1. Software
  2. Alcatel Carrier Internetworking Solutions
  3. Network Router Switch/Router

Alcatel Carrier Internetworking Solutions Network Router Switch/Router User manual

Add to my manuals
1100 Pages

advertisement

Alcatel Carrier Internetworking Solutions Network Router Switch/Router User manual | Manualzz 
Part No. 060166-10, Rev. C
March 2005
Omni Switch/Router ™
User Manual
Release 4.5
www.alcatel.com
An Alcatel service agreement brings your company the assurance of 7x24 no-excuses technical
support. You’ll also receive regular software updates to maintain and maximize your Alcatel product’s
features and functionality and on-site hardware replacement through our global network of highly
qualified service delivery partners. Additionally, with 24-hour-a-day access to Alcatel’s Service and
Support web page, you’ll be able to view and update any case (open or closed) that you have reported
to Alcatel’s technical support, open a new case or access helpful release notes, technical bulletins, and
manuals. For more information on Alcatel’s Service Programs, see our web page at
www.ind.alcatel.com, call us at 1-800-995-2696, or email us at [email protected].
This Manual documents Release 4.5 Omni Switch/Router hardware and software.
The functionality described in this Manual is subject to change without notice.
Copyright© 2005 by Alcatel Internetworking, Inc. All rights reserved. This document may not be reproduced in
whole or in part without the express written permission of Alcatel Internetworking, Inc.
Alcatel® and the Alcatel logo are registered trademarks of Alcatel. Xylan®, OmniSwitch®, PizzaSwitch® and
OmniStack® are registered trademarks of Alcatel Internetworking, Inc.
AutoTracker™, OmniAccess™, OmniCore™, Omni Switch/Router™, OmniVista™, PizzaPort™, PolicyView™,
RouterView™, SwitchManager™, SwitchStart™, VoiceView™, WANView™, WebView™, X-Cell™, X-Vision™
and the Xylan logo are trademarks of Alcatel Internetworking, Inc.
All-In-OneSM is a service mark of Alcatel Internetworking, Inc. All other brand and product names are trademarks
of their respective companies.
26801 West Agoura Road
Calabasas, CA 91301
(818) 880-3500 FAX (818) 880-3505
[email protected]
US Customer Support–(800) 995-2696
International Customer Support–(818) 878-4507
Internet–http://eservice.ind.alcatel.com
Cautions
FCC Compliance: This equipment has been tested and found to comply with the limits for Class A
digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference when the equipment is operated in a commercial
environment. This equipment generates, uses, and can radiate radio frequency energy and, if not
installed and used in accordance with the instructions in this guide, may cause interference to radio
communications. Operation of this equipment in a residential area is likely to cause interference, in
which case the user will be required to correct the interference at his own expense.
The user is cautioned that changes and modifications made to the equipment without approval of the
manufacturer could void the user’s authority to operate this equipment. It is suggested that the user
use only shielded and grounded cables to ensure compliance with FCC Rules.
This equipment does not exceed Class A limits per radio noise emissions for digital apparatus, set out
in the Radio Interference Regulation of the Canadian Department of Communications.
Avis de conformité aux normes du ministére des Communications du Canada
Cet équipement ne dépasse pas les limites de Classe A d’émission de bruits radioélectriques pour les
appareils numériques, telles que prescrites par le Réglement sur le brouillage radioélectrique établi
par le ministére des Communications du Canada.
Lithium Batteries Caution: There is a danger of explosion if the Lithium battery in your chassis is
incorrectly replaced. Replace the battery only with the same or equivalent type of battery
recommended by the manufacturer. Dispose of used batteries according to the manufacturer’s
instructions. The manufacturer’s instructions are as follows:
Return the module with the Lithium battery to Alcatel. The Lithium battery will
be replaced at Alcatel’s factory.
page iii
page iv
Table of Contents
1 Omni Switch/Router Chassis and Power Supplies
. . . . . . . . . . . . . . . . 1-1
Omni Switch/Router User Interface (UI) Software . . . . . . . . . . . . . . . . . . . 1-2
Omni Switch/Router Network Management Software (NMS) . . . . . . . . . . . 1-2
Omni Switch/Router Distributed Switching Fabric . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Omni Switch/Router Fabric Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Omni Switch/Router Applications and Configurations . . . . . . . . . . . . . . . . . . . . . . 1-5
Omni Switch/Router as the Backbone Connecting Several Networks . . . . . . . . 1-5
Omni Switch/Router as the Central Backbone Switch/Router and
in the Wiring Closet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
Omni Switch/Router Chassis and Power Supplies . .
OmniS/R-3 . . . . . . . . . . . . . . . . . . . . . . . . . . .
OmniS/R-3 Chassis Technical Specifications
OmniS/R-5 . . . . . . . . . . . . . . . . . . . . . . . . . . .
OmniS/R-5 Technical Specifications . . . . . .
OmniS/R-9 and OmniS/R-9P . . . . . . . . . . . . . .
OmniS/R-9 Technical Specifications . . . . . .
OmniS/R-9P Technical Specifications . . . . .
OmniS/R-9P-48V Technical Specifications . .
Omni Switch/Router Power Requirements . . . .
Grounding a Chassis . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 1-7
. 1-8
. 1-9
1-10
1-12
1-13
1-15
1-16
1-17
1-18
1-21
The Omni Switch/Router Hardware Routing Engine (HRE-X) . . . . . . . . . . . . . . . 1-22
Valid HRE-X Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23
HRE-X Router Registers versus Feature Limitations . . . . . . . . . . . . . . . . . . . . 1-23
Connecting a DC Power Source to an OmniS/R-PS5-DC375 . . . . . . . . . . . . . . . . 1-24
Installing DC Power Source Wire Leads . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-24
Connecting a DC Power Source to an OmniS/R-PS9-DC725 . . . . . . . . . . . . . . . . 1-27
Installation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-27
Installing DC Power Source Wire Leads . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28
Replacing Power Supplies (9-Slot Chassis) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-30
2 The Omni Switch/Router MPX
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Omni Switch/Router Management Processor Module (MPX) Features . . . . . . . . . . 2-1
MPX Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
MPX Serial and Ethernet Management Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Ethernet Management Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
Configuring MPX Serial Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Flash Memory and Omni Switch/Router Software . . . . . . . . . . . . . . . . . . . . . . . . . 2-7
Flash Memory Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8
page v
Table of Contents
MPX Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
Change-Over Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
MPX Redundancy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10
3 Omni Switch/Router Switching Modules
. . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Required Image Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Installing a Switching Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Removing a Switching Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
Hot Swapping a Switching Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7
Diagnostic Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9
Handling Fiber and Fiber Optic Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10
Gigabit Ethernet Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12
GSX-K-FM/FS/FH-2W . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12
GSX-K-FM/FS/FH-2W Technical Specifications . . . . . . . . . . . . . . . . . . . . 3-13
Auto-Sensing 10/100 Ethernet Modules . . . . . . .
Ethernet RJ-45 Pinouts . . . . . . . . . . . . . .
Ethernet RJ-45 Specifications . . . . . . . . .
ESX-K-100C-32W . . . . . . . . . . . . . . . . . . . . .
ESX-K-100C-32W Technical Specifications
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
3-15
3-15
3-15
3-15
3-17
Fast (100 Mbps) Ethernet Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19
ESX-K-100FM/FS-16W . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19
ESX-K-100FM/FS-16W Technical Specifications . . . . . . . . . . . . . . . . . . . . 3-20
WAN Modules . . . . . . . . . . . . . . . . . . . . . . . . . . .
WAN Pinouts . . . . . . . . . . . . . . . . . . . . . . .
WAN BRI Port Specifications (S/T Interface)
WAN BRI Port Specifications (U Interface) .
WAN T1/E1 Port Specifications . . . . . . . . . .
WAN Serial Port Specifications . . . . . . . . . .
WSX-S-2W . . . . . . . . . . . . . . . . . . . . . . . . . . .
WSX-S-2W Technical Specifications . . . . . .
WSX-SC . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
WSX-SC Technical Specifications . . . . . . . .
WSX-FT1/E1-SC . . . . . . . . . . . . . . . . . . . . . . . .
WSX-FT1/E1-SC Technical Specifications . .
WSX-FE1-SC Cabling/Jumper Settings . . . . .
WSX-BRI-SC . . . . . . . . . . . . . . . . . . . . . . . . . .
WSX-BRI-SC Technical Specifications . . . . .
page vi
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
3-22
3-22
3-23
3-23
3-24
3-25
3-27
3-27
3-29
3-30
3-32
3-33
3-35
3-36
3-37
Table of Contents
4 The User Interface
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Overview of Command Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Changing Between the CLI and UI Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
Exit the Command Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
UI to CLI Command Cross Reference . . . . . .
Hardware Commands . . . . . . . . . . . . . .
Hardware Table . . . . . . . . . . . . . . . .
Basic Switch Management Commands . .
Basic Switch Management Table . . . .
Network Management Commands . . . . .
Network Management Table . . . . . .
Layer II Switching Commands . . . . . . . .
Layer II Switching Table . . . . . . . . . .
Groups, VLANs, Policies Commands . . .
Groups, VLANs, Policies Table . . . . .
Routing Commands . . . . . . . . . . . . . . . .
Routing Table . . . . . . . . . . . . . . . . .
WAN Access Commands . . . . . . . . . . . .
WAN Access Table . . . . . . . . . . . . . .
Troubleshooting Diagnostics Commands
Troubleshooting/Diagnostics Table . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 4-4
. 4-4
. 4-4
. 4-4
. 4-5
. 4-6
. 4-6
. 4-7
. 4-7
. 4-8
. 4-8
4-10
4-10
4-11
4-11
4-13
4-13
User Interface Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14
Main Menu Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15
General User Interface Guidelines . . . . . . . . . . . . . . . . . .
Entering Command Names . . . . . . . . . . . . . . . . . . . .
Quitting a Command . . . . . . . . . . . . . . . . . . . . . . . . .
Scrolling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The UI Configuration Menu . . . . . . . . . . . . . . . . . . . .
Configuring the System Prompt . . . . . . . . . . . . . .
Configuring More Mode for the User Interface . . .
Setting Verbose/Terse Mode for the User Interface
Configuring the Auto Logout Time . . . . . . . . . . . . . . .
Viewing Commands . . . . . . . . . . . . . . . . . . . . . . . . .
Changing Passwords . . . . . . . . . . . . . . . . . . . . . . . . .
Command History and Re-Executing Commands . . . .
Abbreviating IP Addresses . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
4-16
4-16
4-17
4-17
4-17
4-18
4-19
4-22
4-24
4-25
4-25
4-26
4-28
User Interface Display Options . . . . . . . . . .
Setting Echo/NoEcho for User Entry . . . .
Setting the Login Banner . . . . . . . . . . . .
Creating a new Banner . . . . . . . . . .
Permanent Banner . . . . . . . . . . . . . .
Banners for Different Access Methods
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
4-30
4-31
4-31
4-32
4-32
4-32
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Login Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33
page vii
Table of Contents
Multiple User Sessions . . . . . . . . . . . . . .
Listing Other Users . . . . . . . . . . . . .
Communicating with Other Users . . .
Deleting Other Sessions . . . . . . . . . .
Advanced Kill Command Options
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
4-33
4-34
4-35
4-35
4-37
UI Table Filtering (Using Search and Filter Commands)
The Search Command . . . . . . . . . . . . . . . . . . . . . .
Renewing a Search . . . . . . . . . . . . . . . . . . . . .
The Filter Command . . . . . . . . . . . . . . . . . . . . . . .
Combining Search and Filter Commands . . . . . . . .
Using Wildcards with Search and Filter Commands .
Wildcard Command Options . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
4-38
4-39
4-40
4-41
4-42
4-44
4-44
5 Installing Switch Software
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Using FTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Using FTP Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Using ZMODEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Using ZMODEM with the load Command . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Using ZMODEM With the Boot Line Prompt . . . . . . . . . . . . . . . . . . . . . . . 5-5
6 Configuring Management Processor Modules
. . . . . . . . . . . . . . . . . . . . 6-1
Changing Serial Port Communication Parameters . . . . . . . . . . . . . . . . . . .
Changing Port Speed When Communication With The Switch Lost
Configuring the Modem Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Modem Port Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring SLIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
6-2
6-3
6-3
6-3
6-4
Configuring the Ethernet Management Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5
Ethernet Management Ports and Redundant Management Processor Modules . . . . 6-7
The MPM Command/Menu . . . . . . . . . . . . . . . . . . . . . . . . . . .
Displaying MPX Redundancy . . . . . . . . . . . . . . . . . . . . . . .
MPM Menu Commands . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using MPM Commands with Software Release 3.2 and Later
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 6-9
. 6-9
. 6-9
6-10
Listing the Secondary MPX Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11
Transferring a File to the Secondary MPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11
Replacing a File on the Secondary MPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12
Loading a File from the Secondary MPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12
Removing a File from the Secondary MPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13
Giving Up Control to the Secondary MPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14
Setting the Load Suffix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14
Setting Automatic Config Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15
Enabling Automatic Config Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . 6-15
Disabling Automatic Config Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . 6-15
page viii
Table of Contents
Synchronizing Configuration Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16
Synchronizing Image Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16
Loading a File From the Primary MPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17
Gaining Control from the Primary MPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18
Resetting a Secondary MPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-19
Displaying and Setting the Swap State
Displaying the Swap State . . . . . .
Enabling the Swap Mode . . . . . . .
Disabling the Swap Mode . . . . . .
7 Managing Files
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
6-20
6-20
6-20
6-21
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
File Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Displaying the Current Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2
Configuration and Log File Generation . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2
Changing Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2
Listing Switch Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3
Deleting Switch Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4
Deleting Multiple Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4
Deleting All Image Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5
Copying System Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6
Displaying Text Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6
Editing Text Files . . . . . . . . . . . . . . . . . . . . . . . .
Clearing the Text Buffer . . . . . . . . . . . . . . . . .
Loading an ASCII File into the Text Buffer . . .
Listing the Contents of the Text Buffer . . . . . .
Adding Lines of Text to the Text Buffer . . . . .
Deleting a Line of Text from the Text Buffer .
Inserting a Line of Text into the Text Buffer . .
Editing a Line Name of Text in the Text Buffer
Creating a File Name for the Text Buffer . . . .
Creating a Text File from the Text Buffer . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 7-7
. 7-7
. 7-8
. 7-8
. 7-8
. 7-9
. 7-9
. 7-9
7-10
7-10
Real-World Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11
Real-World Example 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11
Real-World Example 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12
System Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-13
Checking the Flash File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-14
Creating a New File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-15
8 Switch Security
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Changing Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
Rebooting the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
page ix
Table of Contents
Secure Switch Access . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring the Secure Switch Access Filter Database
Configuring Secure Access Filter Points . . . . . . . . . .
Enabling/Disabling Security Parameters . . . . . . .
Adding Filters . . . . . . . . . . . . . . . . . . . . . . . . . .
Deleting Filters . . . . . . . . . . . . . . . . . . . . . . . . .
Viewing Secure Access Violations Log . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 8-4
. 8-4
. 8-7
. 8-9
. 8-9
. 8-9
8-10
Managing User Login Accounts . . . . . . . . . . . . . . . . . . . . . . . .
Partition Management Requirements . . . . . . . . . . . . . . . . . .
Default Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Adding a User Account Using the UI Command Mode . . . .
Adding a User Account Using the CLI Command Mode . . . .
Assigning Account Privileges Using the CLI Command Mode
Assigning Account Privileges Using the UI Command Mode
Command Family Table . . . . . . . . . . . . . . . . . . . . . . . .
Global Family Table . . . . . . . . . . . . . . . . . . . . . . . . . . .
Modifying a User Account . . . . . . . . . . . . . . . . . . . . . . . . .
Deleting a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
8-11
8-11
8-12
8-12
8-13
8-13
8-16
8-18
8-19
8-20
8-20
9 Configuring Switch-Wide Parameters
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
Summary Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
Displaying the MIB-II System Group Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
Displaying the Chassis Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3
Displaying Current Router Interface Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4
System Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5
Displaying Basic System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6
Setting the System Date and Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8
Viewing Slot Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-14
Viewing System Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-15
Clearing System Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-16
Viewing Task Utilization Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-17
Viewing Memory Utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-19
Viewing MPX Memory Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-20
Checking the Flash File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-21
Checking the SIMM Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-21
Creating a New File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-22
Creating a SIMM File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-22
Configuring System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-23
Viewing CAM Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-24
Configuring CAM Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-25
Configuring the HRE-X Router Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-27
Configuring and Displaying the HRE-X Hash Table . . . . . . . . . . . . . . . . . . . . 9-29
page x
Table of Contents
Duplicate MAC Address Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-30
Multicast Claiming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-32
Disabling Flood Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-32
Saving Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-33
10 Switch Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10-1
Logging Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1
Configuring the Syslog Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2
Configuring Switch Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6
Displaying the Command History Entries in the MPM Log . . . . . . . . . . . . . . . . . . 10-9
Displaying the Connection Entries in the MPM Log . . . . . . . . . . . . . . . . . . . . . . .10-10
Displaying Screen (Console) Capture Entries in the MPM Log . . . . . . . . . . . . . . .10-11
Displaying Debug Entries in the MPM Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-13
Displaying Secure Access Entries in the MPM Log . . . . . . . . . . . . . . . . . . . . . . . .10-13
11 Health Statistics
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1
The Health Statistics Management Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1
Setting Resource Thresholds . . . . . .
Setting Bandwidth Thresholds . .
Setting Miscellaneous Thresholds
Setting the Sampling Interval . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
11-2
11-3
11-4
11-6
View Switch-Level Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-6
View Module-Level Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-7
View Port-Level Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-8
Reset Health Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-8
12 Network Time Protocol
.
.
.
.
.
.
Introduction . . . . . . . . . .
Stratum . . . . . . . . . . . . . .
Using NTP in a Network .
NTP and Authentication . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
12-1
12-1
12-2
12-2
12-4
Network Time Protocol Management Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5
NTP Configuration Menu . . . . . . . . . . . . . . .
Configuring an NTP Client . . . . . . . . . . .
Configuring an NTP Client/Server . . . . .
Configuring Client/Server Authentication
Configuring a New Peer Association . . . .
Configuring a New Server . . . . . . . . . . .
Configuring a Broadcast Time Service . .
Unconfigure Existing Peer Associations .
Set the Server’s Advertised Precision . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 12-6
. 12-6
. 12-8
. 12-9
.12-12
.12-13
.12-13
.12-14
.12-14
page xi
Table of Contents
NTP Information Menu . . . . . . . . . . . . . . . . . . . . . . . .
Display List of Peers the Server Knows About . . . . .
Display Peer Summary Information . . . . . . . . . . . .
Display Alternate Peer Summary Information . . . . .
Display Detailed Information for One or More Peers
Print Version Number . . . . . . . . . . . . . . . . . . . . . .
Display Local Server Information . . . . . . . . . . . . . .
page xii
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.12-15
.12-15
.12-16
.12-17
.12-18
.12-20
.12-21
NTP Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Display Local Server Statistics . . . . . . . . . . . . . . . . . . . . . . .
Display Server Statistics Associated with Particular Peer(s) . .
Display Loop Filter Information . . . . . . . . . . . . . . . . . . . . .
Display Peer Memory Usage Statistics . . . . . . . . . . . . . . . . .
Display I/O Subsystem Statistics . . . . . . . . . . . . . . . . . . . . .
Display Event Timer Subsystem Statistics . . . . . . . . . . . . . .
Reset Various Subsystem Statistics Counters . . . . . . . . . . . .
Reset Stat Counters Associated With Particular Peer(s) . . . . .
Display Packet Count Statistics from the Control Module . . .
Display the Current Leap Second State . . . . . . . . . . . . . . . .
Turn the Server's Monitoring Facility On or Off . . . . . . . . . .
Display Data The Server's Monitor Routines Have Collected
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.12-23
.12-23
.12-24
.12-26
.12-26
.12-27
.12-28
.12-28
.12-28
.12-29
.12-30
.12-31
.12-31
NTP Administration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Set the Primary Receive Timeout . . . . . . . . . . . . . . . . . . . . .
Set the Delay Added to Encryption Time Stamps . . . . . . . . .
Specify the Host Whose NTP Server We Talk To . . . . . . . . .
Specify a Password to Use for Authenticated Requests . . . . .
Set Key ID to Use for Authenticated Requests . . . . . . . . . . . .
Set Key Type to Use for Authenticated Requests (DES|MD5)
Set a System Flag (Auth, Bclient, Monitor, Stats) . . . . . . . . . .
Clear a System Flag (Auth, Bclient, Monitor, Stats) . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.12-33
.12-33
.12-33
.12-34
.12-34
.12-34
.12-35
.12-35
.12-35
NTP Access Control Menu . . . . . . . . . . . . . . . . . . . . . . . . . . .
Change the Request Message Authentication Key ID . . . . .
Change the Control Message Authentication Key ID . . . . .
Add One or More Key ID's to the Trusted List . . . . . . . . .
Display the Trusted Key ID List . . . . . . . . . . . . . . . . . . . .
Remove One or More Key ID's from the Trusted List . . . .
Display the State of the Authentication Code . . . . . . . . . .
Create Restrict Entry/Add Flags to Entry . . . . . . . . . . . . . .
View the Server's Restrict List . . . . . . . . . . . . . . . . . . . . . .
Remove Flags from a Restrict Entry . . . . . . . . . . . . . . . . .
Delete a Restrict Entry . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure a Trap in the Server . . . . . . . . . . . . . . . . . . . . .
Display the Traps Set in the Server . . . . . . . . . . . . . . . . . .
Remove a Trap (Configured or Otherwise) from the Server
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.12-36
.12-36
.12-37
.12-37
.12-37
.12-38
.12-38
.12-39
.12-40
.12-41
.12-41
.12-41
.12-42
.12-42
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Table of Contents
13 SNMP (Simple Network Management Protocol)
. . . . . . . . . . . . . . . . 13-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1
Configuring SNMP Parameters and Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2
Configuring a New Network Management Station . . . . . . . . . . . . . . . . . . 13-4
Viewing SNMP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-8
Trap Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-11
SNMP Standard Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-15
Extended Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-27
14 DNS Resolver and RMON
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1
Configuring the DNS Resolver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1
The Names Submenu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1
Remote Network Monitoring (RMON)
Probes and Events . . . . . . . . . . . .
Ethernet Probes . . . . . . . . . . .
History Probes . . . . . . . . . . . .
Alarm Probes . . . . . . . . . . . . .
Monitoring Probes . . . . . . . . . . . .
Monitoring Events . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
14-3
14-3
14-3
14-3
14-3
14-4
14-5
Configuring Router Port MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-6
Restoring Router Port Mac Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-6
15 Managing Ethernet Modules
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1
Overview of Omni Switch/Router Ethernet Modules . . . . . . . . . . . . . . . . . . . . . . 15-1
Kodiak Ethernet Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3
The Ethernet Management Menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-4
Configuring 10/100 Auto-Sensing Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-5
Connecting Kodiak Modules to Non-Auto-Negotiating Links . . . . . . . . . . 15-6
Configuring Kodiak Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-7
Viewing Configurations for 10/100 Ethernet Modules . . . . . . . . . . . . . . . . . . . . . 15-8
OmniChannel . . . . . . . . . . . . . . . . . . . .
The Server Channel Feature . . . . . . .
Server Channel Limitations . . . . .
Creating an OmniChannel . . . . . . . .
Adding Ports to an OmniChannel . . .
Deleting an OmniChannel . . . . . . . .
Deleting Ports from an OmniChannel
Viewing OmniChannel Parameters . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 15-9
.15-10
.15-11
.15-11
.15-13
.15-13
.15-14
.15-14
page xiii
Table of Contents
16 Managing 802.1Q Groups
............
IEEE 802.1Q Sections Not Implemented
Application Example . . . . . . . . . . . . . . . . .
Single vs. Multiple Spanning Tree . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
16-1
16-2
16-3
16-4
Assigning an 802.1Q Group to a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-7
Configuring 802.1Q on 10/100 Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . 16-8
Configuring 802.1Q on Gigabit Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . .16-11
Modifying 802.1Q Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-12
Modifying 802.1Q Groups for 10/100 Ports . . . . . . . . . . . . . . . . . . . . . . . . . .16-12
Modifying 802.1Q Groups for Gigabit Ethernet Ports . . . . . . . . . . . . . . . . . . .16-14
Viewing 802.1Q Groups in a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-16
Viewing 802.1Q Statistics for 10/100 Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-17
Deleting 802.1Q Groups from a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-18
17 Configuring Bridging Parameters
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-1
Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-3
Bridge Management Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-4
Selecting a Default Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-7
Using the + or - to Change Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-7
Bridging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Displaying Bridge Forwarding Table . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring a Static Bridge Address . . . . . . . . . . . . . . . . . . . . . . . . . . .
Modifying a Static Bridge Address . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deleting a Static Bridge Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Displaying Static Bridge Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Displaying Bridge Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Displaying Media Access Control (MAC) Information for a Specific MAC
address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Displaying Media Access Control (MAC) Information for all MAC
addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Display Statistics of Bridge MAC Addresses . . . . . . . . . . . . . . . . . . . . . .
Clear Statistics of Bridge MAC Addresses . . . . . . . . . . . . . . . . . . . . . . .
Display Remote Trunking Stations . . . . . . . . . . . . . . . . . . . . . . . . . . . .
View the Domain Bridge Mapping Table . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 17-8
. 17-8
.17-10
.17-11
.17-12
.17-13
.17-14
. . . .17-16
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.17-17
.17-17
.17-18
.17-18
.17-19
Setting Flood Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-21
Setting Flood Limits for a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-21
Displaying Group Flood Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-22
Configuring Spanning Tree . . . . . . . . . . . . . . .
Configuring Spanning Tree Parameters . . . .
Display Spanning Tree Bridge Parameters .
Configuring Spanning Tree Port Parameters
Displaying Spanning Tree Port Parameters .
page xiv
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.17-23
.17-25
.17-28
.17-30
.17-32
Table of Contents
Configuring Fast Spanning Tree . . . . . . . . . . . . . . . . . . . . . . . . .
Truncating Tree Timing & Speedy Tree Protocol . . . . . . . . . .
Truncating Tree Timing . . . . . . . . . . . . . . . . . . . . . . . . .
Speedy Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Truncating Tree Timing & Speedy Tree Protocol
Displaying Fast Spanning Tree Port Parameters . . . . . . . . . . .
Enabling Fast Spanning Tree Port Parameters . . . . . . . . . . . .
Disabling Fast Spanning Tree Port Parameters . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.17-34
.17-35
.17-35
.17-35
.17-35
.17-36
.17-38
.17-39
Configuring Source Routing . . . .
SAP Filtering . . . . . . . . . . . .
Enabling SAP Filtering . .
Disabling SAP filtering . .
Configuring SAP Filtering
Viewing SAP Filtering . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.17-40
.17-40
.17-40
.17-41
.17-41
.17-42
Configuring Source Route to Transparent Bridging
Enabling SRTB for a Group . . . . . . . . . . . . . .
Disabling SRTB for a Group . . . . . . . . . . . . . .
Viewing the RIF Table . . . . . . . . . . . . . . . . . .
Clearing the RIF Table . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.17-43
.17-44
.17-45
.17-46
.17-47
18 Configuring Frame Translations
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-1
Any-to-Any Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-1
Translating the Frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-3
The MAC Header . . . . . . . . . . . . . . . .
Canonical versus Non-Canonical . .
Abbreviated Addresses . . . . . . . . .
Functional Addresses and Multicasts
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
18-4
18-4
18-4
18-4
The RIF Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-5
Source Route Termination by Proxy Not Supported . . . . . . . . . . . . . . . . . . . 18-5
Encapsulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Protocols other than IP and IPX . . . . . . . . . . . . . . . . . . . .
The SNAP Conversion . . . . . . . . . . . . . . . . . . . . . . . . . . .
Other Conversions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Summary of Non-IPX Encapsulation Transformation Rules
IPX Encapsulation Transformation Rules . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
The Network Header . . . . . . . . . . .
Address Mapping . . . . . . . . . .
Address Mapping in IP: ARP
Address Mapping in IPX . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
18-6
18-6
18-7
18-7
18-7
18-8
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 18-9
. 18-9
. 18-9
.18-10
Frame Size Requirements . . . . . . . . . . . . . . . . . . . . .
Insertion of Frame Padding . . . . . . . . . . . . . . . . .
Stripping of Padding for all IEEE 802.3 Frames.
No stripping of non-IPX Ethertype Frames . . .
IPX Specific Stripping . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.18-11
.18-11
.18-11
.18-11
.18-11
page xv
Table of Contents
MTU Handling . . . . . . . . . . . .
IP Fragmentation . . . . . . . .
ICMP Based MTU Discovery
IPX Packet Size Negotiation
Other Protocols . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.18-12
.18-12
.18-12
.18-12
.18-12
Banyan Vines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-13
Configuring Encapsulation Options . . . . . . . . . . . . . . . . . .
Forwarding versus Flooding . . . . . . . . . . . . . . . . . . . . .
Port Based Translation Options . . . . . . . . . . . . . . . . . .
MAC Address Based Translation Options . . . . . . . . . . .
“Native” versus “Non-Native” on Ethernet . . . . . . . . . . .
“Native” versus “Non-Native” on FDDI and Token Ring
No Translation on Trunk or PTOP ports . . . . . . . . . . . .
The Proprietary Token Ring IPX Option . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.18-14
.18-14
.18-14
.18-14
.18-15
.18-15
.18-15
.18-15
The User Interface . . . . . . . . . . . . . . . . . . . . .
The addvp, modvp and crgp Commands . .
The Default Translation Option . . . . . . . . .
Ethernet Factory Default Translations . .
FDDI Factory Default Translations . . . .
Token Ring Factory Default Translations
ATM LANE Factory Default Translations
The Ethertype Option . . . . . . . . . . . . .
The SNAP Option . . . . . . . . . . . . . . . .
The LLC Option . . . . . . . . . . . . . . . . . .
Interaction with the new interface . . . .
The “vi” Command . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.18-16
.18-17
.18-17
.18-18
.18-18
.18-19
.18-19
.18-20
.18-21
.18-23
.18-24
.18-24
The Switch Menu . . . . . . . . . . . . . . . . . . .
Proprietary IPX Token Ring . . . . . . . . .
Factory Defaults . . . . . . . . . . . . . . . . .
Default Ethernet Translations . . . . . . . .
Default FDDI Translations . . . . . . . . . .
Default Token Ring Translations . . . . .
Port Translations . . . . . . . . . . . . . . . . .
Configuring Additional Ports . . . . .
Displaying Ethernet Switch Statistics . . .
Displaying Token Ring Switch Statistics
Any to Any MAC Translations . . . . . . .
Default Autoencapsulation . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.18-25
.18-25
.18-25
.18-26
.18-27
.18-28
.18-30
.18-31
.18-31
.18-35
.18-39
.18-40
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Translational Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-41
Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-41
Translations across Trunks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-41
Dissimilar LAN Switching Capabilities . . . . . . . . . . . . . . . . . . . . .
Switching Between Similar LANs . . . . . . . . . . . . . . . . . . . . . .
Switching Between Ethernet LANs Across a Trunked Backbone
Switching Between Similar LANs across a Native Backbone . . .
page xvi
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.18-42
.18-42
.18-43
.18-44
Table of Contents
19 Managing Groups and Ports
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-1
How Ports Are Assigned to Groups . . . . . . . . . . . .
Static Port Assignment . . . . . . . . . . . . . . . .
Dynamic Port Assignment (Group Mobility)
How Dynamic Port Assignment Works . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
19-2
19-2
19-2
19-3
Mobile Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Mobile Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Turning Group Mobility On or Off . . . . . . . . . . . . . . . . . . . . . . . . . . .
Understanding Port Membership in Mobile Groups . . . . . . . . . . . . . . . . . .
How a Device Is Dropped from the Default Mobile Group (def_group)
How a Port’s Primary Mobile Group Changes (move_from_def) . . . . .
How a Port Ages Out of a Mobile Group (move_to_def) . . . . . . . . . . .
Configuring Switch-Wide Group Mobility Variables . . . . . . . . . . . . . . . . . .
Viewing Ports in a Mobile Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Viewing a Port’s Mobile Group Affiliations . . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
. 19-5
. 19-5
. 19-6
. 19-7
. 19-9
.19-10
.19-11
.19-12
.19-14
.19-14
Non-Mobile Groups and AutoTracker VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . .19-15
Routing in a Non-Mobile Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-15
Spanning Tree and Non-Mobile Groups . . . . . . . . . . . . . . . . . . . . . . . . .19-16
Group and Port Software Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-17
Creating a New Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Step 1. Entering Basic Group Information . . . . . . . . . . . . . . . . .
Step 2. Configuring the Virtual Router Port (Optional) . . . . . . . .
Step 3. Set Up Group Mobility and User Authentication . . . . . .
Step 4. Configuring Virtual Ports . . . . . . . . . . . . . . . . . . . . . . .
Step 5. Configuring AutoTracker Policies (Mobile Groups Only)
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.19-18
.19-19
.19-21
.19-27
.19-28
.19-34
Creating a WAN Routing Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-35
Viewing Current Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-38
Modifying a Group or VLAN . . . . . .
Viewing Your Changes . . . .
Saving Your Changes . . . . . .
Canceling Your Changes . . .
Changing the IP Address . . .
Changing the IP Subnet Mask
Enabling IP or IPX Routing .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.19-40
.19-41
.19-41
.19-41
.19-41
.19-41
.19-42
Deleting a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-43
Adding Virtual Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-44
Modifying a Virtual Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-45
Deleting a Virtual Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-46
Viewing Information on Ports in a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-47
Viewing Detailed Information on Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-50
Viewing Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-53
Viewing Port Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-55
page xvii
Table of Contents
Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How Port Mirroring Works . . . . . . . . . . . . . . . . .
What Happens to the Mirroring Port . . . . . . . . . .
Using Port Mirroring With External RMON Probes
Setting Up Port Mirroring . . . . . . . . . . . . . . . . . . . . .
Disabling Port Mirroring . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.19-57
.19-57
.19-57
.19-58
.19-60
.19-60
Port Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . .
Port Monitoring Menu . . . . . . . . . . . . . . . . . . .
RAM Disk System for Data Capture Files . . . . .
Configuring RAM Drive Resources (pmcfg) .
Changing the Default System Directory (cd)
Starting a Port Monitoring Session (pmon) . . . .
If You Chose Dump to Screen . . . . . . . . . .
If You Did Not Choose Dump to Screen . . .
Ending a Port Monitoring Session . . . . . . . .
Viewing Port Monitoring Statistics (pmstat) . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.19-61
.19-61
.19-62
.19-62
.19-62
.19-63
.19-64
.19-64
.19-65
.19-65
Port Mapping . . . . . . . . . . . . . . . . . . . . . . .
Groups/VLANs and Port Mapping . . .
The Details of Port Mapping . . . . . . . . .
Who Can Talk to Whom? . . . . . . . . .
Port Mapping Limitations . . . . . . . . . . . .
Creating a Port Mapping Set . . . . . . . . . .
Adding Ports to a Port Mapping Set . . . .
Removing Ports from a Port Mapping Set
Viewing a Port Mapping Set . . . . . . . . . .
Deleting a Port Mapping Set . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.19-66
.19-66
.19-67
.19-68
.19-68
.19-69
.19-70
.19-71
.19-72
.19-72
Priority VLANs . . . . . . . . . . . . . . . . . . . . . .
Mammoth vs. Kodiak Priority VLANs
Configuring VLAN Priority . . . . . . . . . . .
Viewing VLAN Priority . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.19-73
.19-73
.19-74
.19-74
20 Configuring Group and VLAN Policies
. . . . . . . . . . . . . . . . . . . . . . . . . 20-1
AutoTracker Policy Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-2
Defining and Configuring AutoTracker Policies .
Where These Procedures Start . . . . . . . .
Defining a Port Policy . . . . . . . . . . . . . . . . .
Defining a MAC Address Policy . . . . . . . . . .
Defining a MAC Address Range Policy . . . . .
Defining a Protocol Policy . . . . . . . . . . . . . .
Defining a Network Address Policy . . . . . . .
Defining Your Own Rules . . . . . . . . . . . . . .
Defining a Port Binding Policy . . . . . . . . . . .
Defining a DHCP Port Policy . . . . . . . . . . . .
Defining a DHCP MAC Address Policy . . . . .
Defining a DHCP MAC Address Range Policy
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 20-4
. 20-4
. 20-5
. 20-6
. 20-7
. 20-8
.20-11
.20-13
.20-15
.20-20
.20-21
.20-22
Viewing Mobile Groups and AutoTracker VLANs . . . . . . . . . . . . . . . . . . . . . . . .20-23
page xviii
Table of Contents
Viewing Policy Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-24
Viewing Virtual Ports’ Group/VLAN Membership . . . . . . . . . . . . . . . . . . . . . . . .20-25
View VLAN Membership of MAC Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-26
Application Example: DHCP Policies
The VLANs . . . . . . . . . . . . .
DHCP Servers and Clients . .
DHCP Port and MAC Rules . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.20-27
.20-27
.20-28
.20-29
21 Interswitch Protocols
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-1
Interswitch Protocol Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-1
XMAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
XMAP Transmission States . . . . . . . . . . . . . .
Discovery Transmission State . . . . . . . . .
Common Transmission State . . . . . . . . .
Passive Reception State . . . . . . . . . . . . .
Common Transmission and Remote Switches
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
21-2
21-3
21-3
21-4
21-4
21-4
Configuring XMAP . . . . . . . . . . . . . . . . . . . . . . .
Enabling or Disabling XMAP . . . . . . . . . . . . .
Viewing a List of Adjacent Switches . . . . . . . .
Configuring the Discovery Transmission Time
Configuring the Common Transmission Time .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
21-5
21-5
21-5
21-6
21-7
VLAN Advertisement Protocol (VAP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-8
VAP and Port Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-9
Configuring VAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-9
GMAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
GMAP Updating Rules . . . . . . . . . . . . . . . .
Configuring GMAP . . . . . . . . . . . . . . . . . .
Enabling and Disabling GMAP . . . . . . . . . .
Configuring the Gap Time . . . . . . . . . . . . .
Configuring the Interpacket Update Time . .
Configuring the Hold Time . . . . . . . . . . . .
Displaying GMAP Statistics by MAC Address
22 Managing AutoTracker VLANs
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.21-10
.21-10
.21-11
.21-11
.21-11
.21-12
.21-12
.21-13
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-1
The AutoTracker Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-2
AutoTracker VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
AutoTracker VLAN Policies . . . . . . . . . . . . . . . . . . . . . .
The Default VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How Devices are Assigned to AutoTracker VLANs . . . . .
The defvl Command . . . . . . . . . . . . . . . . . . . . . . . .
Devices that Generate a Secondary Traffic Type . . . .
Router Traffic in IP and IPX Network Address VLANs
Port Policy Functionality . . . . . . . . . . . . . . . . . . . . .
Frame Flooding in AutoTracker VLANs . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 22-3
. 22-3
. 22-4
. 22-5
. 22-5
. 22-6
. 22-7
. 22-9
.22-15
page xix
Table of Contents
Routing Between AutoTracker VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-15
Creating AutoTracker VLANs . . . . . . . . . . . . . . . . . . . . . .
Step A. Entering Basic VLAN Information . . . . . . . . . .
Step B. Defining and Configuring VLAN Policies . . . . .
Step C. Configuring the Virtual Router Port (Optional)
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.22-16
.22-16
.22-18
.22-19
Modifying an AutoTracker VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-24
Deleting an AutoTracker VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-26
Viewing AutoTracker VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-27
Viewing Policy Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-28
Viewing Virtual Ports’ VLAN Membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-29
View VLAN Membership of MAC Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-30
Creating a VLAN for Banyan Vines Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-31
23 Multicast VLANs
.......................
How Devices are Assigned to Multicast VLANs
Multicast VLANs and Multicast Claiming . . . . .
Frame Flooding in Multicast VLANs . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
23-1
23-2
23-2
23-3
Creating Multicast VLANs . . . . . . . . . . . . . . . . . . . . . .
Step A. Entering Basic Information . . . . . . . . . . . .
Step B. Defining the Multicast Address . . . . . . . . .
Step C. Defining the Recipients of Multicast Traffic
Defining Recipients By Port . . . . . . . . . . . . . .
Defining Recipients By MAC Address . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
23-4
23-5
23-6
23-7
23-7
23-8
Modifying Multicast VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-9
Deleting a Multicast VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23-11
Modifying a Multicast Address Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23-12
Viewing Multicast VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23-13
Viewing Multicast VLAN Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23-14
Viewing the Virtual Interface of Multicast VLANs . . . . . . . . . . . . . . . . . . . . . . . .23-15
24 AutoTracker VLAN Application Examples
. . . . . . . . . . . . . . . . . . . . . . 24-1
Application Example 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-2
VLANs Based on Logical Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-2
Application Example 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-4
VLANs in IPX Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-4
IPX VLAN Assignment at Bootup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-5
Application Example 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-7
IPX Network Address VLANs and Translated Frames . . . . . . . . . . . . . . . . . . . 24-7
Application Example 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-8
Routing in IPX Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-8
Application Example 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-10
Traversing a Backbone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-10
page xx
Table of Contents
25 IP Routing
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-1
IP Routing Overview . . . . . . . .
Routing Protocols . . . . . . .
Transport Protocols . . . . . .
Application-Layer Protocols
Additional IP Protocols . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
25-2
25-2
25-3
25-3
25-3
Setting Up IP Routing on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-4
The Networking Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-6
The IP Submenu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-7
Viewing the Address Translation (ARP) Table . . . . . . . . .
Displaying All Entries in the ARP Table . . . . . . .
Adding Entries to the ARP Table . . . . . . . . . . . . .
Deleting Entries from the ARP Table . . . . . . . . . .
Flushing Temporary Entries from the ARP Table .
Finding a Specific IP Address in the ARP Table . .
Finding a Specific MAC Address in the ARP Table
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 25-8
. 25-8
. 25-9
.25-10
.25-10
.25-10
.25-11
Viewing IP Statistics and Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-12
Viewing the IP Forwarding Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-15
Adding an IP Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-17
Removing an IP Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-19
Viewing ICMP Statistics and Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-20
Using the PING Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-22
Viewing UDP Statistics and Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-24
Viewing the UDP Listener Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-25
Viewing RIP Statistics and Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-26
Viewing TCP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-27
Viewing the TCP Connection Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-29
Using the TELNET Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-30
Cancelling a Telnet request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-30
Tracing an IP Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-31
Flushing the RIP Routing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-32
Configuring IP RIP Filters . . . . . . . . . . . . . . . . . . .
Adding a “Global” IP RIP Filter . . . . . . . . . .
Adding an IP RIP Filter For a Specific Group
IP RIP Filter Precedence . . . . . . . . . . . . . . . . .
Deleting IP RIP Filters . . . . . . . . . . . . . . . . . . .
.......
.......
or VLAN
.......
.......
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.25-33
.25-33
.25-34
.25-35
.25-36
page xxi
Table of Contents
Displaying IP RIP Filters . . . . . . . . . . . . . . . .
Displaying a List of All IP RIP Filters . . . . .
Displaying a List of “Global” IP RIP Filters
Displaying a List of Specific IP RIP Filters .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.25-37
.25-37
.25-38
.25-38
Viewing the IP-to-MAC Address Table . . . . . . . . . . . . .
Displaying All Entries in the IP-to-MAC Table . .
Displaying Information for a Specific IP Address
Flushing Entries from the Table . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.25-39
.25-39
.25-40
.25-40
Enabling/Disabling Directed Broadcasts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-41
Path MTU Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-42
26 UDP Forwarding
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-1
UDP Relay and RIF Stripping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-1
UDP Relay Hardware/Software Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-2
UDP Relay Configuration Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-3
BOOTP/DHCP Relay . . . . . . . . . . . . . . . . . . . . . . . .
Overview of DHCP . . . . . . . . . . . . . . . . . . . . . .
DHCP and the OmniS/R . . . . . . . . . . . . . . . . . .
BOOTP/DHCP Relay and Source Routing . . . . . .
BOOTP/DHCP Relay and Authentication . . . . . .
External BOOTP Relay . . . . . . . . . . . . . . . . . . .
Internal BOOTP/DHCP Relay . . . . . . . . . . . . . . .
Example 1 . . . . . . . . . . . . . . . . . . . . . . . . . .
Example 2 . . . . . . . . . . . . . . . . . . . . . . . . . .
Enabling BOOTP/DHCP Relay . . . . . . . . . . . . . .
Configuring BOOTP/DHCP Relay Parameters
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 26-4
. 26-4
. 26-4
. 26-5
. 26-5
. 26-6
. 26-7
. 26-7
. 26-8
. 26-9
.26-10
NetBIOS Relays . . . . . . . . . . . . . . . . . . . . .
Overview of NetBIOS . . . . . . . . . . . . .
NetBIOS Relay Application . . . . . . . . .
Configuring NBNS Relay . . . . . . . . . . .
Next-Hop Addresses for NBNS . . . .
Forwarding VLANs for NBNS Relay .
Configuring NBDD Relay . . . . . . . . . . .
Next-Hop Addresses for NBDD . . .
Forwarding VLANs for NBDD Relay
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.26-11
.26-11
.26-12
.26-13
.26-14
.26-15
.26-16
.26-17
.26-18
Generic Service UDP Relay . . . .
Generic Services Menu . . . .
Adding a Generic Service . . .
Modifying a Generic Service
Deleting a Generic Service . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.26-19
.26-19
.26-19
.26-21
.26-22
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Viewing UDP Relay Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-23
page xxii
Table of Contents
27 IPX Routing
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-1
Introduction . . . . . . . . . . . . . . . . . . . . . .
IPX Routing Overview . . . . . . . . . . . .
IPX Protocols . . . . . . . . . . . . . . . .
Setting Up IPX Routing on the Switch
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
27-1
27-2
27-2
27-3
The IPX Submenu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-4
Viewing the IPX Routing Table . . . . . . . . . . . . . . . .
Displaying All Entries in the IPX Routing Table .
Using IPXR with Frame Relay or ISDN Boards
Displaying a List of Specific IPX Routes . . . . . . .
...
...
..
...
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
27-5
27-5
27-6
27-7
Viewing IPX Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-8
Viewing the IPX SAP Bindery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-10
Using IPXSAP with Frame Relay or ISDN Boards . . . . . . . . . . . . . . . . . . .27-11
Displaying a List of Specific SAP Servers . . . . . . . . . . . . . . . . . . . . . . . . .27-11
Adding an IPX Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-12
Removing an IPX Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-13
Turning the IPX Router Complex On and Off . . . . . . . . . . . . . . . . . . . . . . . . . . .27-14
Flushing the IPX RIP/SAP Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-15
Using the IPXPING Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-16
Configuring IPX RIP/SAP Filtering . . . . . . . . . . . .
Adding a “Global” IPX RIP/SAP Filter . . .
Adding an IPX RIP/SAP Filter for a Specific
Deleting an IPX RIP/SAP Filter . . . . . . . . . . . .
Displaying IPX RIP/SAP Filters . . . . . . . . . . . .
Displaying a List of All IPX Filters . . . . . . .
Displaying a List of “Global” IPX Filters . .
Displaying a List of Specific IPX Filters . . .
IPX RIP/SAP Filter Precedence . . . . . . . . . . . .
.............
.............
Group or VLAN
.............
.............
.............
.............
.............
.............
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.27-18
.27-19
.27-20
.27-22
.27-23
.27-23
.27-24
.27-24
.27-25
Configuring IPX Serialization Packet Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . .27-26
Enabling IPX Serialization Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-26
Disabling IPX Serialization Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-27
Configuring IPX Watchdog Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-28
Enabling IPX Watchdog Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-28
Disabling IPX Watchdog Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-29
Configuring SPX Keepalive Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-30
Enabling SPX Keepalive Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-30
Disabling SPX Keepalive Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-31
Controlling IPX Type 20 Packet Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-32
Configuring NetWare to Minimize WAN Connections . . . . . . . . . . . . . . . . . . . . .27-33
Configuring RIP and SAP Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-35
Adding a RIP and SAP Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-35
Viewing RIP and SAP Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-36
page xxiii
Table of Contents
Configuring Extended RIP and SAP Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-37
Enabling or Disabling Extended RIP and SAP Packets . . . . . . . . . . . . . . . . . .27-37
Viewing the Current Status of Extended Packets . . . . . . . . . . . . . . . . . . . . . .27-37
Configuring an IPX Default Route . . . . . . . . . .
Adding an IPX Default Route . . . . . . . . . . .
Viewing the Status of an IPX Default Route
Disabling an IPX Default Route . . . . . . . . .
28 Managing WAN Switching Modules
Introduction . . . . . . . . . . . . . . .
Type of Service (ToS) . . . . .
ToS and QoS Interaction
DTR Dial Backup . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.27-38
.27-38
.27-38
.27-38
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-1
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
28-1
28-2
28-4
28-5
Supported Physical Interfaces . . .
Universal Serial Port . . . . . . .
ISDN Basic Rate Interface Port
Fractional T1 Port . . . . . . . . .
Fractional E1 Port . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
28-6
28-6
28-6
28-6
28-6
Supported Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-7
Application Examples . . . . . . . . . . . . . . . . . .
Frame Relay WSX Using Serial Ports . . . . .
Back-to-Back WSX Using T1 Ports . . . . . .
Combined Frame Relay with ISDN Backup
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
28-7
28-7
28-8
28-9
Omni Switch/Router WAN Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28-10
Cable Interfaces for Universal Serial Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28-11
DTE/DCE Type and Transmit/Receive Pins . . . . . . . . . . . . . . . . . . . . . . . . . .28-11
Data Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28-12
Loopback Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28-13
The WAN Port Software Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . .
Modifying a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Serial Port Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ISDN-BRI Port Example . . . . . . . . . . . . . . . . . . . . . . . . . . .
Fractional T1 Port Example . . . . . . . . . . . . . . . . . . . . . . . .
Viewing Configuration Parameters for the WSX . . . . . . . . . . . .
Viewing Parameters for all Submodules in the Chassis . . . . .
Viewing Parameters for all Ports in a Single Submodule . . .
Viewing Port Parameters . . . . . . . . . . . . . . . . . . . . . . . . . .
Deleting Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Obtaining Status and Statistical Information . . . . . . . . . . . . . . .
Obtaining Information on All Boards in a Switch . . . . . . . .
Obtaining Information on the Ports for a Single WSX Board
Viewing Information on a Single Port . . . . . . . . . . . . . . . . .
Configuring 31 Timeslots on a WAN E1 Port . . . . . . . . . . . . . . .
page xxiv
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.28-14
.28-14
.28-14
.28-15
.28-21
.28-24
.28-27
.28-27
.28-28
.28-29
.28-37
.28-38
.28-38
.28-40
.28-42
.28-45
Table of Contents
29 Managing Frame Relay
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-1
Back-to-Back Frame Relay Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . 29-3
Universal Serial Port Cable Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-4
“Physical” and “Logical” Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-4
Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-5
Virtual Circuits and DLCIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-6
WSX Self-Configuration and Virtual Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-7
Congestion Control . . . . . . . . . . . . . . . . . . . . . . .
Regulation Parameters . . . . . . . . . . . . . . .
Discard Eligibility (DE) Flag . . . . . . . . . . .
Interaction Among Congestion Parameters
Notification By BECN . . . . . . . . . . . . . . . .
Notification By FECN . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 29-8
. 29-8
. 29-9
. 29-9
.29-11
.29-12
Frame Formats Supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-13
Bridging Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-14
Frame Relay IP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-15
The Frame Relay Subnet and “Split Horizon” . . . . . . . . . . . . . . . . . . . . .29-16
Frame Relay IPX Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-18
Trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-19
Frame Relay Fragmentation Interleaving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-20
The Frame Relay Software Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-21
Setting Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-22
Modifying a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-22
Modifying a Virtual Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-29
Adding a Virtual Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-32
Viewing Configuration Parameters for the WSX . . . . . .
Viewing Parameters for all WSXs in the Chassis
Viewing Port Parameters . . . . . . . . . . . . . . . . .
Viewing Virtual Circuit Parameters . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.29-33
.29-33
.29-34
.29-35
Deleting Ports and Virtual Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-36
Deleting a Virtual Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-36
Deleting a Port and Its Virtual Circuits . . . . . . . . . . . . . . . . . . . . . . . . . .29-37
Obtaining Status and Statistical Information . . . . . . .
Information on All Boards in a Switch . . . . .
Information on the Ports for One WSX Board
Information on One Port . . . . . . . . . . . . . . .
Information on One Virtual Circuit . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.29-38
.29-38
.29-42
.29-43
.29-51
Resetting Statistics Counters .
Resetting Statistics for
Resetting Statistics for
Resetting Statistics for
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.29-54
.29-54
.29-54
.29-54
..................
a WSX Board . . . . . . .
a WSX Port . . . . . . . . .
a Virtual Circuit (DLCI)
page xxv
Table of Contents
Managing Frame Relay Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-55
Configuring a Bridging Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-57
Configuring a WAN Routing Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-59
Step 1. Set Up a Frame Relay Routing Group . . . . . . . . . . . . . . . . . . . . .29-59
Step 2. Set Up a Frame Relay Routing Service . . . . . . . . . . . . . . . . . . . . .29-60
Configuring a Trunking Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-62
Viewing Frame Relay Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-64
Modifying a Frame Relay Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-65
Deleting a Frame Relay Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-66
30 Point-to-Point Protocol
..............
PPP Connection Phases . . . . . . . . . . . . . . .
Data Compression . . . . . . . . . . . . . . . . . . .
Multi-Link PPP . . . . . . . . . . . . . . . . . . . . .
Multilink Modes of Operation . . . . . . . .
PPP Fragmentation Interleaving . . . . . . . . .
Overview of PPP Configuration Procedures
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
30-1
30-1
30-2
30-2
30-3
30-3
30-4
The PPP Submenu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-6
PPP Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-6
Setting Global PPP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-7
Adding a PPP Entity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-9
Modifying a PPP Entity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-15
Viewing PPP Entity Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-16
Displaying the Configuration of All PPP Entities . . . . . . . . . . . . . . . . . . .30-16
Displaying the Configuration of a Specific PPP Entity . . . . . . . . . . . . . . .30-17
Displaying PPP Entity Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-18
Displaying the Status of All PPP Entities . . . . . . . . . . . . . . . . . . . . . . . . .30-18
Displaying the Status of a Specific PPP Entity . . . . . . . . . . . . . . . . . . . . .30-19
Deleting a PPP Entity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-21
31 WAN Links
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-1
Configuring WAN Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-1
The Link Submenu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-2
Adding a WAN Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-3
Adding WSX Port Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-3
Adding ISDN Call Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-4
Modifying a WAN Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-9
Modifying ISDN Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-9
Modifying WSX Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31-10
Deleting WAN Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31-11
page xxvi
Table of Contents
Viewing WAN Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31-12
Displaying All Existing WAN Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31-12
Displaying Information for a Specific WAN Link . . . . . . . . . . . . . . . . . . .31-13
Displaying Link Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31-15
Displaying Status for All WAN Links . . . . . . . . . . . . . . . . . . . . . . . . . . . .31-15
Displaying Status for a Specific WAN Link . . . . . . . . . . . . . . . . . . . . . . .31-16
32 Managing ISDN Ports
................................
Overview of ISDN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Basic Rate Interface (BRI) Versus Primary Rate Interface (PRI)
“U”, “S/T” , and “R” Interfaces . . . . . . . . . . . . . . . . . . . . . . .
The “B,” “D,” and “H” Channels . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
32-1
32-1
32-1
32-2
32-2
The ISDN Submenu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-3
Switch Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-3
Modifying an ISDN Configuration Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-4
Deleting an ISDN Configuration Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-5
Viewing an ISDN Configuration Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-6
Displaying ISDN Configuration Entry Status .
Displaying Status of All ISDN Ports . . . .
Displaying Status of a Specific ISDN Slot
Displaying Status of a Specific ISDN Port
33 Managing T1 and E1 Ports
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
32-7
32-7
32-8
32-9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33-1
T1 and E1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33-2
The T1/E1 Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33-3
Configuring a T1 Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33-4
Configuring an E1 Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33-8
Viewing T1/E1 Configuration and Alarm Information . . .
Viewing Information for all T1/E1 Ports in the Switch
Viewing Information for T1/E1 Ports on One Module
Viewing Information For a T1 Port . . . . . . . . . . . . . .
Viewing Information For an E1 Port . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.33-11
.33-11
.33-12
.33-13
.33-15
Viewing T1/E1 Local Statistics . . . . .
Viewing Total Local Statistics . . .
Viewing Current Local Statistics .
Viewing Local Historical Statistics
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.33-17
.33-17
.33-18
.33-19
Viewing T1 Remote Statistics . . . . . . . . . . . . . . .
Viewing Total Remote Statistics . . . . . . . . . .
Viewing Current Remote Statistics . . . . . . . .
Viewing Remote Historical Statistics . . . . . . .
Clearing the Framer Statistics for a T1/E1 Port
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.33-20
.33-20
.33-21
.33-21
.33-22
page xxvii
Table of Contents
34 Backup Services
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34-1
Backup Services Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Accessing the Backup Services Menu . . . . . . . . . . . . . . . . . . . . . .
Adding a Backup Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Adding a backup for a Physical Port . . . . . . . . . . . . . . . . . . . .
Backing Up a Frame Relay PVC . . . . . . . . . . . . . . . . . . . . . . .
Modifying a Backup Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Modifying a backup for a Physical Port . . . . . . . . . . . . . . . . . .
Modifying a Frame Relay PVC Backup Service . . . . . . . . . . . .
Viewing Backup Service(s) Configurations . . . . . . . . . . . . . . . . . .
Viewing the Configurations of All Backup Services . . . . . . . . .
Viewing the Configuration of a Single Backup Service (bsview
Command) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deleting a Backup Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Viewing Backup Service Statistics . . . . . . . . . . . . . . . . . . . . . . . . .
Clearing Backup Service Statistics . . . . . . . . . . . . . . . . . . . . . .
35 Troubleshooting
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 34-2
. 34-2
. 34-3
. 34-3
. 34-6
. 34-9
. 34-9
.34-10
.34-11
.34-11
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.34-11
.34-11
.34-12
.34-13
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35-1
Detecting Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35-1
Reporting Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35-3
Report Hardware Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35-3
Report Software Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35-4
Understanding Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35-5
Software Installation Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35-5
Operational Problems . . . . . . . . .
Deadlocked VLAN . . . . . . . . .
Probable Cause . . . . . . . .
Solution . . . . . . . . . . . . . .
Problems with IP Applications
Probable Cause . . . . . . . .
Solution . . . . . . . . . . . . . .
Protocol Problems . . . . . . . . .
Probable Cause . . . . . . . .
Solution . . . . . . . . . . . . . .
page xxviii
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
35-6
35-6
35-7
35-7
35-7
35-7
35-7
35-8
35-8
35-8
Hardware Problems . . . . . . . . . . . . .
LEDs Do Not Light on All Modules
Probable Cause . . . . . . . . . . .
Solution . . . . . . . . . . . . . . . . .
Amber Color in LEDs . . . . . . . . . .
Probable Cause . . . . . . . . . . .
Solution . . . . . . . . . . . . . . . . .
Non-Blinking OK2 LED . . . . . . . .
Probable Cause . . . . . . . . . . .
Solution . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
35-9
35-9
35-9
35-9
35-9
35-9
35-9
35-9
35-9
35-9
Table of Contents
TEMP LED is Amber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
STA LED Is Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Probable Cause . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Switch Does Not Boot When Flash File System Is Full and Trying To Create
the mpm.cnf File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Probable Cause . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . .
Understanding Error Messages . . . . . . . . . . . .
Correcting Errors . . . . . . . . . . . . . . . . . . . . . .
Module Startup/Shutdown Error Messages
Serial Port Configuration Errors . . . . . . . .
Module Connection Errors . . . . . . . . . . . .
Chassis Error Messages . . . . . . . . . . . . . .
Chassis Error Messages Table . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.35-10
.35-10
.35-10
.35-10
.35-10
.35-10
.35-10
.35-10
.35-11
.35-11
.35-11
.35-11
.35-12
.35-12
.35-13
.35-13
36 Running Hardware Diagnostics
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36-1
Running Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36-2
Login to Run Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36-3
Resetting a Switching Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36-4
Disabling a Switching Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36-4
Temperature Masking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36-5
Running Hardware Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Sample Command Lines . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Halting Diagnostic Tests in Progress . . . . . . . . . . . . . . . . . . . .
Port Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Omni Switch/Router Port Test Wrap Cable/Plug Requirements
Sample Test Session: Ethernet Module . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 36-6
. 36-9
. 36-9
. 36-9
.36-10
.36-12
Displaying Available Diagnostic Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36-15
Configuring the Diagnostic Test Environment . . . . . . . . . . . . . . . . . . . . . . . . . . .36-16
Configuring Tests for Ethernet Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . .36-17
Running Frame Fabric Tests on Omni Switch/Routers . . . . . . . . . . . . . . . . . . . . .36-18
Running Diagnostics on an Entire Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36-20
Diagnostic Test Cable Schematics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36-22
page xxix
Table of Contents
A The Boot Line Prompt
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
Entering the Boot Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2
Boot Prompt Basics . . . . . . . . . . . . . . . . . . . . . . . . . .
Resuming Switch Boot (@) . . . . . . . . . . . . . . .
Displaying Current Configuration (p) . . . . . . .
Loading the Last Configured Boot File (l) . . . .
Listing Available Files in the Flash Memory (L)
Deleting All Files in the Flash Memory (P) . . .
Deleting Specific Files in the Flash Memory (R)
Saving Configuration Changes (S) . . . . . . . . . .
Viewing Version Number (V) . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
A-3
A-3
A-4
A-4
A-5
A-5
A-5
A-6
A-6
Configuring a Switch with an MPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7
B Custom Cables
.............................................
V.35 DTE Cable (For WSX-to-DCE Device Connection) . . . . . . . . . . . . .
V.35 DCE Cable (For WSX-to-DTE Device Connection) . . . . . . . . . . . . .
RS232 DTE Cable (For WSX-to-DCE Device Connection) . . . . . . . . . . . .
RS232 DCE Cable (For WSX-to-DTE Device Connection) . . . . . . . . . . . .
RS530 DTE Cable (For WSX-to-DCE Device Connection) . . . . . . . . . . . .
RS530 DCE Cable (For WSX-to-DTE Device Connection) . . . . . . . . . . . .
X.21 DTE Cable (For WSX-to-DCE Device Connection) . . . . . . . . . . . . .
X.21 DCE Cable (For WSX-to-DTE Device Connection) . . . . . . . . . . . . .
RS449 DTE Cable (For WSX-to-DCE Device Connection) . . . . . . . . . . . .
RS-449 DCE Cable Assembly (For WSX-to-DTE Device 75W Connection)
RJ-45 to DB15F Cable Assembly (For T1/E1 Port 120W Connections) . . .
RJ-45 to BNC Cable Assembly (For E1 75W Port Connections) . . . . . . . .
Index
page xxx
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. B-1
. B-2
. B-3
. B-4
. B-5
. B-6
. B-7
. B-8
. B-9
B-10
B-11
B-12
B-13
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .I-1
1 Omni Switch/Router
Chassis and Power Supplies
Alcatel's Omni Switch/Router (OmniS/R) is an advanced, multi-layer switching platform (Layer
2 and 3) that supports the most demanding switch requirements. With Omni Switch/Router,
network administrators can replace aging FDDI or Fast Ethernet backbones with high capacity
Gigabit Ethernet backbones.
♦ Important Notes ♦
Beginning with Release 4.4, FDDI is no longer
supported. Beginning with Release 4.5, ATM, Token
Ring, M013, and Mammoth-based Ethernet Modules are
no longer supported.
Omni Switch/Router modules can be distinguished
from older OmniSwitch modules by the X in the
module name. For example, the ESM-100C-32W is an
OmniSwitch module whereas the ESX-100C-32W is an
Omni Switch/Router module.
Omni Switch/Router has a distributed switching fabric. In a 9-slot chassis operating at full
duplex, Omni Switch/Router offers an aggregate 22 Gigabit per second (Gbps) distributed
switching fabric. In addition, Omni Switch/Router offers new high density switching modules,
including auto-sensing 10/100 Ethernet modules that offer high speed network connections to
servers and desktops. (See Omni Switch/Router Applications and Configurations on page 1-5
for examples.)
The Omni Switch/Router Management Processor Module (MPX) module provides the core
routing, VLAN MAC learning, SNMP, and file management functions for the entire Omni
Switch/Router. In addition, the MPX has an Ethernet plug-in port for managing the switch.
Only one MPX is required per Omni Switch/Router, but you can add another MPX for
redundancy. See Chapter 2, “The Omni Switch/Router MPX,” for more information on
the MPX.
♦ Important Note ♦
Omni Switch/Router switching modules require an
MPX. You cannot install any version of the MPM (i.e.,
MPM-C, MPM 1G, MPM II, or original MPM) in a chassis
with an MPX.
An Omni Switch/Router Hardware Routing Engine (HRE-X). The HRE-X offers high-speed
Layer 3 switching from 1.5 to 12.0 million packets per second (Mpps) in a fully loaded
chassis. See The Omni Switch/Router Hardware Routing Engine (HRE-X) on page 1-22 for
more information on the HRE-X.
Omni Switch/Router switching modules perform software filtering, translations between
dissimilar network interfaces, and hardware-based switching. Omni Switch/Router switching
modules have an additional on-board interface connector for the HRE-X.
Page 1-1
Currently, Omni Switch/Router switching modules consist of Gigabit Ethernet modules, autosensing Ethernet modules, Fast 10/100 Ethernet modules, 10 Mbps Ethernet modules, WAN
modules, and Voice Over IP (VOIP) modules. See Chapter 3, “Omni Switch/Router Switching
Modules,” for documentation.
♦ Important Note ♦
Omni Switch/Router modules require the use of an
Omni Switch/Router chassis (see Omni Switch/Router
Chassis and Power Supplies on page 1-7). Do not
install an Omni Switch/Router module in an
OmniSwitch chassis and do not install an OmniSwitch
module in an Omni Switch/Router chassis.
Omni Switch/Router User Interface (UI) Software
Omni Switch/Router hardware uses the same User Interface (UI) commands and Network
Management Software (NMS) as OmniSwitch hardware. Omni Switch/Router modules support
broadcast management, multicast management, any-to-any switching, virtual LANs (VLANs),
firewalls, user authentication, WAN access, and policy-based configuration.
♦ Important Note ♦
In Release 4.4 and later, the Omni Switch/Router is
factory-configured to boot up in CLI (Command Line
Interface) mode, rather than in UI (User Interface)
mode. Chapter 4, “The User Interface,” includes documentation on changing from CLI mode to UI mode.
Omni Switch/Router Network Management Software (NMS)
You need Release 3.4, or higher, of Alcatel’s X-Vision Network Management Software (NMS)
to operate with Omni Switch/Router hardware.
Page 1-2
Omni Switch/Router Distributed Switching Fabric
Omni Switch/Router Distributed Switching Fabric
Many switches in the market employ a shared memory architecture, which uses a central
switching engine to send data to the appropriate port. As shown in the figure below, data
enters the input port (➊ below), crosses the switching fabric on its way to the central switching engine(➋ below), and again crosses the switching fabric (➌ below) before exiting the
appropriate output port (❹ below).
Central Switching Engine
Note: Unlike distributed switch
fabric, data is forced to cross
switch fabric twice.
➋
➊
Switch Fabric
I/O Port
➌
I/O Port
❹
Traditional Shared Memory Architecture
In contrast, Omni Switch/Router switches use a distributed switching fabric. As shown in the
figure below, data enters the input port and crosses the switching fabric only once before
exiting the appropriate output port. Compared to the shared memory architecture, only half
as much bandwidth is required since data just crosses the switching fabric once.
Switch Fabric
I/O Port
I/O Port
Omni Switch/Router Distributed Switching Fabric
Page 1-3
Omni Switch/Router Distributed Switching Fabric
Omni Switch/Router Fabric Capacity
In a chassis with Omni Switch/Router modules only, each Omni Switch/Router module
provides 2.4 Gbps of switching capacity in full-duplex mode. In a chassis with all Omni
Switch/Router modules, the Omni Switch/Router architecture provides up to a 22 Gbps
distributed switching fabric. As shown in the figure below, an OmniS/R-9 with an MPX and
eight (8) Omni Switch/Router switching modules provides 22 Gbps of switching capacity. An
an OmniS/R-5 with an MPX and four (4) Omni Switch/Router switching modules provides 12
Gbps of switching capacity, while an OmniS/R-3 with an MPX and two (2) Omni
Switch/Router switching modules provides 7 Gbps of switching capacity.
Fabric Capacity
(Gbps)
22
OmniS/R-9
OmniS/R-5
12
OmniS/R-3
7
1
MPX
3
5
7
9
Omni Switch/Router Switching Modules
Omni Switch/Router Fabric Capacity in OmniS/R-3, OmniS/R-5 and OmniS/R-9 Chassis
Page 1-4
Omni Switch/Router Applications and Configurations
Omni Switch/Router Applications and Configurations
Omni Switch/Router hardware is ideally suited to meet the most demanding server and backbone needs. In addition, Omni Switch/Router hardware can be integrated easily with
OmniSwitches and with OmniStack workgroup switches. The examples that follow show how
the Omni Switch/Router can be used as a network backbone and as the central switch/router
in a wiring closet.
Omni Switch/Router as the Backbone Connecting Several Networks
The figure below shows how Omni Switch/Router Gigabit Ethernet and 10/100 Ethernet
modules can be used as a network backbone. In this example, two networks on two different floors need high speed access to a server farm on the first floor.
Server
10/100 Ethernet
3rd Floor
OmniSwitch
Fast Ethernet
(OmniChannel)
2nd Floor
10/100 Ethernet
OmniStack
Gigabit Ethernet
Fast Ethernet
(OmniChannel)
Gigabit Ethernet
1st Floor
Omni Switch/Router
Server Farm
Using Omni Switch/Router in a Network Backbone
The servers each have dedicated Gigabit Ethernet connections to Omni Switch/Router
modules on the first floor. The Omni Switch/Router chassis on the first floor is connected to
the network on the second floor via a Gigabit Ethernet link to the OmniStack on the second
floor. The Omni Switch/Router chassis on the first floor is connected via a 10/100 Ethernet
link, using OmniChannel, to the OmniSwitch chassis on the third floor containing a Fast
Ethernet module, such as the ESM-100C-12. See Chapter 15, “Managing Ethernet Modules,” for
more information on OmniChannel.
Page 1-5
Omni Switch/Router Applications and Configurations
Omni Switch/Router as the Central Backbone
Switch/Router and in the Wiring Closet
The figure below shows Omni Switch/Router chassis used in the wiring closet and as a
network backbone switch/router connecting the wiring closets and server farm. On the third
floor, an Omni Switch/Router chassis connects a mixture of 10BaseT and 100BaseTx workstations with an auto-sensing Ethernet module. In addition, this Omni Switch/Router chassis
connects the workstations to a local server with a Gigabit Ethernet module. On the second
floor, an Omni Switch/Router connects legacy Token Ring workstations. On the first floor, the
Omni Switch/Router connects the networks on the upper floors to the server farm using a
Gigabit Ethernet module.
Server
3rd Floor
10/100 Ethernet
Omni Switch/Router
2nd Floor
Token Ring
Omni Switch/Router
Gigabit Ethernet
Gigabit Ethernet
1st Floor
Omni Switch/Router
Server Farm
Using Omni Switch/Router in the Wiring Closet
Page 1-6
Omni Switch/Router Chassis and Power Supplies
Omni Switch/Router Chassis and Power Supplies
The Omni Switch/Router chassis houses the MPX, switching modules, and one or two power
supplies. The modular design of the chassis provides the ability to configure your Omni
Switch/Router to meet your networking needs. The Omni Switch/Router chassis also offer
such failure resistant features as redundant MPXs, redundant power supplies, and hot
swapping of switching modules. (See Chapter 3, “Omni Switch/Router Switching Modules,”
for more information on hot swapping switching modules.)
There are three (3) different versions of the Omni Switch/Router chassis. The OmniS/R-3, a
three-slot version, is documented in OmniS/R-3 on page 1-8. The OmniS/R-5, a five-slot
version, is documented in OmniS/R-5 on page 1-10. A nine-slot version called the OmniS/R-9
is documented in OmniS/R-9 and OmniS/R-9P on page 1-13. The OmniS/R-3, OmniS/R-5 and
OmniS/R-9 chassis, the MPX module, and several switching modules have met FCC Class B
requirements.
♦ Note ♦
In the current release, a maximum of seven (7) 32-port
switching modules (e.g., ESX-100C-32W) is supported in
9-slot Omni Switch/Router chassis.
Slot 1 is reserved for the MPX; you cannot install a switching module in Slot 1. You can install
a switching module in Slot 2 (if an MPX is installed in Slot 1) or an MPX. When dual-redundant MPXs are installed, one of them must be installed in Slot 1 and the other in Slot 2. On the
OmniS/R-3, Slot 3 is reserved for a switching module. On the OmniS/R-5, Slots 3 through 5
are reserved for switching modules. On the OmniS/R-9, Slots 3 through 9 are reserved for
switching modules.
