge address: 1. Enter the fc command as documented above. The Bridge Static Address table will display as shown: Bridge Static Address for Group 2 (Default GROUP (#2)) Index -------1 2 MAC Address Slot/Intf/Service/Inst (A) ----------------------- -----------------------------21A33E:00B001 3/ 1/ Brg/1 001122:223344 3/ 2/ Brg/1 Static Status (B) --------------------permanent deleteOnReset The entries can be modified by specifying the index and column. For Static Status, use 2 to delete, 3 for Permanent, 4 for Delete on Reset, 5 for Delete on Timeout To add an entry: Use command 'add MAC addr, receiving port, static status'. Receiving port and Status must be provided. Port could either be slot/intf or virtual port begin with v. For non-canonical MAC format add 'nc' before MAC. ie: add 123456:7890AB, 2/3, 3 or add nc001122:334455, v99, 3 NOTE: add command will be executed immediately. save|cancel|next only applies to existing entry. add|save|cancel|next : Page 17-11 Bridging Commands 2. To modify an entry, use the index number for the specific static bridge address (listed in the leftmost column), the column letter for the column you want to change, an equal sign, and a new value. For example, to change the Static Status of the first address’s in the table from permanent to deleteOnReset, you would enter a 1 (the static bridge address Index number), a b (the column letter for Static Status), an equal sign (=), and the number 4 (the value for deleteOnReset), as shown: 1b=4 3. Press <return> to complete the operation. 4. Type save at the fc command prompt to save the changes. Deleting a Static Bridge Address Deleting a previously created static bridge address is much the same process as modifying a Static Bridge Address. To delete a Static Bridge Address, follow these steps: 1. Enter the fc command as documented above. The Bridge Static Address table will display as shown: Bridge Static Address for Group 2 (Default GROUP (#2)) Index -------1 2 MAC Address Slot/Intf/Service/Inst (A) ----------------------- -----------------------------21A33E:00B001 3/ 1/ Brg/1 001122:223344 3/ 2/ Brg/1 Static Status (B) --------------------permanent deleteOnReset The entries can be modified by specifying the index and column. For Static Status, use 2 to delete, 3 for Permanent, 4 for Delete on Reset, 5 for Delete on Timeout To add an entry: Use command 'add MAC addr, receiving port, static status'. Receiving port and Status must be provided. Port could either be slot/intf or virtual port begin with v. For non-canonical MAC format add 'nc' before MAC. ie: add 123456:7890AB, 2/3, 3 or add nc001122:334455, v99, 3 NOTE: add command will be executed immediately. save|cancel|next only applies to existing entry. add|save|cancel|next : 2. To delete an entry, use the index number for the specific static bridge address, the column letter b (the column letter for Static Status), an equal sign (=), and a 2 (the value for Delete). For example, to delete the first address in the table, you would enter a 1 (the static bridge address Index number), a b (the column letter for Static Status), an equal sign (=), and the number 2 (the value for Delete), as shown: 1b=2 3. Press <return> to complete the operation. 4. Type save at the fc command prompt to save the changes. The Static Status will change to Invalid. Once you exit the fc command, the Static Bridge Address is removed from the table. Page 17-12 Bridging Commands Displaying Static Bridge Addresses You can view static bridge address information by entering the fs command. To display the information, enter the fs command as follows: fs <group number> where <group number> is the number of the group for which you want to view static bridge MAC addresses. For example, to view MAC addresses for Group 1, you would enter the following: fs 1 This command will display a table similar to the following: Bridge Static Address Summary for Group 1 (Default GROUP (#1)) MAC Address --------------------------002A3113:0012EA Slot/Intf/Service/Inst -----------------------------3/ 1/ Brg/ 1 Static Status ------------------permanent As a variation of this command, you can enter the fs command at the system prompt with no group number. This will allow you to view the static bridge addresses on the currently selected group. For information on selecting a group, see Selecting a Default Group on page 17-7. The descriptions for the variables in the table displayed with the fs command are the same as those in the table displayed with the fc command. For details on these variables, see Configuring a Static Bridge Address on page 17-10. Page 17-13 Bridging Commands Displaying Bridge Port Statistics You can display statistics on bridge ports with the bps command. To view bridge port statistics enter the bps command as follows: bps <group number> where <group number> is the number of the group for which you want to view bridge port statistics. For example, to view statistics for Group 1, you would enter the following: bps 1 This command will display a table similar to the following: Frames discarded due to full Forwarding Database:0 Port Statistics for Group 1 Slot/Intf Frames Service/Inst In =========== ======== 2/ 1/ Brg/ 1 0 2/ 2/ Brg/ 1 0 3/ 1/ Brg/ 1 3354 3/ 2/ Brg/ 1 0 3/ 3/ Brg/ 1 0 3/ 4/ Brg/ 1 0 3/ 5/ Brg/ 1 0 3/ 6/ Brg/ 1 0 3/ 7/ Brg/ 1 0 3/ 8/ Brg/ 1 0 /VLAN/Bridge % Frames Out ======== 0 0 85 0 0 0 0 0 0 0 MTU Delay In Frames Exceeded Exceeded Discards Discards Discards ======== ======== ======== 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Flood Limit Discards ======== 0 0 0 0 0 0 0 0 0 0 As a variation on this command, you can enter bps at the prompt without a group number. This will display the port statistics for the currently selected group. For information on selecting a group, see Selecting a Default Group on page 17-7. Page 17-14 Bridging Commands Field descriptions The following section describes the fields displayed in the above table. Frames discarded to full Forwarding Database. The number of frames that were not transmitted because the forwarding database is full. The forwarding database holds all known MAC address for this bridge and is used to learn the next hop MAC address for the packet(s) in question. Slot/Intf/Service/Inst. The slot number (Sl), interface (port) number (Intf), type of service (Service), and service instance (Inst). For example, a bridge service on port 1 of slot 3 would be: 3/1/Brg/1 Services provide connection options for switches in a LAN, between LANs, or in a WAN. Other possible services include trunking, routing, and LANE. It is possible to have more than one instance of a service if there are more than one connections on a single port. Frames In. The number of frames received on the associated port. Frames Out. The number of frames sent on the associated port. In Frames Discards. The number of received frames discarded due to error. MTU Exceeded Discards. The number of frames that were discarded because they exceeded the Maximum Transmission Unit (MTU) size. The MTU is set to the default of the media type (Ethernet, Token Ring, etc.) and is not configurable. Delay Exceeded Discards. Frames that were delayed, usually due to collisions, but that were ultimately transmitted. Flood Limit Discards. The number of frames that were discarded because they exceeded the flood limit set for the port or the group in which this port is a member. This flood limit is set with the flc command for groups or the modvp command for ports. For more information on setting flood limits, see Setting Flood Limits on page 17-21 for the flc command. For details on using the modvp command, see Chapter 19, “Managing Groups and Ports.” Page 17-15 Bridging Commands Displaying Media Access Control (MAC) Information for a Specific MAC address Media Access Control (MAC) information for the switch can be examined by using the macinfo command. You can view specific MAC address information, or choose a slot and view all MAC addresses associated with the selected slot. To view MAC information for a specific address: 1. Enter macinfo at the system prompt and press <return>. 2. You will be prompted with the following message: Enter MAC address ([XXYYZZ:AABBCC] or return for none): Enter the MAC address you are interested in viewing, and press <return>. 3. You will be prompted with the following message: Is this MAC in Canonical or Non-Canonical form (C or N) [C]: Enter c for Canonical or n for Non-Canonical (the default is at the end of the prompt in brackets) and press <return>. A table similar to the following is shown: Group Slot/Intf/Srvc/Inst ID ------------------------- -------3/ 1/ Brg/ 1 1 CAM Set MAC Last Exp ATM Index by Type Seen Timer VCI Protocol -------- ----- ------- ------- -------- ------- ------------0346 TB ETH 11 15 Field Descriptions The following section explains the fields displayed using the macinfo command that are not previously explained in other sections. Set by. This field lists what type of bridging was used to learn this MAC address. There are two possibilities: TB This MAC address was learned using Transparent Bridging. SR This MAC address was learned using Source Routing. MAC Type. The media type of this MAC address. There are two possibilities: E Ethernet F FDDI T Token Ring Protocol. If Group Mobility is enabled, this field will list the type of packet encapsulation used when this MAC address was learned. For additional information on Group Mobility, see Chapter 19, “Managing Groups and Ports.” Page 17-16 Bridging Commands Displaying Media Access Control (MAC) Information for all MAC addresses Media Access Control (MAC) information for the switch can be examined by using the macinfo command. You can view all MAC addresses associated with the selected slot. To view MAC information for all addresses: 1. Enter macinfo at the system prompt and press <return>. You will be prompted with the following message: Enter MAC address ([XXYYZZ:AABBCC] or return for none): 2. Press <return>. You will be prompted with the following message: Enter Slot Number (1-3): Enter the slot number for the slot for which you are interested in viewing MAC addresses. The possible options are displayed on the right in parenthesis. A screen similar to the following is shown: Total number of MAC addresses learned for VLAN 2: 8 Non-Canonical Group Sl/If/Srvc/In MAC Address MAC Address T ID ----------------- ------------------------ ------------------------ -- --------3/1/ Brg/ 1 0020DA:A373B0 00045B:C5CE0D E 2 3/1/ Brg/ 1 0020DA:8656F0 00045B:616A0F E 2 3/1/ Brg/ 1 00045B:ED48C0 00045B:2251A1 E 2 3/1/ Brg/ 1 000077:8DDBB9 00045B:65EE22 E 2 3/1/ Brg/ 1 000039:F5520C 0009E4:3ED444 E 2 3/1/ Brg/ 1 009027:17F7EB 00045B:2D43EF E 2 3/1/ Brg/ 1 0020DA:0C41E5 00045B:ED48C0 E 2 3/1/ Brg/ 1 0020DA:9645A1 0000EE:B1DB9B E 2 CAM Indx ------305A 3060 3080 3010 300E 3018 3078 304E Last Exp S Seen Timer -- -------- --------T 11 300 T 11 300 T 29 300 T 29 300 T 35 300 T 59 300 T 26 300 T 18 300 Descriptions of the fields displayed with the macinfo command are identical to those displayed using the fwt command. See Displaying Bridge Forwarding Table on page 17-8 for more information. Display Statistics of Bridge MAC Addresses The macstat command allows you to view a list of MAC address statistics for this switch on a slot-by-slot basis. To view MAC address statistics, enter the macstat command at the system prompt as shown: macstat <slot> where <slot> is the slot number on the switch for which you want to see statistics. For example, to view statistics for MAC addresses on slot 3, you would enter: macstat 3 A table similar to the following is shown: Slot ==== 3 Discarded ========== 0 Aged ========== 4 Learned ========== 7 in CAM ========== 37 As a variation of this command, you can enter macstat at the prompt with no slot specified. This will display the statistics for all slots in the switch. Page 17-17 Bridging Commands Field Descriptions The following section describes the fields displayed using the macstat command. Slot. The slot number of the switch to which the MAC address statistics apply. Discarded. The number of MAC addresses that have been discarded on this slot due to the CAM being full. Aged. The number of MAC addresses that have exceeded the age limit and been removed from the CAM by this slot. Learned. The number of MAC address that have been learned on this slot. in CAM. The total number of MAC addresses currently stored in the Content-Addressable Memory (CAM) of this module. Clear Statistics of Bridge MAC Addresses MAC address statistics for a slot can be cleared using the macclrstat command. To clear statistics, enter the macclrstat command at the system prompt as shown: macclrstat <slot> where <slot> is the slot number of the switch for which you want to clear MAC address statistics. For example, to clear statistics for slot 3, you would enter: macclrstat 3 Once you have enter the command, a message appears to confirm the action. As a variation of this command, you can enter macclrstat without specifying a slot. This will clear MAC statistics for all slots. Display Remote Trunking Stations The rts command displays a table of the remote trunking stations learned by this switch. A remote trunking station is a switch that has set up a trunking service to convey media through a network. Trunking services allow for media to be masked so that it appears to be a different type (for example, trunking ethernet over an ATM backbone). To display the remote trunking stations this switch has learned, follow these steps: 1. Enter the rts command as shown rts <groupNumber> where <groupNumber> is the number of the group on the local switch for which you want to view known trunking stations. For example, to view remote trunking stations for Group 1, you would enter the following: rts 1 As a variation of this command, you can enter the rts command without a group number. This will show all the remote trunking stations for all groups in this switch. Page 17-18 Bridging Commands 2. The following prompt is shown: Enter service’s Slot/Station (return for all services): Enter the slot and station (port) number for the local switch for which you wish to view remote trunking services. For example, to list the trunking station at port 1 of slot 3, you would enter: 3/1 If you do not enter a specific slot and station, the system automatically sends information on all services for the remote trunking stations associated with this group. 3. Once you have entered a slot and station, a table similar to the following is shown: Remote Trunking Stations Slot/Station Group ID Remote MAC ========== ======= ============= 3/ 1 1 0020DA:022061 3/ 1 1 0020DA:05EAD1 Field Descriptions The following sections describes the fields displayed by the rts command. Slot/Station. The slot number and station (port) number associated with the remote trunking station. Group ID. The group number of the switch that is associated with this remote trunking station. Remote MAC. The Media Access Control address of the remote trunking service. View the Domain Bridge Mapping Table The dbrmap command allows you to display the mapping between a packet’s destination MAC address and the remote Domain Bridge behind which it originated. To view this table: 1. Enter the dbrmap command as shown: dbrmap <groupNumber> where <groupNumber> is the number of the group for which you want to see domain mappings of MAC addresses. For example, to view the mapping table for group 2, you would enter: dbrmap 2 As a variation of this command, you can enter the dbrmap command without specifying a group. This will display mapping information for all groups on this switch. 2. A prompt asking for a canonical MAC address is displayed, as shown: Enter canonical MAC address ([XXYYZZ:AABBCC] or return to display everything): Enter the MAC address you want to see the Domain Mapping for, or press <return> without entering a MAC address to see the mappings for all MAC addresses associated with this group. Page 17-19 Bridging Commands 3. A screen similar to the following is shown: DOMAIN BRIDGE MAPPING Group 2 Destination MAC 00:20:da:7d:ef:44 00:20:da:7d:ef:45 00:20:da:7d:ef:46 Group ID 2 2 2 Age 14 120 220 Slot / Intf 8/ 1 8/ 1 8/ 1 Domain MAC 00:20:da:6c:fb:85 00:20:da:6c:fb:85 00:20:da:6c:fb:86 Field Descriptions The fields displayed by the dbrmap command are described below. Destination MAC. Group ID. Age. The destination MAC address learned from a domain bridge port. The destination MAC’s group number. The time, in seconds, since the destination MAC address was last seen. Slot/Intf. The slot and interface number on this switch where the destination MAC address was learned. Domain MAC. was learned. Page 17-20 The remote domain MAC address behind which this destination MAC address Setting Flood Limits Setting Flood Limits The flood limit is the number of bytes per second of flooded data that may be transmitted on a port on a group. This limit is a mechanism for controlling broadcast storms on the network. The default flood limit for a port, regardless of the media type, is 192,000 bytes per second. You can change this default by configuring the flood limit on a per port or a per Group basis. The modvp command (described in Chapter 19, “Managing Groups and Ports”) allows you to set the flood limit on a per port basis. The flc command (described in the following section) allows you to set the flood limit on a per Group basis. Configuring the flood limit for a Group is particularly useful when you need to disable flood limits for all ports in a single Group. Setting Flood Limits for a Group The flc command allows you to set flood limits for a Group. To set the flood limit for a Group 1. Enter the following at the system prompt follow these steps: flc <groupNumber> where <groupNumber> is the number of the group for which you are setting the flood limit. For example, to set the flood limit on Group 2 you would specify: flc 2 As a variation of this command, you can enter the dbrmap command without specifying a group. This will display mapping information for all groups on this switch. The following prompt displays: Enter flood limit override value (bytes/second) for Group 2 (192000): 2. Enter the flood limit for this Group and press <Return>. ♦ Note ♦ A value of negative one (-1) disables flood limits for the Group. When new ports are added to a group, they will use the flood limit specified through flc. If a value has not been specified through flc for this Group, then the default port value (192000) is used. ♦ Note ♦ Flood limits set through modvp (set on a per-port basis) override the flood limit set through flc. Page 17-21 Setting Flood Limits Displaying Group Flood Limits The fls command allows you to view the current flood limits set for groups. The limits are set using the flc command. To display flood limits for all Groups, enter fls <groupNumber> where <groupNumber> is the number of the group for which you are viewing the flood limit. For example, to set the flood limit on Group 2 you would specify: flc 2 A message similar to following is shown: Flood Limit Override for Group 2(Group Name 1) is 190000 bytes per second. A value will only be displayed for a Group on which flc has been used to set a flood limit. As a variation of this command, you can enter fls at the system prompt without specifying a group number. This will return flood limit information for each group configured for this switch. Page 17-22 Configuring Spanning Tree Configuring Spanning Tree Spanning Tree is an algorithm developed to help prevent the occurrence of broadcast storms in a network. A packet can be broadcast multiple times in a network if the network is physically configured with loops. If packets are broadcast to all ports (or flooded) in an attempt to deliver the data, networks with physical loops will rebroadcast packets repeatedly and cause a network to become severely congested. This congestion will adversely affect network performance. Spanning Tree prevents broadcast storms by establishing a loop-free topology throughout the network. This is done by blocking ports in the physical topology that could result in flooded traffic being looped. Both the IEEE and IBM versions of spanning tree are supported in the OmniSwitch/Router. The IBM Spanning Tree protocol is only supported by IBM Token Ring environments that make use of functional addresses for the transmission of Bridge Protocol Data Units (BPDUs). The following are the primary differences between the IEEE 802.1d and IBM Spanning Tree algorithms: • The Hello BPDU in IBM Spanning Tree is sent to the bridge functional address, X’C00000000100’. In the IEEE 802.1d Spanning Tree, it is sent to the Group address X’800143000000’. • The Port ID in IBM Spanning Tree consists of a ring identifier and a bridge number. In 802.1d, it consists of a port priority and port number. • IBM Spanning Tree has no learning process. Therefore, a port can be in one of three states—blocking, listening, or forwarding. • IBM Spanning Tree does not support the Topology Change Notification (TCN) protocol. • When you enable IBM Spanning Tree, the switch automatically sets defaults for the maximum age, forward delay, and hello time. In the interests of screen consistency, it is possible to change these defaults with the UI. In IBM Spanning Tree specification, these values are fixed, and should remain at the set defaults. • When you enable IBM Spanning Tree, some additional defaults are set: – All virtual ports attached to the group with a physical port speed of 4 or 16 Mb are set to use Functional Addresses rather than Group Addresses. – All virtual ports attached to the group with a physical port speed that is not 4 or 16 Mb are set to manual forwarding. – As other virtual ports are attached to the group, the above two rules are applied. Virtual ports in a manual forwarding state do not participate in either the IEEE or IBM versions of spanning tree. Any IEEE Spanning Tree frame received on a port in a manual forwarding state is forwarded to all other virtual ports in the same group also in a manual forwarding state. This is done to prevent loops from occurring in the network topology that could arise from applying the second default condition automatically. Page 17-23 Configuring Spanning Tree • IBM SRT bridges send an IEEE-style STE RIF over Token Ring networks. The Omni Switch/Router does not support this frame, and any frame of this type received by the switch is discarded. • The OmniSwitch/Router does not support using the same Functional Address (FA) for both data and spanning tree frames. The FA for IBM Spanning Tree is programmed into the MPX CAM, and all data frames with this FA are claimed by the MPX. Therefore, any data with the same FA as the IBM Spanning Tree FA will not be able to pass through the switch. There are two workarounds for this situation: – If you are not using IBM Spanning Tree and you want to prevent the specific FA from being programmed into the MPX CAM, then enter the command faBpGrpDisable into the mpx.cmd file, before the cmInIt command, with a value of 1. – If you are using IBM Spanning Tree and need the FA (0300 0000 0800), and you are using all Alcatel equipment (or other third party switch that allows you to change the IBM Spanning Tree FA), you can enter the command faBpGrpOverride into the mpx.cmd file with a new value for the lower 32-bit part of the address (0000 0800). ♦ Note ♦ If you change a group to IBM Spanning Tree, all nonToken Ring ports are put into manual forwarding state. Messages are displayed indicating these port state changes; in addition, SNMP traps are sent to indicate these changes. (Manual forwarding state is where the port is put into forwarding state and the Spanning Tree algorithm is disabled.) Token Ring ports will be set to use functional addresses. The following sections provide specific information on using the spanning tree commands. Page 17-24 Configuring Spanning Tree Configuring Spanning Tree Parameters The stc command allows you to configure parameters for the spanning tree, and enable or disable the Fast Spanning Tree feature for a VLAN. To configure these parameters: 1. Enter the stc command as follows: stc <groupNumber> where <groupNumber> is the number of the group in the switch for which you are configuring spanning tree. For example, to configure spanning tree for Group 2, you would enter: stc 2 2. The system shows you the current values and allows you to change them through a series of prompts, the first of which is shown below: Spanning Tree Parameters for Group 2 (New GROUP (#2)) Spanning Tree is OFF for this Group, set to ON ? (y/n) : Enter y to enable spanning tree or n to leave it disabled and press <return>. This field allows you to toggle spanning tree On or OFF by typing the appropriate response. Answering Yes (y) selects the option opposite the currently selected option. ♦ Important Note ♦ Remember to read the prompt carefully before responding. If spanning tree has already been activated for this group, this prompt will ask you if you would like to turn it off. 3. The following prompt is displayed asking whether you would like to use IEEE or IBM Spanning Tree: IEEE spanning tree for this Group, set to IBM ? (y/n) : Enter n to use IEEE Spanning Tree, or y to use IBM Spanning Tree, and press <return>. Select either the IEEE 802.1d Spanning Tree or IBM Spanning Tree. Answering Yes (y) changes the spanning tree type to the type not currently in use for this Group. The system automatically sets defaults for later stc prompts, such as Bridge Hello Time and Bridge Max Age, based on the spanning tree type you select here. ♦ Important Note ♦ Remember to read the prompt carefully before responding. If IEEE Spanning Tree is what you would like to use, the correct response to this prompt is no. A yes response changes it to IBM Spanning Tree. Page 17-25 Configuring Spanning Tree 4. The following prompt is displayed asking whether you would like to use the Fast Spanning Tree feature: Fast Spanning Tree is OFF for this Group, set to ON? (y/n) : Enter n to leave Fast Spanning Tree disabled, or y to enable Fast Spanning Tree, and press <return>. Answering Yes (y) changes the setting of Fast Spanning Tree to the status not currently in use for this Group. ♦ Important Note ♦ Read the prompt carefully before responding. If Fast Spanning Tree is what you would like to use, the correct response to this prompt is yes. A no response leaves the Fast Spanning Tree feature disabled. 5. The following prompt is shown allowing you to set the priority: New Priority (0..65535) (current value is 32768[0x8000]) : Enter the Priority value as a number between 0 and 65535, or press <return> to accept the default listed in parenthesis. A value of 0 is the highest priority. Bridge priority is utilized by the spanning tree algorithm to decide which bridge will be the root bridge. You can set the bridge priority by entering a decimal number from 0 to 65,535. 0 is the highest priority. ♦ Note ♦ To make sure that the proper negotiation occurs for the switch to become the Spanning Tree root bridge, always set the priority for the switch accordingly. Do not rely on MAC addresses to determine which switch becomes the root bridge. 6. The following prompt is displayed allowing you to set the Bridge Hello Time: New Bridge Hello Time (1..10 secs) (current value is 2) : Enter the Bridge Hello Time as a number between 1 and 10, or press <return> to accept the default listed in parenthesis. The amount of time between the transmission of Configuration Bridge Protocol Data Units (BPDUs) on any designated port. Enter a value between 1 and 10 seconds. Shortening the time will make the protocol more robust, while lengthening the time lowers the overhead of the algorithm as the interval between transmission of configuration messages is larger. 7. The following prompt is displayed allowing you to set the Bridge Maximum Age: New Bridge Max Age (6..40 secs) (current value is 6) : Enter the Bridge Max Age Time as a number between 6 and 40, or press <return> to accept the default listed in parenthesis. The maximum age of Spanning Tree Protocol information learned from the network on any port before it is discarded, in seconds. Enter a value between 6 and 40 seconds. A smaller value causes Spanning Tree to reconfigure more often. Page 17-26 Configuring Spanning Tree 8. The following prompt is displayed allowing you to set the Bridge Forward Delay: New Bridge Forward Delay (4..30 secs) (current value is 4) : Enter the Forward Delay Time as a number between 4 and 30, or press <return> to accept the default listed in parenthesis. This time value controls how fast a port changes its spanning state when moving toward the Forwarding state. The value determines how long the port stays in each of the Listening and Learning states, which precede the Forwarding state. This value is also used when a topology change has been detected and is underway to age out all dynamic entries in the Forwarding Database. Enter a value between 4 and 30 seconds. A value that is too small can cause temporary loops in the network due to data being forwarded before the reconfiguration message has reached all nodes on the network. 9. The following prompt is displayed allowing you to set the Ageing Time: Ageing Time (10..1000000 sec) (current value is 300) : Enter the Ageing Time as a number between 10 and 1000000, or press <return> to accept the default listed in parenthesis. The timeout period in seconds for aging out dynamically learned forwarding information. Enter a new Ageing Time between 10 and 1000000 seconds. 10. The following prompt is displayed allowing you to set the Auto-Tracker VLAN Ageing Time: Auto-Tracker VLAN Ageing Time (10..1000000 sec) (current value is 1200) : Enter the Auto-Tracker VLAN Ageing TIme as a number between 10 and 1000000, or press <return> to accept the default listed in parenthesis. The length of time in seconds to remember which VLAN a port belonged to even after the port has been aged out of the Bridge Filtering Database. The MAC and port information are preserved for the set length of time. In the case of IPX it should be set to greater than the server Keep Alive Timer in order to prevent the server from losing communication with the station. The default is 1200 seconds. 11. The final prompt is displayed asking you if you would like to save the new parameters: Save the new Spanning Tree Bridge parameters ? y/n : Enter y to save the parameters, or n to discard them. If you chose to save the parameters, a confirmation message similar to the following is shown: Port 5/1 set to Forwarding! Port 5/2 set to Forwarding! Port 5/3 set to Forwarding! As a variation of this command you can enter the stc command without specifying a group. This will allow you to set up spanning tree for the previously selected group. For information on selecting a group see Selecting a Default Group on page 17-7. Page 17-27 Configuring Spanning Tree Display Spanning Tree Bridge Parameters The sts command allows you to display spanning tree bridge parameters. To display spanning tree parameters, enter the sts command as shown: sts <groupNumber> where <groupNumber> is the number of the group in the switch for which you want to view spanning tree bridge parameters. For example, to view parameters for Group 2, you would enter: sts 2 A screen similar to the following is displayed: Spanning Tree Parameters for Group 2 (New GROUP (#2)) Spanning Tree Status : ON Fast Spanning Tree Status: OFF Bridge Protocol Use : IEE E 802.1D Priority : 32768 (0x8000) Bridge ID : 8000-0020DA:022860 Designated Root : 8000-0020DA:022860 Cost to Root Bridge : 0 Root Port : None Next Best Root Cost : 0 Next Best Root Port : None Hold Time : 1 Topology Changes : 1 Last Topology Change : 1 hours, 25 minutes, 54 seconds ago Bridge Aging Timer : 300 Current Parameters --------------------------------------------------------Max Age 20 secs Forward Delay 15 sec Hello Time 2 secs Parameters system uses when attempt to become root ----------------------------------------------------System Max Age 20 secs System Forward Delay 15 secs System Hello Time 2 secs As a variation of this command, you can enter sts at the system prompt without specifying a group. This will display bridge parameters for the currently selected group. For information on selecting a group, see Selecting a Default Group on page 17-7. Field Descriptions The following sections describe the fields displayed using the sts command. Spanning Tree Status. Spanning tree is either ON or OFF. Fast Spanning Tree Status. Fast spanning tree is either ON or OFF. The bridge spanning tree protocol is set up through the stc command. This protocol can be IEEE 802.1D or IBM Spanning Tree. The type of spanning tree protocol used will affect other bridge parameters, such as Maximum Age, Forwarding Delay, and Hello Time. See Configuring Spanning Tree Parameters on page 17-25 for more information on the differences between IEEE and IBM Spanning Tree. Bridge Protocol Used. Priority. Bridge priority is utilized by the spanning tree algorithm to decide which bridge will be the root bridge. You can set the bridge priority by entering a decimal number from 0 to 65,535. Zero is the highest priority. Bridge ID. The bridge identification number Priority with its six-byte MAC address. Page 17-28 is a number created by concatenating the bridge Configuring Spanning Tree Designated Root. The bridge identifier of the root of the spanning tree as determined by the spanning tree protocol. It is created by concatenating the root bridge Priority with its six-byte MAC address. Cost to Root Bridge. The cost of the path to the root bridge as seen from this bridge. Cost represents the distance of the group from the root bridge, in number of hops. If this is the root bridge, this number is 0. The slot number, port number, and service type of the root port. The root port is the bridge’s preferred path to the root bridge. Root Port. The next-best available cost of the path to the root bridge as seen from this bridge. Cost represents the distance of the group from the root bridge, in number of hops. If this is the root bridge, this number is 0. Next Best Root Cost. The next-best available root port (slot number, port number, and service type). The root port is the bridge’s preferred path to the root bridge. Next Best Root Port. This time value determines the interval length during which no more than two Configuration Bridge BPDUs shall be transmitted, in seconds. Hold Time. The total number of topology changes detected by this bridge since the management entity was last reset or initialized. Topology changes happen when spanning tree reconfigures to prevent logical loops from occurring. Topology Changes. Last Topology Change. The time since the last time a topology change was detected by the bridge entity. Bridge Aging Timer. The timeout period in seconds for aging out dynamically learned forwarding information. The maximum age (in seconds) of spanning tree protocol information learned from the network on any port before it is discarded. Max Age. This time value (in seconds) controls how fast a port changes its spanning tree state when moving toward the Forwarding state. The value determines how long the port stays in each of the Listening and Learning states, which precede the Forwarding state. This value is also used when a topology change has been detected and is underway to age out all dynamic entries in the Forwarding Database. Forward Delay. The amount of time (in seconds) between the transmission of Configuration Bridge Protocol Data Units (BPDUs) on any port when it is the root of the spanning tree, or trying to become so. Hello Time. Page 17-29 Configuring Spanning Tree Configuring Spanning Tree Port Parameters The stpc commands allows you to configure port parameters (as opposed to bridge parameters) for spanning tree. To configure port parameters 1. Enter the stpc command as shown: stpc <groupNumber> where <groupNumber> is the number of the group in the switch for which you want to configure spanning tree port parameters. For example, to configure parameters for Group 1, you would enter: stpc 1 As a variation of this command, you can enter the stpc command without specifying a group. This will allow you to configure the port parameters on the currently selected group. For information on how to select a group, see Selecting a Default Group on page 17-7. A screen similar to the following is displayed: Spanning Tree Port Configuration for Group 1 (Default GROUP (#1)) Index Slot/Intf/Service/Inst -------- -----------------------------1 2/ 1/ Brg/ 1 2 2/ 2/ Brg/ 1 3 3/ 1/ Brg/ 1 4 3/ 2/ Brg/ 1 5 3/ 3/ Brg/ 1 6 3/ 4/ Brg/ 1 7 3/ 5/ Brg/ 1 8 3/ 6/ Brg/ 1 9 3/ 7/ Brg/ 1 10 3/ 8/ Brg/ 1 11 3/ 9/ Brg/ 1 12 3/ 10/ Brg/ 1 13 3/ 11/ Brg/ 1 14 3/ 12/ Brg/ 1 15 3/ 13/ Brg/ 1 16 3/ 14/ Brg/ 1 save|cancel|next|prev : Port Priority (a) ----------128 128 128 128 128 128 128 128 128 128 128 128 128 128 128 128 Path Cost (b) ------10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 Enable tx Spanning Tree FA (c) (d) --------------------- ---y NA y NA y NA y NA y NA y NA y NA y NA y NA y NA y NA y NA y NA y NA y NA y NA Manual Mode (e) ----------n n n n n n n n n n n n n n n n 2. To modify a parameter, enter the index (row) number, column letter (a, b, c, d, or e), an equal sign (=), and then the new parameter, as follows. <index><column>=<new parameter> For example, if you wanted to enable transmit Functional Address (tx FA in column d) for the slot identified by index 10, then you would enter: 10d=y Page 17-30 Configuring Spanning Tree Field Descriptions The following section explains the fields displayed by the stpc command. Index A number assigned as an identifier for the port. Slot/Intf/Service/Inst The slot number (Slot), interface (port) number (Intf), type of service (Service), and service instance (Inst). For example, a bridge service on port 1 of slot 3 would be: 3/1/Brg/1 Services provide connection options for switches in a LAN, between LANs, or in a WAN. Other possible services include trunking, routing, and LANE. It is possible to have more than one instance of a service if there are more than one connections on a single port. Port Priority The value of the priority field contained in the first (in network byte order) octet of the (2 octet long) Port ID. This value allows you to specify a particular port as more favorable if the bridge has more than one port connected in a loop. Path Cost The contribution of this port to the path cost towards the spanning tree root bridge that includes this port. 802.1D-1990 recommends that the default value of this parameter be in inverse proportion to the speed of the attached LAN. Path cost is a measure of the distance of the listed port from the root bridge, in number of hops. Enable Spanning Tree Whether or not spanning tree is enabled, either y or n. tx FA Transmit Functional Address. Values are: NA Function Addresses are not applicable because this port is not using spanning tree. y Transmit Functional Address instead of normal Spanning Tree Multicast Address. n Transmit normal Spanning Tree Multicast Address. This is the default setting. Page 17-31 Configuring Spanning Tree Manual Mode Allows you to manually set the state for each port (forwarding or blocking) or defer the port’s state configuration to the spanning tree protocol, which will either be IEEE 802.1d or IBM. This column is especially helpful if you are using the IBM Spanning Tree protocol with nonToken Ring (e.g., FDDI or Ethernet) ports that do not support this IBM Spanning Tree. In this situation you can manually set those ports to a forwarding (or blocking) state since the IBM Spanning Tree protocol will not be able to control these ports. The possible settings for this column are: f The port is in forwarding state and remains so unless you change it. b The port is in blocking state and remains so unless you change it. n The state of the port is determined by the IEEE 802.1d Spanning Tree protocol. This option is not recommended because it means this Group will have a hybrid spanning tree algorithm that mixes the IEEE 802.1d and IBM Spanning Tree. Displaying Spanning Tree Port Parameters The stps command allows you to view the current spanning tree port parameters. To view the port parameters, enter the stps command as shown: stps <groupNumber> where <groupNumber> is the number of the group in the switch for which you want to view spanning tree port parameters. For example, to view parameters for Group 1, you would enter: stps 1 A screen similar to the following is shown: Spanning Tree Port Summary for Group 1 (Default GROUP (#1)) Slot Intf ----3/1 Service Inst ---------Brg/ 1 Pri ----128 State ----------FORWD MAC ----------C473C4 Path Desig Cost Cost ------ ------10 10 Des Pt -----No Rt Pt -----Yes Swt Pt -----No Fw Tx ---0 Root Bridge ID Desig BridgeID -------------------------------0010-0020DA:81D5B0 8000-0020DA:0C41E1 As a variation to this command, you can enter stps at the system prompt without specifying a group number. This will allow you to view the port parameters on the currently selected group. For information on how to select a group, see Selecting a Default Group on page 17-7. Page 17-32 Configuring Spanning Tree Field Descriptions The following section explains the fields displayed by the stps command. Slot/Intf. The slot and interface (port) number of the port. Service/Inst. Pri. The service type and instance of the service connected to the port. The value (from 0 to 256) of the priority of the port, 0 being the highest priority. State. The port's current state as defined by application of the spanning tree protocol. This state controls what action a port takes on reception of a frame. The State values are: Disabled This port has been disabled. Blocking This port is not participating in transmitting data to prevent loops. Listening This port is preparing to transmit data, but is temporarily disabled to prevent loops. Learning This port is preparing to transmit data, but is temporarily disabled to prevent loops. This is different from Listening in that the port is acquiring data to facilitate data transmission. Forwarding This port is transmitting data. Some of these values are not available if you are using IBM Spanning Tree. For information on the differences between IEEE and IBM Spanning Tree, see Configuring Spanning Tree Parameters on page 17-25. Path Cost. The contribution of this port to the path cost towards the spanning tree root. The spanning tree root will include this port. The path cost to the designated port of the segment connected to this port. If this is the root bridge this value is 0. Desig Cost. Des Port. The unique port identifier of the bridge port believed to be the designated port for the LAN associated with the port. Rt Pt. This field indicates if this port is the root port. The root port is the port that offers the lowest cost path to the root bridge. Swt Pt. This field indicates if this port is in Optimized Switch Mode. Optimized Switch Mode is appropriate for dedicated connections to a single workstation or server. For more information, see Chapter 19, “Managing Groups and Ports.” The number of times this port has changed from the Learning state to the Forwarding state. FWD Transition. Root Bridge ID. The bridge identification number of the root bridge. Desig Bridge ID. The unique bridge identifier of the designated bridge for this port (LAN). Page 17-33 Configuring Fast Spanning Tree Configuring Fast Spanning Tree The Fast Spanning Tree (Rapid Reconfiguration) feature is designed to help provide an 802.1D standards-based method of quick recovery in the event of link, port and device failures in an Ethernet local area network. By automatically identifying and utilizing alternative secondary links, Fast Spanning Tree can rapidly converge backup connections between network devices within as little as 1 second. In addition, new Spanning Tree information can be processed faster. If packets are broadcast to all ports (or flooded) in an attempt to deliver the data, networks with physical loops will rebroadcast packets repeatedly and cause a network to become severely congested. This congestion will adversely affect network performance. While Spanning Tree prevents broadcast storms by blocking ports in the physical topology that could result in flooded traffic being looped, Fast Spanning Tree minimizes downtime by bringing these blocked secondary links into Forwarding mode as quickly as possible. If the Root Port is lost, an Alternate Port on the Bridge can be made the new Root Port, and placed into a Forwarding state immediately. The prior Root Port switches to a Listening state if it becomes a Designated Port; otherwise, it enters a Blocking state. Similarly, any Designated Port on the Bridge can be made the new Root Port, and placed into a Forwarding state immediately. In this event, the existing (prior) Root Port changes to a Designated Port role, without a corresponding gain or loss of connectivity. A Backup Port can also be made the new Root Port and placed into Forwarding mode, resulting in the Designated Port assuming a Listening state. The following diagram illustrates how a typical network connection can fail, such as the A-C Link shown below. Rapid Reconfiguration brings a blocked link - such as the B-C Link - into Forwarding state, helping achieve quick recovery from failure of networked devices. Bridge C Bridge C Bridge B Bridge A (Root Bridge) (Backup Root 1) Root Port = Spanning Tree Link = Redundant Link = Designated Bridge for Link = Bridge A Bridge B A-C Link that will Fail = B-C becomes Root Port for C Recovering from Linked Device Failure with Fast Spanning Tree Page 17-34 Configuring Fast Spanning Tree Truncating Tree Timing & Speedy Tree Protocol Two additional enhancements are also included with the Fast Spanning Tree feature for improved performance: Truncating Tree Timing and Speedy Tree Protocol. Truncating Tree Timing Truncating Tree Timing allows Designated Ports attached to Point-to-Point links to change to Forwarding mode faster, by utilizing two extra bits in the Configuration BPDU for communication between neighboring bridges. This enhancement promotes quicker restoration of service between communicating stations and reduced flooding of traffic during relearning of station location information. Speedy Tree Protocol Speedy Tree Protocol significantly improves reconfiguration performance by allowing inferior information sent by the designated bridge for each LAN to be accepted, rather than timed out. Additionally, information previously received expires immediately on link failure. In both cases, spanning tree recomputation occurs, which can cause changes in both root and designated ports. Configuring Truncating Tree Timing & Speedy Tree Protocol Both Truncating Tree Timing and Speedy Tree Protocol are enabled by default. These features are configured by editing the following lines in the command file (mpx.cmd): truncatingSt=1 speedySt=1 To disable the Truncating Tree Timing feature, change the numeric entry for truncatingSt from 1 to 0. (To re-enable the feature, change the numeric entry back to 1.) To disable the Speedy Tree Protocol feature, change the numeric entry for speedySt from 1 to (To re-enable the feature, change the numeric entry back to 1.) 0. ♦ Important Note ♦ Do not attempt to edit the command file (mpx.cmd) unless you have had significant experience working with files of this type. For additional information, see Editing Text Files in Chapter 7, “Managing Files.” Page 17-35 Configuring Fast Spanning Tree Displaying Fast Spanning Tree Port Parameters The fstps command allows you to view the current Fast Spanning Tree port parameters on a selected group or VLAN. To view the port parameters, enter the fstps command as shown: fstps <groupNumber> where <groupNumber> is the number of the group in the switch for which you want to view Fast Spanning Tree port parameters. For example, to view parameters for Group 1, enter: fstps 1 If Fast Spanning Tree is not enabled (default), a screen similar to the following will appear: Fast Spanning Tree not enabled for Group 1 (Default GROUP (#1)) Primary Port Slot Service Slot Service Intf Inst State Role Fwrds Frwdr FrgetRPs PPs Link Ups Intf Inst ----- --------------------------------------------------- ------ ------ ---- ----------- ------------8/3 Brg/ 1 FORWD ROOT 0 0 0 0 0 2 As a variation on this command, you can enter fstps at the system prompt without specifying a group number. This will allow you to view the port parameters on the currently selected group. For information on how to select a group, see Selecting a Default Group on page 17-7. The fields displayed by the fstps command include. Slot/Intf. The slot and interface (port) number of the port. Service/Inst. The service type and instance of the service connected to the port. State. The port's current state as defined by application of the fast spanning tree protocol. This state controls what action a port takes on reception of a frame. The State values include: Page 17-36 DSABL Disabled - The port has been disabled. BLOCK Blocking - The port is not participating in transmitting data in order to prevent loops. LISTN Listening - The port is preparing to transmit data, but is temporarily disabled in order to prevent loops. BPDU processing does occur, but no user data is being passed. LEARN Learning - The port is preparing to transmit data, adding source MAC addresses to the bridging table, but incoming data frames are dropped. FORWD Forwarding - The port is transmitting data. This state applies to Root Ports and Designated Ports. FRWDS Forwards - The port is transmitting data. This state applies to Designated Ports, and monitors old root ports for a period equivalent to two times the Forward Delay Timer default time period (default = 15 seconds). FRWDR Forwarder - The port is transmitting data. This state applies to Designated Ports, and monitors old root ports for a period equivalent to the Forward Delay Timer default time period (default = 15 seconds). FRGET Forgetting - The port is discarding frames, and is not learning source addresses. This state applies to prior Designated Ports that are placed into an Alternate Role. Forgetting State minimizes potential denial of service due to information races during extensive reconfigurations. Configuring Fast Spanning Tree Role. The port’s current Role values include: role as defined by application of the fast spanning tree protocol. The DISABLED The port has been disabled. ROOT The Root Port on a Bridge has the best path to the Root Bridge, and connects the Bridge to the Root Bridge. DESIGNATED The Designated Port on a Bridge provides an attached LAN the best path to the Root Bridge, and connects the LAN through the Bridge to the Root Bridge, forwarding frames between them. (A Designated Port can be in a Listening, Learning, Forwards, Forwarder, or Forwarding state.) ALTERNATE The Alternate Port is connected to a LAN with another bridge functioning as the Designated Bridge. (An Alternate Port may be in either a Forgetting state or a Blocking state.) BACKUP The Backup Port is connected to a LAN with another port on the same Bridge functioning as the Designated Port. (Backup Ports are always in a Blocking state.) Frwds. This counter records each instance when the port is in the Forwards state. Frwdr. This counter records each instance when the port is in the Forwarder state. Frget. This counter records each instance when the port is in the Forgetting state. RPs. This PPs. counter records each instance when the Root Port is retired. This counter records each instance when the Primary Port is retired. Link Ups. This counter records each instance when the port is linked up. Primary Port Slot Intf. The slot and interface (port) number of the Primary Port. Primary Port Service Inst. The service type and instance of the service connected to the Primary Port. Page 17-37 Configuring Fast Spanning Tree Enabling Fast Spanning Tree Port Parameters The actfstps command allows you to activate Fast Spanning Tree port parameters on a selected group or VLAN. To enable Fast Spanning Tree, enter the actstps command as shown: actfstps <groupNumber> where <groupNumber> is the number of the group in the switch for which you want to view Fast Spanning Tree port parameters. For example, to view parameters for Group 1, enter: actfstps 1 If Fast Spanning Tree is not enabled (default), a screen similar to the following will appear: Fast Spanning Tree disabled for Group 1 (Default GROUP (#1)) Enable 1/ Disable 2 Fast Spanning Tree/ Return nothing? To enable the Fast Spanning Tree feature, enter 1 at the prompt. (If you press the Enter key without typing anything, the setting will not be changed.) No confirmation message will appear. To view the Fast Spanning Tree Port Summary, enter the prompt. For details about the Fast Spanning Tree Port Summary, see Displaying Fast Spanning Tree Port Parameters on page 17-36. fstps at ♦ Important Notes ♦ To determine whether Fast Spanning Tree is enabled on a VLAN, enter sts at the prompt. To enable Fast Spanning Tree on a VLAN, enter stc at the prompt, then follow the onscreen instructions to enable it. For more details, see Configuring Spanning Tree Parameters on page 17-25. Page 17-38 Configuring Fast Spanning Tree Disabling Fast Spanning Tree Port Parameters The actfstps command allows you to disable Fast Spanning Tree port parameters on a selected group or VLAN. To disable Fast Spanning Tree, enter the actstps command as shown: actfstps <groupNumber> where <groupNumber> is the number of the group in the switch for which you want to view Fast Spanning Tree port parameters. For example, to view parameters for Group 1, enter: actfstps 1 If Fast Spanning Tree is enabled, a screen similar to the following will appear: Fast Spanning Tree Port Summary for Group 1 (Default GROUP (#1)) Enable 1/ Disable 2 Fast Spanning Tree/ Return nothing? To disable the Fast Spanning Tree feature, enter 2 at the prompt. (If you press the Enter key without typing anything, the setting will not be changed.) No confirmation message will appear. To view the Fast Spanning Tree Port Summary, enter the prompt. For details about the Fast Spanning Tree Port Summary, see Displaying Fast Spanning Tree Port Parameters on page 17-36. fstps at ♦ Important Notes ♦ To determine whether Fast Spanning Tree is enabled on a VLAN, enter sts at the prompt. To disable Fast Spanning Tree on a VLAN, enter stc at the prompt, then follow the onscreen instructions to disable it. For more details, see Configuring Spanning Tree Parameters on page 17-25. Page 17-39 Configuring Source Routing Configuring Source Routing The srs and src commands allow you to display and configure the source routing parameters for the selected group. SAP Filtering The Service Advertising Protocol (SAP) filter is a method for allowing the user to decide what type of source routed packets are allowed to be transmitted out of the switch. When the filters are configured, they examine the DSAP (destination) and SSAP (source) fields in an outgoing packet, compare them to the filter values to see if they match, and then either allows or blocks packet transmission. There are two types of filters that can be configured: a “permit” filter and a “deny” filter. If a packet matches the value in a deny filter, and the value is not 0, then the packet is discarded. If a permit filter is configured, and a packet does not match the filter value, then the packet is discarded. Only two of each type of filter can be configured. To use this feature, it must first be enabled, then configured. Once a filter is enabled and configured, it can be viewed as part of the source routing statistics. These procedures are covered in the following sections: • For information on enabling the SAP filter see Enabling SAP Filtering on page 17-40. • For information on configuring SAP filters, see Configuring SAP Filtering on page 17-41. • For information on viewing SAP filters, see Viewing SAP Filtering on page 17-42. Enabling SAP Filtering To use the srsf command to enable SAP filtering, follow the steps below: 1. Enter the srsf command at the system prompt. 2. The following message is displayed: SAP Filter support is OFF, set it to ON? (n) : Enter y and press <return>. 3. Another message is displayed confirming the activation of the SAP filtering feature: SAP Filter Support is now “ON” Page 17-40 Configuring Source Routing Disabling SAP filtering To disable the SAP feature, use the srsf command as shown: 1. Enter the srsf at the system prompt. 2. The following message is displayed: SAP Filter support is ON, set it to OFF? (n) : Enter y and press <return>. 3. The following message is displayed: Remove all SAP Filter values? (n) : Enter a y to remove the configured filters, or an n to keep configured filters, and press <return>. See Configuring SAP Filtering on page 17-41 for information on how to set up a SAP filter. 4. Another message is displayed confirming the deactivation of the SAP filtering feature: SAP Filter Support is now “OFF” Configuring SAP Filtering Once SAP filtering is activated, it is necessary to configure the filter value. This value is compared to the value of the packets DSAP and SSAP fields. Filters consist of 4 alphanumeric bits, 2 for the DSAP and 2 for SSAP. After enabling SAP filtering, another column is added to the src command, and four prompts are added to the ring configuration options. To configure the filter value: 1. Enter the src command at the system prompt. The following screen is displayed: Source Routing Parameters for Group 1 (Default GROUP (#1)) 1. 2. 3. 4. 5. 6. 7. Slot Intf ----2/ 1 3/ 1 3/ 2 3/ 3 3/ 4 3/ 5 3/ 6 Type/ Inst/Srvc -----------------Brg/ 1/ na Brg/ 1/ na (V) Brg/ 1/ na Brg/ 1/ na Brg/ 1/ na Brg/ 1/ na (V) Brg/ 1/ na (V) Ring Number ------------1 (0x001) 2 (0x002) 4 (0x004) 5 (0x005) 3 (0x003) 2 (0x002) 3 (0x003) Bridge Largest HopCnt Port Number frame In Out Type ------------ ---------- --- ----- ------10 (0xA) 590 6 6 SRT 10 (0xA) 4472 7 7 SRT 10 (0xA) 4472 7 7 SRT 10 (0xA) 4472 6 6 SRT 10 (0xA) 4472 7 7 SRT 10 (0xA) 4472 7 7 SRT 10 (0xA) 4472 7 7 SRT Block ARE --------n n n n n n n SAP Filter --------- Enter index of the entry to configure (e.g. 1) <RETURN> to exit : 2. Enter the index number (on the far left) for the ring you want to filter. 3. Several prompts for configuring the ring are displayed. Follow the prompts and enter the values required, or accept the current values if the ring is already configured. The following prompt is shown: Output SAP Deny Filter 1 (0000): Enter the SAP value that the first deny filter should screen. Any packet matching this filter will be rejected. Excepting the default of 0000 is the same as not having a filter. Page 17-41 Configuring Source Routing 4. Press <return>. The second deny filter prompt is displayed: Output SAP Deny Filter 2 (0000): Enter the SAP value that the first deny filter should screen. Any packet matching this filter will be rejected. Excepting the default of 0000 is the same as not having a filter. 5. Press <return>. The first permit filter prompt is displayed: Output SAP Permit Filter 1 (0000): Enter the SAP value that the first permit filter should screen. Any packet not matching this filter will be rejected. Excepting the default of 0000 is the same as not having a filter. 6. Press <return>. The second permit filter prompt is displayed: Output SAP Permit Filter 2 (0000): Enter the SAP value that the first permit filter should screen. Any packet not matching this filter will be rejected. Excepting the default of 0000 is the same as not having a filter. 7. Press <return>. A final message asking to save the new configuration is displayed: Save the new configuration? (y/n) : Enter a y to save the configuration, or an n to cancel the operation. Viewing SAP Filtering To see how many SAP filters are configured for a specific ring, enter the srs command at the system prompt. A screen similar to the following appears: Source Routing Parameters for Group 1 (Default GROUP (#1)) 1. 2. 3. 4. 5. 6. 7. Slot Intf ----2/ 1 3/ 1 3/ 2 3/ 3 3/ 4 3/ 5 3/ 6 Type/ Inst/Srvc -----------------Brg/ 1/ na Brg/ 1/ na (V) Brg/ 1/ na Brg/ 1/ na Brg/ 1/ na Brg/ 1/ na (V) Brg/ 1/ na (V) Ring Number ------------1 (0x001) 2 (0x002) 4 (0x004) 5 (0x005) 3 (0x003) 2 (0x002) 3 (0x003) Bridge Largest HopCnt Port Number frame In Out Type ------------ ---------- --- ----- ------10 (0xA) 590 6 6 SRT 10 (0xA) 4472 7 7 SRT 10 (0xA) 4472 7 7 SRT 10 (0xA) 4472 6 6 SRT 10 (0xA) 4472 7 7 SRT 10 (0xA) 4472 7 7 SRT 10 (0xA) 4472 7 7 SRT Block ARE --------n n n n n n n SAP Filter --------1 2 Enter index of the entry to configure (e.g. 1) <RETURN> to exit : The last column (SAP Filter) lists how many SAP filters are in place for the ring. See Configuring SAP Filtering on page 17-41 for information on configuring the SAP filter. Page 17-42 Configuring Source Route to Transparent Bridging Configuring Source Route to Transparent Bridging In order to provide switching between source-routed token ring networks supporting the IBM Spanning Tree, and transparently bridged networks (primarily Ethernet supporting 802.1d Spanning Tree), commands have been provided in the bridging menu to enable Source Route to Transparent Bridging (SRTB) on a configured group basis. It is important not to confuse SRTB with source-route transparent (SRT) bridging. SRT bridging is the defined method for bridging on source-routed networks. In SRT bridging, all bridges run the 802.1d Spanning Tree. SRT bridges have the ability to forward a frame based on source-routing information if a Routing Information Field (RIF) is present. Frames without a RIF are bridged transparently. SRT does not provide the ability to switch between a pure source-routed network and a transparent network. SRTB allows source-routed token ring networks and transparently bridged networks to exist in the same group, and supports connectivity between end systems on the token ring network and the end systems on the transparently bridged network. The SRTB functions in the following network environments: • Between token ring and Ethernet networks. • Between token ring networks and Ethernet LAN emulation (LANE). • Between token ring LAN emulation and Ethernet networks. ♦ Note ♦ Ethernet networks include 10Mbit, 10/100 MB, and Gigabit networks. Page 17-43 Configuring Source Route to Transparent Bridging Enabling SRTB for a Group The srtbcfg command allows you to display configured groups and the status of SRTB (either on or off), and to enable or disable SRTB for a specific group. To display groups and the status of SRTB: 1. Enter the srtbcfg command at the system prompt, as shown srtbcfg A screen similar to the following is displayed: Group Group 1: SRTB is OFF 2: SRTB is ON Default Explorer: STE Ethernet Ring ID: 291(x123) Group 3: SRTB is ON Default Explorer: ARE Ethernet Ring ID: 561(x231) /VLAN SRTB> 2. To enable SRTB for a group, enter the srtbcfg command at the system prompt, as shown: srtbcfg <groupNumber> where <groupNumber> is the number of the group for which SRTB is to be enabled. For example, to enable SRTB for Group 1, you would enter the following: srtbcfg 1 3. Once you have entered the command, a screen similar to the following is displayed: Group 1: SRTB is OFF Would you like to turn on SRTB ? (n) : Enter y to enable SRTB for this group. 4. Once you have enabled SRTB, the following prompt appears: Enter Ring ID for Ethernet segment(s) (0 - 0x0)? : Create a ring ID for the Ethernet segment assigned to this group. This number can be in decimal or hexadecimal form, but it must be unique. For example, if you have a token ring segment with a ring ID of 2, then you could not assign the number 2 to an Ethernet ring ID. 5. Once you have assigned an Ethernet token ID, the following prompt appears: Send Multicast/unknown frames as STE or ARE ? (STE) : Choose to employ Spanning Tree Explorer (STE) frames or All Route Explorer (ARE) frames by entering ste or are. Explorer frames are sent to learn MAC addresses when there is no record in the RIF table. ARE frames ignore port blocks set up by spanning tree to avoid loops, while STE frames adhere to the spanning tree configuration. The default is STE. Page 17-44 Configuring Source Route to Transparent Bridging 6. Once you have selected the frame type, you are returned to the menu prompt. By reentering the srtbcfg command as you did in step 1, you can now see that SRTB has been activated for group 1, as shown: Group Group Group 1: SRTB is ON Default Explorer: STE Ethernet Ring ID: 871(x321) 2: SRTB is ON Default Explorer: STE Ethernet Ring ID: 291(x123) 3: SRTB is ON Default Explorer: ARE Ethernet Ring ID: 561(x231) The ring ID and default explorer frame are shown as well. Disabling SRTB for a Group To turn SRTB off for a group, enter the srtbcfg command as shown srtbcfg <groupNumber> where <groupNumber> is the number of the group for which you want to disable SRTB. For example, to disable SRTB on Group 3, you would enter: srtbcfg 3 The following prompt appears: Group 3: SRTB is ON Default Explorer: ARE Ethernet Ring ID: 561(x231) Would you like to turn off SRTB ? (n) : Enter y to disable SRTB. Once you have done this you are returned to the system prompt. To view the changes to the group, enter the srtbcfg command to display a screen similar to the following: Group Group Group 1: SRTB is ON Default Explorer: STE Ethernet Ring ID: 871(x321) 2: SRTB is ON Default Explorer: STE Ethernet Ring ID: 291(x123) 3: SRTB is OFF Page 17-45 Configuring Source Route to Transparent Bridging Viewing the RIF Table A Routing Information Field (RIF) is stored for each MAC address learned on a token ring port. One RIF is stored for each MAC address. The maximum size of each RIF is 32 bytes (long enough to traverse 15 bridge hops) Once a RIF is learned for a MAC address, it is maintained until the MAC address is aged out of the CAM. You can view a list of RIFs using the srtbrif command. To view the RIF table follow these steps: 1. Enter the srtbrif command at the menu prompt. The following prompt is displayed: Enter MAC address ([XXYYZZ:AABBCC] or return for none) : Enter the MAC address for which you want to see the RIF and press <return>, or enter a <return> without a MAC address to list all RIFs. 2. Once you enter a MAC address (or <return>), the following prompt appears: Enter Group ID (return for all Group) : Enter a group ID and press <return>, or enter a <return> without a group ID to list the RIFs for all groups. 3. Once you enter the group ID (or <return>), a screen similar to the following appears: Port ---------------4/ 1/Brg/ 1 Group ID --------------2 Non-Canonical MAC Address ----------------------10009E:4B7DE1 CAM Indx Len -------- -----010E 6 RIF ------------------------0610:1231:0010: Field Descriptions The following section describes the fields shown using the srtbrif command. Port. This field lists the slot, port number, service type, and instance number for where the RIF was learned for this MAC address. Group ID. The group number with which this RIF is associated. Non-Canonical MAC Address. The MAC address for this RIF. It is shown in non-canonical form. CAM Indx. The index number in the Content-Addressable Memory (CAM), where the MAC addresses are stored, in hexadecimal form. Len. The length of the RIF packet, in bytes. RIF. The RIF address for this MAC address. Page 17-46 Configuring Source Route to Transparent Bridging Clearing the RIF Table If there is a topology change in your network, you most likely will need to clear one or more RIFs from the table so that SRTB can relearn them. You can clear specific entries for MAC addresses in the RIF table, or flush the entire table with the srtbclrrif command. To clear an entry in the RIF table: 1. Enter the srtbclrrif command at the system prompt. The following prompt appears: Enter MAC address ([000000:000036] or return for none) : Enter the MAC address for the RIF entry you wish to clear in canonical or non-canonical form, and press <return>. If you enter <return> without a MAC address, you will flush the entire table of RIF entries. 2. Once you have entered the MAC address, the following prompt appears: Is this MAC in Canonical or Non-Canonical (C or N) [N] : If you entered the MAC address in canonical form, enter a c. If you entered the MAC address in non-canonical form, enter an n. If you respond incorrectly, the RIF entry will not be deleted. 