♦ Important Note ♦
You must have an MPX acting as the management
module; you cannot use any version of the MPM.
Warning
If you have any empty switching module slots in either
an OmniS/R-3 (3-slot) or OmniS/R-5 (5-slot) chassis,
you must cover them with blank panels (available from
Alcatel) to prevent your chassis from overheating.
Covering empty slots forces air to flow directly over the
power supplies, thereby cooling them. If the power
supplies are not properly cooled, they will overheat
and shut down.
Page 1-7
Omni Switch/Router Chassis and Power Supplies
OmniS/R-3
The OmniS/R-3 chassis features three slots for an MPX and specific switching modules
(contact your Alcatel sales representative for information on module availability). Slots are
numbered from 1 to 3 starting with the topmost slot. A built-in power supply is located on the
right side of the chassis, and a fan cooling system is located on the left side of the chassis.
The chassis can be rack-mounted. You can view all cabling, power supplies, module interfaces, and LEDs at the front of the chassis.
The OmniS/R-3 uses a built-in AC power supply that has a capacity of 32.8 Amps at 5 volts
and 3 amps at 12 volts for 200 Watts of output power. The OmniS/R-3 does not support a
Backup Power Supply (BPS).
♦ Caution ♦
Do not connect the power connector on the back of
the OmniS/R-3 to data communication equipment.
T
Management
Processor
Module (MPX)
R
E
TH
E
2
A LIN C
O
C
T K L
K
C
O
N
S
O
LE
O
M
O
D
E
M
1
T
S PR EM
E
C I
P
K
P
S PS
2
1
O
N
E
MPX 10
O
R
X
TX
X
TX
2
R
K
2
X
1
R
K
1
2
LI
N
K
TX
O
1
GSX-K sm
A
Switching
Modules
C
A
B
T_
A
T_
C
2
62
TM
X
R
A
TX
R
R
E
C _B
D
E
R _A
D
E
X
2
R
K
R
B
O
TX
1
A
K
Y
E
L,F
E
R
F
O
A
LA
R
M
ASX 622 sm
OmniS/R-3 Chassis
♦ Important Note ♦
Slot 1 (the top slot) on the OmniS/R-3 is reserved for
an MPX module. Slot 2 can accommodate either a
second (optional) MPX module or a Switching module.
Slot 3 (the bottom slot) is reserved for a Switching
module. Contact your Alcatel sales representative for
information regarding module availability.
Page 1-8
Omni Switch/Router Chassis and Power Supplies
OmniS/R-3 Chassis Technical Specifications
Total Module Slots
3
Total Slots for Switching Modules
2
Physical Dimensions
5.25” (13.34 cm) high, 17.13” (43.51 cm) wide,
13.00” (33.02 cm) deep
Weight
18 lb. (8.18 kg), fully populated with modules and power
supplies.
Switching Backplane
Up to 7 Gbps (aggregate) switching fabric capacity
Voltage Range
85-270 VAC, 47 to 63 Hz, auto-ranging and auto-sensing
Current Draw
3.8 Amps at 100/115 VAC
1.7 Amps at 230 VAC
Watts (Output)
200
Current Provided
32.8 Amps at +5 Volts
3 Amps at +12 Volts
Heat Generation
Approximately 1020 BTUs per hour
Temperature Operating Range
0 to 45 degrees Celsius
32 to 113 degrees Fahrenheit
Humidity
5% to 90% Relative Humidity (Operating)
0% to 95% Relative Humidity (Storage)
Altitude
Sea level to 10,000 feet (3 km)
Agency Listings
UL 1950
CSA-C22.2
EN60950
FCC Part 15, Subpart B (Class A)
EN55022, 1987/EN50081
FCC Class B
C.I.S.P.R. 22: 1985
EN50082-1, 1992
IEC 801-2, 1991
IEC 801-3, 1984
IEC 801-4, 1988
VCCI V-3/94.04 (Class A & Class B)
EN 61000-4-2: 1995
EN 61000-4-3: 1995
EN 61000-4-4: 1995
EN 61000-4-5: 1995
EN 61000-4-6: 1996
EN 61000-4-8: 1993
EN 61000-4-11: 1994
ENV 50204: 1996
Page 1-9
Omni Switch/Router Chassis and Power Supplies
OmniS/R-5
The OmniS/R-5 chassis has five slots for an MPX and switching modules (see figure below).
Slots are numbered from 1 to 5 starting with the topmost slot. Slots for two power supplies
are located at the bottom of the chassis.
♦ Warning ♦
If you have an OmniS/R-5 with a single power supply,
do not remove the cover on the empty power supply
slot. In addition, if you have any empty switching
module slots in an OmniS/R-5, you must cover them
with blank panels (available from Alcatel) to prevent
your chassis from overheating.
Covering empty slots forces air to flow directly over the
power supplies, thereby cooling them. If the power
supplies are not properly cooled, they will overheat
and shut down.
The entire chassis can be wall-mounted or rack-mounted. You can view all cabling, power
supplies, module interfaces, and LEDs at the front of the chassis.
Omni Switch/Router
Management Processor
Module (MPX)
Switching Modules
PS1 (Power Supply 1)
PS2 (Power Supply 2)
The OmniS/R-5
The OmniS/R-5 uses the MPX. Slot 1 is reserved for the MPX; you cannot install a switching
module in Slot 1. You can install a switching module in Slot 2 (if an MPX is installed in Slot 1)
or an MPX. When dual-redundant MPXs are installed, one of them must be installed in Slot 1
and the other in Slot 2. Slots 3 through 5 are reserved for switching modules.
Page 1-10
Omni Switch/Router Chassis and Power Supplies
The OmniS/R-5 provides bays for two power supplies. The power supplies are self-enclosed
to allow safe hot-insertion and hot-removal. When two power supplies are installed, they
share the electrical load. If one should fail, the remaining power supply automatically takes
up the load without any disruption to the operation. See Chapter 1, “Omni Switch/Router
Chassis and Power Supplies,” for more information on installing and removing power
supplies. See OmniS/R-5 Technical Specifications on page 1-12 for more information.
The OmniS/R-5 uses one of the following power supplies:
OmniS/R-PS5-375
The standard power supply. It can provide 375 Watts of power.
OmniS/R-PS5-DC375 A -48 volt (input voltage) DC version of the OmniS/R-PS5-375 power
supply. This power supply can provide 375 Watts of power. It requires
the use of 12 to 14 gauge wire for connections to the DC power source.
See Connecting a DC Power Source to an OmniS/R-PS5-DC375 on page
1-24 for more information.
♦ Caution ♦
This unit may be equipped with two power connections. To reduce the risk of electrical shock, disconnect
both power connections before servicing the unit.
♦ VORSICHT ♦
Das Gerat kann mit zwei Netzanschlussen ausgestattet
sein. Um einen elektrischen Schlag zu vermeiden,
immer beide Anschlusse vor der Wartung vom Netz
trennen.
Page 1-11
Omni Switch/Router Chassis and Power Supplies
OmniS/R-5 Technical Specifications
Total Module Slots
5
Total Slots for Switching Modules
4
Physical Dimensions
12.25” (31.12 cm) high, 17.14” (43.54 cm) wide,
13” (33.02 cm) deep
Weight
approximately 55 lb. (24.09 kg), fully populated with modules and power supplies.
Switching Backplane
Up to 12 Gbps (aggregate) switching fabric capacity
Voltage Range
90-265 VAC, 47 to 63 Hz auto-ranging and auto-sensing.
Current Draw
6 Amps at 100/115 VAC; 3 Amps at 230 VAC
Watts (Output)
375
Current Provided
60 Amps at 5 Volts (V1)
5 Amps at 12 Volts (V2)
3 Amps at 3.3 Volts (V3)
5.1 Amps at 1.5 Volts (V4)
Temperature Operating Range
0 to 45 degrees Celsius
32 to 113 degrees Fahrenheit
Humidity
5% to 90% Relative Humidity (Operating)
0% to 95% Relative Humidity (Storage)
Altitude
Sea level to 10,000 feet (3 km)
Heat Generation
1280 BTUs per hour (one power supply)
Agency Listings
UL 1950
CSA-C22.2
EN60950
FCC Part 15, Subpart B (Class A)
EN55022, 1987/EN50081
FCC Class B
C.I.S.P.R. 22: 1985
EN50082-1, 1992
IEC 801-2, 1991
IEC 801-3, 1984
IEC 801-4, 1988
VCCI V-3/94.04 (Class A & Class B)
EN 61000-4-2: 1995
EN 61000-4-3: 1995
EN 61000-4-4: 1995
EN 61000-4-5: 1995
EN 61000-4-6: 1996
EN 61000-4-8: 1993
EN 61000-4-11: 1994
ENV 50204: 1996
Page 1-12
Omni Switch/Router Chassis and Power Supplies
OmniS/R-9 and OmniS/R-9P
The OmniS/R-9 and OmniS/R-9P chassis have nine slots for an MPX and switching modules
(see figure below). Slots are numbered from 1 to 9 starting with the left-most slot. Slots for
two power supplies are located at the bottom of the chassis. A separate, removable fan tray
containing four fans is located above the power supply module bays.
Switching Modules
Omni Switch/Router
Management Processor
Module (MPX)
Fan Tray
Lifting Handle
PS1 (Power Supply 1)
PS2 (Power Supply 2)
The OmniS/R-9
A fully loaded OmniS/R-9 weighs nearly 100 lbs. Therefore, it is recommended that if you are
rack-mounting the chassis you use a rack mount shelf instead of just brackets. Using a shelf
will ensure that the weight of the chassis can be supported. In addition, the OmniS/R-9
contains side handles to make lifting and installation easier.
The OmniS/R-9 uses the MPX. Slot 1 is reserved for the MPX; you cannot install a switching
module in Slot 1. You can install a switching module in Slot 2 (if an MPX is installed in Slot 1)
or an MPX. When dual-redundant MPXs are installed, one of them must be installed in Slot 1
and the other in Slot 2. Slots 3 through 9 are reserved for switching modules.
♦ Important Note ♦
You must have an MPX acting as the management
module; you cannot use any version of the MPM. See
Chapter 2, “The Omni Switch/Router MPX,” for more
information on the MPX.
Page 1-13
Omni Switch/Router Chassis and Power Supplies
The OmniS/R-9 and OmniS/R-9P provide bays for two power supplies. The power supplies
are self-enclosed to allow safe hot-insertion and hot-removal. When two power supplies are
installed, they share the electrical load. If one should fail, the remaining power supply
automatically takes up the load without any disruption to the operation. See Chapter 1, “Omni
Switch/Router Chassis and Power Supplies,” for additional information on installing and
removing power supplies.
The OmniS/R-9 uses the following power supply:
OmniS/R-PS9-650
The standard power supply. It can provide 650 Watts of power.
The OmniS/R-9P uses the following power supply:
OmniS/R-PS9-725
This power supply can provide 725 Watts of power.
The OmniS/R-9P-48V uses the following power supply:
OmniS/R-PS9-DC725 A -48 Volt (input voltage) DC version of the OmniS/R-PS9-725 power
supply. This power supply can provide 725 Watts of power. It requires
the use of 12 to 14 gauge wire for connections to the DC power source.
See Connecting a DC Power Source to an OmniS/R-PS9-DC725 on page
1-27 for more information.
For additional information, see OmniS/R-9 Technical Specifications on page 1-15, OmniS/R-9P
Technical Specifications on page 1-16 and OmniS/R-9P-48V Technical Specifications on page
1-17.
♦ Caution ♦
This unit may be equipped with two power
connections. To reduce the risk of electrical shock,
disconnect both power connections before servicing
the unit.
♦ VORSICHT ♦
Das Gerat kann mit zwei Netzanschlussen ausgestattet
sein. Um einen elektrischen Schlag zu vermeiden,
immer beide Anschlusse vor der Wartung vom Netz
trennen.
Page 1-14
Omni Switch/Router Chassis and Power Supplies
OmniS/R-9 Technical Specifications
Total Module Slots
9
Total Slots for Switching Modules
8
Physical Dimensions
24.50” (62.23 cm) high, 16.60” (42.16 cm) wide,
13.25” (36.66 cm) deep
Weight
96 lb. (43.55 kg), fully populated with modules and power
supplies.
Switching Backplane
Up to 22 Gbps (aggregate) switching fabric capacity
Voltage Range
90-264 VAC, 47 to 63 Hz
Current Draw
12 Amps at 100/115 VAC; 6 Amps at 230 VAC
Watts (Output)
650
Current Provided
120 Amps at 5 Volts
4 Amps at 12 Volts
6 Amps at 3.3 Volts
8 Amps at 1.5 Volts
Temperature Operating Range
0 to 45 degrees Celsius
32 to 113 degrees Fahrenheit
Humidity
5% to 90% Relative Humidity (Operating)
0% to 95% Relative Humidity (Storage)
Altitude
Sea level to 10,000 feet (3 km)
Heat Generation
2219 BTUs per hour (one power supply)
Agency Listings
UL 1950
CSA-C22.2
EN60950
FCC Part 15, Subpart B (Class A)
EN55022, 1987/EN50081
FCC Class B
C.I.S.P.R. 22: 1985
EN50082-1, 1992
IEC 801-2, 1991
IEC 801-3, 1984
IEC 801-4, 1988
VCCI V-3/94.04 (Class A & Class B)
EN 61000-4-2: 1995
EN 61000-4-3: 1995
EN 61000-4-4: 1995
EN 61000-4-5: 1995
EN 61000-4-6: 1996
EN 61000-4-8: 1993
EN 61000-4-11: 1994
ENV 50204: 1996
Page 1-15
Omni Switch/Router Chassis and Power Supplies
OmniS/R-9P Technical Specifications
Total Module Slots
9
Total Slots for Switching Modules
8
Physical Dimensions
24.50” (62.23 cm) high, 16.60” (42.16 cm) wide,
13.25” (36.66 cm) deep
Weight
96 lb. (43.55 kg), fully populated with modules and power
supplies.
Switching Backplane
Up to 22 Gbps (aggregate) switching fabric capacity
Voltage Range
85-270 VAC, 47 to 63 Hz
Current Draw
12 Amps at 100/115 VAC; 6 Amps at 230 VAC
Watts (Output)
725
Current Provided
120 Amps at 5 Volts
6 Amps at 12 Volts
6 Amps at 3.3 Volts
8 Amps at 1.5 Volts
Temperature Operating Range
0 to 70 degrees Celsius
32 to 158 degrees Fahrenheit
Humidity
5% to 90% Relative Humidity (Operating)
0% to 95% Relative Humidity (Storage)
Altitude
Sea level to 10,000 feet (3 km)
Heat Generation
2219 BTUs per hour (one power supply)
Agency Listings
UL 1950; CSA-C22.2 #950-M90; TUV EN60950; CB
Certification IEC 950; FCC Title 47 CRF Part 15, Subpart B
(Class A & Class B); IEC EN55022, 1995 (Class A & Class B)
CISPR 22, 1995; IEC 1000-3-2; IEC 1000-3-3 (EN60555-2); IEC
1000-4-2 (EN61000-4-2, per EN50082-1, 1992); IEC 1000-4-3
(EN61000-4-3, per EN50082-1, 1992); IEC 1000-4-4
(EN61000-4-4) Level 4; IEC 1000-4-5 (EN61000-4-5) Level 4;
IEC 1000-4-6 (EN61000-4-6); IEC 1000-4-8 (EN61000-4-8);
IEC 1000-4-11 (EN61000-4-11); EN50204: 1996.
Page 1-16
Omni Switch/Router Chassis and Power Supplies
OmniS/R-9P-48V Technical Specifications
Total Module Slots
9
Total Slots for Switching Modules
8
Physical Dimensions
24.50” (62.23 cm) high, 16.60” (42.16 cm) wide,
13.25” (36.66 cm) deep
Weight
96 lb. (43.55 kg), fully populated with modules and power
supplies.
Switching Backplane
Up to 22 Gbps (aggregate) switching fabric capacity
Voltage Range
40-60 VDC
Current Draw
23 Amps
Watts (Output)
725
Current Provided
120 Amps at 5.15 VDC
6 Amps at 12 VDC
6 Amps at 3.3 VDC
8 Amps at 1.5 VDC
Temperature Operating Range
0 to 70 degrees Celsius
32 to 158 degrees Fahrenheit
Humidity
5% to 90% Relative Humidity (Operating)
0% to 95% Relative Humidity (Storage)
Altitude
Sea level to 10,000 feet (3 km)
Heat Generation
2219 BTUs per hour (one power supply)
Agency Listings
UL 1950; CSA-C22.2 #950-M90; TUV EN60950; CB
Certification IEC 950; FCC Title 47 CRF Part 15, Subpart B
(Class A & Class B); IEC EN55022, 1995 (Class A & Class B)
CISPR 22, 1995; IEC 1000-3-2; IEC 1000-3-3 (EN60555-2); IEC
1000-4-2 (EN61000-4-2, per EN50082-1, 1992); EN55024 IEC
1000-4-3 (EN61000-4-3, per EN50082-1, 1992); IEC 1000-4-4
(EN61000-4-4) Level 4; IEC 1000-4-5 (EN61000-4-5) Level 4;
IEC 1000-4-6 (EN61000-4-6); IEC 1000-4-8 (EN61000-4-8);
IEC 1000-4-11 (EN61000-4-11); ENV 50204: 1996.
Page 1-17
Omni Switch/Router Chassis and Power Supplies
Omni Switch/Router Power Requirements
Always make sure that the total power requirements of the modules in your chassis do not
exceed the limits of your power supply. To check the power consumption of your configuration, refer to the tables on the following pages and add up the DC Current Draw of all modules
in your switch. The tables beginning on page 1-19 list modules without an HRE-X and the
tables beginning on page 1-20 list modules with an HRE-X.
The total power consumption of all your modules should be below the current provided by
your power supply, which is listed in OmniS/R-3 on page 1-8 for the OmniS/R-3, OmniS/R-5
on page 1-10 for the OmniS/R-5 and OmniS/R-9 and OmniS/R-9P on page 1-13 for the
OmniS/R-9 and OmniS/R-9P. For power consumption and FCC compliance information for
Omni Switch/Router VoIP modules, consult your VoIP User Manual.
♦ Caution ♦
It is possible, but not recommended, to have a
configuration in which the current draw of the installed
modules exceeds the power provided by a single
power supply. However, such a configuration would
require two power supplies and would not allow you to
have power redundancy.
Page 1-18
Omni Switch/Router Chassis and Power Supplies
Module Power Requirements without an HRE-X
Module
Description
DC
Current
Draw
(Amps)
FCC
Class
Approval
MPX
Management Processor Module.
3.75
B
ESX-K-100C-32W
Advanced auto-Sensing 10/100 Ethernet
module with thirty-two (32) RJ-45 ports.
10.25
B
ESX-K-100FM/FS-16W
Advanced Fast Ethernet (100 Mbps) module
with sixteen (16) fiber MT-RJ ports.
9.75
B
GSX-K-FM/FS-2W
Advanced Gigabit Ethernet module with two
(2) fiber SC ports.
5.25
B (STP cable)
A (UTP cable)
WSX-S-2W
WAN module with 2 serial ports
4.75
B
WSX-SC-4W
WAN module with 4 serial ports
6.25
B
WSX-SC-8W
WAN module with 8 serial ports
8.25
B
WSX-BRI-SC-1W
WAN ISDN module with 1 serial and 1 BRI
port
5.75
B
WSX-BRI-SC-2W
WAN ISDN module with 2 serial and 2 BRI
ports
7.25
B
WSX-FT1-SC-1W
WAN module with 1 serial and 1 T1 or E1
port
5.75
A
WSX-FE1-SC-1W
WAN module with 1 serial and 1 T1 or E1
port
5.75
B
WSX-FT1-SC-2W
WAN module with 2 serial and 2 T1 or E1
ports
7.25
B
WSX-FE1-SC-2W
WAN module with 2 serial and 2 T1 or E1
ports
7.25
B
Page 1-19
Omni Switch/Router Chassis and Power Supplies
Module Power Requirements with an HRE-X
Module
Description
DC
Current
Draw
(Amps)
FCC
Class
Approval
MPX-L3
Management Processor Module.
5.25
B
ESX-K-100C-32W-L3
Advanced auto-Sensing 10/100 Ethernet
module with thirty-two (32) RJ-45 ports.
11.75
B
ESX-FM-24W-L3
10 Mbps Ethernet module with twenty-four
(24) fiber VF-45 ports
14.5
B
ESX-K-100FM/FS16W-L3
Advanced Fast Ethernet (100 Mbps) module
with sixteen (16) fiber MT-RJ ports.
11.25
B
GSX-K-FM/FS-2W-L3
Advanced Gigabit Ethernet module with two
(2) fiber SC ports.
6.75
B (STP cable)
A (UTP cable)
WSX-S-2W-L3
WAN module with 2 serial ports
6.25
B (STP cable)
A (UTP cable)
WSX-SC-4W-L3
WAN module with 4 serial ports
7.75
B (STP cable)
A (UTP cable)
WSX-SC-8W-L3
WAN module with 8 serial ports
9.75
B (STP cable)
A (UTP cable)
WSX-BRI-SC-1W-L3
WAN ISDN module with 1 serial and 1 BRI
port
7.25
B (STP cable)
A (UTP cable)
WSX-BRI-SC-2W-L3
WAN ISDN module with 2 serial and 2 BRI
ports
8.75
B (STP cable)
A (UTP cable)
WSX-FT1-SC-1W-L3
WAN module with 1 serial and 1 T1 or E1
port
7.25
B (STP cable)
A (UTP cable)
WSX-FE1-SC-1W-L3
WAN module with 1 serial and 1 T1 or E1
port
7.25
B (STP cable)
A (UTP cable)
WSX-FT1-SC-2W-L3
WAN module with 2 serial and 2 T1 or E1
ports
8.75
B (STP cable)
A (UTP cable)
WSX-FE1-SC-2W-L3
WAN module with 2 serial and 2 T1 or E1
ports
8.75
B (STP cable)
A (UTP cable)
Page 1-20
Omni Switch/Router Chassis and Power Supplies
Grounding a Chassis
Omni Switch/Routers have two grounding screw holes on the back of the chassis. These
holes use 10-32 screws and are approximately 1 inch apart. In addition, these holes do not
have paint and are surrounded by a small paint-free rectangular section, which provides for a
good connection contact.
The figure below shows the location of the grounding screw holes on the back of an
OmniS/R-9. They are located approximately four (4) inches from the bottom of the chassis
and approximately one (1) inch from the left-hand side of the rear of the chassis.
Lifting Handle
Grounding Screw Holes
Grounding Screw Holes on an OmniS/R-9
On an OmniS/R-5, the grounding screw holes are located approximately one (1) inch from
the bottom of the chassis and approximately one (1) inch from the left-hand side of the rear
of the chassis.
On an OmniS/R-3, they are located approximately four (4) inches from the bottom of the
chassis and approximately one (1) inch from the left-hand side of the rear of the chassis.
Page 1-21
The Omni Switch/Router Hardware Routing Engine (HRE-X)
The Omni Switch/Router
Hardware Routing Engine (HRE-X)
The Omni Switch/Router Hardware Routing Engine (HRE-X) is available for the MPX and all
Omni Switch/Router switching modules. The HRE-X is a submodule, which plugs into an
Omni Switch/Router module, that provides high speed Layer 3 distributed routing for IP and
IPX traffic. The HRE-X intercepts frames from the switching logic and determines if a frame
should be switched or routed. If a frame needs to be routed, the HRE-X will automatically add
the appropriate routing information.
Backplane Connector
HRE-X
Module Front Panel
MPX with an HRE-X
The HRE-X has the following restrictions:
• You must have Release 3.4.4 software, or later, on your Omni Switch/Router.
• Do not install an HRE-X on an MPX unless it is Revision A10, or later.
• Do not install an HRE-X on a GSX-FM/FS-4W unless it is Revision B04, or later.
Page 1-22
The Omni Switch/Router Hardware Routing Engine (HRE-X)
Each HRE-X routes up to 1.5 million packets per second. In an OmniS/R-9 with an HRE-X on
every switching module, for example, you could have up to 12 Mpps routed throughput. On
a per switch basis, the HRE-X also supports over 256,000 route entries and 64,000 Next Hop
destinations.
Valid HRE-X Configurations
You can configure an Omni Switch/Router chassis in one of two ways: with an HRE-X on
every single Omni Switch/Router switching module (distributed routing) or a single HRE-X on
the MPX (centralized routing).
In this configuration, you must install an HRE-X on every single switching
module in the chassis. In addition, you cannot install an HRE-X on the MPX. For example, in
an OmniS/R-9 with a single MPX, you would need eight (8) HRE-Xs for all the switching
modules. As a general rule, this configuration is recommended in networks of more than four
subnets from any one switch.
Distributed Routing.
Centralized Routing. In this configuration, you must install the HRE-X on the MPX but not on
any Omni Switch/Router switching modules. The HRE-X will perform routing for all Omni
Switch/Router switching modules in the chassis. As a general rule, this configuration is recommended for networks of two to four subnets from any one switch.
HRE-X Router Registers versus Feature Limitations
The HRE-X has three (3) registers that can be programmed with a MAC address and mask that
allows it to recognize which destination MAC addresses it should act as a router for. IP Routing, Virtual Router Redundancy Protocol (VRRP), ATM Classical IP (CIP), and Channelized DS3
(i.e., M013) utilize at least one of these registers for their operation. This leads to a restriction
of the combination of these features that can be supported on an Omni Switch/Router at any
given time.
♦ Important Note ♦
ATM and M013 are not supported in Release 4.5.
The HRE-X registers are programmed on a first come, first served basis. Any attempt to
program more than three registers fails. In current release, the order which these features
program the HRE-X is as follows:
1. ATM CIP
2. IP Routing (Note: If there is a second base MAC configured on the MPX, then it will also
take a second register.)
3. M013
4. VRRP
For example, if a switch has two base MACs and a CIP group, then no other features can be
configured. Any combination of the above features will work given the available HRE-X registers. IP routing always takes one register (two in the dual base MAC case), leaving the other
features to compete for the remaining two (one in the dual base MAC case). The other
features attempt to program a register only if they are enabled.
♦ Note ♦
ATM CIP is limited to 128 end node route cache entries.
Page 1-23
Connecting a DC Power Source to an OmniS/R-PS5-DC375
Connecting a DC Power Source to an
OmniS/R-PS5-DC375
The OmniS/R-5 can use a DC power supply called the OmniS/R-5-DC375. This power supply
contains a female power connector as shown in the figure below. This supply requires the
use of 12 gauge wire. A clamp inside each connector keeps the power wire tightly in place
during operation. This connector has side screws that can be used to remove the connector.
OmniS/R-PS5-DC375
(-)/(+)/GND
GND =
OmniS/R-5 DC Power Supply Connector Style
Installing DC Power Source Wire Leads
These instructions describe how to connect your 3-wire DC power source to the power
connector on your DC power supply. A small flat-tip screwdriver and a wire stripper are
required for this procedure.
1. Prepare the three (3) wires—12 gauge—that will plug into the power supply. First, make
sure they are not plugged into the 48-volt power source.
2. Next, use a wire stripper to carefully strip about a half-inch off the end of each wire,
removing the outer insulation to expose the copper core.
3. Twist the loose strands of copper wire together so that they form a tight braid. If possible, solder the entire braid of wire together for better conductivity.
4. Open the wire bay door for one of the three (3) power connector holes. The front of this
connector contains a row of square holes. It also contains three (3) circular holes on top
that contain screws; you loosen the screws in these holes to open the wire bay doors
(square holes) on the connector front so that you can insert the wire lead.
a. Insert a small flat-tip screwdriver into one of the top three (3) screw holes.
b. Loosen the screw so that the door for the wire bay on the connector front opens.
Page 1-24
Connecting a DC Power Source to an OmniS/R-PS5-DC375
Loosen Screw.
(-)/(+)/GND
Door inside square hole will
open when screw is loosened in
top circular hole.
Opening Wire Bay on Screw-Style Connector
5. Insert the appropriate wire lead into the open circular hole. The silkscreen above each
hole indicates which power lead—negative (-), positive (+), or ground (GND)—to plug
into which hole. The lead you insert must match the lead attached to the 48-volt power
source (i.e., negative to negative, positive to positive, ground to ground).
♦ Warning ♦
You must plug DC wire leads into the correct holes in
the DC power connector. Use the labels above the DC
power connector as a guide to positive, negative, and
ground connections.
If you plug wire leads into wrong holes the power
supply will not work and could result in damage.
Push the wire in far enough such that it reaches the back wall of the connector, about a
half inch inside.
(-)/(+)/GND
This end would plug into the
negative (-) power source. The
middle lead would plug into
the positive (+) power source
and the rightmost lead would
plug into the ground (GND).
Inserting the Wire Lead Into the Circular Hole
6. Close the wire bay. Use the small screwdriver (from Step 4a) to tighten the screw above
the wire bay into which you inserted the wire lead. The wire lead should be securely
attached inside the connector. You should be able to pull on the wire and not dislodge it.
Page 1-25
Connecting a DC Power Source to an OmniS/R-PS5-DC375
7. Repeat Steps 4 through 6 for the remaining two wire leads. Be sure that the end of each
lead attaches to the same power source that you connected to on the power supply (i.e.,
negative to negative, positive to positive, ground to ground).
Page 1-26
Connecting a DC Power Source to an OmniS/R-PS9-DC725
Connecting a DC Power Source to an
OmniS/R-PS9-DC725
The OmniS/R-9P can use a DC power supply called the OmniS/R-PS9-DC725. This power
supply contains a female power connector as shown in the figure below. This supply requires
the use of 10 gauge wire. A clamp inside each connector keeps the power wire tightly in
place during operation.
OmniS/R-PS9-DC725
GND/(+)/(-)
GND =
OmniS/R-9P DC Power Supply Connector Style
Installation Requirements
Caution: To reduce the risk of electric shock or energy hazards:
• The branch circuit overcurrent protection must be rated at a minimum of 30 A (amperes)
for the OmniS/R-9P PS9-DC725.
• Use 10 gauge (AWG - American Wire Gauge) solid copper conductors only for the
OmniS/R-9P PS9-DC725.
• A readily-accessible disconnect device that is suitably approved and rated shall be incorporated in the field wiring.
• This device is to be installed in a restricted access area in accordance with the NEC
(National Electrical Code) or the authority having jurisdiction.
• Connect this device to a reliably grounded SELV (Safety Extra Low Voltage) or a centralized DC source.
Page 1-27
Connecting a DC Power Source to an OmniS/R-PS9-DC725
Installing DC Power Source Wire Leads
These instructions describe how to connect your 3-wire DC power source to the power
connector on your DC power supply. A small flat-tip screwdriver and a wire stripper are
required for this procedure.
1. Prepare the three (3) wires—10 gauge—that will plug into the power supply. First, make
sure they are not plugged into the 48-volt power source.
2. Next, use a wire stripper to carefully strip about a half-inch off the end of each wire,
removing the outer insulation to expose the copper core.
3. Twist the loose strands of copper wire together so that they form a tight braid. If possible, solder the entire braid of wire together for better conductivity.
4. Open the wire bay door for one of the three (3) power connector holes. The front of the
power connector contains a row of square holes. It also contains three (3) circular holes
(located directly above the square holes) that contain screws; you loosen the screws in
these holes to open the wire bay doors (square holes) on the connector front so that you
can insert the wire leads into the power connector.
a. Insert a small flat-tip screwdriver into one of the three (3) screw holes.
b. Loosen the screw so that the door for the wire bay on the connector front opens.
Loosen Screw.
GND/(+)/(-)
Door inside square hole will
open when screw is loosened in
circular hole directly above it.
Opening Wire Bay on DC Power Supply Connector
5. Insert the appropriate wire lead into the open circular hole. The silkscreen above each
hole indicates which power lead—ground (GND), positive (+), or negative (-)—to plug
into which hole. The lead you insert must match the lead attached to the 48-volt power
source (i.e., ground to ground, positive to positive, negative to negative).
♦ Warning ♦
You must plug DC wire leads into the correct holes in
the DC power connector. Use the labels above the DC
power connector as a guide to ground, positive and
negative connections.
If you plug wire leads into the wrong holes, the power
supply will not work and could result in damage.
Push the wire in far enough so that it reaches the back wall of the connector, about a half
inch inside.
Page 1-28
Connecting a DC Power Source to an OmniS/R-PS9-DC725
GND/(+)/(-)
This end would plug into the
ground (GND). The middle
lead would plug into the positive (+) power source and the
rightmost lead would plug into
the negative (-) power source.
Inserting the Wire Lead Into the Circular Hole
6. Close the wire bay door. Use the small screwdriver (from Step 4a) to tighten the screw
above the wire bay into which you inserted the wire lead. The wire lead should be
securely attached inside the connector. You should be able to pull on the wire and not
dislodge it.
7. Repeat Steps 4 through 6 for the remaining two wire leads. Be sure that the end of each
lead attaches to the same power source that you connected to on the power supply (i.e.,
ground to ground, positive to positive, negative to negative).
Page 1-29
Replacing Power Supplies (9-Slot Chassis)
Replacing Power Supplies (9-Slot Chassis)
If a power supply ever needs to be replaced in an Omni Switch/Router 9-slot Chassis (e.g.,
OmniS/R-9 or OmniS/R-9p), it is strongly recommended that power supplies not be mixed,
except under the conditions and exceptions shown in the following table.
♦ Note ♦
In all cases, swapping operations must be made with
the power switch of the replacement power supply
turned OFF. Failure to turn the power switch off during
the swapping operation may cause the data switch to
reset and restart.
Replacing Power Supplies (9-Slot Chassis)
Page 1-30
If One of Two
Power Supplies
Fails
Revision
Replace
With
650-watt
Pre-M1
Both
Power
Supplies
Two 650-watt (Revision M1+)
or two 725-watt Power
Supplies
650-watt
M1 or later
Failed
Power
Supply
One 650-watt (Revision M1+)
or one 725-watt Power
Supply
725-watt
Any
Failed
Power
Supply
One 725-watt Power Supply
2
The Omni Switch/Router MPX
Omni Switch/Router Management Processor Module
(MPX) Features
The MPX provides such system services as maintenance of user configuration information,
downloading of switching module software, basic bridge management functions, basic routing functions, the SNMP management agent, access to the User Interface software, and
Advanced Routing. In addition, the MPX can operate in a redundant configuration with
another MPX.
♦ Important Note ♦
If you have a single MPX in your chassis, it must be
installed in Slot 1.
With the optional HRE-X, which is described in Chapter 1, “Omni Switch/Router Chassis and
Power Supplies,” you can increase routing performance to 1.5 million packets per second.
MPX Technical Specifications
Flash Memory
8 MB (32 MB maximum); 16 MB required for Release 4.4 and
later
SIMM (DRAM) Memory
32 MB (128 MB maximum); 64 MB required for Release 4.4 and
later
SDRAM Memory
16 MB
MAC Addresses Supported
4096
Switching Backplane
Up to 22 Gbps (aggregate) switching fabric capacity
Serial Ports
2 (1 male DB9 modem connector and 1 female DB9 console
connector)
Ethernet (10 Mbps) Switch
Management Ports
1 copper RJ-45 or fiber (ST) port for switch management
functions.
Current Draw
3.75 amps without an HRE-X
5.25 amps with an HRE-X
♦ Warning ♦
Do not install any version of the MPM (i.e, MPM-C,
MPM-1G, MPM-II, MPM-III, or original MPM) in a chassis
with an MPX or any OmniSwitch switching module.
Installing an MPM in a chassis with an MPX can cause
physical damage.
Page 2-1
Omni Switch/Router Management Processor Module (MPX) Features
Label . This label will indicate the
Warning Label. This label indicates
Ethernet management port type. It
will read either MPX 10 mm (multimode fiber Ethernet port) or MPX 10 (copper RJ-45 Ethernet port).
PS
K1 K2
O
O
1
PS
2
MPX 10 mm
CLASS 1 LASER PRODUCT
that the module contains an optical
transceiver (on the MPXs with fiber
ST Ethernet ports only).
PS1 (Power Supply 1 Status).
This dual-state LED is on Green
when the switch is receiving the
proper voltage from Power Supply 1. It is on Amber when
Power Supply 1 is on, but not
supplying the correct amount of
voltage to power the switch, or is
installed and turned off. The PS1
LED is Off when the Power SupModule ply 1 is not present.
Status
PS2 (Power Supply 2 Status).
LEDs
This dual-state LED is on Green
when the Omni Switch/Router is
receiving the proper voltage from
Power Supply 2. It is on Amber
when Power Supply 2 is on, but
not supplying the correct amount
of voltage to power the switch,
or is installed and turned off. The
PS2 LED is Off when Power Supply 2 is not present.
SE
M
TE
I
PR
C
OK1 (Hardware Status). This dualstate LED is on Green when the MPX
has passed power-on hardware diagnostics successfully. On Amber when
the hardware has failed diagnostic
tests. If the OK1 LED is alternating
Green and Amber, then file system
compaction is in progress.
P
M
O
D
EM
Caution
Module
Status
LEDs
C
O
N
SO
LE
Do not power down the Omni
Switch/Router or insert any
modules while the OK1 LED is
alternating Green and Amber.
If you do, file corruption may
result and you will not be able
to restart the switch.
L
O
C
K
N
LI T
AC
OK2 (Software Status). Blinking Green
ET
H
X
ER
R
N
ET
Caution
Do not insert or remove any
modules while the MPX OK2
LED is blinking Amber. If you
do, file corruption may result
and you will not be able to
restart the switch.
TX
when the MPX has successfully loaded software to the switching modules.
Blinking Amber when the MPX is in a
transitional state, such as when it first
boots up. If the OK2 LED blinks
Amber for an extended period of time
(i.e., more than a minute), then you
should reboot the switch.
TEMP (Temperature). On Yellow to warn that the internal
switch temperature is approaching maximum operating limits.
Note that this LED comes on
before the temperature limit is
reached.
PRI (Primary MPX). On Green
when this MPX is the active, or
controlling, MPX. It is also on
Green when this is the only MPX
installed in the switch.
SEC (Secondary MPX). On Green
when this MPX is the secondary
MPX in a redundant MPX configuration. As the secondary MPX,
this module is in hot standby
mode.
Omni Switch/Router Management Processor Module (MPX) Status LEDs
Page 2-2
Omni Switch/Router Management Processor Module (MPX) Features
MPX 10
K1 K2
O
O
1
PS
2
PS
SE
M
TE
I
PR
C
Modem Connector. A male serial DB9 DTE connector for switch file transfers and network management functions.
P
M
O
Console Connector. A female serial
DB-9 DCE connector for switch file
transfers and network management
functions.
D
EM
The MPX module includes one row
of LEDs for the Ethernet management port.
C
O
N
SO
LE
ET
H
ER
N
ET
COL (Collision). On Yellow
when a collision has been
detected on the port.
L
O
C
K
N
LI T
AC
ACT (Activity). On Green when
data is transmitted or received
on the Ethernet management
port.
Port
LEDs
LINK (Link Status/Disabled).
On Green continuously when a
good cable connection exists.
Off when a good connection
does not exist.
Ethernet Management Port. Copper
RJ-45 (shown here) and fiber ST
ports are available for rapid switch
file transfers and network management functions.
MPX Management Connectors
Page 2-3
MPX Serial and Ethernet Management Ports
MPX Serial and Ethernet Management Ports
You can gain access to switch management software through one of the two serial (RS-232)
ports on the MPX or the Ethernet management port. The two serial ports are configured with
9-pin “D” connectors (DB-9) per the IBM AT serial port specification. One port, called the
“modem” port, is male and the other, called the “console” port, is female. See MPX Management Connectors on page 2-3 for illustrations of these ports.
The modem port is a Data Terminal Equipment (DTE) connector, which is typically connected
to a modem. You can also connect directly from this port to a PC or terminal with a standard
null-modem cable available in most computer equipment stores.
♦ Note ♦
The modem port is hard-wired for DTE communication; you do not need to set any jumpers.
The console port is a Data Communication Equipment (DCE) connector, which can be directly
connected to a PC, terminal, or printer.
MPX Console Port Specifications
1
Pin Number
Standard Signal
Name
1
Not Used
2
RD
From MPX
3
TD
To MPX
4,
Not Used
5
GND
6
Not Used
7
Not Used
8
Not Used
9
Not Used
Shell
Shield GND
5
6
9
MPX Console Port
Page 2-4
Direction
MPX Serial and Ethernet Management Ports
MPX Modem Port Specifications
1
Pin Number
Standard Signal
Name
Direction
1
Not Used
2
RD
To MPX
3
TD
From MPX
4,
DTR
From MPX
5
GND
6
DSR
To MPX
7
RTS
From MPX
8
CTS
To MPX
9
Not used
Shell
Shield GND
5
6
9
MPX Modem Port
Ethernet Management Port
The MPX also supports an out-of-band Ethernet port for high-speed uploads and switch
management functions. With this port, you can access the Omni Switch/Router over a
network via Telnet or FTP.
You can use the Boot prompt to configure an IP address for the Ethernet management port or
you can use the ethernetc command, which is described in Chapter 6, “Configuring Management Processor Modules.” After you have assigned an IP address to the Ethernet management port, you can use it to Telnet into the UI.
See Appendix A, “The Boot Line Prompt,” for documentation on configuring the Ethernet
management port with the boot prompt.
♦ Important Note ♦
On some revisions of the MPX, you must configure the
Ethernet management port with the boot prompt before
you can use the ethernetc command.
See the table on the following page for available Ethernet management port types.
Page 2-5
MPX Serial and Ethernet Management Ports
MPX Model
Ethernet Management Port
Type (Cable Type)
Max. Cable
Distance
MPX-T
RJ-45 (UTP)
100 meters
MPX-FL
ST (Multimode fiber)
2 kilometers
Configuring MPX Serial Ports
The serial communications parameters for the two MPX serial ports are set by default to the
following:
•
•
•
•
•
9600 bits per second (bps)
8 data bits
1 stop bit
no parity
no hardware flow control (Windows 95)
Each serial port supports serial data rates of 1200, 9600, 19200, and 38400 bps. However, you
must remove the default baud rate shunt (E1), which fixes the baud rate at 9600 bps, before
you can change the baud rate. This shunt is located near the front end of the MPX’s circuit
board, just to the right of the Ethernet management port.
To change the serial port configuration parameters, use the ser command, which is described
in detail in Chapter 6, “Configuring Management Processor Modules.”
Page 2-6
Flash Memory and Omni Switch/Router Software
Flash Memory and Omni Switch/Router Software
Flash memory on the MPX holds the Omni Switch/Router’s executable images and configuration data. When a switching module comes online, the MPX downloads the appropriate image
file for that module to that module’s memory. Image files (those with the img extension)
contain executable code for different switching modules and software features.
The following table lists Omni Switch/Router image files that may be present in MPX flash
memory along with the module(s) or feature with which the file is used.
File Name
Modules/Function Used With
mpx.img
mpx.cmd
mpm.cfg
mpm.cnf
MPX
desx.img
Ethernet port stress test software
diagx.img
Diagnostics software
esx.img
All GSX and ESX modules
fwdx.img
IP Fastpath and Firewall software
gated.img
Advanced Routing software
ipcntrl.img
IP control software
ipms.img
IPMS software
isdn.img
WSX-BRI-SC
mrd.img
Advanced Routing software
ntp.img
Network Time Protocol (NTP) software
policy.conf
PolicyManager file comprised of a MAC address and time that uniquely
identifies the switch(es) to which the policy applies
policy.img
PolicyView software
qos.img
Quality of Service (QOS) software
rav.img
RADIUS authentication software
t1e1drv.img
WSX-FT1/E1-SC
text_cfg.img
Text-based configuration software
vrrp.img
VRRP software
vsmboot.asc
Boot file for Voice Over IP (VOIP) modules
vsx.img
Voice Over IP (VOIP) modules
web.img
HTTP browser client software
wsx.img
WSX-S-2W, WSX-SC-4W, WSX-SC-8W (Frame Relay and PPP software)
Page 2-7
Flash Memory and Omni Switch/Router Software
Flash Memory Guidelines
The switch alters flash memory contents when a software command requests a configuration
change, when a remote administrator downloads a new executable image, or when the
switch fails and a record of the failure is written to flash memory. These operations require
available space in flash memory.
In general the flash memory on the switch should always have at least 75000 bytes available
at all times. In a switch with 8 MB of flash memory, for example, the images in flash should
never exceed 7.45 MB. (You can view how much flash memory is available through the ls
command.) This will allow enough room in flash for booting and configuration file expansions. If your flash memory exceeds this amount, then you need to delete some images from
flash.
In addition, the flash file system has a limit of 256 files, including configuration, logging, and
other files. When this 256-file limit is reached, configuration file expansions will cease and
new files will not be able to be loaded. This file limit applies even if there is enough memory
available in flash.
Not all image files in flash memory are required—only those that must be used with the
switching modules in your Omni Switch/Router. You can remove any files that are not
required for your Omni Switch/Router configuration by using the rm command. For example,
if you do not have T1/E1 ports, you could remove the t1e1drv.img file.
Page 2-8
MPX Redundancy
MPX Redundancy
In order to provide greater reliability, Omni Switch/Router supports two MPXs in a
primary/secondary redundant configuration. If the primary MPX fails, the secondary MPX takes
over without any operator intervention.
♦ Warning ♦
Do not install any version of the MPM (i.e, MPM-C,
MPM 1G, MPM II, or original MPM) in a chassis with an
MPX. Installing an MPM in a chassis with an MPX can
cause physical damage. If you want to configure an
Omni Switch/Router chassis in a redundant configuration, you must use two MPXs.
When you have two MPXs in one chassis, they must be installed in Slots 1 and 2, and only
one can be active. MPXs will assume one of the following roles.
• Primary - The MPX that is currently active and processing commands. It is also the MPX that
is communicating via Telnet, FTP, etc.
• Secondary - An MPX that is currently not the primary. It has sufficient software to communicate with the primary MPX. (For full redundancy, the secondary MPX should also have
the same software version as the primary and its configuration should be in sync with the
primary.) In this state, it is capable at any time of assuming the primary role.
The LEDs on each MPX reflect the same status with the exception that the primary’s PRI LED is
on whereas the secondary’s SEC LED is on. Also, the secondary MPX’s OK2 LED will not flash
amber during board transitions. See Omni Switch/Router Management Processor Module
(MPX) Status LEDs on page 2-2 for locations of the LEDs.
♦ Important Note ♦
To support redundancy, your MPX must be Revision
A14 or higher.
Change-Over Procedure
The secondary MPX continuously monitors the primary MPX. This monitoring serves two
purposes: 1) to notify the secondary MPX that the primary is alive and processing, and 2) to
update the configuration and thus keep the two MPXs in sync. If the secondary MPX detects
that the primary is no longer operational, it will begin to take over as primary. When a
secondary MPX becomes primary it resets all the other modules in the chassis and performs a
primary MPX initialization.
There are four states for an MPX configuration. You can view the current MPX state through
the slot command. These states are described in the table below. Note that for a
primary/secondary configuration to be in a “redundant” state, the relationship between the
two MPXs must meet the conditions shown in the table.
Page 2-9
MPX Redundancy
MPX State
Requirement for State
Redundant
Both MPXs are running the same version of software
and the configurations are in sync.
Configuration Fallback
Both MPXs are running the same version of software
but the configurations are different.
Software Fallback
The MPXs are running different versions of software,
and their configurations may be the same or different.
None
There is only one MPX installed in the chassis.
The primary MPX has the ability to transfer files to and from the secondary MPX. In the condition where the secondary MPX has an older version of software (Software Fallback), it is not
desirable to update the configuration file of the secondary. It is therefore the default not to
update the configuration file on the secondary if the secondary is running an earlier version
of software. You can force the update using appropriate commands in the mpm menu. (See
Chapter 6, “Configuring Management Processor Modules,” for more information on commands
in the mpm menu.)
♦ Note ♦
Do not remove a primary MPX without performing a
renounce command (described in Chapter 6, “Configuring Management Processor Modules”) first.
MPX Redundancy Commands
A set of commands exists to monitor the primary and secondary MPXs. These commands are
covered in detail in Chapter 6, “Configuring Management Processor Modules.” Note that you
can attach a terminal to both MPXs in a chassis; however, you will see a different responses
depending on which is primary and which is secondary. You should execute all UI
commands from the primary MPX except for those commands specifically addressing the
secondary MPX. For example, commands are available to control and monitor the secondary
MPX from the primary MPX (e.g., the sls command lists files on the secondary MPX from the
primary MPX).
Page 2-10
3
Omni Switch/Router
Switching Modules
Omni Switch/Router switching modules perform software filtering, translations between
dissimilar network interfaces, and hardware-based switching. Omni Switch/Router switching
modules have an additional on-board interface connector for the HRE-X.
Currently, Omni Switch/Router switching modules consist of Gigabit Ethernet modules, autosensing 10/100 Ethernet modules, Fast (100 Mbps) Ethernet modules, 10 Mbps Ethernet
modules, Voice Over IP (VOIP) modules, and WAN modules.
♦ Important Note ♦
Omni Switch/Router modules require the use of an
Omni Switch/Router chassis (see Chapter 1, “Omni
Switch/Router Chassis and Power Supplies”). Do not
install an Omni Switch/Router module in an
OmniSwitch chassis and do not install an OmniSwitch
module in an Omni Switch/Router chassis.
Gigabit Ethernet Modules
• GSX-K-FM/FS/FH-2W
Advanced 2-port Gigabit Ethernet switching module
10/100 Ethernet Modules
• ESX-K-100C-32W
Advanced 32-port auto-sensing 10/100 Ethernet switching
module
Fast (100 Mbps) Ethernet Modules
• ESX-K-100FM/FS-16W
Advanced 16-port Fast Ethernet (100 Mbps) switching module
WAN Modules
• WSX-S-2W
2 serial ports that support the frame relay or PPP protocol.
• WSX-SC-4W/8W
4 or 8 serial ports that support the frame relay or PPP protocol.
• WSX-FT1/E1-SC-1W/2W
1 or 2 T1/E1 ports and one or two serial ports that support the
frame relay or PPP protocol
• WSX-BRI-SC-1W/2W
1 or 2 UPS (Universal Serial Port) and 1 or 2 ISDN-BRI ports that
support Frame Relay or PPP
Voice Over IP Modules
Voice Over IP (VOIP) modules for the Omni Switch/Router are listed below and are documented in the VoIP User Manual.
• VSX-A
4, 6, 8, 14, or 16 analog RJ-11 ports supporting FXS and FXO
interfaces, including T.38 FAX
• VSX-VSD
2 or 4 digital T1 or E1 (Euro PRI and Qsig) ports, including
T.38 FAX
Page 3-1
Omni Switch/Router Hardware Routing Engine
The HRE-X offers high-speed Layer 3 switching from 1.5 to 12.0 million packets per second
(Mpps) in a fully loaded chassis. See Chapter 1, “Omni Switch/Router Chassis and Power
Supplies,” for more information on the HRE-X.
♦ Important Note ♦
Omni Switch/Router switching modules require an
MPX. You cannot install any version of the MPM (i.e,
MPM-III, MPM-C, MPM-1G, MPM-II, or original MPM) in a
chassis with an MPX. See Chapter 2, “The Omni
Switch/Router MPX,” for more information on the MPX.
Page 3-2
Required Image Files
See the table below for the required images files for the MPX and switching modules. You
must load the image file (or files) listed for the corresponding module or it will not run.
Required Image Files
Module
Image File(s)
MPX
mpx.img, fpx.img
ESX-K-100C-32W
esx.img
ESX-K-100FM/FS-16W
esx.img
GSX-K-FM/FS/FH-2W
esx.img
VSX-VSA
vsx.img, text_cfg.img, vsmboot.asc
VSX-VSD
vsx.img, text_cfg.img, vsmboot.asc
WSX-S-2W
wsx.img
WSX-SC-4W
wsx.img
WSX-SC-8W
wsx.img
WSX-BRI-SC-1W/2W
wsx.img, isdn.img
WSX-FT1-SC-1W/2W
wsx.img, t1e1drv.img
WSX-FE1-SC-1W/2W
wsx.img, t1e1drv.img
Page 3-3
Installing a Switching Module
Installing a Switching Module
All switching modules can be inserted and removed from the switch chassis while power is
on or off without disrupting the other modules. A standard screwdriver is required for installing and removing switching modules. You can also hot swap modules of the same type while
the switch is active.
Switching modules may be installed in any slot other than Slot 1. (Slot 1 is reserved for an
MPX.) In a setup with redundant MPX modules, Slots 1 and 2 are reserved for the MPXs. Additional modules can be installed in any available slot. (OmniS/R-3 slots are numbered 1 to 3
starting from the topmost slot. OmniS/R-5 slots are numbered 1 to 5 starting from the topmost
slot. OmniS/R-9 slots are numbered 1 to 9 starting from the left.)
♦ Anti-Static Warning ♦
Before handling a switching module, free your hands
of static by wearing a grounding strip, or by grounding
yourself properly. Static discharge can damage the
components on the switching module.
To insert a switching module follow these instructions:
1. Holding the module firmly in both hands, carefully slide it into the card guide. The front
panel connectors and LEDs should face outward. In a 9-slot Omni Switch/Router, the
component side of the board should face right (toward the power supply). In a 3- or 5slot Omni Switch/Router, the component side should face up.
The module should slide in easily. A large amount of force is not necessary and should
not be used. If any resistance is encountered, check to be sure that the module is aligned
properly in the card guide.
Switch Module
Slide Card In
Card Guides
Page 3-4
Installing a Switching Module
2. Once the module is in the slot, close the two card ejectors (one on each end of the
module) by pressing them in toward the module until they snap into place.
3. Use a standard screwdriver to tighten the two screw fasteners to secure the module inside
the chassis. The screws should be tight enough such that a screwdriver would be necessary to loosen the screws.
Page 3-5
Installing a Switching Module
Removing a Switching Module
To remove a switching module, follow the instructions below. If you are “hot swapping” the
modules (i.e., removing and inserting while power is on), see Hot Swapping a Switching
Module on page 3-7.
♦ Anti-Static Warning ♦
Before handling a switching module, free your hands
of static by wearing a grounding strip, or by grounding
yourself properly. Static discharge can damage the
components on your switching module.
1. Loosen the screw fasteners at the top and bottom of the switching module using a standard screwdriver.
2. Gently unlock the two card ejectors by pulling them out away from the module.
3. With both hands, carefully pull the module free of the chassis enclosure.
Page 3-6
Hot Swapping a Switching Module
Hot Swapping a Switching Module
You may remove and insert switching modules while the switch is running. This technique is
referred to as “hot swapping.” When you hot swap, you must replace the module with the
same module type as the one you removed. For example, if you remove an ESX switching
module you must replace it with another ESX switching module.
♦ Note ♦
You cannot hot swap a module into a previously
empty slot. To use an empty slot, you must power
down your chassis.
Perform the following steps to safely hot swap a switching module. (You cannot hot swap a
primary MPX module.) Since this procedure could possibly disrupt the network, it is best to
hot swap during network down times.
1. At the system prompt, enter
swap on <minutes>
where minutes is the number of minutes you want the switch to be in swap mode (the
default is 5 minutes). A message similar to the following will be displayed.
Swap is ON for 5 minutes
The swap mode must be enabled (ON) to insert a switching module. If not, the system
may halt or restart. (See Chapter 6, “Configuring Management Processor Modules,” for
more information on the swap command.)
♦ Caution ♦
Modules can only be reset and hot-swapped when the
MPX’s OK2 light is in its normal flashing green state.
2. Enter reset, followed by the slot number of the switching module you want to hot swap,
then followed by the word disable. (See Chapter 36, “Running Hardware Diagnostics,” for
more information on the reset command.) For example, if you want to hot swap the
switching module in slot 4, you would enter
reset 4 disable
at the system prompt. Next, the switch will prompt you to confirm the reset. The following is an example of the display for an ESX module. The display for other types of switching modules will be similar.
Resetting slot of type F-Ether/M may crash system
Attempt reset anyway {Y/N}? (N) :
Press y and then press <Enter>. If the switching module is in slot 4, a message similar to
the following will be displayed.
resetting slot 4 to disable
3. The MPX’s OK2 LED will flash amber 1 or 2 times, then return to normal flashing green.
The switching module’s OK1 LED will turn amber and the OK2 LED will not be illuminated. Remove all cables attached to ports on the switching module that you are going to
swap out.
Page 3-7
Hot Swapping a Switching Module
4. Carefully remove the switching module from the chassis and put it in a safe place. (See
Removing a Switching Module on page 3-6 for instructions on removing a switching
module.) The MPX’s OK2 LED will flash amber 1 or 2 times, then return to normal flashing
green. In addition, the swap time will reset to its original value. (For example, if you set
the swap time to 15 minutes in step 1, you will have 15 minutes again, regardless of how
much time has elapsed.)
♦ Warning ♦
Removing or inserting the switching module while the
MPX’s OK2 LED is flashing amber can cause the system
to reset.
5. Carefully insert the new switching module into the chassis. (See Installing a Switching
Module on page 3-4 for instructions on inserting a switching module.)
♦ Caution ♦
When re-installing a module during a hot swap, it must
make a proper connection to the switch backplane.
The connection is made when you close the card ejectors. Always close the card ejectors firmly and briskly,
without hesitation. Closing them too slowly can cause
the switch to halt or restart.
The MPX’s OK2 LED will flash amber 1 or 2 times, then return to normal flashing green. If,
after hot-swapping modules, the MPX’s OK2 LED continues to flash amber for more than
about 8 seconds, it means that the switch needs to be reset.
The swap time will again reset to its original value.
6. Re-insert the cables that were removed in step 3 into the new switching module.
7. Enter reset followed by the slot number for the new switching module. For example, if
the new switching module is in slot 4, you would enter
reset 4
at the system prompt. Next, the switch will prompt you to confirm the reset. The following is an example of the display for an ESX module. The display for other types of switching modules will be similar.
Resetting slot of type F-Ether/M may crash system
Attempt reset anyway {Y/N}? (N) :
Press y and then press <Enter>. If the switching module is in slot 4, a message similar to
the following will be displayed.
resetting slot 4 to enable
8. The MPX’s OK2 LED will flash amber 1 or 2 times, then return to normal flashing green.
The switching module’s OK1 LED will turn from amber to solid green and the OK2 LED
will be blinking green. If the OK1 LED on the switching module is amber, then the hardware has failed diagnostics or the corresponding image file for the module is not in flash
memory. If the OK2 LED on the switching module is solid amber, then the module failed
to download software from the MPX.
Page 3-8
Diagnostic Tests
9. If the hot swapping mode has not timed out, enter
swap off
at the system prompt. Something like the following will then be displayed.
Swap is OFF, timeout is 5 minutes
usage swap { ON [ minutes ] | OFF [ minutes ] }
Diagnostic Tests
All switching modules are subjected to extensive power-on diagnostics during the Power-On
Self-Test cycle (POST). These diagnostics are designed to be as extensive as possible without
causing disruption to external networks or requiring special test connections. While the diagnostics are running, the MPX OK2 LED will be flashing green. LEDs on the switching module
can provide information on the success or failure of these tests. Also refer to Chapter 35,
“Troubleshooting,” for information on error conditions reflected in the LED displays.
More extensive diagnostic tests are available for off-line testing of switching modules. See
Chapter 36, “Running Hardware Diagnostics,” for further information.
Page 3-9
Handling Fiber and Fiber Optic Connectors
Handling Fiber and Fiber Optic Connectors
Using fiber is extremely simple, but a few important rules should always be followed:
Step 1. Use Premium Grade Jumper Cables with Duplex SC Connectors
There are many brands of fiber optic jumper cables, with a wide range of quality between
each manufacturer. Premium cables do three things well:
• They provide a good polish on the fiber optic connector endface (where the light exits the
cable). Endface geometries must be exceptionally precise and aligned to extremely tight
tolerances. The better the endface geometry, the lower the loss and more consistent the
connection. Poor connector interfaces will reflect light back into the laser, causing an
increase in laser noise.
• They mate well with other connector interfaces. Chances are the manufacturer of the
jumper cable will not be the same as the manufacturer of the transceiver connector interface. Premium jumper cables mechanically align themselves well into most transceiver
interfaces. This provides both better performance as well as better repeatability. You will
always see a variance in transceiver power due to connector alignment, often as much as
0.3 to 0.7 dB. Good jumper cables help reduce this variance.
• They continue to mate well after many insertions and removals. Premium grade jumper
use premium connectors that maintain their mechanical integrity up to and beyond 2000
insertion cycles.
For better repeatability, always use duplex (two connectors fused together and terminated to
two cables) SC connectors on your jumper cables when connecting to a fiber-optic transceiver. Two simplex connectors inserted into a transceiver interface will often have up to 3
dB greater variation in repeatability compared to duplex connectors.
Never bend the fiber optic cable beyond its recommended minimum bend radius (1.2 inches
minimum). This introduces bend losses and reflections that will degrade the performance of
your system. It can also damage the fiber, although fiber is much tougher than most would
assume. Still, it is highly recommended to buy only jumper cables with 3mm Kevlar jacketing, which offer superior protection and longer life.
Step 2. Keep Your Fiber Optic Connectors Clean
Unlike electrical connectors, fiber-optic connectors need to be extremely clean to ensure
good system performance. Microscopic particles on the connector endface (where the light
exits the connector) can degrade the performance of your system, often to the point of failure. If you have low-power output from a fiber-optic transceiver or a fault signal from your
equipment, cleaning your fiber-optic connectors should always be done before trouble shooting.
Follow the steps below to clean your fiber optic connector:
1. Hold the connector cleaner tool in the palm of your left hand and, with the silver shutter
upwards, rotate the cloth-forwarding lever (located on the right side of the tool) with your
thumb away from your body. As the lever winds the cleaning cloth inside the case, it
simultaneously opens the silver shutter located at the top of the unit.
Page 3-10
Handling Fiber and Fiber Optic Connectors
2. Keeping your thumb pressed on the cloth-forwarding lever, press the optical plug ferrule
endface against the cleaning cloth and drag the plug down toward your body (there
should be arrows on the top of the tool that indicate the proper wiping direction). The
connector is now clean.
3. Release the cloth-forwarding lever, allowing it to return to its initial position.
A cleaning cloth reel can enable over 400 cleanings and is replaceable. When cables are not
being used, always put the plastic or rubber endcaps back on the connector to ensure cleanliness.
Step 3. Keep the Transceiver Interface Clean
If you have cleaned your connectors, but still experience low-power output from a fiber-optic
transceiver or a fault signal from your equipment, you should clean the transceiver interface
by blowing inert dusting gas inside the transceiver interface. This removes dust and other
small particles that may block the optical path between the optics of the transceiver and the
connector’s endface.
Step 4. Attenuate Properly
Often equipment using laser-based transceivers need to have the optical path attenuated
when performing loop-back testing or testing between two pieces of equipment. Too much
optical power launched into the receiver will cause saturation and result in system failure. If
you are using single mode fiber and you do not know the power output of the laser, it is
always best to use a 10 dB attenuator when testing. Using the wrong type of attenuator will
introduce problems, most notably reflection of light back into the laser, often resulting in
excess noise and causing system failure.
Inline attenuators eliminate the need for additional jumper cables and thus reduce the number
of connection interfaces. This increases the integrity of the optical path resulting in a more
accurate test.
Page 3-11
Gigabit Ethernet Modules
Gigabit Ethernet Modules
Gigabit Ethernet connections can be used as network backbones or in a wiring closet. The
following Omni Switch/Router Gigabit Ethernet modules are available:
• GSX-K-FM/FS/FH-2W
Advanced switching module with two (2) Gigabit Ethernet backbone connections using fiber (SC) connectors.
This module is described and illustrated in the following sections.
♦ Note ♦
Wait at least five (5) seconds after a cable is pulled
from a GSX module before reinserting it. This will
prevent packets from being dropped.
GSX-K-FM/FS/FH-2W
The GSX-K-FM/FS/FH-2W Gigabit Ethernet backbone switching module contains two fiber SC
connectors that support two fully switched 1000Base-LX (long-distance fiber transmissions) or
1000Base-SX (short-distance fiber transmission ports). The GSX-K-FM/FS/FH-2W can be used as
a backbone connection in networks where Gigabit Ethernet is used as the backbone media.
The GSX-K-FM/FS/FH-2W can be factory configured with intermediate-reach single mode or
multimode fiber ports (see GSX-K-FM/FS/FH-2W Technical Specifications on page 3-13 for
more information). The intermediate-reach single mode version is referred to as the GSX-K-FS2W; the long-reach single mode version is referred to as the GSX-K-FH-2W; and the multimode
version is referred to as the GSX-K-FM-2W.
The ports are color coded to differentiate the mode: multimode connectors are black, longhaul single mode connectors are yellow, and intermediate-reach single mode connectors are
blue. (See Handling Fiber and Fiber Optic Connectors on page 3-10 for proper handling of SC
connectors and fiber-optic cable.)
The GSX-K-FM/FS/FH-2W takes advantage of new Gigabit Ethernet/Fast Ethernet ASIC technology known as “Kodiak.” This module provides 4 priority levels and 256 queues per Kodiak
ASIC.
♦ Note ♦
Kodiak-based modules support up to 4 levels of priority (0-1, 2-3, 4-5, 6-7). This is not compatible with the
implementation of VLAN priority of Mammoth-based
modules. Kodiak based priority VLANs can only be
used with other Kodiak based priority VLANs.
With the optional HRE-X you can increase routing performance to 1.5 million packets per
second per module and up to 12 Mpps in a fully-loaded 9-slot chassis.
Page 3-12
Gigabit Ethernet Modules
GSX-K-FM/FS/FH-2W Technical Specifications
Number of ports
2
Connector Type
SC
Standards Supported
802-3z, 1000Base-LX, and 1000Base-SX
Data Rate
1 Gigabit per second (full duplex)
Maximum Frame Size
1,518 bytes
MAC Addresses Supported
8,192
Connections Supported
1000Base-LX or 1000Base-SX connection to backbone
or server
Cable Supported
Multimode and single mode
Output Optical Power
-9.5 to -4 dBm (Multimode)
-9.5 to -3 dBm (Intermediate-reach single mode)
0 to +5 dBm (Long-reach single mode)
Input Optical Power
-17 to 0 dBm (Multimode)
-20 to -3 dBm (Intermediate-reach single mode)
-24 to -3 dBm (Long-reach single mode)
Cable Distance
Multimode fiber: ≈ 220 m
Intermediate-reach single mode fiber: ≈ 10 km
Long-reach single mode fiber: ≈ 70 km
Current Draw
5.25 amps without an HRE-X
6.75 amps with an HRE-X
♦ Special Note ♦
The single mode version of this module has been
deemed:
CLASS 1 LASER PRODUCT
LASER KLASSE 1
LUOKAN 1 LASERLAITE
APPAREIL A LASER DE CLASSE 1
to IEC 825:1984/CENELEC HD 482 S1.
Page 3-13
Gigabit Ethernet Modules
Module Label. This label will indicate
GSX-K sm
CLASS 1 LASER PRODUCT
Warning Label. This label indicates
that the module contains an optical
transceiver.
O
the GSX-K-FM/FS/FH-2W type. It
will read either GSX-K mm (multimode
cable), GSX-K sm (intermediate-reach
single mode cable), or GSX sm K
long reach ( long-reach single-mode
cable).
K1
O
K2
1
2 X
R
TX K
N
LI
This Gigabit Ethernet module
includes one row of LEDs for each
port. The LEDs for a given port dis- Port
play in the row labeled with the LEDs
port number. Definitions for the
LEDs are given below.
Module O K 1 ( H a r d w a r e S t a t u s ) . O n
Green when the module has
LEDs
passed diagnostic tests successfully. On Red when the hardware
has failed diagnostics.
OK2 (Software Status). Blinking
RX (Receive). On Green when
TX
the corresponding port is
receiving data.
1
R
TX (Transmit). On Green when
X
the corresponding port is transmitting data.
LINK (Link Status/Disabled).
TX
2
R
X
On Green when the corresponding port has a valid physical link and a signal is present.
Under normal conditions, this
LED should always be on when
a cable is connected.
Green when the module software was downloaded successfully and the module is
communicating with the MPX .
Blinking Red when the module is
in a transitional state. On solid
Red if the module failed to
download software from the
MPX.
SC connectors will be color
coded to indicate multimode
(Black) or intermediate-reach
single mode (Blue).
2-Port Advanced Gigabit Ethernet Switching Module
Page 3-14
Auto-Sensing 10/100 Ethernet Modules
Auto-Sensing 10/100 Ethernet Modules
Alcatel’s Omni Switch/Router 10/100 Ethernet modules can be used to connect networks with
a mix of 10 Mbps and 100 Mbps workstations or as a network backbone.
The following Omni Switch/Router 10/100 and Fast Ethernet modules are available:
• ESX-K-100C-32W
Advanced switching module with thirty-two (32) auto-sensing 10/100
Mbps desktop connections using RJ-45 ports.
This module is described and illustrated in the following sections.
Ethernet RJ-45 Pinouts
The figure and table below illustrate the pinouts used on RJ-45 ports in Omni Switch/Router
10/100 Ethernet modules.
Ethernet RJ-45 Specifications
1
8
Pin Number
Standard Signal Name
1
RD +
2
RD –
3
TD +
4,
Not Used
5
Not Used
6
TD –
7
Not Used
8
Not Used
ESX-K-100C-32W
The ESX-K-100C-32W Omni Switch/Router 10/100 Ethernet switching module contains 32 ports
that each support a fully switched 10 or 100 Mbps connection in full- or half-duplex mode.
This module offers high density 10/100 connectivity for desktop connections. Each port can
auto-sense the connection speed and automatically switch at that speed. You configure
whether you want to use the auto-sensing functionality through the 10/100cfg command.
By default, each port is configured to operate in half-duplex, auto-sensing mode. You can
configure full-duplex mode on each port through 10/100cfg. Auto-sensing may be disabled to
allow you to manually configure ports through the 10/100cfg command. An additional software command, 10/100vc, allows you to view the current line speed and link mode of each
port connection. The 10/100cfg and 10/100vc commands are described in Chapter 15, “Managing Ethernet Modules.”
Page 3-15
Auto-Sensing 10/100 Ethernet Modules
The 32 RJ-45 ports may connect to unshielded or shielded twisted pair (UTP) cable (see ESXK-100C-32W Technical Specifications on page 3-17 for more information). Each port may
connect to a single high-speed device or a hub serving multiple devices. The ESX-K-100C-32W
can be used in the wiring closet with a mix of 100 Mbps Ethernet devices and 10 Mbps Ethernet devices that are transitioning to higher speed connections.
Module ports are divided into four (4) banks of eight (8) ports. Ports are numbered from 1 to
8 within each of the four banks. The four banks are labelled A, B, C, and D. This grouping
simplifies the display of LEDs, which are organized as a matrix (see 32-Port Advanced AutoSensing 10/100 Ethernet Switching Module on page 3-18). Software commands will number
these ports 1 through 32, with Port A1 as 1, Port B1 as 9, C1 as 17, D1 as 25, etc.
The ESX-K-100C-32W takes advantage of new Gigabit Ethernet/Fast Ethernet ASIC technology
known as “Kodiak.” This module provides 4 priority levels and 256 queues per Kodiak ASIC.
♦ Note ♦
Kodiak-based modules support up to 4 levels of priority (0-1, 2-3, 4-5, 6-7). This is not compatible with the
implementation of VLAN priority of Mammoth-based
modules. Kodiak based priority VLANs can only be
used with other Kodiak based priority VLANs.
With the optional HRE-X you can increase routing performance to 1.5 million packets per
second per module and up to 12 Mpps in a fully-loaded 9-slot chassis.
Page 3-16
Auto-Sensing 10/100 Ethernet Modules
ESX-K-100C-32W Technical Specifications
Number of ports
32
Connector Type
RJ-45
Standards Supported
IEEE 802.3; IAB RFCs 826, 894
Data Rate
10 or 100 Mbps (full or half duplex)
Maximum Frame Size
1,518 bytes
MAC Addresses Supported
ESX-K-100C-32W: 1,024
ESX-K-100C-32W4: 4,096
Connections Supported
10BaseT hub or device
100BaseTx hub or device
Cable Supported
10BaseT
Unshielded twisted-pair (UTP)
100BaseTx
Unshielded twisted-pair:
Category 5, EIA/TIA 568
Shielded twisted-pair
Category 5, 100 ohm
Maximum Cable Distance
100 m
Current Draw
10.25 amps without an HRE-X
11.75 amps with an HRE-X
Page 3-17
Auto-Sensing 10/100 Ethernet Modules
ESX-K 10/100
OK1
A
C
7 1
3
4
5
6
8
7
8
8
6
7
5
4
5
6
8 2
3
3
1
4
6
7
1
4
5
2
2
3
2
B
D
Each LED corresponds to a port on
the module. When an LED is on
Port Green continuously, a good cable
LEDs connection exists. The LED will
blink Green when traffic is transmitted or received on the port.
2x
3x A 5x
4x
7x
8x
1x
2x
3x B 5x
4x
7x
8x
1x
2x
3x C 5x
4x
7x
8x
1x
2x
3x D 5x
4x
7x
8x
A
1x
Green when the module software
was downloaded successfully and
the module is communicating with
the MPX. Blinking Amber when the
module is in a transitional state. On
solid Amber if the module failed to
download software from the MPX.
1
OK2 (Software Status). Blinking
OK2
OK1 (Hardware Status). On Green
when the module has passed diagnostic tests successfully. On Amber
when the hardware has failed diagnostics or if the corresponding Module
image file for the module is not in LEDs
flash memory.
6x
B
6x
C
6x
D
6x
32-Port Advanced Auto-Sensing 10/100 Ethernet Switching Module
Page 3-18
Fast (100 Mbps) Ethernet Modules
Fast (100 Mbps) Ethernet Modules
Alcatel’s Omni Switch/Router Fast Ethernet modules can be used to connect networks with
100 Mbps workstations or as a network backbone.
The following Omni Switch/Router Fast Ethernet modules are available:
• ESX-K-100FM/FS-16W
Advanced switching module with sixteen (16) Fast Ethernet (100
Mbps) backbone connections using MT-RJ ports.
This module is described and illustrated in the following sections.
ESX-K-100FM/FS-16W
The ESX-K-100FM/FS-16W Omni Switch/Router Fast Ethernet switching module has sixteen (16)
fiber MT-RJ ports that each support a fully-switched 100 Mbps connection in full-duplex mode.
This module provides high-speed backbone connectivity. It also supports backbone features
such as 802.1q and OmniChannel. Each port uses the full 100 Mbps of bandwidth in each
direction (see ESX-K-100FM/FS-16W Technical Specifications on page 3-20). The single mode
version is referred to as the ESX-K-100FS-16W; the multimode version is referred to as the ESXK-100FM-16W. Multimode and single mode connectors are differentiated by color: multimode
connectors are black and single mode connectors are blue.
♦ Note ♦
If your network currently uses SC connectors, you can
order MT-RJ-to-SC cables from Alcatel.
The MT-RJ fiber port supports full-duplex operation. You can configure half-duplex mode on
each port through 10/100cfg. An additional software command, 10/100vc, allows you to view
the current line speed and link mode of each port connection. The 10/100cfg and 10/100vc
commands are described in Chapter 15, “Managing Ethernet Modules.”
The ESX-K-100FM/FS-16W is best used as a backbone connection in networks where Fast Ethernet is used as the backbone media. Each 100Base-Fx port may also connect to a single hightraffic device, such as a mail or file server.
The ESX-K-100FM/FS-16W takes advantage of new Gigabit Ethernet/Fast Ethernet ASIC technology known as “Kodiak.” This module has provides 4 priority levels and 256 queues per
Kodiak ASIC.
♦ Note ♦
Kodiak-based modules support up to 4 levels of priority (0-1, 2-3, 4-5, 6-7). This is not compatible with the
implementation of VLAN priority of Mammoth-based
modules. Kodiak based priority VLANs can only be
used with other Kodiak based priority VLANs.
With the optional HRE-X you can increase routing performance to 1.5 million packets per
second per module and up to 12 Mpps in a fully-loaded 9-slot chassis.
Page 3-19
Fast (100 Mbps) Ethernet Modules
ESX-K-100FM/FS-16W Technical Specifications
Page 3-20
Number of ports
16
Connector Type
MT-RJ
Standards Supported
IEEE 802.3; IAB RFCs 826, 894
Data Rate
100 Mbps (full duplex)
Maximum Frame Size
1,518 bytes
MAC Addresses Supported
8,192
Connections Supported
100Base-Fx connection to backbone or server
Cable Supported
Multimode: 62.5/125 micron multimode fiber
Single mode: single mode fiber
Optical output power
Multimode: -19 to -14 dBm
Single-mode: -20 to -14 dBm
Optical receiver sensitivity
Multimode: -31 dBm Max.
Single-mode: -31 dBm Max.
Cable Distance
Multimode: approximately 2 km
Single-mode: approximately 15 km
Current Draw
9.75 amps without an HRE-X
11.25 amps with an HRE-X
Fast (100 Mbps) Ethernet Modules
Module Label. This label will indicate
ESX-K 100 sm
CLASS 1 LASER PRODUCT
Warning Label. This label indicates
that the module contains an optical
transceiver).
O
K1
O
K2
9
5
1
13 14 15 16
2
Module O K 1 ( H a r d w a r e S t a t u s ) . O n
Green when the module has
LEDs
passed diagnostic tests successfully. On Red when the hardware
has failed diagnostics.
3
4
8
12
Each LED corresponds to a port on
the module. When an LED is on Port
Green continuously, a good cable
connection exists. The LED will LEDs
blink Green when traffic is transmitted or received on the port.
the ESX-100FM/FS-16W type. It will
read either ESX-K 100 mm (multimode
cable) or ESX-K 100 sm (single mode
cable).
OK2 (Software Status). Blinking
1
2
3
4
Green when the module software was downloaded successfully and the module is
communicating with the MPX .
Blinking Red when the module is
in a transitional state. On solid
Red if the module failed to
download software from the
MPX.
5
6
7
8
9
MT-RJ connectors will be color
coded to indicate multimode
(Black) or single mode (Blue).
10
11
12
13
14
15
16
16-Port Advanced Fast Ethernet Switching Module
Page 3-21
WAN Modules
WAN Modules
The Omni Switch/Router currently supports the following Wide Area Network (WAN)
modules:
• WSX-S-2W
Provides two serial ports that support Frame Relay or PPP.
• WSX-SC
Provides four or eight serial ports that support Frame Relay or PPP
with data compression.
• WSX-FT1/E1-SC
Provides one or two T1/E1 ports and one or two serial ports that
support Frame Relay or PPP with data compression.
• WSX-BRI-SC
Provides one or two Universal Serial Ports (USPs) ports and one or two
ISDN-BRI ports that support Frame Relay or PPP with data compression.
All of these modules are described and illustrated in the sections beginning on page 3-27.
A WSX switching module is actually a submodule, or daughtercard, that attaches to an Omni
Switch/Router High-Speed Module (HSX). The HSX contains RISC processors, RAM for holding
software image files, ASICs for performing switching, and Content Addressable Memory (CAM)
for storing MAC addresses. You plug your cable into the WSX submodule, but it is the HSX
module that connects to the switch’s backplane.
WAN Pinouts
The figures and tables on the following pages illustrate the pinouts used on Omni
Switch/Router WAN modules. Please note that the signal commonly knows as “remote loopback” (LL) is not supported on the WAN serial port (see WAN Serial Port Specifications on
page 3-25). In addition, CTP2, CTP1, and CTP0 are assigned to CS(B), DR(B), and CD(B),
respectively, on the serial port. The later are not used in the cable configurations that require
the former.
See Appendix B, “Custom Cables,” for information on cables used to connect the serial
connector to different interface types.
Page 3-22
WAN Modules
WAN BRI Port Specifications
(S/T Interface)
1
8
Pin Number
Standard Signal Name
1
Not Used
2
Not Used
3
Rcv + from TE
4,
Rcv - from TE
5
Xmt + from TE
6
Xmt - from TE
7
Not Used
8
Not Used
WAN BRI Port Specifications
(U Interface)
1
8
Pin Number
Standard Signal Name
1
Not Used
2
Not Used
3
Xmt to /Rcv from Network
4,
Xmt to /Rcv from Network
5
Not Used
6
Not Used
7
Not Used
8
Not Used
Page 3-23
WAN Modules
WAN T1/E1 Port Specifications
1
8
Pin Number
Standard Signal Name
1
Rx_Ring
2
Rx_Tip
3
Chassis GND
4,
Tx_Ring
5
Tx_Tip
6
Chassis GND
7
Chassis GND
(A jumper is provided for
connecting Pins 7 and 8 to the
chassis ground, if required.)
8
Chassis GND
(A jumper is provided for
connecting Pins 7 and 8 to the
chassis ground, if required.)
1
13
14
26
WAN Serial Port Numbering
Page 3-24
WAN Modules
WAN Serial Port Specifications
Alcatel SPI
EIA-530
RS-449
Generic
Signal Name
Source
Mnemonic Pin
Mnemonic Pin
Mnemonic Pin
Shield
--
Shield
1
--
1
--
1
Signal Ground
--
AB
7
AB
7
SG
19
Transmitted
Data
DTE
TD(A)
2
BA(A)
2
SD(A)
4
TD(B)
14
BA(B)
14
SD(B)
22
Received Data
DCE
RD(A)
3
BB(A)
3
RD(A)
6
RD(B)
16
BB(B)
16
RD(B)
24
TC(A)
15
DB(A)
15
ST(A)
5
TC(B)
12
DB(B)
12
ST(B)
23
TC(A)
17
DD(A)
17
RT(A)
8
TC(B)
9
DD(B)
9
RT(B)
26
XC(A)
24
DA(A)
24
TT(A)
17
XC(B)
11
DA(B)
11
TT(B)
35
RS(A)
4
CA(A)
4
RS(A)
7
RS(B)
19
CA(B)
19
RS(B)
25
CS(A)
5
CB(A)
5
CS(A)
9
CS(B)
13
CB(B)
13
CS(B)
27
DR(A)
6
CC(A)
6
DM(A)
11
DR(B)
22
CC(B)
22
DM(B)
29
TR(A)
20
CD(A)
20
TR(A)
12
TR(B)
23
CD(B)
23
TR(B)
30
CD(A)
8
CF(A)
8
RR(A)
13
CD(B)
10
CF(B)
10
RR(B)
31
Local Loopback DTE
LL
18
LL
18
LL
10
Remote
Loopback
DTE
RL
21
RL
21
RL
14
Ring Indicator
DCE
RI/TM
25
--
--
--
--
Test Mode
DCE
RI/TM
25
TM
25
TM
18
Cable Type 4
--
CTP4
18
n/c
n/c
Cable Type 3
--
CTP3
26
n/c
n/c
Cable Type 2
--
CTP2
13
Cable Type 1
--
CTP1
22
Cable Type 0
--
CTP0
10
Transmit Clock DCE
Receive Clock
DCE
Ext. Transmit
Clock
DTE
Request To
Send
DTE
Clear To Send
DCE
Data Set Ready DCE
Data Terminal
Ready
DTE
Data Carrier
Detect
DCE
continued on next page...
Page 3-25
WAN Modules
WAN Serial Port Specifications (cont.)
X.21/X.26
RS232
Generic
Signal Name
Source
Mnemonic Pin
Mnemonic Pin
Mnemonic Pin
Shield
--
--
1
--
A
--
1
Signal Ground
--
G
8
102
B
AB
7
Transmitted
Data
DTE
T(A)
2
103(A)
P
BA
2
T(B)
9
103(B)
S
Received Data
DCE
R(A)
4
104(A)
R
BB
3
R(B)
11
104(B)
T
--
--
114(A)
Y
DB
15
114(B)
AA
DD
17
DA
24
Transmit Clock DCE
Receive Clock
Page 3-26
V.35
DCE
S(A)
6
115(A)
V
S(B)
13
115(B)
X
B(A)
7
113(A)
U
B(B)
14
113
W
C(A)
3
105
C
CA
4
C(B)
10
Ext. Transmit
Clock
DTE
Request To
Send
DTE
Clear To Send
DCE
--
--
106
D
CB
5
Data Set Ready DCE
--
--
107
E
CC
6
Data Terminal
Ready
DTE
--
--
108
H
CD
20
Data Carrier
Detect
DCE
I(A)
5
109
F
CF
8
I(B)
12
Local Loopback DTE
--
--
141
L
LL
18
Remote
Loopback
DTE
--
--
140
N
RL
21
Ring Indicator
DCE
--
--
125
J
CE
22
Test Mode
DCE
--
--
142
NN
TM
25
Cable Type 4
--
n/c
n/c
Cable Type 3
--
n/c
n/c
Cable Type 2
--
Cable Type 1
--
Cable Type 0
--
WAN Modules
WSX-S-2W
The WSX-S-2W supports two (2) serial ports, which can provide access rates from 9.6 Kbps to
2 Mbps. The WSX-S-2W also supports three types of clocking (internal, external, and split). See
WSX-S-2W Technical Specifications on page 3-27 for more information.
♦ Note ♦
The WSX-S-2W does not support hardware compression.
The WSX-S-2W can sense and auto-configure for any of five serial cable types (RS-232, V.35,
X.21, RS-530, and RS-449). A WSX-S-2W port is normally considered a physical DTE device. It
can be turned into a physical DCE device—for speed or clocking purposes— by plugging in a
DCE cable. The WSX-S-2W senses whether a DCE or DTE cable is connected.
Software in the switch allows you to configure parameters for the Frame Relay or Point-toPoint Protocol (PPP). Software commands allow you to view the status of the WAN connection at the WSX-S-2W board, port, or virtual circuit level. Extensive statistics are provided at
each level. Software commands for Frame Relay are described in Chapter 29, “Managing
Frame Relay”; commands for PPP are described in Chapter 30, “Point to Point Protocol.”
With the optional HRE-X you can increase routing performance to 1.5 million packets per
second per module and up to 12 Mpps in a fully-loaded 9-slot chassis.
WSX-S-2W Technical Specifications
Number of ports
2
Connector Type
High-density 26-pin shielded serial
Protocols Supported
Frame Relay and Point-to-Point (PPP)
Data Rates Supported
9.6, 19.2, 56, 64, 128, 256, 512,
768, 1024, 1536, 2048 Kbps
Clocking
Internal, External, or Split
Virtual Circuits Supported
Permanent Virtual Circuits (PVCs)
MAC Addresses Supported
4,096
Connections Supported
Physical Data Terminal Equipment (DTE) or
Data Communication Equipment (DCE)
Cable Supported
DTE or DCE in the following types:
R2-232, V.35, X.21, RS-530, RS-449
Power Consumption
5.25 amps (without an HRE-X)
6.75 amps (with an HRE-X)
Page 3-27
WAN Modules
WSX
O
K1
O
TX
X
R
A
OK2 (Software Status). Blinking
1
2
Green when the module software was downloaded successfully and the module is
communicating with the MPX .
Blinking Amber when the module is in a transitional state. On
solid Amber if the module
failed to download software
from the MPX.
1
TX (Transmit). On “half-
ST
tinuously when the port connection is operational. Off
when the port is disabled or
the cable is detached. Blink- Port
ing On/Off if cable is attached LEDs
but receive control data is
detected as down.
This LED also blinks during
initialization, diagnostics, or
when invalid data is being
exchanged on the port.
K2
STA (Status). On Green con-
OK1 (Hardware Status). On
Green when the module has
Module passed diagnostic tests successfully. On Amber when the
LEDs
hardware has failed diagnostics or if the corresponding
image file for the module is not
in flash memory.
bright” Green when idle and
Green with occasional flickers
when the port is transmitting
data.
2
RX (Receive). On “half-bright”
Green when idle and Green
with occasional flickers when
the corresponding port is
receiving data.
2-Port WAN Frame Relay Switching Module
Page 3-28
WAN Modules
WSX-SC
The WSX-SC supports 4 or 8 serial ports, each of which can provide access rates from 9.6
Kbps to 2 Mbps. The 4-port version is referred to as the WSX-SC-4W, and the 8-port version is
referred to as the WSX-SC-8W. The WSX-SC supports STAC hardware compression and three
types of clocking (internal, external, and split). See WSX-SC Technical Specifications on page
3-30 for more information.
The WSX-SC can sense and auto-configure for any of five serial cable types (RS-232, V.35, X.21,
RS-530, and RS-449). A WSX-SC port is normally considered a physical DTE device. It can be
turned into a physical DCE device—for speed or clocking purposes— by plugging in a DCE
cable. The WSX-SC board senses whether a DCE or DTE cable is connected.
Software in the switch allows you to configure parameters for the Frame Relay or Point-toPoint Protocol (PPP). Software commands allow you to view the status of the WAN connection at the WSX-SC board, port, or virtual circuit level. Extensive statistics are provided at each
level. Software commands for Frame Relay are described in Chapter 29, “Managing Frame
Relay”; commands for PPP are described in Chapter 30, “Point to Point Protocol.”
With the optional HRE-X you can increase routing performance to 1.5 million packets per
second per module and up to 12 Mpps in a fully-loaded 9-slot chassis.
Page 3-29
WAN Modules
WSX-SC Technical Specifications
Number of ports
4 or 8
Connector Type
High-density 26-pin shielded serial
Protocols Supported
Frame Relay and Point-to-Point (PPP)
Data Rates Supported
9.6, 19.2, 56, 64, 128, 256, 512,
768, 1024, 1536, 2048 Kbps
Compression
Hardware-based using STAC 9705
Clocking
Internal, External, or Split
Virtual Circuits Supported
Permanent Virtual Circuits (PVCs)
MAC Addresses Supported
4,096
Connections Supported
Physical Data Terminal Equipment (DTE) or
Data Communication Equipment (DCE)
Cable Supported
DTE or DCE in the following types:
R2-232, V.35, X.21, RS-530, RS-449
Power Consumption
WSX-SC-4W without an HRE-X: 6.25 amps
WSX-SC-4W with an HRE-X: 7.75 amps
WSX-SC-8W without an HRE-X: 8.25 amps
WSX-SC-8W with an HRE-X: 9.75 amps
Page 3-30
WAN Modules
WSX
O
The module includes one row of
LEDs for each port. The LEDs for a
given port are located in the row
labeled with the port number. If the
WSX module includes a total of
eight ports, then the module contains two sets of four rows of LEDs.
The second set of LEDs are located
above the second set of ports.
K1
Please refer to 2-Port WAN
Module Frame Relay Switching Module on page 3-28 for further
LEDs
information on these LEDs.
O
K2
TX
X
R
A
ST
1
2
3
4
Ports 1 through 4
3
1
4
2
STA (Status). On Green con-
TX
X
R
A
ST
5
6
7
8
tinuously when the port connection is operational. Off
when the port is disabled or
the cable is detached. Blinking On/Off if cable is attached
but receive control data is
detected as down.
This LED also blinks during
initialization, diagnostics, or
when invalid data is being
Port
exchanged on the port.
LEDs
TX (Transmit). On “halfbright” Green when idle and
Green with occasional flickers
when the port is transmitting
data.
RX (Receive). On “half-bright”
Ports 5 through 8
3
1
4
2
Green when idle and Green
with occasional flickers when
the corresponding port is
receiving data.
8-Port WAN Frame Relay Switching Module
Page 3-31
WAN Modules
WSX-FT1/E1-SC
The WSX-FT1/E1-SC module contains one or two T1 or E1 ports and one or two serial ports. T1
and E1 ports use RJ-48C connectors. The T1 version of this module is referred to as the
WSX-FT1-SC; the E1 version is referred to as the WSX-FE1-SC. You can configure these ports to
run either Frame Relay or the Point-to-Point Protocol (PPP). See WSX-FT1/E1-SC Technical
Specifications on page 3-33 for more information.
This module includes an integrated CSU/DSU to enable direct connection to a T1/E1 device,
such as a PBX, or a T1/E1 line to a service provider.
You can configure physical port parameters through software commands. Configuration
options include frame format, facility datalink, and line coding. In addition, the switch can
store up to 24 hours of local and remote statistics. See Chapter 33, “Managing T1 and E1
Ports,” for more information on software-configurable parameters.
The WSX-FT1/E1-SC also supports STAC hardware compression.
With the optional HRE-X you can increase routing performance to 1.5 million packets per
second per module and up to 12 Mpps in a fully-loaded 9-slot chassis.
Page 3-32
WAN Modules
WSX-FT1/E1-SC Technical Specifications
Number of ports
1 or 2 T1 or E1 ports
1 or 2 Universal Serial ports
Connector Types
T1/E1: RJ-48C
Serial: High-density, 26-pin shielded
Standards Supported
RFCs 1406, 1213, 1659
Frame Formats
T1: Superframe, Extended Superframe, Unframed
E1: E1, E1-CRC, E1-MF, E1-CRC-MF, Unframed
Line Coding
T1: B8ZS or AMI
E1: HDB3 or AMI
Data Rates Supported
T1: 1.544 Mbps
E1: 2.048 Mbps
Serial: 56, 64, 128, 256, 384, 512, 768, 1024, 1536,
1544, 2048 Kbps
Compression
Hardware-based using STAC 9705
Facility Datalink Protocol
ANSI T1.403 and AT&T 54016
MAC Addresses Supported
4,096
Connections Supported
Physical Data Terminal Equipment (DTE) or
Data Communication Equipment (DCE)
Cable Supported
Serial Ports
DTE or DCE of the following types:
R2-232, V.35, X.21, RS-530, RS-449
Cable Distance
T1/E1 (short haul): 200 meters
T1/E1 (long haul): 1829 meters
Power Consumption
WSX-FT1/E1-SC-1W without an HRE-X: 5.75 amps
WSX-FT1/E1-SC-1W with an HRE-X: 7.25 amps
WSX-FT1/E1-SC-2W without an HRE-X: 7.25 amps
WSX-FT1/E1-SC-2W with an HRE-X: 8.75 amps
Page 3-33
WAN Modules
WSX
This module includes one set of
LEDs for each port. The LEDs for a
given port are located above the
port. If the WSX module includes
four ports, then the module contains two sets of LEDs. The second
set of LEDs are located above the
third and fourth ports.
O
K1
O
K2
Please refer to 2-Port WAN
Module Frame Relay Switching Module on page 3-28 for further
LEDs
information on these LEDs.
STA (Status). On Green conM
AL
T
A
AC
ST
1
2
X
A
TX
R
ST
1
tinuously when the port connection is operational. Off
when the port is disabled or Serial
the cable is detached. Blink- Port
ing On/Off if cable is attached LEDs
but receive control data is
detected as down.
This LED also blinks during
initialization, diagnostics, or
when invalid data is being
exchanged on the port.
2
TX (Transmit). On “half-
bright” Green when idle and
Green with occasional flickers
when the port is transmitting
data.
Port 1: T1 or E1
Port 2: Serial
RX (Receive). On “half-bright”
Green when idle and Green
with occasional flickers when
the corresponding port is
receiving data.
ALM (Alarm). On Green when the
M
AL
T
AC
A
ST
1
2
A
X
TX
R
ST
Port 3: T1 or E1
1
Port 4: Serial
T1/E1
Port
LEDs
port is enabled and a signal is
present. On Yellow when an error
has occurred on the port.
ACT (Activity). On Green when
the T1 or E1 port is transmitting or
receiving data.
2
STA (Status). On Green continuously when the port connection is
operational. Off when the port is
disabled or the cable is detached.
WAN 2-Port Serial and 2-Port Fractional T1/E1 Switching Module
Page 3-34
WAN Modules
WSX-FE1-SC Cabling/Jumper Settings
The WSX-FE1-SC supports both twisted pair (120 Ohm) and coaxial (75 Ohm) cable types. The
default is 120 Ohm. You must set a pair of jumpers (JP2 and JP4) on the back of the board to
correspond to the type of cable you are using. For more detailed information on the types of
cables to use with this module, see Appendix B, “Custom Cables.” The illustration below
shows the correct jumper positions.
♦ Note ♦
JP3 is reserved. Do not set a jumper across JP3.
Coax Twisted
Pair
JP4
JP2
Cable Termination Jumpers for WSX-FE1-SC
Page 3-35
WAN Modules
WSX-BRI-SC
The ISDN Basic Rate Interface WAN Switching Module (WSX-BRI-SC) supports either one (1)
serial port and one (1) BRI port or two (2) serial ports and two (2) BRI ports. The version with
1 serial port and 1 BRI port is referred to as the WSX-BRI-SC-1W; the version with 2 serial ports
and 2 BRI ports is referred to as the WSX-BRI-SC-2W. See WSX-BRI-SC Technical Specifications
on page 3-37 for more information.
The serial port on a WSX-BRI-SC module is essentially the same as the serial ports found on
the WSX-SC module. A WSX-BRI-SC serial port can detect, and configure itself, for any of five
serial cable types (RS-232, V.35, X.21, RS-530, and RS-449). A WSX-BRI-SC serial port is normally
considered a physical DTE device, but it can be turned into a physical DCE device—for speed
or clocking purposes—by simply plugging in a DCE cable. The WSX-BRI-SC internally senses
whether a DCE or DTE cable is connected and configures itself appropriately.
The BRI port on the WSX-BRI-SC board can be configured as either a “U” or an “S/T” type of
interface (the board is shipped set to “U”). Either type of interface supports two “B” channels
operating at 56/64 Kbps and one “D” channel operating at 16 Kbps.
Software running in the switch allows you to configure the operation of the Point-to-Point
Protocol (PPP) over the serial port or the BRI port. The serial port can also support the Frame
Relay protocol. The software commands used to configure PPP are described in Chapter 30,
“Point-to-Point Protocol.” The software commands used to configure Frame Relay are
described in Chapter 29, “Managing Frame Relay.” The software commands used to configure
the WAN “links” that support PPP connections are described in Chapter 31, “WAN Links.”
Finally, the software commands used to manage the ISDN ports are described in Chapter 32,
“Managing ISDN Ports.”
With the optional HRE-X you can increase routing performance to 1.5 million packets per
second per module and up to 12 Mpps in a fully-loaded 9-slot chassis.
Page 3-36
WAN Modules
WSX-BRI-SC Technical Specifications
Number of ports
1 or 2 pairs of a serial port and an ISDN Basic Rate
Interface (BRI) port
Serial Connector Type
High-density 26-pin shielded serial
BRI Connector Type
RJ-45
Protocols Supported
Point-to-Point Protocol (PPP); Frame Relay (supported on the serial port only)
Data Rates Supported
2 “B” Channels at 56/64 Kbps
1 “D” Channel at 16 Kbps
Compression
Hardware-based using STAC 9705
MAC Addresses Supported
4,096
Serial Port Connections
Supported
Physical Data Terminal Equipment (DTE) or Data
Communication Equipment (DCE)
Serial Cables Supported
DTE or DCE in the following types:
R2-232, V.35, X.21, RS-530, RS-449
BRI Port Connections
Supported
“U” interface or “S/T” interface
(jumper-selectable; “U” is shipping default)
Maximum Cable Distance
BRI: 100 m
Switch Types Supported
National ISDN-1, AT&T 5ESS, Northern Telecom
DMS100, ETSI Euro-ISDN Net3
ISDN Standards Supported
Q.921, Q.931, I.430, T1.601
Power Consumption
WSX-BRI-SC-1W without an HRE-X: 4.75 amps
WSX-BRI-SC-1W with an HRE-X: 6.25 amps
WSX-BRI-SC-2W without an HRE-X: 5.25 amps
WSX-BRI-SC-2W with an HRE-X: 6.75 amps
Page 3-37
WAN Modules
WSX
O
K1
O
K2
Please refer to 2-Port WAN
Module Frame Relay Switching Module on page 3-28 for further
LEDs
information on these LEDs.
X
ST
AC
1
A
TX
R
ST
The WSX-BRI module includes one
set of LEDs for each port. The LEDs
for a given port are located in the
set labeled with the port number. If
the HSX module contains two WSXBRI daughter cards, the second set
of ports (one Serial and one BRI)
are numbered as Ports 3 and 4
respectively, and include their own
separate set of LEDs that function
exactly like those related to Ports 1
and 2.
2
U
IF
T
A
STA (Status). On Green con-
Port 1: Serial Port
1
tinuously when the port connection is operational. Off
when the port is disabled or
the cable is detached. Blinking On/Off if cable is attached
but receive control data is
detected as down.
This LED also blinks during
initialization, diagnostics, or
when invalid data is being
exchanged on the port.
2
Port 2: BRI Port (“U” or “S/T”)
TX (Transmit). On “half-
bright” Green when idle and
Green with occasional flickers
when the port is transmitting
data.
RX (Receive). On “half-bright”
A
X
TX
R
ST
1
2
IF
U
T
AC
A
ST
Green when idle and Green
with occasional flickers when Port
the corresponding port is LEDs
receiving data.
ACT (Activity). On Green
when the ISDN-BRI port is
sending or receiving data.
1
2
UIF (“U” Interface). On Green
when the ISDN-BRI port is
configured as a “U” type of
interface. Off when the port is
configured as an “S/T” type of
interface.
Port 3: Serial Port
Port 4: BRI Port (“U” or “S/T”)
STA (Port 2/4 Status). On
Green continuously when the
port connection is operational. Off when the BRI port is
disabled or the cable is
detached. This LED blinks
during initialization.
WAN 2-Port Serial and 2-Port BRI-ISDN Switching Module
Page 3-38
WAN Modules
Jumper Configuration for the “U” Interface
(this is how the board is shipped)
This is a simplified view of the bottom
lower-right quadrant of the WSX-BRI
submodule. Immediately above the BRI
port are three jumper blocks labelled
J14, J15, and J16. About two inches
above and to the right is another jumper labeled J13. J13, J14, and J16 are
used to switch between the “U” and
“S/T” interfaces. J15 is used to set transmit and receive termination for the
“S/T” interface.
U S
J13
Part Number and
Serial Number label
J16
J15
J14
The gray boxes are the jumper blocks
S U
S U
TT
S U
RT
TT
RT
S U
BRI Port
U S
The small labels next to the
jumper pins at J13, J14, and
J16 indicate which pins must
be bridged to set the BRI port
to either the “U” or the “S/T”
interface.
J13
Part Number and
Serial Number label
J16
Small labels under the pins at
J15 indicate which pins must
be bridged to set Transmit
Termination (tt) and Receive
Termination (rt) to the “on” or
“off” position (the two sets of
letters with a line over them
indicate the “off” settings).
S U
J15
S U
J14
S U
RT
TT
TT
RT
S U
BRI Port
Jumper Configuration for the “S/T” Interface
(transmit/receive termination are set to “on”)
Page 3-39
WAN Modules
Page 3-40
4
The User Interface
In order to configure parameters and statistics on the switch, you may connect it to a
terminal, such as a PC or UNIX workstation, using terminal emulation software. The command
interfaces used on the switch are part of the MPX executable image. When a switch boots up,
the boot monitor handles the loading of this executable image and system startup. Once the
image is loaded and initialized, the CLI starts.
You access the command interfaces through a connection with the switch. This connection
can be made directly to the serial port, through a modem, or over a network via Telnet. You
can have up to four simultaneous connections to an Omni Switch/Router. (Please see Multiple User Sessions on page 4-33 for further details.) For Telnet access, you must first set up an
IP address for the switch. See the Getting Started Guide that came with your switch for information on setting up an IP address and logging in.
Overview of Command Interfaces
The Alcatel Omni Switch/Router has two different command interfaces available for configuring parameters and viewing statistics. They are the User Interface (UI) and the Command Line
Interface (CLI). Prior to software Release 4.4, the switch automatically booted up in the UI
mode. In Release 4.4 and later, the Omni Switch/Router is factory-configured to boot up in
the CLI mode.
♦ Terminology Notes♦
Command interface generically refers to any mechanism resident in the software that allows a user to
change switch configurations or to display statistics.
The UI is the original command interface used exclusively on all Alcatel Omni Switch/Router and OmniAccess products. The UI has its commands grouped
into functional menus. Prior to software Release 4.1, the
UI was the only command interface supported on the
Omni Switch/Router products.
The CLI is Alcatel’s text-based configuration interface
that allows you to configure Omni Switch/Router and
OmniAccess products using single-line text commands.
The CLI was implemented in software Release 4.1 and
higher. In release 4.4 and later it is the default interface.
Page 4-1
Overview of Command Interfaces
Changing Between the CLI and UI Modes
Once you log on to the switch, the following screen displays. You must press the <Enter> key
to start the command interface.
*************************************************************************************
Alcatel Omni Switch/Router
Copyright (c), 1994-2002 Alcatel Internetworking, Inc. All rights reserved.
Omni Switch/Router is a trademark of Alcatel Internetworking, Incorporated,
registered in the United States Patent and Trademark Office.
Press ENTER to start
->
After you press <Enter>, the CLI starts automatically and the following text displays.
Entering command line interface.
->
At this point, you are in the CLI mode and may configure the switch or display statistics using
the commands described in the Text-Based Configuration CLI Reference Guide. If you want to
use the UI command interface, type ui and press <Enter>. This causes the switch to leave the
CLI mode and enter the UI mode, provided you are using a login with Read/Write privileges.
You can verify that you are in the UI mode by typing ? to display the top-level menu for the
UI as shown below.
/ %?
Command
--------------File
Summary
VLAN
Networking
Interface
Security
System
Services
Switch
Help
Diag
Quit/Logout
?
Main Menu
-------------------------------------------------------------------------------------------Manage system files
Display summary info for VLANs, bridge, interfaces, etc.
VLAN management
Configure/view network parameters such as routing, etc.
View or configure the physical interface parameters
Configure system security parameters
View/set system-specific parameters1
View/set service parameters
Enter Any to Any Switching menu
Help on specific commands
Display diagnostic level commands
Log out of this session
Display the current menu contents
To change from the UI mode back to the CLI mode, type cli and press <Enter>.
♦ Note ♦
Note the default command prompt for the UI is / %. The
default command prompt for the CLI is ->. You can
change the UI system prompt by using the uic
command.
Page 4-2
Overview of Command Interfaces
Exit the Command Interface
To exit your current session with the switch from the CLI or the UI mode, type either quit or
logout at the prompt, then press <Enter>. Your session is immediately terminated.
♦ Note ♦
If you forget which command interface mode you are
in, type the ? character. If you are in the UI mode, the
Main Menu will display as shown above. If you are in
the CLI mode, the switch will show the following
display.
^NO, SHOW, VOICE, SYSTEM, ACCOUNTING, . . .
->
Page 4-3
UI to CLI Command Cross Reference
UI to CLI Command Cross Reference
The chapters in this Users Guide are organized around the UI commands as they are grouped
into menus and sub-menus. Even though the Omni Switch/Router software has been changed
to boot up in the CLI mode, the Users Guide conforms to its original design. The CLI
commands are fully documented in the Text-Based Configuration CLI Reference Guide.
This section presents the key UI commands that are explained in this User’s Manual along
with their CLI equivalents. Where the CLI commands support partition management, these
tables also list the partition management family to which the commands belong.
Hardware Commands
The hardware section of this manual set consists of Chapters 1 through 3. There are relatively
few UI commands in this section because these chapters cover the hardware elements of the
switch. The commands defined in these chapters are listed in the Hardware Table beginning
on page 4-4.
Hardware Table
Chapter
UI Command
Equivalent CLI Commands
PM Family
1, “OSR
Chassis/Power
Supplies”
No UI commands are defined in
this chapter.
N/A
N/A
2, “MPX”
ethernetc
ethernet management port
view ethernet manage port
GF-interface
3, “OSR
Switching
Modules
10/100cfg
10/100vc
ethernet
view interface fastethernet
GF-interface
Basic Switch Management Commands
The table beginning on page 4-5 summarizes the features supported in the UI and the CLI for
Chapters 4 through 11.
Page 4-4
UI to CLI Command Cross Reference
Basic Switch Management Table
Chapter
UI Command
Equivalent CLI Commands
PM Family
4,
“The User
Interface”
alert, echo, history, kill, ping,
pwd, timeout, who
alert, echo, history, kill, ping,
password, timeout, who
No PM Support
lookup, save, summary, uic,
write
Unsupported
5, “Installing
Switch
Software”
ftp
load primary, secondary
ftp
load primary, secondary
GF-Ftp
GF-File
6,
“Configuring
Management
Processor
Modules”
configsync
ethernetc
imgsync
mpm
mpmget
mpmload
mpmreplace
mpmrm
mpmstore
renounce
secreset
slipc
sls
swap
syncctl
takeover
configuration copy
ethernet management port
image copy
view mpm command
load primary mpm file
load secondary mpm file
replace secondary mpm file
remove secondary mpm file
store secondary mpm file
takeover
reload secondary mpm
slip
view secondary mpm file
swap
configuration auto-copy
takeover
GF-File
7,
“Managing
Files”
cd
cp
load
newfs
ftp
ls
pwd
rm
imgcl
cd
copy
load
newfs
ftp
ls
password
rm
imgcl
GF-CD
GF-System
GF-System
GF-System
GF-FTP
GF-LS
18-User
GF-RM
GF-System
8, “Switch
Security”
pw
reboot
useradd
userdel
usermod
userview
asacfg
secdefine
password
reboot now
user
no user
user
view user
ldap server
secure access filter
secure access no filter
view secure access filter
security
security custom
security no custom
18-User
GF-Reboot
18-User
18-User
18-User
18-User
1-Configuration
GF-System
GF-System
GF-System
GF-System
GF-System
GF-System
Unsupported
No PM Support
secapply
layer2auth, privs, secapply,
secdefine, seclog, security
continued on next page...
Page 4-5
UI to CLI Command Cross Reference
Basic Switch Management Table (continued)
Chapter
UI Command
Equivalent CLI Commands
PM Family
9,
“Switch-Wide
Parameters”
cacheconfig
camstat
dt
hrexassign
hrexdisplay
hrexhashopt
hrexutil
info
memstat
modvp
newfs
saveconfig
slot
syscfg
systat
configuration cache
camstat
dt
hrexassign
hrexdisplay
hrexhashopt
hrexutil
info
memstat
modvp
newfs
configuration cache save
slot
syscfg
systat
No PM Support
camcfg, fsck, sc, si, ss,
taskstat
Unsupported
secdefine
secapply
secure access filter
secure access no filter
view secure access filter
security
security custom
security no custom
caplog, cmdlog, syslog,
conlog, debuglog, swlogc
Unsupported
hdcfg
health
hmstat
hpstat
hreset
health threshold
view health statistics
view health statistics
view health statistics
health statistics reset
10,
“Switch
Logging”
11, “Health
Statistics”
GF-System
GF-System
Network Management Commands
The table on page 4-6 summarizes the commands supported in the UI and the CLI for
Chapters 12 through 14.
Network Management Table
Chapter
UI Command
Equivalent CLI Commands
PM Family
12, “Network
Time Protocol”
ntconfig, ntstats, ntadmin,
ntaccess
Unsupported
No PM Support
13,
“Configuring
SNMP”
snmpc
snmps
view snmp
set snmp
6-SNMP
14, “RMON
and DNS
Resolver”
res
probes
events
names
res
view rmon probes
view rmon events
view dns
GF-System
chngmac
Unsupported
Page 4-6
UI to CLI Command Cross Reference
Layer II Switching Commands
The table on page 4-7 summarizes the features supported in the UI and the CLI for Chapters
15 through 18.
Layer II Switching Table
Chapter
UI Commands
Equivalent CLI Commands
PM Family
15,
“Managing
Ethernet
Modules”
addprtcnl
chnlinfo
crechnl
delchnl
delprtchnl
eth10/100vc
eth10/100cfg
static agg
view statis linkagg number
static linkagg number type
no static linkgg number
static agg no
view interface fastethernet
interface ethernet
GF-Interface
16, “Managing
802.1Q
Groups”
cas, das, mas, vas
All commands used to create,
delete, modify and view a
service, plus the message
command are supported.
GF-System
17,
“Configuring
Bridging
Parameters”
fddi, fsmt, fsid, fsmtc,
fsstatus, fmac, fmaddr,
fmstats, fmctrs, fport,
fportstatus, fportctrs, fportc,
macstat, slipc
Supported
5-Bridge
maccirstat, selgp, srsf,
srtbcfg, srtbclrrif, srtbrif
Unsupported
actfstps, bps, dbrmap, fc, flc,
fls, fs, fstps, fwt, macinfo,
modvp, rts, srtbrif, stc, sts,
stpc, stps, swchmac
Supported
autoencaps, ethdef, facdef,
propipx, swchmac, trdef
Unsupported
18,
“Configuring
Frame
Translations”
5-Bridge
Page 4-7
UI to CLI Command Cross Reference
Groups, VLANs, Policies Commands
The table beginning on page 4-8 summarizes the features supported in the UI and the CLI for
Chapters 19 through 24.
Groups, VLANs, Policies Table
Chapter
UI Command
Equivalent CLI Commands
PM Family
19,
“Managing
Groups and
Ports”
swch
vi
port encapsulation
view group rules
2-Group
autoencaps, ethdef, facdef,
propipx, swchmac, trdef
Unsupported
20,
“Group and
VLAN Policies”
addqgp
addvp
cas
cats
group num 802.1q
group num interface
fddi svc, group 802.1q
atm service
group elan
group
group num no 802.1q
group no elan
group mobility
group mobility
view group
group router, vlan router
port mapping ingress
no port mapping
port mapping
view port mapping
port monitor configuration
port monitor
view port monitor
resume port monitor
group priority num
view group priority
no group
group no interface
view group auto
view group virtual errors
view group rules
view ethernet
view group virtual statistics
view group virtual (ports)
view group mobility
crgp
dats
delqgp
gmcfg
gmstat
gp
modvl
pmapcr
pmapdel
pmapmod
pmapv
pmcfg
pmon
pmstat
pmp
prty_mod
prty_disp
rmgp
rmvp
vats
ve
vi
viqgp
vs
via
vpl
21,
“InterSwitch
Protocols”
at, br, pmd, prty_mod, vlan,
vigl, viqgp
Unsupported
atvl
fwtvl
modatvl
view vlan rules
view group mac
group mac, vlanmac, vlan
user,
vlan port, vlan chcp port,
vlan dhcp mac, vlan protocol,
vlan binding ip, vlan binding
vap
port
vlan ip, vlan ipx
view vlan rules
view vlan rules
vlap
vap
viatrl
vivl
vlap
2-Group
6-Group
GF-System
GF-System
continued on next page...
Page 4-8
UI to CLI Command Cross Reference
Group, VLANs, Policies Table (continued)
Chapter
UI Commands
Equivalent CLI Commands
PM Family
22,
“Managing
AutoTracker
VLANs”
gmap, gmapst
gmapgaptime
gmapholdtime
gmapuptime
xmapst
xmapls
xmapcmntime
xmapdisctime
gmap
gmap gap time
gmap hold time
gmap up time
xmap, view xmap status
view xmap, view xmap
xmap common time
xmap discovery time
6-Group
23,
“Multicast
VLANs”
cats
cratvl
6-Group
rmatvl
vag
vats
viatrl
vimcvl
vivl
vpl
group elan
vlan, vlan router ip, vlan router ipx,
vlan mac, vlan user, vlan dhcp port
vlan dhcp nac, vlan protocol,
vlan binding ip, vlan binding mac,
vlan binding port vlan ip, vlan ipx
multicast vlan, multicast vlan port
multicast vlan mac, vlan protocol
vlan binding ip, vlan binding mac
vlan binding port, multicast vlan descr
vlan default
view group mac
view group authenticated
group mobility
group authentication,
group authentication protocol
view multicast vlan
group mac, group mac range,
group user, group port,
group dhcp port, group dhcp mac,
group dhcp range group protocol,
group binding ip, group protocol mac,
group binding port, group ip,
group ipx, vlan mac, vlan user,
vlan port, vlan dhcp port,
vlan dhcp mac, vlan protocol, vlan
binding protocol, vlan binding mac,
vlan binding port, vlan ip, vlan ipx
no vlan
view group authenticated
view group auto
view vlan rules
view multicast vlan ports
view group ports, view group vports
view group mobility
atvl, vigl, xip
Unsupported
crmcvl, modmcvl
rmmcvl
vimcrl
vimcvl
multicast vlan
no multicast vlan
view multicast vlan rules
view multicast vlan
crmcvl
defvl
fwtvl
gmcfg
gmstat
mag
mcvl
modatvl
24,
“AutoTracker
VLAN
Examples”
GF-System
Page 4-9
UI to CLI Command Cross Reference
Routing Commands
The table beginning on page 4-10 summarizes the features supported in the UI and the CLI for
Chapters 25 through 27.
Routing Table
Chapter
UI Command
Equivalent CLI Commands
PM Family
25,
“IP Routing”
All IP Routing commands are
supported in the CLI.
All IP Routing commands are
supported in the CLI.
3-IP Routing
GF-System
26,
”UDP
Forwarding”
aisr
events
icmps
ipfilter
ipmac
ipr
ips
names
ping
probes
ripflush
rips
risr
snmpc
iproute
view rmon events
view icmp
rip filter
view mac
view ip route
view ip traffic
ip [no] domain-lookup
ping
view rmon probes
ripflush
rips
no ip route
snmp config, snmp community, snmp trap, broadcast,
snmp trap unicast
snmp station
view snmp
telnet ip-address
view tcp users
view tcp
trace
view udp users
view ucp
arp, clear arp-cache, view arp
3-IP Routing
snmps
telnet
tcpc
tcps
traceroute
udpl
udps
xlat
27,
“IPX Routing”
Page 4-10
chngmac, flush, flconfig,
ipclass, ipdirbrcast, names,
probes
Unsupported
relayc
relays
ip helper
view ip helper stats
avlbootmode, edit
Unsupported
No PM Support
UI to CLI Command Cross Reference
WAN Access Commands
The table beginning on page 4-11 summarizes the features supported in the UI and the CLI for
Chapters 28 through 34.
WAN Access Table
Chapter
UI Command
Equivalent CLI Commands
PM Family
28, “WAN
Switching
Modules”
wpadd
wpdelete
aaa
10-WAN
29,
“Managing
Frame Relay”
fradd, frmodify
dlci
description
status
cir bc be
bridge-group
bridgepmode
bridge check fcs strip
routing-group
trunking-group
payload-compress FRF9 stac
interface
clock source
clock rate
lmi-type
intf-type
lmi-t391 dte
lmi-n391 dte
lmi-n392 dte
lmi-n393 dte
lmi-n392 dce
lmi-n393 dce
10-WAN
ppp-global authentication
ppp-global sent-username
ppp-global compress
ppp-global bridging status
ppp-global ip config admin
status
ppp-global ipx-status
interface
encapsulation ppp
description
status
multilink
compression
bridge-group
bridging
bridge-mode
bridge-check fcs strip
routing-group
ip status
remote ip
ip-address
ipx-status
authentication
local-username
sent-username
max failure
max configure
max terminate
retry timeout value
10-WAN
frmodify
30,
“Point-to-Point
Protocol (PPP)”
pppglobal
pppadd, pppmodify
continued on next page...
Page 4-11
UI to CLI Command Cross Reference
WAN Access Table (continued)
Chapter
UI Command
Equivalent CLI Commands
PM Family
31,
“WAN Links”
linkadd, linkmodify
interface dialer
status
description
inactivity-timer
min call duration
max call duration
direction
organization
carrier delay timeout
max retries
retry delay
failure delay
phone number
speed
caller-id
10-WAN
32,
“Managing
ISDN Ports”
isdnm
interface bri
switch-type
spid1
phone 1
spid2
phone2
10-WAN
33,
“Managing T1
and E1 Ports”
temod, teccfg, tecfg
channel-group
description
framing
cablelength
linecode
fdl
clock source
loopback
signalmode
snmp trap link-status
yellow
send code
non-facility signaling
10-WAN
tebcfg
bert pattern
UI commands only.
Unsupported
34, “Backup
Services”
Page 4-12
No PM Support
UI to CLI Command Cross Reference
Troubleshooting Diagnostics Commands
The table beginning on page 4-13 summarizes the features supported in the UI and the CLI for
Chapters 35 and 36 and Appendices A and B.
Troubleshooting/Diagnostics Table
Chapter/
Appendices
UI Command
Equivalent CLI Commands
PM Family
35,
“Troubleshooting”
uic
Unsupported
No PM Support
36,
“Running
Hardware
Diagnostics”
diag
Unsupported
No PM Support
A,
“Boot Line
Prompt”
ethernetc
ethernet manager port
No PM Support
B,
“Custom
Cables”
No UI commands in this
Appendix.
No CLI commands in this
Appendix
No PM Support
Page 4-13
User Interface Menu
User Interface Menu
This menu provides a top-level view of all UI menus. The commands are grouped together in
the form of sub-menus. Within each sub-menu there is a set of commands and/or another
sub-menu.
Command
--------------File
Summary
VLAN
Networking
Interface
Security
System
Services
Switch
Help
Diag
Quit/Logout
?
Main Menu
-------------------------------------------------------------------------------------------Manage system files
Display summary info for VLANs, bridge, interfaces, etc.
VLAN management
Configure/view network parameters such as routing, etc.
View or configure the physical interface parameters
Configure system security parameters
View/set system-specific parameters1
View/set service parameters
Enter Any to Any Switching menu
Help on specific commands
Display diagnostic level commands
Log out of this session
Display the current menu contents
♦ Note ♦
Although the commands are grouped in a sub-menu
structure, any command may be entered from any submenu. You are not restricted to the commands listed in
the current sub-menu.
Page 4-14
Main Menu Summary
Main Menu Summary
These menus, their sub-menus, and sub-options are described in this manual. The following
provides a brief overview of each item on this main menu.
File.
Contains options for downloading system software, listing software files, copying files,
editing files, and deleting files. This menu is fully described in Chapter 7, “Managing Files.”
Summary. Provides very basic information on the physical switch, such as its name, MAC
address, and resets. It also provides options for viewing the virtual interface and information
on the MIB. This menu is described in Chapter 9, “Switch-Wide Parameters.”
VLAN. The main menu for configuring Groups, virtual ports, and AutoTracker VLANs. This
menu also contains a sub-menu for configuring bridging parameters, such as Spanning Tree.
Groups and ports are described in Chapter 19, “Managing Groups and Ports.” VLANs are
described in Chapter 22, “Managing AutoTracker VLANs” and Chapter 23, “Multicast VLANs.”
Bridging parameters are described in Chapter 17, “Configuring Bridging Parameters.”
Networking.
Contains menu options for managing internetworking protocols, such as SNMP
and RMON (described in Chapters 13 and 14, respectively), IP (described in Chapter 25, “IP
Routing,”) and IPX (described in Chapter 27, “IPX Routing”).
Interface.
The main menu for configuring parameters and viewing statistics for switching
modules. This menu has sub-menus for managing Frame Relay and Fast Ethernet switching
modules. In addition it includes a sub-option for configuring SLIP. These sub-menus are
described in Chapters 15 through 16 and Chapter 29.
Security. This menu contains options for changing a password and rebooting the system. It is
described in Chapter 8, “Switch Security.”
System. Contains a wide array of options for configuring and viewing information on a variety of switch functions. Options include displays of switch slot contents, configuring serial
ports, and viewing CAM information. Commands used to configure User Interface display
options are described in User Interface Display Options on page 4-30. Other System menu
commands are described in Chapter 9, “Configuring Switch-Wide Parameters.” The System
menu also includes a sub-menu option that provides additional commands for configuring the
MPX module. This sub-menu is described in Chapter 6, “Configuring Management Processor
Modules.”
Services. Provides options for creating, modifying, viewing, and deleting Frame Relay
services. Frame Relay services include bridging, routing, and trunking. Frame Relay services
are described in Chapter 29, “Managing Frame Relay.”
Switch. Provides options to precisely define frame translations. A MAC-layer type (Ethernet,
Token Ring, etc.) may have more than one type of frame format, such as Ethernet or 802.3.
But, by default, each MAC-layer type defaults to certain frame format upon translation. This
menu allows you to define translations for each frame format. This menu is described in
Chapter 18, “Configuring Frame Translations.”
Help. Provides textual help on how to use the UI and on each menu or sub-menu. For the
item of interest, enter
help <sub-menu name>
Page 4-15
General User Interface Guidelines
Diag. This menu, fully available to the diag login account, contains commands to run diagnostic tests. It is described in Chapter 36, “Running Hardware Diagnostics.”
Quit.
?
Logs you out of the UI. You can also enter logout to exit.
Displays the options for current menu.
General User Interface Guidelines
You can monitor and configure your switch in the following various ways:
• The User Interface (UI): The UI is the original method of switch configuration. It is a textbased and menu-driven interface to which you can connect through the serial port,
through a modem, or over a network via Telnet. You can have up to four simultaneous UI
connections to an Omni Switch/Router. For Release 4.4 and later, the default for switch
monitoring and configuration is the CLI mode. If you are using a login account with
permission to use the UI command, you can enter the UI mode by entering the ui
command at the CLI system prompt.
• X-Vision: This purchasable network management software program consists of several
powerful sub-applications that help you manage and monitor your network. X-Vision
allows you to connect and configure multiple switches simultaneously. For more information, refer to X-Vision’s on-line help.
• The Command Line Interface (CLI): The CLI is a new feature included with Release 4.1 that
allows you to configure Omni Switch/Routers using single-line text-based commands that
are entered through the local console. Improved readability, easy text editing of the configuration files, and simple cloning of switch configurations are among some of the advantages of the CLI. For more information, refer to the Text-Based Configuration CLI Reference
Guide.
Entering Command Names
The UI is not case sensitive for commands, meaning that you may enter upper or lower case
as you desire. However, command line assignments, configuration input, and logins are case
sensitive.
Except for the logout and quit commands, you only need to enter as much of the command
that is unique. For example, if you want to execute the switch command you need only enter
swi. If you enter only sw, the system will respond with a choice of the following:
switch
swch
swchmac
swap
If you set the switch to the verbose mode you will see additional information on the screen
(see Setting Verbose/Terse Mode for the User Interface on page 4-22).
Non-unique command match, possible commands:
switch
Enter Any to Any Switching Menu
swch
Configure Any To Any Switching Port Translations
swchmac
View Per Mac Translation Options
swap
Change swap status of chassis
swlogc
Configure Switch Logging source/destination mapping and
priority levels
Page 4-16
General User Interface Guidelines
♦ Note ♦
If you cannot see a UI command confirmation prompt
or if you do not get the command prompt after the
completion of a command, press the <Enter> key to
regain the prompt.
Quitting a Command
Many of the commands give you a list of parameters to change. With most commands you
can enter in quit if you want to exit the command without making changes. If the quit parameter is not available, press Ctrl-d to abort the command without making changes.
Scrolling
If the screen scrolls up too far to read you can stop the incoming data by pressing Ctrl-s. The
screen will stop and allow you to read the data. Press Ctrl-q to continue the data transmission.
The UI Configuration Menu
The User Interface (UI) Configuration menu consolidates the following UI commands into a
single, easy-to-use menu:
• chpr
• more
• ver
• ter
• timeout
♦ Note ♦
The switch’s prompt, more, verbose/terse, and timeout
functions remain fully supported. However, if you enter
any of the commands listed above, you will be redirected to the UI Configuration menu.
To access the UI Configuration menu, type
uic
at the system prompt and press <Enter>. The following screen will be displayed:
UI Configuration
1) Prompt
2) More
21) Lines
3) Verbose
4) Timeout
: ‘$Menu-Path% ’
: on
: 22 lines
: off
: 5 minutes
Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) :
Refer to the following sections for information on using the UI Configuration menu.
Page 4-17
General User Interface Guidelines
Configuring the System Prompt
The uic submenu is listed under the system menu. The uic submenu allows you to change the
system prompt. The prompt can be made up of literal information, system variable information, or a combination of the two.
Literal information means that the prompt will reflect exactly what you type at the uic
submenu. For example, Marketing 1 or Enter command:.
System variable information means that the prompt will reflect the switch’s variable information, such as the current menu-path or the system name. Use $Menu-Path (case sensitive) to
have the system prompt display the current menu-path name. Use $SysName to have the
system prompt display the system name.
You can also mix variables and literals such as $Menu-Path -> or $SysName Enter command:.
♦ Note ♦
The default system prompt is ->.
To change the system prompt, type uic at the user prompt and press <Enter>.
A screen similar to the following will be displayed.
UI Configuration
1) Prompt
2) More
21) Lines
3) Verbose
4) Timeout
: ‘$Menu-Path% ’
: on
: 22 lines
: off
: 5 minutes
Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) :
Next, type 1=, followed by the desired prompt information, and press <Enter>. For example:
1=$SysName ->
After you press <Enter>, the screen will be redrawn. Note that the prompt information at line
1 of the uic submenu has been changed.
UI Configuration
1) Prompt
2) More
21) Lines
3) Verbose
4) Timeout
: ‘$SysName -> ’
: on
: 22 lines
: off
: 5 minutes
Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) :
Type save at the submenu prompt and press <Enter>. The system prompt has been successfully changed.
Page 4-18
General User Interface Guidelines
Configuring More Mode for the User Interface
Enabling More Mode
The more mode allows you to specify the maximum number of lines that will be scrolled to
your workstation’s display. However, before you can specify the maximum number of lines
that can be displayed, you must first verify that the more mode is enabled. To enable the
more mode, type uic at the user prompt and press <Enter>. A screen similar to the following
will be displayed.
UI Configuration
1) Prompt
2) More
21) Lines
3) Verbose
4) Timeout
: ‘$Menu-Path% ’
: off
: 22 lines
: off
: 5 minutes
Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) :
Next, type 2=on at the submenu prompt and press <Enter>. The screen will be redrawn. Note
that more mode is now set to on.
UI Configuration
1) Prompt
2) More
21) Lines
3) Verbose
4) Timeout
: ‘$Menu-Path% ’
: on
: 22 lines
: off
: 5 minutes
Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) :
The switch’s default output display is 22 lines. If you want to change this value, type 21=,
followed by the maximum number of lines to be displayed, and press <Enter>. For example:
21=50.
After you press <Enter>, the screen will be redrawn. Note that the output display value at line
21 of the uic submenu has been changed.
UI Configuration
1) Prompt
2) More
21) Lines
3) Verbose
4) Timeout
: ‘$Menu-Path% ’
: on
: 50 lines
: off
: 5 minutes
Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) :
Be sure to type save at the submenu prompt and press <Enter>. More mode is now enabled.
Changing the More Mode Line Value
If the switch’s more mode has already been enabled and you want to change the maximum
number of lines to be displayed on your workstation, type uic at the user prompt and press
<Enter>.
Page 4-19
General User Interface Guidelines
A screen similar to the following will be displayed.
UI Configuration
1) Prompt
2) More
21) Lines
3) Verbose
4) Timeout
: ‘$Menu-Path% ’
: on
: 22 lines
: off
: 5 minutes
Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) :
Type 21=, followed by the maximum number of lines to be displayed, and press <Enter>. (The
value may range from 0 to 2147483647.) For example:
21=2000.
After you press <Enter>, the screen will be redrawn. Note that the output display value at line
21 of the uic submenu has been changed.
UI Configuration
1) Prompt
2) More
21) Lines
3) Verbose
4) Timeout
: ‘$Menu-Path% ’
: on
: 2000 lines
: off
: 5 minutes
Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) :
Type save at the submenu prompt and press <Enter>. The more mode line value has been
successfully changed.
Page 4-20
General User Interface Guidelines
Disabling More Mode
To disable more mode, type uic at the user prompt and press <Enter>.
A screen similar to the following will be displayed.
UI Configuration
1) Prompt
2) More
21) Lines
3) Verbose
4) Timeout
: ‘$Menu-Path% ’
: on
: 22 lines
: off
: 5 minutes
Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) :
Next, type 2=off at the submenu prompt and press <Enter>. The screen will be redrawn. Note
that more mode is now set to off.
UI Configuration
1) Prompt
2) More
21) Lines
3) Verbose
4) Timeout
: ‘$Menu-Path% ’
: off
: 22 lines
: off
: 5 minutes
Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) :
Type save at the submenu prompt and press <Enter>. More mode is now disabled.
♦ Reminder ♦
The switch’s table filtering feature cannot be used
when the more mode is disabled. For more information on UI table filtering, refer to UI Table Filtering
(Using Search and Filter Commands) on page 4-38.
Page 4-21
General User Interface Guidelines
Setting Verbose/Terse Mode for the User Interface
Enabling Verbose Mode
When verbose mode is enabled, you are not required to enter a question mark in order to
view the switch’s configuration menus. Instead, menus are displayed automatically. For example, if verbose mode is enabled and you enter
summary
at the user prompt, the Summary menu will be displayed automatically, as shown below:
Command
ss
sc
si
Summary Menu
Display MIB-II System group variables
OmniSwitch chassis summary
Current interface status
Main
File
Interface Security
Summary VLAN
System
Services
Networking
Help
The switch’s default verbose mode setting is off, or disabled. To enable verbose mode, type
uic at the user prompt and press <Enter>.
A screen similar to the following will be displayed.
UI Configuration
1) Prompt
2) More
21) Lines
3) Verbose
4) Timeout
: ‘$Menu-Path% ’
: on
: 22 lines
: off
: 5 minutes
Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) :
Next, type 3=on at the submenu prompt and press <Enter>. The screen will be redrawn. Note
that verbose mode is now set to on.
UI Configuration
1) Prompt
2) More
21) Lines
3) Verbose
4) Timeout
: ‘$Menu-Path% ’
: on
: 22 lines
: on
: 5 minutes
Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) :
Type save at the submenu prompt and press <Enter>. You will be returned to the user
prompt. Verbose mode is now enabled.
Page 4-22
General User Interface Guidelines
Disabling Verbose Mode
Although the terse command is no longer supported as of Release 4.1, disabling verbose
mode via the uic submenu is the command equivalent. When verbose mode is disabled,
configuration menus will not be displayed automatically. To display a current menu when
verbose mode is disabled, you must type a question mark (?) and then press <Enter>.
To disable verbose mode, type uic at the user prompt and press <Enter>.
A screen similar to the following will be displayed.
UI Configuration
1) Prompt
2) More
21) Lines
3) Verbose
4) Timeout
: ‘$Menu-Path% ’
: on
: 22 lines
: on
: 5 minutes
Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) :
Next, type 3=off at the submenu prompt and press <Enter>. The screen will be redrawn. Note
that verbose mode is now set to off.
UI Configuration
1) Prompt
2) More
21) Lines
3) Verbose
4) Timeout
: ‘$Menu-Path% ’
: on
: 22 lines
: off
: 5 minutes
Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) :
Type save at the submenu prompt and press <Enter>. Verbose mode is now disabled.
Page 4-23
General User Interface Guidelines
Configuring the Auto Logout Time
When the switch detects no user activity on the UI for a certain period of time, it automatically logs the user out of the system. By default, this automatic logout occurs after 4 minutes
of console inactivity. You can configure the automatic logout to range from 1 minute to
35,791,394 minutes.
To set a new automatic logout time, type uic at the user prompt and press <Enter>.
A screen similar to the following will be displayed.
UI Configuration
1) Prompt
2) More
21) Lines
3) Verbose
4) Timeout
: ‘$Menu-Path% ’
: off
: 22 lines
: off
: 5 minutes
Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) :
Next, type 4=on, followed by the desired automatic logout time, and press <Enter>. For example:
4=15.
After you press <Enter>, the screen will be redrawn. Note that the automatic logout time at
line 4 of the uic submenu has been changed.
UI Configuration
1) Prompt
2) More
21) Lines
3) Verbose
4) Timeout
: ‘$Menu-Path% ’
: on
: 22 lines
: off
: 15 minutes
Command {Item=Value/?/Help?Quit?Redraw?Save} (Redraw) :
Be sure to type save at the submenu prompt and press <Enter>. The automatic logout time
has been successfully changed.
♦ Note ♦
The automatic logout value you enter takes effect
immediately; you do not have to reboot the switch. In
addition, the timeout parameter you enter is saved.
Later sessions using this account will have the same
automatic logout parameter until you change it.
Page 4-24
General User Interface Guidelines
Viewing Commands
If at any time you are not sure of the commands available, enter ? and you will be given a list
of the commands in the current sub-menu. Following each list of commands is a list of submenus. You can go directly to any sub-menu in the list.
You can specify whether the full menu will be displayed when you enter a command for a
menu or sub-menu and the amount of information you receive when you run the help
command. (Refer to Setting Verbose/Terse Mode for the User Interface on page 4-22 for more
information.) Additionally, there is a lookup facility to assist with administrative tasks. You
can look up any command name or prefix as follows:
lookup vlans
or to see all commands starting with v use:
lookup v*
To see all commands available, enter:
lookup *
Changing Passwords
The pw command is used to change passwords and is described in Chapter 8, “Switch Security.”
Page 4-25
General User Interface Guidelines
Command History and Re-Executing Commands
The history command displays up to 50 commands numbered in order with the most recently
executed command listed last. The following is a typical example of the history command.
1: view mpx.cmd
2: vlan
3: at
4: atvl
5: vimcvl
6: mcvl
7: vivl
8: fwtvl
9: xlat
10: history
In the example above, the history command is listed last because it is the one that was
executed most recently. If you want to re-execute the last command, enter two exclamation
points (!!). In the example above, you could re-execute the history command by entering
!!
at the system prompt.
You can also display a specific number of commands by entering history followed by a
number less than or equal to the number of commands in the history buffer. For example, if
you entered
history 5
in the example above you would see the following:
7: vivl
8: fwtvl
9: xlat
10: history
11:history 5
The UI also provides several other ways to re-execute earlier commands. For example, you
can re-execute a specific command shown in the history list by entering an exclamation point
(!) followed by the number to the left of that command shown in the history list. In the example at the beginning of this section, entering
!2
would re-execute the vlan command.
You can also re-execute a command a set number of commands back by entering an exclamation point and a minus sign (!-) followed by that set number of commands back. In the
example at the beginning of this section, entering
!-3
would re-execute the fwtvl command.
Page 4-26
General User Interface Guidelines
In addition, you can re-execute a command by entering an exclamation point (!) followed by
the first character(s) of the most recently executed command. In the example at the beginning of this section, entering
!vim
would re-execute the vimcvl command. Entering
!vi
however, would re-execute the vivl command because it is the most recently executed
command beginning with vi.
You can also re-execute the most recently executed command containing a string of characters by entering an exclamation point and a question mark (!?), followed by the string of
characters, and an optional question mark (?) which acts as a “wild card.” In the example at
the beginning of this section, entering
!?lan?
at the system prompt would re-execute the vlan command. Entering
!?la?
however, would re-execute the xlat command because it is the most recently executed
command containing la.
Commands in the history buffer can be modified by adding a parameter, when it is applicable. For example, if you entered
!7 3/1
in the example at the beginning of this section you would execute the command vivl 3/1.
Page 4-27
General User Interface Guidelines
Abbreviating IP Addresses
The Omni Switch/Router software provides the user with a more concise way to enter the
dotted decimal format of a 32-bit IP address. The new syntax conforms to the traditional Internet interpretation. Several examples of abbreviated IP addresses are shown in the table below.
The first column of the table lists examples of abbreviated IP addresses, and the second
column shows how the system interprets the abbreviated address.
Abbreviated IP Address Formats
Sample User Entry
IP Address
198
0.0.0.198
198.
198.0.0.0
198..
198.0.0.0
198...
198.0.0.0
198.206
198.0.0.206
198..206
198.0.0.206
198..206.
198.0.206.0
198...206
198.0.0.206
198.206.
198.206.0.0
198.206..
198.206.0.0
198.206.182
198.206.0.182
198..206.182
198.0.206.182
198.206..182
198.206.0.182
198.206.182.
198.206.182.0
198.206.182.158
198.206.182.158
As shown in the table above, the system performs two important steps to ensure that the IP
address is valid. First, it puts zeroes when you do not specify the number. Second, the system
will insert as many zeroes as needed to the right of a period.
Page 4-28
General User Interface Guidelines
This abbreviated IP address format can be used with the ftp, telnet, crgp, modvl, ping, snmpc,
and xlat commands. For example, to ping the IP address 198.0.0.2, you can abbreviate this IP
address by entering
ping 198.2
at the system prompt. After you answer a few prompts (see Chapter 25, “IP Routing” for more
information on the ping command), something similar to the following will be displayed.
Ping starting, hit <Enter> to stop
PING 198.0.0.2: 64 data bytes
[0
] T
----198.0.0.2 PING Statistics---1 packets transmitted, 0 packets received, 100% packet loss
In addition, the IP subnet mask 255.255.0.0 can be abbreviated in the following ways:
• 255.255.
• 255.255..
Page 4-29
User Interface Display Options
User Interface Display Options
The System menu several commands to configure help information, character display, and the
system prompt for the UI. Enter
system
at the system prompt to enter the System menu. Press the question mark (?) to see the System
menu commands, as shown below.
Command
info
dt
ser
mpm
slot
systat
taskstat
memstat
fsck
newfs
syscfg
uic
camstat
camcfg
hrex
ver/ter
echo/noecho
chpr
logging
health
cli/exit
saveconfig
cacheconfig
System Menu
Basic info on this system
Set system date and time
View or configure the DTE or DCE port
Configure a Management Processor Module
View Slot Table information
View system stats related to system, power and environment
View task utilization stats
View memory use statistics
Perform a file system check on the flash file system
Erase all files from /flash & create a new file system
View/Configure info related to this system
UI configuration; change - prompt, timeout, more, verbose.
View CAM info and usage
Configure CAM info and usage
Enter HRE-X management command sub-menu
Enables/disables automatic display of menus on entry (obsolete,
use ‘uic’ command)
Enable/disable character echo
Change the prompt for the system (obsolete, use ‘uic’ command)
View system logs.
Set health parameters or view health statistics
Enter command line interface
Dump the cache configuration content to the mpm.cfg file.
Set the flag to use cache configuration only.
Main
File
Interface Security
Summary VLAN
System
Services
Networking
Help
For information on the info, dt, ser, slot, systat, taskstat, memstat, fsck, newfs, syscfg, camstat,
and hrex commands, refer to Chapter 9, “Switch-Wide Parameters.” The mpm
command is described in Chapter 6, “Configuring Management Processor Modules.” The ver/
ter and chpr commands are described earlier in Setting Verbose/Terse Mode for the User
Interface on page 4-22. The echo/noecho command is described in the following section. The
cli command is described earlier in Changing Between the CLI and UI Modes on page 4-2.
The logging command is described in Chapter 10, “Switch Logging.”
camcfg,
♦ Note ♦
The ver/ter, and chpr commands now appear as items
in the UI Configuration menu (displayed through the
uic command). If you enter the ver/ter and chpr
commands, a message will advise you to use the uic
command, and the UI Configuration menu will automatically display. For more information on the UI
Configuration menu, refer to The UI Configuration
Menu on page 4-17.
Page 4-30
User Interface Display Options
Setting Echo/NoEcho for User Entry
You can determine whether your entries will appear by enabling the echo for user entries.
The default is to echo all characters.
To enable the echo, enter
echo
at the system prompt. Everything you enter will be displayed. For example, if you enter
history
at the system prompt, it will be displayed on your terminal, as shown in the example below.
/ %history
If your terminal echoes characters locally it is a good idea to set the UI to noecho to avoid
repeated characters. To disable the echo, enter
noecho
at the system prompt. For example, if your terminal echoes characters locally, you would see
something like the following if you entered history.
/ %history
If your terminal does not echo characters locally, nothing you enter will be displayed. For
example, if you enter
history
at the system prompt, it will not be displayed on your terminal, as shown in the example
below.
/%
Setting the Login Banner
The login banner feature allows you to change the banner that displays whenever someone
logs into the UI. This feature can be used to display messages about user authorization and
security. You can display the same message for all login sessions or you can display different
messages for login sessions initiated by the console, ftp or Telnet access. The default login
message looks like this:
This product includes software developed by the University of California
Berkeley and its contributors.
Welcome to the Alcatel Omni Switch/Router ! Version 4.4
login:
Here is an example of a banner that has been changed:
This product includes software developed by the University of California
Berkeley and its contributors.
* * * LOGIN ALERT * * *
This is a secure device. Unauthorized use of this switch will result
in criminal prosecution.
login:
Page 4-31
User Interface Display Options
Creating a new Banner
Three steps are required to change the login banner. They are listed here.
• Create a text file containing the new banner in the switch’s flash directory.
• Add the UI_add_do_alert() command syntax to the switch’s mpx.cmd file.
• Enable the feature by executing the alert {console | telnet | ftp} command.
To create the text file containing your banner you may use the create file command in the UI’s
edit buffer sub-menu. This method allows you to create the file in the flash directory without
leaving the UI console session. You can also create the text file in an external editor (such as
MS Wordpad) and ftp the file to the switch’s flash directory. In either case, be sure to remember the name of your file.
To add the ui_add_do_alert() command syntax to the switch’s mpx.cmd file, use the edit
command of the UI’s file sub-menu. (For information on using the file sub-menu, refer to
Chapter 7, “Managing Files”).
To enable the new login banner, add the alert {console |telnet | ftp} syntax to the mpx.cmd file,
using the edit command of the UI’s file sub-menu. This command will cause the banner
message to display at each login until the switch is rebooted. After a reboot, the switch will
not display the banner unless the alert command is executed again.