3. Once you entered the distinction of canonical or non-canonical, the following prompt appears to verify the deletion on the RIF entry: RIF clear successfully! Page 17-47 Configuring Source Route to Transparent Bridging Page 17-48 18 Configuring Frame Translations Any-to-Any Switching Because the Omni Switch/Router is a LAN switch that carries frames from multiple media types on its backplane fabric, it offers the facility to switch frames from any media to any other media. For example, an Ethernet frame onto a Token Ring. This feature is referred to as Any to Any Switching. Normally, the only way for data to get from one media type to another is via routing. Routing removes the media specific headers of a received frame and prepends the new media specific aspects of the destination port before the frame is retransmitted on the new media. In this process the frame itself is not transmitted from one media to another, only the information within it. This process involves heavy computation, requiring table lookups to guide the header deletion/creation and additional router-to-router protocols to set up and maintain these tables. Routing is not restricted, nor even primarily intended, for moving data between unlike media but instead seeks to break networks down into a number of smaller networks, each of which is a broadcast domain. Historically, networks based on different technologies and media naturally form distinct broadcast domains. The advent of LAN switching has rewritten these rules. Today, the formation of broadcast domains and the allocation of devices to them is driven by logical requirements such as Virtual LANs and LAN switches. They seek to break free of topology and network constraints imposed by mere media differences. Within this new paradigm there is still a place for routing. The installed base of clients and servers must communicate by established routing protocols but the broadcast domains handled by a router need not now consist of a single media. To support this paradigm a LAN switch must “transform” a frame on one media into a frame on the other media in such a way that the frame is still acceptable to the routing protocols. Unfortunately, the requirements for this “transformation” algorithm are specific to the various protocols that currently exist. There is no single, simple algorithm that will allow the frame to be switched between media transparently to the higher level protocols and frame formats. This leads to a fairly complex set of configuration options and limitations on the applicability of the any to any switching features. Page 18-1 Any-to-Any Switching In order to understand why these options and limitations arise and to better understand the configuration options available, it is advisable to understand as background the theory of operation of any to any switching. This material is also required if you are trying to determine the applicability of any to any switching to a protocol not described in the reference material. ♦ Important Notes ♦ In Release 4.4 and later, the Omni Switch/Router is factory-configured to boot up in CLI (Command Line Interface) mode, rather than in UI (User Interface) mode. See Chapter 4, “The User Interface,” for documentation on changing from CLI mode to UI mode. Beginning with Release 4.4, FDDI is no longer supported. Beggining with Release 4.5, Token Ring and ATM are no longer supported. Page 18-2 Translating the Frame Translating the Frame In order to discuss these issues independent of particular media and protocols, consider that every frame, of any protocol, on any media, consists of the following parts. MAC Header RIF Encapsulation Network Header Data The Essential Parts of Frame MAC Header Consists of a source and destination address specifying the transmitting station in the broadcast domain and the intended recipient(s), as well as other media specific fields. For example, AC and FC fields in Token Ring, FC in FDDI, etc. RIF (Router Information Field) If present, it is defined by the source routing standard and is only found on Token Ring and FDDI media. Encapsulation Defined by the various standards for the media, many of which reference common standards. For example, on Ethernet media, as defined by Ethernet II, this is a 16 bit type field. On Ethernet media, as defined by the IEEE 802.3 committee, this is a length field together with any encapsulation defined by the IEEE 802.2 Logical Link Control (LLC) committee. On Token Ring and FDDI, it is any encapsulation defined by the IEEE 802.2 LLC committee. Network Header Defined by the organization responsible for the particular routing protocol whose data is being carried within the frame. The values of fields defined in the Encapsulation area allow the recipient to identify which protocol standard to use to decode the Network Header part of the frame. Data The payload being carried between the end-stations. In a routing implementation the first three fields (i.e., MAC header, RIP, and Encapsulation) are the ones stripped and rebuilt when the frame is forwarded. These are the three areas that have to be manipulated. The next sections examine each of these frame packet areas further to see the media and protocol dependencies. We can also examine their interactions. Page 18-3 The MAC Header The MAC Header MAC Header RIF Encapsulation Network Header Data The format and values defined for the MAC header are covered in the media standards but even here a variety of choices which are dictated by the upper layer protocol can be found. Canonical versus Non-Canonical The first requirement of the switch transformation is the bit ordering of the address fields. For Token Ring and FDDI, this is the so called non-canonical ordering or most significant bit first. For Ethernet, this is canonical or least significant bit first. Thus, when a frame is moved between these media, the addresses must be bit-swapped. Abbreviated Addresses The FDDI and 802.5 Token Ring media allow for the use of small 16 bit addresses or full 48 bit addresses. The Omni Switch/Router only supports 48 bit MAC address LANs thus abbreviated address based protocols cannot be supported. Functional Addresses and Multicasts The 802.5 media also have different rules for the formation of multicast addresses or group addresses. In Ethernet a single bit defines the address as a multicast. In 802.5 a single bit also indicates a multicast but the remaining bits are structured into so called Functional Address groups with pre-assigned meanings and functions. The Omni Switch/Router does not map MCASTs and Functional Addresses; thus protocols dependent on these features may not be switchable any to any. Page 18-4 The RIF Field The RIF Field MAC Header RIF Encapsulation Network Header Data The same source routing standard is supported by FDDI and Token Ring so the RIF fields can be switched without problems between these media. Ethernet does not support source routing thus frames with RIF fields cannot be switched onto these media. However, if you enable “RIF Stripping” you can switch source route frames with RIFs less than 2 bytes long. The alternative of stripping fields, remembering them and reinserting them on replies, i.e. to terminate a source routed connection and act as a proxy to a transparent device is not well standardized and is difficult to execute and manage. Source Route Termination by Proxy Not Supported The Omni Switch/Router will not therefore allow RIF based frames onto Ethernet media unless RIF Stripping is enabled. Ethernet frames are allowed onto rings if they support transparent bridging, i.e. the port is configured as either Transparent or Source Route/Transparent. Otherwise all communication between SR configured ring ports and transparent Ethernet ports is barred. Page 18-5 Encapsulation Encapsulation MAC Header RIF Encapsulation Network Header Data Encapsulation is the biggest problem for implementing a transformation algorithm in support of any to any switching. All of the media provide a choice of more than one encapsulation and not all encapsulations are available on all media. Additionally, the methodology of these encapsulations vary from protocol to protocol. An ideal protocol would dictate a single encapsulation which would be the same on all media. Most protocols make use of more than one encapsulation. For example, IP uses Ethertype most of the time on Ethernet and SNAP (an instance of an 802.2 LLC) on FDDI and Token Ring. In this case, there may be clearly established rules for transforming from one encapsulation to another as media are traversed. Some protocols may allow more than one encapsulation even on a single media type. Some might use the encapsulation to separate functional parts of the protocols, for example, routing table updating protocols from user data forwarding protocols. Others, like IPX may simply allow the user to arbitrarily choose them. Some, most notably IPX, may entangle the notion of encapsulation with the notion of the network level broadcast domain to create multiple logical networks over a single physical broadcast domain. Clearly, then there is no single algorithmic rule by which the any to any transformation function can switch arbitrary protocols. There are two choices available to address this situation. 1. The switch must be configurable, per device, per protocol, per media to select the transformation of encapsulations. 2. The switch performs a single transformation and the user must configure all end-stations and routers to use this single choice made by the switch. The Omni Switch/Router uses the first approach for IP and IPX as the dominant protocols in the market. It uses the second approach for all other protocols. Protocols other than IP and IPX For protocols other than IP or IPX three encapsulations are possible on Ethernet media: • Ethertype • IEEE 802.2 LLC • IEEE 802.2 SNAP (This is an instance of an LLC encapsulation defined by the 802.2 committee to support the transformation of Ethertype Ethernet frames to media which don’t support that encapsulation.) On Token Ring and FDDI, two encapsulations are permitted by the standards: • IEEE 802.2 LLC • IEEE 802.2 SNAP. Page 18-6 Encapsulation The SNAP Conversion The intent of the 802.2 committee is that Ethertype frames are transformed to SNAP on crossing from Ethernet media to 802 media and restored to Ethertype in the reverse direction. The Omni Switch/Router could follow this rule for all protocols including IP; however, this would prevent AppleTalk interworking between Ethernet and FDDI. The Omni Switch/Router explicitly checks for the AppleTalk protocol. If found, the rule is not applied. In addition, the Omni Switch/Router checks for the Banyan Vines protocol and translates according to the media type (see Banyan Vines on page 18-13). As there may be other protocols with this problem, the SNAP-to-Ethertype transformation is configurable for all protocols other than AppleTalk. Other Conversions There are no equivalent algorithmic approaches which the transformation function can adopt for dealing with protocols which require Ethertype on Ethernet and some form of LLC encapsulation on FDDI and/or Token Ring. The mapping between Ethertype values and LLC values is arbitrary requiring tables indexed by protocol. The approach followed in the Omni Switch/Router is therefore to simply pass LLC encodings between Ethernet, FDDI and Token Ring with no changes other than to insert/strip the length field required by IEEE 802.3 on Ethernet. This leaves protocols which require transformations between Ethertype and LLC encapsulations as unswitchable unless the clients and servers can be configured to use SNAP. Summary of Non-IPX Encapsulation Transformation Rules To summarize: • Ethertype/SNAP transformations are configurable for all protocols except AppleTalk and Banyan Vines. Ethertype frames going to FDDI or Token Ring are translated to SNAP unconditionally. SNAP frames going to Ethernet are translated to Ethertype or left as SNAP as per configuration, unless the protocol is AppleTalk in which case they are left as SNAP. • LLC frames are passed unchanged in value but with the length field required on Ethernet media stripped/inserted. Page 18-7 Encapsulation IPX Encapsulation Transformation Rules For IPX the encapsulation problems described above are compounded by the introduction of a fourth encapsulation on Ethernet media. Novell introduced a frame format when the IEEE 802.3 standards committee produced its version of Ethernet which was incompatible with Ethernet. Novell places its network header and data within a raw IEEE 802.3 Ethernet frame with no intervening IEEE 802.2 LLC header. This is in direct contravention of the standards but has become a de facto standard encapsulation. Novell refers to this encapsulation types as ETHERNET_802.3. It is also widely known as Novell Proprietary, Novell Raw, Raw 802.3, etc. Such frames are identifiable only by the fact that the Novell Network header starts with a two byte field called the checksum, which is never used and assumes the value 0xFFFF. Routers, bridges and switches therefore check for the checksum after an 802.3 length field. In effect, Novell has usurped the value OxFF for the Destination and Source SAP addresses (DSAP/SSAP) of an LLC header. Thus on Ethernet media there are four encapsulations for IPX • Ethertype - value 0x8137 • Novell Proprietary • LLC - SAP value 0xE0 • SNAP - Protocol Identifier 0x0000008137 On Token Ring and FDDI, the same LLC and SNAP encapsulations are found as on Ethernet (without the length field.) This leaves an aggregate of four encapsulations across all media with only two being universal (LLC and SNAP). Unfortunately, the SNAP conversion rule isn’t applicable and there is no algorithmic determination for the use of particular encapsulations on any media - it’s purely the choice of the network administrator. Worse, multiple encapsulations can be found on a single media to create multiple logical networks over a single physical broadcast domain. The Omni Switch/Router therefore allows configuration of the encapsulation transformations of IPX frames. Before transmission of a frame occurs the switch determines first the current encapsulation of the frame. Then, it consults configuration information to determine which of the permitted encapsulations for the media the frame is to be transmitted on is required. Thus, the administrator can choose not only a single output option but an option per possible received encapsulation. For example, over FDDI media, LLC and SNAP are permissible so the administrator might configure one of the following: • LLC and SNAP encapsulations received from other FDDI, Token Ring or Ethernet media are translated to SNAP. • Ethertype and Proprietary encapsulations from Ethernet are translated to LLC. Essentially, for each encapsulation, transformation to each of the other three encapsulations is available, but may simply be left as is. This choice may be further constrained by the output media type, for example, Ethertype is not a valid option on FDDI or Token Ring. Page 18-8 The Network Header The Network Header MAC Header RIF Encapsulation Network Header Data There are essentially two requirements for the any to any switching transformation function to address the network header fields: • Network Address to MAC Address Mapping In every protocol there is a mechanism for mapping global network wide addresses to the MAC addresses required in the local broadcast domain. • Frame Size Requirements of the Media Different media have different minimum and maximum frame sizes leading to the issues of padding insertion/stripping and fragmentation/reassembly or maximum frame size negotiation protocols at the network level. Address Mapping There are almost as many ways to map a global network level address to a local subnetwork MAC address as there are routing protocols. These may or may not be affected by any to any switching. Some may construct MAC addresses algorithmically, for example, DECNET model. Some may involve table lookups with an additional protocol to build and maintain these tables, for example, the IP/ARP model. Others may involve some form of building the network address around the MAC address as in the IPX model. In all cases these mechanisms are susceptible, without good design and forethought, to the problem of canonical versus non-canonical representation of addresses in the network header area. Address Mapping in IP: ARP To map a 32-bit IP network address into the MAC address of a locally connected station a router uses the Address Resolution Protocol (ARP) to build an ARP Table. The router broadcasts a request containing the IP address in the body of the frame. The station with that IP address responds with its MAC address in the body of an ARP reply frame. The router inserts these two addresses in its ARP table and can then use the MAC address received to transmit any frames addressed to that IP address. Since a router can have interfaces to Ethernet ports (canonical MAC addresses) and FDDI and Token Ring (non-canonical MAC addresses), it is crucial that the router keeps track of what media type it receives on each port. If IP ARP were defined such that all MAC addresses, when conveyed in the body of an ARP, were in canonical format, switching would be easy. A router, when taking an address from the ARP table and using it as the destination MAC address on an Ethernet port would use the address as is. If sending to FDDI or Token Ring it would bit swap the address to non-canonical format as required by the media. Page 18-9 The Network Header Given this model of implementation a station responding with an ARP on Ethernet which was switched to FDDI would result in the same representation of the MAC address in the ARP table of the router. The router would then use the bit swapped form in the MAC address of subsequent frames to the FDDI ring and the switch would bit swap these MAC header address as it transformed the frame onto Ethernet, resulting in the correct representation to be received by the original station. Unfortunately, this model has only been defined in IP for Ethernet and FDDI. Token Ring stations place MAC addresses into the body of ARP frames in their native, non-canonical format and routers use addresses from the ARP table as is when sending to Token Ring ports. To achieve any to any switching with IP it is therefore necessary for the Omni Switch/Router to be sensitive to ARP frames and to bit swap the MAC addresses in the body of the ARP when switching a frame between Token Ring and FDDI or Ethernet. ♦ Important Note ♦ Beginning with Release 4.4, FDDI is no longer supported. Because IP is well designed, the issue of address mapping being confined to the ARP protocol, this is sufficient to isolate the problem allowing all subsequent IP frames to be switched any to any. Address Mapping in IPX A network address in IPX consists of three parts: 1. Network Number -- a globally unique identifier of a particular broadcast domain. Strictly, because of the formation of logical networks using encapsulations, this is not equivalent to a physical broadcast domain but the distinction can be put aside for the purposes of this particular discussion. 2. Node Address -- the MAC address of a station on that domain. 3. Socket Number -- the task (process) within that station which should process the message. Just as in IP, routers move a frame along hop by hop on the basis of the network number portion of the destination address. To do this, IP needs the MAC address of the next hop router. This address is obtained from the RIP table that is built up from the RIP updates sent out by all routers. When a router receives a RIP update frame it uses the source node address in the frame as the MAC address for the next hop router. Although there is not an explicit ARP like protocol for mapping addresses in IPX, this same function is achieved by the use of source node addresses in RIP frames. In IPX, as in IP, the canonical versus non-canonical representation of addresses in ARPs still applies. In switching, this needs to be considered for the source node address in IPX frames. In IPX Ethernet and FDDI observe a convention of using MAC addresses in the IPX header in canonical format. For Token Ring these addresses are non-canonical. Proprietary Token Ring IPX switching The Omni Switch/Router offers the facility to modify IPX frames switching between Token Ring and FDDI or Ethernet. ARP bit swapping for IP is a de facto standard widely implemented in the industry. This is not the case with IPX. The switch must be able to co-exist with bridges that do not support any to any switching or applications where this feature is not required. Therefore this feature can be configured on or off. Page 18-10 Frame Size Requirements Frame Size Requirements The frame size requirement for the different media cause two problem areas which have to be addressed by the any to any switching transformation function. • Ethernet has a minimum frame size requirement. This requires that padding is inserted on frames switched to it which are below the minimum size and stripped from frames switched from it. • All media have different maximum frame size requirements. This gives rise to the problems of fragmenting large frames and/or negotiating maximum frame sizes. Insertion of Frame Padding Ethernet has a minimum frame size of 64 bytes. For frames smaller than 64 bytes it is a simple task for the Omni Switch/Router to perform padding. Stripping such padding from Ethernet frames when switching to FDDI or Token Ring is not so easy. In most implementations of IP that we have tested the presence of padding on FDDI or Token Ring frames appears not to cause any problems. However, IPX implementations are adversely affected by its presence. Therefore the Omni Switch/Router takes a conservative approach for all frames, regardless of protocol type, and strips padding where it can be detected. Stripping of Padding for all IEEE 802.3 Frames. Ethernet frames in IEEE 802.3 format can be stripped of padding because of the presence of the length field. This includes all LLC and hence SNAP encapsulated protocols as well as Novell Proprietary format. No stripping of non-IPX Ethertype Frames Padding can only be detected for Ethertype encapsulated frames if the protocol is known and the protocol has some length information which can allow the valid data size to be inferred. This is protocol specific and is currently only performed for IPX frames. Thus, the Omni Switch/Router does not strip padding from non-IPX Ethertype encapsulated frames including IP. IPX Specific Stripping For IPX the Omni Switch/Router performs pad stripping for all frame types including Ethertype. This is possible because all IPX frames have a common header that includes the data length, allowing the frame size to be inferred. In fact, for IPX, the length in the IPX header is used to strip padding in all frame encapsulations including the 802.3 based formats. This is because many IPX Ethernet implementations also pad frames to an even byte length. This single byte pad when performed on 802.3 based frames is included in the 802.3 length field. Thus the generic 802.3 based stripping technique is not sufficient to strip this odd-byte padding. When performing any to any switching FDDI implementations of IPX were found to be tolerant of this extra byte whereas Token Ring implementations would not work with it present. By adopting the single IPX stripping strategy of using the IPX header length these problems are avoided thus the Omni Switch/Router unconditionally strips all padding from IPX frames. Also, it does not support odd-byte pad insertion when switching to Ethernet. This was a feature added to overcome limitations of some NIC cards which is now of only historical importance and in fact, Netware 4.1 servers provide this insertion as a port configuration option. Page 18-11 Frame Size Requirements MTU Handling Routers address the problem of maximum frame size limitations with the notion found in many protocols of a Maximum Transmission Unit (MTU) size. Protocols use this notion in two possible ways. • PDU Fragmentation/Reassembly The router is configured with the MTU of each port. If a frame that is too large is required to be sent on a port, the Protocol Data Unit (PDU) within the frame is fragmented into many smaller PDUs, each of which is re-encapsulated and sent as a frame that fits within the MTU. • Connection-oriented end-to-end MTU negotiation When an end-station enters into a protocol to communicate with another station the initial PDU exchanges are guaranteed to fit all possible MTUs. In the handshaking between endstations to establish the connection a phase is entered where large frames are sent. If an intervening link has an MTU too small for these frames it will be dropped and the handshaking will time out. The end-stations send progressively smaller frames until the handshaking succeeds and hence establish the MTU to be used between the two stations for the remainder of their connection use. IP supports the former mechanism and IPX the latter. IP Fragmentation The Omni Switch/Router Ethernet interfaces will use IP fragmentation if they are allowed to (i.e., if the Don’t Fragment bit is not set.) Fragmentation by FDDI and Token Ring is not supported though technically the Token Ring could send frames larger than those supported by FDDI and LAN Emulation could generate frames larger than both. ICMP Based MTU Discovery IP uses the Don’t Fragment bit to support an MTU discovery protocol that superficially resembles the negotiation of IPX. The difference is that when IP stations attempt to discover an MTU size for their use, which doesn’t require fragmentation by intermediate routers, the protocol expects a protocol response by the intermediate router, this is an ICMP reporting that a frame was dropped because it couldn’t be fragmented. The Omni Switch/Router transformation function of any to any switching does not support this ICMP generation but just silently drops IP frames which can’t be fragmented. The IP router in the Omni Switch/Router does honor this protocol and support ICMP. It is only the any to any switching which doesn’t because it is not a router and may not even have an IP address with which to respond. IPX Packet Size Negotiation For IPX the requirement of intervening devices is simply to drop frames that are too large to be forwarded. This is what the Omni Switch/Router does. Other Protocols Dropping oversize frames is the approach for all protocols other than IP. If the protocol in question is modeled like IPX this will be the correct thing to do and will not cause problems. If the protocol is modeled like IP and expects fragmentation to occur or requires explicit response from the Omni Switch/Router then the protocol will not succeed in any to any switching. Page 18-12 Banyan Vines Banyan Vines Banyan Vines supports Ethernet, FDDI, and Token Ring networks. Each type of network generates a different frame format, so the Omni Switch/Router performs translations for frames moving from one network type to another. The Banyan Vines protocol only uses one frame format per network type—no user configuration of translations is necessary. This protocol uses Ethernet II frames on Ethernet, SNAP frames on FDDI, and IEEE 802.2 (LLC) frames on Token Ring. The Omni Switch/Router uses these frame formats when translating Banyan Vines frames. Note Checksums for Banyan Vines frames are automatically set to the null checksum, 0xFFFF, so that the checksum header does not require recalculation. Receiving stations will ignore this field and assume the sender is not using checksums. Page 18-13 Configuring Encapsulation Options Configuring Encapsulation Options You will configure frame encapsulation based on the destination MAC address or the destination switch port. Whether a frame is encapsulated based on the destination MAC or the port depends whether the frame has a unicast, multicast, or broadcast destination. Forwarding versus Flooding Such frames will be handled in two ways: • Forwarded Frames. If the frame has a unicast destination address which has been learned on a particular port, the encapsulation translation choices are driven by options associated with the destination MAC address. • Flooded/Multicast Frames. If the frame has a unicast destination address which has not been learned on a particular port, or if the destination address is a multicast address, then the frame has to be transmitted on potentially many ports. In this case the encapsulation translation choices are driven by options associated with each destination port. Port Based Translation Options The translation options for ports allow configuration of IP and IPX protocols on a per encapsulation basis. MAC Address Based Translation Options The translation options for MACs arises from two possible sources. • Inheritance from Port Options During Source Address Learning • When a source MAC address is learned, the translation options of the port on which it is learned are copied into the MAC-based database. • Automatic Determination by AutoTracker • When a frame is processed by AutoTracker as part of determining the VLAN to be associated with the MAC the frames protocol type and encapsulation are also determined. This information is used to update/set the translation options in the MAC based database. Which of these options is used is determined by setting the autoencaps option. Page 18-14 Configuring Encapsulation Options “Native” versus “Non-Native” on Ethernet For the Ethernet one further distinction is made. If the frame received from the backplane is an Ethernet media type frame from another Ethernet switching module in the same chassis, then no encapsulation translations are applied. Such frames are referred to as Native frames. If the frame is of an Ethernet media type but was put onto the backplane by some other type of switching module, for example, the frame came from a FDDI card via a trunk port, or from the MPX via routing, then encapsulation translations are applied. Such frames are referred to as Non-Native frames. ♦ Important Note ♦ The .cmd file contains a command called hreXnative that by default is set to 1. If your switch uses multiple encapsulations (for example, VLAN 2:1 is 802.3 IPX and VLAN 3:1 is Ethernet II IPX) then the hreXnative command must be set to 0. See Chapter 7, “Managing Files,” for more information on the .cmd file. “Native” versus “Non-Native” on FDDI and Token Ring For FDDI, Token Ring and LAN Emulation on ATM, a native/non-native distinction is not made. Instead, no encapsulation translations are applied by these switching modules to frames which are of their own media type. No Translation on Trunk or PTOP ports Switching modules which support encapsulation mechanisms, such as Trunking ports on FDDI and Token Ring, and Point to Point ports on ATM do not apply translation to frames destined to such ports. All other aspects of the transformation process are driven by the media type of the frame, the media type of the port on which the frame is to be transmitted and the protocol type determined for the frame. Thus frame padding insertion/stripping, IP fragmentation, IP ARP bit swapping, etc., are all automatic. The Proprietary Token Ring IPX Option The one area which remains configurable is the bit swapping of source addresses for IPX in order to allow Token Ring to work with FDDI and Ethernet. This is the equivalent function to IP ARP bit swapping. This option is configurable and by default is on. Page 18-15 The User Interface The User Interface This chapter documents User Interface (UI) commands to configure encapsulation options. For documentation on Command Line Interface (CLI) commands to configure encapsulation options, see the Text-Based Configuration CLI Reference Guide. ♦ Important Note ♦ In Release 4.4 and later, the Omni Switch/Router is factory-configured to boot up in CLI (Command Line Interface) mode, rather than in UI (User Interface) mode. See Chapter 4, “The User Interface,” for documentation on changing from CLI mode to UI mode. Simple encapsulation options can be configured through the modvp, addvp, crgp commands. More advanced encapsulation options can be found in the commands under the Switch menu. Essentially, the forwarding code is now capable of applying the transformation function per protocol per encapsulation per port for flooded/mcast traffic and per protocol per encapsulation per destination MAC address for forwarded unicast traffic. The old interface provides a small subset of these possible port translation options. Page 18-16 The User Interface The addvp, modvp and crgp Commands All of these commands include in their dialogue an Output Format question for ports and a subsidiary IEEE 802.2 Pass through option. The options offered are: • a default, • Ethertype, • SNAP and • LLC. Each of these represents a set of translation options for the IP and IPX protocols. The names chosen for these sets basically represent the translations for IPX with the translation for IP being implied. For example, LLC represents a translation set where all IPX encapsulations are configured to translate to IEEE 802.2. This is not a valid encapsulation for IP which is therefore configured to a default appropriate to the media, Ethertype for Ethernet ports and SNAP for FDDI and Token Ring ports. The translation of all other protocol types and encapsulations is fixed by the Omni Switch/Router. Thus AppleTalk is never translated and Ethertype/SNAP based protocols follow the IP option. For those options which imply a translation of IEEE 802.2 IPX frames to something else a subsidiary question is asked, “IEEE 802.2 IPX Pass Through(y/n):” An IEEE 802.2 pass through option is provided because 4.1 Novell servers use this encapsulation by default and it is becoming Novell’s encapsulation of choice. The Default Translation Option The meaning of the default is determined separately for each media type and is fully configurable. The factory defaults are chosen so that the latest release is fully compliant with earlier ones. The default translation option is provided to allow a “single point of configuration of all ports” capability. When the default option for a media is changed all ports of that media type whose encapsulation is configured as default will inherit the new translation setting. All MAC address-based translation options which were inherited from those ports, as opposed to those set by AutoTracker, will also be updated. Ports which have an encapsulation setting other than default will be unaffected. Page 18-17 The User Interface Ethernet Factory Default Translations For Ethernet switching module ports the factory default is set to the following: Ethernet Media - Default Mode No translation is performed on outbound Ethernet frames where the inbound interface was Ethernet. IP frames of any encapsulation are transmitted as Ethernet II frames. IPX frames are transmitted as IEEE 802.3 Proprietary as the default setting. The only exception is when LLC passthrough mode is enabled, then the IEEE 802.2 (LLC) frames are forwarded as is. No translation is performed on Appletalk frames, and we currently support only Appletalk Phase II (SNAP format). Banyan Vines frames are transmitted as Ethernet II frames. Other than IP and IPX, all other Ethernet II and SNAP encapsulated protocols are sent as Ethernet II frames. All other IEEE 802.3 with LLC encapsulated protocols are not translated. FDDI Factory Default Translations For FDDI switching module ports the factory default is set to the following: FDDI Media - Default Mode IP of any encapsulation is encapsulated SNAP IPX encapsulations are encapsulated SNAP except for IEEE 802.2 which is forwarded as is. Banyan Vines of any type are transmitted as SNAP. All other Ethertype and SNAP encapsulated protocols are sent as for IP. All other LLC encapsulated protocols are forwarded as is. Page 18-18 The User Interface Token Ring Factory Default Translations For Token Ring switching module ports the factory default is set to the following: Token Ring Media - Default Mode IP of any encapsulation is encapsulated SNAP IPX encapsulations are encapsulated SNAP except for IEEE 802.2 which is forwarded as is. Banyan Vines of any type are transmitted as LLC. All other Ethertype and SNAP encapsulated protocols are sent as for IP. All other LLC encapsulated protocols are forwarded as is. ATM LANE Factory Default Translations For ATM LAN Emulation service ports the factory default is set to the following: ATM LANE - Default Mode No translations performed on Ethernet frames. FDDI and Token Ring frames are translated to either SNAP or LLC and are transmitted as such on ATM LANE. Banyan Vines Token Ring and FDDI frames are translated to Ethertype. Page 18-19 The User Interface The Ethertype Option This option can only be applied to Ethernet switching module ports. It is set to the following: Ethernet Media - Ethernet II Mode No translation is performed on outbound Ethernet frames where the inbound interface was Ethernet. IP frames are transmitted as Ethernet II frames. All IPX frames are transmitted as Ethernet II frames. The only exception is when LLC passthrough mode is enabled, then the IEEE 802.2 (LLC) frames are forwarded as is. No translation is performed on Appletalk frames, and we currently support only Appletalk Phase II (SNAP format). Other than IP and IPX, all other Ethernet II or SNAP frames are transmitted as Ethernet II frames. Other IEEE 802.3 with LLC are not translated. ATM LANE - Ethernet II Mode IPX frames from FDDI, Token Ring, and Ethernet SNAP frames are translated to Ethertype. All other SNAP frames from FDDI, Token Ring, and Ethernet SNAP are translated to Ethertype. However, Appletalk ARP SNAP frames from Token Ring and FDDI are left as SNAP; Banyan Vines frames from FDDI are translated to Ethertype. All other 802.2 frames from FDDI, Token Ring, and Ethernet are left as is. The exception are Banyan Vine frames from Token Ring, which are translated to Ethertype. All Ethernet Ethertype frames are not translated. Page 18-20 The User Interface The SNAP Option This option can be applied to all media type ports and is set to the following: Ethernet Media - SNAP Mode No translation is performed on outbound Ethernet frames where the inbound interface was Ethernet. IP frames are transmitted as SNAP frames. All IPX frames are transmitted as SNAP frames. No translation is performed on Appletalk frames, and we currently support only Appletalk Phase II (SNAP format). Other than IP and IPX, all other Ethernet II or SNAP frames are transmitted as SNAP frames. Other IEEE 802.2 with LLC are not translated. FDDI / Token Ring Media - SNAP Option No translation is performed on outbound FDDI or Token Ring frames where the inbound interface was the same media type. IP frames of any encapsulation type are transmitted as SNAP frames. IPX frames received that do not have an IEEE 802.2 encapsulation type, are transmitted as SNAP. IPX frames received that are of IEEE 802.2 encapsulation type are transmitted as SNAP if the LLC passthrough is disabled. If the LLC passthrough is enables, these frames will not be translated. No translation is performed on Appletalk frames, and we currently support only Appletalk Phase II. All other LLC encapsulated protocols are left as is. In the modvp or addvp commands for FDDI and Token Ring the only choices other than default are SNAP or LLC and the default must be one of these. As the factory default is SNAP with IPX 802.2 Pass through and the SNAP does not imply pass through the additional question about pass through is not asked on FDDI and Token Ring ports as the preference can be expressed by choosing default or SNAP explicitly. Page 18-21 The User Interface ATM LANE - SNAP Mode All IPX frames are translated to SNAP unless they are already SNAP, in which case they are forwarded as is. All Ethertype or SNAP frames from Ethernet and SNAP frames from Token Ring or FDDI are translated to SNAP or left as SNAP. The exception is Banyan Vines frames from FDDI, which are translated to Ethertype. All other LLC frames are left as is. The exception is Banyan Vines from Token Ring, which is translated to Ethertype. Page 18-22 The User Interface The LLC Option This option can be applied to all media type ports and is set to the following: Ethernet Media - LLC Mode No translation is performed on outbound Ethernet frames where the inbound interface was Ethernet. IP frames are transmitted as Ethernet II frames. All IPX frames are transmitted as IEEE 802.2 (LLC) frames. No translation is performed on Appletalk frames, and we currently support only Appletalk Phase II (SNAP format). Other than IP and IPX, all other Ethernet II or SNAP frames are transmitted as Ethernet II frames. Other IEEE 802.2 with LLC are not translated. FDDI / Token Ring Media - LLC Mode No translation is performed on outbound FDDI or Token Ring frames where the inbound interface was the same media type. IP frames are transmitted as SNAP frames. All IPX frames are transmitted as IEEE 802.2 (LLC) frames. No