Permanent Banner
If you want the banner message to display after the system has been rebooted, you must add
additional lines to the mpx.cmd file. The following example lists the commands you must add
to the mpx.cmd file. This example uses a banner text file with the name “banner.txt”.
cmDoDump=1
cmInit
ui_add_do_alert()
change_prompt_file(“console”, “banner.txt”)
change_prompt_file(“telnet”, “banner.txt”)
♦ Note ♦
Any commands added to the mpx.cmd file must be
added after the lines cmDoDump=1 and cmInit. If the
commands in the mpx.cmd file are not in the proper
order the switch may not boot properly.
Banners for Different Access Methods
You may use different banners for sessions accessed by console, Telnet or ftp methods. To do
this, create different text files for each banner with unique filenames. When you add the
commands to the mpx.cmd file, use the filenames to associate the banner with the session
access methods. Here is an example:
cmDoDump=1
cmInit
ui_add_do_alert()
change_prompt_file(“console”, “console_banner.txt”)
change_prompt_file(“telnet”, “telnet_banner.txt”)
change_prompt_file(“ftp”, “telnet_banner.txt”)
Page 4-32
Login Accounts
Login Accounts
The UI provides three default login accounts—Administrator, User and Diagnostics. The
Administrator login provides full access to all functions. The initial login name for an Administrator account is admin. The Diagnostics login also has full access to all switch functions plus a
special sub-menu with a set of switching module tests. The initial login name for Diagnostics
is diag. The User login has read-only privileges to the switch. The initial login name for a User
account is user. The password for each of these default login accounts is switch.
♦ Note ♦
In software release 4.3, the user login account with
read-only privileges is not included automatically.
♦ Note ♦
You can configure new and delete existing login
accounts with the useradd UI command, that is
described in Chapter 8, “Switch Security.”
Multiple User Sessions
You can have up to four simultaneous connections to an Omni Switch/Router. One connection can be made to the console port, two can be made through Telnet, and one connection
can be made to the modem port if you are connecting to an Omni Switch/Router.
♦ Note ♦
For software Releases 4.4 and later, more than one
login account with write privileges can be active at the
same time.
For software Release 4.3 and earlier, only one login account with write privileges was allowed
on the switch at the same time. In this case, the first switch user who logged on as either
admin or diag would be the only user with the write privilege. Subsequent users who logged
on as either admin or diag would not have the write privilege and would be unable to
perform any functions that change switch parameters. These users would also see a message
that informs them they do not have the write privilege when they log on. For example, a user
who logs on as admin when another user already has the write privilege will see the following message:
You are logged in as 'admin' without the WRITE privilege.
The WRITE privilege is currently in use by another user.
However, users who log on as either admin or diag without the write privilege can “kill” the
session of the user with the write privilege and gain that privilege for themselves. This is
described in Deleting Other Sessions on page 4-35.
If you try to log on when the limit of user has been reached (e.g., you attempt a Telnet
connection when there are two users currently connected through Telnet), you will see the
following message:
Sorry, reached maximum number of sessions.
Page 4-33
Multiple User Sessions
Listing Other Users
To display all the users currently logged on to the switch, type
who
at the system prompt. The following is an example of the display shown where two Telnet
sessions are logged in, one as admin and the other as user.
SESSION
3
4
USER
READ
admin 000000008007fffd
(123.456.78.910)
rrtest1 000000008007fffd
(123.456.78.910)
PRIVILEGES
WRITE
000000008007fffd
GLOBAL
00000000007fffff
TTY
000000008007fffd
0000000000000000 /pty/telnetB
/pty/telnetA
You can also display information about just your session by typing
who am i
at the system prompt. The following is a typical example of the output.
SESSION
3
USER
READ
admin 000000008007fffd
(123.456.78.910)
PRIVILEGES
WRITE
000000008007fffd
TTY
GLOBAL
00000000007fffff
/pty/telnetA
The following sections describe the parameters shown by the who command.
SESSION. The session number of the user. A 0 indicates that the user is connected through the
console port, a 1 indicates that the user is connected through the modem port, and a 2 or 3
indicates that the user is connected through Telnet. The session number is used with the write
and kill commands described in Communicating with Other Users on page 4-35 and Deleting
Other Sessions on page 4-35, respectively.
USER.
The administrative level of the user. This will be admin, user or diag.
PRIVILEGES. The privilege level of the user. The READ, WRITE and GLOBAL privileges are indicated in hexadecimal numbers.
TTY. Type of connection. This shows whether the user is connected by Telnet, the modem
port, or the console port. If the connection is via Telnet, the IP address of the connecting
workstation is also shown.
Page 4-34
Multiple User Sessions
Communicating with Other Users
If you want to send a message to another user, enter write followed by the user’s session
number. If you wanted to send a message to a user connected on the console port (session
0), you would enter
write 0
at the system prompt. The switch would then display
Enter message. (End with CTRL-D or 'exit')
Everything you type now will by sent to the user connected on the console port until you
press CTRL-D or enter exit on a line by itself. Here is an example of the write command:
write 0
I need the write privilege
exit
The user receiving the message would see the following:
Message from user 'admin' on session 3.
I need the write privilege
End of message.
If you enter an invalid session number, the switch will display an error message. For example, if you entered
write 1
at the system prompt and no user was connected through the modem port (session 1), the
switch would display
ERROR: Session 1 is an invalid session number.
Note
After you have received a message or after you have
written a message you must press the <Enter> key to
regain the system prompt.
Deleting Other Sessions
If you are logged on as admin or diag, you can kill the session of another user. For example, if
you want the write privilege and you are logged on as diag or admin, you must end the
session of the user who currently has the write privilege with the kill command. The syntax
for the kill command is as follows:
kill [[-t <timeout>] -f] <session_number>
The session_number is assigned by the switch and can be displayed with the who command,
which is described in Listing Other Users on page 4-34. If you do not use the -f option, then
the system will wait until the other user presses <Enter> or finishes his current command. If
you do use this option, then the other user’s session will be terminated immediately.
The -t option can be used with the -f option to set the amount of time before the other user’s
session is terminated. See Advanced Kill Command Options on page 4-37 for descriptions of
the -f and -t options.
Page 4-35
Multiple User Sessions
For example, to end the session of the user connected to the console port (session 0) and let
him finish his current command, you would enter
kill 0
at the system prompt. The system would then display something similar to the following:
Press <Enter> to cancel.
Trying...............................................................................
The user losing the write privilege would see something similar to the following:
Your session will be killed by user 'admin' on session 3
as soon as you finish this command or press return.
After the user with the session being killed has finished his work, he will be logged off. If the
user who was logged off had the write privilege, you will gain the write privilege and a
message similar to the following will be displayed.
Done.
You have gained the WRITE privilege
You can use the who command to confirm that you now have the write privilege.
In addition, the session number used in the kill command must be valid. If, for example, you
entered
kill 1
and no user was connected to the modem port (session 1), the system would display the
following:
ERROR: Session 1 is an invalid session number.
Also, you cannot use the kill command to end your own session. For example, if your session
number is 3 and you entered
kill 3
the system would display the following:
ERROR: You cannot kill your own session.
Instead, use the quit or logout command if you want to log out.
Page 4-36
Multiple User Sessions
Advanced Kill Command Options
You can also kill the session of a user immediately by adding the parameter -f followed by
the session number of the user. This option will kill the user’s session before he can finish his
current command. In addition, this option will end the user’s sessions without waiting for him
to press <Enter>. This option can be used to log off a user with the write privilege who forgot
to log out and then gain the write privilege for yourself.
If you wanted to kill the session of the user with a session number of 2 immediately, you
would enter
kill -f 2
at the system prompt.
The default timeout for the kill command is 2 seconds. You can modify the duration of the
timeout by using -t option in conjunction with the -f option. To use the timeout option, enter
kill, followed by -t, the number of seconds for the timeout, -f, and the session number of the
user. For example, if you wanted to kill the session of the user with a session number of 2 in
15 seconds, you would enter
kill -t15 -f 2
at the system prompt. The valid range for the timeout is 1 to 240 seconds.
♦ Note ♦
You cannot use the timeout option (-t) unless you also
use the -f option.
Page 4-37
UI Table Filtering (Using Search and Filter Commands)
UI Table Filtering (Using Search and Filter Commands)
The amount of information displayed in UI tables can be extensive, especially with larger
networks. Common UI commands, such as ipr, vivl, macinfo, and fwt, often return multi-page
tables. The user can locate specific information in these large tables through the More? UI
prompt.
The More? prompt appears whenever the maximum number of table entries designated by the
more command has been reached (the more command’s default is 22 lines). Note that if a
table exceeds 22 lines, and the more mode has been configured to display more than 100
lines, the following message appears:
Screen Size larger than 100 Lines, Displaying with 22 Lines (Press Any Key)
After pressing any key, only the page of the table is displayed, followed by the More? prompt.
♦ Important Note ♦
The switch’s more mode is active by default. If the more
mode is turned off, the Search and Filter commands
cannot be used. For more information on the more
command, see The UI Configuration Menu on page 417.
A typical More? UI prompt will look like this:
1 4/6 Brg/ 1/ na 0020da:030995 Tns DFLT Enabld Inactv Disabl AutoSw
1 4/7 Brg/ 1/ na 0020da:030996 Tns DFLT Enabld Inactv Disabl AutoSw
1 4/8 Brg/ 1/ na 0020da:030997 Tns DFLT Enabld Inactv Disabl AutoSw
1 5/1 Brg/ 1/ na 0020da:854050 Tns DFLT Enabld Inactv Disabl AutoSw
More? [<SP>,<CR>,/,F,N,Q,?]
At the More? prompt, the user is given a list of options, which includes the Search (/) and
Filter (F) commands:
<SP>
Press <SP> (space bar) to display the next page of information.
<CR>
Press <CR> (character return) to display the next line of information.
/
Press / to enter the Search mode.
F
Press F to enter the Filter mode.
N
Press N to renew the search, starting from the next line in the UI table.
Q
Press Q to exit the More? prompt.
?
Press ? to enter the More? command Help Menu.
These commands are available for admin and diag login sessions. Please refer to the following
sections for more information on the Search and Filter commands, as well as renewing a
search, combining Search and Filter commands, and using wildcards.
Page 4-38
UI Table Filtering (Using Search and Filter Commands)
The Search Command
Starting from the page being displayed, the Search command (/) searches all lines of a UI table
for a specified text pattern (up to 80 characters). The first line containing the pattern is
brought to the top of the page, followed by any remaining lines in the table.
Searches cannot be limited to a specific column or heading.
To use the Search command, type / at the More? prompt, followed by the text pattern you are
looking for, then press <Enter>.
♦ Important Note ♦
The Search command is case sensitive. When using this
command, be sure to type the text pattern exactly as it
would appear in the UI table.
Real World Example
The following example uses the Search command to locate a specific MAC address in the
table. (Before using this example, be sure that the more mode is enabled and the
default is set at 22 lines. For more information, refer to page 4-38.)
macinfo
1. Type macinfo and press <Enter>. The following screen will be displayed:
Enter MAC address ([XXYYZZ:AABBCC] or return for none) :
Press <Enter> again. A screen similar to the following will be displayed:
Enter Slot Number (1-5) :
Type the slot number for the module containing the relevant MAC address information
(e.g. 3), then press <Enter>. A table similar to the following will be displayed:
Total number of MAC addresses learned for this slot: 58
Non-Canonical
Group CAM
Sl/ If/ Service/ In
MAC Address
MAC Address
T ID
Indx
----------------------- -------------------------- ------------------------ --- -------- -------3/ 1/ Brg/ 1 00A0C9:064D04 000593:60B220 E
1 7024
3/ 1/ Brg/ 1 006008:C1D7C2 000610:83EB43 E
1 7030
3/ 1/ Brg/ 1 0020DA:88F110 00045B:118F08 E
1 70E6
3/ 1/ Brg/ 1 0020DA:B6FF12 00045B:6DFF48 E
1 7094
3/ 1/ Brg/ 1 0020DA:8A7DC0 00045B:51BE03 E
1 705A
3/ 1/ Brg/ 1 0020DA:A67FA2 00045B:65FE45 E
1 7120
3/ 1/ Brg/ 1 0020DA:024F75 00045B:40F2AE E
1 710C
3/ 1/ Brg/ 1 0020DA:9B88E4 00045B:D91127 E
1 70EE
3/ 1/ Brg/ 1 0020DA:9C062B 00045B:3960D4 E
1 7074
3/ 1/ Brg/ 1 0020DA:79F062 00045B:9E0F46 E
1 70D2
3/ 1/ Brg/ 1 006008:991CA7
000610:9938E5 E
1 701C
3/ 1/ Brg/ 1 0020DA:936A8F 00045B:C956F1 E
1 712A
3/ 1/ Brg/ 1 0020DA:9CEAC5 00045B:3957A3 E
1 70CC
3/ 1/ Brg/ 1 0020DA:9B9B54 00045B:D9D92A E
1 70D6
3/ 1/ Brg/ 1 0020DA:7AAE24 00045B:5E7524 E
1 70B8
3/ 1/ Brg/ 1 0020DA:A9EEB3 00045B:9577CD E
1 710A
3/ 1/ Brg/ 1 0020DA:8DB20B 00045B:B14DD0 E
1 7080
3/ 1/ Brg/ 1 0020DA:9F6B82 00045B:F9D641 E
1 70F4
3/ 1/ Brg/ 1 0020DA:8762A3 00045B:E146C5 E
1 7126
3/ 1/ Brg/ 1 006008:C1D7C2 000610:83EB43 E
1 7030
More? [<SP>,<CR>,/,F,N,Q,?]
Last
Exp
S Seen
Timer
---- --------- ----------T
134
300
T
115
300
T
46
300
T
66
300
T
83
300
T
27
300
T
34
300
T
45
300
T
76
300
T
52
300
T
117
300
T
23
300
T
53
300
T
50
300
T
58
300
T
34
300
T
72
300
T
42
300
T
24
300
T
115
300
Note that, because the information in the table exceeds the more command’s default page size
of 22 lines, the More? prompt appears at the bottom of the screen.
Page 4-39
UI Table Filtering (Using Search and Filter Commands)
2. Type / at the More? prompt. The Search prompt (/) will appear automatically. At the Search
prompt, enter the text pattern for the desired MAC address. For example:
/0020DA:9E479D
Press <Enter>. A screen similar to the following will be displayed:
Searching ........
3/
3/
3/
3/
3/
3/
3/
3/
3/
3/
1/
1/
1/
1/
1/
1/
1/
1/
1/
1/
Brg/
Brg/
Brg/
Brg/
Brg/
Brg/
Brg/
Brg/
Brg/
Brg/
1
1
1
1
1
1
1
1
1
1
0020DA:9E479D
0020DA:9D0D1B
0020DA:97CDE0
00A0C9:8DED5B
0020DA:92A152
0020DA:8528D5
0020DA:93BF73
0020DA:B956B5
0020DA:730F03
0020DA:8BA710
00045B:79E2B9
00045B:B9B0D8
00045B:E9B307
000593:B1B7DA
00045B:49854A
00045B:A114AB
00045B:C9FDCE
00045B:9D6AAD
00045B:CEF0C0
00045B:D1E508
E
E
E
E
E
E
E
E
E
E
1
1
1
1
1
1
1
1
1
1
702C
7030
70E6
7094
705A
7120
710C
70EE
7074
70D2
T
T
T
T
T
T
T
T
T
T
138
67
122
114
97
102
130
56
68
99
300
300
300
300
300
300
300
300
300
300
Note that the line containing information for the specified MAC address (0020DA:9E479D) now
appears at the top of the screen, followed by any remaining lines in the UI table. (In this case,
the last line of the macinfo UI table contains MAC address 0020DA:8BA710, as shown).
Renewing a Search
If you execute the Search command and the resulting page still exceeds the maximum
number of table entries designated by the more command, you can renew the Search. Do this
by typing n at the More? prompt. The Search command will scan the remainder of the table
and display the next line containing the desired text pattern at the top of the screen.
Page 4-40
UI Table Filtering (Using Search and Filter Commands)
The Filter Command
The Filter command filters unwanted information from a UI table by displaying only those
lines containing a specified text pattern (up to 80 characters). Once the Filter command has
been executed, the Filter mode remains active until the end of the UI table has been reached,
or until the user exits the current UI table.
Like the Search command, the Filter command cannot be limited to a specific column or
heading.
To use the Filter command, type f at the More? prompt, followed by the text pattern you want
displayed in the UI table, then press <Enter>.
♦ Important Note ♦
The Filter command is case sensitive. When using this
command, be sure to type the text pattern exactly as it
would appear in the UI table.
Real World Example
The following example uses the Filter command to display only those lines containing Lane
services in the vivl table. (Before using this example, be sure that the more mode is enabled
and the default is set at 22 lines. For more information, refer to page 4-38.)
1. Type vivl and press <Enter>. A table similar to the following will be displayed:
Virtual Interface VLAN Membership
Slot / Intf / Service / Instance Group
Member of VLAN#
----------------------------------------- --------------------------------1
/1
/Rtr
/1
1
1
1
/1
/Rtr
/2
33
1
1
/1
/Rtr
/3
111
1
1
/1
/Rtr
/4
33
2
1
/1
/Rtr
/5
1
3
1
/1
/Rtr
/6
1
4
1
/1
/Rtr
/7
33
7
1
/1
/Rtr
/8
33
3
1
/1
/Rtr
/9
1
5
1
/1
/Rtr
/10
1
6
1
/1
/Rtr
/11
33
5
1
/1
/Rtr
/12
33
6
1
/1
/Rtr
/13
999
1
2
/1
/Lne
/1
1
1
2
/1
/Lne
/2
111
1
3
/1
/Brg
/1
33
14
3
/2
/Brg
/1
1
1
3
/3
/Brg
/1
1
1
3
/4
/Brg
/1
1
1
More? [<SP>,<CR>,/,F,N,Q,?]
Note that, because the information in the table exceeds the more command’s default of 22
lines, the More? prompt appears at the bottom of the screen.
Page 4-41
UI Table Filtering (Using Search and Filter Commands)
2. Type f at the More? prompt. The Filter prompt (f/) will appear automatically. At the Filter
prompt, enter the desired text pattern (remember to type the text pattern exactly as it
would appear in the UI table):
f/Lne
Press <Enter>. A screen similar to the following will be displayed:
Filtering .......
2
/1
2
/1
/%
/Lne
/Lne
/1
/2
1
111
1
1
Note that only those lines containing Lane services are now displayed on the screen. All
other table entries have been filtered from the UI.
Combining Search and Filter Commands
If you receive a More? prompt after using the Filter command, the filtered information still
exceeds the maximum number of table entries designated by the more command. To further
refine your results, you can combine the Search and Filter commands.
To combine the Search and Filter commands, type / at the Filter mode’s More? prompt,
followed by a revised text pattern of up to 80 characters. Note that you can combine the
Search and Filter commands only after you have executed a Filter command and received a
More? prompt at the bottom of the resulting page.
♦ Reminder ♦
Both the Search and Filter commands are case sensitive. When using these commands, be sure to type the
text pattern exactly as it would appear in the text UI
table.
Real World Example
The following example combines the Search and Filter commands to find specific IP address
information in the ipr table. (Before using this example, be sure that the more mode is
enabled and the default is set at 22 lines. For more information, refer to page 4-38.)
Page 4-42
UI Table Filtering (Using Search and Filter Commands)
1. Type ipr and press <Enter>. A table similar to the following will be displayed:
IP ROUTING TABLE
----------------------------128 routes in routing table
Group:VLAN
Network
Mask
Gateway
Metric
Id
Protocol
-------------------------------------------------------------------------------------------------------------------------155.5.0.0
255.255.0.0
155.5.4.33
1
1:5
DIRECT
155.6.0.0
255.255.0.0
155.6.4.33
1
1:6
DIRECT
155.155.0.0
255.255.0.0
155.155.4.33
1
1:1
DIRECT
172.17.0.0
255.255.0.0
172.17.6.122
1
999:1
DIRECT
172.31.0.0
255.255.0.0
172.31.4.33
1
33:3
DIRECT
172.32.0.0
255.255.0.0
172.32.4.33
1
33:2
DIRECT
172.33.0.0
255.255.0.0
172.33.4.33
1
33:1
DIRECT
172.35.0.0
255.255.0.0
172.35.4.33
1
33:5
DIRECT
172.36.0.0
255.255.0.0
172.36.4.33
1
33:6
DIRECT
172.37.0.0
255.255.0.0
172.37.4.33
1
33:7
DIRECT
172.111.0.0
255.255.0.0
172.111.4.33
1
111:1
DIRECT
198.168.12.0 255.255.0.0
192.168.12.1
1
1:1
DIRECT
198.168.13.0 255.255.0.0
192.168.13.1
1
1:1
DIRECT
More? [<SP>,<CR>,/,F,N,Q,?]
Note that, because the information in the table exceeds the more command’s default of 22
lines, the More? prompt appears at the bottom of the screen.
2. Use the Filter command to display all IP network addresses within the IP Routing table that
contain 198. To do this, type f at the More? prompt, followed by the specified text pattern:
f/198
Press <Enter>. A screen similar to the following is displayed:
Filtering .......
198.168.12.0
255.255.0.0
198.168.13.0
255.255.0.0
198.168.236.0 255.255.0.0
198.168.237.0 255.255.0.0
198.168.238.0 255.255.0.0
198.168.239.0 255.255.0.0
198.168.240.0 255.255.0.0
198.168.241.0 255.255.0.0
198.168.242.0 255.255.0.0
198.206.181.0 255.255.255.0
198.206.183.0 255.255.255.0
198.206.184.0 255.255.255.0
198.206.185.0 255.255.255.0
198.206.186.0 255.255.255.0
198.206.187.0 255.255.255.0
198.206.188.0 255.255.255.0
198.206.189.0 255.255.255.0
198.206.190.0 255.255.255.0
198.206.191.0 255.255.255.0
198.206.192.0 255.255.255.0
198.206.193.0 255.255.255.0
198.206.194.0 255.255.255.0
More? [<SP>,<CR>,/,F,N,Q,?]
198.168.12.1
198.168.13.1
172.16.255.254
172.16.255.254
172.16.255.254
172.16.255.254
172.16.255.254
172.16.255.254
172.16.255.254
172.16.255.254
172.16.255.254
172.16.255.254
172.16.255.254
172.16.255.254
172.16.255.254
172.16.255.254
172.16.255.254
172.16.255.254
172.16.255.254
172.16.255.254
172.16.255.254
172.16.255.254
1
1
4
4
4
4
4
4
4
2
3
3
3
2
2
2
3
2
2
2
2
2
1:1
1:1
1:1
1:1
1:1
1:1
1:1
1:1
1:1
1:1
1:1
1:1
1:1
1:1
1:1
1:1
1:1
1:1
1:1
1:1
1:1
1:1
DIRECT
DIRECT
DIRECT
DIRECT
DIRECT
DIRECT
DIRECT
DIRECT
DIRECT
DIRECT
DIRECT
DIRECT
DIRECT
DIRECT
DIRECT
DIRECT
DIRECT
DIRECT
DIRECT
DIRECT
DIRECT
DIRECT
Because the filtered information in the table still exceeds the more command’s default of
22 lines, the More? prompt appears at the bottom of the screen.
Page 4-43
UI Table Filtering (Using Search and Filter Commands)
3. In order to further refine your results, you can now combine the Search and Filter
commands. In this example, you will search for IP addresses beginning 198.206.2. To do
this, enter / at the Filter mode’s More? prompt, followed by the specified text pattern:
/198.206.2
Press <Enter>. A screen similar to the following is displayed:
Filtering and Searching ...
198.206.200.0 255.255.255.0
198.206.201.0 255.255.255.0
198.206.202.0 255.255.255.0
198.206.203.0 255.255.255.0
/Networking/IP %
172.16.255.254
172.16.255.254
172.16.255.254
172.16.255.254
2
2
2
2
1:1
1:1
1:1
1:1
DIRECT
DIRECT
DIRECT
DIRECT
Note that the IP address, 198.206.200.0, now appears at the top of the screen, followed by
any remaining lines in the table. (In this case, the last line of the ipr table contains information for IP address 198.206.203.0, as shown).
Using Wildcards with Search and Filter Commands
Wildcards allow users to substitute symbols (* or ?) for text patterns while using the Search
and Filter commands.
Any number of wildcards can be used within a single search string. In addition, multiple character (*) and single character (?) wildcards can be combined within a single search string.
Wildcard Command Options
Multiple Characters
An asterisk (*) is used as a wildcard for multiple characters in a text pattern. For example, the
Filter pattern
/*.img
will filter out all lines from the UI table except those containing any text followed by .img.
This wildcard can also be used within a specific text pattern. For example, the Filter pattern
/1*6
will filter out all lines from the UI table except those containing 1, followed by any number of
characters, then 6. For example:
1:3/6
or
33:3/1
or
16.
Page 4-44
Virtual port (#66)
UI Table Filtering (Using Search and Filter Commands)
Single Characters
A question mark (?) is used as a wildcard for a single character in a text pattern. For example, the Search pattern
f/127.?.0.1
will locate the first line in a UI table containing 127. followed by any single character, and
then the remaining text pattern .0.1. For example:
127.0.0.1.
♦ Note ♦
If you use a wildcard at the Search command and the
resulting page still exceeds the maximum number of
table entries designated by the more command, you can
renew the search, starting from the next line containing the text pattern. Do this by typing n at the More?
prompt. Note that you can renew a search only while
in Search and Search/Filter modes.
Page 4-45
UI Table Filtering (Using Search and Filter Commands)
Page 4-46
5
Installing Switch Software
User Interface software comes pre-loaded on your MPX. You do not have to reload unless you
are upgrading, backing up, or reloading due to file corruption.
There are different methods for loading software into your switch. The method you use
depends on your hardware configuration and the condition of the switch. These methods are:
• FTP Server - The Omni Switch/Router has a built-in FTP server. If you have FTP client software, you can FTP to the switch and load new software.
• FTP Client - The Omni Switch/Router can also be an FTP client. You can use this by
connecting a terminal to the switch and using the set of FTP commands in the User Interface. You can also do this through a telnet session.
• ZMODEM - You can load software directly through the serial port with any terminal emulator that supports the ZMODEM protocol. You can do this using the file commands in the
User Interface or through the boot line prompt. Note that a ZMODEM transfer of larger files
can take several minutes to complete.
Do Not Mix Software Versions
When loading software, ensure that the versions of software for all the modules are from the
same release. Mixing earlier versions of software with current versions can cause the switch to
reset or hang.
File Transfer/Corruption Problems
If at anytime, a file transfer fails, a fragment of the file may be left on your system. This
remaining file is corrupted. You should delete the file fragment and reload the file before
continuing. If the MPX image file (mpx.img) is corrupted, you will receive a message during
the boot sequence requesting you to delete the file. You should delete the file and reload it
using ZMODEM through the boot line prompt. See Using ZMODEM With the Boot Line Prompt
on page 5-5 for information on loading through the boot prompt.
Page 5-1
Using FTP Server
Using FTP Server
The Omni Switch/Router is an FTP server. Using any compatible FTP client software you can
load software to and from the switch. Consult the manual that came with your FTP client software package. The following are general instructions on how to FTP to the switch.
1. You will need to configure the IP address in the switch. If you have not done this, refer to
the Getting Started Guide that came with your switch.
2. Use your FTP client software just as you would with any FTP server. When you connect to
the switch you will be able to see the files contained in the flash directory. It is the only
directory in the switch.
3. Note that because of the organization of files in the switch, any time a file is deleted, the
flash memory is compacted. Depending on the number of files in the switch and where
they are located in memory, this compaction can take anywhere from a few seconds to a
couple of minutes.
4. When you transfer a file to the switch and one of the same name exists, the old file must
first be deleted. You first delete the old file, then the compaction takes place, and then
you can transfer the new file. When you begin your transfer, you may not see anything
happening for approximately 2 minutes due the file compaction procedure. After compaction, the file will be transferred.
Page 5-2
Using FTP Client
Using FTP Client
The User Interface contains several FTP commands. Using these commands is similar to using
FTP on a UNIX system. Follow the steps below to start the FTP Client.
1. Log on to the switch and type ftp. For instructions on logging into the switch see the
Getting Started Guide that came with your switch.
2. The system will prompt for a host. It saves the last host name or IP address used. If it’s the
one you want, press <Enter> or enter the new address.
3. The system will prompt for a user name. It saves the last user name. If it’s the one you
want, press <Enter> or enter the new user name.
4. The system will prompt for a password. Enter your password.
5. After logging onto the system you will receive the ftp> prompt. Type a question mark (?)
to review the ftp commands. These commands are described in Chapter 7, “Managing
Files.” The following screen displays:
Supported commands:
ascii
binary
bye
dir
get
help
put
pwd
quit
lpwd
cd
hash
remotehelp
delete
ls
user
ascii
Set transfer type to ASCII (7-bit).
binary
Set transfer type to binary (8-bit).
bye
Close gracefully.
cd
Change to a new directory on the remote machine.
delete
Delete a file on the remote machine.
dir
Obtain a long listing on the remote machine.
get
Retrieve a file from the remote machine.
hash
Print the hash symbol (#) for every block of data transferred. This
command toggles hash enabling and disabling.
ls
Summary listing of the current directory on the remote host.
put
Send a file to the remote machine.
pwd
Display the current (present) working directory on the remote host.
quit
Close gracefully.
remotehelp
List the commands that the remote FTP server supports.
user
Send new user information.
lpwd
Display the current (present) working directory on the local host.
?
Summarize this list.
If you lose communications while running ftp, you may receive the following message:
Waiting for reply (Hit ^C to abort)...........
6. You may press <cntl-c> to abort the ftp or wait until the communication failure is resolved
and the ftp transfer will continue. Note that Sun OS systems lose echo when you use the
cntl-c key combination.
Page 5-3
Using ZMODEM
Using ZMODEM
Normally you use FTP to transfer files to and from the switch. It is faster than using the serial
port. A ZMODEM transfer can take several minutes. There are generally two situations which
would require you to use the serial port to load software:
• You do not have access to an FTP client or server program. If the switch is up and
running, you can use the File commands to load software.
• You have deleted the image software files in the switch. If you are in this situation, the
only way to load software is using ZMODEM with the boot line prompt.
To use ZMODEM, you must have a terminal emulator that supports the ZMODEM protocol.
There are many packages on the market and they operate differently; therefore instructions
on how to use them are beyond the scope of this document. Consult the user manual which
came with your terminal emulation software.
Before doing a serial port transfer, you should set the baud rate to the highest possible
(however, it is not recommended that you run it at 38.4 Kbps). Running at 19200 is twice as
fast as 9600. To set the baud rate, use the ser command. For more information on the ser
command, see Chapter 6, “Configuring Management Processor Modules.”
Note
If a file you are transferring already exists in the
switch’s flash memory, you must remove the file before
transferring the new file via ZMODEM.
Using ZMODEM with the load Command
If your switch is up and running, log on to the switch. Type ls to list the files in flash
memory. If the file you are going to transfer exists, you must delete it first with the rm
command.
From the File menu, type ? to list the file commands. The command you use to start the
ZMODEM process is load. The load command does not support speeds greater than 19,200
bauds.
/File % load
The Console (DCE) port is currently running at 19200 baud
Type ‘y’ to start ZMODEM download, ‘q’ to quit (y) : y
Upload directory: /flash
ZMODEM ready to receive file, please start upload (or send 5 CTRL-X’s to abort).
**B0100000023be50
Activate the ZMODEM transfer according to the instructions that came with your terminal
emulation software. When the transfer is completed use ls again to list the file or files you
have loaded.
Page 5-4
Using ZMODEM
Using ZMODEM With the Boot Line Prompt
If you encounter the situation where you have deleted some or all of the files in your switch,
you may need to load files through the boot line prompt. This load procedure is done before
the switch has booted. If there is no software available in the switch, then it cannot boot until
you reload the software.
Using ZMODEM with the boot prompt is similar to using it with the load command. This
section covers only specific step-by-step instructions to load a file using ZMODEM at the
[boot]: prompt. Before doing this you may want to familiarize yourself with the boot line
commands. See Appendix A, “Boot Line Prompt,” for more information.
♦ Important Note ♦
Loading software through the boot prompt should only
be done when the switch is off line and not being used
for normal network traffic.
Set Up the Correct Baud Rate
1. Connect a terminal to the console port. The terminal must be set to the last values set in
the switch before it was powered down. For example if you were running at 19200,8,n,1,
you must set your terminal to these values.
Note
If you have deleted or lost your configuration file
(mpm.cfg), the console port values will revert back to
the factory settings which are 9600,8,n,1.
If you are not sure what baud rate your switch is running, try the last known value. If
your terminal displays garbage, keep changing the baud rate on your terminal emulator
until you see normal ASCII characters.
2. If the switch is on, switch it off for a few seconds, then back on. You should see the boot
start up on your screen. You will see the following:
System Boot
Press any key to stop auto-boot...
2
The number 2 shown above counts down to 0. To stop the boot, you must press a key
before the number counts down to 0. If you miss this, simply turn the switch off for a few
seconds, then back on to restart the process. Note that if there is no software in the switch
it will not be able to boot and will eventually end up at the [boot] prompt anyway.
Page 5-5
Using ZMODEM
The [boot] Prompt
The [boot] prompt has its own set of commands that are built into the switch. You do not
need to have files or software loaded to use this set of commands. You can perform many of
the functions that the MPX software does; however, the purpose of these commands are to
reload software in order to get the switch up and running.
To see a list of the boot commands, type ? at the [boot]: prompt. The following screen
displays:
[Boot]: ?
?
- print this list
Q
- boot (load and go)
p
- print boot params
c
- change boot params
l
- load boot file
g adrs
- go to adrs
d adrs [,n]
- display memory
m adrs
- modify memory
f adrs, nbytes, value
- fill memory
t adrs, adrs, nbytes
- copy memory
e
- print fatal exception
n netif
- print network interface device address
L
- list ffs files
P
- Purge system: remove ALL ffs files
R file [files]
- remove ffs file(s)
S
- save boot configuration
V
- display bootstrap version
$dev(0,procnum)host:/file h=# e=# b=# g=# u=usr [pwr=passwd] f=#
tn=targetname s=script o=other
Boot flags:
0x02 - load local system symbols
0x04 - don’t autoboot
0x08 - quick autoboot (no countdown)
0x20 - disable login security
0x40 - use bootp to get boot parameters
0x80 - use tftp to get boot image
0x100 - use proxy arp
0x1000 - factory reset
available boot devices: sl ffs zm
[Boot:]
Note that these commands are all case sensitive.
Type L to lists the files in flash memory. This will help you determine what files may be missing. If the file you are going to transfer exists, you must delete it first with the R command.
You may want to purge memory and reload all the files. To purge the flash memory, type in
the P command.
Warning
After using the P command, there will be no files in
flash and you will have to reload them all with
ZMODEM.
Page 5-6
Using ZMODEM
Starting a ZMODEM Transfer at the [boot] Prompt
1. Type c to change boot parameters. You will be changing the boot device to zm. This will
tell the system to load files from a ZMODEM connection instead of flash memory.
[Boot]: c
‘.’ = clear field; ‘-’ = go to previous field; ^D = quit
Boot device : zm
2. Type zm at this prompt. You will be prompted for more parameters. Just hit <Enter> to
accept the defaults.
Boot file : /flash/mpx.img
Local SLIP adr :
Startup script: /flash/mpx.cmd
Console params : 9600,n8lc
Modem params : 9600,n8l
Boot flags :0xb
Other: dvip:no_name, 198.206.183.253, 255.255.255.0, 198.206.183.255;
[Boot]:
3. When you complete the command, the system will return to the [Boot]: prompt. Type in
the “at” command (@ ) to load the boot parameters.
[Boot]: @
Boot device : zm
Boot file : /flash/mpx.img
Startup script: /flash/mpx.cmd
Console params : 9600,n8lc
Modem params : 9600,n8l
Boot flags :0xb
Other: dvip:no_name, 198.206.183.253, 255.255.255.0, 198.206.183.255;
Attaching network interface lo0... done.
Disk load or Boot load (D/B/Q)? -> d
4. At the Disk load or Boot load {D/B/Q}? -> prompt, type in d to tell the system to load from a
disk. The system is prepared to accept a ZMODEM transfer, and displays the following:
Upload directory: /flash
ZMODEM ready to receive file, please start upload (or send 5 CTRL-X’s to abort).
**B0100000023be50
5. Activate the ZMODEM transfer according to the instructions that came with your terminal
emulation software.
6. When the transfer is completed use L (case sensitive) to list the files you have loaded.
7. Repeat this procedure for every file that you want to load.
Page 5-7
Using ZMODEM
Page 5-8
6
Configuring Management
Processor Modules
The management processor module (MPX on the Omni Switch/Router) coordinates control of
the Omni Switch/Router by providing access to the User Interface (UI) software, maintaining
user configuration information, downloading switching module software, managing basic
bridge functions, maintaining basic routing functions, and managing the SNMP management
agent. Switching modules are dependent on the MPX for downloading software and for
receiving initialization and configuration information. In addition, the Network Management
System (NMS) depends on the MPX to send and receive SNMP messages for managing the
switch.
♦ Important Note ♦
All of the UI commands described in this chapter also
work with the Omni Switch/Router MPX.
The Omni Switch/Router also support two MPXs with one acting as the primary and with one
acting as the secondary. If the primary MPX fails, the secondary MPX can take over automatically. Operating with redundant MPXs can also help avoid network downtime.
♦ Note ♦
When you have two MPXs in one chassis, they must be
installed in slots 1 and 2, and only one will be active.
The primary MPX executes all the commands and, when needed, sends requests to the
secondary MPX. The secondary MPX continuously monitors the primary MPX. For more information on MPXs, see Chapter 2, “The Omni Switch/Router MPX.”
The UI provides commands to configure the serial port, to configure the Ethernet management port, and a set of commands to monitor and configure primary and secondary MPXs.
These commands are described in the pages that follow.
Page 6-1
Changing Serial Port Communication Parameters
Changing Serial Port Communication Parameters
The serial communications parameters for the two MPX ports are set by default to the following:
•
•
•
•
9600 bits per second (bps)
8 data bits
1 stop bit
no parity
To change the serial port configuration parameters, follow the steps below:
1. Log into the switch. For instructions on logging in, see your Getting Started Guide.
2. At the system prompt, type ser.
3. You will see the following message:
Port to configure? {(C)onsole,(M)odem} (Console) :
Press C if you want to configure the console port (female, DCE) parameters, or type M to
configure the modem port (male, DTE) parameters. The default is the Console Port (C).
4. The current port values are shown, followed by a prompt to change the speed value.
Current Console (DCE) configuration:
9600 bps, 8 data bits, None parity, 1 stop bit, running Console (shell)
Speed (9600):
Enter the speed (in bits per second) at which you want the port to operate, or simply
press <Enter> to accept the default in parentheses. Valid values are 1200, 9600, 19200, and
38400 bps.
5. The following prompt displays:
Data size {7/8} bits (8) :
Enter the data size in bits (7 or 8). The default is 8. Press <Enter> to accept the default in
parentheses.
6. The following prompt displays:
Parity { (N)one/(E)ven/(O)dd } (None) :
Enter the parity (none, even, odd) and press <Enter>. The default is None.
7. The following prompt displays:
Stop bits {0/1/2} (1):
Enter the number of stop bits (0, 1, or 2) and press <Enter>. The default is 1.
8. The following prompt displays:
Mode {(D)own,(C)onsole,(A)uxConsole,(S)LIP} (C) :
Page 6-2
Changing Serial Port Communication Parameters
Enter the port mode and press <Enter>. This option defaults to console for a console
connection and down for a modem connection. You can also configure the port for SLIP.
If you are configuring the modem port, you should plan the mode configuration carefully. See Configuring the Modem Port on page 6-3 for further information.
♦ Important Note ♦
You cannot configure the console port as an auxiliary
port (AuxConsole).
9. The following prompt displays:
Set (and save) these settings {(S)ave/(Q)uit) (Save) :
Enter save to accept the parameters you entered and exit, or enter quit to exit this
command without saving your changes.
Changing Port Speed When Communication With The Switch Lost
When you cannot communicate with the switch, there is an alternative method you can use to
toggle through the various serial port speed options. The port defaults to 9600 bps. But if you
send a Break signal (by pressing the BREAK key), the port speed will change to the next
higher speed. When it reaches the highest speed (38400 bps), it toggles back to the lowest
speed (1200 bps). You cycle through the port speeds in the following order: 9600–19200––
38400–1200.
♦ Note ♦
On the MPX you must remove the default baud rate
shunt (E1), which fixes the baud rate at 9600 bps,
before you can change the baud rate. This shunt is
located near the front end of the circuit board, just to
the right of the Ethernet management port.
Configuring the Modem Port
If you plan to use the modem port as your main connection to User Interface software, then
you need to make sure its mode and jumper settings are configured correctly.
Modem Port Mode
The ser command allows you to configure an active modem port to SLIP, console, or auxiliary console mode. When using a modem, it is recommended that you configure the two
ports as follows:
modem port mode=SLIP
console port mode=console
This configuration allows you to use the modem port to access User Interface software
through a SLIP connection. The console port is used as an optional way to access software.
♦ Please Note ♦
You need Release 3.2 or above to use the modem and
console ports simultaneously.
Another valid configuration is as follows:
modem port mode=console
console port mode=down
Page 6-3
Changing Serial Port Communication Parameters
This configuration does not allow you to use the console port as an optional access method
since it is configured down. Using a cross-over cable, you could access the modem port
through an attached PC. If you could not use the modem port for some reason, you would
have to reboot the switch to get back, or—if the cable connection were the problem—use a
cross-over cable to connect through a PC.
A third valid configuration that keeps both ports active is:
modem port mode=console
console port mode=SLIP
This configuration allow you to use the modem port regularly and use a SLIP connection to
access switch software through the console port.
A fourth valid configuration that keeps both ports active is:
modem port mode=auxiliary
console port mode=console
This configuration allow you to use the console and modem ports simultaneously to access
switch software.
Configuring SLIP
To configure SLIP, enter the slipc command. If you enter the command and SLIP is not running
on any ports, the system displays the following message:
Current SLIP configuration
SLIP not running on any ports, do you want to configure it?
Yes, No {Y/N} (Y) :
Enter y to display current information. Enter n to skip the display. To configure the required
SLIP parameters, complete the following steps:
1. Type slipc at the prompt and press <Return>.
2. Enter a valid IP address.
3. Enter a valid remote IP address.
You can use the ping command to validate the connection’s integrity.
Page 6-4
Configuring the Ethernet Management Port
Configuring the Ethernet Management Port
To configure the Ethernet management port, you use the ethernetc command. To use this
command, enter
ethernetc
at the system prompt. A screen similar to the following will be displayed.
Ethernet Port Configuration
1) Port Admin status UP
2) IP Address
3) Subnet Mask
4) Bcast Address
5) Gateway Address
6) Remote Host Address
7) RIP Mode
: Yes
: 198.206.184.175
: 255.255.255.0
: 198.206.184.255
: 198.206.184.254
: UNSET
: Inactive
Command {Item=Value/?/Help/Quit/Redraw/Save} (Redraw) :
The question mark option (?) and the Help option provide reference and instructional information on using this command. The Redraw option refreshes the screen.
You make changes by entering the line number for the option you want to change, an equal
sign (=), and then the value for the new parameter. When you are done entering all new
values, type save at the colon prompt (:) and all new parameters will be saved. If you do not
want to save the changes enter quit or Ctrl-D.
♦ Important Note ♦
On some revisions of the MPX, you must configure the
Ethernet management port with the boot prompt before
you can use the ethernetc command. See Appendix A,
“The Boot Prompt,” for more information on configuring the Ethernet management port with the boot
prompt.
The configurable options displayed by the ethernetc command are described below.
1) Port Admin status UP
Enter 1=Yes (the default) to enable the Ethernet management port or 1=No to disable it.
Page 6-5
Configuring the Ethernet Management Port
2) IP Address
Enter an IP address for the Ethernet management port in dotted decimal or hexadecimal notation (the default is 192.168.11.1). For example, to change the Ethernet management port’s IP
address to 198.206.184.170, enter
2=198.206.184.170
at the prompt.
♦ Note ♦
This IP address must not be on the same subnet as any
other IP router on the switch.
3) Subnet Mask
Enter an IP subnet mask in dotted decimal or hexadecimal notation (the default is
255.255.255.0). If no mask is provided, the switch will try to determine the mask using Internet Control Message Protocol (ICMP) requests. For example, to change the subnet mask to
255.255.255.254, enter
3=255.255.255.254
at the prompt.
4) Bcast Address
The default broadcast address is automatically derived from the default VLAN IP address class
(the default is 192.255.255.255). You can enter a new address in dotted decimal or hexadecimal notation. For example, to change the broadcast address to 198.206.184.255, enter
4=198.206.184.255
at the prompt.
5) Gateway Address
You can enter an IP address for the first hop router to a remote host (if the host is on a different IP net) in dotted decimal or hexadecimal notation. The default is 192.168.1.1. For example, to change this address to 198.206.184.170, enter
5=198.206.184.170
at the prompt.
6) Remote Host Address
You can enter an IP address for a a remote host (if the host is on a different IP net) in dotted
decimal or hexadecimal notation. The default is 192.168.1.1. For example, to change this
address to 198.206.184.170, enter
5=198.206.184.170
at the prompt.
7) RIP Mode
This parameter is an informational field, which shows that the RIP mode is inactive. You
cannot modify this parameter.
Page 6-6
Ethernet Management Ports and Redundant Management Processor Modules
Ethernet Management Ports and Redundant
Management Processor Modules
If redundant MPXs both have Ethernet management ports (EMPs), both EMPs in the switch will
have the same IP address if automatic file synchronization is enabled. If both EMPs are
plugged into the same subnet, the UI will show that there are duplicate IP addresses on the
network.
To get around this duplicate IP address problem, you must disable automatic file synchronization and then you must configure different IP addresses for the two EMPs. To do this, perform
the following steps:
1. On the primary management module, enter
syncctl
at the system prompt. (See Setting Automatic Config Synchronization on page 6-15 for
more information on the syncctl command.)
2. If automatic file synchronization is already disabled, simply press <Enter>. If it is enabled,
enter disable at the prompt.
3. Enter
ethernetc
at the prompt. (See Configuring the Ethernet Management Port on page 6-5 for more
information on the ethernetc command.)
4. Enter 2= followed by the IP address for the EMP on the primary management module.
5. Enter
save
at the prompt to save the IP address.
6. Enter
renounce
at the prompt to make the primary management module the secondary module and the
secondary module primary.
7. Log into the now primary management module.
8. On the now primary management module, enter
syncctl
at the system prompt.
9. If automatic file synchronization is already disabled, simply press <Enter>. If it is enabled,
enter disable at the prompt.
10. Enter
ethernetc
at the prompt.
11. Enter 2= followed by the IP address for the EMP on the management module.
Page 6-7
Ethernet Management Ports and Redundant Management Processor Modules
12. Enter
save
at the prompt to save the IP address.
13. Enter
renounce
at the prompt to make the management module that was originally the primary one
primary again.
Page 6-8
The MPM Command/Menu
The MPM Command/Menu
The mpm command has two functions: displaying the MPX redundancy configuration and
entering the mpm menu. Displaying the MPX redundancy is described below and the mpm
menu is described in MPM Menu Commands on page 6-9.
Displaying MPX Redundancy
You can display the number of MPXs, their location in the switch, and the MPX redundancy
configuration of the switch by entering
mpm
at the system prompt. The following is a typical example of the message that displays when
you enter mpm for a switch without a redundant MPX.
Currently this slot 1 holds the Primary MPM; there is no secondary MPM.
The following is a typical example of the message that displays when you enter mpm for a
switch with redundant MPXs on the primary MPX.
Currently this slot 1 holds the Primary MPM and slot 2 holds the secondary.
The following is a typical example of the message that displays when you enter mpm for a
switch with redundant MPXs on the secondary MPX.
Currently slot 1 holds the Primary MPM; this slot 2, holds the secondary MPM.
MPM Menu Commands
The mpm command also takes you to the mpm menu which contains the commands needed
to configure single and redundant MPXs. With a serial or modem connection, you can
communicate with either the primary or secondary MPX by connecting to the respective RS232
connectors. With a telnet connection, however, you can only communicate with the primary
MPX.
Type a ? to list the mpm commands. One set of commands will be displayed if you are
connected to the primary MPX and another command will be displayed if you are connected
to the secondary MPX. If you are connected to the primary MPX, you will see the following.
Command
sls
mpmstore
mpmreplace
mpmload
mpmrm
renounce
nisuf
syncctl
configsync
imgsync
secreset
swap
Redundancy Menu
List the contents of the Secondary /flash and /simm directories
Store file to Secondary /flash or /simm directory
Replace file on Secondary /flash or /simm directory
Load file from Secondary MPM
Remove file from Secondary MPM
Give up control to Secondary
Set load suffix for NI image files
Enable/Disable synchronization of configuration data
Synchronize configuration data
Synchronize Image (Executable) files
Reset Secondary MPM
Change swap status of chassis
Page 6-9
The MPM Command/Menu
All of the mpm menu commands, except for the nisuf and swap commands, function only if
you have redundant MPXs. If you are connected to the secondary MPX, type a ? to list the
mpm commands shown below.
Command
mpmget
takeover
Redundancy Menu
Get file from Primary MPM
Become Primary
All of the mpm commands are described in the sections that follow.
Using MPM Commands with Software Release 3.2 and Later
In Release 3.2 and later, the commands in the mpm menu support the use of more than one
flash directory. Since more than one flash directory can exist, you must indicate which flash
directory you want to use when you access a secondary MPX from a primary MPX and when
you access a primary MPX from a secondary MPX. All of these commands begin with the
prefix mpm and are listed below.
mpmstore
mpmreplace
mpmload
mpmrm
mpmget
To indicate which flash directory you want to use, enter a slash (/), the name of the directory, and another slash (/) before the file name in all commands that begin with the prefix
mpm. For example, to transfer the asm.img file from the /simm directory on the secondary MPX
to the primary MPX when you have logged into the secondary MPX, enter
mpmget /simm/asm.img
at the system prompt.
♦ Important Note ♦
In the current release, you must indicate the name of
the flash directory in commands that begin with the
prefix mpm even if you have just one flash directory on
both MPXs.
Page 6-10
Listing the Secondary MPX Files
Listing the Secondary MPX Files
The sls command lists the files in the secondary MPX module. This is similar to the ls
command; however, it lists files in the secondary MPX. To list files in the secondary MPX,
enter
sls
at the system prompt. The following is a typical example.
/flash/esm.img
/flash/mesm.img
/flash/mpm.img
/flash/rav.img
/flash/mpm.cnf
/flash/mpm.log
/flash/mpm.cfg
/flash/mpm.cmd
/flash/gated.img
27204
27561
1790889
83588
32768
18072
32768
32
547041
7/14/99
7/14/99
7/14/99
7/14/9
1/ 1/70
7/30/99
7/30/99
1/ 1/70
8/27/9
11:39
11:39
11:39
11:39
00:00
13:51
14:40
00:00
16:01
/flash has
1071449 bytes free.
/simm Not present.
The sls command lists every file in the secondary MPX’s flash memory followed by its size (in
bytes), creation date, and creation time. The three-letter file name suffix indicates the type of
file which includes configuration (cnf and cfg), command (cmd), and image (img). The image
file suffix can be changed for both the primary and secondary MPXs with the nisuf command,
which is described in Setting the Load Suffix on page 6-14.
Transferring a File to the Secondary MPX
The mpmstore command transfers a file in the flash memory of the primary MPX to the flash
memory of the secondary MPX. To use this command, enter mpmstore, followed by a space, a
slash (/), the name of the flash directory, another slash (/), and the name of the file you want
to transfer.
For example, to transfer the file mpm.log from the /flash directory on the primary MPX to the
secondary MPX, for example, you would enter
mpmstore /flash/mpm.log
at the system prompt. The following will be displayed.
Transferring...
If the file already exists on the target MPX, something similar to the following message will be
displayed.
File mpm.log exists on slot 2
Use the mpmreplace command, which is described in Replacing a File on the Secondary MPX
on page 6-12, to replace a file that already exists.
Page 6-11
Replacing a File on the Secondary MPX
Replacing a File on the Secondary MPX
The mpmreplace command replaces a file on the secondary MPX. It works like a combination
of mpmrm, which is described in Removing a File from the Secondary MPX on page 6-13, and
mpmstore, which is described in Transferring a File to the Secondary MPX on page 6-11. To
use this command, enter mpmreplace, followed by a space, a slash (/), the name of the flash
directory, another slash (/), and the name of the file you want to replace.
For example, to replace the file mpm.log on the secondary MPX with the file mpm.log from the
/flash directory on the primary MPX, for example, you would enter
mpmreplace /flash/mpm.log
at the system prompt. The following will be displayed.
Deleting.
Transferring
If the file already exists on the target MPX and it is identical to the one you are transferring,
something similar to the following message.
File mpm.log is identical on Primary and Secondary 2
If the files are identical, the mpmreplace command will terminate and the file will not be
replaced.
Loading a File from the Secondary MPX
The mpmload command loads a file from the flash memory of the secondary MPX into the
flash memory of the primary MPX. To use this command, enter mpmload, followed by a space,
a slash (/), the name of the flash directory, another slash (/), and the name of the file you
want to load.
For example, to load the file mpm.log from the /flash directory on the secondary MPX into the
primary MPX, for example, you would enter
mpmload /flash/mpm.log
at the system prompt.
Page 6-12
Removing a File from the Secondary MPX
Removing a File from the Secondary MPX
The mpmrm command removes (deletes) a file from the flash memory of the secondary MPX.
To use this command, enter mpmrm, followed by a space, a slash (/), the name of the flash
directory, another slash (/), and the name of the file you want to remove.
♦ Note ♦
You can only remove a single file with the mpmrm
command. You cannot use wildcards to remove multiple files.
For example, to remove the file mpm.log from the /flash directory on the secondary MPX in
slot 2, for example, you would enter
mpmrm /flash/mpm.log
at the system prompt. Something similar to the following will be displayed.
Checking for /flash/mpm.log on slot 2
After a brief moment, the file will be deleted from the secondary MPX and something similar
to the following will be displayed.
Deleting /flash/mpm.log on slot 2 . Done.
♦ Warning ♦
You cannot recover a file once it has been deleted with
the mpmrm command.
Page 6-13
Giving Up Control to the Secondary MPX
Giving Up Control to the Secondary MPX
The renounce command tells the primary MPX to give up control and become the secondary
MPX. It does this by issuing a request to the secondary MPX to take control. You must be
logged into the primary MPX to use this command. If you are logged into the secondary MPX,
use the takeover command, which is described in Gaining Control from the Primary MPX on
page 6-18.
♦ Warning ♦
The renounce command should only be used during
network down times since it could cause network interruptions.
To transfer control from primary MPX to the secondary MPX, enter
renounce
at the system prompt. The following prompt will display.
Confirm? (n):
Press y to transfer control to the secondary MPX or press n to cancel the command (the
default is n). If you enter y, the switch will reset after displaying the following message.
System going down immediately...
The switch will reboot and the original secondary MPX will be the primary once the switch
comes back up.
Setting the Load Suffix
The nisuf command sets the load suffix for the switch’s executable image files. (The factory
default suffix is img.)
♦ Warning ♦
The nisuf command should only be used when it is
necessary to have two versions of the software on the
switch at the same time and the user is directly
connected to the console for reboot.
You can change it by typing the nisuf command followed by the new suffix. For example, to
change the load suffix from img to bin, enter
nisuf bin
at the system prompt. The following message will then be displayed.
Changing load suffix from img to bin
You should create or load new image files with the new suffix as soon as possible because
the switch will not recognize the files with the old suffix as image files. See Chapter 5,
“Installing Switch Software,” and Chapter 7, “Managing Files,” for information on loading and
creating files.
Page 6-14
Setting Automatic Config Synchronization
Setting Automatic Config Synchronization
The syncctl command sets the automatic configuration synchronization to Enabled or
Disabled. If it is Enabled, then the MPX primary/secondary pair will continue to maintain
synchronization automatically. This means that when the configuration file (mpm.cfg) is
updated in the primary MPX, it will automatically be updated in the secondary MPX, keeping
the two MPXs in sync.
Enabling Automatic Config Synchronization
To enable synchronization between the primary and secondary MPXs, enter
syncctl
at the system prompt. The following prompt will then be displayed if synchronization is not
enabled.
Desired state (enable):
Press <Enter> to enable synchronization or enter disable to cancel. If you enabled synchronization, the following will be displayed.
Configuration synchronization is now Enabled
Note that automatic configuration synchronization is disabled unless all image (img) and
Programmable Gate Array (PGA) files in the switch are synchronized first. See Synchronizing
Image Files on page 6-16 for information on the imgsync command, which synchronizes
image and PGA files.
The interval between updates is 5 minutes. The primary MPX will copy any changes to the
secondary MPX after 5 minutes have elapsed since the last update.
Disabling Automatic Config Synchronization
To disable synchronization between the primary and secondary MPXs, enter
syncctl
at the system prompt. The following prompt will then be displayed if synchronization is
enabled.
Desired state (disable):
Press <Enter> to disable synchronization or enter enable to cancel. If you disabled synchronization, the following will be displayed.
Configuration synchronization is now Disabled
If automatic config synchronization is Disabled, the configuration file in the secondary MPX
will be unaffected if you change the configuration file in the primary MPX.
Page 6-15
Synchronizing Configuration Data
Synchronizing Configuration Data
The configsync command copies the configuration files (mpm.cnf and mpm.cfg) in the primary
MPX to the secondary MPX. You can run this command whether or not automatic config
synchronization is on. For example, to copy the configuration file from the primary MPX to
the secondary MPX, you would enter
configsync
at the system prompt. Something similar to the following will be displayed.
Syncing Config file
Config files are currently synchronized.
See Setting Automatic Config Synchronization on page 6-15 for information on setting automatic config synchronization.
Synchronizing Image Files
The imgsync command copies all of the image (executable) files in the primary MPX to the
secondary MPX. When used in conjunction with the configsync command, it ensures that the
two MPXs are running exactly the same versions of software and are in sync (i.e., have the
same configuration). To synchronize all the image files, enter
imgsync
at the system prompt. When you run imgsync you will be asked if you want to synchronize
the cmd file and/or PGA files if they are found to be different.
♦ Note ♦
If any PGA file is being used by a Token Ring module
and you choose to sync the cmd file, then the PGA file
that is in use will be synced even if you do not choose
to synchronize PGA files.
Something similar to the following prompt will be displayed.
Sync cmd file (y) :
Press y to sync the cmd file or press n to skip this file (the default is y). If you have any PGA
files, you will be asked if you want to sync those files. In addition, if the secondary MPX has
any additional image, then the following prompt will be displayed.
Remove Additional images from Secondary (n) :
Press y to remove any extra image on the secondary MPX or press n to keep these files (the
default is n). After you answer all the prompts, something similar to the following will be
displayed.
8 files to be synchronized
1 file to be synchronized
Syncing
Deleting /flash/mpx.cmd..................
Replacing /flash/mpx.cmd.....
Page 6-16
Loading a File From the Primary MPX
Loading a File From the Primary MPX
The mpmget command loads a file from the primary MPX and copies it into the secondary
MPX. This command is only available and can only be run from a secondary MPX. To use this
command, enter mpmget, followed by a space, a slash (/), the name of the flash directory,
another slash (/), and the name of the file you want to transfer.
For example, to load the file mpm.log from the /flash directory on the primary MPX to the
secondary MPX you would enter
mpmget /flash/mpm.log
at the system prompt. After a brief moment, the file will be transferred into the secondary
MPX. The following would then be displayed.
Transferring .. Complete
Page 6-17
Gaining Control from the Primary MPX
Gaining Control from the Primary MPX
The takeover command tells the secondary MPX to take control and become the primary MPX.
It does this by issuing a request to the primary MPX to relinquish control. You must be logged
into the secondary MPX to use this command. If you are logged into the primary MPX, use the
renounce command, which is described in Giving Up Control to the Secondary MPX on page 614.
♦ Warning ♦
The takeover command should only be used during
network down times since it could cause network interruptions.
To transfer control from primary MPX to the secondary MPX, enter
takeover
at the system prompt. The following prompt will display.
Confirm? (n):
Press y to transfer control to the secondary MPX or press n to cancel the command (the
default is n). If you enter y, the switch will reset after displaying the messages similar to the
following.
System going down immediately...
Please standby, chassis configuration changing (Hit ^C to abort).....Taking over
as Primary
...
Alcatel SNMP Agent Operational.
The switch will reboot and the original secondary MPX will be the primary once the switch
comes back up.
Page 6-18
Resetting a Secondary MPX
Resetting a Secondary MPX
The secreset command initiates a soft reset on the secondary MPX. Conceptually, resetting a
secondary MPX with this command is similar to switching off power to the module; the MPX
will be in the same state after a reset as it is after a power on.
To reset a secondary MPX, enter
secreset
at the system prompt. Messages similar to the following will display:
Module 1 changed while Swap OFF
Syncing configuration data with secondary 1 .. complete
♦ Note ♦
To reset a switching module, use the reset command,
which is described in Chapter 36, “Running Hardware
Diagnostics.”
Page 6-19
Displaying and Setting the Swap State
Displaying and Setting the Swap State
The swap command displays or alters the swap state of the chassis. The swap state must be
on in order to hot swap modules. If not, the system may halt or restart. While the swap state
is on, performance may decrease. Therefore, the swap state should only be turned on when
you want to hot swap modules. See Chapter 3, “Omni Switch/Router Switching Modules,” for
instructions on hot swapping a switching module.
Displaying the Swap State
To display the current swap state of the chassis, enter
swap
at the system prompt. If the swap mode is OFF (the default for the switch), something similar
to the following will be displayed.
Swap is OFF, timeout is 5 minutes
usage swap { ON [ minutes ] | OFF [ minutes ] }
If the swap mode is ON, something similar to the following will be displayed.
Swap is ON, expires in 4 minutes
usage swap { ON [ minutes ] | OFF [ minutes ] }
The swap mode must be enabled (ON) to hot swap a switching module. If not, the system
may halt or restart. See the subsection below for instructions on enabling the swap mode.
Enabling the Swap Mode
To turn the swap mode ON, enter
swap on
at the system prompt. (The default for swap mode is 5 minutes). Something similar to the
following will be displayed.
Swap is ON for 5 minutes
When you turn the swap state on, you set a timer which determines how long the system will
remain in swap state. After the timer expires, the system will automatically turn off the swap
state.
If you want to vary the amount of time that the swap mode is enabled, enter swap on
followed by the number of minutes you want the swap mode enabled. You can set the swap
state from 1 to 227,055 minutes. To set the swap mode on for 10 minutes, for example, enter
swap on 10
at the system prompt. The following will then be displayed.
Swap is ON for 10 minutes
Save minutes value {Y/N}? (N) :
Press y and then press <Enter> to save the new value. If you don’t want save, just press
<Enter> and the default value will not change. You can also turn off the swap immediately as
shown in Disabling the Swap Mode on page 6-21.
Page 6-20
Displaying and Setting the Swap State
Disabling the Swap Mode
Normally, the swap mode will timeout and no user intervention is required. However, you
can manually turn the swap mode off. This function is particularly useful since the performance of the switch can be adversely affected if the swap mode is enabled. To turn the swap
mode off immediately, enter
swap off
at the system prompt. The swap mode will be disabled and something similar to the following will be displayed.
Swap is OFF, timeout is 5 minutes
Page 6-21
Displaying and Setting the Swap State
Page 6-22
7
Managing Files
Depending on the model type and configuration, an Alcatel switch has anywhere from 8 or
16 MB of usable flash memory. This memory is used to store files, including executable files
(used to operate switching modules), configuration files, and switch usage log files. Through
the User Interface (UI), you can load, copy, and delete any of these files types. In addition,
the UI has commands for displaying, creating, and editing ASCII (text-based) files.
All commands described in this chapter will work with files located in the /flash directory on
either the primary or secondary MPX. However, these commands work only with the files that
reside on the MPX to which you are connected. See Chapter 6, “Configuring Management
Processor Modules,” for more information on commands for working with redundant MPXs.
UI commands for file maintenance are grouped into two menus: the File menu and System
menu. File menu commands are listed below. For a list of System menu commands, see
System Menu on page 7-13.
File Menu
The File menu contains commands for loading, listing, copying, and deleting individual
switch files. To access the File menu, enter
file
at the UI prompt.
If verbose mode is enabled, the following list of commands will be displayed automatically.
If verbose mode is disabled, press the question mark (?) to display the following list of
commands. (For information on enabling verbose mode, refer to the uic command description in Chapter 4, “The User Interface.”)
Command
--------------load
ftp
pwd
ls
rm
cp
view
edit
imgcl
Main
Interface
File Menu
----------------------------------------------------------------------------------Download system software using the serial interface
Download from an FTP server
Display the current working directory
List the contents of the current working directory (default
working directory is /flash)
Remove a file
Copy a file
View an ASCII file
Edit buffer locally
Remove all image files
File
Security
Summary
System
VLAN
Services
Networking
Help
All commands in the File menu, except for the load and ftp commands, are described in the
following sections. For instructions on using the ftp and load commands, refer to Chapter 5,
“Installing Switch Software.”
♦ Note ♦
If you want to use the rm, cp, imgcl, and the edit submenu commands, you must be logged in as admin or
diag. See Chapter 4, “The User Interface,” for more
information on login accounts.
Page 7-1
Displaying the Current Directory
Displaying the Current Directory
To display the switch’s current directory, enter
pwd
at the system prompt. The working directory will be the /flash memory system and the corresponding directory information will be displayed:
/flash
Configuration and Log File Generation
The mpm.cnf, mpm.cfg, and mpm.log files are generated automatically by the switch and placed
in flash memory during the boot process; you do not have to load them.
♦ Important ♦
If you remove the configuration files (mpm.cnf and
mpm.cfg) from your switch, all of your switch’s nondefault configuration settings will be deleted at the next
boot sequence. Use caution when removing configuration files and be sure to create backup copies if you
want to safeguard your current configuration.
Changing Directories
You can change the working directory with the cd command. For example:
cd test
at the system prompt. To change the working directory back to /flash file system, enter
cd flash
at the system prompt.
Page 7-2
Listing Switch Files
Listing Switch Files
You can use the ls command to list the files in the primary MPX’s flash memory. To use this
command, enter
ls
at the system prompt. A screen similar to the following will be displayed.
mpx.cmd
mpm.log
mpx.img
esx.img
mpm.cfg
mpm.cnf
18
18072
1573617
24289
1024
32768
05/30/98 13:04
06/15/98 17:57
06/18/98 12:16
06/18/98 12:18
01/01/70 00:00
06/18/98 12:27
1858057 bytes free.
The ls command lists all the files in the current working directory of the primary MPX’s flash
memory, followed by its size (in bytes), creation date, and creation time. The three-letter file
extension indicates the type of file. Examples include configuration (cnf and cfg), command
(cmd), image (img), Programmable Gate Array (.pga), etc. The ls command also lists the total
number of bytes of free memory in flash memory.
♦ Note ♦
If you are connected to the primary MPX and you want
to display the files in a secondary MPX, use the sls
command, which is further detailed in Chapter 6,
“Configuring Management Processor Modules.”
Page 7-3
Deleting Switch Files
Deleting Switch Files
You can use the rm command to delete files in the primary MPX’s flash memory. To use this
command, enter rm, followed by the name of the file you want to delete. For example, to
delete the file mpm.log, you would enter
rm mpm.log
at the UI prompt. The following screen will be displayed:
File system compaction in progress...
The switch will take a few seconds to delete the file and compact the flash memory.
♦ Note ♦
If you are connected to the primary MPX and you want
to remove files from a secondary MPX, use the mpmrm
command, which is described in Chapter 6, “Configuring Management Processor Modules.”
Deleting Multiple Files
You can remove multiple files either by entering multiple file names in the command line or
by using wildcards.
When entering multiple file names, be sure to include a space between each file name you
want to delete. For example, to remove both the mpm.cfg and mpm.cnf files, you would enter
the following:
rm mpm.cfg mpm.cnf
Wildcards let you substitute an asterisk (*) for file name text. You can remove all files with
the same extension by entering rm, followed by an asterisk (*), a period (.), and the file
extension. For example, if you want to delete all the files with the log extension, enter
*.old
at the UI prompt. The following message will be displayed:
Remove the following?
/flash/mpm.log.old
/flash/mpm.old
Are you sure you want to remove this? (n)
Press the y key to delete the selected files or press <Enter> to cancel. If you press the y key,
the following will be displayed:
...2 files removed
The switch will take a few seconds to delete the file and compact the flash memory.
♦ Note ♦
If you want to delete all the image files (i.e., files with
the img extension), you can use the imgcl command,
which is described in Deleting All Image Files on page
7-5.
Page 7-4
Deleting Switch Files
Deleting All Image Files
You can use the imgcl command to delete all executable (image) files. The files deleted by
the imgcl command include the MPX boot file (mpx.img), and all executable switching module
files (the factory default is all files ending with the .img extension).
♦ Important ♦
You should only use the imgcl command during
network down times and when you are connected to
the switch through the serial port.
To use this command, enter
imgcl
at the system prompt. A screen similar to the one shown below will be displayed.
Remove the following?
/flash/esx.img
/flash/mpx.img
Are you sure you want to remove them? (n)
Press the y key to delete all the image files or press <Enter> to cancel. If you press the y key,
the switch will spend several minutes deleting the image files.
♦ Note ♦
If you want to delete all files in flash memory, you can
use the newfs command, which is described in Creating a New File System on page 7-15.
After you have deleted all the old image files, you must load new image files using FTP or
ZMODEM so the switch can function. See Chapter 5, “Installing Switch Software,” for instructions on using the ftp and load commands.
Page 7-5
Copying System Files
Copying System Files
You can use the cp command to copy files. This is particularly useful if you want to make
backups of important files. To use this command, enter cp, followed by the name of the original file you want to copy, and then by the name that you wish to give the duplicate file. For
example, to make a duplicate of the file mpx.cmd that is to be called mpx.bak, enter
cp mpx.cmd mpx.bak
at the system prompt. The following information will be displayed:
/flash/mpx.cmd -> /flash/mpx.bak : 100%
Displaying Text Files
You can use the view command to display the contents of ASCII (text-based) files. To use this
command, enter view, followed by the name of the file you want to display. To display the
mpx.cmd file, for example, enter
view mpx.cmd
at the system prompt. A screen similar to the one shown below will be displayed.
cmDoDump=1
cmInit
Note that if you try to view a file with non-ASCII characters, an error message will be
displayed. For example, if you use the view command on the file mpm.cfg, the following error
message will appear:
The file mpm.cfg has non-printable characters, can't view
♦ Note ♦
You can edit text files with the edit sub-menu
commands, which are described in Editing Text Files
on page 7-7.
Page 7-6
Editing Text Files
Editing Text Files
The commands in the Edit sub-menu (also called the Text Buffer or Edit Buffer) are used to
create new text files and to modify existing text files. To enter the edit sub-menu, enter
edit
at the system prompt.
If verbose mode is enabled, the following list of commands will be displayed automatically.
If verbose mode is disabled, press the question mark (?) to display the following list of
commands. (For information on enabling verbose mode, refer to the uic command description in Chapter 4, “The User Interface.”)
Command
--------------ab
cb
db
eb
ib
lb
nb
rb
wb
Main
Interface
Edit Menu
-------------------------------------------------------Append line(s) to the buffer
Clear the buffer
Delete line from the buffer
Edit a buffer line
Insert buffer line
List contents of the buffer
Name file for buffer
Read file into buffer
Write buffer to file
File
Security
Summary
System
VLAN
Services
Networking
Help
The Edit sub-menu commands are outlined in the following sections. You can edit up to 100
lines of text. Each line of text can be up to 97 characters long.
♦ Note ♦
When you edit text files, you will normally use several
of the Edit sub-menu commands to produce the results
you want. SeeReal-World Example 1 on page 7-11 or
Real-World Example 2 on page 7-12 for examples of
how to use multiple commands from the Edit submenu.
Clearing the Text Buffer
You can use the cb command to clear the Edit buffer’s memory so you can create a new text
file. To use the cb command, enter
cb
at the system prompt.
Page 7-7
Editing Text Files
Loading an ASCII File into the Text Buffer
You can use the rb command to load—or read—an existing ASCII file in flash memory to the
Edit buffer’s memory. To use this command, enter rb, followed by the file you wish to edit.
For example, to edit the mpx.cmd file, enter
rb mpx.cmd
at the system prompt.
♦ Loading Binary Files ♦
You can load a binary file into the Edit buffer but you
will not be able to edit it.
Listing the Contents of the Text Buffer
The lb command is used to list the contents of the Edit buffer’s memory. To use this
command, enter
lb
at the system prompt. If there is something in the buffer, the system will display the contents
numbered from the zero. The following display is a typical example:
00: cmDoDump=1
01: cmInit
If there is nothing in the buffer, nothing will be displayed.