translation is performed on Appletalk frames, and we currently support only Appletalk Phase II (SNAP format). Other than IP and IPX, all other Ethernet II or SNAP frames are transmitted as SNAP frames. Other IEEE 802.2 with LLC are not translated. In the modvp or addvp commands for FDDI and Token Ring the only choices other than default are SNAP or LLC and the default must be one of these. As the factory default is SNAP with IPX 802.2 Pass through and SNAP does not imply IPX 802.2 Pass through, the additional question about pass through is not asked on FDDI and Token Ring ports. By choosing SNAP, it is implied that there is no IPX 802.2 Pass through. Page 18-23 The User Interface ATM LANE - LLC Mode IPX frames are translated to 802.2 LLC. All other SNAP frames from FDDI, Token Ring, and Ethernet SNAP are translated to Ethertype. However, Appletalk ARP SNAP frames from Token Ring and FDDI are left as SNAP; Banyan Vines frames from FDDI are translated to Ethertype. All other LLC frames are not translated. The exception is Banyan Vines frames from Token Ring, which are translated to Ethertype Interaction with the new interface If the port to which these commands are being applied has been configured with the new interface commands its encapsulation will be displayed as SWCH in the vi command output. The user is alerted to this fact in these commands by the default response to the output format question in the modvp command being displayed as “*” instead of d,e,s or l. A simple return will leave the options unchanged in this case. If the port is currently one of d,e,s or l and the user types “*” in response the encapsulation is changed to SWCH and the options are set to a null translation set. The “vi” Command The encaps column displays the encapsulation subset options set for each port. If the port has been configured with the new interface this is indicated by displaying “SWCH.” The “canned” subsets offered in this interface are displayed as follows: • DFLT. This indicates that the port is using the default translation options applicable to the media type of this port. See above. • 802.2. This indicates that IPX frames of any encapsulation will be encapsulated with IEEE 802.2. Non-IPX frames other than AppleTalk will be transformed to Ethertype on Ethernet ports and SNAP on FDDI or Token Ring ports. AppleTalk frames are never transformed. • SNAP. This indicates that Ethertype frames of all protocols and IPX proprietary frames will be translated to SNAP and all SNAP frames will be left as is. IEEE 802.2 encapsulated IPX frames may be left as is if the IEEE 802.2 pass through option is in effect for this port. All other IEEE 802.2 encapsulated protocols are left as is. • ETH. This indicates that SNAP frames of all protocols except AppleTalk will be translated to Ethertype. SNAP and Proprietary IPX frames will be transformed to Ethertype. IEEE 802.2 encapsulated IPX frames may be left as is if the IEEE 802.2 pass through option is in effect for this port. All other IEEE 802.2 encapsulated protocols are left as is. To discover whether IEEE 802.2 pass through is in effect on a port the user must either use the swch command from the switch menu or use modvp and observe the encapsulation offered and/or the default response for the pass through question. Page 18-24 The Switch Menu The Switch Menu The switch menu contains commands that allow you to set translation options discussed earlier in this chapter. It also contains commands to change the default values. To view the switch menu, enter switch at the prompt. If you are in verbose mode, the following screen is displayed. Otherwise, type a ? at the switch menu prompt to display the Switch Menu: Command ---------------------propipx facdef ethdef fddidef trdef swch swchmac autoencaps Switch Menu --------------------------------------------------------------------------------------------------Configure Default Proprietary IPX Token Ring to any switching Configure Defaults to Factory values Configure Default Ethernet Translation Configure Default FDDI Translation Configure Default TR Translation Configure Any To Any Switching Port Translations View per MAC Translation Options Turn AutoTracker translations On or OFF The commands above and their operations are described in the sections below. Proprietary IPX Token Ring The propipx command allows you to turn on or off the default proprietary IPX switch translation. (Refer to Appendix B, “Output Translation Options,” for information on the Proprietary IPX feature.) To turn on the Proprietary IPX feature (the default), enter the following at the system prompt: propipx on A message is displayed to confirm the activation of the Proprietary IPX feature. Please note that the switch must be rebooted for the setting to take effect. To turn off the Proprietary IPX feature type: propipx off Factory Defaults You can reset all ports in the switch to their default factory settings. Any custom translations you configured through modvp, ethdef, fddidef, trdef, or swch commands will be overridden by the default translation for the given media type (i.e., Ethernet, FDDI, etc.). Factory defaults for each media type are described earlier in this chapter. To reset to factory defaults, enter the facdef command at the system prompt. The following screen displays: This will reset the default translations for each media type to a factory default. It will then set all port translation options to inherit these defaults. It will then reset the forwarding table translation options for all addresses learnt on those ports to those port defaults. Do you want to do this? (no): Enter a Y to reset all port settings. Page 18-25 The Switch Menu Default Ethernet Translations The ethdef allows you to set up default translations for all Ethernet ports. To do so: 1. Enter ethdef at the system prompt. The following screen displays: This will reset the default translations for Ethernet media to a new value. All Ethernet ports currently set to default will inherit these new translation options. It will thenreset the forwarding table translation options for all addresses learnt on those ports to those port defaults. Do you want to do this? (no): 2. Press Y at the Do you wish to do this? prompt to indicate that you want to change the defaults. The current settings for Ethernet ports are displayed, in a screen similar to the following: Translation Options: 1 IP Ethertype 2 IP IEEE 802 SNAP -> Ethertype -> Ethertype 3 4 5 6 -> 802.3 -> 802.3 -> 802.3 -> 802.3 IPX ETHERNET_II IPX ETHERNET_802.3 IPX ETHERNET_802.3/FDDI/TOKEN_RING IPX ETHERNET_SNAP/FDDI_SNAP/TOKEN-RING_SNAP There are six frame types for which you can set translation options. The frame type in the left column indicates the incoming frame, and the frame type in the right column (after the ->) indicates the outgoing frame. You can configure the outgoing frame type for each incoming frame. 3. You change an outgoing frame type by entering its line number, an equal sign (=) and a frame type indicator (e, s, 2, or 3). The frame type indicators represent the following frames: e Ethernet II or Ethertype s SNAP 2 802.2 or LLC 3 Ethernet 802.3 For example, if you wanted to change incoming IPX Ethernet II frames to Ethernet 802.3 frames, then you would enter 3=3 Please note that the IP Translation Options accept only Ethertype (e) or SNAP (s). 4. When you are done changing translations, enter save to save all of your settings. If you enter quit, you will exit the ethdef command without saving your changes. Page 18-26 The Switch Menu Default FDDI Translations The fddidef command allows you to set up default translations for all FDDI ports. To do this: 1. Enter the fddidef command at the system prompt. The following screen displays: This will reset the default translations for FDDI media to a new value. All FDDI ports currently set to default will inherit these new translation options. It will thenreset the forwarding table translation options for all addresses learnt on those ports to those port defaults. Do you want to do this? (no): 2. Press Y at the Do you wish to do this? prompt to indicate that you want to change the defaults. The current settings for FDDI ports are displayed, in a screen similar to the following: Translation Options: 1 IP Ethertype 2 IP IEEE 802 SNAP -> Ethertype -> Ethertype 3 4 5 6 -> 802.3 -> 802.3 -> 802.3 -> 802.3 IPX ETHERNET_II IPX ETHERNET_802.3 IPX ETHERNET_802.3/FDDI/TOKEN_RING IPX ETHERNET_SNAP/FDDI_SNAP/TOKEN-RING_SNAP There are six frame types for which you can set translation options. The frame type in the left column indicates the incoming frame, and the frame type in the right column (after the ->) indicates the outgoing frame. You can configure the outgoing frame type for each incoming frame. 3. You change an outgoing frame type by entering its line number, an equal sign (=) and a frame type indicator (e, s, 2, or 3). The frame type indicators represent the following frames: e Ethernet II or Ethertype s SNAP 2 802.2 or LLC 3 Ethernet 802.3 For example, if you wanted to translate incoming IPX Ethernet 802.3 frames to Ethernet 802.3 frames (FDDI raw), then you would enter 4=3 Please note that the IP Translation Options accept only Ethertype (e) or SNAP (s). 4. When you are done changing translations, enter save to save all of your settings. If you enter quit, you will exit the ethdef command without saving your changes. Page 18-27 The Switch Menu ♦ Important Note ♦ The IP Translation Options allow only SNAP (s). The IPX translations allow SNAP (s), and LLC (2) for all frame types. The Ethertype (e) translation is not allowed for FDDI. The Ethernet 802.3 translation (3) is allowed only on incoming Ethernet 802.3 frames, which referred to as “FDDI raw.” The fddidef command will accept your input and will not return an error message if you try to change an IPX translation option to Ethertype or Ethernet 802.3. However, that does not mean that the IPX frames are being translated to Ethertype or 802.3. Regardless of what the fddidef screen displays, switch software does not translate FDDI frames to Ethertype for any frame or to 802.3 for any frame accept incoming 802.3. Default Token Ring Translations The trdef command allows you to set up default translations for all Token Ring ports. To do so: 1. Enter the trdef command at the system prompt. The following screen displays: This will reset the default translations for TR media to a new value. All TR ports currently set to default will inherit these new translation options. It will thenreset the forwarding table translation options for all addresses learnt on those ports to those port defaults. Do you want to do this? (no): 2. Press Y at the Do you wish to do this? prompt to indicate that you want to change the defaults. The current settings for FDDI ports are displayed: Translation Options: 1 IP Ethertype 2 IP IEEE 802 SNAP -> Ethertype -> Ethertype 3 4 5 6 -> 802.3 -> 802.3 -> 802.3 -> 802.3 IPX ETHERNET_II IPX ETHERNET_802.3 IPX ETHERNET_802.3/FDDI/TOKEN_RING IPX ETHERNET_SNAP/FDDI_SNAP/TOKEN-RING_SNAP There are six frame types for which you can set translation options. The frame type in the left column indicates the incoming frame, and the frame type in the right column (after the ->) indicates the outgoing frame. You can configure the outgoing frame type for each incoming frame. Page 18-28 The Switch Menu 3. You change an outgoing frame type by entering its line number, an equal sign (=) and a frame type indicator (e, s, 2, or 3). The frame type indicators represent the following frames: e Ethernet II or Ethertype s SNAP 2 802.2 or LLC 3 Ethernet 802.3 For example, if you wanted to translate incoming IPX SNAP frames to LLC frame, then you would enter 6=2 4. When you are done changing translations, enter save to save all of your settings. If you enter quit, you will exit the trdef command without saving your changes. ♦ Important Note ♦ The IP Translation Options allow only SNAP (s). The IPX translations allow only SNAP (s), and LLC (2) for all frame types. The Ethertype (e) and 802.3 translations are not allowed for Token Ring. The trdef command will accept your input and will not return an error message if you try to change an IPX translation option to Ethertype or Ethernet 802.3. However, that does not mean that the IPX frames are being translated to Ethertype or 802.3. Regardless of what the trdef screen displays, switch software does not translate Token Ring frames to Ethertype or 802.3. Page 18-29 The Switch Menu Port Translations The swch command allows you configure translations on a port-by-port basis. Its translation options are similar to those for ethdef, fddidef, and trdef. However, instead of applying translations to all ports for a particular media type, swch applies translations only to the port you specify. To specify translation for a single port: 1. Start the swch command by entering it at the prompt as shown: swch <slot>/<port> where <slot> is the board on which the port is located and <port> is the port number. For example, to set the translation for port 1 on slot 2, enter the following: swch 2/1 2. Something like the following screen displays, showing the current translation settings for the port: Port Translations for Ethernet port 2/1/brg/1 0 Framing Type: DFLT Translation Options: 1 IP Ethertype 2 IP IEEE 802 SNAP -> Ethertype -> Ethertype 3 4 5 6 -> 802.3 -> 802.3 -> 802.3 -> 802.3 IPX ETHERNET_II IPX ETHERNET_802.3 IPX ETHERNET_802.2/FDDI/TOKEN_RING IPX ETHERNET_SNAP/FDDI_SNAP/TOKEN-RING_SNAP The top line of the display indicates the media type of the port as well as the slot number, port number, service type, and service number. The next line, Framing Type, indicates the framing type applied to this port through the modvp command. If the framing type had been defined through the Switch menu, then this field would read SWCH. 3. The Translation Options section shows the six frame types for which you can set translation options. The frame type in the left column indicates the incoming frame, and the frame type in the right column (after the ->) indicates the outgoing frame. You can configure the outgoing frame type for each incoming frame. Note that the default option is a question mark (?). If you press <Return>, the help information will be redisplayed 4. You change an outgoing frame type by entering its line number, an equal sign (=) and a frame type indicator (e, s, 2, or 3). The frame type indicators represent the following frames: e Ethernet II or Ethertype s SNAP 2 802.2 or LLC 3 Ethernet 802.3 For example, if you wanted to translate incoming IPX SNAP frames to LLC frames, then you would enter 6=2 Page 18-30 The Switch Menu 5. When are done changing translations, enter save to save all your settings. If you enter quit, you will exit the swch command without saving your changes. Please note that valid translation options depend on the media type of the port. Ethernet ports allow all frame translation options, but FDDI and Token Ring ports have limitations. See Default FDDI Translations on page 18-27 and Default Token Ring Translations on page 18-28 for more information on media limitations. Configuring Additional Ports If you want to configure additional ports, you can use the n option of the swch command to configure the next port, or the p option of the swch command to configure the previous port. For example, if you want to configure translations on port 2 for the card in slot 4 after configuring Port 1 in Slot 4, enter n at the prompt. You are now ready to configure port 3 of slot 4. If you want to configure translations on port 1 for the card in slot 5 after configuring Port 2 in Slot 5, enter p at the prompt. You are now ready to configure port 1 of slot 5. When are done changing translations, enter save to save all your settings. If you enter quit, you will exit the swch command without saving your changes. Displaying Ethernet Switch Statistics The swch command can also be used to display basic statistics for Ethernet ports. These statistics are the lowest level, most primitive statistics maintained by an Ethernet board. The more familiar RMON and MIB II statistics are generated from these statistics. If you want to display the switch statistics for an Ethernet port, enter swch <slot>/<port> where <slot> is the slot number of the module, and <port> is the number of the port for which you want to view statistics. For example, to look at statistics for port 4 in slot 3, enter: swch 3/4 A screen similar to the following is displayed: Port Translations for Ethernet port 3/4/brg/1 0 Framing Type: DFLT Translation Options: 1 IP Ethertype 2 IP IEEE 802 SNAP -> Ethertype -> Ethertype 3 4 5 6 -> 802.3 -> 802.3 -> 802.3 -> 802.3 IPX ETHERNET_II IPX ETHERNET_802.3 IPX ETHERNET_802.2/FDDI/TOKEN_RING IPX ETHERNET_SNAP/FDDI_SNAP/TOKEN-RING_SNAP If this port is an Ethernet media port, enter r at the system prompt and then press <Return>. If you do this for a port other than an Ethernet port, this will be ignored. Page 18-31 The Switch Menu If the port selected is an Ethernet based port, something like the following would be displayed: Ethernet Statistics for Ethernet port 3/4/Brg/1 Received Good Octets 0 Transmitted Good Octets Received Bad Octets 0 Total Octets 0 Received Unicasts 0 Transmitted Unicasts Received Multicasts 0 Transmitted Multicasts Received Broadcasts 0 Transmitted Broadcasts Received Buffer Discards 0 Transmitted Buffer Discards Received Collision Count 0 Transmitted Retry Count Received Runt Count 0 Transmitted More Count Received Error Discard 0 Transmitted Once Count Drop Event Count 0 Transmitted Defer Count Received Jabbers 0 Loss Carrier Count Received Over Size 0 Transmitted Late Collisions Received Late Collision 0 Transmit Underflow Received 1024 + 0 Port Filtered Received 512 + 0 Vlan Filtered Received 256 + 0 Mtu Exceeded Received 128 + 0 Received 65 + 0 Received 64 0 vseTxDiscard 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 The fields displayed by the r option of the swch command are described below: ♦ Note ♦ The first group of statistics are the numbers of bytes transmitted and received. These are useful in working out bandwidth usage by the port. Bad octets are important to count in the total octets count as they consume bandwidth at the expense of useful traffic. To ignore them would lead to mysterious loss of bandwidth in any calculations performed. Received Good Octets. Received Bad Octets. Total Octets. The total number of bytes received in good frames. The total number of bytes received in bad frames. The total number of octets transmitted or received in good or bad frames on this port. Transmitted Good Octets. Received Unicasts. The total number of bytes successfully transmitted. The number of frames received on this port whose destination address is a unicast format. Transmitted Unicasts. The number of frames transmitted on this port whose destination address is a unicast format. Received Multicasts. The number of frames received on this port whose destination address is a multicast format. Transmitted Multicasts. The number of frames transmitted on this port whose destination address is a multicast format. Received Broadcasts. The number of frames received on this port whose destination address is the broadcast address. Page 18-32 The Switch Menu Transmitted Broadcasts. The number of frames transmitted on this port whose destination address is the broadcast address. Note that these statistics merely indicate the format of the destination address of frames transmitted/received on this port, not that the addressed device and/or devices necessarily reside on that port. For example, unknown unicast addressed frames are flooded to many ports. Received Buffer Discards. Due to congestion of traffic from multiple ports on the board, timely access to buffers was not available to receive a frame from the network port and the frame was discarded. Transmitted Buffer Discards. Due to a shortage of buffers and/or congestion on the network port, frames received from the backplane destined to this port were dropped. Transmit Underflow. Due to congestion of traffic from multiple ports on the board, timely access to the buffer containing the frame currently being transmitted by this port was not obtained and the frame had to be aborted and discarded. vseTxDiscard. Due to congestion of traffic from multiple ports and boards in the system, traffic received from the network port could not be queued to the backplane due to buffer availability. Received Collision Count, Received Runt Count. These counts may be considered normal on a shared segment (e.g., AUI and BNC connected Ethernet) where more than two stations exist. The first indicates that a frame which the port started to receive from a station was subjected to a collision from a third station. This is normal. Such collisions between third party stations may cause this port to see fragments of a frame which are discarded as runts. This too is normal on multiple station Ethernet segments. On point to point 10Base-T connections these events may be considered abnormal indicating a possible intermittent wiring problem (unless hubs which propagate fragments are in use.) These statistics do not indicate the loss of any frame but rather events associated with the attempts to finally successfully transfer the frame. Transmitted Defer Count, Transmitted Once Count, Transmitted More Count, and Transmitted Retry Count. These statistics are all related to collisions and deferral where this port is actively trying to transmit a frame. The CSMA part of CSMA/CD, the protocol of Ethernet, requires that a station which wishes to transmit first listens to the media to see if a transmission is already in progress. If it is, then the station must defer transmission until the media is quiet. The Defer count is the number of times this happens and is normal. A high defer count, relative to total numbers of frames transmitted by the port, can be indicative of a busy segment. If a transmission is not in progress the station may begin to transmit. Due to propagation delays it is possible for a station to suffer a collision from another station trying to transmit, even though both listened for quiet media. When this occurs, both stations “back off” for a random time before attempting transmission again. In theory, subsequent collisions may occur on these retries. Once, More, and Retry indicate whether this is occurring. If a collision occurs but succeeds on the retry, the Once counter is incremented, i.e., we collided once. If more than one retry is required, the More count is incremented. If up to 16 retries are attempted and all collide, then the frame is dropped and the Retry count is incremented. Again, Once, More, and Retry are normal events on CSMA/CD media but high numbers, relative to total transmitted frames, are again indicative of a very busy segment whose throughput could be increased by further segmentation. Received Error Discard. A frame was received with an FCS and/or alignment error. A high count here, relative to total received frames, is indicative of a noisy media subject to errors. Loss Carrier Count. This is a count of transmitted frames which are lost due to a loss of carrier. This is indicative of poor quality/noisy wiring or adapter cards. Page 18-33 The Switch Menu Received Late Collision, Transmitted Late Collisions. A late collision is a collision which occurs in a frame when more than 64 bytes have been received/transmitted. On a correctly configured network, which doesn't exceed physical limits of size, impedance, station spacing, etc., stations should always collide within 64 bytes due to propagation times. Late collisions indicate that the network is violating such restrictions or some stations are having a problem which prevents them correctly implementing the CSMA/CD protocol. For example, a station with a faulty receiver can not “hear” transmissions in progress and so may fail to defer its transmissions causing late collisions to be seen by other stations. Received Jabbers, Received Over Size. The maximum frame size on Ethernet is 1518 bytes. Frames longer than this are illegal.When such a frame has a valid FCS it is counted as oversize. If it has an FCS error then it is counted as a Jabber. The former is indicative of a device with improper software, the latter of a device with some hardware fault on its transmitter. In both cases the faulty station causes other devices, such as this port, to see these errors. Drop Event Count. When a frame is dropped, for example, frame reception is aborted because of lack of buffers, there may be only one or there may be many frames so affected. In either case there is a single occurrence of an “event” during which frames were lost. This is what this statistic counts. This statistic is used in RMON as follows. For example, at network start up there may be a huge amount of flooded traffic leading to much lost traffic. When a network administrator subsequently looks at the statistics they might see 2 million frames transmitted with 5000 frames lost. At that point they have no clue as to when and why those 5000 frames were lost. If drop event is 5000 it may indicate an intermittent problem where single frames are being lost. If drop event is 5 or 6 it might indicate a few events when large numbers of frames were lost such as in our example, the network restart. Received 1024 +, Received 512 +, Received 256 +, Received 128 +, Received 65 +, and Received 64. These count the number of frames in the indicated frame sizes: Received 64 counts 64 byte frames, Received 65+ counts frames between 65 and 127 inclusive, Received 128+ counts between 128 and 255, etc. These statistics are only applied to received frames. ♦ Note ♦ The Received 1024 +, Received 512 +, Received 256 +, Received 128 +, Received 65 +, and Received 64 fields will always display zero for Gigabit ports. Port Filtered. On shared media ports, Station A transmitting to Station B will be directly delivered. Therefore, the frame received by this port just needs to be dropped. This action is referred to as filtering and this counts the number of frames so filtered. Vlan Filtered. The Omni Switch/Router restricts traffic above the normal Level 2 filtering by applying VLAN rules. Frames which are dropped because of VLAN rules are counted here. Mtu Exceeded. Page 18-34 This statistic is not currently supported and is always zero. The Switch Menu Displaying Token Ring Switch Statistics In Release 3.4 and later, you can display statistics for the new generation of Token Ring modules known as “Bigfoot” (e.g., TSM-CD-16W, TSX-CD-16W, and TSX-C-32W). For example, if you want to display the switch statistics for a Token Ring port on Port 1 on Slot 4, enter: swch 4/1 at the system prompt. Press r and then press <Enter> at the prompt. Something like the following displays: n={e,s,2,3},quit,save,? (?) : r Token Ring Statistics for 4/16 Mbit Token Ring port 4/1/Brg/1 Rx MAC Good Bytes Rx Total Mac Packets Rx MAC Errored Bytes Rx Unicast Packets Rx Multicast Packets Rx Broadcast Packets Rx Buffer Discards Rx Error Discards Ring Purge Events Beacon Events Claim Token Events Internal Errors Burst Errors Abort Errors Congestion Errors Frequency Errors Soft Errors Internal Errors Received 18_63 byte Pkts Received 128_255 byte Pkts Received 512_1023 byte Pkts Received 2048_4097 byte Pkts Received 8K_18000 byte Pkts n={e,s,2,3},quit,save,? (r) : ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Rx LLC Good Bytes Rx Total LLC Packets Rx LLC Errored Bytes Tx Unicast Packets Tx Multicast Packets Tx Broadcast Packets Tx Buffer Discards Tx Error Discards Ring Purge Packets Beacon Packets Claim Token Packets Line Errors AC Errors LostFrame Errors Frame Copied Errors Token Errors Ring Poll Events NAUN Changes Received 64_127 byte Pkts Received 256_511 byte Pkts Received 1024_2047 byte Pkts Received 4096_8191 byte Pkts Received 18000+ byte Pkts 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Note that the default option is now r. If you press <Enter>, the switch statistics will be redisplayed. The fields displayed by the r option of the swch command for Token Ring are described below. The first group of statistics are the numbers of bytes transmitted and received. These are useful in working out bandwidth usage by the port. Bad octets are important to count in the total octets count as they consume bandwidth at the expense of useful traffic. To ignore them would lead to mysterious loss of bandwidth in any calculations performed. Rx MAC Good Bytes. The total number of bytes received in good Media Access Control (MAC) packets. (MAC packets are used for management of the Token Ring network.) Rx LLC Good Bytes. The total number of bytes received in good Logical Link Control (LLC) packets. (LLC packets are used to transfer data.) Rx Total MAC Packets. Rx Total LLC Packets. The total number of bytes received in MAC packets. The total number of bytes received in LLC packets. Rx MAC Errored Bytes. The total number of bytes received in bad MAC packets. Page 18-35 The Switch Menu Rx LLC Errored Octets. The total number of bytes received in bad LLC packets. The next group of statistics are the types of packets being transmitted and received. Rx Unicast Packets. The number of packets received on this port whose destination address is a unicast format. Tx Unicast Packets. The number of packets transmitted on this port whose destination address is a unicast format. Rx Multicast Packets. The number of packets received on this port whose destination address is a multicast format. Tx Multicast Packets. The number of packets transmitted on this port whose destination address is a multicast format. Rx Broadcast Packets. The number of packets received on this port whose destination address is the broadcast address. Tx Broadcast Packets. The number of packets transmitted on this port whose destination address is the broadcast address. Note that these statistics merely indicate the format of the destination address of packets transmitted/received on this port, not that the addressed device and/or devices necessarily reside on that port. For example, unknown unicast addressed packets are flooded to many ports. The next group of statistics are the buffer resource related statistics. The NI board receives packets from the backplane to be transmitted to the network ports and receives packets from the network ports to be transmitted to the backplane. It requires buffers to store these packets in while being transferred across the board in this manner. Under heavy and congested traffic a shortage of buffers or lack of timely access to these buffers may occur. These statistics count these events which are more indicative of the amount of traffic on the board as opposed to this particular port. Rx Buffer Discards. Due to congestion of traffic from multiple ports on the board, timely access to buffers was not available to receive a frame from the network port and the frame was discarded. Tx Buffer Discards. Due to a shortage of buffers and/or congestion on the network port, packets received from the backplane destined to this port were dropped. The next group are also indicative of network segment health but are indicative of ill health and indicate events where a frame is lost. Rx Error Discards. The total number of errored packets (bad CRC, code violations, invalid frame length, etc.) received by this port that were discarded. Tx Error Discards. The total number of errored packets exceeding the maximum frame length (MTU exceeded, FIFO uderruns, etc.) by this port that were discarded. The next group describe events that can occur when stations are inserted or removed from a ring. Ring Purge Events. The total number of times this port enters the ring purge state from the normal ring state. Ring Purge Packets. Beacon Events. The total number of beacon packets received and transmitted by this port. Beacon Packets. The number of beacon MAC packets detected by this port. Claim Token Events. Page 18-36 The total number of times that this port enters a beaconing state. The total number of times that this port enters the claim token state from The Switch Menu the normal ring state or ring purge state to elect a new active monitor. Claim Token Packets. The total number of claim packets transmitted by this port. The next group describe error statistics for token, MAC, and LLC packets. Internal Errors. The total number of times this port detects a recoverable internal error. Line Errors. The total number of errors caused by problems with the physical links (code violations, Frame Check Sequence (FCS) errors inside a frame). Burst Errors. The total number errors when this port detects the absence of transmissions for five (5) half-bit timers (burst-five errors). AC Errors. The total number of token packets with an invalid Access Control (AC) byte. Abort Errors. The total number of times that this port detects an abort delimiter while transmitting a packet. LostFrame Errors. The total number of packets that failed to reach their destination after the token ring rotation timer has expired. Congestion Errors. The total number of packets lost due to the fact that no buffer was available at the destination station. Frame Copied Errors. The total number of times that a frame has been incorrectly copied by another station on the ring or copied by a station with a duplicate address. Frequency Errors. The total number of timing errors frames detected by this port that did not contain a proper ring-clock frequency. Token Errors. The total number of times this port detects that a new token was generated by the Active Monitor on the ring due to a lost token. Soft Errors. The total number of recoverable errors detected by this port. The next group describe statistics for changes in ring topology. Ring Poll Events. The total number of times that this port has learned its upstream neighbor’s address and has broadcasted the inserting adapter’s address to the port’s downstream neighbor. Internal Errors. The total number of insertion failures. NAUN Changes. The number of times that the Nearest Active Upstream Neighbor (NAUN) for this port has changed. The next set of statistics display information on network traffic. These statistics are only applied to received packets. Received 18_63 byte Pkts. The total number of packets received on this port that were at least 18 bytes (octets) long and less than or equal to 63 bytes long. Received 64_127 byte Pkts. The total number of packets received on this port that were at least 64 bytes (octets) long and less than or equal to 127 bytes long. Received 128_255 byte Pkts. The total number of packets received on this port that were at least 128 bytes (octets) long and less than or equal to 255 bytes long. Page 18-37 The Switch Menu Received 256_511 byte Pkts. The total number of packets received on this port that were at least 256 bytes (octets) long and less than or equal to 511 bytes long. Received 512_1023 byte Pkts. The total number of packets received on this port that were at least 512 bytes (octets) long and less than or equal to 1023 bytes long. Received 1024_2047 byte Pkts. The total number of packets received on this port that were at least 1024 bytes (octets) long and less than or equal to 2047 bytes long. Received 2048_4097 byte Pkts. The total number of packets received on this port that were at least 2048 bytes (octets) long and less than or equal to 4095 bytes long. [check] Received 4096_8191 byte Pkts. The total number of packets received on this port that were at least 4096 bytes (octets) long and less than or equal to 8191 bytes long. Received 8k_18000 byte Pkts. The total number of packets received on this port that were at least 8192 bytes (octets) long and less than or equal to 18,000 bytes long. Received 18000+ byte Pkts. than 18,000 bytes long. Page 18-38 The total number of packets received on this port that were more The Switch Menu Any to Any MAC Translations The swchmac command allows you to view the current frame translation settings for a given MAC address. Follow these steps: 1. Enter swchmac and the following prompt displays: Enter MAC address ([XXYYZZ:AABBCC] or return for none : 2. Enter the MAC for which you want to view translations. The following prompt displays: Is this MAC in Canonical or Non-Canonical (C or N) [C] : 3. Enter if the MAC address you entered is expressed in canonical (C) or non-canonical format. The default is canonical. A screen similar to the following displays: Port Translations for Ethernet port 3/4/brg/1 Translation Options: IP Ethertype IP IEEE 802 SNAP -> Ethertype -> Ethertype IPX ETHERNET_II IPX ETHERNET_802.3 IPX ETHERNET_802.2/FDDI/TOKEN_RING IPX ETHERNET_SNAP/FDDI_SNAP/TOKEN-RING_SNAP -> 802.3 -> 802.3 -> 802.3 -> 802.3 Proprietary Token Ring IPX Switching -> Off The screen shows how each incoming frame type is translated. The frame type in the left column indicates the incoming frame type, and the frame type in the right column (after the ->) indicates the outgoing frame translation. Page 18-39 The Switch Menu Default Autoencapsulation Autoencapsulation is a technique employed by AutoTracker software to learn the protocol and encapsulation type used by a source MAC address and automatically translate frames bound to that MAC address to the appropriate encapsulation type. Normally all devices attached to a switch port receive frames translated according to the translation options defined for that port. However, some devices attached to the same port may require different frame formats. For example, one workstation may support IPX 802.3 frames and another may support IPX SNAP frames. The switch port may be configured to translate incoming IPX 802.3 frames to LLC frames, which would not satisfy either of the workstations. If autoencapsulation is on, then the switch would translate frames for the first workstation to IPX 802.3 and frames for the second workstation to IPX SNAP. The translation setting for the port is overridden for those ports that require a special translation. Autoencapsulation operates only on learned unicast frames. It does not work for broadcast, multicast, or unlearned unicast frames. For this reason it is recommended only for ports attached to client devices. It is not recommended for ports attached to servers due to high volume of broadcast traffic on such a connection. In addition, autoencapsulation is not supported for Banyan Vines frames. It operates only on IP and IPX frames. To turn on autoencapsulation type the following at the prompt: autoencaps on To turn off autoencapsulation type the following at the prompt: autoencaps off Page 18-40 Translational Bridging Translational Bridging Translational Bridging enables internetworking between FDDI, Ethernet, and Token Ring LANs. There is no standard which encompasses this. The Omni Switch/Router’s features focus on bridging of frames between media and translating the MAC and LLC headers into the appropriate “native” frame formats. This provides media-independent internetworking. Learning For VLAN trunk frames, the switch will learn the source MAC address of the encapsulated frame and associate this with the source MAC address of the originating switch. When a frame arrives, the switch checks to see if the frame has been learned. If so, then the frame will be encapsulated and sent directly to the destination switch. If not, then the switch will learn the association of VLAN, trunk service, virtual port, source, and destination MACs. If the switch has no ports in the VLAN associated with the frame’s destination, the frame is dropped. Translations across Trunks The Omni Switch/Router sends frames onto the trunk in the same format as the original LAN type. Any required translation is done at the destination switch. Page 18-41 Dissimilar LAN Switching Capabilities Dissimilar LAN Switching Capabilities Switching traffic between like media requires no changes to the frame, whereas switching traffic between unlike media requires some level of change to the frame. To fully explain the various changes possible we need to define the portion of the frame where changes could occur. Media Specific fields and MAC address fields are different for Token Ring, FDDI, and Ethernet. For Token Ring and FDDI, the switch generates MAC addresses in non-canonical format, where Ethernet generates MAC addresses in canonical format. The Omni Switch/Router will perform media translations which means the media specific, source MAC and destination MAC will be changed for each frame which changes media. The source routing field is optional, and use of this field is driven by endstations who wish to communicate using source routing. The Omni Switch/Router participates in source routing on FDDI and Token Ring interfaces when it is configured as a Source Route Bridge. The Omni Switch/Router will also forward source route frames transparently while performing standard switching of frames on Token Ring and FDDI interfaces as well as when using the virtual ring feature. The encapsulation type field can be a number of different encapsulations, which really includes the Media Specific fields, source MAC address, and destination MAC address. The choices are Ethernet II, IEEE 802.2 (LLC), SNAP, and Novell 802.3 or FDDI proprietary formats. There are configuration options for Ethernet, FDDI, and Token Ring interfaces. The encapsulation type field may or may not be changed. This decision is made based on the incoming encapsulation type, the user configuration, and the topology that frame is traveling. The data field is the remainder of the frame which is application dependent. This data field is not changed for switched traffic. Each frame is followed by a CRC. Below are some examples when translation can occur. Switching Between Similar LANs Translations are not performed for switched traffic between similar LANs within one Omni Switch/Router. For example in the diagram below, if Station A on an Ethernet segment wants to talk to Station B on another Ethernet segment, the switched frames are not changed. This is true for any two media where the originating media and the destination media are of the same type (i.e. Ethernet, FDDI, Token Ring). Ethernet Ethernet Station A Station B Similar LANs Page 18-42 Dissimilar LAN Switching Capabilities Switching Between Ethernet LANs Across a Trunked Backbone Frames that are switched between like media across a Trunked backbone will only be translated at the egress port of the egress Omni Switch/Router. For example in the figure below, frames switched from Station A to Station B will be translated at point 4, where point 4 is the egress port of Switch 2. Frames switched from Station B to Station A will be translated only at point 1, where point 1 is the egress port of Switch 1. This is true if the originating media and destination media are Ethernet. It is not true if the originating media and destination media are either Token Ring or FDDI. Switch 2 Switch 1 Trunked Backbone (ATM or FDDI) 2 3 1 4 Ethernet Ethernet Station A Station B Ethernet LANs Across a Trunked Backbone Page 18-43 Dissimilar LAN Switching Capabilities Switching Between Similar LANs across a Native Backbone Switched traffic between similar LANs across a non-trunked or native backbone will have translations performed at each egress point. In the figure below, for traffic originating from Station A destined to Station B, point 1 represents the ingress (input) port of Switch 1. Likewise, point 2 represents the egress (output) port of Switch 1, point 3 represents the ingress (input) port of Switch 2 and the point 4 represents the egress (output) port of Switch 2. Translations will occur at each egress port. For traffic from Station A to Station B, output translations will occur at points 2 and 4. For traffic from Station B to Station A, output translations will occur at points 3, and 1. Switch 1 Switch 2 FDDI Native Backbone 2 3 1 4 Ethernet Ethernet Station A Station B Similar LANs Across a Native Backbone In the above example, the backbone could be of any media type other than Ethernet. If all three media types were Ethernet, then no translations would occur, because the traffic is being switched from like media to like media. Page 18-44 Dissimilar LAN Switching Capabilities The following table shows interoperability between dissimilar LANs with two switches where the client and server are resident on like media types and the connection is switched over various LAN backbone types. This table is representative of the IP and IPX protocol only. Backbone Token Ring FDDI Ethernet ATM Token Ring to Token Ring No Yes Yes No FDDI to FDDI Yes No Yes No Ethernet to Ethernet Yes Yes No No Dissimilar LANs Page 18-45 Dissimilar LAN Switching Capabilities Page 18-46 19 Managing Groups and Ports In a traditional hub-based network, a broadcast domain is confined to a single network interface, such as Ethernet, or even a specific physical location, such as a department or building floor. In a switch-based network, such as one comprised on Omni Switch/Routers, (OmniS/Rs) a broadcast domain—or Group— can span multiple physical switches and can include ports using multiple network interfaces. For example, a single OmniS/R Group could span three different switches located in different buildings and include Ethernet and WAN physical ports. An unconfigured Omni Switch/Router contains one Group, or broadcast domain. It also contains one default Virtual Network, or VLAN, referred to as “default VLAN #1”. The default Group, Group #1, and its default VLAN contain all physical ports in the switch. When a switching module is added to the switch all of these additional physical ports are also assigned to Group #1, VLAN #1. You can create Groups in addition to this default Group. When you add a new Group, you give it a name and number, optionally configure a virtual router port for its default VLAN, and then add switch ports to it. The switch ports you add to a new Group are moved from the default Group #1 to this new Group. (For more information on how ports are assigned to Groups, see How Ports Are Assigned to Groups on page 19-2.) Up to 500 Groups can be configured on each OmniS/R. An entire OmniS/R network can contain up to 65,535 Groups. Each Group is treated as a separate entity. There are three main types of Groups: 1. Mobile Groups. These groups allow ports to be dynamically assigned to the Group based on AutoTracker polices. In contrast to non-mobile Groups, AutoTracker rules are assigned directly to a mobile Group. No AutoTracker VLANs are contained within a mobile Group. (However, mobile groups do contain a default VLAN 1 to which AutoTracker policies are assigned; policies assigned to this default VLAN apply to the entire mobile group.) Any AutoTracker policy may be used as criteria for membership in a mobile Group. Mobile groups are described in more detail in Mobile Groups on page 19-5. 2. Mobile Groups based on authentication. Authenticated Groups are a special form of mobile Group. These Groups include devices that are dynamically assigned based on an authentication criteria. Typically the user will have to log in with a valid password before being included in an authenticated mobile Group. Group membership is based on users proving their identity rather than the physical location of user devices. Authenticated Groups are described in more detail in the Switch Network Services User Manual. 3. Non-mobile Groups. These Groups are the original Group type used in previous releases. They contain statically assigned ports and may contain AutoTracker or Multicast VLANs. These VLANs within a non-mobile Group use AutoTracker policies to filter traffic. AutoTracker rules are not assigned to non-mobile Groups, they are assigned to the VLANs within the Group. Non-mobile groups are described in more detail in Non-Mobile Groups and AutoTracker VLANs on page 19-15. All three types of Groups may co-exist on the same switch. However, a switch port cannot belong to a non-mobile group and a mobile group. Page 19-1 How Ports Are Assigned to Groups How Ports Are Assigned to Groups There are two methods for assigning physical OmniS/R ports to a Group. One method is static and requires manual configuration by the network administrator; the other method is dynamic and requires only the configuration of AutoTracker rules for port assignment to occur. The two methods are described in this section. Static Port Assignment In the static method, the network administrator manually assigns a port to a Group through the crgp and addvp commands. The static method can be restrictive because it limits the mobility of users in a multi-Group network. Users can only move within their assigned Group. In addition, customized access for individual users is limited by this method. You can use the static method of port assignment with mobile and non-mobile groups. Static port assignment can be combined with dynamic port assignment for mobile groups, while static port assignment is the only method for assigning ports to non-mobile groups. Dynamic Port Assignment (Group Mobility) The dynamic method is available with the Group Mobility feature. Initially each port is part of the default Group #1 (only ports in the default Group and ports in mobile Groups are candidates for dynamic port assignment). Based on the nature of traffic and configured AutoTracker policies, ports are dynamically assigned to the appropriate Group. For example, if a device attached to a port transmits traffic from the 140.0.0.0 subnet, AutoTracker will check to see if a policy exists for this IP address. If it does, then it will move the port from the default Group to the first Group using this policy. If this device detaches from the network the port will be re-assigned to a Group without intervention by the network administrator. A port can belong to multiple mobile groups (up to 16) as long as devices attached to that port match policies of these mobile groups. However, an individual device, or MAC address, can only belong to one mobile group per protocol. The dynamic method of port-to-Group assignment still requires the creation of Groups through the crgp command. The criteria for the dynamic assignment of ports to a Group are determined by AutoTracker policies that you can configure during the crgp procedure. Only Ethernet ports can be dynamically assigned to Groups. If more than one Group has the same type of rule, then ports matching that policy will be assigned to the first Group matching the policy. For example, if a device matched policies in both Groups 2 and 5, the port would be assigned to Group 2. To make the most out of Group Mobility it is best not to duplicate policies among Groups. Configuring Dynamic Port Assignment You can enable dynamic port assignment while creating a group through the crgp command. During the crgp procedure, you will be prompted Enable Group Mobility on the Group ? [y/n] (n): Answer Yes to this question to give this Group the capability of having ports and devices dynamically added to the Group. Port and devices will be dynamically assigned based on AutoTracker rules you define. Service Ports and Group Mobility These ports may be automatically added to the mobile group during the crgp procedure or through the cats command. Page 19-2 How Ports Are Assigned to Groups How Dynamic Port Assignment Works Initially each port is assigned to the default Group. In this example, all three ports have workstations that belong to three different IP subnets (130.0.0.0, 138.0.0.0, and 140.0.0.0). All three ports start out in the default Group. Group Mobility examines traffic coming from OmniS/R ports. Three mobile groups are defined on the switch and each uses a different IP policy. Traffic that matches IP policies for a Group will trigger the movement of the port to the matching Group. OmniS/R 12345678 123456 Group 2 IP Network 130.0.0.0 Group 4 IP Network 140.0.0.0 Group 1 Default Group Group 3 IP Network 138.0.0.0 Port 1 130.0.0.1 Port 2 138.0.0.5 Port 3 140.0.0.3 Initial Configuration: All Ports in Default Group As soon as the workstations start transmitting traffic, Group Mobility checks the source subnet of the frames and looks for a match with any configured IP policies. If a match is found—and in this example all three ports can be matched with a corresponding Group—the port is moved to the matching Group. Devices matching a policy trigger the assignment of a port to a mobile group. Therefore, the device is moved to the mobile group at the same time as the port to which it is attached. If more than one device comes in on a port, then that port can belong to more than one mobile group. Similarly, if a device transmits more than one protocol—such as IP and IPX—then the port to which it is attached can belong to more than one mobile group. Page 19-3 How Ports Are Assigned to Groups As the illustration below shows, the three ports are each moved from the default Group to a Group with a policy that matches the subnet address of the workstation attached to the port. AutoTracker IP address policies have been set up in Groups 2, 3, and 4. The ports are moved to the Group with policies matching the subnet of the workstation. OmniS/R 12345678 123456 Group 2 IP Network 130.0.0.0 Group 4 IP Network 140.0.0.0 Group 1 Default Group Group 3 IP Network 138.0.0.0 Port 1 130.0.0.1 Port 2 138.0.0.1 Port 3 140.0.0.1 Ports Move to Groups With Matching Policies Page 19-4 Mobile Groups Mobile Groups Switch ports can be dynamically assigned to mobile groups through AutoTracker policies. Support for dynamic port assignment is one of the main differences between mobile groups and non-mobile groups. AutoTracker rules are assigned directly to a mobile group. In contrast, AutoTracker rules are assigned to the VLANs within a non-mobile group. No AutoTracker VLANs are contained within a mobile Group, and each mobile group constitutes a single spanning tree. A switch port can belong to multiple mobile groups, whereas a switch port can belong to only one non-mobile group. However, a port can not belong to a mobile and a non-mobile group at the same time. Ports can be assigned to mobile groups either statically or dynamically. A port is statically assigned to a mobile group when one of the following occurs: • Port by default assigned to default group 1 • Port assigned to a group through crgp or addvp commands Although switch ports can belong to multiple mobile groups, it is not possible to assign a port to two different groups using the addvp command. However, a switch port could be assigned to one mobile group via the addvp command and then gain membership to another mobile group by matching the policy criteria for that group. A switch port is dynamically assigned to a mobile group after one of its attached devices matches an AutoTracker policy for that mobile group. An overview of how ports and devices are dynamically assigned to mobile Groups can be found in How Ports Are Assigned to Groups on page 19-2. Authenticated Groups Mobile groups provide the added flexibility of user-authentication policies. Using Authentication Management Console (AMC) software, you can configure mobile groups to use log-in procedures as a means of assigning group membership. Mobile groups that use authentication are a special group type called an Authenticated Group. Authenticated Groups are described in more detail in the Switch Network Services User Manual. Configuring Mobile Groups You configure mobile Groups through the crgp command. During the crgp procedure you will receive a prompt asking if you want to create a mobile Group Enable Group Mobility on this Group ? [y/n] (n): You must answer Yes to this prompt to set up a mobile group. After this question, you will be asked to configure virtual ports and AutoTracker policies for the Group. Documentation for the full crgp procedure can be found in Creating a New Group on page 19-18. Page 19-5 Mobile Groups Turning Group Mobility On or Off The gmstat command turns group mobility on or off for a Group that you specify. Essentially, you can change a non-mobile group into a mobile group and a mobile group back into a non-mobile group through gmstat. The group you specify must previously have been created through the crgp command. Use the following syntax for the gmstat command: gmstat <group number> For example, if you wanted to change the group mobility status of group 2, you would enter: gmstat 2 Mobile Group to Non-Mobile Group If this group is already a mobile group, the following would display: Group Mobility is ON for Group 2 Change Group Mobility Status for Group 2 to OFF ? [y/n] (y): If you wanted to change this mobile group back to a non-mobile group, you would press <enter> and the group would lose its mobile status. All AutoTracker policies you set up for the Group would no longer be valid. If you decided not to turn off group mobility, enter n and the following prompt displays: Group Mobility Status unchanged Non-Mobile Group to Mobile Group If this group is currently a non-mobile group, the following would display: Group Mobility is OFF for Group 8 Change Group Mobility Status for Group 8 to ON ? [y/n] (y): If you wanted to turn on Group Mobility, you would press <enter> and would then be asked if you want to configure AutoTracker policies. If you answer yes, then the AutoTracker policies menu would display as follows: Select rule type: 1. Port Rule 2. MAC Address Rule 21) MAC Address Range Rule 3. Protocol Rule 4. Network Address Rule 5. User Defined Rule 6. Binding Rule 7. DHCP PORT Rule 8. DHCP MAC Rule 81) DHCP MAC Range Rule Enter rule type (1): You define policies for a mobile Group. Non-mobile groups do not require policies. However, mobile Groups use policies to define membership. Instructions for specifying AutoTracker policies may be found in Chapter 22. ♦ Note ♦ As of the current release, the MAC Address Range Rule and DHCP MAC Range are not supported for AutoTracker VLANs Page 19-6 Mobile Groups If you decided not to turn group mobility on, you would enter n at the group mobility prompt and the following message would display: Group Mobility Status unchanged Understanding Port Membership in Mobile Groups Switch ports can belong to multiple mobile groups. A port becomes a member of a mobile group as long as one of its attached devices matches the policy criteria for that group. However, the movement of ports between groups and the status of port membership in groups can be affected by more than just whether or not devices match policy criteria. Group mobility uses three variables that can affect a port’s default group and whether or not a port ages out of a group. These variables are as follows: def_group, move_from_def, and move_to_def. The def_group and move_to_def variables can be configured through the gmcfg command, which is described on page 19-12. The move_from_def variable is enabled by default, but can be disabled by entering a statement in the mpx.cmd file. The effects of these three variables are described through diagrams on the following pages. From the perspective of a device or switch port, there are three types of mobile group— default, primary, and secondary. Keep in mind that definitions of these three types are relative and can change for each port and device depending on the settings of the group mobility variables and traffic patterns of devices. Default Group The default group is the group a port or device is statically assigned to by “default.” Typically, a port’s default group will be Group 1. A port can also be statically assigned to its default group through the crgp or addvp commands. A port or device does not have to match a policy to gain membership into its default group. The default group for a port or device is stored in memory; it can only be manually changed through the addvp or crgp commands. Depending on the settings of other group mobility variables a device or port can age out of other mobile groups but still remain a member of its default group. Primary Group The primary group is the group upon which Spanning Tree operations converge. The primary group is similar to the default group. There are two main differences between a primary and a default group. 1. A primary group only contains devices that have matched one of its AutoTracker policies. In contrast, switch ports may end up in a default group without matching any policy. 2. It is possible for the primary group of a port or device to change through learning or aging. For example, if the move_from_def variable is enabled and a device matches the policies of a mobile group other than its default group, then this new mobile group becomes the primary group for the device and the port to which the device is attached (see diagram on page 19-10). In this case the default group and primary group will be different. If the move_from_def is disabled, the port always remains in the default group (which can now also be the primary group). In addition a port can age out of its primary group if the move_to_def variable is enabled (see diagram on page 19-11). A port cannot age out of its default group. Page 19-7 Mobile Groups Secondary Group Switch ports and devices may become members of multiple mobile groups. A switch port starts in its default group, which initially is also its primary group. The primary group may change if the move_from_def variable is enabled. Any subsequent mobile groups to which a port gains membership beyond the primary group are “secondary” mobile groups. A port can age out of these secondary groups if the move_to_def variable is enabled (see diagram on page 19-11). Page 19-8 Mobile Groups How a Device Is Dropped from the Default Mobile Group (def_group) Default Group 1 Group 3 Device sends traffic that is forwarded to the MPX for processing. If the traffic matches the policies of an existing mobile group, then it will become a member of that group. If the device does not match the policies of any mobile group, then the def_group variable determines whether that device becomes a member of the default group. If def_group is enabled.... If def_group is disabled.... Default Group 1 Default Mobile Group 1 Group 3 The device that does not match any policies becomes a member of the default group. Secondary Mobile Group 3 All traffic from the device that does not match any policies is dropped. The device is not a member of any mobile group, including the default mobile group. Why enable def_group? Why disable move_from_def? • Ensure that all network devices will be a member of at least one mobile group. • Reduces traffic to and from devices that do not satisfy any network policies. Page 19-9 Mobile Groups How a Port’s Primary Mobile Group Changes (move_from_def) Default/Primary Mobile Group 1 Port assigned to default group 1 or another group through crgp or addvp. If move_from_def is enabled.... Default/Pri Mobile Group 1 Default Group 1 Primary Group 3 Device on port matches policy in another mobile group (3). Group 3 becomes primary group. Helpful Hints: • Reduces broadcasts to the default group. • Best used when only one device is attached to each port. Page 19-10 If move_from_def is disabled.... Secondary Mobile Group 3 Device on port matches policy in another mobile group (3). Group 1 remains primary group. Group 3 is now a “secondary” group for this port. Why disable move_from_def? • When multiple devices are attached to the switch port, the port must support multiple traffic in the default group as well as traffic in the secondary mobile groups. Mobile Groups How a Port Ages Out of a Mobile Group (move_to_def) Default Mobile Group Primary Group 2 Default Mobile Group Secondary Group 3 Port becomes a member of other mobile groups when it matches their policies. These groups may be primary or secondary groups. Port assigned to default group. If move_to_def is enabled.... Default Mobile Group If move_to_def is disabled.... Default Mobile Group Primary Group 2 Secondary Group 3 Port will be removed from other groups when attached devices age out of filtering database. Primary Group 2 Secondary Group 3 Port remains a member of all mobile groups with which it has satisfied a policy criteria even if its devices age out of the filtering database. Why enable move_to_def? Why disable move_to_def? • Security. Mobile groups only contain devices and ports that have recently matched policy criteria. • Switch ports retain group membership even when idle for some time. May be appropriate for silent devices, such as printers. If the port is in “optimized mode,” then the MAC does not age out and the port would stay in the mobile group even if move_to_def is enabled. Page 19-11 Mobile Groups Configuring Switch-Wide Group Mobility Variables There are several switch-wide group mobility variables that you can configure through the gmcfg command. These variables control the status of group mobility on all groups in a switch as well as the use of the default group. These variables are illustrated through diagrams on pages 19-9 to 19-11. Follow these steps to use the gmcfg command: 1. Enter gmcfg. You do not need to specify a group number as this command applies to all mobile groups in this switch. 2. The following prompt displays: Group Mobility is Enabled. Disable Group Mobility ? [yes/no] (no) : This prompt controls the status of group mobility in this switch. If you disable group mobility here then mobile groups will not be supported in this switch even if they are configured through the crgp command. Default Group 1. When group mobility is enabled, default group 1 in the switch will be treated as a mobile group and you will not be able to create AutoTracker VLANs within this group. When group mobility is disabled, default Group 1 in the switch will be treated as a non-mobile group in which AutoTracker VLANs could be created. The default is to turn Group Mobility off. If you want to enable group mobility, then you need to indicate that choice at this prompt. The prompt will always show the current status of Group Mobility and then ask if you want to change that status. If you want to change the current status, then enter a y at this prompt and press <enter>. To keep the current status, simply press <enter>. 3. The following prompt displays: move_to_def is set to Disabled. Set to Enable ? [yes/no] (no) : The move_to_def variable determines what happens to a port once the devices on that port age out of the filtering database. By default this variable is Disabled, which means that a port will remain a member of a mobile group as long as its attached device satisfied the criteria for membership in that mobile group at one point. If devices on a port stop transmitting, the port will still retain all its mobile group memberships. If the move_to_def variable is Enabled, then a port will lose its membership in a mobile group if its devices age out of the filtering database for that mobile group (i.e., they stop transmitting traffic that satisfies the criteria for membership in the mobile group). Once a port loses membership in all criteria-based mobile groups, it will return to its default group. The effect of this variable is illustrated on page 19-11. By default, the move_to_def variable is Disabled. If you want to enable it (ports lose mobile group membership when they age out), then you need to indicate that choice at this prompt. The prompt will always show the current status of move_to_def and then ask if you want to change that status. If you want to change the current status, then enter a y at this prompt and press <enter>. To keep the current status, simply press <enter>. 4. The following prompt displays: def_group is set to Enable. Set to Disable ? [yes/no] (no) : The def_group variable determines what happens to devices that do not match any mobile group policies. If def_group is Enabled (the default), then devices that do not match any mobile group policies will be part of the default group for that port. If the def_group variable is Disabled, then devices that do not match any mobile group policies will be dropped from their default group and will not be part of any mobile group. Page 19-12 Mobile Groups By default the def_group variable is Enabled. If you want to disable it (devices that do not meet criteria for mobile group membership will not be part of any mobile group), then you need to indicate that choice at this prompt. The prompt will always show the current status of def_group and then ask if you want to change that status. If you want to change the current status, then enter a y at this prompt and press <enter>. To keep the current status, simply press <enter>. The move_from_def Variable The move_from_def variable controls whether or not a port’s primary group can differ from the port’s default mobile group. This variable is enabled by default, but can be changed to disabled in the mpx.cmd file. The original default group for a port is group 1 or the group to which the port is assigned through the crgp or addvp commands. The primary group at this point is the same as the default group. However, if the move_from_def variable is enabled, the primary group can change as soon as a device on the port matches the policy criteria for another mobile group. For example, Port 5 may start out in Group 1, its default group. The primary group in this case will also be Group 1. If the move_from_def variable is enabled and Port 5 matches AutoTracker polices for mobile group 3, then the new primary group for Port 5 will be Group 3. All further Spanning Tree operations for the port will converge on group 3 rather than group 1. The effects of the move_from_def variable are further illustrated though diagrams on page 19-10. If you disable the move_from_def variable, then the primary group for a port will always match the default group regardless of the number of other mobile groups to which it gains membership. To disable the move_from_def variable, enter the following statement in the mpx.cmd file move_from_def=0 For this new setting to take place you need to reboot the switch. Page 19-13 Mobile Groups Viewing Ports in a Mobile Group The vpl command lists all the Groups in the switch currently configured as mobile Groups and the ports currently assigned to those Groups. Since ports are assigned to mobile groups dynamically, this display is helpful to find out which ports the switch already sees in each group. Ports will only display in this screen for secondary groups (i.e., not default or primary groups). Enter vpl and a screen similar to the following displays: ================================================ Group ID Physical Port Virtual Port ================================================ Group ID: 2 4/2 4/3 4/4 4/5 12 13 14 15 Group ID: 3 3/1 5/2 8 20 Group ID: 6 NULL Port List Group ID: 8 4/1 5/1 11 19 Group ID. The group number assigned to this mobile group during the crgp procedure. Physical Port. The physical switch ports that have been dynamically assigned to this group because they matched an AutoTracker policy. (Primary groups do not display in this screen. For a display of port-to-primary group mappings, use the vi command) If this column reads NULL Port List, then no physical ports have been assigned to the group yet. Virtual Port. The virtual ports that are part of this mobile group. For Ethernet switch ports, there is a one-to-one relationship between physical and virtual ports. Viewing a Port’s Mobile Group Affiliations The vigl command lists all the ports in the switch that have been assigned to mobile Groups. It is similar to the vpl command, but it lists ports first and then Groups. Since ports are assigned to mobile groups dynamically, this display is helpful to find out which ports the switch already sees in each group. Ports will only display in this screen for secondary groups (i.e., not default or primary groups). Enter vigl and a screen similar to the following displays: ================================================ Virtual Port Physical Port Group ID ================================================ 12 13 14 15 4/2 4/3 4/4 4/5 Group ID: 2 8 20 3/1 5/2 Group ID: 3 NULL Port List Group ID: 6 11 19 Physical Port Group ID Virtual Port. The virtual ports in this mobile group. For Ethernet switch ports, there is a one-toone relationship between physical and virtual ports. Physical Port. The physical switch ports that have been dynamically assigned to this secondary mobile group because they matched an AutoTracker policy. (Primary groups do not display in this screen. For a display of port-to-primary group mappings, use the vi command) If this column reads NULL Port List, then no physical ports have been assigned to the group yet. Group ID. Page 19-14 The group number assigned to this mobile group during the crgp procedure. Non-Mobile Groups and AutoTracker VLANs Non-Mobile Groups and AutoTracker VLANs Non-mobile Groups are comprised of physical entities—switch ports. Groups can span multiple switches, but they are still made up of physical ports that you can see and touch. But just as physically-based broadcast domains are limited, entirely port-based Groups can also be limiting. In a large, flat, switched network, broadcast traffic can overload the network. There needs to be a method for subdividing traffic even further. That’s where virtual networks, or VLANs, come into play. VLANs are created within a Group to subdivide network traffic based on specific criteria. The criteria you use to define a VLAN are called AutoTracker™ policies. AutoTracker policies can be defined by port, MAC address, protocol, network address, a user-defined policy, or a multicast policy. VLANs are described in more detail in Chapter 22, “Managing AutoTracker VLANs” and Chapter 23, “Multicast VLANs.” Routing in a Non-Mobile Group Communication within a Group containing only the default VLAN is switched; the ports are in the same broadcast domain and do not require routing to communicate. Communication between VLANs in the same Group or to VLANs in other Groups requires routing. That’s why all VLANs—including the default VLAN within each Group—may contain their own virtual router port. A virtual router port for each VLAN can be configured to support IP and/or IPX routing. If you do not configure a virtual router port for a VLAN, the devices in that VLAN will not be able to communicate with devices in other VLANs unless there is an external router between the VLANs. Each OmniS/R supports up to 32 virtual router ports. A single router port, using one MAC address, can support IP routing, IPX routing, or both types of routing. When you enable a router port for a default VLAN, you are actually creating a static route to that VLAN. Routing is covered in more detail in Chapters 25 and 27. ♦ Note ♦ For mobile, non-mobile groups and AutoTracker VLANs, the router port operational status is not active unless an active switch port is a member of the group or VLAN. Page 19-15 Non-Mobile Groups and AutoTracker VLANs Spanning Tree and Non-Mobile Groups Each Group uses one Spanning Tree for bridging. The OmniS/R supports both 802.1d and IBM Spanning Tree protocols. The Spanning Tree state for the port is Forwarding. Ports that are in Blocked state, or in another non-Forwarding state, will not receive frames from the router port. The figure below illustrates this concept. OmniS/R 12345678 123456 Virtual Router Group 2 Ports 1 and 2 VLAN 1 VLAN 2 (default VLAN #1) Port 1: Forwarding State Routed frames received because attached port is in Forwarding state. Port 2: Blocked State Routed frames not received because attached port is in Blocking state. Server Workstation Spanning Tree State and Routed Frames Page 19-16 Group and Port Software Commands Group and Port Software Commands Group and Virtual Port commands are part of the VLAN menu within the User Interface. Entering vlan at any prompt displays the following menu: Command VLAN Management Menu gp crgp modvl rmgp View the list of Groups currently defined Create a Group Modify a VLANs configuration/availability Remove a Group addqgp delqgp viqgp via vi vs ve Add 802.1q group/s to a port Delete 802.1q group/s from a port Display 802.1q groups on port/s View ports assigned to the selected Group View info on a specific virtual port View statistics on a virtual port attachment View errors on a virtual port attachment addvp modvp rmvp Add ports to a GROUP Modify existing VPORT configuration information Remove ports from a Group pmapcr pmapdel pmapmod pmapv br prty_mod prty_disp at Create a Port Map Delete a Port Map Modify a Port Map View Port Mapping Configuration Enter the Bridge Configuration/Parameter sub-menu Modify the priority of a group Display the priority of a group Enter the AutoTracker sub-menu Main Interface File Security Summary System VLAN Services Networking Help The VLAN menu commands are divided into four sets of commands. The first set, at the top of the menu beginning with gp, contains commands that create, modify, delete, and view Groups. The second set of commands, beginning with addqgp are obsolete and no longer control 802.1Q implementation. (See Chapter 16 for information on 802.1Q.) The third set, beginning with addvp, contains commands for adding, modifying, and deleting virtual ports. All of these commands are described in this chapter. The final set of commands at the bottom of the menu, br and at, are actually entry points to the Bridging and AutoTracker submenus, respectively. Commands for the Bridge Management (br) sub-menu are documented in Chapter 17, “Configuring Bridging Parameters.” Commands for the AutoTracker (at) sub-menu are documented in this chapter and in Chapter 22, “Managing AutoTracker VLANs” and Chapter 23, “Multicast VLANs.” Some commands in the at sub-menu apply to mobile groups and authenticated groups; those commands are described in this chapter. The pmapcr, pmapdel, pmapmod, and pmapv commands allow you to create port mapping configurations. The port mapping feature is documented in Port Mapping on page 19-66. The prty_mod and prty_disp commands allow you to modify and view the priority of a selected group. These commands are detailed in Priority VLANs on page 19-73. Page 19-17 Creating a New Group Creating a New Group There are several steps involved in creating a new Group. Note that some steps apply only to mobile groups. These steps are as follows: 1. Enter Basic Group Information, such as the Group number and type. This section starts on page 19-19. 