Adding Lines of Text to the Text Buffer
You can use the ab command to manually add lines of text to the Edit sub-menu. Note that
the lines you enter are appended at the end of the buffer. For example, if there are 10 lines of
text in the buffer, you will begin entering text at the 11th line. If the buffer is empty, the line
of text you enter will be the first line of text in the buffer.
To add text to the buffer, enter
ab
at the system prompt. A screen similar to the one shown below will be displayed:
02 :
Enter your text and press the <Enter> key to add the text to the buffer. If the buffer is not full,
the system will prompt you to enter another line of text. If the buffer is full (i.e., there are 100
lines in the text buffer), the following message will be displayed.
Buffer Full!
To exit the ab command, type a period (.) and press <Enter>.
Page 7-8
Editing Text Files
Deleting a Line of Text from the Text Buffer
You can use the db command to delete a specific line in the text buffer. To use this
command, enter db, followed by line number of the line of text you want delete, which is
shown by the lb command. For example, to delete the third line of text in the text buffer,
enter
db 3
at the system prompt.
Enter the lb command again to view the contents of the buffer. Note that the text that
appeared at line 3 has been deleted.
Inserting a Line of Text into the Text Buffer
You can use the ib command to insert a line of text between two existing lines in the buffer.
To use this command, enter ib, followed by the number of the line where you want the new
text to appear. For example, if you want to add the text, atm_use_mbus=3, between lines 00
and 01 in the buffer, enter
ib 1
at the system prompt. The following screen will be displayed:
01:
Enter the line of text, atm_use_mbus=3.
At the system prompt, enter the lb command to view the contents of the buffer. If the original text buffer looked like this,
00: cmDoDump=1
01: cmInit
the revised text buffer, with the inserted text, will now appear as follows:
00: cmDoDump=1
01: atm_use_mbus=3
02: cmInit
Editing a Line Name of Text in the Text Buffer
You can use the eb command to edit an existing line of text in the buffer. To use this
command, enter eb, followed by the line number of the text you want to edit. For example, if
you want to edit the text at line 01, enter
eb 1
at the system prompt. The following screen will be displayed:
01:
Enter the text as you want it to appear and press <Enter>.
Enter the lb command again to list the contents of the text buffer. Note that the buffer now
reflects the edited line of text.
Page 7-9
Editing Text Files
Creating a File Name for the Text Buffer
If no file name has been created for the text buffer, the following message is displayed whenever the lb command is executed:
Work buffer is unnamed
Use the nb command to create a name for the text buffer. To use this command, enter nb,
followed by the name you wish to give the text buffer. For example, if you want to name the
buffer mpx.cmd, enter
nb mpx.cmd
at the system prompt. The following screen is displayed, showing the current working directory (/flash), followed by the new name for the text buffer (/mpx.cmd):
Work buffer name is: /flash/mpx.cmd
Creating a Text File from the Text Buffer
The wb command is used to create—or write—a text file from the text buffer. To use this
command, enter wb followed by the name of the output file. For example, if you want to
create the file switch.txt, enter
wb switch.txt
at the system prompt. The following screen is displayed:
Work buffer name is: /flash/switch.txt
Writing Changes to Existing Files
You can also use the wb command to overwrite changes to an existing file. For example, if
you want to overwrite changes to the file mpx.cmd, enter
wb mpx.cmd
at the system prompt. The following screen is displayed:
/flash/mpx.cmd exists in /flash. Overwrite it? (y)
Press <Enter> to create the text file from the text buffer. The computer will take a few seconds
as it overwrites the file, and the following information is displayed:
File system compaction in progress...
At the system prompt, enter the lb command to view the name of the buffer. Note that the
work buffer is now named /flash/mpx.cmd.
Page 7-10
Real-World Examples
Real-World Examples
As noted on page 10-7, when you edit text files, you will normally use several of the Edit submenu commands to produce the results you want. The following two examples, Real-World
Example 1 and Real-World Example 2, are actual multi-command procedures that you may
encounter as you work with your switch.
Real-World Example 1
cp mpx.cmd mpx.bak
rb mpx.cmd
lb
00: cmDoDump=1
01: cmInit
nb mpx.cmd
Work buffer name is: /flash/mpx.cmd
ab
02 :
02 : reg_port_rule=1
03 :
No line 3 inserted
lb
00: cmDoDump=1
01: cmInit
02: reg_port_rule=1
Work buffer name is: /flash/mpx.cmd
wb
/flash/mpx.cmd exists in /flash. Overwrite it? (y)
File system compaction in progress...
view mpx.cmd
cmDoDump=1
cmInit
reg_port_rule=1
Page 7-11
Real-World Examples
Real-World Example 2
cp mpx.cmd mpx.bak
rb mpx.cmd
lb
00: cmDoDump=1
01: cmInit
02: reg_port_rule=1
nb mpx.cmd
Work buffer name is: /flash/mpx.cmd
db 2
lb
00: cmDoDump=1
01: cmInit
ib 1
01 :
01 : rifStripping=1
lb
00: cmDoDump=1
01: rifStripping=1
02: cmInit
Work buffer name is: /flash/mpx.cmd
wb
/flash/mpx.cmd exists in /flash. Overwrite it? (y)
File system compaction in progress...
view mpx.cmd
cmDoDump=1
cmInit
rifStripping=1
Page 7-12
System Menu
System Menu
The System menu contains two commands, fsck and newfs, for checking and deleting all files
in the flash memory. To access the System menu, enter
system
at the UI prompt.
If verbose mode is enabled, the following list of commands will be displayed automatically.
If verbose mode is disabled, press the question mark (?) to display the following list of
commands. (For information on enabling verbose mode, refer to the uic command description in Chapter 4, “The User Interface.”)
Command
--------------info
dt
ser
mpm
slot
systat
taskstat
memstat
fsck
newfs
syscfg
uic
camstat
camcfg
hrex
ver/ter
echo/noecho
chpr
logging
health
cli
saveconfig
cacheconfig
Main
Interface
System Menu
----------------------------------------------------------------------------------Basic info on this system
Set system date and time
View or configure the DTE or DCE port
Configure a Management Processor Module
View Slot Table information
View system stats related to system, power and environment
View task utilization stats
View memory use statistics
Perform a file system check on the flash file system
Erase all file from /flash and create a new file system
Configure info related to this system
UI configuration; change - prompt, timeout, more, verbose.
View CAM info and usage
Configure CAM info and usage
Enter HRE-X management command sub-menu
Enables/disables automatic display of menus on entry (obsolete)
Enable/disable character echo
Change the prompt for the system (obsolete, use ‘uic’ command
View system logs.
Set health parameters or view health statistics
Enter command line interface
Dump the cache configuration content to the mpm.cnf file.
Set the flag to use cache configuration only.
File
Security
Summary
System
VLAN
Services
Networking
Help
Page 7-13
Checking the Flash File System
Checking the Flash File System
The fsck command performs a file system check of flash memory, which consists of the flash
file system. All image files are stored in flash memory and loaded into system memory when
the switch boots up.
The command also provides diagnostic information in the event of file corruption. To perform
a file system check of flash memory, enter
fsck
at the system prompt. A screen similar to the following will be displayed:
Your bootroms support Flash File System Version 2 and greater.
Out of 16 file descriptors in use, 0 of these are opened on the /flash device.
Performing a file system check using manual mode. If a file is encountered
with a potential problem, you may wish to consider preserving it for technical
support analysis...
Flash file system check in progress...
Checking root file system... OK
Performing file consistency check...
Done.
There doesn't appear to be a system problem related to the Flash File
system or kernel file system data structures. If you are experiencing
problems with the flash file system, perhaps try using the "info",
"systat", or "memstat" commands. They may indicate some other condition
(such as low memory) which could prohibit correct operation of the
file system.
If the fsck command detects a problem with the flash file system, a message will be displayed
indicating the problem, along with any steps needed to resolve it.
Each logical file system must be checked independently.
Page 7-14
Creating a New File System
Creating a New File System
The newfs command removes a complete flash file system and all files within it, replacing it
with a new empty flash file system. Use this command when you want to reload all files in
the file system, or in the unlikely event that the flash file system becomes corrupted.
To create a new file system and re-initialize the flash memory, enter
newfs
at the system prompt. The following will be displayed.
You are about to destroy all files on file system /flash. If you
are experiencing problems with the flash file system, you might
want to use the "fsck" command to help determine where problems
may exist.
Are you absolutely sure you want to strip the current file
system and create a new one? (n)
Press <Enter> to cancel, or enter y to create a new file system. If you enter y, you will have to
load new software into the switch.
♦ Warning ♦
Do not power-down the switch after running the newfs
command until you reload your image and configuration files. Otherwise, you will have to reload the image
files at the boot monitor prompt using the serial interface (e.g., ZMODEM), which can take several minutes.
Also, before you execute the newfs command, you
may also want to preserve your configuration file by
saving it to another host.
You can now download new files via FTP or ZMODEM.
Page 7-15
Creating a New File System
Page 7-16
8
Switch Security
Commands listed in the Security menu are for configuring system security parameters such as
the password and logout time. The menu also provides a command for rebooting the switch.
Enter
security
at the prompt to enter the Security menu. Press ? to see the following list of commands:
Command
pw
reboot
timeout
layer2auth
seclog
secdefine
secapply
useradd
usermod
userdel
asacfg
userview
auth
Security Menu
Set a new password for a login account
Reboot this system (allowed if the user is “admin”)
Configure Auto Logout Time (obsolete, use “uic” command)
Enable/Disable layer2 user authentication
Display Secure Access log file entries
Define Secure Access filter(s)
Apply Secure Access filter(s)
Create a new user for a login account
Modify a user’s privileges
Remove a user
Configure Authenticated Switch Access
View the users in the local user database
Enter the Authentication menu
Main
File
Interface Security
Summary VLAN
System
Services
Networking
Help
The pw, reboot, seclog, secdefine, and secapply commands are described in this chapter. The
useradd, usermod, userview and userdel commands are also described in this chapter.
For information about the layer2auth and asacfg command as well as the authentication (auth)
submenu, see the Switched Network Services User Manual.
Page 8-1
Changing Passwords
Changing Passwords
The switch provides three types of login accounts by default—Administrator, User and Diagnostics. The Administrator login provides full READ/WRITE access to all command families.
The login name for the Administrator account is admin. The login name for the default User
account is user and provides READ ONLY access to the switch’s command families except for
the global family, and NO WRITE privileges. The Diagnostics login has full READ/WRITE access
to all command families plus a command for running switching module tests. The login name
for Diagnostics is diag.
The initial password for all three accounts is switch. If you log in as diag you can change the
passwords for the diag and admin login accounts. If you log in as admin, however, you can
only change the password for the admin login account. To change the password, complete the
following steps. Remember that the User Interface does not echo (display) the password characters.
1. From the prompt, type
pw <account-name>
The <account-name> is the user login name (diag, admin) for which you want to change
the password. The following prompt displays:
Changing password for account:<account-name>
Old password:
2. Enter the old password and press <Enter>. If you enter the old password incorrectly, the
following message displays:
Authentication failure
and the command will terminate. You will then need to start over from Step 1 above.
If you answered the old password correctly, the following prompt displays:
New password:
3. Enter the new password (you are allowed up to 18 characters) and press <Enter>. The
following prompt displays:
Retype new:
4. Re-enter the new password to confirm it and press <Enter>.
♦ Note♦
It is recommended that you change the password from
the default for all login accounts.
The passwords are stored encrypted in the mpm.cnf file. If you forget your password, you will
have to delete the mpm.cnf file which will cause the passwords to revert to the default.
♦ Caution ♦
Deleting the mpm.cnf file will also remove all of your
configuration data and restore everything back to
factory settings.
Page 8-2
Rebooting the Switch
Rebooting the Switch
The reboot command should only be executed during network down time and when no data
is being transmitted across the network. Also, you should ensure that all configuration information has been saved first. Note that the reboot command is only available to the admin and
the diag logins.
♦ Caution ♦
Rebooting the switch will disconnect a Telnet connection to the User Interface and will interrupt the
network connections on the switching modules.
To reboot the switch from the command line, enter
reboot
at the prompt and press <Enter>. The following prompt will display:
Confirm? (n)
:
Enter Y. The following message displays:
Locking file system...locked
System going down immediately...
switch[489917b0]: System rebooted by admin
The switch will now take at least a minute to start up again. (If you are connected to the User
Interface with a serial connection, the console displays start-up related information.) The login
message displays when the reboot is complete:
Welcome to the Alcatel Omni Switch/Router! (Serial # xxxx)
login :
Page 8-3
Secure Switch Access
Secure Switch Access
Secure Switch Access is a filtering program that prevents unauthorized access to the switch by
allowing you to define a list of filters and filter points. For Secure Switch Access, filters are
lists of source traffic that are allowed onto the switch. Filter points operate on IP protocols
that include FTP, Telnet, SNMP, TFTP, HTTP, and a custom IP protocol. Whenever any of these
filter points is enabled, all filters configured for that protocol are applied to incoming traffic
using the filter point protocol.
All access violations are logged. If a filtering point is not enabled, it is accessible to all users.
Configuring the Secure Switch Access Filter Database
Use the secdefine command to view and configure the database of secure access filters. This
database includes information on filter names, source IP addresses, source MAC addresses,
and the physical ports receiving data.
The following is a sample secdefine display:
Secure Access Filter Database
List
(l) :
Create (c):
Delete (d):
Modify (m):
Find
(f):
Help
(h):
Quit
(q):
Enter selection:
Select an option by entering the relevant letter at the selection prompt. To exit this menu,
enter q (quit). Descriptions and sample displays for each of the options are as follows:
List
This is a list of all defined filters. A filter determines what traffic is allowed on the switch. The
list includes information on the filter’s name, IP Address, MAC Address, and physical port
receiving the user’s data. The following is a sample display:
Source IP
Source MAC
Slot Port
Filter Name
Address
Address
#
#
--------------------------------------------------------------------------------------------------------Engineering
198.34.56.10
0:23:da:67:97:e4 4
1
Test
ANY
ANY
7
3
Accounting
172.14.25.13
0:32:e4:a3:6f:e4
2
1
HR
198.34.56.15
ANY
ANY ANY
The value ANY displays if a field is left blank when configuring filter information through the
Create (c) option. The ANY value signifies a “don’t care” condition. When an inbound packet is
checked against a Filter Name to establish authorized access, the ANY fields are not checked.
Page 8-4
Secure Switch Access
Create
This option allows you to create a new filter in the secure access database. The following is a
sample display:
Create Filter
-----------------Enter Filter Name:
Enter IP Address ( [a.b.c.d] ) :
Enter MAC Address ( [XXYYZZ: AABBCC] ) :
Is this MAC in Canonical or Non-Canonical (C or N) [C] :
Enter Slot :
Enter Port :
After you have created a filter, the information is automatically saved in the secure access
database, and the secdefine submenu re-displays. To review your new configuration, simply
select the list (l) option. Descriptions of the fields are as follows:
The name of the new filter. The name is required and must be at least one
character long and no more than 25 characters.
Enter Filter Name:
Enter IP Address ( [a.b.c.d] ): The allowed IP address. The address must be in the displayed
format ( [a.b.c.d] ). If you enter a value here, the user may access the switch only from this IP
address. If you leave this field blank, a value of ANY will display in the secure access list,
allowing access to the switch from any IP address.
Enter MAC Address ( ( [XXYYZZ: AABBCC] )): The allowed MAC address. The address must be in
the displayed format (( [XXYYZZ: AABBCC] ) ). If you enter a value here, a user may access the
switch only from this source MAC address. If you leave this field blank, a value of ANY will
display in the secure access list, allowing this user access to the switch from any MAC address.
Is this MAC in Canonical or Noncanonical (C or N) [C] : The
format of the specified MAC address.
Typically, ethernet MAC addresses are in canonical format while token ring and addresses are
in noncanonical format. The default is canonical (C). This parameter is not required.
Enter Slot:
The module on the switch receiving data from the specified IP or MAC address. If
you leave this field blank, a value of ANY will display in the secure access list, allowing data
from the specified IP or MAC address to be sent through any module on the switch.
Enter Port:
The port on the module receiving data from the specified IP or MAC address. If you
enter a value here, you should also specify a slot in the above field. If you leave this field
blank, a value of ANY will display in the secure access list, allowing data from the specified IP
or MAC address to be sent through any port on the module (if one is specified) or on the
switch (if no slot is specified).
Delete
This option allows you to delete a filter from the secure access list. The screen displays similar to the following:
Delete Filter
-----------------Enter Filter Name:
If you enter a filter name here, that filter will be immediately deleted from the secure access
database.
Page 8-5
Secure Switch Access
Modify
This option allows you to modify information about an existing secured access filter. Enter the
name of the filter you wish to modify, as follows:
Modify Filter
----------------Filter Name: Test
The filter’s existing information will display. For example:
Source IP
Source MAC
Slot
Port
Filter Name
Address
Address
#
#
----------------------------------------------------------------------------------------------------------Test
ANY
10.2.8.13
5
2
Enter IP Address ( [a.b.c.d] ) :
Enter MAC Address ( [XXYYZZ: AABBCC] ) :
Is this MAC in Canonical or Non-Canonical (C or N) [C] :
Enter Slot :
Enter Port :
To change a value, type in the new value at the prompt. If you do not wish to modify a
particular field, press Enter and the existing user information will remain unchanged. To
change a field to ANY privilege, enter a value of 0, an asterisk (*), or ANY at the prompt.
Descriptions of the fields in the above display are provided earlier under the option ‘‘List’’ on
page 8-4.
Find
This option allows you to find information about a specified filter in the secured access database. You must know the filter’s name in order to use this search feature. The following is a
sample display:
Find Filter
-------------Filter Name: Test
To find a filter in the database, enter the name of the filter at the prompt. If the filter you
enter is a valid one, information on that filter will display similar to the following:
Source IP
Source MAC
Slot
Port
Filter Name
Address
Address
#
#
----------------------------------------------------------------------------------------------------------Test
ANY
10.2.8.13
5
2
Page 8-6
Secure Switch Access
Configuring Secure Access Filter Points
The secapply command allows you to view the list of secure access filter points, to enable/
disable security globally or for a specific IP protocol filter point, and to define a filter list for
each filter point. To use this command, enter:
secapply
A screen similar to the following displays:
Secure Access Filter Points
1) FTP Security
11) Filter List
2) Telnet Security
21) Filter List
3) SNMP Security
31) Filter List
4) TFTP Security
41) Filter List
5) HTTP Security
51) Filter List
6) Custom Security
61) Filter List
62) Protocol
63) Port Service
7) One-touch Global Security :
71) One-touch Filter List
: Enabled
: Test, Engineering
: Disabled
: Test
: Enabled
:
: Enabled
: Manufacturing
: Disabled
:
: Enabled
: HR
:
:
:
Command { Item=Value/?/Help?Quit/Redraw/Save}
(Redraw)
:
♦ Note ♦
If security is enabled for a filter point and there are no
names defined on its list, then the filter point is essentially inaccessible to all users. For example, in the
above sample display, SNMP is not accessible to any
user.
You can enter commands by entering just the first letter of the command. For example, select
by entering q and pressing <Enter>.The question mark option (?) and the Help option
provide reference and instructional information on using this command. The Quit option exits
this command without saving configuration changes. The Redraw option refreshes the screen.
Quit
When you are done entering new values, type save at the prompt and all new settings will be
saved.
The following option is available for all filter points:
Filter List
Applies the filter name(s) defined through the secdefine command for this filter point.
Filter points are disabled by default. The different filter points are defined as follows:
Page 8-7
Secure Switch Access
1) FTP Security
Indicates whether or not secure access is enabled for File Transfer Protocol (FTP) on the
switch. Enabled means secure access is enabled for FTP services, and only filters on FTP’s filter
list have authorization. Disabled indicates that secure access is not enabled for FTP services,
and all users can access the switch through FTP.
2) Telnet Security
Indicates whether or not secure access is enabled for Telnet service on the switch. Enabled
means secure access is enabled, and only filters on Telnet’s filter list have authorization.
Disabled indicates that secure access is not enabled for Telnet service, and all users can access
the switch through Telnet.
3) SNMP Security
Indicates whether or not security is enabled for Simple Network Management Protocol (SNMP)
on the switch. Enabled means security is enabled for SNMP services, and only filters on SNMP’s
filter list are authorized. Disabled indicates that secure access is not enabled for SNMP services,
and all users can access the switch through SNMP.
4) TFTP Security
Indicates whether or not security is enabled for Trivial File Transfer Protocol on the switch.
means security is enabled for TFTP services, and only users on TFTP’s filter list are
authorized. Disabled indicates that security is not enabled for TFTP services, and all users can
access the switch through TFTP.
Enabled
5) HTTP Security
Indicates whether or not security is enabled for HyperText Transfer Protocol (HTTP) on the
switch. Enabled means that security is enabled for HTTP, and only filters on HTTP’s filter list
are authorized. Disabled indicates that security is not enabled for HTTP, and all users can
access the switch through HTTP.
6) Custom Security
Configures whether or not security is enabled for the custom IP protocol specified in line 62.
Enabled means that security is enabled for the custom IP protocol, and only filters on that
protocol’s filter list are authorized. Disabled indicates that security is not enabled for the
custom IP protocol, allowing all users access to the switch through that protocol.
62) Protocol
(Available for Custom Security only.) The IP protocol number to be included as a secured
access protocol (IP protocol field in the IP header). You may define only one custom IP
protocol.
63) Port Service
(Available for Custom Security only.) The Custom IP protocol’s destination port (port field
in the IP header)
Page 8-8
Secure Switch Access
7) One-touch Security
Configures the same Security value for all secure access protocols. Enabled enables security for
all secure access filter points. Disabled disables security for all secure access filter points. Any
value configured for individual security parameters overrides the global setting. If you wish to
set a different value for Telnet Security, for example, enter the line number for Telnet,
followed by an equal sign (=) and the new value.
71) One-touch Filter List
Configures a single filter list for all security filter points.
Enabling/Disabling Security Parameters
To change any of the Security values, enter the line number for the parameter, followed by an
equal sign (=), and then enabled or e for enable or disabled or d for disable at the prompt. For
example, to enable security for Telnet, enter the following:
2=e
Adding Filters
To add a filter, at the command prompt, enter the line number for the parameter, followed by
an equal sign (=), and then the filter’s name at the prompt. For example:
21=Test
♦ Note ♦
If the filter does not exist in the secure access database, the system prompts you to create the filter. To
view the list of secure access filters, use the secdefine
command. For more information, see ‘‘Configuring the
Secure Switch Access Filter Database’’ on page 8-4.
Enter save to save the new filter.
Deleting Filters
To remove an existing filter from a filter list, at the command prompt, enter the line number
for the parameter, followed by an equal sign (=), a negative sign (-), and then the filter’s name
as follows:
11= -Engineering
To remove all filters in a list, include an asterisk after the negative sign. For example:
4= -*
Enter save to save the change.
Page 8-9
Secure Switch Access
Viewing Secure Access Violations Log
The seclog command displays a log of all secure access violations.
♦ Note ♦
To log access violations on the switch, use the swlogc
command. For more information on the swlogc
command, see Chapter 10, “Switch Logging.”
To view the secure access violations log, enter
seclog
The following is a sample display:
Secure Access Violations Log
Time
-----------------------12:49:02
03:15:34
Protocol
------------FTP
Telnet
Source IP
-------------172.23.8.801
198.20.2.101
Attempts
-------------1
10
Slot/
Intf
------5/1
2/3
Elapsed Time
(secs)
------------------23
240
Descriptions of the fields are as follows:
Time.
The first time the access violation occurred.
Protocol.
The IP protocol for which the violation occurred.
Source IP.
The source IP address of the unauthorized user.
Attempts. The number of access attempts made by this user within the sample period (5
minutes).
Slot/Intf.
The physical port that received the unauthorized user information.
Elapsed Time (secs).
The duration (in seconds) from the first unauthorized access to the end of
the sampling period. Secure access violations will take 5 minutes to display in the log file.
Page 8-10
Managing User Login Accounts
Managing User Login Accounts
Prior to software release 4.4, the switch provided security in the form of privilege control for
individual login accounts by allocating each user accounts READ or WRITE privileges. Software release 4.4 contains a partition management feature that enhances the privilege capability with an authorization scheme based on the functional capacity assigned to each user.
The purpose of partition management is to provide a mechanism in the switch operating
system for system administrators to control access while maintaining enough flexibility to use
the switch’s full range of services. This is normally done for security reasons. System administrators can partition access to the switch by restricting a user’s ability to perform certain switch
commands or to use certain command groups.
♦ Terminology Notes♦
A user account refers to the user’s ability to log onto
the switch and perform certain functions. From the
user’s perspective, it consists of the login name and a
password.
A privilege refers to the user’s ability or permission from
the system administrator to execute a command.
Partition Management Requirements
Partition management is available only for user login accounts that have no permission to use
the UI command mode. Where a user account has permission to use the UI mode, partition
management is effectively destroyed for that user account. To maintain partition management
capability for a user account, that account must be restricted to using the CLI mode only.
Refer to ‘‘Assigning Account Privileges Using the UI Command Mode’’ on page 8-16 or
‘‘Assigning Account Privileges Using the CLI Command Mode’’ on page 8-13 for information
on restricting use UI commands.
♦ Note♦
Not all UI commands have CLI equivalents. Also, not all
CLI commands support partition management. For
detailed information, refer to the UI to CLI Cross Reference Tables in Chapter 4 of this manual.
Page 8-11
Managing User Login Accounts
Default Accounts
Initially each switch is preconfigured with three default logins (admin, user and diag). See
Chapter 4, “The User Interface,” for more information about login accounts. If you are logged
into an account with the WRITE privilege to the USER command you may create or delete
login accounts as described in this section. You may also create new user accounts.
♦ Note♦
At least one user account with WRITE privileges to use
the USER family of commands is required on the switch
at all times. If you attempt to remove or modify the
only user account to READ-ONLY privilege, the switch
will reject the modification command.
There are several commands available for modifying the user login accounts on the switch.
To see a list of all user accounts currently available on the switch, use the userview command
in the UI mode.
Adding a User Account Using the UI Command Mode
To add a user account you must be logged into an account with administrative privileges.
1. At the system prompt enter the
useradd
command. The following prompt displays:
Enter Username: ( ) :
2. Enter the desired user name. The following prompt displays:
Force Password change on next login [y/n] ? (y) :
3. Press <Enter> to force a password change at the next login for this user, or enter n to keep
the configured password. The following prompt displays:
Enter password: ( ) :
4. Enter the desired password. The following prompt displays:
Enter new password again: ( ) :
5. Enter the desired password again. In this example, the username “TechPubs1” is entered.
A message similar to the following displays:
User TechPubs1 user privileges (0:0:0) :
The user login account “TechPubs1” is now active on the switch.
At this point the new account has permission to log onto and off of the switch. To add
other privileges refer to ‘‘Assigning Account Privileges Using the UI Command Mode’’ on
page 8-16 or to ‘‘Assigning Account Privileges Using the CLI Command Mode’’ on page 813.
Page 8-12
Managing User Login Accounts
Adding a User Account Using the CLI Command Mode
To add a user account from the CLI mode, you must be logged into an account with administrative privileges. Enter the following at the command prompt.
user user_name <password user_password>
where user_name is the new user login account name and user_password is the new user
login account password. Both these values are specified by the user. For the user name
“Techpubs1”, the following message is displayed:
User Techpubs1 created.
If you do not specify a password when you create the new account, switch becomes the
default password.
♦ Note♦
It is recommended that you change the password from
the default for all login accounts.
Both the user account name and the password are limited to 16 text characters. The new
login account and password will take effect at the user’s next login session.
Assigning Account Privileges Using the CLI Command Mode
A user account’s READ and WRITE privileges can be assigned for all commands or for various
subsets of commands. The command subsets referred to as command families are shown
here:
config, vlan, iprout, ipxrout, bridge, snmp, xswitch, hrefilter, atmser, atmup, cem, csm, pnni, atmacct,
voip, mpoa, mpls and user.
In addition to assigning privileges according to command families, an administrator can
restrict the user account’s ability to execute specific commands. Here is a list of commands
that can be restricted from a user account.
system, status, slot, timeout, prompt, define, prefix, reboot, telnet, ftp, ping, swap, reset, cd, ls, rm, file,
interface, ethernet, gated, and ui.
♦ Warning♦
If partition management is intended for a user account,
that account cannot have permission to use the UI
command or the UI mode.
Page 8-13
Managing User Login Accounts
User Write Privileges
To assign privileges to a user account, you must be logged into an account with WRITE privileges to the USER family of commands. Enter the following command at the system prompt.
user userId [write list-of-families]
where userId indicates the name assigned to the user account for which you want to assign
READ and WRITE privileges. The list-of-families parameter indicates the switch command families and the specific commands for which the user account will receive READ and WRITE privileges. Command families must be separated by commas.
User Read Privileges
To assign READ-ONLY privileges to a user account, you must be logged into an account with
WRITE privileges to the USER family of commands. Enter the following command at the
system prompt.
user userId [read list-of-families]
where userId indicates the name assigned to the new login account for which you want to
assign READ-ONLY privileges. The list-of-families parameter indicates the switch command
families and the specific commands for which the user account will receive READ-ONLY privileges. For a list of command families and specific commands, refer to the ‘‘Assigning Account
Privileges Using the UI Command Mode’’ section on page 8-16 or to ‘‘Adding a User Account
Using the CLI Command Mode’’ on page 8-13.
Removing Privileges
You can remove READ and WRITE privileges from a user created login account if you are
logged into an account with WRITE privileges to the USER command family. Use the following command:
user userId no write list-of-families
You can remove READ-ONLY privileges from a user created login account by using the following command:
user userId no read list-of-families
For both these commands, the userId parameter indicates the name assigned to the user
created login account for which you want to remove privileges. The list-of-families parameter
indicates the switch command families and the specific commands from which you want to
remove READ or WRITE privileges.
Page 8-14
Managing User Login Accounts
Miscellaneous CLI Privileges Commands
The following is a list of privileges-related CLI commands. For more details on these
commands and other CLI commands, refer to the Text-Based Configuration CLI Reference
Guide.
• To create a new user login account, use the following command:
user user_name [password user-password]
where user_name is the new user login account name and user-password is the new user
password. Both these values are defined by the user.
• To set or change the password of the current user account, use the following command:
password password
Where password is the new password for this user account.
• To delete a login account, use the following command:
no user user_name
where user_name is the current login you want to delete.
• To view user privileges for a specific user login account, use the following command:
view user [user_name]
where user_name is the name of the user login account for which you will view privileges.
Page 8-15
Managing User Login Accounts
Assigning Account Privileges Using the UI Command Mode
When you add a new user login account, the account has permission to log in and to log out.
If you want the new account to have additional privileges you must add them separately. To
add privileges to a user account, you must be logged into an account with administrative
privileges. From the system prompt enter the usermod command. The following prompt
displays:
Enter Username : ( ) :
Enter the login name of the user account you are modifying. The following screen will
display.
- CONFIG
: NO
- GROUP
: NO
- IPROUT
: NO
- IPXROUT
: NO
- BRIDGE
: NO
- SNMP
: NO
- XSWITCH
: NO
- HREFILTER
: NO
- ATMSER
: NO
- ATMUP
: NO
- CEM
: NO
- CSM
: NO
- PNNI
: NO
- ATMACCT
: NO
- VOIP
: NO
- MPOA
: NO
- MPLS
: NO
- USER
: NO
Subsets of the global family:
- SYSTEM
: NO
- STATUS
: NO
- SLOT
: NO
- TIMEOUT
: NO
- PROMPT
: NO
- DEFINE
: NO
- PREFIX
: NO
- REBOOT
: NO
- TELNET
: NO
- FTP
: NO
- PING
: NO
- SWAP
: NO
- RESET
: NO
- CD
: NO
- LS
: NO
- FM
: NO
- FILE
: NO
- INTERFACE
: NO
- ETHERNET
: NO
- GATED
: NO
- UI
: NO
1. MODIFY ONE FAMILY RIGHTS
2. SET ALL READ RIGHTS
3. SET ALL WRITE RIGHTS
4. SET NO READ RIGHTS
5. SET NO WRITE RIGHTS
6. MODIFY ONE GLOBAL SUBSET
7. SET NO GLOBAL SUBSET
8. SET ALL GLOBAL SUBSET
[ 1 TO 8, (c)ancel or (s)sav] ( ) :
Page 8-16
Managing User Login Accounts
This screen displays the default privileges for a new user login account. Note that the default
privileges give the new user neither read nor write permission. To grant privileges to the user
account, enter a number from 1 to 5 as indicated in the display. To set WRITE privileges for a
single family of commands, enter 1 and press <Enter>. The display will prompt you for the
family number as shown here:
Give the family number : ( ) :
Enter the number of the command family for which you want to set WRITE privileges. Refer to
the ‘‘Command Family Table’’ on page 8-18 for the number.
For example, if you wanted to enable WRITE privileges for the Bridge command family, enter
the number 5 as shown here.
Give the family number : ( ) : 5
The following will display.
Give rights on family BRIDGE
0.
NO
1.
READ
2.
WRITE
3.
READ&WRITE
():
Enter the number 2 at the prompt to assign WRITE privileges. The following shows a portion
of the display.
User ‘TechPubs1’ user privileges (0:0X20:0) :
- CONFIG
: NO
- GROUP
: NO
- IPROUT
: NO
- IPXROUT
: NO
- BRIDGE
: READ & WRITE
- SNMP
: NO
- XSWITCH
: NO
(Continued)
The privilege listed next to Bridge shows WRITE. This indicates that the user ‘‘TechPubs1’’
now has WRITE privileges for the Bridge family of commands.
Page 8-17
Managing User Login Accounts
Command Family Table
Number
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Command Family
Configuration
Group
IP Routing
IPX Routing
Bridge
SNMP
QOS Policy
HRE Filter
ATM Service
WAN
CSM
PNNI
ATM Accounting
Voice Over IP
MPOA
MPLS
(unsupported)
User
The global family contains commands that apply globally to the switch rather than to individual applications or services. Privileges for global family commands can be set on an individual command basis or altogether so the privilege applies to the whole global family. If you
want to set privileges for the global commands, you must enter 6, 7 or 8 when the screen
prompt displays the following:
1. MODIFY ONE FAMILY RIGHTS
2. SET ALL READ RIGHTS
3. SET ALL WRITE RIGHTS
4. SET NO READ RIGHTS
5. SET NO WRITE RIGHTS
6. MODIFY ONE GLOBAL SUBSET
7. SET NO GLOBAL SUBSET
8. SET ALL GLOBAL SUBSET
[ 1 TO 8, (c)ancel or (s)save] ( ) :
To give the user account the privilege to set all global commands, enter the numeral 8. To
deny the user the privilege to set any of the global commands, enter the numeral 7. To set
individual global commands, enter the number 6. If you are assigning privileges on an individual command basis the display will look like this:
[ 1 TO 8, (c)ancel or (s)sav] ( ) : 6
Give the subset number : ( ) :
Enter the number of the command for which you want to set WRITE privileges. Refer to the
‘‘Global Family Table’’ on page 8-19 for the number.
Page 8-18
Managing User Login Accounts
Global Family Table
Number
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Global Family
System
Status
Slot
Timeout
Prompt
Define
Prefix
Reboot
Telnet
FTP
Ping
Swap
Reset
CD
LS
RM
File
Interface
Ethernet
Gated
UI
For example, if you wanted to assign the user account the privilege to use the define
command, enter the number 6 as shown here.
Give the family number : ( ) : 6
The following will display.
Give rights on subset DEFINE
0.
NO
1.
YES
():
If you enter 1, all the command families will display and the DEFINE command under the
global family will be shown as follows:
- DEFINE
: YES
After you set the user account privileges, the switch displays the current configuration. At this
point you may enter s to save your configuration or c to cancel.
♦ Warning♦
If partition management is implemented on a user
account, that account must have the UI command
family set to NO privilege. If an account has the privilege to use the UI command, partition management is
effectively destroyed for that account.
Page 8-19
Managing User Login Accounts
Modifying a User Account
You can use the usermod command to modify account privileges as shown here. You must be
logged into a user account with administrative privileges.
1. At the system prompt enter the usermod command. A prompt similar to the following
displays:
Enter Username: ( ) :
2. Enter the name assigned to the user account you want to modify. A screen similar to the
following displays where the account name is TechPubs1.
User ‘TechPubs1’ is configured with the following privileges:
READ
1. READ
2. WRITE
3. ADMIN
4. FORCE new password
Select the privilege(s) number to add/remove.
[ 1, 2, 3 (c)ancel or (s)ave] (c) :
♦ Note ♦
See ‘‘Managing User Login Accounts’’ on page 8-11 for
definitions of the privileges.
3. Enter the number for the privilege you want to add or remove. The entry acts as a toggle
to turn the privilege on or off for the user. In the current example, if you enter 2 at the
prompt, a screen similar to the following displays:
User ‘TechPubs1’ is configured with the following privileges:
READ
WRITE
4. After modifying the privileges for the user, enter s at the selection prompt to save the
change(s).
Deleting a User
To delete a user from the user database, you must be logged into an account with administrative privileges.
1. At the system prompt, enter the userdel command. The following prompt displays:
Enter Username to remove: ( ) :
2. Enter the username for the user you want to delete. A message similar to the following
displays:
User ‘TechPubs1’ was removed.
♦ Note ♦
All users but one may be deleted from the switch,
provided that the one remaining user is configured with
all privileges.
Page 8-20
9
Configuring Switch-Wide
Parameters
The switch provides commands to display and configure parameters on a switch-wide basis.
These commands are grouped into two menus: the Summary menu and the System menu.
Descriptions for commands in the Summary menu begin below; descriptions for commands in
the System menu begin on page 9-5.
In addition, this chapter contains documentation for configuring HRE-X ports (described in
Configuring the HRE-X Router Port on page 9-27) duplicate MAC address support (described
in Duplicate MAC Address Support on page 9-30), multicast claiming (described in Multicast
Claiming on page 9-32), disabling flood limits (described in Disabling Flood Limits on page 932), and saving configurations (described in Saving Configurations on page 9-33).
Summary Menu
The Summary menu consists of commands for displaying summary switch information. To
access this menu, enter
summary
at the UI prompt. Type the question mark (?) to see the following list of commands.
Command
ss
sc
si
Summary Menu
Display MIB-II System group variables
Display a summary of the chassis (type, id, serial no., base mac, etc.)
Current interface status
Main
File
Interface Security
Summary VLAN
System
Services
Networking
Help
The Summary menu commands are described in the sections that follow.
Page 9-1
Displaying the MIB-II System Group Variables
Displaying the MIB-II System Group Variables
MIB-II is a core set of definitions created to define the SNMP-based management framework.
This MIB module contains definitions for both end systems and routers using the Internet
protocol suite. To display the MIB-II system group variables, enter
ss
at the system prompt. A screen similar to the following will be displayed.
System description:
Alcatel Omni Switch/Router
System Object ID:
1.3.6.1.4.1.800.3.1.1.2.
Agent Up Time:
5 days, 00:28:14.38
Contact:
Administrator
Name:
TechWrite
Location:
Bldg 46
Device Services:
DataLink/Subnetwork Layer
Internetwork Layer
Host Layernetwork Layer
Application Layer (Rlogin, Telnet, FTP)
The fields displayed by the ss command are described below.
System description.
The specific type of chassis, which can be an OmniSwitch, OmniAccess, or
Omni Switch/Router. This field is set by the syscfg command, which is described in Configuring System Information on page 9-23.
System Object ID. The MIB entry for the switch (where the object ID starts). This is read only.
This value helps you locate Alcatel-specific variables in the MIB tree.
Agent Up Time.
The time (in days, hours, minutes, and seconds) since the switch was re-initial-
ized.
Contact.
The name of a person to contact about this switch. This field is set by the syscfg
command, which is described in Configuring System Information on page 9-23.
Name.
The name the system administrator assigned to this switch (the node’s fully qualified
domain name, by convention). This field is set by the syscfg command, which is described in
Configuring System Information on page 9-23.
Location. The physical location of the switch. This field is set by the syscfg command, which
is described in Configuring System Information on page 9-23.
Device Services.
The type of services provided by the switch. Supported service types are
listed below:
• Data Link /Subnetwork Layer
• Internetwork Layer
• Host Layer
• Application Layer (Rlogin Telnet, FTP)
Page 9-2
Displaying the Chassis Summary
Displaying the Chassis Summary
To display the chassis summary information, enter
sc
at the system prompt. A screen similar to the following will be displayed.
Type:
Chassis ID:
Description:
Backplane:
Master MPM Serial No.:
Physical Changes:
Logical Changes:
Number of Resets:
Base MAC Address:
Free Slots:
Omni Switch/Router XFRAME 9-slot
Alcatel
DESCRIPTION NOT SET.
5 SLOT
52601675
7
0
26
00:20:da:02:04:80
0
The fields displayed by the sc command are described below.
Type.
The description of the specific type of chassis or device.
Chassis ID.
The chassis ID for this switch.
Description.
The description of this chassis. This field is set by the syscfg command, which is
described in Configuring System Information on page 9-23.
Backplane.
The style of backplane in this chassis.
Master MPM Serial No.
Physical Changes.
The serial number for the primary MPX.
The number of physical changes that has occurred since the last reset or
power-on.
Logical Changes.
The number of logical changes that has occurred since the last reset or
power-on.
Number of Resets. The number
(mpm.cnf) was first removed.
Base MAC Address.
Free Slots.
of times this switch has been reset since the configuration file
The base MAC address for the primary MPX.
The number of front panel slots not occupied by a switching module.
Page 9-3
Displaying Current Router Interface Status
Displaying Current Router Interface Status
To display current interface status information, enter
si
at the system prompt. A screen similar to the following will be displayed.
Interface Summary Status
4 Interfaces
Logical
Interface
-------------1
2
3
4
Interface
Type
---------------------------Slip
Virtual Router
Virtual Router
SoftwareLoopback
Administrative
Status
----------------------Enabled
Enabled
Enabled
Enabled
Operational
Status
--------------------Enabled
Active
Active
Enabled
The fields displayed by the si command are described below.
Logical Interface.
Interface Type.
A number, in sequence, that has been assigned to the virtual router port.
The type of interface, which can be virtual router (the standard interface type),
SLIP, and software loopback.
Administrative Status. Whether the administrator has enabled or disabled the port. The port can
be enabled by the administrator but still be made inactive by the system.
Operational Status.
system software.
Page 9-4
Whether the port is active (operational) or inactive. This status is set by the
System Menu
System Menu
The System menu contains commands to view or set system-specific parameters. To access
this menu, enter
system
at the UI prompt to enter the System menu. If you are not in verbose mode, press a question
mark (?) and then press <Enter> to display the commands in the system menu, as shown
below.
Command
info
dt
ser
mpm
slot
systat
taskstat
taskshow
memstat
fsck
newfs
syscfg
uic
camstat
camcfg
hrex
ver/ter
echo/noecho
chpr
logging
health
cli
saveconfig
cacheconfig
System Menu
Basic info on this system
Set system date and time
View or configure the DTE or DCE port
Configure a Management Processor Module
View Slot Table information
View system stats related to system, power and environment
View task utilization stats
View detailed task information
View memory use statistics
Perform a file system check on the flash file system
Erase all file from /flash and create a new file system
View/Configure info related to this system
UI configuration; change - prompt, timeout, more, verbose.
View CAM info and usage
Configure CAM info and usage
Enter HRE-X management command sub-menu
Enables/disables automatic display of menus on entry (obsolete)
Enable/disable character echo
Change the prompt for the system (obsolete, use ‘uic’ command
View system logs.
Set health parameters or view health statistics
Enter command line interface
Dump the cache configuration content to the mpm.cnf file.
Set the flag to use cache configuration only.
Main
File
Interface Security
Summary VLAN
System
Services
Networking
Help
All of the System menu commands—except for the mpm, ver, ter, echo, noecho, chpr, logging,
health, and cli commands—are described in the following sections. The uic, ver/ter, echo,
noecho, chpr, and cli commands are described in Chapter 4, “The User Interface.” The mpm
command is described in Chapter 6, “Configuring Management Processor Modules.”
♦ Note ♦
The ver, ter, and chpr commands now appear as items
in the UI Configuration menu (displayed through the
uic command). If you enter the ver/ter and chpr
commands, a message will advise you to use the uic
command, and the UI Configuration menu will automatically display. For more information on the UI
Configuration menu, refer to Chapter 4, “The User
Interface.”
Page 9-5
Displaying Basic System Information
Displaying Basic System Information
To display basic information on the switch, enter
info
at the system prompt. The following display is a typical example.
System Make: Alcatel OmniSwitch
System Type: 5-slot OmniSwitch
Description: DESCRIPTION NOT SET.
Backplane: 9 SLOT
Bus Speed: 1200 XFRAME
Physical changes to the system since power-up or reset:
Logical changes to the system since power-up or reset:
Number of Resets to this system:
2
0
8
The attached MPM, slot 1, is the Primary
Automatic configuration synchronization is enabled
System base MAC Address:
Number of Free Slots:
Action on Cold Start:
Action on Reset:
00:20:da:04:21:f0
0
Load & go
Restart
VBus Mode :
Mode 1
Script File:
Boot File:
Ni Image Suffix:
/flash/mpx.cmd
/flash/mpx.img
img
The fields displayed by the info command are described below.
System Make.
The description of the specific type of chassis or device.
System Type.
The OmniSwitch type.
Description.
A description of the chassis and product. This field is set by the syscfg command,
which is described in Configuring System Information on page 9-23.
Backplane.
The style of backplane used in this chassis.
Bus Speed.
The speed of backplane, in Mbs, used in this chassis.
Physical Changes to the system since power-up or reset.
The number of physical changes that has
occurred since the last reset or power-on.
Logical Changes to the system since power-up or reset.
occurred since the last reset or power-on.
Page 9-6
The number of logical changes that has
Displaying Basic System Information
No. of Resets to the System.
The number of times this switch has been reset since the last cold
start.
♦ Note ♦
The info command will also display the number of
MPXs, their location in chassis, and which one is the
primary and which one is the secondary. In addition, it
also displays whether automatic configuration synchronization is enabled. See Chapter 6, “Configuring
Management Processor Modules,” for more information
on redundant MPXs and automatic configuration
synchronization.
System Base MAC Address.
Number of Free Slots.
Action on Cold Start.
Action on Reset.
The base MAC address for the primary MPX in chassis.
The number of slots not occupied by a module.
The action taken when you switch the power on.
The action taken when you reboot.
Script File. The name of the command file (mpx.cmd is the default) containing user-configurable commands.
Boot File.
The boot file (mpx.img is the default) used by the switch when it boots up or
reboots.
Ni Image Suffix. The name of the file extension (img is the default) indicating that the file is an
executable binary file. See Chapter 6, “Configuring Management Processor Modules,” to
change this suffix.
Page 9-7
Setting the System Date and Time
Setting the System Date and Time
The dt command allows you to set the local date, time, and time zone. Additionally, you can
set the system clock to run on Universal Time Coordinate (UTC or GMT). If applicable, you
can also configure Daylight Savings Time (DST) parameters. To view or make changes to date,
time, time zone, and DST for the switch, enter
dt
at the System prompt. This command displays a screen similar to the following:
Modify Date and Time Configuration
1) Local time
2) Local date
3) Timezone (-13 . . 12, name)
4) Daylight Savings Time active
{Item=Value/?/Help/Quit/Redraw/Save}
: 1:45:41
:01/15/01
: MST UTC-7 hrs
: DisabledCommand
(Redraw)
:
To use the dt command, you must have UI write privileges. Enter the line number for the variable that you would like to change, an equal sign (= ), and then the new value for the variable. For example, to set a new date, you would enter:
2=4/20/99
After you have made changes, enter
save
to save your changes and to exit the dt menu. If you do not wish to make any changes, enter
quit
at the system prompt. The following sections describe the variables on this screen.
1) Local time
Indicates the current and local time. To set the time, enter the line number for Local Time (1)
followed by the new time. The time format is as follows:
HH:MM:SS
where HH is the hour to be set based on a 24 hour (military) clock, MM is the minutes to be
set, and SS is the seconds to be set. For example, if you wanted to set the time to 3:15 p.m.,
you would enter:
1=15:15:00
2) Local date
The current and local date. To set the date, enter the line number for Local Date (2) followed
by the new date. The date format is as follows:
MM/DD/YY
where MM is the month to be set, DD is the day to be set, and YY is the last two digits of the
year to be set. Remember to include a slash (/) between the month and the day and between
the day and the year. For example, if you wanted to set the date to January 15, 2001, you
would enter:
2=01/15/01
Page 9-8
Setting the System Date and Time
3) Timezone
This parameter specifies the time zone for the switch and sets the system clock to run on UTC
time (or Greenwich Mean Time). Additionally, if Daylight Savings Time is enabled (see option
4 below), the clock automatically sets up default DST parameters (if applicable) for the local
time zone. The local time remains active for all User Interface commands and other
subsystems that require the local time. To set the time zone for the switch, you may use one
of two methods:
a. Enter the line number for Timezone (3) followed by the hour(s) offset from UTC. This can
be a number from -13 to +12. The number you enter will set the system clock x hours from
the local time. For example, if the local time, 1:45:00, is seven hours behind UTC time, you
would enter:
3=-7
This specification sets the UTC time to 8:45:00, seven hours ahead of the local time, 1:45:00.
b. Enter the line number for Timezone (3) followed by the time zone name. There is a limited
number of time zone names available. For example, if the local time zone name is Mountain Standard Time (MST), you would enter:
3=MST
This specification automatically sets the switch to -7 hours, the number of hours MST is offset
from UTC.
Daylight Savings Time. The
software will automatically configure DST values for a specified time
zone. However, the user can manually modify DST values.
Non-integer Offsets. Non-integer
offsets are acceptable for Timezone. Some parts of the world
are offset from UTC by increments of 15, 30, or 45 minutes. India, for example, is offset from
UTC by 5 hours and 30 minutes. If you wanted to enter the time zone offset for India, for
example, you would type the line number for Timezone (3), followed by the non-integer
hour offset in the HH:MM format, as follows:
3=05:30
where the value of 05:30 is five hours and thirty minutes offset from UTC.
♦ Note ♦
The switch automatically enables UTC. However, if you
do not want your system clock to run on UTC, simply
enter the offset +0 for the Timezone parameter. This sets
UTC to run on local time.
The table on the following page lists the options available for Timezone names:
Page 9-9
Setting the System Date and Time
Timezone and DST Parameters
Abbr.
Name
Hours
from
UTC
DST Start
DST End
DST
Change
NZST
New Zealand
+12:00
1st Sunday in Oct.
at 2:00 a.m.
3rd Sunday in
March at 3:00 a.m.
1:00
ZP11
No standard
name
+11:00
No default
No default
No default
AEST
Australia East
+10:00
Last Sunday in
Oct. at 2:00 a.m.
Last Sunday in
March at 3:00 a.m.
1:00
GST
Guam
+10:00
No default
No default
No default
ACST
Australia
Central Time
+9:30
Last Sunday in
Oct. at 2:00 a.m.
Last Sunday in
March at 3:00 a.m.
1:00
JST
Japan
+9:00
No default
No default
No default
KST
Korea
+9:00
No default
No default
No default
AWST
Australia
West Time
+8:00
No default
No default
No default
ZP8
China,
Manila,
Philippines
+8:00
No default
No default
No default
ZP7
Bangkok
+7:00
No default
No default
No default
ZP6
No standard
name
+6:00
No default
No default
No default
ZP5
No standard
name
+5:00
No default
No default
No default
ZP4
No standard
name
+4:00
No default
No default
No default
MSK
Moscow
+3:00
Last Sunday in
March at 2:00 a.m.
Last Sunday in
Oct. at 3:00 a.m.
1:00
EET
Eastern
Europe
+2:00
Last Sunday in
March at 2:00 a.m.
Last Sunday in
Oct. at 3:00 a.m.
1:00
CET
Central
Europe
+1:00
Last Sunday in
March at 2:00 a.m.
Last Sunday in
Oct. at 3:00 a.m.
1:00
MET
Middle European Time
+1:00
Last Sunday in
March at 2:00 a.m.
Last Sunday in
Oct. at 3:00 a.m.
1:00
BST
British
Standard
Time
+0:00
Last Sunday in
March at 1:00 a.m.
Last Sunday in
Oct. at 3:00 a.m.
1:00
WET
Western
Europe
+0:00
Last Sunday in
March at 1:00 a.m.
Last Sunday in
Oct. at 3:00 a.m.
1:00
Page 9-10
Setting the System Date and Time
Timezone and DST Parameters Con’t
Abbr.
Name
Hours
from
UTC
DST Start
DST End
DST
Change
GMT
Greenwich
Mean Time
+0:00
No default
No default
No default
WAT
West Africa
-1:00
No default
No default
No default
ZM2
No standard
name
-2:00
No default
No default
No default
ZM3
No standard
name
-3:00
No default
No default
No default
NST
Newfoundland
-3:30
1st Sunday in
April at 2:00 a.m.
Last Sunday in
Oct. at 2:00 a.m.
1:00
AST
Atlantic Standard Time
-4:00
1st Sunday in
April at 2:00 a.m.
Last Sunday in
Oct. at 2:00 a.m.
1:00
EST
Eastern Standard Time
-5:00
1st Sunday in
April at 2:00 a.m.
Last Sunday in
Oct. at 2:00 a.m.
1:00
CST
Central Standard Time
-6:00
1st Sunday in
April at 2:00 a.m.
Last Sunday in
Oct. at 2:00 a.m.
1:00
MST
Mountain
Standard
Time
-7:00
1st Sunday in
April at 2:00 a.m.
Last Sunday in
Oct. at 2:00 a.m.
1:00
PST
Pacific Standard Time
-8:00
1st Sunday in
April at 2:00 a.m.
Last Sunday in
Oct. at 2:00 a.m.
1:00
AKST
Alaska
-9:00
1st Sunday in
April at 2:00 a.m.
Last Sunday in
Oct. at 2:00 a.m.
1:00
HST
Hawaii
-10:00
No default
No default
No default
ZM11
No standard
name
-11:00
No default
No default
No default
Page 9-11
Setting the System Date and Time
4) Daylight Savings Time active
Enables and disables DST (Daylight Savings Time). To enable DST, enter:
4=Enable
To disable DST, enter:
4=Disable
If DST is disabled, options 41-49 will not be displayed.
41) DST Start Month
Indicates which month of the year DST starts. To set the month when DST should start, enter
the sequential number of the month (January=1, February=2, . . . December=12). For example, if you want DST to begin in April, you would enter the line number for DST Start Month
(41) and the month, as follows:
41=4
42) DST Start Week
Indicates which week in a month DST starts. To set the week DST should start, enter the
sequential number of the week. The possible values are 1st (1), 2nd (2), 3rd (3), 4th (4), and
Last. For example, if you want DST to start on the 3rd Tuesday of a month, you would enter
the line number for DST Start Week (42) and the week, as follows:
42=3
43) DST Start Day
Indicates which day of the week DST starts. To set the day DST should start, enter the sequential number of the day (Sunday=1, Monday=2, . . . Saturday=7). For example, if you want DST
to begin on Friday, you would enter the line number for DST Start Day (43) and the day, as
follows:
43=6
44) DST Start Time
Indicates what time of day (in local time) DST starts. To set the time DST should start, enter
the time in the form HH:MM, where HH is the clock hours of a 24 hour (military) clock and MM
is the clock minutes that DST should start. For example, if you want DST to start at 1:00 a.m.,
you would enter the line number for DST Start Time (44) and the time, as follows:
44=1:00
45) DST End Month
Indicates which month of the year DST ends. To set the month DST should end, enter the
sequential number of the month (January=1, February=2, . . . December=12). For example, if
you want DST to end in April, you would enter the line number for DST End Month (45) and
the month, as follows:
45=4
Page 9-12
Setting the System Date and Time
46) DST End Week
Indicates which week in a month DST ends. To set the week DST should end, enter the
sequential number of the week. The possible values are 1st (1), 2nd (2), 3rd (3), 4th (4), and
Last. For example, if you want DST to end on the last Tuesday of a month, you would enter
the line number for DST End Week (46) and the week, as follows:
46=Last
47) DST End Day
Indicates which day of the week DST ends. To set the day DST should end, enter the sequential number of the day (Sunday=1, Monday=2, . . . Saturday=7). For example, if you want DST
to end on Wednesday, you would enter the line number for DST End Day (47) and the day, as
follows:
47=4
48) DST End Time
Indicates what time of day (in local time) DST ends. To set the time DST should end, enter the
time in the form of HH:MM, where HH is the clock hours of a 24 hour (military) clock and MM
is the clock minutes that DST should end. For example, if you want DST to end at 2:00 a.m.,
you would enter the line number for DST End Time (48) and the time, as follows:
48=2:00
49) DST Offset
Indicates the amount of time to change the local time when DST changes. To set how much
time DST should change, enter the change in the form of HH:MM, where HH is the clock hours
and MM is the clock minutes that DST should change. For example, if you want the local time
to move 1 hour when DST changes, you would enter the line number for DST Offset and the
hour, as follows:
49=1:00
Page 9-13
Viewing Slot Data
Viewing Slot Data
You can view slot table information by entering the slot command. To view information on a
particular slot, enter the slot command together with the slot number. For example, to view
information for slot 1, enter
slot 1
at the system prompt. You can also view information on all slots in the switch at the same
time in a table. To view data, for all slots in the switch, enter
slot
at the system prompt. A table similar to the following will be displayed.
Slot
------1*
Module-Type
Adm-Status
HW
Board
Mfg
Firmware-Version
Part-Number
Oper-Status Rev
Serial #
Date
Base-MAC-Address
---------------------------------------------------------------------------------------------------------------------------MPM
Enabled
L3
52601675 01/05/01
4.305002600 Operational
00:20:da:04:21:f0
2
HSM
2-1
FDDI
3
HSM
3-1
ATM
4
Ether/8
5
F-Ether/M
Enabled
Enabled
B11
53404264
01/19/01
4.3 05003106 Operational
00:20:da:02:28:60
D
53404104
01/24/01
05003706
L
53404645
01/21/01
4.3 05003106 Operational
00:20:da:04:87:30
B
53404116
01/11/01
05004400
Enabled
D
53404229
01/07/01
4.3 05000014 Operational
00:20:da:03:09:90
Enabled
A5
73250839
01/07/01
4.3 05015906 Operational
00:20:da:85:40:50
Enabled
The fields display by the slot command are described below.
Slot.
The slot number for the MPX or switching module.
Module-Type.
The type of module in this slot.
Part-Number.
The factory-assigned part number.
Adm-Status.
The administration status. This can be enabled or disabled by the operator
through the reset command, which is described in Chapter 36, “Running Hardware Diagnostics.”
Oper-Status. The operational status. Whether the port is Up (Operational), Down, or
Unknown. (Unknown means uninitialized or that the module is in a transitional state.)
HW Rev.
The revision number for this module. This number may be helpful when troubleshooting.
Board Serial #.
Mfg Date.
Serial number for this module.
The manufacturing date for this module.
Firmware-Version.
The version of the module’s firmware. All modules should use the same
version of software.
Base-MAC-Address.
Page 9-14
The base MAC address(es) of this module.
Viewing System Statistics
Viewing System Statistics
The systat command displays statistics related to system, power, and environment. To view
these parameters, enter
systat
at the system prompt. A screen similar to the following will be displayed.
System Uptime
MPM Transmit Overruns
MPM Receive Overruns
MPM total memory
MPM free memory
MPM CPU Utilization ( 5 sec)
MPM CPU Utilization ( 60 sec)
Power Supply 1 State
Power Supply 2 State
Temperature Sensor
1 days, 12:09:22.64
:0
: 22
: 16 MB
: 6522536 bytes
: 5% ( 0% intr 0% kernel 3% task 95% idle)
: 5% ( 0% intr 0% kernel 3% task 96% idle)
: OK
: Not Present
: OK - Under Threshold
Temperature
Temperature Alarm Masking
: 37:00c 98.60f
: Disabled
The fields displayed by the systat command are described below.
System Uptime. The time since the last boot that the system has been running, displayed in
days, hours, minutes, and seconds (to the nearest hundredth).
MPM Transmit Overruns.
The number of times a VSE transmit buffer could not be allocated by a
task on the MPX.
MPM Receive Overruns. The number of times packets were dropped because the bus had more
packets to deliver than the MPX could handle. This is a “receive overrun” condition which can
happen when a storm occurs or when the switch is first powered up and many unknown
MAC frames are being forwarded to the MPX.
MPM total memory.
The amount of total memory installed on the MPX.
MPM Free Memory.
The amount of free, or unused, memory available in the MPX. This data is
also displayed by the memstat command, which is described in Viewing MPX Memory Statistics on page 9-20.
MPM CPU Utilization (5 seconds).
The amount of time, by percent, the MPX processor actually
worked during the last 5 seconds.
MPM CPU Utilization (60 sec).
The amount of time, by percent, that the MPX processor actually
did work during the last minute.
Power Supply 1 State.
Valid states are OK, Not Present, and Bad. A power supply that has been
turned off will be in the Bad state. If not installed, it will be in the Not Present state.
Power Supply 2 State.
Valid states are OK, Not Present, and Bad. A power supply that has been
turned off will be in the Bad state. If not installed, it will be in the Not Present state.
Temperature Sensor. Indicates whether the MPX temperature sensor detects overheating. Valid
states are Under Threshold, Over Threshold, and Not Present.
Temperature.
Indicates the switch temperature Celsius and Fahrenheit.
Temperature Alarm Masking. Indicates whether temperature alarm masking is Enabled or
Disabled. You enable masking through the maskta command, which is described in Chapter
36, “Running Hardware Diagnostics.”
Page 9-15
Clearing System Statistics
Clearing System Statistics
You may want to clear statistics for a specific module, port or service for dialogistic or
accounting purposes. To clear switch statistics enter
clearstat
at the system prompt. A screen similar to the following will display.
Usage: clearstat
slot
[,port]
[,service]
[,instance]
As indicated in the prompt, you can clear all statistics from a module by entering the slot
number as shown here:
clearstat 3
This entry will clear all statistics for the module located in slot 3. If you want to clear statistics
for a specific port, service or instance, enter the clearstat command followed by the appropriate numbers. You must use a comma (,) to separate the slot number from the port, service
and instance numbers. The following command will clear all statistics for port 1 of the
module located in slot 3.
clearstat 3,1
♦ Caution♦
When the clearstat command is used, no notification is
sent to the SNMP manager about the cleared statistics.
Use of this command can cause unpredictable results
with your NMS statistics.
Page 9-16
Viewing Task Utilization Statistics
Viewing Task Utilization Statistics
The taskstat command displays the task utilization statistics of the switch. To display the task
utilization statistics, enter
taskstat <task-number> <sample-period>
at the system prompt. The <task-number> is an optional number of tasks and the
<sample-period> is an optional sample period of 1 to 60 seconds. You must enter the
<task-number> if you want to enter the <sample-period>.
The default number for <task-number> is 5 and the default sample period for <sample-period>
is 5 seconds. To display the task utilizations statistics for 10 tasks over a 20-second period, for
example, enter
taskstat 10 20
at the system prompt. A screen similar to the following will display.
Task Name
----------------tUi_shellt0
tCMProber
tUi_shellC
tSnmp_agent
tNetTask
tTelnetOut0
tif_vbInput
vseReceive
tTelnetIn0
bslMgr
Utilization (20 secs)
-----------------------------0.76%
0.70%
0.60%
0.34%
0.32%
0.19%
0.19%
0.11%
0.08%
0.07%
All Other Tasks:
------------------------------Total Task Utilization:
0.68%
4.04%
The taskstat command displays the tasks in descending order in terms of the switch’s CPU
utilization. You may use the taskstat 0 command if you want to list utilization statistics for all
the tasks executed by the switch.
The taskshow command displays a table listing all tasks and their priority, status and memory
allocation. A partial table is shown here.
NAME
ENTRY
TID
PRI STATUS
PC
SP
ERRNO
DELAY
-----------------------------------------------------------------------------------------------------------------------------------------tExcTask
_excTask
499f7f20 0 PEND
4892067c 499f7d38
9
0
tLogTask
_logTask
499f5598 0 PEND
4892067c 499f53b0
0
0
tCMWatcher _cmWatchdogK 4999f108 0 DELAY 4893c028 4999efb8
0
5
tHelperTask _exc2Task
499fc018 2 PEND
4892067c 499fbe30
0
0
tAscSTimer _ascSessTime 49a53498 10 DELAY 4893c028 49a53348
0
170
bpeMgr
_bpm_initial
46037630 20 PEND
4892a41c 46037430 3d0002
0
ipxTimer
_ipxTimerTas
49a83168 49 DELAY 4893c028 49a83010
0
26
ipxGapper
_ipxGapperTa
49a7cdc0 49 PEND
4892067c 49a7cb70
0
0
tNetTask
_netTask
499eee40 50 PEND
4892a0a4 499eec68
0
0
ipx
_ipxMain
49fe0350 50 PEND
4892a41c 49fe0168 3d0002
0
The fields displayed by the taskshow command are described below.
NAME.
Name of the task whose statistics are being shown.
ENTRY.
TID.
Shows the routines that are currently being executed by the specified task.
Address of the task listed in this row.
Page 9-17
Viewing Task Utilization Statistics
PRI.
Priority of the specified task.
STATUS.
Current status of the specified task.
PC.
Program Counter. The program counter identifies the routing code as it enters the stack.
SP.
Stack pointer. The stack pointer points to the code being loaded when the status is taken.
ERRNO.
DELAY.
Page 9-18
Error number indicator.
The time elapsed between task routines.
Viewing Memory Utilization
Viewing Memory Utilization
The leak monitor diagnostic utility is used to display information about memory utilization.
This utility requires the use of three UI commands: leakstart, leakstop and leakdumpall.
♦ Note♦
You may want to log this operation to a text file to
make it easier to view the data.
To start the utility, enter
leakstart
at the system prompt. This command starts a leak monitor daemon that gathers memory information in the background until you stop it by using the leakstop command. The leakstop
command stops the leak monitor daemon from recording data and preserves the data already
recorded. To view the memory utilization information enter the following command
leakdumpall
at the system prompt. This command dumps all memory recorded by the leak daemon. A
screen similar to the following will display.
Outstanding Memory - at TUE
Task ID
========
49a69a58
49559bb8
49559bb8
49559bb8
APRI 24
Name
Functi 1 Functi 2
======= ======== ========
tUi_she 484fe4do 484f1284
t_AtmMg 49db6e90 49d6a780
t_AtmMg 49db6e90 49d4be4c
tUi_she 49db6e90 49d9cce4
19:00:29
Functi 3
========
484ffbc8
49d4c3bd
49d8639c
49d9c910
Address
=======
4800ef28
4800ef88
4800efb8
4800f050
2001
Len
Time
===
======================
9 TUE APR 24 18:06:4 7 2001
16 TUE APR 24 18:06:4 6 2001
64 TUE APR 24 18:06:4 6 2001
4 TUE APR 24 18:06:4 6 2001
End of memory report.
The length of the display shown will vary depending on the length of time between use of
the leakmon command and the leakstop command. The fields displayed by the leakdumpall
command are described below.
Task ID.
Name.
The address of the task that is allocating the block of memory.
Name of the task that is allocating the block of memory.
Functi 1, 2, 3. These three columns indicate functions entered above the malloc package. Function 1 is the function that called malloc. Function 2 is the function that called Function 1.
Function 3 is the function that called Function 2.
Address.
Length.
Time.
The starting address space for the memory that was allocated.
The length of the block requested on the alloc( ) call
The timestamp taken when the alloc call occurred.
Page 9-19
Viewing MPX Memory Statistics
Viewing MPX Memory Statistics
The memstat command displays the MPX’s memory statistics. The statistics will tell you how
memory is currently being used and help determine if memory problems exist, such as
memory exhaustion. To view the MPX’s memory statistics, enter
memstat
at the system prompt. A screen similar to the following will be displayed.
Summary of Memory Usage
status
bytes
-----------------current
free
4761672
alloc
6429088
cumulative
alloc 24942880
MPM total memory
blocks
-----------
avg block
---------------
max block
----------------
64
9114
74401
705
4719704
-
148235
168
-
: 16MB
The fields displayed by the memstat command are described below.
status. The statistics appear in two groups: current and cumulative. The current status shows
free and allocated memory. The cumulative status shows only allocated memory. Cumulative
memory is the total amount of memory that has been allocated since the switch was started
up. This value increases each time a memory allocation takes place. It can never decrease.
bytes.
The number of bytes for free and allocated memory.
blocks.
Block size is dynamic and depends upon memory usage and the amount of fragmen-
tation.
avg block.
The average block indicates the average size of all the memory blocks.
max block. The maximum block indicates the largest free memory block available. When this
value drops to around 10K it usually indicates that the free memory is highly fragmented and
probably near exhaustion.
MPM total memory.
Page 9-20
The total number of megabytes available in the MPX’s memory.
Checking the Flash File System
Checking the Flash File System
The fsck command performs a file system check of flash memory, which consists of the flash
file system. Image files are stored in flash memory and loaded into system memory when the
switch boots up. It also provides diagnostics in the case of file corruption. To perform a file
system check of flash memory, enter
fsck
at the system prompt. A screen similar to the following will be displayed.
Your bootroms support Flash File System Version 2 and greater.
Out of 16 file descriptors in use, 0 of these are opened on the /flash device.
Performing a file system check using manual mode. If a file is encountered
with a potential problem, you may wish to consider preserving it for technical
support analysis...
Flash file system check in progress...
Checking root file system... OK
Performing file consistency check...
Done.
There doesn't appear to be a system problem related to the Flash File
system or kernel file system data structures. If you are experiencing
problems with the flash file system, perhaps try using the "info",
"systat", or "memstat" commands. They may indicate some other condition
(such as low memory) which could prohibit correct operation of the
file system.
If the fsck command finds a problem with the flash file system, a message will be displayed
detailing the problems found and/or actions taken to correct those problems.
Checking the SIMM Files
Each logical file system (/flash and /simm) must be checked independently. If you have
installed the 32 or 56 Mb SIMM upgrade and you want to check the SIMM’s memory, enter
cd /simm
at the system prompt before you execute the fsck command.
Page 9-21
Creating a New File System
Creating a New File System
The newfs command removes a complete flash file system and all files within it. It then
creates a new flash file system, which is empty. You can use this command when you want
to reload all files in the file system from a readily-accessible backup device or in the unlikely
event that the flash file system becomes corrupted.
♦ Important Note♦
Before you execute the newfs command you should
preserve your configuration file by saving it to another
host.
To re-initialize the flash memory, enter
newfs
at the system prompt. The following screen will display.
You are about to destroy all files on file system /flash. If you
are experiencing problems with the flash file system, you might
want to use the "fsck" command to help determine where problems
may exist.
Are you absolutely sure you want to strip the current file
system and create a new one? (n)
Enter y to re-initialize the flash memory or n to cancel (the default is n). If you enter y, you
will have to load new software into the switch.
♦ Warning ♦
Do not power-down the switch after running the newfs
command until you reload your image and configuration files. If you do, you will have to reload the image
files at the boot monitor prompt using the serial interface (e.g., ZMODEM), which can take several minutes.
You can then download new files via FTP or ZMODEM.
Creating a SIMM File System
If you have installed the 32 or 56 Mb SIMM upgrade and you want to create a new file system
in the SIMM’s memory, enter
cd /simm
at the system prompt before you execute the newfs command.
Page 9-22
Configuring System Information
Configuring System Information
You can enter or modify a description of a switch, its location, and a contact person.
Although this information is not required, you may find it helpful in managing the switch. To
enter or modify the switch descriptions, perform the following steps.
1. At the system prompt, enter
syscfg
The current system information will appear with a prompt asking if you want to change
any of the information; for example:
System Contact
System Name
System Location
System Description
Duplicate MAC Aging Timer
Change any of the above {Y/N}? (N) :
: Usenet
: Testnet4
: Calabasas
: Marketing_testnet
: 0 (not configured)
If you enter n, the syscfg command will exit and no changes will made (the default is n).
If you enter y, the current system information will be displayed line by line. To keep the
current value (shown in brackets) for a line, press <Enter> . To change a value, enter the
new value and press <Enter> .
♦ Important Note ♦
Except for the Duplicate MAC Aging Timer field, all
changes you make take place immediately.
If you entered y, something similar to the following will be displayed.
System Contact (Usenet) :
2. Enter the new system contact or just press <Enter> to accept the default. A screen similar
to the following will be displayed.
System Name (no_name) :
3. Enter the new system name or just press <Enter> to accept the default. A screen similar to
the following will be displayed.
System Location (Unset) :
4. Enter the new system location or just press <Enter> to accept the default. A screen similar
to the following will be displayed.
System Description (DESCRIPTION NOT SET.) :
5. Enter the new system description or just press <Enter> to accept the default. A screen similar to the following will be displayed.
Duplicate Mac Aging Timer :
The Duplicate MAC Aging Timer indicates the time, in seconds, duplicate MACs remain in
CAM if there is no traffic from those MACs. After this time, inactive MACs will age out of
the CAM. You must reset the switch before this parameter takes effect. Duplicate MAC
addresses will display as normal MAC addresses in other software commands, such as fwt
and macinfo. See Duplicate MAC Address Support on page 9-30 for further discussion.
6. Enter a new duplicate MAC aging timer value (the valid range is from 10 to 1000000) or
just press <Enter> to accept the default.
Page 9-23
Viewing CAM Information
Viewing CAM Information
The camstat command displays information and usage about the content addressable memory
(CAM) on each switching module in the chassis. To view this CAM information, enter
camstat
at the system prompt. Something similar to the following will be displayed.
Slot
-----MPM
2
3
4
5
# of CAMs
--------------1
4 (2 + 2)
1 (1 + 0)
1 (1 + 0)
4 (2 + 2)
Cfg Usage
---------------------NA
0
0
0
0
Max Avail
--------------------NA
3966
1008
1004
4093
Actual Usage
----------------------NA
0
0
0
0
The fields displayed by the camstat command are described below.
Slot.
The slot number of the switching module for which CAM information is provided.
# of CAMs.
The number of CAM chips installed on the switching module.
Cfg Usage. The number of CAM entries this module is configured to support. By default a
module will use the maximum amount of entries supported by on-board CAM. However, you
can alter this default through the camcfg command (described in Configuring CAM Distribution on page 9-25) to make the most efficient use of the CAM distributed among all switching
modules in the chassis. Up to 31.25 K of CAM is supported over all modules in an Omni
Switch/Router.
Max Avail.
The number of CAM entries available. This number will be less than the number of
CAM entries configured because some entries will be used by learned MAC addresses (shown
in the Actual Usage column) and others are used internally by the OmniSwitch.
Actual Usage.
The number of MAC addresses learned by the module in this slot.
♦ Note ♦
For CAM statistics for an entire chassis, use the hdstat
command, which is described in Chapter 11, “Health
Statistics.”
Page 9-24
Configuring CAM Distribution
Configuring CAM Distribution
CAM (Content Addressable Memory) on switching modules is used to look up the MAC
address of endstations attached to the modules. You can use the camstat command to display
each module’s CAM usage. See Viewing CAM Information on page 9-24 for more information
on the camstat command.
The Omni Switch/Router supports approximately 31.25 K of usable CAM among all the
switching modules in a chassis. (A small amount of CAM memory is reserved by the Omni
Switch/Router for its processing.)
When each switching module in a 9-slot chassis has 1 K of CAM, the 31.25 K limitation is not
reached since only 8 K (assuming 8 switching modules) is used. However, when some
switching modules use 4 K or 8 K of CAM the 31.25 K limitation could be reached quickly.
For example, if all the switching modules in a fully-loaded 9-slot chassis have 4 K CAMs you
would exceed the 31.25 K limit. In this configuration, the Omni Switch/Router would subtract
256 K of available CAM memory from the first switching module to initialize and 512 K of
available CAM memory from the last switching module to initialize. If you need to configure
CAM usage use the camcfg command, which is described below.
♦ Important Note ♦
If you use a configuration file (e.g., mpm.cfg) from an
OmniSwitch on an Omni Switch/Router, any CAM
configuration settings will be ignored.
The camcfg command allows you to individually allocate CAM space to switching modules.
This command configures the maximum entries a switching module may use, freeing up overall CAM space in the chassis so that some modules can use more of their on-board CAM.
Follow these two additional rules:
• The CAM memory size for a switching module must be configured to at least one-half of
the total memory available on the switching module. For example, if your switching
module has 2 K of CAM memory, you must allocate at least 1 K of CAM to that switching
module.
• The amount of CAM memory allocated for a switching module must be a whole-number
multiple of 1024 (e.g., 1024, 2048, etc.).
Follow these steps to configure the number of CAM entries used by a switching module:
1. Enter camcfg followed by the slot number for the module that you want to configure. You
can configure the CAM on switching modules only, not on the MPX. For example, to
configure CAM for the module in slot 3, enter
camcfg 3
2. The system displays a prompt asking for the number of CAM entries to use for this
module.
Enter maximum number of CAM entries for slot 3 (1024):
Enter the number of CAM entries to use for this module. The current value is listed in
parentheses. The value you enter must be equal to or less than the total number of entries
available on board this module. For example, you could not configure 2048 entries for a
switching module with only 1K of CAM.
Page 9-25
Configuring CAM Distribution
A message similar to the following will display:
Slot 3 Configured to learn 256 MACs will round up to 256 MACs
This configuration will take effect only after system reboot
3. The new CAM configuration will take effect after you reboot the system. For this reason,
you may want to configure the CAM for all modules in this system. Reboot the system and
check the updated CAM configurations through the camstat command.
Page 9-26
Configuring the HRE-X Router Port
Configuring the HRE-X Router Port
Various services in the switch use the HRE-X router port MAC registers. The registers are allocated as the services are loaded at startup. The hrex submenu contains five commands for use
with the Hardware Routing Engines (HREs). The hrexassign command allows you to configure the switch so that registers are reserved for particular services. The hrexdisplay command
allows you to view your current configuration. To display the hrex submenu, enter
hrex
at the system prompt. A screen similar to the following is displayed.
Command
HRE-X Management Menu
--------------------------------------------------------------------------------------------------------------hrexassign
Assign an HRE-X router port MAC register to a service
hrexdisplay
Display HRE-X router port MAC register assignments
hrexutil
Display HRE-X Pseudo CAM and cache utilization
hrexhashopt
Optimize HRE-X Pseudo CAM hash function for current data
hrexhashdflt
Restore default HRE-X Pseudo CAM hash function
To view the current HRE-X configuration enter
hrexdisplay
at the system prompt. A screen similar to the following is displayed.
Reg
-----1
2
3
Configured
---------------Any
Any
Any
Actual
----------------Routing
Unused
Unused
The fields displayed by the hrexdisplay command are described below:
Reg.
The number of the MAC registers.
Configured.
Actual.
The service type assigned to the register.
The service that is actively using the register.
To reserve a register for a particular service, you can assign the registers to the service. To
assign the registers on the HRE-X router port, enter
hrexassign
at the system prompt. A screen similar to the following is displayed.
hrexassign <register number> <service type>
The <register number> is either 1, 2 or 3 referring to the MAC register. The <service type>
parameter specifies the service configured to the registers. The service types are shown on the
screen display are defined here.
This register is not reserved to a particular service.
any.
routing.
cip.
This register is assigned to standard routing.
This register is assigned to Classical IP
m013.
This register is assigned to Channelized DS-3 module (WSX-M013).
mpoa.
This register is assigned to Multiprotocol Over ATM
vrrp.
This register is assigned to Virtual Router Redundancy Protocol.
Page 9-27
Configuring the HRE-X Router Port
For example, to assign register 3 to the Classical IP service enter
hrexassign 3 cip
at the system prompt. A screen similar to the following is displayed.
HRE-X RPM 3 configured for “CIP”; reboot to make effective.
As indicated on the screen, the register assignment will not take effect until the switch is
rebooted. If you use the hrexdisplay command after making a the register assignment shown
in the above example, a screen similar to the following is displayed.
Reg
Configured
Actual
------------------------------------1
Any
Routing
2
Any
Unused
3
CIP
Routing
Configuration changed since last reboot.
This indicates that register 3 is assigned to the CIP service but is actually using the Routing
service. Also, the message at the bottom of the table indicates that the HRE-X configuration
has changed since the last reboot of the switch. After a reboot, the hrexdisplay command will
display the following screen.
Reg
-----1
2
3
Page 9-28
Configured
Actual
-------------------------------Any
Routing
Any
Unused
Routing
Routing
Configuring the HRE-X Router Port
Configuring and Displaying the HRE-X Hash Table
The HRE-Xs use a hardware implemented hash table to route packets for transmission. The
switch employs a default hash function that works well in a broad range of data environments. In rare cases, you may want to change the hash table configuration to optimize it for
your particular data flow. This should be done with care because the data population will
change over time. A hash function that works well for one set of data may not work as well
for another. Also, note that optimizing the hash function will cause all of the current entries in
the HRE-X to be cleared and then relearned; therefore, this should be done with extreme
caution.
Two HRE-X commands are used to optimize the hash function. They are the hrexutil and the
hrexhashopt commands. The hrexutil command displays the current utilization of the hash
table. To view the HRE-X Utilization table, enter
hrexutil
at the system prompt. A screen similar to the following is displayed.
HRE-X Utilization
---------------Hash
Collisions
Cache
Collision Length
-
Total:
Total:
Total:
Max:
65536
131072
40960
3
Free:
Free:
Free:
Avg:
65528
131069
40949
1
The fields displayed by the hrexutil command are described below:
Hash.
The number of entries in the hash table.
Total.
The total number of units available.
Free.
The number of units that are not yet used.
Collisions.
Cache.
The number of entries that have hashed to the same index in the hash table.
The number of modifications required to route a packet.
Collision Length.
The length of the longest (Max) collision list and the average length (Avg) of
the collision lists.
The hrexhashopt command causes the switch to compute an optimized hash function based
on the data currently in the HRE-X. This function is saved in the configuration file so it will be
present after a reboot.
To use the hrexhashopt command, enter
hrexhashopt
at the system prompt. The screen does not display a confirmation message after this
command. You can verify optimization by observing the changes in the HRE-X Utilization.
After using hrexhashopt, the maximum and average collision lengths should be reduced as
shown in the HRE-X Utilization table shown above. If they are not, you should consider
returning to the default hash function by using the hrexhashdflt command.
To use the hrexhashdflt command, enter
hrexhashdflt
at the system prompt. The screen does not display a confirmation message after this
command. The hrexhashdflt command will return the hash function back to the default value.
Page 9-29
Duplicate MAC Address Support
Duplicate MAC Address Support
When the switch sees the same MAC address sending traffic on a different switch port (a
Duplicate MAC Address), it assumes the original network device moved. The switch sends a
trap notifying network management of this station move event. It sends one trap for a device
move within the same Group and another trap for a device move outside of the home Group.
A station move trap is normally sent after an actual station move. However, certain network
configurations assign the same MAC address to different network devices (physical and
virtual) as standard practice. In these situations, the duplicate MAC address appears as a
station move when it is really a normal occurrence in these network configurations. These
network configurations that use the same MAC address for different devices include:
• LAN Emulation under Cisco routers. Cisco routers use the same MAC address for each LAN
Emulation Client (LEC). In LAN Emulation, each ELAN needs to be treated as a separate LAN
and should therefore have a separate MAC address.
• IBM Front End Processor (FEP). Many IBM FEPs use the same MAC address assigned to the
connecting devices for the purpose of redundancy.
• DECnet networks. The DECnet protocol assigns the special MAC address, AA000400XXYY
(XXYY is an internal protocol ID) to each DECnet station or routing device regardless of the
number of physical interfaces.
Initially, duplicate MAC addresses in these special situations may be no more of a problem
than extra traps being sent for an event (station move) that did not really happen. However,
when a large number of these network devices send the same MAC address out the same
port, flooding can occur and the switch will eventually shut the port down.
To prevent a port from being shut down, the switch needs some way of knowing the duplicate MAC addresses originating from the port are not an error condition.
The switch will treat duplicate MAC addresses as separate addresses as long as they are
learned from a different Group as the original MAC. Each duplicate MAC address will use one
entry in the CAM. Up to 32 duplications of the same MAC address are supported. Duplicate
MAC addresses learned from virtual ports within the same Group are treated as station moves
and will generate corresponding traps. If the MAC address moves from one VLAN to another
VLAN within the same Group, the switch will not treat the MAC addresses as separate.
Page 9-30
Duplicate MAC Address Support
If your network supports duplicate MAC addresses, there may be a significant performance
impact due to the following reasons:
• A MAC address is usually stored only in the CAM of the switching module where its destination address is located. If duplicate MAC addresses are treated as separate addresses,
then the same MAC address may have to be stored in the CAM of multiple switching
modules, not just the module that originally learned the address.
• Every duplicate MAC address becomes a CAM table entry, so there will be less room in the
CAM for other entries to be learned. Since up to 32 duplications of a single MAC address
are possible, this CAM can become crowded with these duplicate entries.
You can reduce the impact of a crowded CAM by configuring the Duplicate MAC Aging Timer
in the syscfg command, which is described in Configuring System Information on page 923. This timer allows you to age out Duplicate MAC CAM entries from devices that are inactive for the time period you specify.
• Extra search time will be required for each lookup of the same MAC address since it is
treated as a separate entry in the CAM.
In addition to these performance impacts, you will lose the tracking of legitimate station
moves. No traps will be sent for Duplicate MAC addresses that appear in different Groups.
Page 9-31
Multicast Claiming
Multicast Claiming
Multicast claiming can be enabled for networks with heavy multicast traffic. When enabled,
multicast claiming frees the MPX from processing multicast packets by off-loading this traffic
to the switching modules. When multicast claiming is enabled, the switch “claims” destination
multicast addresses and places them in the CAMs of all switching modules in the switch.
You can enable multicast claiming by adding the following line to the mpx.cmd file:
bslLearnMcPkt=1
You can use the edit command to make this change. (See Chapter 7, “Managing Files,” for
instructions on using the edit command.) You will need to reboot the switch for this parameter to take effect. Multicast claiming can later be disabled by changing the setting for this
parameter to zero (0), as follows:
bslLearnMcPkt=0
An alternative method for managing multicast traffic is through the use of Multicast VLANs. See
Chapter 27, “Managing AutoTracker” and Chapter 28, “Managing Multicast VLANs” for further
information.
Disabling Flood Limits
Two UI commands are available for controlling flood limits for individual ports and Groups.
The modvp command (described in Chapter 24, “Managing Groups and Ports”) allows you to
control the flood limits for a specific port. The flc command (described in Chapter 22,
“Configuring Bridging Parameters”) allows you to configure flood limits for all ports in a
group.
You can also disable flood limits on a switch-wide basis by adding the following line to the
mpx.cmd file:
disableFloodLimiting=1
You can use the edit command to make this change. See Chapter 11, “Managing Files,” for
instructions on using the edit command. You will need to reboot the switch for this parameter to take effect.
Page 9-32
Saving Configurations
Saving Configurations
Under normal conditions, configurations you make using the UI are written into cache and
automatically saved into the switch’s flash memory. In this case, it is not necessary to issue a
special command to save your configurations. When you use the UI to enter multiple configurations, periodically the switch will display the following message.
File system compaction in progress . . .
This message indicates that the switch is compacting data in the cache buffer before writing it
into the mpm.cnf file. This message normally disappears after a few seconds.
♦ Warning ♦
It is highly recommended that you use the default
setting and allow the switch’s save function to operate
automatically.
You can change the switch’s save function so that the cache is not saved automatically by
executing the cacheconfig command. To turn off the switch’s automatic save function, enter
cacheconfig on
at the system prompt. The following message will display.
Cache Configuration is now on
♦ Warning ♦
Any configurations you enter before executing the
saveconfig command will not be saved in case of
system failure or reboot.
Once cacheconfig is implemented, you must use the saveconfig command to manually
synchronize your configurations into flash memory. When you execute the saveconfig
command at the system prompt, the following message will display.
File system compaction in progress . . .
The UI does not indicate when the cacheconfig function is in operation. However, if you
attempt a reboot the following message will display if you are in the cache configuration
mode.
!!!Warning!!! You are in the cache configuration mode.
Please enter ‘n’/’N’ to the following confirm prompt.
Then enter the UI command “saveconfig”, or
enter the CLI command “dump configuration cache” to
save the current configuration to mpm.cnf in the flash.
Otherwise, all/some your configuration changes will be lost!
Confirm? (n) :
This message gives you the opportunity to execute the saveconfig command prior to the
reboot.
Page 9-33
Saving Configurations
To determine whether you are in the cache configuration mode, enter the cacheconfig
command. If cache config is operational the following message will display one of the following messages.
Cache Configuration is currently on.
or
Cache Configuration is currently off.
To turn off the cache configuration mode, enter the following command at the system
prompt.
cacheconfig off
The following message will display.
File system compaction in progress . . .
Cache Configuration is now off
Page 9-34
10
Switch Logging
Logging Overview
Whether you are troubleshooting, configuring, or simply monitoring the switch, you may find
it useful to view a history of various switch activities. The Logging submenu contains a list of
commands for viewing and configuring logging on the system. To enter the logging submenu,
enter
logging
at the system prompt. Enter a question mark (?) and then press <Enter> to display the following list of commands:
Command
syslog
swlogc
cmdlog
conlog
caplog
debuglog
seclog
Logging Menu
Change the syslog parameters (not part of Switch Logging feature).
Configure Switch Logging source/destination mapping and priority levels.
Show UI Command entries in the mpm.log file
Show Connection entries (logins/logouts) entries in the mpm.log file
Show Screen Capture entries in the mpm.log file.
Show Debug message entries in the mpm.log file
Display Secure Access log file entries.
Commands in the submenu are described here.
System Log Messages
The syslog command is used to configure how system log messages, like diagnostic and error
messages, are handled on the switch. See Configuring the Syslog Parameters on page 10-2.
Switch Logging Parameters
The swlogc and remaining commands in the submenu are part of the Switch Logging feature,
which is a separate logging mechanism. The swlogc command is used for configuring the
logging parameters of various switch activities such as FTP and Telnet, and is described in
Configuring Switch Logging on page 10-6.
The other commands listed in the submenu above are support commands for Switch Logging.
• cmdlog command—displays the UI command entries in the mpm.log file, which is one of
the possible destinations for Switch Logging data. See Displaying the Command History
Entries in the MPM Log on page 10-9.
• conlog command—displays the connection entries in the mpm.log file. See Displaying the
Connection Entries in the MPM Log on page 10-10.
• caplog command—displays the screen capture entries in the mpm.log file. See Displaying
Screen (Console) Capture Entries in the MPM Log on page 10-11.
• debuglog command—shows the debug entries in the mpm.log file. See Displaying Debug
Entries in the MPM Log on page 10-13.
• seclog command—shows the Secure Access violation event entries in the mpm.log file. See
Displaying Secure Access Entries in the MPM Log on page 10-13.
Page 10-1
Configuring the Syslog Parameters
Configuring the Syslog Parameters
Syslog messages are messages generated by individual processes in the switch. These
messages contain information for conditions that range from debugging to emergency error
conditions.
The syslog command allows you to control how these messages will be handled. You can
designate what kinds of messages you will see and where the messages will be sent. This
syslog implementation is compatible with the standard BSD UNIX implementation for syslog
services.
To see the current syslog configuration, enter
syslog
at the system prompt. A screen similar to the following will be displayed.
SYSLOG current configuration:
1) Log host
2) Log host IP
3) Syslog port (514)
4) Default facility code
41) Override internals
5) Default priority mask
51) Override internals
52) Display internals
6) Console logging
7) Log Task ID
71) Use Task Name
8) Message tag
- UNDEFINED
- 514
- local0
- no
- emerg
- no
- no
- yes
- yes
- no
- switch
(save/quit/cancel)
:
Select the number of the item you want to change. To change any of the values on the previous page, enter the line number, followed by an equal sign (=), and then the new value. For
example, to turn off console logging, enter:
6=no
The question mark (?) option refreshes the screen. To update the values you have changed,
enter save. If you do not want to save the changes enter quit or cancel, or press Ctrl-D.
The parameters displayed by the syslog command are described below.
Log host
The name of the host where you want the syslog messages sent. The Domain Name Server
(DNS) must be configured for this to work. Use the res command to configure the DNS. (The
res command is described in Chapter 14, “RMON and DNS Resolver.”)
Log host IP
The IP address of the host where you want the syslog messages sent. If the IP address and
the Log host name disagree, the IP address takes precedence.
Syslog port (514)
The port to which the syslog messages will be sent on the specified host. Port 514 is the
normal port number used and is the default.
Page 10-2
Configuring the Syslog Parameters
Default facility code
The facility code is used to identify which sub-system generated the syslog message. Note that
this code is used only as a default for tasks that do not have a facility code. See the table
below for a list of the facility codes. The default is local0.
Syslog Facility Codes
Facility
Source
LOG_KERN
Messages generated by the kernel
LOG_USER
Message generated by random user processes
LOG_MAIL
The mail system
LOG_DAEMON
System daemons
LOG_AUTH
The authorization system
LOG_LPR
The line printer spooling system
LOG_NEWS
Reserved for the USENET system
LOG_UUCP
Reserved for the UUCP system
LOG_CRON
The cron/at facility
LOG_LOCAL0-7
Reserved for local use
Override internals
This setting will force all syslog messages to use the default facility code specified in Default
facility code instead of their own predefined facility codes.
Default priority mask
The mask for the priority code. Indicates the type of syslog message. Note that this mask is
used only as a default for tasks that do not have a priority code. Priority codes for syslog
messages are usually hardcoded. The following table is a list of priority codes.
Page 10-3
Configuring the Syslog Parameters
Syslog Priority Codes
Level
Value
Meaning
LOG_EMERG
0
FATAL system event
LOG_ALERT
1
FATAL subsystem event
LOG_CRIT
2
Problem, subsystem unstable
LOG_ERR
3
Problem, bad event,
recoverable
LOG_WARNING
4
Unexpected, non-fatal event
LOG_NOTICE
5
normal but significant
condition
LOG_INFO
6
info
LOG_DEBUG
7
Internal debug messages
Override internals
This field will force all syslog messages to use the default priority mask specified instead
of their own predefined priority masks.
Display internals
This field allows the user to display the task log level. Enter 52=yes to display the submenu below. If, for example, you wanted to change the priority mask CM via kern from
“warn” to “alert,” you would enter 4=alert. Note that this change will take place immediately and you do not need to enter save for it to take effect. Type save, quit, or cancel and
then press <Enter> to return to the main syslog menu.
Internal task syslog configuration:
(NOTE: changes take effect immediately and
are NOT saved across reboots!)
0)
1)
2)
3)
4)
5)
6)
7)
8)
9)
10)
PPM via kern
LPM via kern
VPM via kern
SNMP via kern
CM via kern
ATMmgr via kern
atmLANE via kern
Q93bif via kern
ILMIif via kern
SSI0 via kern
atmSNMP via kern
- alert
- alert
- alert
- alert
- warn
- alert
- alert
- alert
- alert
- alert
- alert
Console logging
Determines whether or not you want to see syslog messages on your console (terminal). If set
to yes, the messages will be displayed on either an ASCII terminal connected to the console
port or via a Telnet session.
Page 10-4
Configuring the Syslog Parameters
Log Task ID
Determines whether or not you want to see the task ID that can be included in the syslog
message.
Use Task Name
This allows the user to display descriptive task names for syslog messages (see the Display
sub-menu above) instead of numeric codes.
internals
Message tag
Text of up to 10 characters that is added to every message leaving the switch. It is useful
when multiple switches send messages to the same host.
Page 10-5
Configuring Switch Logging
Configuring Switch Logging
Switch logging is a feature that allows you to activate and configure the logging of various
types of switch information. Once you activate logging for a specific facility through the
switch logging command, you may also decide whether the log output should display on the
console, be saved to a file, or be both displayed and saved to a file. To enter the switch
logging submenu, enter
swlogc
at the system prompt. A screen similar to the following displays:
CONFIGURATION MENU FOR SWITCH LOGGING
1) Security Logging
11) Output to File
12) Output to Console
2) FTP Logging
21) Output to File
22) Output to Console
3) Flash File Logging
31) Output to Console
4) Screen Capture
41)Output to File
5) Console Event Logging
51) Output to File
52) Output to Console
6) User Interface Logging
61) Output to File
62) Output to Console
7) Telnet Logging
71) Output to File
72) Output to Console
8) Log File (mpm.log) Size
9) Return Logging to Default Configuration
: Disabled
: Yes
: No
: Disabled
: Yes
: No
: Disabled
: Yes
: Disabled
: Yes
: Disabled
: Yes
: No
: Disabled
: Yes
: No
: Disabled
: Yes
: No
: 20000 bytes
: No
Command {Item/ Item=Value/ ?/ Help/ Quit/ Cancel/ Save} (Redraw) :
The logging types are described here:
1) Security Logging
Enabling security logging allows you to view all security violations that occur within the
switch. Set to enable to activate logging for any security violations that occur within the
switch. Set to disable to de-activate logging for security violations.
♦ Note ♦
Security Logging must be enabled in order to display
the Secure Switch Access violations log (seclog).
2) FTP Logging
FTP Session Events is a record of all FTP (File Transfer Protocol) activities since logging was
activated. Once you enable FTP Logging by entering 2=enable, you may view it through the
conlog command (described in Displaying the Connection Entries in the MPM Log on page 1010). To disable FTP Session Events logging, enter 2=disable.
Page 10-6
Configuring Switch Logging
3) Flash File Logging
Flash file logging records debug information from the code that manages the switch logging
feature itself (previously called “flash file system logging”). To enable flash file logging, enter
3=enable. To disable flash file logging, enter 3=disable. Flash file logging messages cannot be
saved in the mpm.log file, but flash file logging messages may be displayed on the console by
entering 31=yes. To disable sending flash file logging messages to the console, enter 31=no.
4) Screen Capture
Screen logging captures screen text for logging. To enable screen logging, enter 4=enable. To
disable screen logging, enter 4=disable. Note that since screen text already goes to the screen,
logging output to the screen is not permitted. If you want to display the screen capture
entries for all logged users, use the caplog command (for more information, see Displaying
Screen (Console) Capture Entries in the MPM Log on page 10-11).
♦ Note ♦
The screen capture feature has not yet been implemented.
5) Console Event Logging
Console Session Events is a record of all console login activities in the switch, including user
names, and connection times. Once you enable Console Event logging by entering 5=enable,
you may view it through the conlog command (described in Displaying the Connection Entries
in the MPM Log on page 10-10). To disable logging for Console Events, enter 5=disable. Note
that logging output to the console is not permitted.
6) User Interface Logging
User Interface Logging is executed on the switch since the UI log was activated. Once you
enable UI logging by entering 6=enable, you may view it through the cmdlog command
(described in Displaying the Command History Entries in the MPM Log on page 10-9). To
disable logging for the UI, enter 6=disable.
7) Telnet Logging
Telnet Logging is a record of all Telnet activities since Telnet logging was activated. Once you
enable Telnet logging by entering 7=enable, you may view it through the conlog command
(described in Displaying the Connection Entries in the MPM Log on page 10-10). To disable
logging for Telnet, enter 7=disable.
8) Log File Size
Use this parameter to set the mpm.log file size. The default is 20,000 bytes. The maximum
number of bytes is dependent upon the available flash in your system. If you set a file that is
too large, the command will tell you the maximum allowed size. (This is half of the remaining free space in your flash file system.) The minimum file size is 3,240 bytes.
9) Return Logging to Default Configuration
Use this parameter to return all of the switch logging options to their default values. Enter
9=yes to reset the configuration at reboot. To keep the same logging configuration at the next
reboot, make sure this parameter is set to no.
Page 10-7
Configuring Switch Logging
In addition to enabling or disabling each type of logging, you can also specify whether to
output the log to a file or to the console:
Output to File
Set to yes (y) to store the log messages in the mpm.log file. Set to no (n) to disable sending log messages to this file. (This option is not available for flash file logging or screen
capture.)
Output to Console
Set to yes to display the log messages on the console screen. Set to no to disable the
screen as an output device for Security Logging.
Page 10-8
Displaying the Command History Entries in the MPM Log
Displaying the Command History Entries in the MPM Log
The cmdlog command displays a list commands executed since User Interface (UI) facility
logging was activated by the swlogc command (described in Configuring Switch Logging on
page 10-6). To display this data, enter
cmdlog
at the system prompt. The following is a sample display.
User
----------admin
admin
admin
admin
admin
admin
admin
Line
----------------------198.206.187.113
198.206.187.113
198.206.187.113
console
console
198.206.187.113
198.206.187.113
Time
--------------------------08/14/00 16:42
08/14/00 16:42
08/14/00 16:43
08/15/00 10:28
08/15/00 10:28
08/15/00 14:03
08/15/00 14:05
User Input
--------------------------cmdlog
xlat
conlog
logging
?
taskstat
taskstat
The fields displayed by the cmdlog command are described below.
User.
The login name of the user who executed the command.
Line. The login type of the user who executed the command. If, for example, the user was
connected through the console port, “console” will be displayed. If the user was connected
through Telnet, on the other hand, then the IP address of that user will be displayed.
Time.
The time that the command was executed.
User Input.
The actual text (up to 32 characters) that the user entered at the system prompt.
♦ Note ♦
If you just want to display the commands executed
during the current session you can use the history
command, which is described in Chapter 4, “The User
Interface.”
Page 10-9
Displaying the Connection Entries in the MPM Log
Displaying the Connection Entries in the MPM Log
The conlog command displays a list of connections made since console event, FTP, or Telnet
logging was activated by the swlogc command (described in Configuring Switch Logging on
page 10-6). To display this data, enter
conlog
at the system prompt. A screen similar to the following will be displayed.
User
--------
Line
-----------
Peer
---------------
Start
----------------
Finish
------------------
admin
admin
admin
admin
admin
Telnet
Telnet
Telnet
console
Telnet
198.206.187.113
198.206.187.113
198.206.187.113
08/14/00 09:47 08/20/00 09:47 08/20/00 09:55 08/20/00 10:35
08/20/00 11:02
09:47 (00:00)
09:53 (00:05)
10:00 (00:05)
logged in (00:27)
logged in (00:00)
198.206.187.113
The fields displayed by the conlog command are described below.
User.
The name of the user who made the connection to the switch.
Line.
The login type of connection to the switch (e.g., a Telnet or console port connection).
Peer.
If the user was connected through Telnet, then the IP address of the user will be
displayed. If the user was connected through the console port, then this field will be blank.
Start.
The time that the connection started.
Finish. Displays the time the connection terminated or logged in for sessions that are still
current. The value in parenthesis is the duration of the session, in minutes.
Page 10-10
Displaying Screen (Console) Capture Entries in the MPM Log
Displaying Screen (Console) Capture Entries in the MPM
Log
The caplog command displays the screen capture entries in the mpm.log file. (Note: This
feature is not yet implemented.) In order to view screen capture entries through this
command, you must first enable the Screen Capture log facility through the swlogc command
(see Configuring Switch Logging on page 10-6). To display screen capture entries in the log,
enter
caplog
at the system prompt. A screen similar to the following will be displayed.
1) Console
2) Modem
3) Telnet (0)
4) Telnet (1)
5) Telnet (2)
6) Telnet (3)
select ?
Select which user’s screen entries you would like to view by entering the user’s line number
at the prompt. For example, if you enter 1 at the select ? prompt, a screen similar to the
following displays:
=======================Start Screen Capture Display for Console==================
/ % systat
System Uptime
MPM Transmit Overruns
MPM Receive Overruns
MPM total memory
MPM CPU Utilization (5 sec)
MPM CPU Utilization (60 sec)
Power Supply 1 State
Power Supply 2 State
Temperature
Temperature Sensor
Temperature Alarm Masking
: 0 days, 01:01:47.01
:0
:0
: 18548968 bytes
: 3 % ( 0% kernel 1% task 97% idle)
: 4% ( 0% intr 0% kernel 2% task 96% idle)\
: OK
: Not Present
: 32.00c 89.60f
: OF - Under Threshold
: Disabled
=======================End Screen Capture Display for Console==================
The options displayed by the caplog command are described below.
1) Console.
2) Modem.
Displays screen capture entries for the user logged in from the console.
Displays screen capture entries for the user logged in from the modem.
3) Telnet (0).
Displays screen capture entries for the user logged in from the first telnet session.
Page 10-11
Displaying Screen (Console) Capture Entries in the MPM Log
4) Telnet (1).
Displays screen capture entries for the user logged in from the second telnet
session.
5) Telnet (2).
Displays screen capture entries for the user logged in from the third telnet
session.
6) Telnet (3).
session.
Page 10-12
Displays screen capture entries for the user logged in from the fourth telnet
Displaying Debug Entries in the MPM Log
Displaying Debug Entries in the MPM Log
The debuglog command displays the debug entries in the mpm.log file. (Note: Currently
there are no facilities using debugging.) Below is a sample display of the debuglog
command.
Task Name
-------------------------------tUdpRelay
Time
--------------------14:33:36
Debug Message
--------------------------------------------------------Undersized DHCP req rcvd; discarding
The fields displayed by the debuglog command are described here.
Task Name.
Time.
The task that generated the debug message.
The time the message was generated by the task.
Debug Message.
Information relevant to debugging.
Displaying Secure Access Entries in the MPM Log
The seclog command displays the secure access violation event entries in the mpm.log file. To
display this data, enter
seclog
at the system prompt. A screen similar to the following will be displayed.
Secure Access Violations Log
Time
-----------------------12:49:02
03:15:34
Protocol
------------FTP
Telnet
Source IP
-------------172.23.8.801
198.20.2.101
Attempts
-------------1
10
Slot/
Intf
------5/1
2/3
Elapsed Time
(secs)
------------------23
240
Descriptions of the fields are as follows:
Time.
The first time the access violation occurred.
Protocol.
The IP protocol for which the violation occurred.
Source IP.
The source IP address of the unauthorized user.
Attempts. The number of access attempts made by this user within the sample period (5
minutes).
Slot/Intf. The
physical port that received the unauthorized user information.
Elapsed Time (secs). The duration (in seconds) from the first unauthorized access to the end of
the sampling period (5 minutes). Secure access violations will take 5 minutes to display in the
log file.
Page 10-13
Displaying Secure Access Entries in the MPM Log
Page 10-14
11
Health Statistics
The health statistics feature monitors the consumable resources of a switch, and provides a
single integrated source for Network Management Software (NMS), such as X-Vision, to use in
obtaining statistics on switch performance. With the health statistics, the user can set specific
threshold levels for consumable resources in the switch. Such resources include bandwidth
capacity, CAM and CPU usage, and RAM memory usage. If a threshold for a particular resource
is exceeded, a notification is sent to the NMS via an SNMP trap.
♦ Important ♦
You must configure your NMS to accept traps from the
monitored switch. X-Vision allows you to set which
network management stations receive traps. For more
information, see the X-Vision online help.
The health statistics software monitors the resource utilization levels and thresholds of a
switch, and at fixed intervals collects the current values for each resource being monitored.
After obtaining the statistics, the health statistics software checks to see if any rising or falling
threshold crossings occurred since its last poll by comparing the current poll data with the
previous poll data. If a threshold crossing has occurred, a trap is sent to NMS (such as XVision), allowing the system administrator to pinpoint possible performance issues.
Through the UI (user interface), threshold levels can be set, the sampling interval can be
changed, and statistics (for a switch, module, or port) can be viewed or cleared.
The Health Statistics Management Menu
To access the Health menu, log on to a switch via a Telnet or console session, and type the
following command:
health
If the session is in terse mode, you will need to type ? to see the menu. If you are in verbose
mode, the following screen is displayed:
Command
-----------------hdcfg
hdstat
hmstat
hpstat
hreset
Health Menu
----------------------------------------------------------------------Set or view parameters
View device-level statistics
View module-level statistics
View port-level statistics
Reset health statistics
Main
File
Interface
Security
/System/Health %
Summary
System
VLAN
Services
Networking
Help
The hdcfg command allows you to set global thresholds for the switch. The hdstat, hmstat,
hpstat commands allow you to view the statistics on a switch, module, or port level, respectively. The hreset command resets the statistics for this switch.
Page 11-1
Setting Resource Thresholds
Setting Resource Thresholds
The health statistics software operates by monitoring set threshold levels on consumable
resources. When a resource exceeds a set level, a trap is generated and sent. These threshold
levels are set for the entire switch (or device) by using the hdcfg command. To set the threshold level for a switch’s consumable resources, enter the hdcfg command at the system
prompt. The following screen appears:
Device-level Resource Monitoring Configuration
1) Set Bandwidth Thresholds
:
2) Set Miscellaneous Thresholds :
3) Set Sampling Interval
:
There are three sets of resources that are configurable:
• Bandwidth thresholds. These settings allow you to set a percentage of available bandwidth
for received traffic, sent traffic, and the backplane. For more information on setting bandwidth thresholds, see Setting Bandwidth Thresholds on page 11-3.
• Miscellaneous thresholds. These settings allow to set a percentage for memory usage, VCC
usage, virtual port usage, and temperature. For more information on setting miscellaneous
thresholds, see Setting Miscellaneous Thresholds on page 11-4.
• Sampling interval. The sampling interval is the number of seconds between health statistics
checks. For information on how to set the sampling interval, see Setting the Sampling Interval on page 11-6.
Page 11-2
Setting Resource Thresholds
Setting Bandwidth Thresholds
Bandwidth is a measure of the amount of traffic a switch can handle for receiving, sending,
and on the backplane. The health statistics allow you to sent a percentage of available bandwidth, at which an SNMP trap is generated to alert the network administrator that the threshold has been exceeded. To set the threshold levels for switch bandwidth:
1. Enter health at a system prompt. The health menu (described above) displays.
2. Enter a 1 at the health menu prompt. The following menu displays:
Bandwidth Resource Monitoring Configuration
1) Receive Threshold
2) Transmit/Receive Threshold
3) Backplane Threshold
: 80
: 80
: 80
3. Threshold values are measured as a percentage of the total capacity of the resource. To
change a threshold or sampling interval value, type the index for the field, followed by an
equals sign, then the new value. For example, to change the Receive Threshold to 50
percent, you would type the following at the prompt:
1=50
The Receive Threshold would now be set to 50 percent of its total capacity (bandwidth).
4. When you have finished entering the new values, you must enter save to keep the new
configuration settings.
♦ Note ♦
Changing a threshold value sets the value for all levels
of the switch (switch, module, and port). You cannot
set different threshold values for each level.
Below is a description of the fields in the hdcfg command menu. The default for all monitored resources is eighty (80) percent of the maximum capacity of the resource.
Receive Threshold
The receive threshold sets a percentage of total bandwidth of the switch, module, or port.
When the amount of received data exceeds this percentage, an SNMP trap is sent.
Transmit/Receive Threshold
The transmit/receive threshold sets a percentage of the total bandwidth of the switch, module,
or port. When the amount of transmitted and received data exceeds this percentage, an SNMP
trap is sent.
Page 11-3
Setting Resource Thresholds
Backplane Threshold
The backplane threshold sets a percentage of total backplane bandwidth of the switch,
module, or port. When backplane usage exceeds this percentage, an SNMP trap is sent.
♦ Note ♦
When “U-turn” switching (i.e., data enters a module
port and is transmitted from a port on the same
module) is employed, the backplane threshold reading
will not be correct. Switched frames are not transmitted over the backplane but are counted by health statistics, causing the backplane percentage reading to be
higher than it should be.
Setting Miscellaneous Thresholds
The miscellaneous thresholds cover consumable resources such as memory, VCCs, temperature, and virtual ports. The health statistics allow you to sent a percentage the available
resource, at which an SNMP trap is generated to alert the network administrator that the
threshold has been exceeded. To set the threshold levels for switch bandwidth:
1. Enter health at a system prompt. The health menu (described above) displays.
2. Enter a 2 at the health menu prompt. The following menu displays:
Miscellaneous Resource Monitoring Configuration
1) CAM Threshold
2) CPU Threshold
3) Memory Threshold
4) VCC Threshold
5) Temperature Threshold
6) Virtual Port Threshold
: 80
: 80
: 80
: 80
: 80
: 80
3. Threshold values are measured as a percentage of the total capacity of the resource. To
change a threshold or sampling interval value, type the index for the field, followed by an
equals sign, then the new value. For example, to change the CAM Threshold to 50 percent,
you would type the following at the prompt:
1=50
The CAM Threshold would now be set to 50 percent of its total capacity (memory).
4. When you have finished entering the new values, you must enter save to keep the new
configuration settings.
♦ Note ♦
Changing a threshold value sets the value for all levels
of the switch (switch, module, and port). You cannot
set different threshold values for each level.
Page 11-4
Setting Resource Thresholds
CAM Threshold (MPM/HRE or NI)
The CAM threshold sets a percentage of the total amount of space available for storing the
cache tables. Cache tables maintain associations between received MAC addresses and the
ports they were received on. For the switch level, the CAM threshold separately monitors the
MPX and the HRE-X daughtercard (if it is installed) CAM tables. For the module level, it monitors the switching module CAM tables. CAM thresholds are not available on the port level.
When this percentage is exceeded, an SNMP trap is sent.
CPU Threshold
The CPU threshold sets a percentage of the total amount of processing ability for the MPX.
When the CPU usage exceeds this percentage, an SNMP trap is sent. The CPU threshold is only
used for the switch level.
Memory Threshold
The memory threshold sets a percentage of the total amount to MPX RAM memory for the
switch. When RAM usage exceeds this percentage, an SNMP trap is sent. The memory threshold is only used for the switch level.
VCC Threshold
This value is a number set as a percent. VCC Threshold is equal to the total number of active
VCCs divided by the switch VCC capacity. When this value is exceeded, an SNMP trap is sent.
Temperature Threshold
This threshold sets the number of degrees for the switch at which an SNMP trap is sent. This
threshold is measured in degrees Celsius. The range is from 0 to 100.
Virtual Port Threshold
This threshold sets a percentage of the total number of available virtual ports for the switch.
When the set percentage of available virtual ports is exceeded, an SNMP trap is sent.
Page 11-5
View Switch-Level Statistics
Setting the Sampling Interval
The sampling interval is the time interval between polls of the switch’s consumable resources
to see if it is performing within the set thresholds. To set the amount of time between polls:
1. Enter health at a system prompt. The health menu (described above) displays.
2. Enter a 3 at the health menu prompt. The following menu displays:
Resource Monitoring Interval Configuration
1) Sampling Interval
:5
3. To change the sampling interval, enter a 1, and equal sign, and the new interval in
seconds. For example, to change the sampling interval to 4 seconds, you would enter the
following:
1=4
4. When you have finished entering the new value, you must enter save to keep the new
configuration setting.
Sampling Interval
This sets the number of seconds between internal polling intervals. The health statistics
compares the current poll statistics with the last poll statistics to determine whether or not to
send a trap. The default for the Sampling Interval is five (5) seconds.
View Switch-Level Statistics
To view the statistics for the entire switch, enter the hdstat command at a system prompt. The
following table is displayed:
Device
Resources
---------------Receive
Transmit/Receive
Backplane
CAM [MPM]
CAM [HRE]
CPU
Memory
Temperature
Virtual Ports
Limit
-------80
80
80
80
80
80
80
45
80
Curr
------00
00
01
00
00
93*
50
44
11
1 Min
Avg
-------00
00
01
00
00
13
50
44
11
1 Hr
Avg
-----00
00
01
00
00
13
50
44
11
1 Hr
Max
-----00
00
01
00
00
22
50
44
11
/System/Health %
Statistics are displayed as percentages of the total resource capacity, and represent data taken
from the last sampling interval. If a threshold for a resource was exceeded, then that statistic
is marked with an asterisk (*).
♦ Important Note ♦
The hdstat command displays CAM usage for the entire
chassis. To see CAM usage for switching modules only,
use the camstat command as described in Chapter 9,
“Switch Wide Parameters.”
Page 11-6
View Module-Level Statistics
For field descriptions of the device resources column, see Setting Bandwidth Thresholds on
page 11-3 and Setting Miscellaneous Thresholds on page 11-4 above.
♦ Note ♦
When calculating percentages, the health statistics
cannot display less than one percent. If a single packet
is sent through a port, for example, the receive
resource usage is represented as one percent.
The following section describes the statistics displayed using the hdstat command.
Limit
The set threshold for this resource. You can set the resource levels using the hdcfg command.
See Setting Resource Thresholds on page 11-2 for specific procedures.
Current
The current resource usage. This number is a percentage of the total resource capacity.
1 Minute Average
The average percent of resource use for the last sixty seconds.
1 Hour Average
The average percent of resource use for the last sixty minutes.
1 Hour Maximum
The maximum percent of resource use for the last sixty minutes.
View Module-Level Statistics
To view module level statistics, type the hmstat command at a system prompt followed by the
slot number. For example, to view the statistics for a module in slot three, type the following:
hmstat 3
The following screen is displayed:
Slot 3
Resources
----------------Receive
Transmit/Receive
Backplane
CAM
Limit
-------80
80
80
80
Curr
------00
00
95*
00
1 Min
Avg
-------00
00
00
00
1 Hr
Avg
------00
00
00
00
1 Hr
Max
------00
00
00
00
/System/Health %
Statistics are displayed as percentages of the total resource capacity, and represent data taken
from the last sampling interval. If a threshold for a resources was exceeded, then that statistic
is marked with an asterisk (*). For descriptions of the monitored resources, see Setting Bandwidth Thresholds on page 11-3 and Setting Miscellaneous Thresholds on page 11-4 above.
Page 11-7
View Port-Level Statistics
For descriptions of the statistics, see View Switch-Level Statistics on page 11-6.
♦ Note ♦
The CPU and memory resources are not applicable to
the module level statistics display, and therefore are not
shown.
View Port-Level Statistics
To view port-level statistics, type the hpstat command at a system prompt as shown:
hpstat <slot>/<port>
where <slot> is the slot number and <port> is the port number. For example to view port 1 on
slot 3, enter the following:
hpstat 3/1
The following screen is displayed:
Port 3/1
Resources
-----------------Receive
Transmit/Receive
Backplane
Limit
-------80
80
80
Curr
------00
92*
00
1 Min
Avg
-------00
00
00
1 Hr
Avg
------00
00
00
1 Hr
Max
------00
00
00
/System/Health %
Statistics are displayed as percentages of the total resource capacity, and represent data taken
from the last sampling interval. If a threshold for a resource was exceeded, then that statistic
is marked with an asterisk (*). For descriptions of the monitored resources, see Setting Bandwidth Thresholds on page 11-3 and Setting Miscellaneous Thresholds on page 11-4 above.
For descriptions of the statistics, see View Switch-Level Statistics on page 11-6.
Reset Health Statistics
To reset the health statistics for the switch, type the hreset command at a system prompt. The
following message is displayed:
Are you sure you want to reset health statistics? (n) :
To confirm your choice to clear the switch health statistics, type y at the prompt. After you
confirm your choice, the following confirmation notice is displayed:
RESET HEALTH STATISTICS
♦ Note ♦
The hreset command clears the statistics for the entire
switch. You cannot clear statistics for the module or
port level only.
Page 11-8
12
Network Time Protocol
Introduction
The Network Time Protocol (NTP) is used to synchronize the time of a computer client or
server to another server or reference time source, such as a radio or satellite receiver. It
provides client time accuracies within a millisecond on LANs, and up to a few tens of milliseconds on WANs relative to a primary server synchronized to Coordinated Universal Time (UTC)
(via a Global Positioning Service receiver, for example). Typical NTP configurations utilize
multiple redundant servers and diverse network paths in order to achieve high accuracy and
reliability. Some configurations include cryptographic authentication to prevent accidental or
malicious protocol attacks.
It is important for networks to maintain accurate time synchronization between network
nodes. The standard timescale used by most nations of the world is based on a combination
of Universal Coordinated Time (UTC) (representing the Earth's rotation about its axis) and the
Gregorian Calendar (representing the Earth's rotation about the Sun). The UTC timescale is
disciplined with respect to International Atomic Time (TAI) by inserting leap seconds at intervals of about 18 months. UTC time is disseminated by various means, including radio and
satellite navigation systems, telephone modems, and portable clocks.
Special purpose receivers are available for many time-dissemination services, including the
Global Position System (GPS) and other services operated by various national governments.
For reasons of cost and convenience, it is not possible to equip every computer with one of
these receivers. However, it is possible to equip some computers with these clocks, which
then act as primary time servers to synchronize a much larger number of secondary servers
and clients connected by a common network. In order to do this, a distributed network clock
synchronization protocol is required which can read a server clock, transmit the reading to
one or more clients, and adjust each client clock as required. Protocols that do this include
the Network Time Protocol (NTP).
Page 12-1
Stratum
Stratum is the term used to define the relative proximity of a node in a network to a time
source (such as a radio clock). Stratum 1 is the server connected to the time source itself. (In
most cases the time source and the stratum 1 server are in the same physical location.) An
NTP client or server connected to a stratum 1 source would be stratum 2. A client or server
connected to a stratum 2 machine would be stratum 3, and so on, as demonstrated in the
diagram below.
Time Source
(UTC)
Omni Switch/Routers running NTP
Stratum 1
Stratum 2
Stratum 3
The farther away from stratum 1 a device is, the more likely there will be discrepancies or
errors in the time adjustments done by NTP. A list of stratum 1 and 2 sources available to the
public can be found on the Internet.
♦ Note ♦
It is not required that NTP be connected to an officially
recognized time source (for example, a radio clock).
NTP can use any time source to synchronize time in
the network.
Using NTP in a Network
NTP operates on the premise that there is one true standard time (defined by UTC), and that if
several servers claiming synchronization to the standard time are in disagreement, then one or
more of them must be out of synchronization or not functioning correctly.
The stratum gradiation is used to qualify the accuracy of a time source along with other
factors such as advertised precision and the length of the network path between connections.
NTP operates with a basic distrust of time information sent from other network entities, and is
most effective when multiple NTP time sources are integrated together for checks and crosschecks.
To achieve this end, there are several modes of operation that an NTP entity can use when
synchronizing time in a network. These modes help predict how the entity behaves when
requesting or sending time information, listed below:
• A switch can be a client of an NTP server (usually of a lower stratum), receiving time information from the server but not passing it on to other switches.
• A switch can be a client of an NTP server, and in turn be a server to another switch or
switches.
• A switch (regardless of its status as either a client or server) must be peered with another
switch. Peering allows NTP entities in the network of the same stratum to regard each other
as reliable sources of time and exchange time information.
Examples of these are shown in the simple network diagram on the following page:
Page 12-2
Time Source
(UTC)
1a
NTP
Servers
1b
Stratum 1
Peer Association
2b
2a
NTP
Client/
Servers
Stratum 2
Peer Association
Stratum 3
3b
3a
NTP
Clients
Peer Association
Servers 1a and 1b receive time information from, or synchronize with, a UTC time source such
as a radio clock. (In most cases, these servers would not be connected to the same UTC
source, though it is shown this way for simplicity.) Servers 1a and 1b become stratum 1 NTP
servers and are peered with each other, allowing them to check UTC time information against
each other. These machines support machines 2a and 2b as clients, and these clients are
synchronized to the higher stratum servers 1a and 1b.
Clients 2a and 2b are also peered with each other for time checks, and become stratum 2 NTP
servers for more clients (3a and 3b, which are also peered).
In this hierarchy, the stratum 1 servers synchronize to the most accurate time source available, then check the time information with peers at the same stratum. The stratum 2 machines
synchronize to the stratum 1 servers, but do not send time information to the stratum 1
machines. Machines 2a and 2b in turn provide time information to the stratum 3 machines.
It is important to consider the issue of robustness when selecting sources for time synchronization. It is suggested that at least three sources should be available, and at least one should
be “close” to you in terms of network topology. It is also suggested that each NTP client is
peered with at least three other same stratum clients, so that time information crosschecking
will be performed.
Page 12-3
When planning your network, it is helpful to use the following general rules:
• It is usually not a good idea to synchronize a local time server with a peer (in other words,
a server at the same stratum), unless the latter is receiving time updates from a source that
has a lower stratum then from where the former is receiving time updates. This minimizes
common points of failure.
• Peer associations should only be configured between servers at the same stratum level.
Higher Strata should configure lower Strata, not the reverse.
• It is inadvisable to configure time servers in a domain to a single time source. Doing so
invites common points of failure.
NTP and Authentication
NTP is designed to use either DES or MD5 encryption authentication to prevent outside influence upon NTP timestamp information. This is done by using a key file. The key file is loaded
into the switch memory, and consists of a text file that lists key identifiers that correspond to
particular NTP entities.
If authentication is enabled on an NTP switch, any NTP message sent to the switch must
contain the correct key ID in the message packet to use in decryption. Likewise, any message
sent from the authentication enabled switch will not be readable unless the receiving NTP
entity possesses the correct key ID.
Key files are created by a system administrator independent of the NTP protocol, and then
placed in the switch memory. An example of a key file is show below:
1
2
14
15
N
M
M
A
29233e0461ecd6ae
RIrop8KPPvQvYotM
sundial
sundial
# des key in NTP format
# md5 key as an ASCII random string
# md5 key as an ASCII string
# des key as an ASCII string
In a key file, the first token is the key number ID, the second is the key format, and the third
is the key itself. (The text following a “#” is not counted as part of the key, and is used
merely for description.) There are 4 key formats:
N
Indicates a DES key written as a hex number, in NTP standard
format with the high order bit of each octet being the odd
parity bit.
M
Indicates an MD5 key written as a 1 to 31 character ASCII string
with each character standing for a key octet.
A
Indicates a DES key written as a 1 to 8 character string in 7-bit
ASCII format, where each character stands for a key octet string.
S
Indicates a DES key written as a hex number in the DES standard format, with the low order bit of each octet being the odd
parity bit.
For information on activating authentication, specifying the location of a key file, and configuring key IDs for switches, see the following sections:
• Configuring an NTP Client on page 12-6
• Configuring a New Peer Association on page 12-12
• Configuring a New Server on page 12-13
• Configuring a Broadcast Time Service on page 12-13
Page 12-4
Network Time Protocol Management Menu
Network Time Protocol Management Menu
To access the NTP management menu, connect to a switch via a console or telnet session and
enter NTP at the system prompt. If you are in verbose mode, or enter a question mark (?) at
the prompt, the following screen is displayed:
Command
--------------Ntconfig
Ntinfo
Ntstats
Ntadmin
Ntaccess
NTP Management Menu
-------------------------------------------------------Enter the NTP configuration menu
Enter the NTP information menu
Enter the NTP statistics menu
Enter the NTP administration menu
Enter the NTP access control menu
Main
File
Summary VLAN
Networking
Interface Security System
Services Help
Ntconfig. This command accesses the NTP configuration menu, which allows you to configure
this NTP device, add or remove peer associations, add an NTP server, configure this NTP
device’s broadcast time, and set or change this NTP device’s fudge factor. See NTP Configuration Menu on page 12-6 for more information on the NTP configuration menu.
Ntinfo.
This command accesses the NTP information menu, which allows you to view a list of
all peers for this NTP device, display a list of peers with summary information (in two different formats), display detailed information for one or more peers, and display local server
information. See NTP Information Menu on page 12-15 for more information.
Ntstats.
This command accesses the NTP statistics menu, which allows you to view the statistics for the loop filter, peer memory usage, I/O subsystem, local server, event time subsystem,
packet counts, leap second state, clock status, monitoring routines data. See NTP Statistics
Menu on page 12-23 for more information.
Ntadmin.
This command accesses the NTP administration menu, which allows you to set the
receive timeout, set an encryption delay, specify a remote NTP server, set a password and key
ID for this NTP device, set and clear a system flag, and restart the NTP software. See NTP
Administration Menu on page 12-33 for more information.
Ntaccess.
This command accesses the NTP access control menu, which allows you to change
the authentication key ID for request and control messages, reinitalize the key ID list, add a
key ID to or remove a key ID from the trusted list, display the state of the authentication
code, create or remove restrict and add flags to an entry, view a servers restriction list,
remove a restriction entry from this NTP device, and configure, remove or view traps set in
the server. See NTP Access Control Menu on page 12-36 for more information.
Page 12-5
NTP Configuration Menu
NTP Configuration Menu
To view the NTP configuration menu, enter the ntconfig command at the system prompt. If
you are in verbose mode the NTP configuration menu is displayed. Otherwise, enter a question mark (?) at the prompt to display this menu:
Command
--------------ntpiconfig
ntpaddpeer
ntpaddserv
ntpbcast
ntpunconfig
ntpprec
ntpfudge
NTP Configuration Menu
-------------------------------------------------------Initial NTP configuration
configure a new peer association
configure a new server
configure broadcasting time service
unconfigure existing peer assocations
set the server's advertised precision
set/change one of a clock's fudge factors
Related Menus:
Ntconfig Ntinfo
Ntstats
Ntadmin
Ntaccess
The main menu options are shown in the Related Menus list for quick access if you need to
change menus.
A switch can be configured to act as an NTP client, or an NTP client/server. An NTP client
receives updates from an NTP server without passing on time information to other clients,
while and NTP client/server receives time information from a server, and acts as a server for
other clients in a higher stratum.
Configuring an NTP Client
To set up the NTP client, use the ntpiconfig command as follows:
1. Enter the command as shown, at the system prompt:
ntpiconfig
The following menu appears:
NTP Startup Configuration
1) Response timeout
2) Authentication delay
3) Authentication key file name
4) NTP client mode
5) Enable monitor
6) Enable NTP server
:0
: No
: UNSET
: Ucast
: No
: No
2. Adjust the configurable variables for this NTP client as needed by entering the line
number, and equal sign, and a new value at the system prompt, as shown:
<lineNumber>=<value>
For example, to change the Response timeout to 10, you would enter 1 (the line number
for Response timeout), an equal sign (=), and the number 10 (the new value), as shown:
1=10
After enabling NTP for this switch, you need to configure at least one peer association, unless
you will be supplying time synchronization. In that case, you need to configure a reference
clock.
For information on adding a peer association, see Configuring a New Peer Association on
page 12-12.
Page 12-6
NTP Configuration Menu
Field Descriptions
The following section describes the fields displayed using the ntpconfig command.
1) Response timeout
This field sets the timeout period for responses to server queries. Server queries come from
the server responsible for providing this client with NTP time information. The default is 8000
milliseconds.
2) Authentication delay
This field sets a specified time interval that is added to timestamps included in requests to the
server that required authentication. Typically this delay is needed in cases of long delay paths,
or of servers whose clocks are unsynchronized.
3) Authentication key file name
The key file is a file that holds the NTP authentication keys used during remote access or
configuration of the server responsible for this client. This fields allows you to specify the
name of the key file. The key file should be kept in the /flash directory of the switch.
Specifying a key file expands the NTP Startup Configuration menu. For more information on
configuring authentication, see Configuring Client/Server Authentication on page 12-9.
4) NTP client mode
This field allows you to set how the client mode of this device sends its server queries. The
options are U (for unicast), B (for broadcast), or M (for multicast).
Setting the NTP client mode to broadcast or multicast expands the NTP Startup Configuration
menu. A suboption for the NTP client mode appears, allowing you to specify the broadcast or
multicast address, as shown:
41) NTP multicast address
:
Enter the broadcast of multicast address at the prompt by typing line number 41, and equal
sign (=), and the IP address. For example, to specify a multicast address of 204.0.1.1, you
would enter the following:
41=204.0.1.1
5) Enable monitor
This field turns NTP monitoring on or off. Entering yes activates NTP monitoring, while entering no deactivates this function. The statistics for monitoring can be viewed using the ntpmon
command in the statistics menu. See NTP Statistics Menu on page 12-23 for more information.
6) Enable NTP server
This field allows you to enable the server portion of the NTP software for this NTP device.
When set to yes, this device can act as an NTP server for other clients. When set to no, this
device is only a client of another NTP server.
Page 12-7
NTP Configuration Menu
Configuring an NTP Client/Server
A switch can be configured to act both as a client and a server. If you want to run both the
client and server portions of the NTP software, follow the steps below:
1. Enter the command as shown, at the system prompt:
ntpiconfig
The following menu appears:
NTP Startup Configuration
1) Response timeout
2) Authentication delay
3) Authentication key file name
4) NTP client mode
5) Enable monitor
6) Enable NTP server
:0
: No
: UNSET
: Ucast
: No
: No
2. Adjust the configurable variables for this NTP client as needed by entering the line
number, and equal sign, and a new value at the system prompt, as shown:
<lineNumber>=<value>
For example, to change the Response timeout to 10, you would enter 1 (the line number
for Response timeout), an equal sign (=), and the number 10 (the new value), as shown:
1=10
3. Enable the NTP server by entering a 6, an equal sign (=), and yes at the prompt, as shown:
6=yes
The NTP Startup Configuration menu expands to display new options. The menu now
appears similar to the following:
NTP Startup Configuration
1) Response timeout
2) Authentication delay
3) Authentication key file name
4) NTP client mode
5) Enable monitor
6) Enable NTP server
61) Client limit
62) Client limit period
63) Enable server authentication
64) Advertised precision
65) Broadcast delay
:0
: No
: UNSET
: Ucast
: No
: No
:3
: 3600
: No
: -7
:0
4. Adjust the configurable variables for this NTP server as needed by entering the line
number, and equal sign, and a new value at the system prompt, as shown:
<lineNumber>=<value>
For example, to change the Client limit to 10, you would enter 61 (the line number for
Client limit), an equal sign (=), and the number 10 (the new value), as shown:
61=10
Page 12-8
NTP Configuration Menu
Field Descriptions
The following section describes the expanded menu options.
61) Client limit
This field allows you to set a specific number of clients that are allowed to make requests of
the server during a specified time period. Setting this field to 0 allows an unlimited number of
clients to connect to the server.
62) Client limit period
This field allows you to set the client limit time period (in seconds). This along with the client
above determine how many clients are allowed to make requests of this server.
limit field
63) Enable server authentication
This field enables the authentication of unsynchronized peers. If set to yes, NTP only synchronizes with peers that has been authenticated with the correct key ID.
64) Advertised precision
Sets the precision which the server advertises to the specified value. This should be a negative integer in the range -4 through -20.
65) Broadcast delay
This fields allows you to set a specified network delay time. Normally, NTP automatically
compensates for the network delay between the broadcast/multicast server and the client. If
this calibration fails, the delay set here is used instead.
Configuring Client/Server Authentication
In order to use authentication, you must specify a key file. A key file contains the keys necessary for NTP to decode encrypted NTP messages. To specify a key file, follow the steps below:
1. Enter the command as shown, at the system prompt:
ntpiconfig
The following menu appears:
NTP Startup Configuration
1) Response timeout
2) Authentication delay
3) Authentication key file name
4) NTP client mode
5) Enable monitor
6) Enable NTP server
:0
: No
: UNSET
: Ucast
: No
: No
Page 12-9
NTP Configuration Menu
2. Adjust the configurable variables for this NTP client as needed by entering the line
number, and equal sign, and a new value at the system prompt, as shown:
<lineNumber>=<value>
For example, to change the Response timeout to 10, you would enter 1 (the line number
for Response timeout), an equal sign (=), and the number 10 (the new value), as shown:
1=10
3. Enable authentication by entering a 3, and equal sign (=), and a key file name at the
prompt, as shown:
3=ntp.keys
The NTP Startup Configuration menu expands to display new options. The menu now
appears similar to the following:
NTP Startup Configuration
1) Response timeout
2) Authentication delay
3) Authentication key file name
31) Configuration info authentication key
32) Control request authentication key
33) Configuration change authentication key
4) NTP client mode
5) Enable monitor
6) Enable NTP server
:0
: No
: ntp.keys
:
:
:
: Ucast
: No
: No
4. Adjust the configurable variables for authentication as needed by entering the line
number, and equal sign, and a new value at the system prompt, as shown:
<lineNumber>=<value>
For example, to change the Configuration info authentication key to 10, you would enter 1
(the line number for Configuration info authentication key), an equal sign (=), and the
number 10 (the new value), as shown:
1=10
Page 12-10
NTP Configuration Menu
Field Descriptions
The following section describes the expanded menu options.
31) Configuration info authentication key
The number of the key in the key file used to authenticate configuration information. Configuration information sets configuration parameters. For more information on the key file, see
NTP and Authentication on page 12-4.
32) Control request authentication key
The number of the key in the key file used authenticate control requests. Control requests
come from other NTP clients and servers. For more information on the key file, see NTP and
Authentication on page 12-4.
33) Configuration change authentication key
The number of the key in the key file used authenticate configuration change requests.
Configuration change requests come from other NTP clients and servers. For more information on the key file, see NTP and Authentication on page 12-4.
Page 12-11
NTP Configuration Menu
Configuring a New Peer Association
When you have configured the NTP client and/or server, you will need to set at least one
peer association for the switch. An NTP peer is a machine of the same stratum that will
compare and check time information sent from the switch, and in turn send time information
to the switch.
To configure a new peer, enter the ntpaddpeer command in the following manner:
ntpaddpeer <address> [<keyId> <version> <minpol>] [prefer]
where <address> is the either the domain name or IP address of the peer machine. The
optional configuration items are described below:
<keyId>. An unsigned 32-bit integer key identifier for encryption authentication. The
default is for no key ID.
<version>. The version of NTP being used. The options are versions 1, 2, or 3. If no
number is entered, it is assumed that version 3 is being used.
<minpol>. The
minimum poll interval for time checks to this peer. The number entered is
seconds raised to the power of 2.
prefer.
An identifier that marks this peer as a preferred source of time information. In a
situation where multiple peers could provide time information to this client, the preferred
peer is the one that is used.
For example, to add a peer with an address of 1.1.1.1, a key identifier of 5, using version 3 of
NTP, minimum poll of 16 seconds, and marked as a preferred server, you would enter the
following:
ntpaddpeer 1.1.1.1 5 3 4 prefer
When you have finished press <return>. A brief message appears confirming the addition of a
new peer.
Page 12-12
NTP Configuration Menu
Configuring a New Server
For the switch to synchronize its time, you must specify a server, or servers, from which the
switch receives time information. This is done with the ntpaddserv command.
To add a synchronization server to a switch, use the command that follows:
ntpaddserv <address> [<keyId><version><minpol>] [prefer]
where <address> is the either the domain name or IP address of the server. The optional
configuration items are described below:
<keyId>. An unsigned 32-bit integer key identifier for encryption authentication. The
default is no key ID.
<version>. The version of NTP being used. The options are versions 1, 2, or 3. If no
number is entered, it is assumed that version 3 is being used.
<minpol>. The minimum poll interval for time checks to this server. The number entered is
seconds raised to the power of 2.
prefer.
An identifier that marks this peer as a preferred source of time information. In a
situation where multiple peers could provide time information to this client, the preferred
peer is the one that is used.
For example, to add a peer with an address of 1.1.1.1, a key identifier of 5, using version 3 of
NTP, with a poll time of 16, and marked as a preferred server, you would enter the following:
ntpaddpeer 1.1.1.1 5 3 4 prefer
When you have finished press <return>. A brief message appears confirming the addition of a
new server.
Configuring a Broadcast Time Service
The NTP server can be configured to operate in broadcast mode, where the server sends periodic broadcast messages to a client population by using the broadcast or multicast address
specified. To configure the server to use a broadcast or multicast address, enter the ntpbcast
command as shown:
ntpbcast <address> [<keyId>] [<version>] [<minpol>]
where <address> is the either the domain name or the broadcast or multicast address.
♦ Important Note ♦
A multicast address of 224.0.1.1 has been assigned to
NTP. Presently, this is the only address that should be
used for multicast messages.
The optional configuration items are described below:
<keyId>. An unsigned 32-bit integer key identifier for encryption authentication. The
default is no key ID.
<version>. The version of NTP being used. The options are versions 1, 2, or 3. If no
number is entered, it is assumed that version 3 is being used.
<minpol>. The minimum poll interval for time checks to this server. The number entered is
in seconds raised to the power of 2.
Page 12-13
NTP Configuration Menu
For example, to add broadcast address 1.1.1.1 with a key identifier of 5, using version 3 of
NTP, and a minimum poll time of 16 seconds, you would enter the following:
ntpbcast 1.1.1.1 5 3 4
When you have finished press <return>. A brief message appears confirming the addition of a
new server.
Unconfigure Existing Peer Associations
You can remove server, peer, or reference clock associations for this switch using the ntpuncommand. This will remove a selected address from this switch’s list of configured
addresses. To do this, enter the ntpunconfig command as follows:
config
ntpunconfig <address>
where <address> is the either the domain name or IP address of the association. For example, to remove a peer association with address 1.1.1.1, enter the following:
ntpunconfig 1.1.1.1
When you have finished press <return>. A brief message appears confirming the addition of a
new server.
You can remove multiple addresses at one time by adding additional addresses to the
command. For example, to remove a peer association with address 1.1.1.1 and a reference
clock association with address 1.1.1.2, enter:
ntpunconfig 1.1.1.1 1.1.1.2
When you have finished press <return>. A brief message appears confirming the removal of
the association.
Set the Server’s Advertised Precision
If necessary, you can adjust the server’s advertised precision. The precision of a server is a
signed integer indicating the precision of the clocks in seconds to the nearest power of 2. It
determines how accurate the clock is under normal circumstances, and allows NTP to determine which is the best time source for synchronization. To set the servers advertised precision, enter the ntpprec command as shown:
ntpprec <interval>
where <interval> is the signed integer in seconds. This number must be between -4 and -20.
For example, to set the server’s advertised precision to -5, you would enter the following:
ntpprec -5
When you have finished press <return>. A brief message appears confirming the change of the
advertised precision.
♦ Note ♦
The determination of a server’s advertised precision in
based largely on the clock type used as the ultimate
time source (stratum 1).
Page 12-14
NTP Information Menu
NTP Information Menu
To view the NTP configuration menu, enter the ntinfo command at the system prompt. If you
are using verbose mode, the NTP configuration menu is displayed. Otherwise, enter a question mark (?) at the prompt to display this menu:
Command
--------------ntplpeers
ntppeers
ntpdmpeers
ntpshowpeer
ntpvers
ntpinfo
NTP Information Menu
-------------------------------------------------------display list of peers the server knows about
display peer summary information
display peer summary info the way Dave Mills likes it
display detailed information for one or more peers
print version number
display local server information
Related Menus:
Ntconfig Ntinfo
Ntstats
Ntadmin
Ntaccess
The main menu options are shown in the Related Menus list for quick access if you need to
change menus.
Display List of Peers the Server Knows About
The ntplpeers command is used to display a brief list of all NTP associations related to this
switch (servers, peers, etc.).
To display a list of NTP associations, enter the ntplpeers command at the system prompt. A
display similar to the following is shown:
client 1.1.1.1
client 1.1.1.2
sym_active 1.1.1.3
The list shows the mode this switch is using in relation to the association, and the address of
the remote association. The address is either a domain name or an IP address. The available
modes are as follows:
Symmetric Active (1)
A host in this mode sends periodic messages regardless of the
reachability state of stratum of its peer. By operating in this
mode the host announces its willingness to synchronize and be
synchronized by the peer.
Symmetric Passive (2)
This type of association is ordinarily created upon the arrival of
a message from a peer operating in the symmetric active mode
and persists only as long as the peer is reachable and operating at a stratum level less than or equal to the host; otherwise
the association is dissolved. The association will always persist
until at least one message has been sent in reply. By operating
in this mode the host announces its willingness to synchronize
and be synchronized by the peer.
Client (3)
A host operating in this mode sends periodic messages regardless of the reachability state of stratum of its peer. By operating
in this mode the host, usually a LAN workstation, announces its
willingness to be synchronized, but not to synchronize the
peer.
Page 12-15
NTP Information Menu
Server (4)
This type of association is ordinarily created upon arrival of a
client request message and exists only in order to reply to that
request, after which the association is dissolved. By operating
in this mode the host, usually a LAN time server, announces its
willingness to synchronize, but not be synchronized by the
peer.
Broadcast (5)
A host operating in this mode sends periodic messages regardless of the reachability state or stratum of the peers. By operating in this mode, the host, usually a LAN time server operating
on a a high-speed broadcast medium, announces its willingness to synchronize all peers, but not be synchronized by any
of them.
♦ Note ♦
The mode of the switch in relation to the remote association is determined when you create the association.
See NTP Configuration Menu on page 12-6 for more
information on creating NTP associations.
Display Peer Summary Information
The ntppeers command displays a more detailed version of the ntplpeers command. To
display a list of peers that includes summary information, enter the ntppeers command at the
system prompt. A screen similar to the following appears:
remote
local
st
poll
reach
delay
offset
disp
======================================================================
= 1.1.1.1
0.0.0.5
16
64
0
0.00000
0.00000 16.0000
+ 1.1.1.2
0.0.0.5
1
64
0
0.00000
0.00000 16.0000
= 1.1.1.3
0.0.0.5
2
64
0
0.00000
0.00000 16.0000
The symbols at the very left of this table note the relationship (mode) of the switch to the
remote association. The section below is a key for interpreting these symbols:
Page 12-16
+
The switch is in symmetric active mode.
-
The switch is in symmetric passive mode.
=
The switch is in client mode.
^
The switch is broadcasting to this address.
~
The switch is receiving broadcasts from this address.
*
The switch is currently synchronizing with this address.