2. Configure the Virtual Router Port (Optional). This section starts on page 19-21. 3. Enable/disable Group Mobility and User Authentication. This section starts on page 19-27. 4. Configure Virtual Ports. This section starts on page 19-28. 5. Configure AutoTracker policies (for mobile groups only). This section starts on page 1934. WAN Routing Groups follow a slightly different procedure for their creation. You will receive prompts during the procedure asking whether you want to create one of these special Groups. Page 19-18 Creating a New Group Step 1. Entering Basic Group Information a. Type crgp at any prompt. b. The following prompt displays: GROUP Number (5): By default the Group number you entered or the next available Group number is displayed in parentheses. Enter the Group number or accept the number shown in parentheses. Each Group must have a unique number, which may range from 2 to 65,535. (Group 1 is the default switch Group. It does not need to be created and it cannot be deleted.) Press <Enter> after entering the Group number. c. The following prompt displays: Description (no quotes) : Enter a descriptive name for the new Group. Group names can consist of up to 30 alphanumeric characters. Press <Enter> after entering the Group name. d. The following prompt displays: Enable WAN Routing? (n): If you want to perform WAN Routing through this Group you must enter a y at this prompt. If you do not need to support WAN Routing, then answer n at this prompt and continue with Step e. ♦ Note ♦ You do not need to create a special WAN Routing Group to bridge or trunk traffic over a WAN connection. If you are just Bridging or Trunking on WAN, answer n to this prompt and continue with Step e. A WAN Routing Group is different from other Groups; it must contain only WAN ports. In addition, the virtual router and virtual ports are configured differently. Please skip ahead to Creating a WAN Routing Group on page 19-35 to continue setting up this WAN Routing Group. e. The following prompt displays: Enable ATM CIP? (n): Answer n at this prompt and skip ahead to Step 2. Configuring the Virtual Router Port (Optional) on page 19-21. ♦ Note ♦ ATM is not supported in Release 4.5 and later. Page 19-19 Creating a New Group f. The following prompt displays: Enable MPLS? (n): Multi-Protocol Label Switching (MPLS) must be enabled if this group is going to be used for machines in the network that communicate via MPLS. Answer n at this prompt and skip ahead to Step 2. Configuring the Virtual Router Port (Optional) on page 19-21. ♦ Note ♦ MPLS is not supported in Release 4.5 and later. Page 19-20 Creating a New Group Step 2. Configuring the Virtual Router Port (Optional) You can now optionally configure the virtual router port that the default VLAN in this Group will use to communicate with other VLANs. When you define a virtual router, a virtual router port for the default VLAN in the Group is created. If you do not define a virtual router, no virtual router port is created and the default VLAN in the new Group will be “firewalled,” unable to communicate with other VLANs. ♦ Important Note ♦ Use caution when setting up routing on the default VLAN for a Group. In some configurations enabling routing on the default VLAN may not be necessary or desirable. You can always enable routing on other, non-default VLANs, within this Group. Refer to AutoTracker Application Example 4 in Chapter 24 for more information. You will have the choice of configuring IP, IPX, or both IP and IPX routing. Continue with the steps below: a. After answering n to the Enable ATM CIP? prompt, the following prompt displays: Enable IP (y): Press <Enter> if you want to enable IP Routing on this virtual router port. If you do not enable IP, then the default VLAN in this Group will not be able to route IP data. If you don’t want to set up an IP router, enter n, press <Enter> and skip to Step j. ♦ Note ♦ You may enable routing of both IP and IPX traffic on this router port. If you set up dual-protocol routing, you must fill out information for both IP and IPX parameters. b. The following prompt displays: IP Address: Enter the IP address for this virtual router port in dotted decimal notation (e.g., 198.206.181.10). This IP address is assigned to the virtual router port of the default VLAN within this Group. After you enter the address, press <Enter>. c. The following prompt displays: IP Subnet Mask (0xffffff00): The default IP subnet mask (in parentheses) is automatically derived from the default VLAN IP address class. Press <Enter> to select the default subnet mask or enter a new subnet mask in dotted decimal notation or hexadecimal notation and press <Enter>. d. The following prompt displays: IP Broadcast Address (198.200.10.255): The default IP broadcast address (in parentheses) is automatically derived from the default VLAN IP address class. Press <Enter> to select the default address or enter a new address in dotted decimal notation and press <Enter>. Page 19-21 Creating a New Group e. The following prompt displays: Description (30 chars max): Enter a useful description for this virtual IP router port using alphanumeric characters. The description may be up to 30 characters long. Press <Enter>. f. The following prompt displays: Disable routing? (n) : Indicate whether you want to disable routing in the group. You can enable routing later through the modvl command. g. The following prompt displays: IP RIP Mode {Deaf (d), Silent (s), Active (a), Inactive (i)} (s): Define the RIP mode in which the virtual router port will operate. RIP (Router Information Protocol) is a network-layer protocol that enables the default VLAN in this Group to learn and advertise routes. The RIP mode can be set to one of the following: Silent. The default setting shown in parentheses. RIP is active and receives routing information from other VLANs, but does not send out RIP updates. Other VLANs will not receive routing information concerning the default VLAN in this Group and will not include the VLAN in their routing tables. Simply press <Enter> to select Silent mode. Deaf. RIP is active and sends routing information to other VLANs, but does not receive RIP updates from other VLANs. The default VLAN in this Group will not receive routing information from other VLANs and will not include other VLANs in its routing table. Enter d and press <Enter> to select Deaf mode. Active. RIP is active and both sends and receives RIP updates. The default VLAN in this Group will receive routing information from other VLANs and will be included in the routing tables of other VLANs. Enter a and press <Enter> to select Active mode. Inactive. RIP is inactive and neither sends nor receives RIP updates. The default VLAN in this Group will neither send nor receive routing information to/from other VLANs. Enter i and press <Enter> to select Inactive mode. h. If routing domains are not configured on the switch, go to the next step. If routing domains are configured on the switch, the following prompt displays: Apply to Routing Domain ID (none) : Enter a routing domain in which this group should be included, or press Enter. A routing domain is a grouping of IP router interfaces that can forward packets only within the domain. Routing domains are part of Advanced Routing software and are not part of the base code. For more information about routing domains, see Chapter 14, “Routing Domains,” in the Advanced Routing User Manual. i. After you enter the RIP mode, or after you enter a routing domain ID, the following prompt displays: Default framing type [Ethernet II(e), fddi (f), token ring (t), Ethernet 802.3 SNAP (8), source route token ring(s)} (e): Page 19-22 Creating a New Group Select the default framing type for the frames that will be generated by this router port and propagated over the default VLAN to the outbound ports. Set the framing type to the encapsulation type that is most prevalent in the default VLAN. If the default VLAN contains devices using encapsulation types other than those defined here, the switching modules must translate those frames, which slows throughput. The figure on the next page illustrates the Default Framing Type and its relation to Virtual Router Port communications. OmniS/R 12345678 123456 Virtual Router SNMP AGENT RIP Virtual Router Port Group VLAN 1 (default VLAN #1) The Default Router Framing Type determines the type of frame transmitted through the Virtual Router Port to the default VLAN. Workstation A Workstation B Default Framing Type and the Virtual Router Port j. You can now configure IPX routing on this port. The following message displays: Enable IPX? (y) : Press <Enter> if you want to enable IPX Routing on this virtual router port. If you do not enable IPX, then the default VLAN in this Group will not be able to route IPX data. You can set up a virtual router port to route both IP and IPX traffic. If you don’t want to set up an IPX router for the default VLAN in this Group, enter n, press <Enter>, and skip ahead to step p below. You can always set up IPX routing for other VLANs within this Group. Page 19-23 Creating a New Group k. After selecting to enable IPX, the following prompt displays: IPX Network: Enter the IPX network address. IPX addresses consist of eight hex digits and you can enter a minimum of one hex digit in this field. If you enter less than eight hex digits, the system prefixes your entry with zeros to create eight digits. l. The following prompt displays: Description (30 chars max): Enter a useful description for this virtual IPX router port using alphanumeric characters. The description may be up to 30 characters long. Press <Enter>. m. The following prompt displays: IPX Delay in ticks (0): Enter the number of ticks you want for the IPX network. A tick is about 1/18th of a second. The default is 0. n. The following prompt displays: IPX RIP and SAP mode {RIP and SAP active (a) RIP only active (r) RIP and SAP inactive (i)} (a): Select how you want the IPX protocols, RIP (router information protocol) and SAP (service access protocol), to be configured for the default VLAN in this Group. RIP is a networklayer protocol that enables this VLAN to learn routes. SAP is also a network-layer protocol that allows network services, such as print and files services, to advertise themselves. The choices are: RIP and SAP active. The default setting. The default VLAN to which this IPX router port is attached participates in both RIP and SAP updates. RIP and SAP updates are sent and received through this router port. Simply press <Enter> to select RIP and SAP active. The default VLAN to which this IPX router port is attached participates in RIP updates only. RIP updates are sent and received through this router port. Enter an r and press <Enter> to select RIP only active. RIP only active. RIP and SAP inactive. The IPX router port is active, but the default VLAN to which it is attached does not participate in either RIP nor SAP updates. Enter an i and press <Enter> to select RIP and SAP inactive. Page 19-24 Creating a New Group o. After selecting the RIP and SAP configuration, the following prompt displays the default router framing type options: Default router framing type for : { Ethernet Media: Ethernet II (0), Ethernet 802.3 LLC (1), Ethernet 802.3 SNAP (2), Novell Ethernet 802.3 raw (3), FDDI Media: fddi SNAP (4), source route fddi SNAP (5), fddi LLC (6), source route fddi LLC (7), Token Ring Media: token ring SNAP (8), source route token ring SNAP (9), token ring LLC (a), source route token ring LLC (b) } (0) : Select the default framing type for the frames that will be generated by this router port and propagated over the default VLAN to the outbound ports. Set the framing type to the encapsulation type that is most prevalent in the default VLAN. If the default VLAN contains devices using encapsulation types other than those defined here, the switching modules must translate those frames, which slows throughput. See the figure, Default Framing Type and the Virtual Router Port on page 19-23 for an illustration of the Default Framing Type and its relation to Virtual Router Port communications. ♦ Note ♦ The .cmd file contains a command called hreXnative that by default is set to 1. If physical ports in an end station are using a different encapsulation than the virtual router ports (for example, the modvl command shows router ports set to Ethernet II IPX, but the swch command shows that physical ports are using SNAP) then the hreXnative command must be set to 0. See Chapter 9, “Switch Wide Parameters,” for more information about the .cmd file. p. If you chose a Source Routing frame format in the last step (options 5, 7, 9, or b), an additional prompt displays: Default source routing broadcast type : { ARE broadcasts(a), STE broadcasts(s)} (a) : Select how broadcasts will be handled for Source Routing. The choices are: ARE broadcasts. All Routes Explorer, the default setting. Broadcasts are transmitted over every possible path on inter-connected source-routed rings. This setting maximizes the generality of the broadcast. Simply press <Enter> to select All Routes Explorer. STE broadcasts. Spanning Tree Explorer. Broadcasts are transmitted only over Spanning Tree paths on inter-connected source-routed rings. This setting maximizes the efficiency of the broadcast. Enter an s and press <Enter> to select Spanning Tree Explorer. Page 19-25 Creating a New Group q. The following prompt displays: Enter a priority level (0...7)(0): Prioritizing VLANs allows to you set a value for traffic based on the destination VLAN of packets. Traffic with the higher priority destination will be delivered first. VLAN priority can be set from 0 to 7, with 7 being the level with the most priority. Modifying and displaying a group’s priority is described in Priority VLANs on page 19-73. You have now completed the configuration of the virtual router port for this group. At this point, you will be asked whether you want to enable group mobility. The following prompt will display: Enable Group Mobility on the Group ? [y/n] (n): Mobile groups are discussed in detail in Mobile Groups on page 19-5. If you want to enable group mobility answer Y to this prompt, press <enter>, and go on to Step 3. Set Up Group Mobility and User Authentication on page 19-27. If you do not want to configure group mobility answer N at the prompt, press <enter>, and go on to Step 4. Configuring Virtual Ports on page 19-28 for further instructions. Page 19-26 Creating a New Group Step 3. Set Up Group Mobility and User Authentication A mobile group offers more flexibility than a non-mobile group. With a mobile group, ports are assigned dynamically to the group based on AutoTracker policies that you configure. In a non-mobile group, ports are statically defined and AutoTracker policies are assigned to individual VLANs within the Group. In most cases, you will want to set up a mobile group. The following steps show you how. a. After configuring the virtual router port, you will receive the following prompt: Enable Group Mobility on the Group ? [y/n] (n): To create a mobile group, enter a Y as this prompt, press <enter>, and continue with step b. If you want to configure a non-mobile Group, enter N, press <enter>, and you will see the following prompt: This Group will not participate in Group Mobility If you are not creating a mobile group, go on to Step 4. Configuring Virtual Ports on page 19-28. b. The following prompt displays: Enable User Authentication on the Group ? [y/n] (n): An authenticated group is a special type of mobile group. It uses an authentication process as it criteria for group membership. Typically, users will be prompted for an id and password before gaining membership to an authenticated group. Authenticated groups require additional Windows NT server software. More detailed information on these groups can be found in the Switch Network Services User Manual. If you are not sure whether this is an authenticated group, simply press <enter> at this prompt. c. The following prompt displays: Enable spanning tree for this group [y/n] (y): Spanning Tree prevents broadcast storms by limiting logical loops in the network. For more information on Spanning Tree, see Chapter 17, titled “Configuring Bridging Parameters.” If you wish to enable Spanning Tree, enter y and press <enter>. Otherwise, enter n. d. The following prompt displays: Do you wish to configure the interface group for this Virtual LAN at this time? (y) You can assign physical ports to the new Group at this time. To begin assigning ports to the new Group, press <Enter> and go to Step 4. To assign ports to the Group later, type n and <Enter>. The new Group is configured but does not yet contain any ports. You can use the addvp command later to assign ports to the Group (see Adding Virtual Ports on page 19-44). A message similar to the following displays confirming the creation of the new Group. GROUP 6 has been added to the system. You may add interfaces to this group using the addvp command at a later date. For now, the GROUP is inactive until you add interfaces. Configure Auto-Activated LANE service ? [y/n] (y) : If you want to configure switch ports later (or simply rely on the dynamic port assignment capability’s of the mobile group) skip ahead to Step 5. Configuring AutoTracker Policies (Mobile Groups Only) on page 19-34. Page 19-27 Creating a New Group Step 4. Configuring Virtual Ports You can now enter configuration parameters for each switch port to be included in this Group. These configuration parameters include the bridging mode, output format type, and administrative state. In addition, if the port you are configuring is Ethernet (10/100 Mbps), you can also configure port mirroring. Prompts for configuring virtual ports follow directly after Group Mobility prompts. You can choose to add ports now or add them later through the addvp command. Follow these steps: a. After you have stepped through the Routing and/or Group Mobility prompts, the following message displays: Do you wish to configure the interface group for this Virtual LAN at this time? (y) You can assign physical ports to the new Group at this time. To begin assigning ports to the new Group, press <Enter> and go to Step b. To assign ports to the Group later, type n and <Enter>. The new Group is configured but does not yet contain any ports. You can use the addvp command later to assign ports to the Group (see Adding Virtual Ports on page 19-44). A message similar to the following displays confirming the creation of the new Group. GROUP 6 has been added to the system. You may add interfaces to this group using the addvp command at a later date. For now, the GROUP is inactive until you add interfaces. b. After indicating that you want to set up ports, the following prompt displays: Initial Vports (Slot/Phys Intf. Range) - For example, first I/O Module (slot 2), second interface would be 2/2. Specify a range of interfaces and/or a list as in: 2/1-3, 3/3, 3/5, 4/6-8 Enter the port or ports that you want to include in this new Group. The notation for adding a port to a group is <slot number of module>/<port number on the module> OmniS/R-3 are numbered from 1 to 3 top to bottom and OmniS/R-5 slots are numbered from 1 to 5 top to bottom. OmniS/R-9 slots are numbered 1-9, left to right. Port numbers are labelled on the front panel of switching modules. You may enter multiple ports from multiple switching modules. For example, to add ports 1 through 3 on the module in slot 2, specify 2/1-3. To additionally add the third and fifth port on the module in the third slot, specify 3/3, 3/5. The complete slot port specification would be: 2/1-3, 3/3, 3/5 c. If you enter a port that is already assigned to another Group, then you will be prompted on whether or not you want to change its assignment. A message similar to the following displays for each port that you enter: Initial Slot/Interface Assignments: 2/8 2/8 - This interface has already been assigned to GROUP 1 (Default GROUP #1). Do you wish to remove it from that GROUP and assign it (with new configuration values) to this GROUP (n)? Simply enter a y at each port prompt to change its Group assignment and begin setting port parameters. You could also enter a c at this prompt to accept all default port parameters and skip port configuration prompts. If you enter a c, all remaining ports are automatically added to the Group with default settings, and your work is complete. Page 19-28 Creating a New Group d. The virtual port configuration menu displays: Modify Ether/8 Vport 2/8 Configuration 1) Vport 2) Description 3) Bridge Mode 31) Switch Timer 4) Flood Limit 5) Output Format Type 6) Ethernet 802.2 Pass Through 7) Admin, Operational Status 8) Mirrored Port Status 9) MAC address :9 : : Auto-Switched : 60 : 192000 : Default (IP-Eth II, IPX-802.3) : Yes : Enabled, inactive : Disabled, available : 000000:000000 Command {Item=Value/?/Help/Quit/Redraw/Next/Previous/Save} (Redraw) : Descriptions for each of the fields in this display follow. To change any default value, enter the line number for item, an equal sign (=), and then the value for the parameter. Enter save to save all configured settings and move onto the next step in the group creation process. 1) Vport The virtual port number for this port. The next virtual port number available in the switch is shown by default in this field. 2) Description Enter a useful description for this virtual port using alphanumeric characters. The description may be up to 30 characters long. 3) Bridge Mode Select the bridge mode used by this port. The choices are: Spanning Tree Bridge. The default setting for all non-Ethernet ports. This mode is appropriate for backbone and hub connections. The port acts as a standard 802.1d bridge port. It forwards BPDU frames out the port. When frames are received, Spanning Tree BPDUs are processed, and Spanning Tree dynamically controls the forwarding state. If flooding occurs, all frames destined for unknown MAC addresses, broadcast addresses, or multicast addresses will be sent to all ports in the same Group. Enter 3=b and press <Enter> to select Spanning Tree Bridge mode. Optimized Device Switching. This mode is appropriate for dedicated connections to a single workstation or server. Spanning Tree is turned off. No Spanning Tree BPDUs will be sent and the port will always be in the forwarding state. The port will stay in this mode even if a Spanning Tree BPDU is detected. In addition, all MACs learned will not be aged out (regardless of the Bridge Aging Timer setting) until the port is disconnected or configured to be administratively down. No flooding of packets with an unknown destination address is allowed after at least one MAC address has been learned. (An exception to this rule occurs on newer Mammoth-generation Ethernet modules, such as the ESM-100C-12, ESM100F-8, and ESM-C-32. When these ports are in optimized mode, packets with unknown destination addresses will be flooded.) Packets with a broadcast or multicast destination will always be allowed. Enter 3=o and press <Enter> to select Optimized Device Switching mode. Page 19-29 Creating a New Group Auto-Switch. The default setting for all Ethernet ports. This mode is appropriate for dedicated connections requiring a switch-over to bridge mode when multiple devices are detected. A port in Auto-Switch mode will start in Optimized Device Switching mode (see description above). The port will remain in Optimized Device Switching mode until a Spanning Tree BPDU is detected or more than one MAC address transmits data. Once either of these conditions is met, the port will switch to Spanning Tree Bridge mode and Spanning Tree will start (if configured in the switch). An Auto-Switch port will remain in Spanning Tree Bridge mode as long as there are BPDUs and multiple MACs. However, the port can revert back to Optimized Device Switching Mode if the time specified in the next field (Switch Timer) transpires without BPDUs and multiple MACs. Also, if the port is disconnected or configured to be administratively down, then an Auto-Switch port will revert back to Optimized Device Switching mode when it becomes operational again. Enter 3=a and press <Enter> to select AutoSwitch mode. No Optimized Device Switching Mode Greater Than 1 MAC? No BPDUs Detected? Yes Yes Spanning Tree Bridge Mode No No Yes BPDU Detected? Yes Only 1 MAC Address Detected? No Switch Timer Period Elapsed? Yes How Auto-Switch Bridge Mode Works 31) Switch Timer If you selected the Auto-Switch bridge mode, then you can configure this field. Enter the time-out period, in seconds, for an Auto-Switch port that has turned to Spanning Tree Bridge mode port to revert back to Optimized Switching mode. When in Auto-Switch mode, a port switches to Spanning Tree Bridge mode as soon as it detects a BPDU or more than one MAC address. The port will switch back to Optimized Switching mode after the time-out value you define here. Page 19-30 Creating a New Group 4) Flood Limit The flood limit allows you to tune a virtual port to limit the flooding of broadcast, multicast, and unknown destination packets. This feature is useful for controlling broadcast storms on your network. While each network is different, in general the amount of flooded traffic represents a relatively small percentage of network traffic. The flood limit is actually a “transmit credit” that is issued every five (5) seconds. When a packet is flooded on this port, the size of the packet, in bytes, is decremented from the current credit value. The credit value is the value you enter in this field multiplied by five. An additional credit, in the amount of the value you enter here multiplied by five, is allocated to each virtual port every five (5) seconds. If the credit value ever falls below zero, then all flooded packets are discarded until another credit is allocated. Flood limit checking is disabled if you enter a flood limit of zero (0). The flood limit default is 192,000 bytes per second, which equates to a transmit credit of 960,000 bytes every five seconds. 5) Output Format Type The output format setting determines the kind of frame that will be sent out this physical port. If translation is necessary, then incoming frames will be translated to this format before being sent out this port. For example, on an Ethernet port incoming FDDI frames need to be translated to Ethernet. However, there are four types of Ethernet frames— Ethernet II, IPX 802.3, SNAP, and LLC. The format type you select here would determine the frame format to which non-Ethernet frames would be translated. The following figure illustrates how a port’s framing type affects communication with attached devices. ♦ Note ♦ This parameter differs from the router framing type selected during the configuration of the virtual router port. The router framing type is the encapsulation done on a router port, whereas this output format type applies only to translations on this virtual port. Page 19-31 Creating a New Group OmniS/R 12345678 123456 Virtual Router Group 2 Ports 1 and 2 VLAN 1 (default VLAN #1) Ethernet Port 1: Format set to Ethernet II Ethernet Port 2: Format set to SNAP Server Receives frames in Ethernet II format. Workstation Receives frames in SNAP format. The Output Format Type you set for each port determines the type of frames that devices attached to that port receive. Output Framing Type on Physical Ports Note that for Ethernet, the default output format option is Ethernet II for IP frames and 802.3 for IPX frames. You can customize your frame translation settings even further through the Switch menu. The Switch menu allows you to set translations at the frame format level (i.e., incoming SNAP frames could be translated one way, while incoming LLC frames could be translated another way) based on protocol type (IP or IPX). The Switch menu is explained in Chapter 18, “Configuring LAN Switch Translations.” 6) Ethernet 802.2 Pass Through For Ethernet ports only. If you answer Yes to this prompt, then frames received in the IEEE 802.2 format will not be translated according the Output Format Type chosen in line 5; they will be sent as is in their native IEEE 802.2 format. If you answer No, then 802.2 frames will be subject to the Output Format Type chosen in line 5. Page 19-32 Creating a New Group 7) Admin, Operational Status Select whether to administratively enable or disable this port. When you enable the port, the port can transmit and receive data as long as a cable is connected and no physical or operational problems exist. When you disable a port, the port will not transmit or receive data even if a cable is connected and the physical connection is operational. If you disable the port at this point, you can enable it later through the modvp command (see Modifying a Virtual Port on page 19-45). 