NTP Information Menu
Field Descriptions
The following sections describe the fields displayed using the ntppeers command
Remote.
The IP address of the remote association.
Local. The local interface address assigned by NTP to the
0.0.0.0, then the local address has yet to be determined.
remote association. If this address is
St.
The stratum level of the remote peer. If this number is 16, the remote peer has not been
synchronized.
Poll.
The polling interval, in seconds.
Reach. The reachability register of the remote association, in octal format. This number is
determined by the NTP algorithm.
Delay. The currently estimated delay of this remote association, in seconds. This time is determined by the NTP algorithm.
Offset. The currently estimated offset of this remote association, in seconds. This time is determined by the NTP algorithm.
Disp. The currently estimated dispersion of this remote association, in seconds. This time is
determined by the NTP algorithm.
Display Alternate Peer Summary Information
The ntpdmpeers command displays a more detailed version of the ntpshowpeer command with
a slightly different output than the ntppeers command. To display a list of peers that includes
summary information, enter the ntpdmpeers command at the system prompt. A screen similar
to the following appears:
remote
local
st
poll
reach
delay
offset
disp
======================================================================
+ 1.1.1.1
0.0.0.5
16
64
0
0.00000
0.00000 16.0000
+ 1.1.1.2
0.0.0.5
1
64
0
0.00000
0.00000 16.0000
* 1.1.1.3
0.0.0.5
2
64
0
0.00000
0.00000 16.0000
This table is identical to the ntppeers command except for the symbols displayed on the far
left side. A key for the symbols is provided below:
.
Indicates that the remote association was cast aside during the false ticker
detection.
+
Indicates that the remote association was accepted and not discarded by
the false ticker detection.
*
Indicates the remote association the switch is currently synchronizing with.
Page 12-17
NTP Information Menu
Display Detailed Information for One or More Peers
The ntpshowpeer command allows you to view detailed NTP information about any remote
associations of this switch. To view detailed NTP information about a remote association enter
the ntpshowpeer command in the following manner:
ntpshowpeer <address>
where <address> is the either the domain name or IP address of the remote association. For
example, to show information for a peer with IP address 1.1.1.4, enter:
ntpshowpeer 1.1.1.4
A screen similar to the following is displayed:
remote 1.1.1.4, local 0.0.0.6
hmode sym_active, pmode server, stratum 16, precision -7
leap 11, refid [0.0.0.0], rootdistance 0.00000, rootdispersion 0.00000
ppoll 6, hpoll 6, keyid 0, version 3, association 41807
valid 0, reach 000, unreach 0, flash 000, boffset 0.00391, ttl/mode 0
timer 32s, flags config, bclient
reference time:
00000000.00000000 Thu, Feb 7 1936 6:28:16.000
originate timestamp:
00000000.00000000 Thu, Feb 7 1936 6:28:16.000
receive timestamp:
00000000.00000000 Thu, Feb 7 1936 6:28:16.000
transmit timestamp:
00000000.00000000 Thu, Feb 7 1936 6:28:16.000
filter delay:
0.00000 0.00000 0.00000 0.00000
0.00000 0.00000 0.00000 0.00000
filter offset:
0.000000 0.000000 0.000000 0.000000
0.000000 0.000000 0.000000 0.000000
filter order:
7
6
5
4
3
2
1
0
offset 0.000000, delay 0.00000, dispersion 16.00000, selectdisp 0.00000
It is possible to display information from more than one remote association by adding more
addresses when entering the ntpshowpeer command. For example, to display information on a
peer with IP address 1.1.1.4 and a peer with IP address 1.1.1.5, enter:
ntpshowpeer 1.1.1.4 1.1.1.5
Field Descriptions
The following section describes the fields displayed using the ntpshowpeer command.
Remote.
The IP address of the remote association.
Local. The local interface address assigned by NTP to the
0.0.0.0, then the local address has yet to be determined.
remote association. If this address is
Hmode. The host mode of this remote association. There are five possible modes: symmetric
active, symmetric passive, client, server, and broadcast. The displayed mode is assumed if this
association becomes the switch’s host NTP server. For a description of the modes, see Display
List of Peers the Server Knows About on page 12-15. For a description of how to set a switch
host NTP server, see Specify the Host Whose NTP Server We Talk To on page 12-34.
Pmode. The peer mode of this remote association. There are five possible modes: symmetric
active, symmetric passive, client, server, and broadcast. The displayed mode is assumed if this
association becomes the switch’s host NTP server. For a description of the modes, see Display
List of Peers the Server Knows About on page 12-15. For a description of how to configure a
peer, see Configuring a New Peer Association on page 12-12
Stratum. The stratum level of the remote peer. If this number is 16, the remote peer has not
been synchronized.
Page 12-18
NTP Information Menu
Precision.
The advertised precision of this association, which is a number from -4 to -20. For
information on setting the advertised precision, see Configuring an NTP Client on page 12-6
and Set the Server’s Advertised Precision on page 12-14.
Leap.
The status of leap second insertion for this association. Leap seconds are seconds that
are added to the timestamp of an NTP entity to correct accumulated time errors. The possible
values are:
00
No warning.
01
Last minute has 61 seconds.
10
Last minute has 59 seconds.
11
Alarm condition (clock not synchronized).
Refid. This is a 32-bit code identifying the particular reference clock. In the case of stratum 0
(unspecified) or stratum 1 (primary reference source), this is a four-octet, left-justified, zeropadded ASCII string. In the case of stratum 2 and greater (secondary reference) this is the
four-octet Internet address of the peer selected for synchronization.
Rootdistance. This is a signed fixed-point number indicating the total roundtrip delay to the
primary reference source at the root of the synchronization subnet, in seconds. Note that this
variable can take on both positive and negative values, depending on clock precision and
skew.
Rootdispersion. This is a signed fixed-point number indicating the maximum error relative to
the primary reference source at the root of the synchronization subnet, in seconds. Only positive values are possible.
Ppoll.
The poll time for this association when it is a peer. This number is the minimum interval between transmitted messages, in seconds as a power of two. For instance, a value of six
indicates a minimum interval of 64 seconds.
Hpoll.
The poll time for this association when it is a host. This number is the minimum interval between transmitted messages, in seconds as a power of two. For instance, a value of six
indicates a minimum interval of 64 seconds.
KeyID.
This is an integer identifying the cryptographic key used to generate the message
authentication code.
Version.
The version of NTP this association is using; the options are 1, 2, or 3.
Association.
The number of seconds since this NTP entity was associated with the switch.
Valid.
This is an integer counter indicating the valid samples remaining in the filter register. It
is used to determine the reachability state of an association, and when the poll interval should
be increased or decreased.
Reach.
This is a shift register used to determine the reachability status of this peer. The NTP
algorithm uses this when determining timestamp information.
Unreach.
Flash.
The number of times this NTP entity was unreachable.
This field displays the number of error bits from the packet procedure.
Boffset.
This field displays the default broadcast delay in seconds.
TTL/mode.
This fields displays the Time-to-Live (TTL) time in seconds and the mode (unicast,
multicast, or broadcast) of NTP messages sent to a broadcast address. For information on
configuring an NTP broadcast address, see Configuring a Broadcast Time Service on page 1213.
Timer.
Shows the number of seconds until the next NTP message is sent to an association.
Page 12-19
NTP Information Menu
Flags Config.
This counter lists what flags have been configured for this NTP entity. For more
information about setting flags, see Set a System Flag (Auth, Bclient, Monitor, Stats) on page
12-35.
Reference Time. This is the local time, in timestamp format, when the local clock was last
updated. If the local clock has never been synchronized, the value is zero.
Originate Timestamp. This is the local time, in timestamp format, of the peer when its last NTP
message was sent. If the peer becomes unreachable the value is set to zero.
Receive Timestamp. This is the local time, in timestamp format, when the latest NTP message
from the peer arrived. If the peer becomes unreachable the value is set to zero.
Transmit Timestamp.
This is the local time, in timestamp format, when the last NTP message
was sent from this association.
Filter delay. NTP comes with various filter routines as part of the algorithm that determines
timestamp information. This field shows the delay in seconds the NTP algorithm uses to
correct for delays caused by messages traversing through the NTP filters.
Filter offset. NTP
comes with various filter routines as part of the algorithm that determines
timestamp information. This counter indicates the offset of the peer clock relative to the local
clock due to filters.
Filter order.
The order in which NTP messages pass through filters.
Delay. The currently estimated delay of this remote association, in seconds. This number indicates the roundtrip delay of the peer clock relative to the local clock over the network path
between them, in seconds. Note that this variable can take on both positive and negative
values, depending on clock precision and skew-error accumulation. This time is determined
by the NTP algorithm.
Offset. The currently estimated offset of this remote association, in seconds. This counter indicates the offset of the peer clock relative to the local clock. This time is determined by the
NTP algorithm.
Disp. The currently estimated dispersion of this remote association, in seconds. This counter
indicates the maximum error of the peer clock relative to the local clock over the network
path between them, in seconds. Only positive values greater than zero are possible. This time
is determined by the NTP algorithm.
Print Version Number
The ntpvers is used to show the version number of the xntp file. To display the version
number, enter the ntpvers command at the system prompt. A message similar to the following is shown:
xntp Fri Apr 9 22:52:46 PDT 1999 (1)
Page 12-20
NTP Information Menu
Display Local Server Information
The ntpinfo command is used to display information about the local switch’s implementation
of NTP. To view local switch NTP information, enter the ntpinfo command at the system
prompt. A screen similar to the following is shown:
system peer:
system peer mode:
leap indicator:
stratum:
precision:
root distance:
root dispersion:
reference ID:
reference time:
system flags:
frequency:
stability:
broadcastdelay:
authdelay:
0.0.0.0
unspec
11
16
-7
0.00000 s
0.00000 s
[0.0.0.0]
00000000.00000000 Thu, Feb 7 1936 6:28:16.000
monitor stats
0.000 ppm
0.000 ppm
0.003906 s
0.000122 s
Field Descriptions
The following section explains the fields shown using the ntpinfo command.
System peer.
The IP address of the switch.
System peer mode. The peer mode of this remote association. There are five possible modes:
symmetric active, symmetric passive, client, server, and broadcast. The displayed mode is
assumed if this association becomes the switch’s host NTP server. For a description of the
modes, see Display List of Peers the Server Knows About on page 12-15. For a description of
how to configure a peer, see Configuring a New Peer Association on page 12-12.
Leap indicator. The status of leap second insertion for this association. Leap seconds are
seconds that are added to the timestamp of an NTP entity to correct accumulated time errors.
The possible values are:
00
No warning.
01
Last minute has 61 seconds.
10
Last minute has 59 seconds.
11
Alarm condition (clock not synchronized)
Stratum. The stratum level of the remote peer. If this number is 16, the remote peer has not
been synchronized.
Precision.
The advertised precision of the switch. It will be a number between -4 and -20.
Root distance.
This is a signed fixed-point number indicating the total roundtrip delay to the
primary reference source at the root of the synchronization subnet, in seconds. Note that this
variable can take on both positive and negative values, depending on clock precision and
skew.
Rootdispersion. This is a signed fixed-point number indicating the maximum error relative to
the primary reference source at the root of the synchronization subnet, in seconds. Only positive values are possible.
Reference ID.
This is a 32-bit code identifying the particular reference clock. In the case of
stratum 0 (unspecified) or stratum 1 (primary reference source), this is a four-octet, left-justified, zero-padded ASCII string. In the case of stratum 2 and greater (secondary reference) this
is the four-octet Internet address of the peer selected for synchronization.
Page 12-21
NTP Information Menu
Reference time.
This is the local time at which the local clock was last set or corrected.
System Flags.
This counter lists what flags have been configured for this NTP entity. For more
information about setting flags, see Set a System Flag (Auth, Bclient, Monitor, Stats) on page
12-35.
Frequency. A number indicating the local clock’s frequency in relation to a reference clock’s
Pulse per Second (PPS). If the clock is running in perfect synchronization, this number should
be 1. Otherwise, it will be slightly lower or higher in order to compensate for the time difference.
Stability. The residual frequency error (in seconds) remaining after the system frequency
correction is applied.
Broadcastdelay.
The broadcast delay, in seconds, of this association. For information on how
to set the broadcast delay, see Configuring a Broadcast Time Service on page 12-13.
Authdelay. The authentication delay, in seconds, of this association. For information on how to
set the authentication delay, see Set the Delay Added to Encryption Time Stamps on page 1233.
Page 12-22
NTP Statistics Menu
NTP Statistics Menu
To view the NTP Statistics Menu, enter the ntstats command at the system prompt. If you are
in verbose mode the NTP configuration menu is displayed. Otherwise, enter a question mark
(?) at the prompt to display this menu:
Command
--------------ntpstat
ntppstat
ntploopinfo
ntpmem
ntpio
ntptimer
ntpreset
ntppreset
ntpctlstat
ntpleap
ntpmon
ntpmlist
NTP Statistics Menu
-------------------------------------------------------display local server statistics
display server statistics associated with particular peer(s)
display loop filter information
display peer memory usage statistics
display I/O subsystem statistics
display event timer subsystem statistics
reset various subsystem statistics counters
reset stat counters associated with particular peer(s)
display packet count statistics from the control module
display the current leap second state
turn the server's monitoring facility on or off
display data the server's monitor routines have collected
Related Menus:
Ntconfig Ntinfo
Ntstats
Ntadmin
Ntaccess
The main menu options are shown in the Related Menus list for quick access if you need to
change menus.
Display Local Server Statistics
The ntpstat command allow you to view statistics for the local NTP entity (switch). To view
statistics, enter the ntpstat command at the system prompt. A display similar to the following
is displayed:
system uptime:
time since reset:
bad stratum in packet:
old version packets:
new version packets:
unknown version number:
bad packet length:
packets processed:
bad authentication:
limitation rejects:
0
0
0
0
16
0
0
0
0
0
Page 12-23
NTP Statistics Menu
Field Descriptions
The following section describes the fields displayed using the ntpstat command.
system uptime.
The number of seconds the local NTP server has been associated with the
switch.
time since reset.
The number of seconds since the last time the local NTP server was restarted.
bad stratum in packet.
The number of NTP packets received that had a corrupted stratum bit in
the data of the packet.
old version packets.
The number of NTP packets received that were of an older version of NTP
(either version 1 or 2).
new version packets.
The number of NTP packets received that were version 3 of NTP.
unknown version number. The number of NTP packets received for which the version was
unknown (most likely due to packet corruption).
bad packet length.
The number of NTP packets received that did not fit the NTP packet structure (most likely due to packet corruption).
packets processed.
The total number of NTP packets processed.
bad authentication.
The number of NTP packets rejected because they did not meet authentica-
tion standards.
limitation rejects. The number of NTP packets rejected because there were restrictions set on
their point of origin. For information on setting restrictions, see Create Restrict Entry/Add Flags
to Entry on page 12-39.
Display Server Statistics Associated with Particular Peer(s)
The ntppstat command allows you to view statistics for a specific NTP peer. To view statistics
for a peer, enter the ntppstat command as shown:
ntppstat <ipAddress>
where <ipAddress> is the address of the peer for which you want to view statistics. For example, to view statistics for a peer with IP address 131.218.18.4, enter the following:
ntppstat 131.216.18.4
A screen similar to the following displays:
remote host
local interface
time last received
time until next send
reachability change
packets sent
packets received
bad authentication
bogus origin
duplicate
bad dispersion
bad reference time
candidate order
Page 12-24
: 131.216.18.4
: 0.0.0.0
: 9s
: 6s
: 2973s
: 184
: 181
:2
:2
:6
: 69
:1
:1
NTP Statistics Menu
Field Descriptions
The following section describes the fields displayed using the ntppstat command.
remote host.
The IP address of the host whose statistics you are viewing.
local interface. The local interface address assigned
address is 0.0.0.0, then the local address has yet to
by NTP to the remote association. If this
be determined.
time last received. The number of seconds since the last NTP message packet was received
from another NTP entity in the network.
time until next send.
The number of seconds until this NTP peer sends out an NTP message
packet.
reachability change.
This field displays the number of times this client/server’s reachability has
changed.
packets sent.
The number of NTP message packets this peer has sent out.
packets received.
The number of NTP message packets this peer has received.
bad authentication.
The number NTP message packets this peer has rejected due to failed
authentication.
bogus origin.
The number of times a response packet from another NTP entity doesn’t match
the request packet sent out by this client/server.
duplicate.
The number of identical NTP message packets this peer has received.
bad dispersion.
The number of packets that were discarded due to overly large error disper-
sions.
bad reference time.
The number of packets that were discarded because the contained reference time didn’t match the local peer expectation.
candidate order. A number that represents this client/server’s synchronization order. A lower
number represents a reliable synchronization source.
Page 12-25
NTP Statistics Menu
Display Loop Filter Information
The loop filter is used to control and correct the phase of timestamps as processed by the
local clock. The loop filter examines timestamps sent to and from the local clock and can
adjust them to account for natural wander and jitter.
To view the statistics of the loop filter, enter the ntploop command at the system prompt. A
screen similar to the following is shown:
offset:
frequency:
poll adjust:
watchdog timer:
0.000000 s
0.000 ppm
0
0s
All of these field variables are determined by the NTP algorithm
Field Descriptions
The following section describes the fields displayed using the ntploop command.
offset. The currently estimated offset of this remote association, in seconds. This counter indicates the offset of the peer clock relative to the local clock.
frequency.
A number indicating the local clock’s frequency in relation to a reference clock’s
Pulse per Second (PPS). If the clock is running in perfect synchronization, this number should
be 1. Otherwise, it will be slightly lower or higher in order to compensate for the time
discrepancy between the reference clock and the local clock.
poll adjust.
The number of times the poll time has been adjusted to conform to the network.
watchdog timer.
The number of seconds since the local clock for this client/server was last
adjusted.
Display Peer Memory Usage Statistics
The memory usage for the NTP information on the switch can be displayed using the ntpmem
command. To view memory information, enter the ntpmem command at the system prompt. A
screen similar to the following is shown:
time since reset:
total peer memory:
free peer memory:
calls to findpeer:
new peer allocations:
peer demobilizations:
hash table counts:
0
15
11
0
0
0
1 0
0 0
0 0
0 0
1
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
1
0
0
0
0
Field Descriptions
The following section describes the fields displayed using the ntpmem command.
time since reset.
The number of seconds since the last reset of NTP (usually a reboot of the
switch).
total peer memory.
The total number of NTP associations possible for this switch.
free peer memory.
The number of available spots on this switch for NTP associations.
Page 12-26
NTP Statistics Menu
calls to findpeer.
The number of times the switch sent an NTP packet of any kind to a configured NTP association.
new peer allocations.
The number of new NTP associations created since the last restart.
peer demobilizations.
The number NTP associations lost since the last restart.
hash table counts.
The number of peer tables hashed to the index.
Display I/O Subsystem Statistics
The ntpio command allows you to view general statistics on received and transmitted NTP
packets for this switch. To view the I/O statistics, enter the ntpio command at the system
prompt. A screen similar to the following is displayed:
time since reset:
receive buffers:
free receive buffers:
used receive buffers:
low water refills:
dropped packets:
ignored packets:
received packets:
packets sent:
packets not sent:
interrupts handled:
received by int:
0
10
9
0
0
0
0
18
17
0
18
18
Field Descriptions
The following section describes the fields displayed using the ntpio command.
time since reset.
receive buffers.
The number of seconds since the last restart of NTP.
The number of switch receive buffers currently allocated by this NTP entity.
free receive buffers.
The number of free receive buffers.
used receive buffers.
low water refills.
The number of times memory has been added.
dropped packets.
ignored packets.
The number of packets discarded due to lack of resources (i.e., memory).
The number of packets ignored by this client/server.
received packets.
packets sent.
The number of receive buffers being used.
The total number of NTP packets received by the switch.
The total number of NTP packets sent by the switch.
packets not sent.
The number of NTP packets generated but not sent due to restrictions. For
information on NTP restrictions, see Create Restrict Entry/Add Flags to Entry on page 12-39.
interrupts handled.
The number of times NTP information was interrupted in the process of
transmitting or receiving.
received by int.
The number of packets received by interrupts.
Page 12-27
NTP Statistics Menu
Display Event Timer Subsystem Statistics
The ntptimer command allows you to view significant NTP events that have occurred on this
switch. To view significant NTP events, enter the ntptimer command at the system prompt. A
screen similar to the following is displayed:
time since reset:
alarms handled:
alarm overruns:
calls to transmit:
0
0
0
0
Field Descriptions
The following section describes the fields displayed using the ntptimer command.
time since reset.
The number of seconds since the last reset of NTP.
alarms handled.
The number of NTP alarms generated by this switch. NTP alarms occur when
the NTP algorithm determines that an NTP entity is out of synchronization.
alarm overruns.
The number of times the NTP alarm routine was backed up.
calls to transmit. The number of requests from other NTP entities for information, either configuration, statistical, or timestamp.
Reset Various Subsystem Statistics Counters
To reset the counters displayed for the commands used in the NTP Statistics Menu (ntpstat,
ntploopinfo, ntpio, and ntptimer), use the ntpreset command. To reset the statistics, enter the
ntpreset command at the system prompt followed by one or more of the following flags:
• io
• sys
• mem
• timer
• auth
• allpeers
A brief message is displayed confirming the command.
Reset Stat Counters Associated With Particular Peer(s)
It is possible to remotely reset statistics for other NTP associations from the switch. To reset
statistics for an NTP association, enter the ntppreset command as follows:
ntppreset <address>
where <address> is the either the domain name or IP address of the remote association. For
example, to reset statistics for a peer with IP address 1.1.1.4, enter:
ntppreset 1.1.1.4
Page 12-28
NTP Statistics Menu
It is possible to reset the statistics for more than one NTP association at a time by adding more
than one address to the command. For example, to reset statistics for a peer with IP address
1.1.1.4 and a peer with IP address 1.1.1.5, you would enter:
ntppreset 1.1.1.4 1.1.1.5
A brief message is displayed confirming the command.
Display Packet Count Statistics from the Control Module
In a comprehensive network-management environment, facilities should exist to perform
routine NTP control and monitoring functions. The control module of NTP is responsible for
sending and receiving control messages. To display the statistics for the control module, enter
the ntpctlstat command at the system prompt. A screen similar to the following is shown:
time since reset:
requests received:
responses sent:
fragments sent:
async messages sent:
error msgs sent:
total bad pkts:
packet too short:
response on input:
fragment on input:
error set on input:
bad offset on input:
bad version packets:
data in pkt too short:
unknown op codes:
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Field Descriptions
The following section describes the fields displayed using the ntpctlstat command.
time since reset.
The number of seconds since the last reset of NTP (usually a switch reboot).
requests received.
The number of NTP requests received from any NTP association.
responses sent. The number of NTP messages sent from this switch in response to NTP association requests.
fragments sent.
The number of NTP messages sent from this switch that did not contain all
appropriate NTP data. This can occur if timestamp information from other NTP entities is
judged by this switch to be incorrect.
async messages sent.
The number of async trap packets sent.
error msgs sent.
The number of error messages sent from the switch to other NTP entities
because the switch was not able to respond to the NTP entity’s request.
total bad pkts.
The total number of packets received that NTP was not able to read.
packet too short.
The number of packets received that NTP rejected because the packet was
the incorrect length.
response on input.
The number of packets received that required the switch to respond to the
sender with an NTP message.
fragment on input.
The number of packets received that the switch that did not contain
complete NTP data.
error set on input.
The number of input control packets received with the error bit set.
Page 12-29
NTP Statistics Menu
bad offset on input.
The number of NTP timestamps received that the switch disallowed because
the added time offset parameter appeared to be incorrect. This can occur if an NTP entity
becomes unsynchronized and generates false timestamp information.
bad version packets. The number of packets received where the version number of NTP was
undefinable. This is usually caused by packet corruption.
data in pkt too short. The number of packets received that NTP rejected because the packet
information was incomplete.
unknown op codes. The number of NTP packets received that contained an unreadable request
or information. This is usually caused by packet corruption.
Display the Current Leap Second State
If necessary, NTP adds or subtracts a second from the timestamps sent out on the network to
correct for errors in time information. These modifications are called leap seconds. To display
leap second information for the switch, enter the ntpleap command at the system prompt. A
screen similar to the following is displayed:
sys.leap:
leap.indicator:
leap.warning:
leap.bits:
time to next leap interrupt:
date of next leap interrupt:
calls to leap process:
leap more than month away:
leap less than month away:
leap less than day away:
leap in less than 2 hours:
leap happened:
11 (clock out of sync)
00 (leap controlled by lower stratum)
00 (leap controlled by lower stratum)
00 (no leap second scheduled)
1s
Tue, Jul 6 1999 12:38:45
0
0
0
0
0
0
Field Descriptions
The following section describes the fields displayed using the ntpleap command.
sys.leap.
The current status of the leap second monitor. There are four possible codes:
00
No warning.
01
Last minute has 61 seconds.
10
Last minute has 59 seconds.
11
Alarm condition (clock not synchronized)
leap.indicator.
leap.warning.
leap.bits.
The number of leap seconds that occurred during the current day.
The number of leap seconds that will occur in the current month.
The number of leap bits set within the last hour.
time to next leap interrupt.
A leap interrupt occurs when the NTP algorithm examines the topology of the network and determines if a leap second is needed (it may or may not be necessary at the time of the interrupt). This counter displays seconds until the next interrupt.
date of next leap interrupt.
The time, in standard date notation, of the next leap interrupt after
the most current leap interrupt is finished.
calls to leap process.
The number of times a leap second has been added or subtracted.
leap more than month away.
Page 12-30
A scheduled leap second insertion more than a month away.
NTP Statistics Menu
leap less than month away.
A scheduled leap second insertion less than a month away.
leap less than day away.
A scheduled leap second insertion less than a day away.
leap in less than 2 hours.
A scheduled leap second insertion less than two hours away.
leap happened.
The date of the last leap second insertion.
Turn the Server's Monitoring Facility On or Off
The Server Monitoring Facility keeps track of all NTP association for this switch. When it is
On, it is possible to display a list of all NTP associations. For more information on displaying
the Monitoring Facility list of NTP associations, see Display Data The Server's Monitor Routines
Have Collected on page 12-31.
To turn the Monitoring Facility on or off, enter the ntpmon command as shown:
ntpmon <on:off>
where <on:off> is the status of the monitoring facility. For example, to turn the facility on,
enter:
ntpmon on
Display Data The Server's Monitor Routines Have Collected
If the NTP monitoring facility is turned on, you can display a list of all known NTP associations with general information using the ntpmlist command.
To display a list of collected monitoring statistics, enter the ntpmlist command at the system
prompt. A screen similar to the following is displayed:
remote address
port
local address count m ver drop
last
first
=======================================================================
127.0.0.1
1025
127.0.0.1
1
7
3
0
0
0
This table is useful in establishing which entity is associated with the switch, and if entities
have formed associations independent of administrator configuration (for example, if a user
sets up an association with NTP without notifying the network administrator).
Page 12-31
NTP Statistics Menu
Field Descriptions
The following section describes the fields displayed using the ntpmlist command.
remote address.
The IP address of the remote association.
port.
The port the association was learned on and on which the association communicates
with the switch.
♦ Note ♦
This is the TCP and UDP definition of a port, not a
switch interface port.
local address.
The local interface address for this association as created by the NTP configuration on the switch.
count.
m.
The number of NTP packets received from this association.
The mode the NTP associations uses in relation to the switch.
ver.
The version of NTP the association is using (1,2, or 3)
drop.
The number of NTP packets received from this association that were dropped (due to
restrictions, bad packet data, etc.).
last.
The number of seconds since the last NTP message was received from this association.
first.
The number of seconds since the first NTP message was received from this association.
Page 12-32
NTP Administration Menu
NTP Administration Menu
To view the NTP Administration Menu, enter the ntadmin command at the system prompt. If
you are using verbose mode the NTP configuration menu is displayed. Otherwise, enter a
question mark (?) at the prompt to display this menu:
Command
--------------ntptimeo
ntpdelay
ntphost
ntppasswd
ntpkeyid
ntpkeytype
ntpdisable
ntpenable
NTP Administration Menu
-------------------------------------------------------set the primary receive time out
set the delay added to encryption time stamps
specify the host whose NTP server we talk to
specify a password to use for authenticated requests
set keyid to use for authenticated requests
set key type to use for authenticated requests (des|md5)
clear a system flag (auth, bclient, monitor, stats)
set a system flag (auth, bclient, monitor, stats)
Related Menus:
Ntconfig Ntinfo
Ntstats
Ntadmin
Ntaccess
The main menu options are shown in the Related Menus list for quick access if you need to
change menus.
Set the Primary Receive Timeout
The ntptimeo command allows you to specify the number of milliseconds the server waits for
a response to queries before the operation times out. The default is 8000 milliseconds. To
change the timeout, enter the ntptimeo command as shown:
ntptimeo <value>
where <value> is the number of milliseconds of the new timeout length. For example, to set
the timeout value to 3000 milliseconds, enter the following:
ntptimeo 3000
To view the current timeout setting with out changing it, enter the ntptimeo command with no
value. A message similar to the following is shown:
primary timeout is 6000 ms
Set the Delay Added to Encryption Time Stamps
The ntpdelay command specifies a set time interval to add to timestamps included in server
requests that require authentication. This can be used to enable server configuration over long
delay network paths or between machines whose clocks are not synchronized.
To set the delay time, enter the ntpdelay command as shown:
ntpdelay <value>
where <value> is the number of milliseconds of the new delay time length. For example, to
set the delay value to 30 milliseconds, enter the following:
ntpdelay 30
To view the current delay setting with out changing it, enter the ntpdelay command with no
value. A message similar to the following is shown:
delay 30 ms
Page 12-33
NTP Administration Menu
Specify the Host Whose NTP Server We Talk To
The ntphost command specifies the name of the NTP server to which server queries are sent.
This can be a domain name or an IP address. The default is localhost (the local server).
To change the NTP server for the switch, enter the ntphost command as shown:
ntphost <address>
where <address> is the either the domain name or IP address of the NTP server. For example,
to configure the switch to use an NTP server with an IP address of 1.1.1.4, enter:
ntphost 1.1.1.4
To view the current NTP server used by the switch, enter the ntphost command at the prompt
with no address. A message similar to the following is shown:
current host is 1.1.1.4
Specify a Password to Use for Authenticated Requests
The ntppasswd command allows you to specify a password that must be entered when
making configuration requests. The password must correspond to the key configured for use
by the NTP server.
To specify a password:
1. Enter the ntppasswd command at the system prompt. A prompt displays asking for the
Key ID number for the server, as shown:
Keyid:
Enter the key ID number for the server (as specified in the key file) and press <return>.
2. The following prompt appears requesting a password, as shown:
Password:
Enter the new password. This password is now required before making a configuration
request of the server.
Set Key ID to Use for Authenticated Requests
The ntpkeyid command allows you to specify a key number to be used to authenticate configuration requests. This must correspond to the key number the server has been configured to
use in the key file.
To set a new key ID, enter the ntpkeyid command as shown:
ntpkeyid <value>
where <value> is the new key ID number. For example, to set the key ID to 2, you would
enter the following:
ntpkeyid 2
To view the currently configured key ID, enter the ntpkeyid command at the prompt and press
<return>. A message similar to the following is shown:
keyid is 2
Page 12-34
NTP Administration Menu
Set Key Type to Use for Authenticated Requests (DES|MD5)
NTP supports two types of encryption: DES or MD5. If you decide to use encryption to
authenticate NTP information and configuration requests, you must specify which type of
encryption to use.
To specify an encryption type enter the ntpkeytype command as shown:
ntpkeytype <value>
where <value> is either DES or MD5. For example, to set the key type to MD5, you would
enter:
ntpkeytype MD5
To view the currently specified key type, enter the ntpkeytype command at the system
prompt, and press <return>. A message similar to the following is displayed:
keytype is MD5
Set a System Flag (Auth, Bclient, Monitor, Stats)
The ntpenable command provides a way to enable various server options by creating flags
added to NTP messages sent to the server.
To set a system flag, enter the ntpenable command as shown:
ntpenable <flag>
where <flag> is the type of flag the server will receive. There are six flag types that can be set:
auth
This flag causes the server to synchronize with unconfigured
peers only if the peer has been correctly authenticated using a
trusted key and key identifier. The default for this flag is
disabled (off).
bclient
This flag causes the server to listen for a message from a broadcast or multicast server, following which an association is automatically instantiated for that server. The default for this flag is
disabled (off).
monitor
This flag enables the monitoring facility. The default for this flag
is disabled (off).
stats
This flag enables the statistics facility file generator. The default
for this flag is enable (on).
When you have finished specifying a flag, press <enter>. A brief message appears to confirm
the operation.
Clear a System Flag (Auth, Bclient, Monitor, Stats)
The ntpdisable command allows you to remove previously set flags from NTP messages sent to
the server.
To disable a flag, enter the ntpdisable command as follows:
ntpdisable <flag>
where <flag> is the type of flag the server will receive. There are six flag types that can be set
and removed. The flags are described in the section Set a System Flag (Auth, Bclient, Monitor,
Stats) on page 12-35.
Page 12-35
NTP Access Control Menu
NTP Access Control Menu
To view the NTP Access Control Menu, enter the ntaccess command at the system prompt. If
you are using verbose mode the NTP configuration menu is displayed. Otherwise, enter a
question mark (?) at the prompt to display this menu:
Command
--------------ntpreqk
ntpctlk
ntpckey
ntpvkey
ntpdkey
ntpauth
ntpcres
ntpvres
ntpmres
ntpdres
ntpctrap
ntpvtrap
ntpdtrap
NTP Access Control Menu
-------------------------------------------------------change the request message authentication keyid
change the control message authentication keyid
add one or more key ID's to the trusted list
display the trusted key ID list
remove one or more key ID's from the trusted list
display the state of the authentication code
create restrict entry/add flags to entry
view the server's restrict list
remove flags from a restrict entry
delete a restrict entry
configure a trap in the server
display the traps set in the server
remove a trap (configured or otherwise) from the server
Related Menus:
Ntconfig Ntinfo
Ntstats
Ntadmin
Ntaccess
The main menu options are shown in the Related Menus list for quick access if you need to
change menus.
Change the Request Message Authentication Key ID
There are two types of messages an NTP entity can send to another NTP entity: request and
control. Request messages ask for information from the NTP entity such as timestamp information, statistics, etc. It is possible to change the authentication key identifier for request
messages sent from the switch to another NTP entity.
To change the authentication key ID, enter the ntpreqk command as shown:
ntpreqk <value>
where <value> is the new key ID. Press <return>, and a brief message is displayed confirming
the operation.
♦ Note ♦
The authentication key ID must match in both the
switch sending the message and the switch receiving
the message.
Page 12-36
NTP Access Control Menu
Change the Control Message Authentication Key ID
There are two types of messages an NTP entity can send to another NTP entity: request and
control. Control messages attempt to change the configuration of the NTP entity in some fashion. It is possible to change the authentication key identifier for control messages sent from
the switch to another NTP entity.
To change the authentication key ID, enter the ntpctlk command as shown:
ntpctlk <value>
where <value> is the new key ID. Press <return>, and a brief message is displayed confirming
the operation.
♦ Note ♦
The authentication key ID must match in both the
switch sending the message, and the switch receiving
the message.
Add One or More Key ID's to the Trusted List
The trusted list in the key file is a list of all keys that are considered authentic and uncompromised. Messages from an NTP entity using one of these keys are accepted and acted upon. It
is possible to add a key to the trusted list.
To add a key ID to the trust list in the key file, enter the ntpckey command as shown:
ntpckey <value>
where <value> is the new key ID to be added to the trusted list. For example, to add key ID 5
to the trusted list, enter the following:
ntpckey 5
A brief message is displayed confirming the operation.
♦ Note ♦
Adding a key ID using the ntpckey command adds the
key to the working version of the key file in the
switch’s RAM. If you reset the switch or re-initialize
NTP, the added key is lost.
Display the Trusted Key ID List
The trusted list in the key file is a list of all keys that are considered authentic and uncompromised. Messages from an NTP entity using one of these keys are accepted and acted upon.
To display a list of the trusted keys for this NTP client or server, enter the ntpvkey command at
the system prompt. A list of the key numbers accepted by this client or server is displayed.
For more information on authentication, see NTP and Authentication on page 12-4.
Page 12-37
NTP Access Control Menu
Remove One or More Key ID's from the Trusted List
The trusted list in the key file is a list of all keys that are considered authentic and uncompromised. Messages from an NTP entity using one of these keys are accepted and acted upon. It
is possible to remove a key from the trusted list.
To remove a key ID from the trusted list, enter the ntpdkey command as shown:
ntpdkey <value>
where <value> is the new key ID to be remove from the trusted list. For example, to remove
key ID 5 from the trusted list, enter the following:
ntpdkey 5
A brief message is displayed confirming the operation.
♦ Note ♦
Removing a key ID using the ntpdkey command
removes the key from the working version of the key
file in the switch’s RAM. If you reset the switch or reinitialize NTP, the removed key is reinstated.
Display the State of the Authentication Code
The ntpauth command allows you to look at the statistics of the authentication routine. These
statistics consist of counters for various functions of the authentication code.
To view the statistics of the authentication code, enter the ntpauth command at the system
prompt. A screen similar to the following is shown:
time since reset:
key lookups:
keys not found:
uncached keys:
encryptions:
decryptions:
0
0
0
0
0
0
Field Descriptions
The following sections explains the fields displayed using the ntpauth command.
time since reset.
key lookups.
The number of seconds since the last restart of the switch.
The number of times the switch has examined the key file to find a key.
keys not found.
The number of times the switch failed to find a key in its key file.
uncached keys.
The number of keys added to the key file using the ntpckey command.
encryptions. The number of times the switch sent NTP messages or information out in
encrypted form.
decryptions.
The number of times the switch received NTP messages of information that was
encrypted, and successfully decrypted the information.
Page 12-38
NTP Access Control Menu
Create Restrict Entry/Add Flags to Entry
It is possible to place restriction flags on specific NTP entities in relation to the switch. Restriction flags prevent messages or information coming from the NTP entity from affecting the
switch.
To create a restriction flag, enter the ntpcres command as shown:
ntpcres <address> <mask> <restriction>
where <address> is the IP address of the NTP entity, <mask> is the entity’s subnet mask, and
<restriction> is the specific flag you want to place on the entity. For example to put an ignore
restriction on an entity with address 1.1.1.1 and a subnet mask of 255.255.0.0, enter the
following:
ntpcres 1.1.1.1 255.255.0.0 ignore
The following is a list of possible restriction flags that can be used:
ignore
Ignore all packets from hosts which match this entry. If this flag
is specified neither queries nor time server polls will be
responded to.
noquery
Ignore all NTP information queries and configuration requests
from the source. Time service is not affected.
nomodify
Ignore all NTP information queries and configuration requests
that attempt to modify the state of the server (i.e., run time
reconfiguration). Queries which return information are permitted.
notrap
Decline to provide control message trap service to matching
hosts. The trap service is a subsystem of the control message
protocol which is intended for use by remote event logging
programs.
lowpriotrap
Declare traps set by matching hosts to be low priority. The
number of traps a server can maintain is limited (the current
limit is 3). Traps are usually assigned on a first come, first serve
basis, with later trap requestors being denied service. This flag
modifies the assignment algorithm by allowing low priority
traps to be overridden by later requests for normal priority
traps. For more information on setting traps see Configure a
Trap in the Server on page 12-41
noserve
Ignore NTP packets other than information queries and configuration requests. In effect, time service is denied, though queries
may still be permitted.
nopeer
Provide stateless time service to polling hosts, but do not allocate peer memory resources to these hosts even if they otherwise might be considered useful as future synchronization
partners.
notrust
Treat these hosts normally in other respects, but never use
them as synchronization sources.
Page 12-39
NTP Access Control Menu
limited
These hosts are subject to a limitation of the number of clients
from the same net. Net in this context refers to the IP notion of
net (class A, class B, class C, etc.). Only the first client limit
hosts that have shown up at the server and that have been
active during the last client limit period (in seconds) are
accepted. Requests from other clients from the same net are
rejected. Only time request packets are taken into account.
Query packets sent by the ntpq and xntpdc programs are not
subject to these limits. A history of clients is kept using the
monitoring capability of xntpd. Thus, monitoring is always
active as long as there is a restriction entry with the limited flag.
For more information on enabling monitoring, see Turn the
Server's Monitoring Facility On or Off on page 12-31.
ntpport
This is actually a match algorithm modifier, rather than a restriction flag. Its presence causes the restriction entry to be matched
only if the source port in the packet is the standard NTP UDP
port (123). Both ntpport and non-ntpport may be specified. The
ntpport is considered more specific and is sorted later in the list.
View the Server's Restrict List
The ntpvres command allows you to view a list of all the configured restrictions for the
switch. To view a list of configured restriction, enter the ntpvres command at the system
prompt. A screen similar to the following appears:
address
mask
count
flags
==============================================================
0.0.0.0
0.0.0.0
12
none
127.0.0.1
255.255.255.255
0
ntpport, ignore
Field Descriptions
The following section describes the fields displayed with the ntpvres command.
address.
mask.
The IP address of the NTP entity for which flags have been configured.
The subnet mask of the NTP entity for which flags have been configured.
count.
The number of NTP messages from the NTP entity that have been affected by the
configured flags.
flags.
The flags configured for this NTP entity. For a description of all possible flags, see
Create Restrict Entry/Add Flags to Entry on page 12-39.
Page 12-40
NTP Access Control Menu
Remove Flags from a Restrict Entry
It is possible to place restriction flags on specific NTP entities in relation to the switch. Restriction flags prevent messages or information coming from the NTP entity from affecting the
switch.
To remove a restriction flag from an NTP entity, enter the ntpmres command as shown:
ntpmres <address> <mask> <restriction>
where <address> is the IP address of the NTP entity, <mask> is the entity’s subnet mask, and
<restriction> is the specific flag you want to remove from the entity. For example, to remove
an ignore restriction from an entity with address 1.1.1.1 and a subnet mask of 255.255.0.0,
enter the following:
ntpmres 1.1.1.1 255.255.0.0 ignore
Delete a Restrict Entry
To remove an entry completely from the restriction list, enter the ntpdres command in the
following manner:
ntpdres <address> <mask>
where <address> is the IP address of the NTP entity, and <mask> is the entity’s subnet mask.
For example to remove an entity with address 1.1.1.1 and a subnet mask of 255.255.0.0, enter
the following:
ntpmres 1.1.1.1 255.255.0.0
This entity will no longer be listed in the restriction list and has no restriction flags placed on
messages it sends to the switch.
Configure a Trap in the Server
The ntpctrap command allows you to set a trap receiver for the given address and port
number. The trap receiver will log event messages and other information for the server in a
log file.
To create a trap receiver, enter the ntpctrap command in the following manner:
ntpctrap <address> [<port>] [<interface>]
where address is the IP address of the switch. There are two optional items you can specify:
port
The port on the switch used for sending NTP messages. If no
port is specified, a default port of 18447 is used.
♦ Note ♦
This is the TCP and UDP definition of a port, not a
switch interface port.
interface
The local interface address for this NTP entity. If no interface is
specified, the interface for the local NTP entity is used. For
more information on interface addresses, see Display Peer
Summary Information on page 12-16.
Page 12-41
NTP Access Control Menu
Display the Traps Set in the Server
The ntpvtrap command allows you to view a list of trap receivers set for the server. To view
the trap list, enter the ntpvtrap command at the system prompt. A display similar to the
following is shown:
address 127.0.0.1, port 18447
interface: 0.0.0.5, configured
set for 0 seconds, last set 0 seconds ago
sequence 1, number of resets 1
Field Descriptions
The following section describes the fields shown with the ntpvtrap command.
address.
port.
The address of the server where the trap was set.
The port on which the server is listening for NTP messages.
♦ Note ♦
This is the TCP and UDP definition of a port, not a
switch interface port.
interface.
The local interface address of the NTP server.
set for n seconds.
last set.
The time the trap was initially set.
The time in seconds from when the last trap was set for this server.
sequence.
The number of times the trap was set.
number of resets.
The number of times the trap has been reset.
Remove a Trap (Configured or Otherwise) from the Server
The ntpdtrap command allows you to remove a trap receiver for the given address. The trap
receiver will log event messages an other information for the server in a log file.
To delete a trap receiver, enter the ntpdtrap command in the following manner:
ntpctrap <address> [<port>] [<interface>]
where address is the IP address of the switch. There are two optional items you can specify:
port.
The port on the switch used for sending NTP messages.
♦ Note ♦
This is the TCP/IP and UDP definition of a port, not a
switch interface port.
interface.
Page 12-42
The local interface address for this NTP entity. For more information on interface addresses, see Display Peer Summary Information on page 12-16.
13
SNMP (Simple Network
Management Protocol)
Introduction
Simple Network Management Protocol (SNMP) is an application layer protocol that allows
network devices to exchange management information. SNMP works by sending messages,
called protocol data units (PDUs), to network devices. Network administrators use SNMP to
monitor network performance and to solve network problems.
An SNMP-managed network is comprised of three fundamental parts: agents, managed
devices, and network management systems (NMSs). An agent, which resides within a
managed device (i.e., a switch), is responsible for translating its local knowledge of management information into a form compatible with SNMP. When certain defined asynchronous
events occur within a switch, the managed device sends traps, using the SNMP protocol, to a
designated NMS. The NMS then views and monitors the switch’s information through management software applications such as HP Open View or X-Vision.
SNMP parameters and traps are configurable through the snmpc command. For more information on this command, refer to Configuring SNMP Parameters and Traps on page 13-2. You
can view SNMP statistics through the snmps command. For more information on this
command, refer to Viewing SNMP Statistics on page 13-8. Both of these commands are also
listed on the Networking menu.
Page 13-1
Configuring SNMP Parameters and Traps
Configuring SNMP Parameters and Traps
The snmpc command allows you to configure SNMP parameters and set traps that will be sent
to network management stations. The snmpc command also enables you to add, modify, or
delete SNMP parameters. The snmpc command is listed under the Networking menu. For more
information about the networking menu, see Chapter 25, “IP Routing.” To configure SNMP
parameters, enter the following command:
snmpc
A screen similar to the following displays:
SNMP current configuration:
1)
2)
3)
4)
5)
6)
7)
Process SNMP Packets
Utilization Threshold
Set Community Name
Get Community Name
Trap Community Name
Broadcast Traps
0 Unicast Traps
- enabled
- 60%
- public
- public
- public
- disabled
- disabled
(save/quit/cancel)
:
• To change a value, enter the number corresponding to that value, an equal sign (=), and
the new value. For example, to enable broadcast traps, enter 5=enabled.
• To clear an entry, specify the value as a period (.), as in 2=. Note that true/false values and
enabled/disabled values cannot be cleared.
• To save all your modifications, enter save.
• To cancel all your modifications, enter Cancel or Ctrl-C .
• To view the parameters currently configured, enter a question mark (?).
1) Process SNMP Packets
To enable or disable SNMP, enter 1, an equal sign (=), and the enable or disable command.
The following is an example:
1=enable
2) Utilization Threshold
Utilization is the percentage of time that a resource is in use over a given period of time.
Setting the Utilization Threshold places an upper limit on system utilization. To set this value,
enter 2, an equal sign (=), and an integer between 1 and 99 to represent percentage of time in
use. The default Utilization Threshold is 60%.
2=60%
Page 13-2
Configuring SNMP Parameters and Traps
3) Set Community Name
The Set Community Name variable is a password (up to 16 characters) that enables NMS
stations to read and write objects through SNMP. The default Set Community Name is “public,”
which allows all NMS stations read access to readable objects. If you want to specify a Set
Community Name password, enter a 2, an equal sign (=), and the new Set Community Name.
The following is an example:
2=alpha
♦ Note ♦
Set Community Names with spaces must be enclosed in
quotations (e.g., “test lab”).
4) Get Community Name
The Get Community Name variable is a password (up to 16 characters) that enables NMS
stations to read objects defined in the MIBs. The default Get Community Name is “public,”
which allows all NMS station read access to readable objects. If you want to specify a Get
Community Name password, enter a 2, an equal sign (=), and the new Get Community Name.
The following is an example display:
2=beta
♦ Note ♦
Get Community Names with spaces must be enclosed
in quotations (e.g., “data center”).
5) Trap Community Name
The Trap Community Name (up to 16 characters) is a password that enables NMS stations to
collect traps (provided the NMS stations are configured with the same corresponding Trap
Community Name). The default Trap Community Name is “public,” which allows the switch
to send traps to all NMS stations configured with the Trap Community Name, “public.” If you
want to specify a Trap Community Name password, enter a 4, an equal sign (=), and the new
Trap Community Name. The following is an example display.
4=trap1
♦ Note ♦
Trap Community Names with spaces must be enclosed
in quotations (e.g., “trap 1”).
Page 13-3
Configuring SNMP Parameters and Traps
6) Broadcast Traps
When broadcast traps are enabled, the switch transmits traps to all NMS stations in the default
group. If you enable this parameter, unicast traps (see option 6 below) will automatically be
disabled. The default for broadcast traps is disabled. To enable broadcast traps, enter the
following command:
5=enabled
The following prompt displays:
UDP destination port (162):
Enter the UDP destination port for the traps. UDP port 162 is the default port and is commonly
used for traps; however, the destination port can be re-defined to accommodate a network
management station using a nonstandard port.
♦ Note ♦
The destination port configured here must correspond to the UDP destination port configured at the
receiving network management station(s).
7) Unicast Traps
When unicast traps are enabled, the switch transmits traps only to the IP address(es) defined
in the snmpc list below this field.
♦ Note ♦
If both broadcast and unicast traps are disabled, then
the switch does not transmit any traps.
If you enable this parameter, broadcast traps (see option 5 above) will automatically be
disabled. The default for unicast traps is disabled. To enable unicast traps, enter the following command:
6=enabled
Configuring a New Network Management Station
a. To define a new network management station, enter 8, followed by an equal sign (=), and
the IP address of the network management station to receive traps. You can define a maximum of ten network management stations. They must be numbered sequentially from 8
through 17. If network management stations are already shown on the display for this
menu, use the next highest number to add another station. The following is an example of
how to define the first network management station:
8=123.12.1.1
The following prompt displays:
Enter trap mask words 0:1 (ffffffff:ffffffff):
Each trap in the switch is assigned a mask that consists of “words”. The mask value
ffffffff:ffffffff indicates that all traps are enabled for words 0 and 1. If you want to accept
this default (all traps enabled for words 0 and 1), press <Enter>. If you want to enable
one or more specific traps for words 0 and 1, you must calculate their bit configurations
and enter the new mask value at the prompt. Trap types and their bit positions are listed
in the tables beginning on page 13-11.
Page 13-4
Configuring SNMP Parameters and Traps
Here is a sample configuration for setting a combination of traps.
Bit Configurations for Setting Traps
word 0 (4 bytes)
00 00 00 00
word 1 (4 bytes)
:
00 00 00 00
bit 0
Example:
bit 0
To set a combination of trap types, add the hex values of the bits as follows:
Trap Type
Bit Settings
Word 0
Word 1
tempAlarm
00 00 00 00 : 00 00 00 01
risingAlarm
00 00 40 00 : 00 00 00 00
fallingAlarm
00 00 80 00 : 00 00 00 00
portPartitioned
00 00 00 00 : 00 00 02 00
Total =
00 00 C0 00 : 00 00 02 01
You would then enter the total mask value of the traps, as follows:
Enter trap mask words 0:1 (ffffffff:ffffffff): 0000C000:00000201
This setting would enable only these four traps for words 0 and 1.
b. The following prompt displays:
Enter trap mask words 2:3 (ffffffff:ffffffff):
Enter the trap type(s) for words 2 and 3. If you want to accept the default (all traps
enabled for words 2 and 3), press <Enter>. To set one or more specific traps, again calculate the bit configurations and enter the new mask value at the prompt.
c. The following prompt displays:
Enter destination port (162):
Enter the UDP destination port for the traps configured above. If you choose the default in
field four, port 162, press <Enter> at the prompt.
d. The following prompt displays:
NMS state (on):
Indicate whether or not traps will be sent to this Network Management Station (the NMS
defined in step a). If the NMS state is enabled (on), the NMS will be notified of traps. Press
<Enter> to accept the default (on). If the NMS state is disabled (off), the NMS will not be
notified of traps.
Page 13-5
Configuring SNMP Parameters and Traps
e. The following prompt displays:
Special Access? (no): yes
Select whether or not this Network Management Station has special access. If you enter
yes, this NMS will have administrative privileges such as modifying, deleting, or adding to
other trap entries as well as its own. Without special access, an NMS can only update its
own entry. If you choose the default, no, simply press <Enter> at the prompt.
Save your configuration by typing save and then <Enter>.
f.
After you have saved your configuration, the prompt re-displays. The above entries will
create an NMS number 8 in the list. Traps will be sent to the IP address specified for that
NMS station (provided the NMS state is on and unicast traps are enabled).
To view your new SNMP configuration, enter the snmpc command. The following is a
sample display of the output from the snmpc command after the above sample configuration:
SNMP current configuration:
1)
2)
3)
4)
5)
6)
7)
8)
Process SNMP Packets
Utilization Threshold
Set Community Name
Get Community Name
Trap Community Name
Broadcast Traps
1 Unicast Traps
NMS IP address
- enabled
- 60%
- admin
- public
- trap1
- disabled
- enabled
- 123.12.1.1
/162 --bffffffff:ffffffff (on) (SA)
-- ffffffff:fffffffff
(save/quit/cancel)
:
The values that appear to the immediate right of the NMS IP address are: the UDP destination port number (162), the trap bit masks (ffffffff:bfffffff), the functional state of the NMS
(on), and the special access (SA) status (this does not appear if you selected no for special
access in step above).
To add network management stations to this current SNMP configuration, enter the next
highest entry number from the last defined NMS. For example, if you wanted to add
another NMS to the above sample configuration, you would enter the following:
9=123.22.2.2
Page 13-6
Configuring SNMP Parameters and Traps
Please note that any additional NMS entries must have a unique IP address. Repeat steps b
through f to continue configuring additional NMS entries. Once you save your configuration and re-enter the snmpc command at the prompt, the screen refreshes to include the
new NMS entry. The following is a sample display:
SNMP current configuration:
1)
2)
3)
4)
5)
6)
7)
8)
Process SNMP Packets
Utilization Threshold
Set Community Name
Get Community Name
Trap Community Name
Broadcast Traps
1 Unicast Traps
NMS IP address
9)
NMS IP address
- enabled
- 60%
- public
- public
- public
- disabled
- enabled
- 123.12.1.1
- 123.22.2.2
/162 -- ffffffff:bfffffff (on) (SA
-- ffffffff:fffffffff)
/162 -- ffffffff:ffffffff (on)
-- ffffffff:fffffffff
(save/quit/cancel)
:
g. To delete an IP address added to this list, enter the NMS index number of the entry
followed by the decimal (.) character. The following example would delete the NMS IP
address listed at number 9.
9=.
Page 13-7
Configuring SNMP Parameters and Traps
Viewing SNMP Statistics
The snmps command is used to display SNMP statistics. The command displays the SNMP
activities since the last time the switch was powered on, or since the last Reset was executed.
It also displays a list of the current traps.
The snmps command is listed on the Networking menu. For more information about the
networking menu, see Chapter 25, “IP Routing.” To display SNMP statistics, enter the following command:
snmps
A screen similar to the following displays:
SNMP Statistics
In
Total Packets
67
Bad Versions
0
Bad Community Names
0
Bad Community Use
0
Bad Type Discards
0
ASN Parse Errors
0
Too Big Errors
0
No Such Name Errors
0
Bad Value Errors
0
Read Only Errors
0
General Errors
0
Total Variable Requests
186
Total Set Variable Requests
0
Get Requests
17
Get Next Requests
50
Set Requests
0
Get Responses
0
Authentication Trap Enables:
0
Traps
0
Out
67
0
1
0
0
0
0
0
0
67
0
Trap generation is ENABLED to these management stations:
198.206.1.1
/162 -- ffffffff:bfffffff (on )
198.2.1.1
/162 -- ffffffff:7fffffff (off) (SA)
Total Packets
The total number of packets received and sent.
Bad Versions
The total number of SNMP messages delivered to the switch SNMP protocol entity that were
for an unsupported SNMP version.
Bad Community Names
The total number of SNMP message names delivered to the switch SNMP protocol entity that
used an unknown SNMP community name.
Bad Community Use
The total number of SNMP messages delivered to the SNMP protocol entity which represented
an SNMP operation that was not allowed by the SNMP community named in the message.
Page 13-8
Configuring SNMP Parameters and Traps
Bad Type Discards
The total number of SNMP entries discarded because the request type was not recognized.
ASN Parse Errors
The total number of ASN.1 or BER errors encountered by the SNMP protocols entity when
decoding received SNMP Messages.
Too Big Errors
The total number of SNMP PDUs delivered to the SNMP protocol entity with a value in the
error-status field of ‘tooBig’.
No Such Name Error
The total number of SNMP PDUs delivered to the SNMP protocol entity with value in the errorstatus field of ‘noSuchName’.
Bad Value Errors
The total number of valid SNMP PDUs delivered to the SNMP protocol entity with a value in
the error-status field of ‘readOnly.’ It is a protocol error to generate an SNMP PDU that
contains the value ‘readOnly’ in the error-status field; as such this object is provided as a
means of detecting incorrect implementations of the SNMP.
Read Only Errors
The total number of valid SNMP PDUs delivered to the SNMP protocol entity for with an errorstatus field value of ‘Read Only’.
General Errors
The total number of SNMP PDUs delivered to the switch SNMP protocol entity with an errorstatus field value of ‘GenError’.
Total Variable Requests
The total number of MIB objects from which Requests have been retrieved successfully by the
SNMP protocol entity as the result of receiving valid SNMP Get-Request and Get-Next PDUs.
Total Set Variable Requests
The total number of MIB objects from which Requests have been retrieved successfully by the
SNMP entity as the result of receiving valid SNMP Set-Request PDUs.
Get Requests
The total number of SNMP Get-Request PDUs accepted and processed by the switch SNMP
protocol entity.
Page 13-9
Configuring SNMP Parameters and Traps
Get Next Requests
The total number of SNMP Get-Next PDUs accepted and processed by the switch SNMP protocol entity.
Set Requests
The total number of SNMP Set-Request PDUs which have been accepted and processed by the
switch SNMP protocol entity.
Get Responses
The total number of SNMP Response PDUs accepted and processed by the switch SNMP protocol entity.
Authentication Trap Enables
Indicates whether the SNMP agent Enable process is permitted to generate authentication-failure traps. The value of this object overrides any configuration information, providing a means
to enable all authentication-failure traps.
Traps
The number of SNMP Trap PDUs generated by the SNMP protocol entity. Traps are broadcast
only.
Traps are broadcast only
This appears if traps are set to broadcast. The address is the broadcast address of the default
VLAN of AutoTracker group 1.
Trap generation is ENABLED to these management stations
This appears if you have used the snmpc command to set up one or more management
stations to receive traps. The trap tables on the following pages list the traps that are currently
supported.
Page 13-10
Trap Tables
Trap Tables
The following table is a summary list of the supported SNMP traps and their values.
Trap or Mask Name
Object ID
Bit
Position
Hex Value
Page
coldStart
1.3.6.1.2.1.11.0
(word 0) 0
(word 0) 1
13-15
warmStart
1.3.6.1.2.1.11.1
(word 0) 1
(word 0) 2
13-16
linkDown
1.3.6.1.2.1.11.2
(word 0) 2
(word 0) 4
13-16
linkUp
1.3.6.1.2.1.11.3
(word 0) 3
(word 0) 8
13-17
authentication failure
1.3.6.1.2.1.11.4
(word 0) 4
(word 0) 10
13-17
egpNeighborLoss
1.3.6.1.2.1.11.5
(word 0) 5
(word 0) 20
13-18
frDLCIStatusChange
1.3.6.1.2.1.11.7
(word 0) 7
(word 0) 80
13-18
ipxTrapCircuitDown
1.3.6.1.4.1.23.2.5.5.1
(word 0) 8
(word 0) 100
13-19
ipxTrapCircuitUp
1.3.6.1.4.1.23.2.5.5.2
(word 0) 9
(word 0) 200
13-19
newRoot
1.3.6.1.2.17.0.1
(word 0) 10
(word 0) 400
13-19
topologyChange
1.3.6.1.2.17.0.2
(word 0) 11
(word 0) 800
13-20
atmfVpcChange
1.3.6.1.4.1.353.0.1
(word 0) 12
(word 0) 1000
13-21
atmfVccChange
1.3.6.1.4.1.353.0.2
(word 0) 13
(word 0) 2000
13-22
rising Alarm
1.3.6.1.2.16.0.1
(word 0) 14
(word 0) 4000
13-23
falling Alarm
1.3.6.1.2.16.0.2
(word 0) 15
(word 0) 8000
13-24
dsx3LineStatusChange
1.3.6.1.2.1.10.20.15.0.1
(word 0) 16
(word 1) 1 0000
13-25
dsx1LineStatusChange
1.3.6.1.2.1.10.18.15.0.1
(word 0) 17
(word 1) 2 0000
13-26
MPLS_LDP_
THRESHOLD_MASK *
(word 0) 18
(word 0) 4 0000
POS3_STAT_CHANGE_
MASK *
(word 0) 19
(word 0) 8 0000
IMA_FAILURE_
ALARM_MASK *
(word 0) 20
(word 0) 10 0000
SYSLOG_TRAP_MASK
*
(word 0) 29
(word 0) 2000 0000
NMS_MASTER_MASK *
(word 0) 30
(word 0) 4000 0000
NMS_TRAP_DISABLE_
MASK *
(word 0) 31
(word 0) 8000 0000
* This mask name does not necessarily match the trap name.
Page 13-11
Trap Tables
Trap or Mask Name
Object ID
Bit
Position
Hex Value
Page
tempAlarm
1.3.6.1.4.1.800.3.1.1.4.0.1
(word 1) 0
(word 1) 1
13-27
moduleChange
1.3.6.1.4.1.800.3.1.1.4.0.2
(word 1) 1
(word 1) 2
13-28
powerEvent
1.3.6.1.4.1.800.3.1.1.4.0.3
(word 1) 2
(word 1) 4
13-29
controllerEvent
1.3.6.1.4.1.800.3.1.1.4.0.4
(word 1) 3
(word 1) 8
13-30
loginViolation
1.3.6.1.4.1.800.3.1.1.4.0.5
(word 1) 4
(word 1) 10
13-31
macVlanViolation
1.3.6.1.4.1.800.3.1.1.4.0.6
(word 1) 5
(word 1) 20
13-31
macDuplicatePort
1.3.6.1.4.1.800.3.1.1.4.0.7
(word 1) 6
(word 1) 40
13-32
portLinkUpEvent
1.3.6.1.4.1.800.3.1.1.4.0.8
(word 1) 7
(word 1) 80
13-33
portLinkDownEvent
1.3.6.1.4.1.800.3.1.1.4.0.9
(word 1) 8
(word 1) 100
13-34
portPartitioned
1.3.6.1.4.1.800.3.1.1.4.0.10
(word 1) 9
(word 1) 200
13-35
portRecordMismatch
1.3.6.1.4.1.800.3.1.1.4.0.11
(word 1) 10
(word 1) 400
13-36
groupChange
1.3.6.1.4.1.800.3.1.1.4.0.14
(word 1) 13
(word 1) 2000
13-37
vlanChange
1.3.6.1.4.1.800.3.1.1.4.0.15
(word 1) 14
(word 1) 4000
13-38
portMove
1.3.6.1.4.1.800.3.1.1.4.0.16
(word 1) 15
(word 1) 8000
13-39
moduleResetReload
1.3.6.1.4.1.800.3.1.1.4.0.17
(word 1) 16
(word 1) 1 0000
13-40
systemEvent
1.3.6.1.4.1.800.3.1.1.4.0.18
(word 1) 17
(word 1) 2 0000
13-41
vlanRouteTableFull
1.3.6.1.4.1.800.3.1.1.4.0.19
(word 1) 18
(word 1) 4 0000
13-42
sapTableFull
1.3.6.1.4.1.800.3.1.1.4.0.20
(word 1) 19
(word 1) 8 0000
13-42
atmSSCOPstate
1.3.6.1.4.1.800.3.1.1.4.0.21
(word 1) 20
(word 1) 10 0000
13-43
ilmiState
1.3.6.1.4.1.800.3.1.1.4.0.22
(word 1) 21
(word 1) 20 0000
13-43
atmConnection
1.3.6.1.4.1.800.3.1.1.4.0.23
(word 1) 22
(word 1) 40 0000
13-44
atmService
1.3.6.1.4.1.800.3.1.1.4.0.24
(word 1) 23
(word 1) 80 0000
13-45
dlciNew
1.3.6.1.4.1.800.3.1.1.4.0.27
(word 1) 26
(word 1) 400 0000
13-46
dlciDel
1.3.6.1.4.1.800.3.1.1.4.0.28
(word 1) 27
(word 1) 800 0000
13-47
dlciUp
1.3.6.1.4.1.800.3.1.1.4.0.29
(word 1) 28
(word 1) 1000 0000
13-48
dlciDn
1.3.6.1.4.1.800.3.1.1.4.0.30
(word 1) 29
(word 1) 2000 0000
13-49
portManualForwarding
Mode
1.3.6.1.4.1.800.3.1.1.4.0.31
(word 1) 30
(word 1) 4000 0000
13-50
fddiCFStateChange
1.3.6.1.4.1.800.3.1.1.4.0.32
(word 1) 31
(word 1) 8000 0000
13-51
duplicateIPaddress
1.3.6.1.4.1.800.3.1.1.4.0.35
(word 2) 2
(word 2) 4
13-52
duplicateMACaddress
1.3.6.1.4.1.800.3.1.1.4.0.36
(word 2) 3
(word 2) 8
13-53
Page 13-12
Trap Tables
Trap or Mask Name
Object ID
Bit
Position
Hex Value
Page
healthThresholdRising
1.3.6.1.4.1.800.3.1.1.4.0.37
(word 2) 4
(word 2) 10
13-54
healthThresholdFalling
1.3.6.1.4.1.800.3.1.1.4.0.38
(word 2) 5
(word 2) 20
13-54
healthThresholdDevice
1.3.6.1.4.1.800.3.1.1.4.0.39
(word 2) 6
(word 2) 40
13-55
healthThresholdModule
1.3.6.1.4.1.800.3.1.1.4.0.40
(word 2) 7
(word 2) 80
13-55
xylanXIPXMAPPort
StatusChange
1.3.6.1.4.1.800.3.1.1.4.0.41
(word 2) 8
(word 2) 100
13-56
xylanSIPXMAPPortState
Change
1.3.6.1.4.1.800.3.1.1.4.0.42
(word 2) 9
(word 2) 200
13-57
clkBusLineStateChange
1.3.6.1.4.1.800.3.1.1.4.0.45
(word 2) 10
(word 2) 400
13-60
xylanXIPGMAPFailed
Update
1.3.6.1.4.1.800.3.1.1.4.0.44
(word 2) 11
(word 2) 800
13-59
avlAuthAttempt
1.3.6.1.4.1.800.3.1.1.4.0.43
(word 2) 16
(word 2) 1 0000
13-58
mcpStatisticsOverflow
1.3.6.1.4.1.800.3.1.1.4.0.67
(word 2) 18
(word 2) 4 0000
13-62
mcpShortCut
1.3.6.1.4.1.800.3.1.1.4.0.68
(word 2) 19
(word 2) 8 0000
13-66
mcpIngressRetryTime
1.3.6.1.4.1.800.3.1.1.4.0.69
(word 2) 20
(word 2) 10 0000
13-67
vrrpTrapNewMasterOut
1.3.6.1.2.1.46.1.3.1.0.3
(word 2) 21
(word 2) 20 0000
13-68
vrrpAuthFailure
1.3.6.1.2.1.46.1.3.1.0.4
(word 2) 22
(word 2) 40 0000
13-69
blind-violation
1.3.6.1.4.1.800.3.1.1.1.0.46
(word 2) 23
(word 2) 80 0000
13-61
mpcStatisticsOverflow
1.3.6.1.4.1.800.3.1.1.1.0.47
(word 2) 18
(word 2) 4 0000
13-62
fddiLerFlagChange
1.3.6.1.4.1.800.3.1.1.4.0.65
(word 3) 0
(word 3) 1
13-63
fddiCLTFailCntIncr
1.3.6.1.4.1.800.3.1.1.4.0.66
(word 3) 1
(word 3) 2
13-64
oamVCAIS
1.3.6.1.4.1.800.3.1.1.4.0.71
(word 3) 10
(word 3) 400
13-70
oamVCRDI
1.3.6.1.4.1.800.3.1.1.4.0.72
(word 3) 11
(word 3) 800
13-71
oamVCLOC
1.3.6.1.4.1.800.3.1.1.4.0.73
(word 3) 12
(word 3) 1000
13-72
oamVCUnsuccessLoop
1.3.6.1.4.1.800.3.1.1.4.0.74
(word 3) 13
(word 3) 2000
13-73
oamVPAIS
1.3.6.1.4.1.800.3.1.1.4.0.75
(word 3) 14
(word 3) 4000
13-74
oamVPRDI
1.3.6.1.4.1.800.3.1.1.4.0.76
(word 3) 15
(word 3) 8000
13-75
oamVPLOC
1.3.6.1.4.1.800.3.1.1.4.0.77
(word 3) 16
(word 3) 1 0000
13-76
oamVPUnsuccessLoop
1.3.6.1.4.1.800.3.1.1.4.0.78
(word 3) 17
(word 3) 2 0000
13-77
accountEvent
1.3.6.1.4.1.800.3.1.1.4.0.86
(word 3) 21
(word 3) 20 0000
13-78
Over1Alarm
1.3.6.1.4.1.800.3.1.1.4.0.87
(word 3) 22
(word 3) 40 0000
13-78
Page 13-13
Trap Tables
Trap or Mask Name
Object ID
Bit
Position
Hex Value
Page
Under1Event
1.3.6.1.4.1.800.3.1.1.4.0.88
(word 3) 23
(word 3) 80 0000
13-79
Over2Alarm
1.3.6.1.4.1.800.3.1.1.4.0.89
(word 3) 24
(word 3) 100 0000
13-79
Under2Event
1.3.6.1.4.1.800.3.1.1.4.0.90
(word 3) 25
(word 3) 200 0000
13-80
Over3Alarm
1.3.6.1.4.1.800.3.1.1.4.0.91
(word 3) 26
(word 3) 400 0000
13-80
Under3Event
1.3.6.1.4.1.800.3.1.1.4.0.92
(word 3) 27
(word 3) 8000 0000
13-81
NoDeviceAlarm
1.3.6.1.4.1.800.3.1.1.4.0.93
(word 3) 28
(word 3) 1000 0000
13-81
FileAlarm
1.3.6.1.4.1.800.3.1.1.4.0.94
(word 3) 29
(word 3) 2000 0000
13-82
ldpPeerCreate
1.3.6.1.4.1.800.3.1.1.4.0.80
(word 3) 5
(word 3) 20
13-83
ldpPeerDelete
1.3.6.1.4.1.800.3.1.1.4.0.81
(word 3) 6
(word 3) 40
13-84
ldpSessionCreate
1.3.6.1.4.1.800.3.1.1.4.0.82
(word 3) 17
(word 3) 80
13-85
ldpSessionDelete
1.3.6.1.4.1.800.3.1.1.4.0.83
(word 3) 8
(word 3) 100
13-86
lecStateChangeEvent
1.3.6.1.4.1.800.3.1.1.4.0.96
(word 2) 26
(word 2) 40 0000
13-87
Page 13-14
Trap Tables
SNMP Standard Traps
This section lists the standard traps that are defined within RFC (MIB) documents. These traps
signify events as they occur on common network devices. The following information on traps
is provided in the tables.
Trap. The object name of the trap as it is defined in the corresponding MIB (Management
Information Base). Alcatel supports standardized and proprietary MIBS.
Object ID.
The SNMP object identifier (OID) for this trap.
Description.
A brief explanation describing the circumstances under which a specific trap is
generated.
Bit Position. The
trap’s specific position in a bit mask (a bit mask is a binary notation which
represents a combination of all four trap words). By mapping a specific trap to its binary position, you can determine whether or not a trap is enabled. For example, a trap is enabled if its
corresponding bit is set to 1 and disabled if its corresponding bit is set to 0.
Word. A word is a set of four consecutive bytes within a system’s memory. Alcatel allocates a
total of four words for trap representation. Each of the 32 bit positions within a word corresponds to a specific trap. The first word, Word 0, contains only standard traps as they are
defined within RFC (MIB) documents. Words 1, 2, and 3 contain Alcatel-specific traps.
Hex Value. The
resulting hexadecimal value of the bit mask.