8) Mirrored Port Status If the port you are configuring is Ethernet (10 or 10/100 Mbps), you can set up port mirroring. You can mirror traffic on this port to another like port. Port mirroring is a useful feature for monitoring traffic on particular ports. It is discussed in more detail later in this chapter in Port Mirroring on page 19-57. If you want to mirror this port, enter a 8=e, press <Enter> and you will be prompted for the slot and port number of the “mirroring” port (i.e., the port that can “see” all traffic for this port): Mirroring vport slot/port ? ( ) : Enter the mirroring port’s slot and port number and press <Enter>. If port mirroring is not supported on this port, then the following prompt will display: mirroring not supported on this port type 9) MAC address Enter the MAC address for this virtual port if it is known. After the MAC address prompt, the switch confirms the addition of the port to the group with a message similar to the following: Adding port 2/8 to Group 6. . . Make configuration changes to the port until you are satisfied. If you have completed the final virtual port, then your work is complete. You can always alter Group parameters (including virtual router parameters for the default VLAN) later through the modvl command (see Modifying a Group or VLAN on page 19-40) and modify virtual port parameters through the modvp command (see Modifying a Virtual Port on page 19-45). Page 19-33 Creating a New Group Step 5. Configuring AutoTracker Policies (Mobile Groups Only) When you have completed configuring mobile group and auto-activated LANE services, you can begin configuring AutoTracker policies for this mobile group. Instructions for configuring these rules can be found in Chapter 20, “Configuring Group and VLAN Policies.” Please refer to that chapter for instructions on configuring each policy type. After you configure AutoTracker policies, you are done configuring this mobile group and a prompt similar to the following displays: VLAN 9: 1 created successfully You can configure rules for this group later through the modatvl command. This command also works with mobile groups as long as you indicate you want to alter VLAN 1 in the mobile group (i.e., the command line would read modatvl 3:1 to modify mobile group 3). ♦ Note ♦ If the mobile group is initially created without rules, the modatvl command cannot be used to add them later. You must turn off group mobility and then reinstate it to add the rules. Page 19-34 Creating a WAN Routing Group Creating a WAN Routing Group After entering basic Group information as described in Step 1. Entering Basic Group Information on page 19-19, you should have answered Yes to the following prompt: Enable WAN Routing? (n): if you want to enable WAN Routing. WAN Routing Groups are treated differently than other Groups, as described earlier. The following steps complete the configuration of the WAN Routing Group. a. After answering y to the Enable WAN Routing? prompt, the following prompt displays: Enable IP (y): Press <Enter> if you want to enable IP Routing on the virtual router port for this Group. If you do not enable IP, then this WAN Group will not be able to route IP data. If you don’t want to set up IP routing, enter n, press <Enter> and skip to Step g. ♦ Note ♦ You may enable routing of both IP and IPX traffic over a WAN connection. If you set up dual-protocol routing, you must fill out information for both IP and IPX parameters. b. The following prompt displays: IP Address: Enter the IP address for this virtual router port in dotted decimal notation or hexadecimal notation (e.g., 198.206.181.10). This IP address is assigned to the virtual router port of the default VLAN within this Group. After you enter the address, press <Enter>. c. The following prompt displays: IP Subnet Mask (0xffffff00): The default IP subnet mask (in parentheses) is automatically derived from the default VLAN IP address class. Press <Enter> to select the default subnet mask or enter a new subnet mask in dotted decimal notation or hexadecimal notation and press <Enter>. d. The following prompt displays: IP Broadcast Address (198.200.10.255): The default IP broadcast address (in parentheses) is automatically derived from the default VLAN IP address class. Press <Enter> to select the default IP broadcast address or enter a new broadcast address in dotted decimal notation or hexadecimal notation and press <Enter>. e. The following prompt displays: Description (30 chars max): Enter a useful description for this virtual IP router port using alphanumeric characters. The description may be up to 30 characters long. Press <Enter>. Page 19-35 Creating a WAN Routing Group f. The following prompt displays: IP RIP Mode {Deaf (d), Silent (s), Active (a), Inactive (i)} (s): Define the RIP mode in which the virtual router port will operate. RIP (Router Information Protocol) is a network-layer protocol that enables the default VLAN in this Group to learn and advertise routes. The RIP mode can be set to one of the following: Silent. The default setting shown in parentheses. RIP is active and receives routing information from other VLANs, but does not send out RIP updates. Other VLANs will not receive routing information concerning the default VLAN in this Group and will not include the VLAN in their routing tables. Simply press <Enter> to select Silent mode. Deaf. RIP is active and sends routing information to other VLANs, but does not receive RIP updates from other VLANs. The default VLAN in this Group will not receive routing information from other VLANs and will not include other VLANs in its routing table. Enter d and press <Enter> to select Deaf mode. Active. RIP is active and both sends and receives RIP updates. The default VLAN in this Group will receive routing information from other VLANs and will be included in the routing tables of other VLANs. Enter a and press <Enter> to select Active mode. Inactive. RIP is inactive and neither sends nor receives RIP updates. The default VLAN in this Group will neither send nor receive routing information to/from other VLANs. Enter i and press <Enter> to select Inactive mode. g. You can now configure IPX routing on this port. The following message displays: Enable IPX? (y) : Press <Enter> if you want to enable IPX Routing on this virtual router port. If you do not enable IPX, then the default VLAN in this WAN Group will not be able to route IPX data. You can set up a virtual router port to route both IP and IPX traffic. If you don’t want to enable IPX routing for the default VLAN in this Group, enter n and press <Enter>. You can always set up IPX routing for other VLANs within this Group. You are done configuring this WAN Routing Group. See the appropriate WAN interface chapter for further information on configuring this Routing service. h. After selecting to enable IPX, the following prompt displays: IPX Network: Enter the IPX network address. IPX addresses consist of eight hex digits and you can enter a minimum of one hex digits in this field. If you enter less than eight hex digits, the system prefixes your entry with zeros to create eight digits. i. The following prompt displays: Description (30 chars max): Enter a useful description for this virtual IPX router port using alphanumeric characters. The description may be up to 30 characters long. Press <Enter>. j. The following prompt displays: IPX Delay in ticks (0): Enter the number of ticks you want for the IPX network. A tick is about 1/18th of a second. The default is 0. Page 19-36 Creating a WAN Routing Group k. After entering a description, the following prompt displays: IPX RIP and SAP mode {RIP and SAP active (a) RIP only active (r) RIP and SAP inactive (i)} RIP and SAP triggered (t)} (a): Select how you want the IPX protocols, RIP (router internet protocol) and SAP (service access protocol), to be configured for the default VLAN in this Group. RIP is a networklayer protocol that enables this VLAN to learn routes. SAP is also a network-layer protocol that allows network services, such as print and files services, to advertise themselves. The choices are: RIP and SAP active. The default setting. The default VLAN to which this IPX router port is attached participates in both RIP and SAP updates. RIP and SAP updates are sent and received through this router port. Simply press <Enter> to select RIP and SAP active. The default VLAN to which this IPX router port is attached participates in RIP updates only. RIP updates are sent and received through this router port. Enter an r and press <Enter> to select RIP only active. RIP only active. RIP and SAP inactive. The IPX router port is active, but the default VLAN to which it is attached does not participate in either RIP nor SAP updates. Enter an i and press <Enter> to select RIP and SAP inactive. RIP and SAP triggered. The IPX router port is active, but RIP and SAP information will be sent out on the port only when a network change has occurred. This option is more cost effective for WAN links and is best suited for smaller network environments that don’t change often. Enter a t and press <Enter> to select RIP and SAP triggered. When you are done entering Router parameters, a message similar to the following displays: GROUP 5 has been added to the system You should now follow the instructions for configuring a WAN Routing Service described in the appropriate WAN interface chapter. Page 19-37 Viewing Current Groups Viewing Current Groups The gp command provides information on all currently defined Groups in a switch including Group number, network address, protocol type, and encapsulation type. You can obtain information on all groups in a switch by entering: gp A screen similar to the following displays: Group ID Group Description (:VLAN ID) ===== =========================== 1 Default GROUP (#1) 2 New GROUP (#2) 3 New GROUP (#3) 4 New Group (#4) 5 New GROUP Network Address Proto/ (IP Subnet Mask) Encaps or (IPX Node Addr) =============== ======== 198.206.182.115 IP / (ff.ff.ff.00) ETH2 198.206.101.12 IP / (ff.ff.ff.00) SNAP 198.206.181.10 IP/ (ff.ff.ff.00) 1490 198.206.183.44 IP / (ff.ff.ff.00) ETH2 12314526 IPX / (0020da:020484) 8023 198.206.143.11 CIP / (ff.ff.ff.00) 1483 You can also get information on a specific Group by entering gp followed by the Group number. For example, gp 3 displays information just on Group 3: Group ID Group Description (:VLAN ID) ===== =========================== 3 New GROUP (#3) Network Address Proto/ (IP Subnet Mask) Encaps or (IPX Node Addr) =============== ======== 198.206.181.10 IP / (ff.ff.ff.00) 1490 The following sections describe the columns in this table: Group ID (:VLAN ID). The identification number assigned to this Group when it was created through the crgp command. The Group identifier is typically consistent network-wide (i.e., Group 3 in this switch should be the same Group as Group 3 configured in all other Omni Switch/Routers in the network). If this Group contains any VLANs, then they will be listed below the Group number. If the default VLAN in the Group supports both IP and IPX routing, then information on both (network address, etc) will display. Group 4 in the screen sample above shows a case where both IP and IPX routing are supported. Group Description. The textual description of this Group that was entered when the Group was created or modified. This description is limited to 30 characters. Network Address (IP Subnet Mask) or (IPX Node Addr). For each virtual router port configured, two addresses are listed. Both of these addresses were configured when the Group was created or modified through crgp or modvl. The first address is the Network Address, which is the address of the virtual router port for the default VLAN (VLAN #1) in this Group. For an IP virtual router port, this address is the IP address, which is shown in dotted decimal format. For an IPX virtual router port, this address is the IPX network address, which is shown as eight hex characters. Page 19-38 Viewing Current Groups A second address is displayed below the Network address. For IP, this address is the IP Subnet Mask, which is normally derived from the default VLAN IP address class. For IPX, this address is the IPX Node Address. Proto/Encaps. For each Group or VLAN listed, the top field is the Protocol supported by this virtual router port. Possible values in the field are: IP (IP router), IPX (IPX router), and CIP (Classical IP Group with CIP router). If you configured an IP and an IPX router port, then two router entries will be listed—one with a Protocol of IP and the other with a Protocol of IPX. The bottom field is the encapsulation used for outgoing frames on the router port. This encapsulation was configured when the router port was configured. Possible values for this field depend on the Protocol and type of Group. Frame Relay WAN Groups will always display 1490 to indicate RFC 1490 encapsulation is performed on frames. IP and IPX routers have additional possible encapsulation types. For IP virtual router ports, the possible encapsulation types are as follows: • • • • • ETH2 SNAP FDDI 8025 TSRS Ethernet II Ethernet 802.3 SNAP FDDI Token Ring 802.5 Token Ring Source Routing For IPX virtual router ports, the possible encapsulation types are as follows: • • • • • • • • • • • • ETH2 LLC SNAP 8023 FDDI FSRS FLLC FSRL 8025 TSRS TLLC TSRL Ethernet II Ethernet 802.3 LLC Ethernet 802.3 SNAP Ethernet 802.3 (Novell raw) FDDI SNAP FDDI Source Routing SNAP FDDI LLC FDDI Source Routing LLC Token Ring SNAP Token Ring Source Routing SNAP Token Ring LLC Token Ring Source Routing LLC Page 19-39 Modifying a Group or VLAN Modifying a Group or VLAN After creating a Group (through crgp) or VLAN (through cratvl, see Chapters 20 and 22), you can change any of their parameters through the modvl command. In addition, if you did not set up a virtual router port (IP or IPX) during the initial Group or VLAN configuration, you can set one up with modvl. To use this command, enter modvl followed by the Group number and VLAN number to change. For example, to modify parameters in Group 2, VLAN 1, enter: modvl 2 Note that you do not need to specify a VLAN number to modify the default VLAN within a Group. To modify parameters in Group 2, VLAN 2, you would enter: modvl 2:2 A screen similar to the following displays. Current values associated with GROUP 2.1 are as follows: 1) GROUP Number - 2:1 2) Description - New GROUP (#2) IP Parameters: 3) IP enabled -Y 4) IP Network Address - 198.206.101.12 5) IP Subnet Mask - 255.255.255.0 6) IP Broadcast Address - 198.206.101.255 7) Router Description - Router Port #2 8) RIP Mode - Silent {Active (a), Inactive (i), Deaf (d), Silent (s)} 9) Routing disabled -N 11) Default Framing - Ethernet II {Ethernet II(e), Ethernet 802.3 (8), fddi (f), token ring (t), source route token ring (s)} IPX parameters: 12) IPX enabled -N (save/quit/cancel) : The Group number at the top of this sample screen is followed by the number 1 (GROUP 2.1), meaning that the information applies to default VLAN #1 in this Group. If this screen displayed information on Group 2, VLAN 2, then this field would read GROUP 2:2. The colon prompt (:) at the bottom of the screen is used to prompt for user input. To change a value, type the line number of the item you want to change, followed by an equal sign (=) and the new value. For example, to set a new description you could enter: 2=Engineering All of the modvl parameters are described in the section for creating a new Group, Creating a New Group on page 19-18. ♦ Note ♦ Line numbering for the modvl command will vary depending on whether you have an IP or IPX router configured. Each type of router contains several parameters that require extra line numbers. Page 19-40 Modifying a Group or VLAN Viewing Your Changes When you enter a change at the colon prompt, the modvl screen does not normally refresh. If you want to see the current Group or VLAN settings, including any changes you made, enter a question mark (?) at the colon prompt. The modvl screen will refresh. Saving Your Changes Once you have entered all your modifications and you want to save them, type save at the colon prompt. You will exit the modvl command and your changes will take effect. Canceling Your Changes You can also exit the modvl command without saving any changes you made in the current session. Simply enter cancel at the colon prompt or enter <Ctrl>-d. The modvl command will end and none of the changes you made will be saved. Changing the IP Address Changing the IP address can also affect the Subnet Mask and the Broadcast Address. The new IP address means that the Subnet Mask and Broadcast Address must be re-generated and the following message displays: New IP address generates new subnet and broadcast address Enter ‘?’ to view the changes The system automatically creates new Subnet Mask and Broadcast addresses based on the new IP address. If you enter a question mark (?) at this point you could view these changes. If you remove the last IP address in the system, you will see a warning message that SNMP (and other applications) are now inoperational. Changing the IP Subnet Mask Changing the IP Subnet Mask can also affect the IP Broadcast Address. The new Subnet Mask means that the Broadcast Address must be re-generated and the following message displays: New mask caused change in broadcast address The system automatically created a new Broadcast address based on the new Subnet Mask. If you entered a question mark (?) at this point you could view these changes. Page 19-41 Modifying a Group or VLAN Enabling IP or IPX Routing If you enable IP or IPX routing by setting the corresponding modvl lines from N to Y, then the screen automatically refreshes with additional lines for the new router port parameters. All lines are set to router defaults. The router defaults are as follows: IP Router IP Network Address IP Subnet Mask IP Broadcast Address Router Description Routing Disabled RIP Mode Default Framing Type 0.0.0.0 0.0.0.0 0.0.0.0 (no description shown for default) No Silent Ethernet II IPX Router IPX Network Address Router Description Delay in Ticks RIP/SAP Mode Default Framing Type 0x0 (no description shown for default) 0 RIP and SAP are active Ethernet II You can change any of these defaults as you would any other modvl parameters: enter the line number, followed by an equal sign (=) and the new parameter. ♦ Note ♦ You must at least enter a Network Address for a new router or you will not be able to save the configuration. Page 19-42 Deleting a Group Deleting a Group You can delete a Group as long as it does not contain any virtual ports. The default Group, Group #1, cannot be deleted. To delete a Group, enter rmgp followed by the Group number you want to delete. For example, if you wanted to delete Group 5, you would enter: rmgp 5 If the Group does not contain any virtual ports, then a confirmation message displays: GROUP 5 removed. If the Group still contains virtual ports, then a message similar to the following displays: GROUP 5 has active entries, you must remove these prior to removing the GROUP (use rmvp for this). You must first remove the Group’s virtual ports before the Group can be removed. The rmvp command allows you to remove virtual ports. See Deleting a Virtual Port on page 19-46 for information on using this command. ♦ Note ♦ Some commands in the Bridge Management menu (described in Chapter 17, “Configuring Bridging Parameters”) require you to select a Group before making configuration changes. If you delete the currently selected Group with rmgp, then the new currently selected Group reverts to the default Group, Group #1. Page 19-43 Adding Virtual Ports Adding Virtual Ports You can add virtual ports to a Group at any time after the Group is created. The addvp command allows you to add one or more ports to a Group you specify. If you have used the crgp command to add virtual ports, then you will find the addvp command fields very familiar. To use addvp, enter the command followed by the Group number to which you want to add the port. Next, specify the port or ports you want to add. addvp <Group Number for port> <Module Slot>/<Port Number> For example, if you wanted to add ports 4 through 6 on the module in slot 4 to Group #5, then you would specify: addvp 5 4/4-6 The procedure for using addvp is as follows: 1. Enter addvp followed by the Group number where you want this port to reside, followed by the physical slot and port numbers you want to configure. 2. If you enter a port that is already assigned to another Group, then you will be prompted on whether or not you want to change its assignment. A message similar to the following displays for each port that you enter: 4/4 - This interface has already been assigned to GROUP 1 (Default GROUP #1). Do you wish to remove it from that GROUP and assign it (with new configuration values) to this GROUP (n)? Simply enter a y at each port prompt to change its Group assignment and begin setting port parameters. You could also enter a c at this prompt to accept all default port parameters and skip port configuration questions. If you enter a c, all remaining ports are automatically added to the Group with default settings, and your work is complete. 3. The virtual port configuration menu displays: Modify Ether/8 Vport 4/4 Configuration 1) Vport 2) Description 3) Bridge Mode 31) Switch Timer 4) Flood Limit 5) Output Format Type 6) Ethernet 802.2 Pass Through 7) Admin, Operational Status 8) Mirrored Port Status 9) MAC Address :9 : : Auto-Switched : 60 : 192000 : Default (IP-Eth II, IPX-802.3) : Yes : Enabled, inactive : Disabled, available : 000000:000000 Command {Item=Value/?/Help/Quit/Redraw/Next/Previous/Save} (Redraw) : Descriptions for each of the fields in this display begin on page 19-29. To change any default value, enter the line number for the item, an equal sign (=), and then the value for the parameter. When you have completed the configuration for this port, enter save to save all configured settings. Page 19-44 Modifying a Virtual Port Modifying a Virtual Port You can modify a virtual port through the modvp command. The modvp command is very similar to the addvp command and the port configuration phase of the crgp command. To use modvp, enter the command, followed by the Group number for the port, and the physical slot and port number for the port: modvp <Group Number for port> <Module Slot>/<Port Number> You can specify only one port at a time. For example, if you wanted to modify the parameters for Port 7 on the module in Slot 4, and the Port currently resides in Group 6, then you would enter: modvp 6 4/7 The procedure for using modvp is as follows: 1. Enter modvp followed by the Group number where the port currently resides, the physical slot and port number. 2. A prompt displays requesting your confirmation: Modify local port 7 (Virtual port (#14)) ? (y) : Simply press <Enter> if this is the correct virtual port. The Virtual Port number in parentheses (Virtual Port #14 in this case) is the virtual port number within this entire Omni Switch/Router. Virtual ports are numbered sequentially within the switch, not within a Group or VLAN. 3. The virtual port configuration menu displays: Modify Ether/8 Vport 4/7 Configuration 1) Vport 2) Description 3) Bridge Mode 31) Switch Timer 4) Flood Limit 5) Output Format Type 6) Ethernet 802.2 Pass Through 7) Admin, Operational Status 8) Mirrored Port Status 9) MAC Address :9 : : Auto-Switched : 60 : 192000 : Default (IP-Eth II, IPX-802.3) : Yes : Enabled, inactive : Disabled, available : 000000:000000 Command {Item=Value/?/Help/Quit/Redraw/Next/Previous/Save} (Redraw) : Descriptions for each of the fields in this display begin on page 19-29. To change any default value, enter the line number for the item, an equal sign (=), and then the value for the parameter. When you have completed the configuration for this port, enter save to save all configured settings. Page 19-45 Deleting a Virtual Port Deleting a Virtual Port You can delete a virtual port from its existing Group by using the rmvp command. When you remove a virtual port, the port is moved to the default switch Group, Group #1, and all port parameters are reset to defaults except for the port name. For example, if you configured a port with a special flood limit and customized translation settings and you then removed the port, you would lose those port settings. To remove a port, enter the rmvp command, followed by the Group number where the port currently resides and the physical slot and port number for the port: rmvp <Group number> <Module Slot>/<Port Number> For example, to delete Port 7 on the module in Slot 4, and the Port currently resides in Group 6, you would enter: rmvp 6 4/7 A prompt displays requesting that you confirm the deletion: Local port 7 (Virtual po...) is attached to this slot/interface - remove? (n): Enter a y and press <Enter> to remove the port. Another message displays confirming the deletion: BRIDGE port on 4/7 moved to GROUP 1. If the port you specified did not exist in the Group you specified in the rmvp command, then a message similar to the following would display: Specified port(s) not found on GROUP 6. Page 19-46 Viewing Information on Ports in a Group Viewing Information on Ports in a Group The via command allows you to view port attachments associated with a specified Group or all Groups in a switch. Entering via displays summary information for all virtual ports in the switch. You can also display virtual interface attachments for a specific Group by specifying the Group ID after the via command. For example, to view ports for Group 2, you would enter via 2 The same type of information is displayed for a single Group as is displayed for all Groups. The following screen shows a sample from the via command when specified without a Group ID. GROUP Interface Attachments For All Interfaces GROUP: Service/ Slot/Intf Description Instance ======= ============================= ========== 1.1 : * GROUP #1.0 IP router vport Rtr / 1 2.1 : * for group 2 Rtr / 2 1:2/1 Virtual port (#2) Brg / 1 1:2/2 Virtual port (#3) Brg / 1 1:2/3 Virtual port (#4) Brg / 1 2:2/4 finance server Brg / 1 1:2/5 Virtual port (#6) Brg / 1 1:2/6 Virtual port (#7) Brg / 1 1:2/7 Virtual port (#8) Brg / 1 1:2/8 Virtual port (#9) Brg / 1 1:3/1 Virtual port (#1) Brg / 1 1:4/1 Virtual port (#10) Brg / 1 1:4/2 Virtual port (#11) Brg / 1 1:4/3 Virtual port (#12) Brg / 1 1:4/4 Virtual port (#13) Brg / 1 1:4/5 Virtual port (#14) Brg / 1 1:4/6 Virtual port (#15) Brg / 1 Protocol ========= IP IP Tns Tns Tns Tns Tns Tns Tns Tns Tns Tns Tns Tns Tns Tns Tns Admin Status ======= Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled GROUP: Slot/Intf. GROUP is the group number to which this port is assigned. When the Group displays as a Group number followed by a decimal and a 1 (1.1 and 2.1 in the above sample), it represents the router port on the default VLAN within that Group. Slot is the position in the chassis of the switching module where this port is located. Intf (Interface) is the physical port on the switching module. When the Slot and Interface are shown as an asterisk (*)—as the top two entries in the above table display—it represents as virtual router port that does not have a corresponding physical interface. Description. The textual description entered for either the virtual router port or the virtual switch port. This description was entered through crgp or modvl for virtual router ports, or through crgp, addvp, or modvp for virtual switch ports. Service/Instance. Service is the service type configured for this port. Instance is an identifier of this service type within the switch. For example, multiple virtual router ports within the switch will be labelled consecutively (1, 2, 3, etc.), and will each have a different Instance number. Values for the service type are as follows: Page 19-47 Viewing Information on Ports in a Group • • • • • • • • Rtr Brg Tnk T10 FRT Lne CIP Vlc Virtual router port Virtual bridge port Virtual trunk port (used for WAN) 802.10 FDDI service port Frame Relay trunk port LAN Emulation service port Classical IP service port VLAN Clusters (X-LANE) service port Protocol. The bridging protocol for virtual ports and services or the routing protocol for virtual router ports. Possible values are: • Tns • SR • SRT • IP • IPX • FR Page 19-48 Transparent bridge. Bridges maintain a dynamic table of known MAC addresses on connected segments. The table is used to make forwarding decisions. When a frame is received that contains a destination address that matches an address in the table, it is forwarded to designated bridge ports that are in forwarding state. Source Routing Bridge. Normally used in Token Ring environments. Routing information is determined by looking at the Routing Information Field (RIF) in a frame. The RIF contains the segment and bridge numbers that create the path to the destination. Source Routing Transparent. Normally used in Token Ring environments. Allows Source Routing and Transparent bridges to coexist. The Source Routing Transparent Bridge will form a Spanning Tree with other Transparent Bridges and Source Routing Transparent Bridges and will forward frames that do not contain a Routing Information Field (RIF) to destinations reachable by the Spanning Tree. If the bridge detects routing information in the RIF, it will forward it the same way Source Routing bridges do.” IP Routing Protocol. Routing Information Protocol (RIP) used to learn routes from neighboring routers. You configure an IP router through the crgp or modvl commands. Other IP routing parameters can be set through the Networking menu commands, which are described in Chapter 25, “IP Routing.” IPX Routing Protocol. Uses RIP to learn routes from neighboring routers and the Service Advertising Protocol (SAP) to maintain a database of network services for requesting workstations. Other IPX routing parameters can be set through the Networking menu commands, which are described in Chapter 27, “IPX Routing.” Frame Relay IP Routing. WAN Routing Groups are configured slightly different from other Groups. Frame Relay IP Routing is IP Routing with some enhancements to account for the Frame Relay network. Viewing Information on Ports in a Group Admin Status. Indicates whether the port is administratively Enabled or Disabled. When Enabled, the port can transmit and receive data as long as a cable is connected and no physical or operational problems exist. When Disabled, the port will not transmit or receive data even if a cable is connected and the physical connection is operational. You can set the Admin Status during port configuration phase of the crgp, addvp, or modvp commands. Page 19-49 Viewing Detailed Information on Ports Viewing Detailed Information on Ports The vi command displays detailed information about virtual ports. Entering vi displays information for all virtual ports in the switch. You can also display information for only ports in a specific Group by specifying the Group ID after the vi command. For example, to view information only for ports in Group 6, you would enter vi 6 The same type of information is displayed for a single Group as is displayed for all Groups. The following screen shows a sample from the vi command when specified without a Group ID. Virtual Interface Summary Information- For All Interfaces Status Slot/ Type/ -----------------------------------Group Intf Inst/Srvc MAC Address Prt Encp Admin Oper Spn Tr Mode ===== === =========== ============= === ==== ====== ===== ====== ====== 1 All Rtr/ 1 0020da:020d40 IP ETH2 Enabld Active N/A N/A 2 All Rtr/ 2 0020da:020d43 IP ETH2 Enabld Active N/A N/A 2 All Rtr/ 3 0020da:020d44 IP ETH2 Enabld Active N/A N/A 1 3/1 Brg/ 1/ 1 0020da:048730 Tns DFLT Enabld Inactv Disabl Bridged 1 4/1 Brg/ 1/ na 0020da:030990 Tns DFLT Enabld Active Fwdng Bridged 1 4/2 Brg/ 1/ na 0020da:030991 Tns DFLT Enabld Inactv Disabl Bridged 1 4/3 Brg/ 1/ na 0020da:030992 Tns DFLT Enabld Inactv Disabl Bridged 1 4/4 Brg/ 1/ na 0020da:030993 Tns DFLT Enabld Inactv Disabl Bridged 1 4/5 Brg/ 1/ na 0020da:030994 Tns DFLT Enabld Inactv Disabl Bridged 1 4/6 Brg/ 1/ na 0020da:030995 Tns DFLT Enabld Inactv Disabl Bridged 1 4/7 Brg/ 1/ na 0020da:030996 Tns DFLT Enabld Inactv Disabl Bridged 2 4/8 Brg/ 1/ na 0020da:030997 Tns DFLT Enabld Inactv Disabl Bridged 1 5/1 Brg/ 1/ na 0020da:022860 Tns DFLT Enabld Inactv Disabl Bridged Group. The Group number to which this port is currently assigned. Slot/Intf. The slot (Slot) is the position in the chassis of the switching module where this port is located. The interface (Intf) is the physical port on the switching module. If this column reads All, then this port is a router port that supports all virtual ports in the Group. Type/Inst/Srvc. The Service Type (Type), Instance (Inst) of this Service Type in the switch, and service number (Srvc) for this virtual port. Service Type values are as follows: • • • • • • • • Rtr Brg Tnk T10 FRT Lne Vlc CIP Page 19-50 Virtual router port Virtual bridge port Virtual trunk port (used for WAN) 802.10 FDDI service port Frame Relay trunk port LAN Emulation service port VLAN clusters (X-LANE) service port Classical IP service port Viewing Detailed Information on Ports The Instance (Inst) is an identifier of this type of service within the switch. For example, if more than one virtual router port is configured in the switch, then each “instance” of a router will be given a different number. The service number (Srvc) is port-specific. If a port has more than one service configured on it, then each service will be identified by a different service number. MAC Address. The MAC address for this virtual port. Each virtual port is allocated a MAC address. Prt. The bridging or routing protocol supported by this virtual port. Descriptions of these protocol types are provided on page 19-48. Possible values are: • • • • • • • Tns SR SRT IP IPX CIP FR Transparent Bridge Source Routing Bridge Source Routing Transparent Bridge IP Routing Protocol IPX Routing Protocol Classical IP Routing (RFC 1577) Frame Relay IP Routing Encp. Encapsulation used for outgoing packets on this virtual router or switch port. Possible encapsulation values are: • • • • • • • • • • • • • • • • • • DFLT SWCH ETH2 ESNP ELLC 8023 8025 TSRS TLLC TSRL FDDI FSRS FLLC FSRL 1490 1483 SNAP LLC Default format for this switch port (differs for each interface type) Frame translations have been customized through the Switch menu Ethernet II Ethernet 802.3 SNAP (virtual router ports) Ethernet 802.3 LLC (IPX router ports only) Ethernet 802.3, Novell Raw (IPX router ports only) Token Ring 802.5 SNAP (virtual router ports) Token Ring Source Routing SNAP (virtual router ports) Token Ring LLC (IPX router ports only) Token Ring Source Routing LLC (IPX router ports only) FDDI SNAP (virtual router ports) FDDI Source Routing SNAP (IPX router ports only) FDDI LLC (IPX router ports only) FDDI Source Routing LLC (IPX router ports only) Frame Relay Routing (RFC 1490) Classical IP Routing (RFC 1483) SNAP (switch ports only) LLC (switch ports only) Admin. Indicates whether the port is administratively Enabled or Disabled. When Enabld, the port can transmit and receive data as long as a cable is connected and no physical or operational problems exist. When Disabld, the port will not transmit or receive data even if a cable is connected and the physical connection is operational. You can set the Administrative Status during the port configuration phase of the crgp command, the addvp command, or the modvp command. A port can have an Administrative Status of Enabled, but still be operationally Inactive. See the description of the Oper column below. Page 19-51 Viewing Detailed Information on Ports Oper. Indicates the current Operational Status of the port. The port will be Active (Active) or Inactive (Inactv). If the port is Active, then the port can pass data and has a good physical connection. If it is Inactive, then it may not have a good physical connection and it is not capable of passing data at this time. Spn Tr. The port’s current state as defined by the Spanning Tree Protocol. The possible Spanning Tree States are: Disabled, Blocking, Listening, Learning, and Forwarding. This state controls the action a port takes when it receives and transmits a frame. For ports which are Administratively disabled or Operationally Inactive, this state will be Disabled (Disabl), meaning the Spanning Tree algorithm is not active on this port. If the state is Blocking, then only BPDUs will be transmitted and received. If the state is Forwarding, then both data and BPDU frames will be transmitted and received. This Spanning Tree Protocol state is not applicable to virtual router ports and will read N/A for those ports. Mode. The Bridge Mode currently in use on this port. This mode is chosen during the port configuration phase of the crgp command, through the addvp command, or through the modvp command. It is not applicable to virtual router ports and will read N/A for those ports. Possible values are: • Bridged Spanning Tree Bridge. • AutoSw Auto Switch. • Optimzd Optimized Device Switching. See page 19-29 for a description of these bridge modes. Page 19-52 Viewing Port Statistics Viewing Port Statistics The vs command displays transmit and receive statistics for ports in the switch. Entering vs displays statistics for all virtual ports in the switch. You can also display statistics for only ports in a specific Group by specifying the Group ID after the vs command. For example, to view statistics only for ports in Group 6, you would enter vs 6 You can also display statistics for a specific port by entering the slot and port number after the vs command. For example, to view statistics only for Port 1 on the module in Slot 4, you would enter vs 4/1 The same type of information is displayed for a single Group or port as is displayed for all ports in a switch. The following screen shows a sample from the vs command when specified without any Group or port parameters. Virtual Interface Statistical Information- For All Interfaces Frames Octets UcastPkts NUcastPkts Slot/ Service/ In In In In Group Intf Instance Out Out Out Out ===== === =========== =========== =========== ============ ============= 1 All Rtr/ 1 2 All Rtr/ 2 3 All Rtr/ 3 1 3/1 Tnk/ 1 0 0 0 0 0 0 0 0 1 4/1 Brg/ 1 17774 1739560 1707 16067 684 103048 681 3 1 4/2 Brg/ 1 0 0 0 0 0 0 0 0 1 4/3 Brg/ 1 0 0 0 0 0 0 0 0 1 4/4 Brg/ 1 0 0 0 0 0 0 0 0 1 4/5 Brg/ 1 0 0 0 0 0 0 0 0 1 4/6 Brg/ 1 0 0 0 0 0 0 0 0 1 4/7 Brg/ 1 0 0 0 0 0 0 0 0 1 4/8 Brg/ 1 0 0 0 0 0 0 0 0 1 5/1 Brg/ 1 0 0 0 0 0 0 0 0 Group, Slot/Intf. These Service/Instance. The columns are described for the vi command on page 19-50. Service Type (Service) and Instance (Instance) of this Service Type in the switch. Page 19-53 Viewing Port Statistics Service Type values are as follows: • • • • • • • • Rtr Brg Tnk T10 FRT Lne Vlc CIP Virtual router port Virtual bridge port Virtual trunk port (used for WAN) 802.10 FDDI service port Frame Relay trunk port LAN Emulation service port VLAN clusters (X-LANE) service port Classical IP service port The Instance (Inst) is an identifier of this type of service within the switch. For example, if more than one virtual router port is configured in the switch, then each “instance” of a router will be given a different number. Frames In/Out. The number of frames received or sent from this port. The top number for each port row is the number of frames received, and the bottom number is the number of frames sent. Statistics are not provided for virtual router ports in this display, but they are provided through Networking menu commands. See Chapters 25 and 27 for further information on router port statistics. Octets In/Out. The number of octets, or bytes, received or sent from this port. The top number for each port row is the number of octets received, and the bottom number is the number of octets sent. Statistics are not provided for virtual router ports, but they are provided through Networking menu commands. See Chapters 25 and 27 for further information on router port statistics. Ucast Pkts In/Out. The total number of unicast packets received or sent from this port. The top number for each port row is the number of unicast packets received, and the bottom number is the number of unicast packets sent. Statistics are not provided for virtual router ports, but they are provided through Networking menu commands. See Chapters 25 and 27 for further information on router port statistics. Non Ucast Pkts In/Out. The total number of non-unicast packets received or sent from this port. Non-unicast frames include multicast and broadcast frames. The top number for each port row is the number of non-unicast packets received, and the bottom number is the number of non-unicast packets sent. Statistics are not provided for virtual router ports, but they are provided through Networking menu commands. See Chapters 25 and 27 for further information on router port statistics. Page 19-54 Viewing Port Errors Viewing Port Errors The ve command displays port error statistics for ports in the switch. Entering ve displays error statistics for all virtual ports in the switch. You can also display errors statistics for only ports in a specific Group by specifying the Group ID after the ve command. For example, to view errors only for ports in Group 6, you would enter ve 6 You can also display error statistics for a specific port by entering the slot and port number after the ve command. For example, to view errors only for Port 1 on the module in Slot 4, you would enter ve 4/1 The same type of information is displayed for a single Group or port as is displayed for all ports in a switch. The following screen shows a sample from the ve command when specified without any Group or port parameters. Virtual Interface Error Information- For All Interfaces Slot/ Service/ Buffer Discards Error Discards Group Intf Instance In Out In Out ===== === =========== =========== =========== ============ ============= 2 All Rtr/ 1 3 All Rtr/ 2 1 All Rtr/ 1 1 3/1 Tnk/ 1 0 0 0 0 1 4/1 Brg/ 1 0 0 0 0 1 4/2 Brg/ 1 0 0 0 0 1 4/3 Brg/ 1 0 0 0 0 1 4/4 Brg/ 1 0 0 0 0 1 4/5 Brg/ 1 0 0 0 0 1 4/6 Brg/ 1 0 0 0 0 1 4/7 Brg/ 1 0 0 0 0 1 4/8 Brg/ 1 0 0 0 0 1 5/1 Brg/ 1 0 0 0 0 Group, Slot/Intf. These columns are described for the vi command on page 19-50. Service/Instance. The Service Type (Service) and Instance (Instance) of this Service Type in the switch. Service Type values are as follows: • • • • • • • • Rtr Brg Tnk T10 FRT Lne Vlc CIP Virtual router port Virtual bridge port Virtual trunk port (used for WAN) 802.10 FDDI service port Frame Relay trunk port LAN Emulation service port VLAN clusters (X-LANE) service port Classical IP service port Page 19-55 Viewing Port Errors The Instance (Inst) is an identifier of this type of service within the switch. For example, if more than one virtual router port is configured in the switch, then each “instance” of a router will be given a different number. Buffer Discards In/Out. For transmit (Out) and receive (In), the number of frames discarded due to a lack of buffer space. Buffer discard information is not provided for virtual router ports. Error Discards In/Out. For transmit (Out) and receive (In), the number of frames discarded due to errors. Error discard information is not provided for virtual router ports. Page 19-56 Port Mirroring Port Mirroring You can set up Port Mirroring for any pair of Ethernet (10 or 10/100 Mbps) within the same switch chassis. Ethernet ports supporting port mirroring include10BaseT (RJ-45), 10BaseFL (fiber), 10Base2 (BNC), and 10Base5 (AUI) connectors. When you enable port mirroring, the active, or “mirrored,” port transmits and receives network traffic normally, and the “mirroring” port receives a copy of all transmit and receive traffic to the active port. You can connect an RMON probe or network analysis device to the mirroring port to see an exact duplication of traffic on the mirrored port without disrupting network traffic to and from the mirrored port. Port mirroring is supported on Omni Switch/Router chassis for Ethernet (10 or 10/100 Mbps) ports only. An Ethernet port can only be mirrored by one other Ethernet port. A mirroring port can only mirror one port at a time. Up to five (5) mirroring sessions (mirrored-mirroring port pairs) are supported in a single switch chassis. The mirrored and mirroring ports can be in different Groups and different VLANs. How Port Mirroring Works When a frame is received on a Mirrored Port it is copied and sent to the Mirroring Port. The received frame is actually transmitted twice across the switch backplane—once for normal bridging and then again to the Mirroring Port. When a frame is transmitted by the mirrored port, a copy of the frame is made, tagged with the mirroring port as the destination, and sent back over the switch backplane to the mirroring port. The following diagram illustrates the data flow for a Mirrored-Mirroring port pair. Mirrored Port Mirroring Port Copied Incoming Frames Incoming and outgoing frames on the Mirrored port are copied and transmitted to the Mirroring Port. Incoming Frames Copied Outgoing Frames Outgoing Frames Relationship Between Mirrored and Mirroring Port When port mirroring is enabled, there may be some performance degradation since all frames received and transmitted by the Mirrored port need to be copied and sent to the Mirroring port. What Happens to the Mirroring Port Once you set up port mirroring and attach cables to the Mirrored and Mirroring ports, the Mirroring port is administratively disabled and no longer a part of the Bridging Spanning Tree. The Mirroring port does not transmit or receive any traffic on its own. In addition, the Admin Status of the mirroring port displays in switch software commands, such as vi, as M <slot> <port> Page 19-57 Port Mirroring where <slot> is the slot number of the module containing the mirrored port, and <port> is the port number of the mirrored port. For example, if the Admin Status of a port displayed as M 3 02 then you would know this port is mirroring traffic for Port 2 on the module in Slot 3. If a cable is not attached to the Mirrored port, port mirroring will not take place. In this case, the Mirroring Port reverts back to its normally operational state and will bridge frames as if port mirroring were disabled. Using Port Mirroring With External RMON Probes Port mirroring is a helpful monitoring tool when used in conjunction with an external RMON probe. Once you set up port mirroring, the probe can collect all relevant RMON statistics for traffic on the mirrored port. You can also move the Mirrored Port so that the Mirroring Port receives data from different ports. In this way, you can roam the switch and monitor traffic at various ports. If you attach an external RMON probe to a mirroring port, that probe must have an IP address that places it in the same VLAN as the mirrored port. In addition if you change the mirrored port, then you must again make sure that the RMON probe is in the same VLAN as that new mirrored port. Mirrored Port Mirroring Port RMON Probe Must be in same VLAN. Mirrored and Mirroring Ports in Same VLAN Frames received from an RMON probe attached to the Mirroring Port can be seen as being received by the Mirrored Port. These frames from the Mirroring Port are marked as if they are received on the Mirrored Port before being sent over the switch backplane to an NMS station. Therefore, management frames from an NMS station that are destined for the RMON probe are first forwarded out the Mirrored Port. After being received on the Mirrored Port, copies of the frames are mirrored out the Mirroring Port—the probe attached to the Mirroring Port receives the management frames. The illustration on the following page shows this data flow. Page 19-58 Port Mirroring Mirrored Port Mirroring Port probe frames sent ➊ RMON from the Mirroring Port. probe frames from ➋ RMON the Mirroring Port appear to RMON Probe come from the Mirrored Port when the NMS workstation receives them. NMS Workstation Mirrored Port Mirroring Port mirroring sends cop➍ Port ies of management frames to the Mirroring Port. frames from the ➌ Management NMS workstation are sent to the Mirrored Port. RMON Probe NMS Workstation Port Mirroring Using an External RMON Probe ♦ Important Note ♦ The Mirroring Port is not accessible from the NMS device. From the NMS station, the Mirroring Port will appear disabled or down. Page 19-59 Port Mirroring Setting Up Port Mirroring You set up port mirroring when you add or modify a port through the addvp or modvp commands. The switch software senses the type of port you are configuring, so it will only prompt you for port mirroring when configuring an Ethernet port. Follow the steps below to set up port mirroring. 1. Start the addvp or modvp command for the virtual port that you want to mirror. 2. At the Command prompt enter 8=e, press <Enter> and you will be prompted for the slot and port number of the “mirroring” port (i.e., the port that can “see” all traffic for this port): Mirroring vport slot/port ? ( ) : 3. Enter the mirroring port’s slot, a slash (/), the port number, and then press <Enter>. The port that you indicate here will be disabled and only capable of receiving duplicate traffic from the mirrored port. If port mirroring is not supported on this port, then the following prompt will display: mirroring not supported on this port type After entering the Mirroring slot and port number, the addvp or modvp screen of options re-displays with the changes you entered. If you are done modifying or adding the port, enter save at the Command prompt. If using the addvp command a message indicating that you have successfully set up the port displays. Port mirroring takes place immediately, so you could now connect a probe or network analyzer to the Mirroring port. Disabling Port Mirroring You can disable port mirroring through the modvp command. Follow these steps to disable port mirroring. 1. Start the modvp command for the virtual port on which you want to disable port mirroring. 2. At the Command prompt enter 8=d, press <Enter>. The modvp screen re-displays. The Mirrored Port Status field should read Disabled, available. Page 19-60 Port Monitoring Port Monitoring An essential tool of the network engineer is a network packet capture device. A packet capture device is usually a PC-based computer, such as the Sniffer®, that provides a means for understanding and measuring data traffic of a network. Understanding data flow in a VLANbased switch presents unique challenges primarily because traffic takes place inside the switch, especially on dedicated devices. The port monitoring feature built into OmniS/R software allows the network engineer to examine packets to and from a specific Ethernet 10BaseT port. Port monitoring has the following features: • • • • • • • • • • Software commands to enable and display captured port data. Captures data in Network General® file format. Limited protocol parsing (basic IP protocols and IPX) in console dump display. Data packets time stamped. One port monitored at a time. RAM-based file system. Memory buffer space from 1 MB to 8 MB. Statistics gathering and display Monitors only Ethernet 10BaseT ports Filtering limited to basic packet type—broadcast, multicast or unicast. You can select to dump real-time packets to the terminal screen, or send captured data to a file. Once a file is captured, you can FTP it to a Sniffer for viewing. Port Mirroring An alternate method of monitoring ports is Port Mirroring, which allows a network engineer to attach a Sniffer to one Ethernet port and mirror traffic to and from any other Ethernet port. Port mirroring is described in Port Mirroring on page 19-57. Port Monitoring Menu The port monitoring commands are contained on the port monitoring menu, which is a submenu of the Networking menu. The port monitoring menu displays as follows: Command Port Monitoring Menu pmon pmcfg pmstat pmd pmp Port monitor utility Configure port monitor parameters View port monitor statistics Port monitor disable Port monitor pause Main File Interface Security /Networking/Monitor % Summary System VLAN Services Networking Help The commands in this menu are described in the following sections. Page 19-61 Port Monitoring RAM Disk System for Data Capture Files Port monitoring uses a RAM disk for fast temporary storage of data capture files. The RAM disk has a separate directory designation of /ram. RAM-based files are created in DOS-FAT format and they are displayed in UPPERCASE. You can copy files between the /ram disk system and the standard /flash file system. In addition, files in the RAM disk system are retrievable via FTP. Both the /ram file system and the /flash file system are accessible by using the UNIX/DOS-style change directory (cd) command. ♦ Note ♦ The RAM drive is part of DRAM memory. If you power off or reboot the switch, any files saved in the RAM drive will be lost. Configuring RAM Drive Resources (pmcfg) The pmcfg command allows you to select the size of the RAM disk file system or to delete the RAM disk. In addition, it allows you to configure the amount of data collected for each packet capture. To begin configuring RAM drive resources, enter pmcfg A screen similar to the following displays: RAM disk size : 1000 Kilobytes Lines displayed: 1 Change any of the above (y/n)? (n) To change one of the settings, enter a Y and press <enter>. You will be prompted for a new RAM drive size. Select a size in kilobytes between 1000 and 8000. You can also delete the RAM drive by entering a size of zero (0). Changing the RAM disk size also requires that you reboot the system. The Lines displayed controls the amount of data displayed to the terminal when you choose to dump session data to the computer screen. You can specify the number of lines to display while viewing port monitor data on the screen. Changing the Default System Directory (cd) After a port monitoring session is enabled the default directory is the RAM disk system (/ram). To switch back to the standard default flash file system (/flash) use the cd command. To switch back to the default directory, enter cd /flash To switch back to the RAM disk directory, enter cd /ram Page 19-62 Port Monitoring Starting a Port Monitoring Session (pmon) You enable a port monitoring session through the pmon command. To start a session, enter pmon followed by the slot and port number that you want to monitor. For example, to monitor a port that is the first port in the fourth slot of the switch, you would enter pmon 4/1 You can only monitor Ethernet 10BaseT ports. If a port is already being mirrored (enabled through the addvp or modvp command) you cannot monitor it. Also, you cannot set up more than one monitoring session on the same port. If the port is currently being monitored, or mirrored, the following message displays: Port 4/1 is being monitored. Disable monitoring? (y) If the port is not being monitored, or mirrored, the following message displays: Port 4/1 is not being monitored, or mirrored. Enable monitoring? (y) Enter a Y and press <enter> at this prompt. The following screen of options displays: Slot/Port : 5/1 RAM disk size 1000 Kilobytes Capture to filename :y Capture filename : PMONITOR.ENC Dump to screen :y Broadcast frames :y Multicast frames :y Unicast frames :y Change any of the above (y/n)? (n) : If you want to change any of the values, enter a Y and press <enter>. You will be prompted for all of the values in the screen except the RAM disk size, which you must change through the pmcfg command before starting the session. The information selected in this screen will be saved in flash configuration memory. Enter any new values as prompted. The above screen re-displays to show the new values. Press <enter> to accept the updated values. Messages similar to the following display: 1048576 byte RAM drive /ram already initialized. Bytes remaining on RAM disk = 1040384 The port monitoring session has begun. What happens at this point depends on whether you chose the Dump to screen option. The sections below describe what happens in each case. ♦ Note ♦ If you change the capture filename from the default, you must specify /ram. Otherwise, the file will be saved in the flash directory. Page 19-63 Port Monitoring If You Chose Dump to Screen If you selected the Dump to screen option, then a real-time synopsis of the session displays on your terminal screen. The following shows an example of this data Enter 'p' to pause, 'q' to quit. Destination | Source | Type | Data -------------------------------------------------------------------------------------------------------------00:20:DA:04:01:02 | 00:20:DA:04:01:01 | ICMP | 01:02:03:04:05:06:07:08 00:20:DA:04:01:02 | 00:20:DA:04:01:01 | ICMP | 01:02:03:04:05:06:07:08 FF:FF:FF:FF:FF:FF | 00:20:DA:02:10:E3 | ARP-C | 08:06:00:01:08:00:06:04 FF:FF:FF:FF:FF:FF | 00:20:DA:6F:97:A3 | RIP | 08:00:45:00:00:34:22:30 Each line in the display represents a packet. The destination MAC address, source MAC address, protocol type and actual packet data are shown. The amount of data shown is configured through the pmcfg command. The above sample shows 16 bytes of data per packet. You can stop the data dump to the screen at anytime by pressing q to quit. You can also pause the data dump by pressing p to pause. If You Did Not Choose Dump to Screen If you did not select the Dump to screen option, then the system prompt will return and port monitoring occurs in the background. You can continue using other UI commands. The port monitoring session data is saved in the file you indicated through the pmon screen. You can monitor the session at anytime by using the pmstats command. You can also end or pause an in-progress session using the pmdelete or pmpause commands, respectively. The following sections describes pmdelete and pmpause. Ending a Port Monitoring Session (pmdelete) The pmdelete command ends a port monitoring data capture session that is being saved to file but not being dumped to the console screen. To end the session, enter: pmd A message similar to the following displays: Port monitoring session terminated, data file is xxxxx.ENC. If a port monitoring session was not in progress then the following message displays: No ports being monitored. Pausing a Port Monitoring Session (pmpause) The pmpause command pauses a port monitoring data capture session that is being saved to file but not being dumped to the console screen. To pause the session, enter: pmp The following message displays Pausing monitor data capture/display. To resume the port monitoring session, enter pmp again. The following message displays: Resuming monitor data capture. If a port monitoring session was not in progress, then the following message would display: No ports being monitored. Page 19-64 Port Monitoring Ending a Port Monitoring Session After you quit a port monitoring session, the default directory changes to /ram and the current files on the RAM drive are listed. The screen below shows an example of the display at the completion of a monitoring session. Port monitoring capture done. Current capture files listed: Current working directory ‘/ram’. PM0302.ENC PM0303.ENC 65536 32768 10/20/96 12:12 10/20/96 11:15 950272 bytes free Viewing Port Monitoring Statistics (pmstat) The pmstat command displays the statistics gathered for the current or most recent port monitoring session. If a port monitoring session is currently in progress, then it displays the results of the in-progress session. If a port monitoring session is not in progress, then it displays results of the most recently completed session. To view session statistics, enter pmstat A screen similar to the following displays: Viewing capture statistics: Percent RAM available: 96% Frame type #Frames ------------------------------Broadcast 108 Multicast 253 Unicast 301 The Percent RAM available indicates how much of the configured RAM disk has been used by this port monitoring session. You can configure the size of the RAM disk through the pmcfg command; the default size is 1 MB. The remaining items in the display show the number of packets passed on the port broken down into broadcast, multicast, and unicast frames. Page 19-65 Port Mapping Port Mapping The OmniS/R began as an any-to-any switching device, connecting different LAN interfaces, such as Ethernet As networks grew and the traffic on them increased, a need arose for controlling some traffic, such as broadcasts. Virtual LANs, or VLANs, were introduced to segment traffic such that devices could only engage in switched communication with other devices in the same VLAN. Some applications today require a further degree of traffic segmentation than that provided by VLANs. The port mapping feature allows you to further segment traffic within a VLAN or group by isolating a set of ports. Groups/VLANs and Port Mapping Port mapping does not affect existing group or AutoTracker VLAN operations in a switch. Group and VLAN membership are checked and applied before port mapping constraints are applied. Therefore, any constraints applied by port mapping only limit traffic flow within a group or VLAN; port mapping parameters do not provide any additional connectivity to a port. So if you add a port to a port mapping set, that port will be first subject to the constraints of its Group/VLAN and then the restrictions imposed by port mapping. Up to 128 port mapping sets can be configured per switch. The illustration below helps show how group and port mapping constraints interact. The ports in slot 2 and 5 (2/1—2/4 and 5/1—5/4) are part of group 3. By group membership, all of these ports have switched communication with each other. Likewise, the ports in slot 3 and slot 4 have switched communication with each other as they all belong to group 2. OmniS/R Port Map 1 Ingress Ports 2/1 2/2 2/3 2/4 Port Map 2 Ingress Ports 3/1 3/2 3/3 3/4 Group 3 Group 2 4/1 4/2 4/3 4/4 Port Map 2 Egress Ports 5/1 5/2 5/3 5/4 Port Map 1 Egress Ports Groups and Port Mapping Once a port mapping set is constructed, communication within each of the groups becomes more restricted. A port mapping set consists of ingress and egress ports; ingress ports can only send traffic to egress ports. In the above figure, all ports on slots 2 and 3 are ingress ports and ports on slots 4 and 5 are egress ports. Page 19-66 Port Mapping Port communication is uni-directional. A mapping between an ingress port and an egress port can only pass data from the ingress port to the egress port. To allow traffic to flow the from the egress port to the ingress port, it is necessary to create a new mapping. This configuration restricts each port to communication only with the other four ports in the opposite port mapping subset within the same group. For example, port 2/1 can only send traffic to ports 5/1, 5/2, 5/3, and 5/4. It can no longer communicate with ports 2/2, 2/3, and 2/4 even though they are part of the same group. Port mapping restricts ports from communicating with other ports within the same subset. Port mapping does not affect other ports in the group that are not part of the port mapping set. The Details of Port Mapping Port mapping can be thought of as special rule that is applied after standard group and VLAN rules are applied. This rule statically assigns a port as either an ingress or egress port. Ingress ports can only communicate with egress ports. In this sense, one subset of ports is “mapped” to another subset of ports. Ports within the same subset can not communicate with each other or with another switch port that is not a member of the opposite port mapping subset. ♦ Note ♦ Port mapping restrictions are only applied to ports on 10/100 Ethernet modules (e.g., ESM-100F-8, ESM-C-32, ESM-FM-16W, ESM-100C-12). As an illustration, see the diagram of three Ethernet modules below. The modules are in slots 2, 3, and 4. The ports that are circled are included in a port mapping subset. The three ports at the top—2/1, 3/1, and 4/1—are ingress ports. The six ports below —2/4, 2/5, 3/4, 3/5, 4/4, and 4/5—are egress ports in the port mapping set. 3 7 8 8 8 9 10 11 12 9 10 11 12 9 10 11 12 t Slo 4 T AC K LN T AC K LN T AC K LN 1x 1x 1x 2x 2x 2x 3x 3x 3x 4x 4x 4x 5x 5x 5x 6x 6x 6x 7x 7x 7x 8x 8x 8x One side of the paired set. Ports 2/1, 3/1, and 4/1. These ports are subset A. t Slo 6 7 7 2 6 6 t Slo Other side of the paired set. Ports 2/4, 2/5, 3/4, 3/5, 4/4, and 4/5. These ports are subset B. Port Subsets in the Port Mapping Set Page 19-67 Port Mapping Who Can Talk to Whom? The following matrix outlines which ports can communicate with each other in the example shown on the previous page assuming all ports are part of the same group or VLAN. A port can only communicate with ports in the opposite subset within the port mapping set. Switch Ports That May Communicate* 2/1 2/4 2/5 3/1 3/4 3/5 4/1 4/4 4/5 2/1 N/A Yes Yes No Yes Yes No Yes Yes 2/4 No N/A No No No No No No No 2/5 No No N/A No No No Yes No No 3/1 No Yes Yes N/A Yes Yes No Yes Yes 3/4 No No No No N/A No No No No 3/5 No No No No No N/A No No No 4/1 No Yes Yes No Yes Yes N/A Yes Yes 4/4 Yes No No Yes No No Yes N/A No 4/5 Yes No No Yes No No Yes No N/A *Read table from right (ingress ports) to left only. Port communication is uni-directional. A mapping between an ingress port and an egress port can only pass data from the ingress port to the egress port. To allow traffic to flow the from the egress port to the ingress port, it is necessary to create a new mapping. It’s important to remember that the port mapping configuration is affected by existing group/VLAN rules. If the ports in the above example belonged to three groups based on IP network rules, then they would be restricted by group membership and port mapping. Port mappings can be created between switch ports and uplink ports, but not between uplink ports. For example, you could map ethernet ports 3/1-12 to an WAN uplink port 4/1. This is useful when there is no traffic between ethernet ports, but all ports are to be forced to the uplink module. You cannot, however, map uplink port 4/1 to uplink port 4/2. Port Mapping Limitations The following are restrictions to the use of the port mapping feature: • Port mapping cannot be used with ports assigned to an 802.1Q group. • Port mapping cannot be used with an OmniChannel unless all ports in the OmniChannel are included in the port mapping (on either the ingress or egress list). For example, if ports 3/1-3/4 are an OmniChannel, all four ports must be in the ingress or egress list. You could not just map port 3/1. Page 19-68 Port Mapping Creating a Port Mapping Set Use the pmapcr command to create a port mapping set. Follow these steps: 1. Enter pmapcr at a system prompt. 2. The following screen displays: Port Map Configuration 1. Ingress List 2. Egress List : : Enter the ingress ports and egress ports for this map set. This is done by entering the line number, an equal sign, and the port (or ports) to be added. For example, if you want to create a map set with and ingress port of 3/6 and an egress port of 4/6, you would enter the following at the prompt: 1=3/6 2=4/6 This must be done in two separate operations, one for the ingress and one for the egress lists. You can add more than one port to a list by using a comma (,) between slot/port designations, or a dash (-) between port numbers. For example, if you wanted to make ports 4/1, 4/6, 4/7, 4/8, and 4/9 egress ports for this map set, you would enter the following: 2=4/1, 4/6-9 A switch port in the ingress list can only communicate with switch ports in the egress list. Switch ports in the same list cannot communicate with each other or any other ports in the switch. For example, if you enter: 1=2/1, 3/1 2=2/2, 3/2 then you are creating a paired set of four ports. Port 2/1 can only communicate with ports 2/2 or 3/2. It cannot communicate with any other ports in the switch, including port 3/1. Port 3/1 also can only communicate with ports 2/2 and 3/2, but no others. Any port type may be added to a port mapping set. However, only Mammoth-generation Ethernet ports will be restricted by port mapping limitations. For example, you could add a non-Ethernet port to the set, but traffic from that port would not be restricted. 3. You will want to save your configuration, so enter an s at the port-mapping prompt. Your configuration will be saved. A prompt similar to the following appears to confirm the creation of the port map: Port Map 7 created. The port map number is used when modifying the map set. It is important to remember that port communication is uni-directional. A mapping between an ingress port and an egress port can only pass data from the ingress port to the egress port. To allow traffic to flow the from the egress port to the ingress port, it is necessary to create a new mapping. Page 19-69 Port Mapping Adding Ports to a Port Mapping Set You can add ports to a port map set once it has been created using the pmapmod command. Follow these steps: 1. Enter the pmapmod command at a system prompt, as shown: pmapmod <pmap id> where <pmap id> is the map set number shown when the map set was created. (To view a list of all existing map sets, see Viewing a Port Mapping Set on page 19-72.) For example, to modify map set 5, you would enter the following: pmapmod 5 2. The following screen displays: Port Mapping Configuration ======================= Port Map Id ----------------5 Ingress Ports ------------------3/1, 3/2, 3/3 Egress Ports -----------------4/1, 4/2, 4/3 Modify Port Map 5 1. Add Ports to Ingress List 2. Add Ports to Egress List 3. Delete Ports from Ingress List 4. Delete Ports from Egress List 5. View Port Map Configuration : : : : : Note that the current ports in the port mapping set are displayed. Use this information to make decisions on the ports you want to add or remove from the set. Enter the line number for the operation you want to perform (a 1 for the ingress list or a 2 for the egress list), an equal sign (=), and the ports to be added. For example, add port 3/2 to the ingress list and the egress list, enter the following (in two separate operations): 1=3/2 2=3/2 You can add more than one port to a list by using a comma (,) between slot/port designations, or a dash (-) between port numbers. For example, if you wanted to make ports 4/1, 4/6, 4/7, 4/8, and 4/9 egress ports for this map set, you would enter the following: 2=4/1, 4/6-9 3. To view the changes, enter a 5 (View Port Map Configuration), and equal sign (=), and a y, as shown: 5=y This will refresh the Port Mapping Configuration screen and display any changes you have made. 4. Quit the session by entering a q at the prompt. Page 19-70 Port Mapping Removing Ports from a Port Mapping Set You can remove ports to a port map set once it has been created using the pmapmod command. Follow these steps: 1. Enter the modpmap command at a system prompt, as shown: pmapmod <pmap id> where <pmap id> is the map set number shown when the map set was created. (To view a list of all existing map sets, see Viewing a Port Mapping Set on page 19-72.) For example, to modify map set 5, you would enter the following: pmapmod 5 2. The Port Mapping Configuration screen displays (as shown above in Adding Ports to a Port Mapping Set on page 19-70). Enter the line number for the operation you want to perform (a 3 for the ingress list or a 4 for the egress list), an equal sign (=), and the ports to be added. For example, remove port 3/2 to the ingress list and the egress list, enter the following (in two separate operations): 3=3/2 4=3/2 You can remove more than one port to a list by using a comma (,) between slot/port designations, or a dash (-) between port numbers. For example, if you wanted to remove ports 4/1, 4/6, 4/7, 4/8, and 4/9 from the egress list of this map set, you would enter the following: 4=4/1, 4/6-9 3. To view the changes, enter a 5 (view port may configuration), an equal sign (=), and a y, as shown: 5=y This will refresh the Port Mapping Configuration screen and display any changes you have made. 4. Quit the session by entering a q at the prompt. Page 19-71 Port Mapping Viewing a Port Mapping Set You can view a port mapping set using the vpmap command. Enter the pmapv command as shown: pmapv <pmap id> where <pmap id> is the map set number shown when the map set was created. For example, to modify map set 5, you would enter the following: pmapv 5 The following screen is shown: Port Mapping Configuration ======================= Port Map Id ----------------5 Ingress Ports ------------------3/1, 3/2, 3/3 Egress Ports -----------------4/1, 4/2, 4/3 As a variation of this command, enter the vpmap command with no port map identification. This will display all port mapping sets configured for this switch. Port Map Id. An identification number for the port map set, generated when the set is created. Ingress Ports. The switch ports designated as ingress ports for this port map set. Ingress ports can only communicate with egress ports. Egress Ports. The switch ports designated as egress ports for this port map set. Egress ports can only communicate with ingress ports. Deleting a Port Mapping Set You can delete a port mapping set after it is created. Enter pmapdel at a prompt as shown: pmapdel <pmap id> where <pmap id> is the map set number shown when the map set was created. (To view a list of all existing map sets, see Viewing a Port Mapping Set on page 19-72.) For example, to modify map set 5, you would enter the following: pmapdel 5 Page 19-72 Priority VLANs Priority VLANs Prioritizing VLANs allows you to set a value for traffic based on the destination VLAN of packets. Traffic with the higher priority destination will be delivered first. VLAN priority can be set from 0 to 7, with 7 being the level with the most priority. The following diagram illustrates this idea: Client 1 Switch A VLAN 1 (Priority 0) Client 2 12345678 12345678 123456 123456 Client 3 VLAN 2 (Priority 7) Switch B Client 4 In the above diagram, traffic from Client 3 in VLAN 2 (with a priority of 7) to Client 2 takes precedence over traffic from Client 1 in VLAN 1 (with a priority of 0) to Client 4. Group priority can be set when creating a group using the crgp command. For more information on the crgp command, see Creating a New Group on page 19-18. Group priority can modified or viewed using the prty_mod and prty_disp commands, detailed below. Mammoth vs. Kodiak Priority VLANs Although the range of VLAN priority is 0-7, the Mammoth based modules only supports two levels of priority. In other words, 0-3 is one level and 4-7 is another. Future releases will expand the number of priority levels. Kodiak based modules support up to 4 levels of priority (0-1, 2-3, 4-5, 6-7). These two different implementations of the VLAN priority are not compatible. Kodiak based priority VLANs can be used with other Kodiak based priority VLANs. This is true for Mammoth based VLANs as well. Page 19-73 Priority VLANs Configuring VLAN Priority To configure the priority of a VLAN: 1. Enter the prty_mod command at the system prompt, as shown: prty_mod <groupId> where <groupId> is the group number associated with the VLAN whose priority is being set. For example, to modify the priority of the VLAN for Group 2, you would enter the following: prty_mod 2 The following prompt is shown: Enter a priority value which is between 0 and 7: 0 2. Enter the number value that is to be the new priority level for this VLAN. The highest (most important) value is
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project