Trap Text and Variable Description. Trap
text is a brief statement containing additional information that can help you narrow down the source of the trap, such as slot/port numbers,
module types, and MAC addresses (variable descriptions have been added for your convenience). When a specific trap is triggered, it may display in various text formats, depending
on the software application through which it is viewed. The trap text in the following tables
are examples of trap text displayed through the HP OpenView Alarm Log and the Traps
window in X-Vision Discovery. For more information on X-Vision, see the on-line documentation included with the application.
Trap
coldStart
Object ID
1.3.6.1.2.1.11.0
Description
The sending protocol entity is re-initializing itself such that the agent’s
configuration or the protocol entity implementation may be altered.
Bit Position
(Word 0)
0
Hex Value
(Word 0)
1
Trap Text
and
Variable
Descriptions
Cold Start
Page 13-15
Trap Tables
Trap
warmStart
Object ID
1.3.6.1.2.1.11.1
Description
The sending protocol entity is re-initializing itself such that neither the
agent’s configuration nor the protocol entity implementation may be
altered.
Bit Position
(Word 0)
1
Hex Value
(Word 0)
2
Trap Text
and
Variable
Descriptions
Warm Start
Trap
linkDown
Object ID
1.3.6.1.2.1.11.2
Description
The sending protocol entity recognizes a failure in one of the communication links represented in the agent’s configuration.
Bit Position
(Word 0)
2
Hex Value
(Word 0)
4
Trap Text
and
Variable
Descriptions
Link Down (port 1)
Port Index. The physical port number
that identifies the failed communication link.
Page 13-16
Trap Tables
Trap
linkUp
Object ID
1.3.6.1.2.1.11.3
Description
The sending protocol entity recognizes that one of the communication
links represented in the agent’s configuration has come up.
Bit Position
(Word 0)
3
Hex Value
(Word 0)
8
Trap Text
and
Variable
Descriptions
Link Up (port 1)
Port Index. The physical port number
that identifies where the communication link has come up.
Trap
authenticationFailure
Object ID
1.3.6.1.2.1.11.4
Description
The sending protocol entity is the addressee of a protocol message that is
not properly authenticated.
Bit Position
(Word 0)
4
Hex Value
(Word 0)
10
Trap Text
and
Variable
Descriptions
Authentication Failure
Page 13-17
Trap Tables
Trap
egpNeighborLoss
Object ID
1.3.6.1.2.1.11.5
Description
An EGP neighbor for whom the sending protocol entity was an EGP peer
has been marked down and the peer relationship no longer exists.
Bit Position
(Word 0)
5
Hex Value
(Word 0)
20
Trap Text
and
Variable
Descriptions
Neighbor Loss (neigh addr 192.168.10.1)
Neighbor IP Address. The IP address
of this entry’s EGP neighbor.
Trap
frDLCIStatusChange
Object ID
1.3.6.1.2.1.11.6
Description
This trap is sent when the indicated virtual circuit has changed state. It
has either been created or invalidated, or has toggled between the active
and inactive states. However, if the reason for the state change is due to
the DLCMI going down, traps should not be generated for each DLCI.
Bit Position
(Word 0)
7
Hex Value
(Word 0)
80
Variable
Description
frCircuitIfIndex - The ifIndex value of the ifEntry this virtual circuit is lay-
ered into.
frcircuitDlci - The DLCI for this virtual circuit.
frCircuitState - Indicates whether this virtual circuit
Page 13-18
is active or inactive.
Trap Tables
Trap
ipxTrapCircuitDown
Object ID
1.3.6.1.4.1.23.2.5.5.1
Description
This trap indicates that the specified circuit has gone down.
Bit Position
(Word 0)
8
Hex Value
(Word 0)
100
Variable
Description
ipxCircSysInstance - The identifier of this instance of IPX.
ipxCircIndex - The identifier of this circuit, for this instance
Trap
ipxTrapCircuitUp
Object ID
1.3.6.1.4.1.23.2.5.5.2
Description
This trap indicates that the specified circuit has come up.
Bit Position
(Word 0)
9
Hex Value
(Word 0)
200
Variable
Description
ipxCircSysInstance - The identifier of this instance of IPX.
ipxCircIndex - The identifier of this circuit, for this instance
Trap Type
newRoot
Object ID
1.3.6.1.2.1.17.0.1
Description
Sent by a bridge that became the new root of the Spanning Tree.
Bit Position
(Word 0)
10
Hex Value
(Word 0)
400
Trap Text
and
Variable
Descriptions
of IPX.
of IPX.
Spanning Tree: A new agent has become the root of the Spanning Tree.
Page 13-19
Trap Tables
Trap
topologyChange
Object ID
1.3.6.1.2.1.17.0.2
Description
A bridge’s configured ports either transitioned from Learning state to Forwarding state or from Forwarding state to Blocking state. This trap will
not be sent if a newRoot trap was sent for the same transition.
Bit Position
(Word 0)
11
Hex Value
(Word 0)
800
Trap Text
and
Variable
Descriptions
Page 13-20
Spanning Tree: A configured port’s state has transitioned.
Trap Tables
Trap
atmfVpcChange
Object ID
1.3.6.1.4.1.353.0.1
Description
Either a permanent VPC was added or deleted at this ATM interface, or an
existing VPC was modified.
Bit Position
(Word 0)
12
Hex Value
(Word 0)
1000
Trap Text
and
Variable
Descriptions
A permanent VPC has been added or deleted at this ATM Interface, or the
attributes of an existing VPC have been modified (index 0, Vpi 2, Status 3)
Port Index. The port number of this
ATM interface. Valid values range
from 0 to 2147483647.
VPI. The Virtual Path Identifier at
this ATM interface. Valid values
range from 0 to 4095.
Operational Status . The present operating status of the
VPC. The following integers are valid values:
1 unknown
2 end2endUp
3
end2endDown
4
localUpEnd2endUnknown
5 localDown
Page 13-21
Trap Tables
Trap
atmfVccChange
Object ID
1.3.6.1.4.1.353.0.2
Description
Either a permanent VCC was added or deleted at this ATM interface, or an
existing VCC was modified.
Bit Position
(Word 0)
13
Hex Value
(Word 0)
2000
Trap Text
and
Variable
Descriptions
A permanent VCC has been added or deleted at this ATM Interface, or the
attributes of an existing VPC have been modified (index 0, Vpi 2, Vci 6,
status 3)
Operational Status . The present
operational status of the VCC.
The following integers are valid
values:
1 unknown
2 end2endUp
3
end2endDown
4
localUpEnd2endUnknown
5 localDown
Port Index. The port number which
identifies this ATM interface. Valid
values range from 0 to
2147483647.
VPI. The Virtual Channel Identi-
fier at this ATM interface. Valid
values range from 0 to 4095. For
virtual interfaces, this value has
no meaning and is set to zero.
VCI. The Virtual Channel Identifier at this ATM interface. Valid values range from 0 to 65535. For
virtual interfaces, this value has no
meaning and is set to zero.
Page 13-22
Trap Tables
Trap
risingAlarm
Object ID
1.3.6.1.2.1.16.0.1
Description
The value of an Ethernet statistical variable (i.e., a member of the Ethernet statistics group as defined by RFC 1757) has exceeded its rising
threshold. The variable’s rising threshold and whether it will generate an
SNMP trap for this condition are configured by a network management
station running RMON.
Bit Position
(Word 0)
14
Hex Value
(Word 0)
4000
Trap Text
and
Variable
Descriptions
Variable. The MIB object identifier
for the variable being sampled.
Alarm Index . An index value for this entry in the
alarm table. Each entry defines a diagnostic sample
at a particular interval for an object on the device.
An RMON alarm entry crossed its rising threshold (index 25 var 2 type 1
value 201 rising threshold 200)
Value . The value of the statistic
during the last sampling period.
For example, if the sample method is Delta Value, this value will
be the difference between the
samples at the beginning and end
of the period. If the sample method is Absolute Value, this value
will be the sampled value at the
end of the period. This is the
value that is compared with the
rising threshold.
Sampling Method. The method of sampling
the selected variable and calculating the
value for comparison with the thresholds.
Possible values are integers 1 and 2:
1 Absolute Value. The value of the
selected variable will be compared
directly with the thresholds at the end
of the sampling interval.
2 Delta Value. The value of the selected
variable at the last sample will be subtracted from the current value, and the
difference compared with the thresholds.
Rising Threshold. A threshold for the sampled statistic. This
trap is generated when the current sampled value is
greater than or equal to this threshold, and the value at
the last sampling interval was less than this threshold.
After a rising event is generated, another such event will
not be generated until the sampled value falls below this
threshold and reaches the Falling Threshold value.
Page 13-23
Trap Tables
Trap
fallingAlarm
Object ID
1.3.6.1.2.1.16.0.2
Description
The value of an Ethernet statistical variable (i.e., a member of the Ethernet statistics group as defined by RFC 1757) has dipped below its falling
threshold. The variable’s falling threshold and whether it will generate an
SNMP trap for this condition are configured by a network management
station running RMON.
Bit Position
(Word 0)
15
Hex Value
(Word 0)
8000
Trap Text
and
Variable
Descriptions
Variable. The MIB object identifier
for the variable being sampled.
Alarm Index. An index value for this entry in the
alarm table. Each entry defines a diagnostic sample
at a particular interval for an object on the device.
An RMON alarm entry crossed its falling threshold (index 25 var 2 type 1
value 100 falling threshold 9)
Value. The value of the statis-
tic during the last sampling
period. For example, if the
sample method is Delta Value, this value will be the difference between the samples
at the beginning and end of
the period. If the sample
method is Absolute Value,
this value will be the sampled
value at the end of the period. This is the value that is
compared with the falling
threshold.
Sampling Method. The method of sampling
the selected variable and calculating the
value for comparison with the thresholds.
Possible values are:
1 Absolute Value. The value of the
selected variable will be compared
directly with the thresholds at the end
of the sampling interval.
2 Delta Value. The value of the selected
variable at the last sample will be subtracted from the current value, and the
difference compared with the thresholds.
Falling Threshold . A threshold for the sampled statistic.
This trap is generated when the current sampled value is
less than or equal to this threshold, and the value at the
last sampling interval was more than this threshold.
After a falling event is generated, another such event will
not be generated until the sampled value rises above this
threshold and reaches the Rising Threshold value.
Page 13-24
Trap Tables
Trap Type
dsx3LineStatusChange
Object ID
1.3.6.1.2.1.10.30.15.0.1
Description
The value of an instance dsx3LineStatus changed.
Bit Position
(Word 0)
16
Hex Value
(Word 1)
1 0000
Trap Text
and
Variable
Descriptions
Line Status Change (line status 1, last change 4)
DSX3 Line Status. The line status of
the interface. It contains loopback,
failure, received alarm, and transmitted alarm information. Valid
values range from 1 to 8191.
Last Change. The last value of MIB II’s
sysUpTime object at the time this DS3
entered its current line status state. If
the current state was entered prior to
the last re-initialization of the proxyagent, this value is zero.
Page 13-25
Trap Tables
Trap
dsx1LineStatusChange
Object ID
1.3.6.1.2.1.10.18.15.0.1
Description
The value of an instance dsx1LineStatus changed.
Bit Position
(Word 0)
17
Hex Value
(Word 1)
2 0000
Trap Text
and
Variable
Descriptions
Line Status Change (line status 1, last change 2)
DSX1 Line Status. The line status of
the interface. It contains loopback,
failure, received alarm, and transmitted alarm information. Valid
values range from 1 to 8191.
Last Change. The last value of MIB II’s
sysUpTime object at the time this DS1
entered its current line status state. If
the current state was entered prior to
the last re-initialization of the proxyagent, this value is zero.
Page 13-26
Trap Tables
Extended Traps
This section lists Alcatel-specific traps. These extended traps are generated specifically by
Alcatel switch devices.
Trap Type
tempAlarm
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.1
Description
The temperature sensor(s) have detected a temperature in the chassis
that exceeds the threshold. These sensors are physically located on the
MPX module, but can detect temperature changes throughout the chassis.
Bit Position
(Word 1)
0
Hex Value
(Word 1)
1
Trap Text
and
Variable
Descriptions
Temperature Sensor has changed state to Over Threshold
Page 13-27
Trap Tables
Trap Type
moduleChange
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.2
Description
A module was either inserted or removed from the chassis. In some
cases, this trap may also be generated when a module is reset.
Bit Position
(Word 1)
1
Hex Value
(Word 1)
2
Trap Text
and
Variable
Descriptions
Module was inserted or removed from chassis (slot 4, subunit 1, type 10)
Slot Number . The slot number on
the front of the chassis where this
module was inserted or removed.
Submodule Type. Indicates the submodule that was
inserted or removed. Typically this value will be 1,
meaning the base module was inserted or removed.
If this value is 2, then HSX module 1 was moved. If
this value is 3, then HSX module 2 was moved.
Module Type. Indicates the module type that was inserted
or removed. The following integers are valid values:
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Page 13-28
HSM
MPM
ESM 8-port 10BASE-T
ESM 16-port
TSM 6-port UTP/STP
FSM FDDI module
FSM CDDI module
ESM 4-port
ASM .5 MB multi-mode
ESM 12-port 10BASE-T
ESM 6-port universal module
MPM version II
ATM DS-3
FSM FDDI single mode
ASM .5 MB single mode
ASM UTP
ESM 8-port fiber
21
22
23
24
25
26
27
28
29
30
33
34
35
36
37
39
ESM 12-port Telco
TSM fiber
ASM 2 MB multi-mode
ASM 2 MB single mode
WSM
WSM BRI
HSM2 base slot type
PizzaSwitch reserved
TSM CD-6
ASM 2 MB single mode
10Meg Ether Universal
ATM E3 (European)
Ether 100 FX Sngl Full Dup
Ether 100 FX Multi Full Dup
Ether 100 TX CU Full Dup
PizzaPort (repeater)
Trap Tables
Trap Type
powerEvent
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.3
Description
A power supply was either inserted or removed from the chassis, or there
is a problem with the power supply. This trap is also generated when a
power supply is switched on or off.
Bit Position
(Word 1)
2
Hex Value
(Word 1)
4
Trap Text
and
Variable
Descriptions
Power Supply was inserted or removed from chassis or has a problem
(ps1 3, ps2 2)
Power Supply Status. The current state
of power supply 1 (ps1) and power
supply 2 (ps2). The following integers are valid values:
1
Unknown.
2
No power supply present.
3
Power supply okay.
4
Power supply bad.
Page 13-29
Trap Tables
Trap Type
controllerEvent
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.4
Description
A chassis controller (MPX) lost or gained the state of the master.
Bit Position
(Word 1)
3
Hex Value
(Word 1)
8
Trap Text
and
Variable
Descriptions
Chassis controller (MPX) lost or gained master control (slot 1, state 3)
Slot . The slot number of
the MPX that has lost or
gained master control.
Valid values are:
1
Slot Number 1
2
Slot Number 2
State . The current state of the
MPX in the slot. The following
integers are valid values:
1
Unknown
2
Invalid
3
Master
4
Slave
Page 13-30
Trap Tables
Trap Type
loginViolation
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.5
Description
A login attempt for the User Interface (UI) failed due to an incorrect login
ID or an invalid password. Three (3) consecutive unsuccessful attempts
will trigger this alarm.
Bit Position
(Word 1)
4
Hex Value
(Word 1)
10
Trap Text
and
Variable
Descriptions
Login Attempt failed due to invalid ID or password.
Trap Type
macVlanViolation
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.6
Description
Data from a MAC address that previously came from one a port with a
VLAN-ID different from the VLAN where the frame had been previously
received.
Bit Position
(Word 1)
5
Hex Value
(Word 1)
20
Trap Text
and
Variable
Descriptions
Receiving Port VLAN ID has changed (bridge address 0036589adf01)
MAC Address. The MAC address from
which data has come from two different ports in two different groups.
Page 13-31
Trap Tables
Trap Type
macDuplicatePort
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.7
Description
Data from a MAC address that previously came from a source port different from the port where the frame previously was received although they
both ports belong to the same VLAN.
Bit Position
(Word 1)
6
Hex Value
(Word 1)
40
Trap Text
and
Variable
Descriptions
VLAN Receiving Port has changed (bridge address 00145221cd02)
MAC Address. The MAC address from
which data has come from two different ports in the same group.
Page 13-32
Trap Tables
Trap Type
portLinkUpEvent
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.8
Description
A physical, logical, or virtual port was enabled. These ports may be
enabled through the UI or Switch Manager. Note that if you enable a
physical port, any associated logical and virtual ports will also be
enabled. And if you enable a logical port, such as an ATM service, associated virtual ports will be enabled.
Bit Position
(Word 1)
7
Hex Value
(Word 1)
80
Trap Text
and
Variable
Descriptions
Physical, logical or virtual port was enabled (slot 2 IF 2 type 203 instance 1)
Slot Number . The slot number for
the module that contains this port.
Port Number. The port number on
this module that was enabled.
Port Type . The physical type of
this port. The following integers
are valid values:
1
Unknown
2
Other
3
Router
4
Bridge
5
Trunk
6
ATM trunk port
7
ATM LAN Emulation port
8
Classical IP
9
ATM MUX
203 Ethernet 10BASE-T
204 Ethernet 100BASE-T
205 Token Ring 4 mbs
206 Token Ring 16 mbs
207 FDDI
208 CDDI
209 ATM 25 mbs
210 ATM 50 mbs
211 DS-1
212 DS-3
213 OC-3
214 OC-12
215 OC-48
Physical Instance. The specific instance of this slot/port/
type. In most cases this value will be 1 (only one
instance of the port), but an ATM port may have multiple instances. Possible values range from 1 to 254.
Page 13-33
Trap Tables
Trap Type
portLinkDownEvent
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.9
Description
A physical, logical, or virtual port was disabled. These ports may be disabled through the UI or Switch Manager. Note that if you disable a physical port, any associated logical and virtual ports will also be disabled.
And if you disable a logical port, such as an ATM service, associated virtual ports will also be disabled.
Bit Position
(Word 1)
8
Hex Value
(Word 1)
100
Trap Text
and
Variable
Descriptions
Physical, logical or virtual port was disabled (slot 2 IF 2 type 203 instance 1)
Slot Number . The slot number for
the module that contains this port.
Port Number . The port number
on this module that was
disabled.
Port Type . The physical type of
this port. The following integers
are valid values:
1
Unknown
2
Other
3
Router
4
Bridge
5
Trunk
6
ATM trunk port
7
ATM LAN Emulation port
8
Classical IP
9
ATM MUX
203 Ethernet 10BASE-T
204 Ethernet 100BASE-T
205 Token Ring 4 mbs
206 Token Ring 16 mbs
207 FDDI
208 CDDI
209 ATM 25 mbs
210 ATM 50 mbs
211 DS-1
212 DS-3
213 OC-3
214 OC-12
215 OC-48
Physical Instance. The specific instance of this slot/port/
type. In most cases this value will be 1 (only one
instance of the port), but an ATM port may have multiple instances. Possible values range from 1 to 254.
Page 13-34
Trap Tables
Trap Type
portPartitioned
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.10
Description
The physical port detected jabber (i.e., the port has transitioned through
enable/disable states more than 50 times in the past 200 ms). Jabber may
be produced by a bad port connection, such as a faulty cable.
Bit Position
(Word 1)
9
Hex Value
(Word 1)
200
Trap Text
and
Variable
Descriptions
Port jabber detected (enabled/disabled faster than 50 times in 200 ms)
(slot 2, IF 2, type 203, instance 1)
Slot Number.
The slot number for the
module that
contains this
port.
Port Number . The
port number on
this module that
detected jabber.
Physical Instance. The specific instance
of this slot/port/type. In most cases this
value will be 1 (only one instance of
the port), but an ATM port may have
multiple instances. Possible values
range from 1 to 254.
Port Type. The physical type of
this port. The following integers
are valid values:
1
Unknown
2
Other
3
Router
4
Bridge
5
Trunk
6
ATM trunk port
7
ATM LAN Emulation port
8
Classical IP
9
ATM MUX
203 Ethernet 10BASE-T
204 Ethernet 100BASE-T
205 Token Ring 4 mbs
206 Token Ring 16 mbs
207 FDDI
208 CDDI
209 ATM 25 mbs
210 ATM 50 mbs
211 DS-1
212 DS-3
213 OC-3
214 OC-12
215 OC-48
Page 13-35
Trap Tables
Trap Type
portRecordMismatch
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.11
Description
The port configuration is different from the previous configuration. Typically this trap is generated when a NIC of one type is swapped for a different type (i.e., Ethernet for FDDI, ATM for Token Ring, etc.).
Bit Position
(Word 1)
10
Hex Value
(Word 1)
400
Trap Text
and
Variable
Descriptions
Port configuration different than previously detected (slot 2, IF 2, type 203,
instance 1)
Slot number . The slot number for
the module that contains this port.
Port number . The port number on this
module that has a different configuration.
Port Type . The physical type of
Physical Instance. The specific
instance of this slot/port/type.
In most cases this value will
be 1 (only one instance of the
port), but an ATM port may
have multiple instances. Possible values range from 1 to
254.
Page 13-36
this port. The following integers
are valid values:
1
Unknown
2
Other
3
Router
4
Bridge
5
Trunk
6
ATM trunk port
7
ATM LAN Emulation port
8
Classical IP
9
ATM MUX
203 Ethernet 10BASE-T
204 Ethernet 100BASE-T
205 Token Ring 4 mbs
206 Token Ring 16 mbs
207 FDDI
208 CDDI
209 ATM 25 mbs
210 ATM 50 mbs
211 DS-1
212 DS-3
213 OC-3
214 OC-12
215 OC-48
Trap Tables
Trap Type
groupChange
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.14
Description
A Group was either created or deleted through the UI or Switch Manager.
Bit Position
(Word 1)
13
Hex Value
(Word 1)
2000
Trap Text
and
Variable
Descriptions
Group created or deleted (vlan 2 admin status 4)
Group number. The Group number
that has been created or deleted.
Administrative Status . The administrative status for this
group. Possible options are:
1
Disabled. All ports in this Group are disabled.
2
Enabled. All ports in this Group are enabled.
3
Deleted. This Group was deleted, and all attached
virtual ports and routers are detached and deleted.
4
Created. This Group has been created.
5
Modify. This Group has been modified.
Page 13-37
Trap Tables
Trap Type
vlanChange
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.15
Description
A VLAN was either created or deleted through the UI or Switch Manager.
Bit Position
(Word 1)
14
Hex Value
(Word 1)
4000
Trap Text
and
Variable
Descriptions
VLAN Change created or deleted (group 2, admin status 4)
Group number. The Group number to which this VLAN belongs.
Administrative status. The administrative sta-
tus
are
1
2
3
4
5
Page 13-38
for this VLAN. The following integers
valid values:
Enabled.
Disabled.
Deleted. This VLAN was deleted.
Created. This Group has been created.
Modify. This Group has been modified.
Trap Tables
Trap Type
portMove
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.16
Description
The specified port has moved from a Group or has had its configuration
changed.
Bit Position
(Word 1)
15
Hex Value
(Word 1)
8000
Trap Text
and
Variable
Descriptions
Port VLAN, group or configuration change (slot 2, IF 8, type 4, instance 1)
Slot number . The slot number for
the module that contains this port.
Port number. The port number on
this module that was changed.
Port Type. The physical type of
this port. The following integers
are valid values:
1
Unknown
2
Other
3
Router
4
Bridge
5
Trunk
6
ATM trunk port
7
ATM LAN Emulation port
8
Classical IP
9
ATM MUX
203 Ethernet 10BASE-T
204 Ethernet 100BASE-T
205 Token Ring 4 mbs
206 Token Ring 16 mbs
207 FDDI
208 CDDI
209 ATM 25 mbs
210 ATM 50 mbs
211 DS-1
212 DS-3
213 OC-3
214 OC-12
215 OC-48
Physical Instance. The specific instance of
this slot/port/type. In most cases this
value will be 1 (only one instance of the
port), but an ATM port may have multiple
instances. Possible values range from 1 to
254.
Page 13-39
Trap Tables
Trap
moduleResetReload
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.17
Description
The specified module has been either reset or reloaded. A reload may
occur during a firmware download.
Bit Position
(Word 1)
16
Hex Value
(Word 1)
1 0000
Trap Text
and
Variable
Descriptions
Submodule Type. Indicates the submodule that was reset or reloaded.
Typically this value will be 1, meaning the base module was reset or
reloaded. If this value is 2, then HSX module 1 was affected. If this
value is 3, then HSX module 2 was affected.
.Slot number. The slot number of the
module that was reset or reloaded.
Module reset or reloaded by chassis manager (slot 4 subunit 1 type 6 status 3)
Module Type. Indicates the module type that was reset or
reloaded. The following integers are valid values:
4
5
6
7
8
9
10
11
12
HSM
MPM
ESM 8-port 10BASE-T
ESM 16-port
TSM 6-port UTP/STP
FSM FDDI module
FSM CDDI module
ESM 4-port
ASM .5 MB multi-mode
13
14
15
16
17
18
19
20
21
22
23
24
ESM 12-port 10BASE-T
ESM 6-port universal module
MPM version II
ATM DS-3
FSM FDDI single mode
ASM .5 MB single mode
ASM UTP
ESM 8-port fiber
ESM 12-port Telco
TSM fiber
ASM 2 MB multi-mode
ASM 2 MB single mode
Operational State. Indicates the current state of the module that was reset or reload-
ed.
1
2
3
4
5
6
7
8
9
10
Page 13-40
The following integers are valid values:
Unknown state. The module may have failed low-level self-test.
Invalid. The module may exist, by the chassis does not have control of it.
Operational. The module is running fine with no errors.
Disabled. The module has been set to disable through the UI or SNMP.
Reset. The module has been reset.
Loading. The module is in the middle of loading.
Testing. The module is in self-test.
Warning. A warning was detected during operation.
Non-fatal error. A non-fatal error was detected during operation.
Fatal error. A fatal error occurred during operation. The module may or may
not be functional.
Trap Tables
Trap Type
systemEvent
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.18
Description
A potentially fatal error occurred in the system.
Bit Position
(Word 1)
17
Hex Value
(Word 1)
2 0000
Trap Text
and
Variable
Descriptions
Potentially fatal error occurred (trap 10)
Event Trap Type . A number that
identifies the specific error that
occurred in the system. The following integers are valid values:
10 Unspecified Log Event
11 Log file full
12 Log file erased
20 Unspecified memory event
21 Memory shortage
30 Unspecified CPU event
31 Long term CPU overload
32 Short term CPU overload
40 Unspecified ffs event
41 Attempt to write to full ffs
42 System/user directed purge
43 Removed imgs/cfgs
44 Exec file removed
45 Config file removed
46 Exec file updated
47 Config file updated
50 Unspecified chassis event
51 Module failed to init
52 Module failed to load
53 Module startup failed
54 Module failed
55 Driver failed
Page 13-41
Trap Tables
Trap Type
vlanRouteTableFull
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.19
Description
The IP or IPX route table is full.
Bit Position (Word
1)
18
Hex Value
(Word 1)
4 0000
Trap Text
and
Variable
Descriptions
IP or IPX route table is full on insertion.
Trap Type
sapTableFull
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.20
Description
The SAP table is full upon insertion.
Bit Position
(Word 1)
19
Hex Value
(Word 1)
8 0000
Trap Text
and
Variable
Descriptions
Page 13-42
SAP table full on insertion.
Trap Tables
Trap Type
atmSSCOPstate
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.21
Description
A specified port changed.
Bit Position (Word
1)
20
Hex Value
(Word 1)
10 0000
Trap Text
and
Variable
Descriptions
Signalling state changed (slot 3 port 1)
S l o t n u m b e r . The slot number
where this ASM module is located.
Port number . The port number on this
ASM module where the signalling state
has changed.
Trap Type
ilmiState
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.22
Description
The ILMI state for the specified port changed. This change of state indicates whether address registration was successful, and whether the
switch knows the network prefix provided by the external ATM switch.
Bit Position
(Word 1)
21
Hex Value
(Word 1)
20 0000
Trap Text
and
Variable
Descriptions
ILMI state changed (slot 3 port 1)
S l o t n u m b e r . The slot number
where this ASM module is located.
Port number. The port number on this
ASM module where the ILMI state
has changed.
Page 13-43
Trap Tables
Trap Type
atmConnection
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.23
Description
The specified ATM VCC was created or deleted.
Bit Position
(Word 1)
22
Hex Value
(Word 1)
40 0000
Trap Text
and
Variable
Descriptions
ATM VCC created or deleted (slot 3, port 1, Vpi 0, Vci 100, admin status 2)
Slot Number . The slot number
where this ASM module is located.
Port Number. The port number on the ASM
module where this VCC was created or
deleted.
VPI Number . The virtual path
identifier for this virtual connecVCI Number . The virtual channel
identifier for this virtual connection.
Admin Status. Indicates the current status of this ATM VCC. The following
integers are valid values:
1
Disabled. This VCC was disabled.
2
Enabled. This VCC was enabled.
3
Deleted. This VCC was deleted.
Page 13-44
Trap Tables
Trap Type
atmService
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.24
Description
The specified ATM service (Port-to-Port Bridging, Trunking, LAN Emulation, etc.) was created or deleted.
Bit Position
(Word 1)
23
Hex Value
(Word 1)
80 0000
Trap Text
and
Variable
Descriptions
ATM service created or deleted (slot 3, port 1, service 2, admin status 2)
Slot Number . The slot number
where this ASM module is located.
Port Number. The port number on the ASM module where the service was created or deleted.
Service Number . The ATM service number
assigned to this service when it was set up.
Admin Status. The current status of this
ATM VCC. The following integers are
valid values:
1
Disabled. This VCC has disabled.
2
Enabled. This VCC was enabled.
3
Deleted. This VCC was deleted.
Page 13-45
Trap Tables
Trap Type
dlciNew
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.27
Description
Frame Relay DLCI was created.
Bit Position
(Word 1)
26
Hex Value
(Word 1)
400 0000
Trap Text
and
Variable
Descriptions
Frame Relay DLCI created (slot 3 port 1 DLCI Number 100)
S l o t n u m b e r . The slot number
where this Frame Relay module is
located.
Port number . The port number on this
Frame Relay module where the DLCI
was created.
DLCI Number. The number of the DLCI
that was created.
Page 13-46
Trap Tables
Trap Type
dlciDel
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.28
Description
Frame Relay DLCI was deleted.
Bit Position
(Word 1)
27
Hex Value
(Word 1)
800 0000
Trap Text
and
Variable
Descriptions
Frame Relay DLCI deleted (slot 3 port 1 DLCI Number 100)
S l o t n u m b e r . The slot number
where this Frame Relay module is
located.
Port number . The port number on this
Frame Relay module where the DLCI
was deleted.
DLCI number. The number of the DLCI
that was just deleted.
Page 13-47
Trap Tables
Trap Type
dlciUp
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.29
Description
Frame Relay DLCI changed to active state.
Bit Position
(Word 1)
28
Hex Value
(Word 1)
1000 0000
Trap Text
and
Variable
Descriptions
Frame Relay DLCI Changed to Active (slot 3 port 1 DLCI Number 100)
Slot Number . The slot number
where this Frame Relay module is
located.
Port Number . The port number on this
Frame Relay module where the DLCI
was activated.
DLCI Number. The number of the DLCI
that was just activated.
Page 13-48
Trap Tables
Trap Type
dlciDn
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.30
Description
Frame Relay DLCI changed to inactive state.
Bit Position
(Word 1)
29
Hex Value
(Word 1)
2000 0000
Trap Text
and
Variable
Descriptions
Frame Relay DLCI Changed to Inactive (slot 3 port 1 DLCI Number 100)
Slot Number . The slot number
where this Frame Relay module is
located.
Port Number . The port number on this
Frame Relay module where the DLCI
was de-activated.
DLCI Number. The number of the DLCI
that was just de-activated.
Page 13-49
Trap Tables
Trap Type
portManualForwardingMode
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.31
Description
The specified port was placed into manual mode forwarding as its
default setting.
Bit Position
(Word 1)
30
Hex Value
(Word 1)
4000 0000
Trap Text
and
Variable
Descriptions
Slot Number . The slot number
Port number . The port
number on the module.
where this port is located.
Port placed into manual mode forwarding (slot 3, port 1, type 1, instance 1
Port Type . The physical type of
this port. The following integers
are valid values:
1
Unknown
2
Other
3
Router
4
Bridge
5
Trunk
6
ATM trunk port
7
ATM LAN Emulation port
8
Classical IP
9
ATM MUX
203 Ethernet 10BASE-T
204 Ethernet 100BASE-T
205 Token Ring 4 mbs
206 Token Ring 16 mbs
207 FDDI
208 CDDI
209 ATM 25 mbs
210 ATM 50 mbs
211 DS-1
212 DS-3
213 OC-3
214 OC-12
215 OC-48
Physical Instance. The specific instance of this
slot/port/type. In most cases this value will
be 1 (only one instance of the port), but an
ATM port may have multiple instances. Possible values range from 1 to 254.
Page 13-50
Trap Tables
Trap Type
fddiCFStateChange
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.32
Description
The specified FDDI physical port changed from wrap configuration state.
Bit Position
(Word 1)
31
Hex Value
(Word 1)
8000 0000
Trap Text
and
Variable
Descriptions
FDDI physical port changes from wrap configuration state (index 1, state 2)
SMT Index. A unique value for each SMT
(Station Management Station). The value
for each SMT must remain constant at
least from one re-initialization of the
entity’s network management system to
the next re-initialization.
SMT State. The attachment configuration for the station or concentrator. The following integers are
valid values:
1
isolated
2
local_a
3
local_b
4
local_ab
5
local_s
6
wrap_a
7
wrap_b
8
wrap_ab
9
wrap_s
10
c_wrap_a
11
c_wrap_b
12
c_wrap_s
13
thru
Page 13-51
Trap Tables
Trap Type
duplicateIPaddress
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.35
Description
The switch detected a duplicate IP address.
Bit Position
(Word 2)
2
Hex Value
(Word 2)
4
Trap Text
and
Variable
Descriptions
IP Address. The IP address of
the station that reported the
duplicate IP address.
MAC Address. The MAC
address of the station that
reported the duplicate IP
address.
Duplicate IP address detected (IP addr 192.168.10.1, Mac 0036589adf01,
slot 3, IF 4, dup Mac 00145221cd02, dup slot 1, dup IF 3
Port Number. The port
on the module of the
reporting station from
which the trap was
sent.
Slot Number . The slot
number of the reporting station from
which the trap was
sent.
Page 13-52
Duplicate Slot. The slot
number on the
reporting station
where the duplicate
address was discovered.
D u p l i c a t e M A C . The
MAc address associated with the duplicated IP address.
Duplicate Port. The
port on the module of
the reporting station
where the duplicate
address was discovered.
Trap Tables
Trap Type
duplicateMACaddress
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.36
Description
The switch detected a duplicate MAC address of one of its own router
ports.
Bit Position
(Word 2)
3
Hex Value
(Word 2)
8
Trap Text
and
Variable
Descriptions
Duplicate MAC address detected (Mac 00145221cd02, slot 2, IF 3, time 4
MAC Address . The router
port’s MAC address for
which the last duplicate S l o t . The slot
MAC address was detected. number where
the duplicate
MAC address
was
last
received.
Interface . The inter-
face number where
the duplicate MAC
address was last
received.
Time . The time, in
seconds, when the
duplicate MAC was
detected.
Page 13-53
Trap Tables
Trap Type
healthThresholdRising
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.37
Description
At least one of the user-specified thresholds was exceeded.
Bit Position
(Word 2)
4
Hex Value
(Word 2)
10
Trap Text
and
Variable
Descriptions
Thresh-hold rising trap
Trap Type
healthThresholdFalling
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.38
Description
At least one of the user-specified thresholds was exceeded during the
previous cycle and none of them are exceeded in the current cycle.
Bit Position
(Word 2)
5
Hex Value
(Word 2)
20
Trap Text
and
Variable
Descriptions
Page 13-54
Thresh-hold falling trap
Trap Tables
Trap Type
healthThresholdDevice
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.39
Description
At least one of the device-level threshold crossing was detected.
Bit Position
(Word 2)
6
Hex Value
(Word 2)
40
Trap Text
and
Variable
Descriptions
Device-level threshold crossing is detected (Data 0a 09 0d 53 00 00
00 00 00 00 00 00 00 00 00 00)
Data . An octet string that represents the contents of device-level
rising/falling threshold trap.
Trap Type
healthThresholdModule
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.40
Description
At least one module-level threshold crossing was detected.
Bit Position
(Word 2)
7
Hex Value
(Word 2)
80
Trap Text
and
Variable
Descriptions
Module-level threshold crossing is detected (count 2, data 0a 09 0d 53 00 00
00 00 00 00 00 00 00 00 00 00))
Count. The number of modules with
threshold crossing data in modulelevel rising/falling threshold traps.
Data . An octet string that represents the contents of device-level
rising/falling threshold trap.
Page 13-55
Trap Tables
Trap Type
xylanXIPXMAPPortStatusChange
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.41
Description
An XMAP turned on or off.
Bit Position
(Word 2)
8
Hex Value
(Word 2)
100
Trap Text
and
Variable
Descriptions
The status of an XMAP-tracked virtual port has changed (port 1, reason 2)
Port Number. The virtual port
number of the port that most
recently changed.
Reason. The reason for the last port status change.
The following integers are valid values:
0
No trap was sent.
1
A port was added.
2
A change of information on an existing port.
3
A port was deleted.
Page 13-56
Trap Tables
Trap Type
xylanXIPXMAPPortStateChange
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.42
Description
An XMAP turned on or off.
Bit Position
(Word 2)
9
Hex Value
(Word 2)
200
Trap Text
and
Variable
Descriptions
The state of the XMAP agent has changed to (state 1)
Operating State . The XMAP’s
operating state. The following integers are valid values:
1
inactive
2
active
Page 13-57
Trap Tables
Trap Type
avlAuthAttempt
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.43
Description
Indicates the last authenticated VLAN attempt.
Bit Position
(Word 2)
16
Hex Value
(Word 2)
1 0000
Trap Text
and
Variable
Descriptions
User. The last user who made an authen-
tication attempt.
The last VLAN authentication attempt was: (user 1, event 2,
MAC 0036589adf01, port 4, slot 5)
Event Type. The last authorizaMAC Address. The last
MAC address to make
an authentication
attempt.
tion attempt type. The following integers are valid values:
1
Successful login
2
Failed Login Attempt
3
Logout/Drop
Port. The last port number from which
the authentication attempt originated.
Slot. The last slot number from which
the authentication attempt originated.
Page 13-58
Trap Tables
Trap Type
xylanXIPGMAPFailedUpdate
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.44
Description
GMAP is unable to update the forwarding database to reflect information
in its internal database.
Bit Position
(Word 2)
11
Hex Value
(Word 2)
800
Trap Text
and
Variable
Descriptions
Reason. The reason for the last GMAP update was not
applied. The following integers are valid values:
1
The target group is an authenticated group.
2
The update would conflict with a binding rule.
3
The update would create two different group
entries for the same protocol.
4
The update would create two different protocol
entries for the same group.
5)
The target group is not mobile.
GMAP is unable to update the forwarding database (reason 1, port 2,
Mac 0036589adf01, protocol 4, group 5)
MAC Address . The last
MAC address for which
a GMAP change was not
applied.
Group. The group
identifier of the
last GMAP change
that was not
applied.
Port . The virtual port
number of the last
port on which the
GMAP change was
not applied.
Protocol . The protocol
identifier of the last
GMAP change that was
not applied.
Page 13-59
Trap Tables
Trap Type
clkBusLineStateChange
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.45
Description
Either the bus line’s status changed (active or inactive) or clock switching
occurred.
Bit Position
(Word 2)
10
Hex Value
(Word 2)
400
Trap Text
and
Variable
Descriptions
Bus Line’s status changed (bus line 1, operating state 1) or clock
switching has occurred.
Operating State. The bus line’s
Bus Line. The specific bus line where
the status change occurred. The following integers are valid values:
1
8 khz
2
19 mhz
Page 13-60
operating state. The following integers are valid values:
1
inactive
2
active
Trap Tables
Trap Type
bind-violation
Object ID
1.3.6.1.4.1.800.3.1.1.1.0.46
Description
A configured binding rule was violated.
Bit Position
(Word 2)
23
Hex Value
(Word 2)
80 0000
Trap Text
and
Variable
Descriptions
IP Address. The IP address for which
this binding is configured.
VLAN ID . The VLAN ID for
which this rule is configured.
Group ID . The group ID of the
VLAN for which this rule is configured.
A binding rule has been violated (groupId 1, vlanId 2, IP 192.168.10.1 3,
Mac 0036589adf01, protocol 5, port 6, rule 4, index 8)
Protocol. The protocol
for which this binding
is configured.
R u l e I n d e x . The index
which uniquely defines
the rule for this VLAN.
Port . The port for
which this binding
is configured.
MAC Address. The MAC address
for which this binding is configured.
Rule . The rule for
which this binding
is configured.
Page 13-61
Trap Tables
Trap Type
mpcStatisticsOverflow
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.47
Description
An entry in the mpcStatisticsTable reached the threshold value.
Bit Position
(Word 2)
18
Hex Value
(Word 2)
4 0000
Trap Text
and
Variable
Descriptions
MPC: Statistics threshold value reached (MpcIndex, Insufficient
resources replies.)
MPC Index. A unique number that identi-
fies a conceptual row in the mpcConfigTable.
Insufficient resources replies. The reply
from the MPC Statistics Table came back
as insufficient resources.
Page 13-62
Trap Tables
Trap Type
fddiLerFlagChange
Object ID
1.3.6.1.4.1.800.3.1.1.1.0.65
Description
The LER (Link Error Rate) flag on a port changed from CLEAR to SET.
Bit Position
(Word 3)
0
Hex Value
(Word 3)
1
Trap Text
and
Variable
Descriptions
FDDI: Link Error Rate on a port is set (SMTIndex 1, port 2, LerFlag 3)
SMT Index . A unique value for
each SMT (Station Management).
The value for each SMT must
remain constant at least from
one re-initialization of the entity’s network management system to the next re-initialization.
Port index. A unique value for each port
with in a given SMT, which is the same
as the corresponding resource index in
SMT. The value for each port must
remain constant at least from one re-initialization of the entity’s network management system to the next reinitialization.
LER Flag . The condition becomes
active when the value of the
fddiPRTLerEstimate is less than or
equal to fddimibPORTLerEstimate.
The following integers are valid
values:
1
True
2
False
Page 13-63
Trap Tables
Trap Type
fddiLCTFailCntIncr
Object ID
1.3.6.1.4.1.800.3.1.1.1.0.66
Description
The LCT (Link Confidence Test) flag on a port incremented.
Bit Position
(Word 3)
1
Hex Value
(Word 3)
2
Trap Text
and
Variable
Descriptions
Fddi: Link Confidence Test flag on a port incremented (SMTIndex 1,
port index 2, failure counts 3
Port Index . A unique value for
each port within a given SMT,
which is the same as the corresponding resource index in SMT.
The value for each port must
remain constant at least from
one re-initialization of the entity’s network management system to the next re-initialization.
Failure Counts . The
count of the consecutive times the
link confidence test
(LCT) failed during
connection management.
Page 13-64
SMT Index. A unique value for
each SMT. The value for each
SMT must remain constant at
least from one re-unitization
of the entity’s network management system to the next
re-initialization.
Trap Tables
Trap Type
mpcStatisticsOverflow
Object ID
1.3.6.1.4.1.800.3.1.1.1.0.67
Description
The statisticsNum value of the mpcStatisticsTable reached the threshold
value.
Bit Position
(Word 2)
18
Hex Value
(Word 2)
4 0000
Variables
mpcIndex
mpcStatRxMpoaResolveReplyInsufECResources
Trap Text
and
Variable
Descriptions
GMAP is unable to update the forwarding database (index 1, MPOA replies 3)
MPC Index . A unique number
that identifies a conceptual row
in the mpcConfigTable.
MPOA Resolution Replies. The
number of MPOA Resolution
Replies received with an MPOA
CIE Code of 0x81.
Page 13-65
Trap Tables
Trap Type
mpcShortCut
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.68
Description
The established shortcut path either closed or failed to complete the
path.
Bit Position
(Word 2)
19
Hex Value
(Word 2)
8 0000
Variables
mpcRowStatus
lecControlDirectVci
mpcFlowDetectProtocol
mpcIngressCacheDestAddr, mpcIngressCacheDestAtmAddr
mpcIndex
mpcMpsIndex
Trap Text
and
Variable
Descriptions
Row Status . This object allows creation
and deletion of MPOA clients.
GMAP is unable to update the forwarding database (rowStatus 1, control
direct Vci 2, protocol 4, dest addr 192.168.40.12, dest ATM addr
3903488001bc900001020000090020da00000900, index 1, mps index 2)
Control Direct VCI . The
VCI that identifies the
VCC at the point where
it connects to a LANE
client. If the Control
Direct VCC does not
exist, this value is zero.
Destination
ATM
Address. The destina-
tion ATM address
received in the
MPOA Resolution
Reply.
Protocol. The protocol on which flow
detection is performed.
Destination Address . The
destination internetwork layer address.
MPC Index. A unique number that identi-
fies a conceptual row in the mpcConfigTable.
MPC MPS Index. The MPS’s index that is
used to identify a row in the mpcConig
Table.
Page 13-66
Trap Tables
Trap Type
mpcIngressRetryTimeOut
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.69
Description
The retry time exceeded the MPC-p5 time.
Bit Position
(Word 2)
20
Hex Value
(Word 2)
10 0000
Variables
mpcIndex
mpcRetryTimeMaximum
mpcIngressCacheDestAddr
mpcIngressCacheDestAtmAddr
mpcFlowDetectProtocol
mpcMpsIndex
Trap Text
and
Variable
Descriptions
Maximum Retry
MPC Index. A unique number that identi- Time. The MPC-p5
fies a conceptual row in the mpcConfig- cumulative maximum value for
Table.
retry time.
GMAP is unable to update the forwarding database (index 1, max time 5,
dest addr 192.168.40.12, ATM addr
3903488001bc900001020000090020da00000900, protocol 1)
Detect Protocol . The
Destination Address . The
destination internetwork layer address.
Destination ATM Address.
protocol on which
flow detection is
performed.
The destination ATM
address received in the
MPOA Resolution Reply.
Page 13-67
Trap Tables
Trap Type
vrrpTrapNewMaster
Object ID
1.3.6.1.2.1.46.1.3.1.0.3
Description
The sending agent has transitioned from “Backup” state to “Master” state.
Bit Position
(Word 2)
21
Hex Value
(Word 2)
20 0000
Trap Text
and
Variable
Descriptions
Agent has transitioned from Backup to Master state (If index 1, vrid 2)
Interface Index Number . A unique value
that identifies the sending agent.
Virtual Router ID . The number that
identifies the virtual router on this
VRRP. Possible values range from 1 to
255.
Page 13-68
Trap Tables
Trap Type
vrrpAuthFailure
Object ID
1.3.6.1.2.1.46.1.3.1.0.4
Description
A packet was received from a router whose authentication key or authentication type conflicts with this router’s authentication key or type.
Bit Position
(Word 2)
22
Hex Value
(Word 2)
40 0000
Trap Text
and
Variable
Descriptions
A packet with a wrong authentication key or type is received (If index 1,
vrid 2, source 192.168.10.1, error type 3)
Interface Index Number . A unique
Packet Source IP. The IP address
of an inbound VRRP packet.
value that identifies the sending
agent.
Error Type. The type of configuration
Virtual Router ID. The number
that identifies the virtual
router on this VRRP. Possible
values range from 1 to 255.
conflict. The following integers are
valid values:
1 Invalid authentication type
2 Mismatched authentication
3 Authentication Failure
Page 13-69
Trap Tables
Trap Type
oamVCAIS
Object ID
1.3.6.1.4.1.800.3.1.1.1.0.71
Description
The specified connection is in the VC-AIS state.
Bit Position
(Word 3)
10
Hex Value
(Word 3)
400
Variables
xylanOamF5VCSlotIndex
xylanOamF5VCPortIndex
xylanOamF5VCVpiIndex
xylanOamF5VCVciIndex
Trap Text
and
Variable
Descriptions
The specified connection is in VC-AIS state. (Slot 1, Port 2, VPI 2, VCI 1)
Slot Number. The slot number
for the specified connection.
Port Number . The port number
for the specified connection.
VPI . The virtual path identifier
for the specified connection.
VCI. The virtual circuit identifier
for the specified connection.
Page 13-70
Trap Tables
Trap Type
oamVCRDI
Object ID
1.3.6.1.4.1.800.3.1.1.1.0.72
Description
The specified connection is in the VC-RDI state.
Bit Position
(Word 3)
11
Hex Value
(Word 3)
800
Variables
xylanOamF5VCSlotIndex
xylanOamF5VCPortIndex
xylanOamF5VCVpiIndex
xylanOamF5VCVciIndex
Trap Text
and
Variable
Descriptions
The specified connection is in VC-RDI state. (Slot 1, Port 2, VPI 2, VCI 1)
Slot Number. The slot number
for the specified connection.
Port Number . The port number
for the specified connection.
VPI . The virtual path identifier
for the specified connection.
VCI. The virtual circuit identifier
for the specified connection.
Page 13-71
Trap Tables
Trap Type
oamVCLOC
Object ID
1.3.6.1.4.1.800.3.1.1.1.0.73
Description
The specified connection is in the VC-LOC state.
Bit Position
(Word 3)
12
Hex Value
(Word 3)
1000
Variables
xylanOamF5VCSlotIndex
xylanOamF5VCPortIndex
xylanOamF5VCVpiIndex
xylanOamF5VCVciIndex
Trap Text
and
Variable
Descriptions
The specified connection is in VC-LOC state. (Slot 1, Port 2, VPI 2, VCI 1)
Slot Number. The slot number
for the specified connection.
Port Number . The port number
for the specified connection.
VPI . The virtual path identifier
for the specified connection.
VCI. The virtual circuit identifier
for the specified connection.
Page 13-72
Trap Tables
Trap Type
oamVCUnsuccessLoop
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.74
Description
The specified connection is in the Unsuccessful Loopback state.
Bit Position
(Word 3)
13
Hex Value
(Word 3)
2000
Variables
xylanOamF5VCSlotIndex
xylanOamF5VCPortIndex
xylanOamF5VCVpiIndex
xylanOamF5VCVciIndex
Trap Text
and
Variable
Descriptions
The specified connection is in VC-UnsuccessLoop state. (Slot 1, Port 2,
VPI 2, VCI 1)
Slot Number. The slot number
for the specified connection.
Port Number . The port number
for the specified connection.
VCI. The virtual circuit identifier
for the specified connection.
VPI . The virtual path identifier
for the specified connection.
Page 13-73
Trap Tables
Trap Type
oamVPAIS
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.75
Description
The specified VP connection is in the VP-AIS state.
Bit Position
(Word 3)
14
Hex Value
(Word 3)
4000
Variables
xylanOamF5VCSlotIndex
xylanOamF5VCPortIndex
xylanOamF5VCVpiIndex
Trap Text
and
Variable
Descriptions
The specified connection is in VP-AIS state. (Slot 1, Port 2, VPI 2, VCI 1)
Slot Number. The slot number
for the specified connection.
Port Number . The port number
for the specified connection.
VPI . The virtual path identifier
for the specified connection.
VCI. The virtual circuit identifier
for the specified connection.
Page 13-74
Trap Tables
Trap Type
oamVPRDI
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.76
Description
The specified VP connection is in the VP-RDI state.
Bit Position
(Word 3)
15
Hex Value
(Word 3)
8000
Variables
xylanOamF5VCSlotIndex
xylanOamF5VCPortIndex
xylanOamF5VCVpiIndex
Trap Text
and
Variable
Descriptions
The specified connection is in VP-LOC state. (Slot 1, Port 2, VPI 2, VCI 1)
Slot Number. The slot number
for the specified connection.
Port Number . The port number
for the specified connection.
VPI . The virtual path identifier
for the specified connection.
VCI. The virtual circuit identifier
for the specified connection.
Page 13-75
Trap Tables
Trap Type
oamVPLOC
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.77
Description
The specified VP connection is in the VP-LOC state.
Bit Position
(Word 3)
16
Hex Value
(Word 3)
1 0000
Variables
xylanOamF5VCSlotIndex
xylanOamF5VCPortIndex
xylanOamF5VCVpiIndex
Trap Text
and
Variable
Descriptions
The specified connection is in VPUnsuccessLoop state. (Slot 1, Port 2, VPI 2,
VCI 1)
Slot Number. The slot number
for the specified connection.
Port Number . The port number
for the specified connection.
VPI . The virtual path identifier
for the specified connection.
VCI. The virtual circuit identifier
for the specified connection.
Page 13-76
Trap Tables
Trap Type
oamVPUnsuccessLoop
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.78
Description
The specified VP connection is in the unsuccessful loopback state.
Bit Position
(Word 3)
17
Hex Value
(Word 3)
2 0000
Variables
xylanOamF5VCSlotIndex
xylanOamF5VCPortIndex
xylanOamF5VCVpiIndex
Trap Text
and
Variable
Descriptions
The specified connection is in VP-RDI state. (Slot 1, Port 2, VPI 2, VCI 1)
Slot Number. The slot number
for the specified connection.
Port Number . The port number
for the specified connection.
VPI . The virtual path identifier
for the specified connection.
VCI. The virtual circuit identifier
for the specified connection.
Page 13-77
Trap Tables
Trap
accountEvent
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.86
Description
An account event is generated to signal that a new accounting file is
available on the switch
Bit Position
(Word 3)
21
Hex Value
(Word 3)
20 0000
Variable
Description
chasAccountName
- Path name of the most recently terminated account-
ing file.
chasAccountFileCount - The number of terminated accounting files await-
ing collection and removal by an external accounting collection agent.
Trap
Over1Alarm
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.87
Description
This alarm is generated when the filling level exceeds the first threshold.
It signals that the switch changes over to the alternate collection device.
Bit Position
(Word 3)
22
Hex Value
(Word 3)
40 0000
Variable
Description
- The amount of buffer taken up by accounting
data. Value shown as a percentage of the buffer size.
chasAccountThreshold1 - The first filling level of the intermediate storage
area for accounting data. Crossing this threshold generates a warning.
Value shown as a percentage of the buffer size.
chasAccountDeviceInUse - The IP address of the collection device with
which a TCP connection was most recently established.
Page 13-78
chasAccountFilingLevel
Trap Tables
Trap Type
Under1Event
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.88
Description
This event is generated when the filling level goes below the first threshold. This event is for information only.
Bit Position
(Word 3)
23
Hex Value
(Word 3)
80 0000
Variable
Description
- The amount of buffer taken up by accounting
data. Value shown as a percentage of the buffer size.
chasAccountThreshold1 - The first filling level of the intermediate storage
area for accounting data. Crossing this threshold generates a warning.
Value shown as a percentage of the buffer size.
Trap
Over2Alarm
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.89
Description
This alarm is generated when the filling level exceeds the second threshold. It signals that the switch changes over to the alternate collection
device.
Bit Position
(Word 3)
24
Hex Value
(Word 3)
100 0000
Variable
Description
- The amount of buffer taken up by accounting
data. Value shown as a percentage of the buffer size.
chasAccountThreshold2 - The second filling level of the intermediate storage area for accounting data. Crossing this threshold generates a warning. Value shown as a percentage of the buffer size.
chasAccountDeviceInUse - The IP address of the collection device with
which a TCP connection was most recently established.
chasAccountFilingLevel
chasAccountFilingLevel
Page 13-79
Trap Tables
Trap
Under2Event
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.90
Description
This event is generated when the filling level is lowered below the second threshold.
Bit Position
(Word 3)
25
Hex Value
(Word 3)
200 0000
Variable
Description
- The amount of buffer taken up by accounting
data. Value shown as a percentage of the buffer size.
chasAccountThreshold2 - The second filling level of the intermediate storage area for accounting data. Crossing this threshold generates a warning. Value shown as a percentage of the buffer size.
Trap
Over3Alarm
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.91
Description
This event is generated when the filling level exceeds the third threshold.
It signals that the switch is now in congestion.
Bit Position
(Word 3)
26
Hex Value
(Word 3)
400 0000
Variable
Description
- The amount of buffer taken up by accounting
data. Value shown as a percentage of the buffer size.
chasAccountThreshold3 - The third filling level of the intermediate storage area for accounting data. Crossing this threshold generates a warning. Value shown as a percentage of the buffer size.
chasAccountDeviceInUse - The IP address of the collection device with
which a TCP connection was most recently established.
Page 13-80
chasAccountFilingLevel
chasAccountFilingLevel
Trap Tables
Trap
Under3Event
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.92
Description
This event is generated when the filling level goes below the third
threshold.
Bit Position
(Word 3)
27
Hex Value
(Word 3)
8000 0000
Variable
Description
- The amount of buffer taken up by accounting
data. Value shown as a percentage of the buffer size.
chasAccountThreshold3 - The third filling level of the intermediate storage area for accounting data. Crossing this threshold generates a warning. Value shown as a percentage of the buffer size.
Trap Type
NoDeviceAlarm
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.93
Description
This alarm is generated when the TCP connection establishment fails
with both the primary and the secondary collection devices.
Bit Position
(Word 3)
28
Hex Value
(Word 3)
1000 0000
Variable
Description
chasAccountDevicePrimary
chasAccountFilingLevel
- The IP address of the primary collection
device.
chasAccountDeviceSecondary - The IP address of the secondary collection
device.
Page 13-81
Trap Tables
Trap
FileAlarm
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.94
Description
This alarm is generated when too many files are awaiting collection.
Bit Position
(Word 3)
29
Hex Value
(Word 3)
2000 0000
Variable
Description
chasAccountFileCount - The number of terminated accounting files await-
Trap Type
fantrayEvent
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.1
Description
A fantrayEvent trap occurs when a problem condition is recognized on a
chassis fan tray.
Bit Position
(Word 3)
30
Hex Value
(Word 3)
4000 0000
Variable
Description
fantray1State - Status of fan tray 1.
chasAccountDeviceSecondary - Status
Page 13-82
ing collection and removal by an external accounting collection agent.
of fan tray 2.
Trap Tables
Trap Type
ldpPeerCreate
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.80
Description
A LDP peer is identified by the LDP hello mechanism and a peer entry is
created.
Bit Position
(Word 3)
5
Hex Value
(Word 3)
20
Variables
mplsLdpEntityID
mplsLpdPeerIndex
mplsLdpPeerID
Trap Text
and
Variable
Descriptions
Peer Entity is Created. (EntityId 1, PeerIndex 2, PeerId 3)
EntityId . The identification
number assigned to the new
entity.
PeerIndex . The index number
assigned to the peer.
PeerId. The identification number
assigned to the peer.
Page 13-83
Trap Tables
Trap Type
ldpPeerDelete
Object ID
1.3.6.1.4.1.800.3.1.1.1.0.81
Description
An LDP peer is lost and the peer entry is deleted.
Bit Position
(Word 3)
6
Hex Value
(Word 3)
40
Variables
mplsLdpEntityID
mplsLpdPeerIndex
mplsLdpPeerID
Trap Text
and
Variable
Descriptions
Peer Entity is Deleted. (EntityId 1, PeerIndex 2, PeerId 3)
EntityId . The identification
number of the deleted entity.
PeerIndex. The index number of
the deleted peer.
PeerId. The identification number
of the deleted peer.
Page 13-84
Trap Tables
Trap Type
ldpSessionCreate
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.82
Description
An LDP session with the peer is established and a session entry is created.
Bit Position
(Word 3)
17
Hex Value
(Word 3)
80
Variables
mplsLdpEntityID
mplsLpdPeerIndex
mplsLdpPeerID
mplsLdpSessionIndex
Trap Text
and
Variable
Descriptions
LDP Session Created. (EntityId 1, PeerIndex 2, PeerId 3, Session Id 4)
EntityId . The identification
number assigned to the newentity.
PeerIndex. The index number of
the peer with which the session
is created.
PeerId. The identification number
of peer with which the session is
created.
SessionId . The identification
number of the new session.
Page 13-85
Trap Tables
Trap Type
ldpSessionDelete
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.83
Description
An LDP session with the peer is lost and the session entry is deleted.
Bit Position
(Word 3)
8
Hex Value
(Word 3)
100
Variables
mplsLdpEntityID
mplsLpdPeerIndex
mplsLdpPeerID
mplsLdpSessionIndex
Trap Text
and
Variable
Descriptions
LDP Session Deleted. (EntityId 1, PeerIndex 2, PeerId 3, Session Id 4)
EntityId. The identification number
of the deleted entity.
PeerIndex. The index number of
the peer with whom the session
entry was lost.
PeerId. The identification number of
the peer with whom the session
entry was lost.
SessionId. The identification number of
the deleted session.
Page 13-86
Trap Tables
Trap Type
lecStateChangeEvent
Object ID
1.3.6.1.4.1.800.3.1.1.4.0.96
Description
A trap message is sent to a network manager when a LEC status changes.
Bit Position
(Word 2)
26
Hex Value
(Word 3)
40 00000
Variables
lecID
lecActualLanName
lecAtmAddress,
xylanLecSlotNumber
xylanLecPortNumber
xylanLecServiceNumber
lecInterfaceState
xylanReasonOfChange
Page 13-87
Trap Tables
Trap Text
and
Variable
Descriptions
Service Instance. The specific instance of
E L A N N a m e . The name of the
ELAN whose status changed to
generate this trap.
this service. In most cases this value will
be 1 but an ATM port may have multiple instances
LEC Status Change (ELAN Name, Service Instance, New state, previous
state).
New State. The new, current status of the LEC
that changed to generate this trap. Displayed
as an integer as shown below in the State List.
State List
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
Page 13-88
none
timeout
undefined error
version not supported
invalid request parameters
duplicate LAN destination
duplicate ATM address
insufficient resources
access denied
invalid requester id
invalid LAN destination
invalid ATM address
no configuration
leconfigureError
insufficient information
Previous State. The previous status of the LEC
that changed to generate this trap. Displayed
as an integer as shown below in the State List.
14
DNS Resolver and RMON
Introduction
This chapter describes commands related to the Domain Name Server (DNS) resolver and
remote network monitoring (RMON) feature in the switch. This chapter also describes how to
configure router port MAC addresses with the chngmac command.
The commands for these features are available from the Networking submenu, which is
described in Chapter 25, “IP Routing.”
Configuring the DNS Resolver
The Names Submenu
The Names command takes you to the Names submenu. The one command in this menu, res,
is used to view and to configure the Domain Name Server (DNS) resolver. You can configure
up to three Domain Name Servers. The switch searches all three servers until it resolves the
name to an IP address or until it fails to find the name.
To display the Names submenu, enter the following command:
names
A screen similar to the following displays:
Command
-----------res
Resolver Configuration Menu
-------------------------------------------------------View/Configure the DNS resolver
Main
File
Summary VLAN
Networking
Interface Security System
Services Help
To configure one or more Domain Name Servers, enter the following command:
res
If the resolver function has not been enabled, a screen similar to the following displays:
DNS Resolver Configuration
1) Resolver Enabled : No
Command {Item=Value/?/Help/Quit/Redraw/Save} (Redraw) :
Page 14-1
Configuring the DNS Resolver
To enable the resolver function, enter 1=y. A screen similar to the following then displays:
DNS Resolver Configuration
1) Resolver Enabled
2) Domain
3) Server Address 1
4) Server Address 2
5) Server Address 3
: Yes
: UNSET
: UNSET
: UNSET
: UNSET
Command {Item=Value/?/Help/Quit/Redraw/Save} (Redraw) :
The prompts allow you to enter a Domain Name and up to three Domain Name Servers
(identified by their IP addresses).
• To change a value, enter the number corresponding to that value, an (=), then the new
value. For example, to set a Domain Name to Company.Com, enter 2=Company.Com.
• To clear an entry, specify the value as (.) as in 2=.
• To save all your modifications, enter save
• To cancel all your modifications, enter quit
• To view the parameters currently configured, enter ?
Page 14-2
Remote Network Monitoring (RMON)
Remote Network Monitoring (RMON)
Remote Network Monitoring (RMON) allows you to set up remote monitoring within your
Omni Switch/Router. RMON consists of “probes” and “events.” There are two commands in
the Networking menu, probes and events, which you can use to monitor, activate and inactivate probes and events. Be aware that you cannot create probes from within the switch’s User
Interface; to do so requires a network application such as HP ProbeView.
Probes and Events
A probe is a task that runs in the switch. By using probes instead of sending repetitive inquiries to the switch, network traffic is significantly reduced.
There are three different kinds of probes: Ethernet, History, and Alarm.
A network management station (NMS) can configure either History or Alarm probes (a maximum of 16 is allowed). The status of a probe can be one of the following:
• Creating - The probe is under creation.
• Active - The probe is active.
• Inactive - The probe is inactive.
An event is an action that takes place based on an alarm condition detected by a probe. The
event can take the form of an SNMP trap message and/or a log entry describing the alarm.
Ethernet Probes
An Ethernet probe monitors a selected Ethernet interface (port) and tracks Ethernet statistics.
An Ethernet probe is automatically created on each Ethernet interface that is enabled. If the
interface becomes disabled, that Ethernet probe is deleted.
History Probes
A History probe keeps a running history of all the statistics it has collected. When you set up
a history probe you assign a sampling interval and a total number of samples to be taken. It
keeps this information in a set of rotating buffers, so that it always retains the most recent
samples.
The sampling rate is configurable from 1 second to 3600 seconds (1 hour). The total number
of samples is configurable, however, it is limited by system resources (memory) available. The
more samples you request, the more system resources needed. You may request as many
samples as you want but the system will only grant as many as it has available.
Alarm Probes
An Alarm probe generates an alarm if the variable you are monitoring exceeds a set limit.
To set up an Alarm probe you need to select a variable (Ethernet statistic) that you want to
monitor. You set an upper and lower threshold that you will allow this variable to reach. If it
crosses the threshold, an event is triggered which results in the sending of an SNMP trap and/
or the logging of the alarm.
There are two ways an Alarm probe monitors variables. One is by absolute value. For example, if you set an upper limit of 100, an alarm will be generated if the variable exceeds 100.
The other is a delta value where you can set the amount of change allowable; for example,
you could set the delta range to 10. If the current sample differs from the previous sample by
more than 10, an alarm will be generated.
Page 14-3
Remote Network Monitoring (RMON)
The Alarm probe attempts to prevent a flood of alarms from being generated by fluctuating
values. It does so by continuously comparing the upper and lower limits. What this means is
that the first time either an upper or lower limit is exceeded, an alarm will be generated.
However, if the variable moves back inside the limit, then out again, another alarm will not
be generated unless the opposite limit is exceeded. For example, consider a situation where
an upper limit of 75 and a lower limit of 25 is set. The variable goes to 76. An alarm is generated. If it drops to 74 then goes back up to 76, no alarm will be generated. Only when the
variable drops below 25 will another alarm be generated. If it goes back up to 76 then
another alarm will be generated, etc. This procedure prevents a flood of alarms from being
generated if the value fluctuates between 74 and 76.
Monitoring Probes
The probes command is used to monitor, activate, and inactivate existing probes (remember,
you cannot create probes in the switch’s UI). You can do three things with the command:
1. View all the current probes.
2. View a specific probe.
3. Activate or inactivate a History or Alarm Probe. (You can only do this with the “admin”
login.)
The probes command has three optional parameters. The format is:
probes [active | inactive] [n]
where:
active
- activates an existing probe
inactive
n
- inactivates an existing probe
- is the entry number of the probe to view
If you enter the probes command without parameters, it displays all the current probes.
RMON Probe Summary
Entry Slot/Port
1
2/
1
2
2/
1
3
2/
1
Flavor
Ethernet
History
Alarm
Status
Active
Active
Active
Time
System Resources
0 hrs 39 mins
312 bytes
0 hrs 4 mins
3656 bytes
0 hrs 0 mins
1336 bytes
Entry
The entry number in the list of probes (1-16).
Slot/Port
The slot port number (interface) that this probe is monitoring.
Flavor
Ethernet, History, or Alarm.
Status
Creating, Active, or Inactive.
Page 14-4
Remote Network Monitoring (RMON)
Time
Time since the last change in status.
System Resources
Amount of memory that has been allocated to this probe.
To see the detail for each of the probes enter the probes command followed by the entry
number as shown below.
/Networking % probes 1
RMON Probe Summary
Entry Slot/Port
Flavor
Status
Time
System Resources
1
2/
1
Ethernet Active
0 hrs 39 mins
312 bytes
Probe’s Owner: Omni Switch/Router Ethernet probe on slot 2 port 1
/Networking % probes 2
RMON Probe Summary
Entry Slot/Port
Flavor
Status
Time
System Resources
2
2/
1
History
Active
0 hrs 4 mins
3656 bytes
Probe’s Owner: andy
History Control Buckets Requested = 60
History Control Buckets Granted
= 60
History Control Interval
= 60 seconds
History Sample Index
= 6
/Networking % probes 3
RMON Probe Summary
Entry Slot/Port
Flavor
Status
3
2/
1
Alarm
Active
Probe’s Owner: andy
Alarm Rising Threshold
Alarm Falling Threshold
Alarm Rising Event Index
Alarm Falling Event Index
Alarm Interval
Alarm Sample Type
Alarm Startup Alarm
Alarm Variable
Time
System Resources
0 hrs 0 mins
1336 bytes
=
=
=
=
=
=
=
=
3000
3000
1
3
30 seconds
delta value
rising or falling alarm
ethernet octets received
Monitoring Events
The events command has one optional parameter. The format is:
events [clear]
where:
clear
- clears the event log. (You can only do this with the “admin” login.)
RMON Logged Events Summary
Entry
1
Time
0 hrs 26 mins
Description
Rising threshold alarm for etherStatsOctets on slot 2 port 1
2
0 hrs 27 mins
Rising threshold alarm for etherStatsOctets on slot 2 port 1
Page 14-5
Configuring Router Port MAC Addresses
Configuring Router Port MAC Addresses
You can use the chngmac command if you want to configure a locally administered address
(LAA) for a group that has an IP router port, IPX router port, or both. To use this command,
enter chngmac followed by the number of the group you want to modify (the default group
number is 1).
♦ Important Note ♦
You must add chngmacFlag=1 to the end of the
mpx.cmd file and then reboot the switch to use the
chngmac command. See Chapter 7, “Managing Files,”
for information on editing system files.
For example, if you want to modify a MAC address in Group 2, you would enter:
chngmac 2
at the system prompt. Something similar to the following would then be displayed:
Current MAC address is factory default
Enter Router Port's MAC address ([XXYYZZ:AABBCC]) :
Enter the router port MAC address. (It cannot be a multicast address.) If you enter an incorrect address, the following will be displayed:
Invalid input format -- usage [XXYYZZ:AABBCC].
and the chngmac command will terminate. If you enter a correct address, the following would
then be displayed:
Is MAC address in Canonical or Non-Canonical (C or N) [C] :
Enter C if the address is canonical or N if it is non-canonical (the default is canonical). Note
that if you execute the chngmac command again it will display the user-defined instead of
“factory default.”
Restoring Router Port Mac Addresses
If you want to restore the MAC address to the factory default, enter chngmac followed by the
group number. When the system asks for the MAC address, enter 000000:000000. For example, to restore router port configured MAC address 003030:000001 in Group 2 to the factory
default, enter
chngmac 2
at the system prompt. The following would then be displayed:
Configured MAC Address: Canonical
Non-Canonical
003030:000001 000c0c:000080
{Address 000000:000000 requests use of factory default}
Enter Router Port's MAC address ([XXYYZZ:AABBCC]) :
Note that the chngmac command displayed the user-defined instead of “factory default.” Enter
000000:000000 at the prompt.
Page 14-6
15
Managing Ethernet Modules
Overview of Omni Switch/Router Ethernet Modules
This chapter describes User Interface commands for Ethernet, Fast Ethernet, and Gigabit
Ethernet modules.
This chapter documents User Interface (UI) commands to manage Omni Switch/Router Ethernet modules. For documentation on Command Line Interface (CLI) commands to manage
Ethernet modules, see the Text-Based Configuration CLI Reference Guide.
♦ Important Notes ♦
In Release 4.4 and later, the Omni Switch/Router is
factory-configured to boot up in CLI (Command Line
Interface) mode, rather than in UI (User Interface)
mode. See Chapter 4, “The User Interface,” for documentation on changing from CLI mode to UI mode.
In Release 4.5 and later, Mammoth-based Ethernet and
early-generation Ethernet modules are no longer
supported.
Port Mirroring and Port Monitoring
Port Mirroring and Port Monitoring can be used on all Ethernet modules. Both Port Mirroring
and Port Monitoring are described at the end of Chapter 19, “Managing Groups and Ports.”
Fast Ethernet Backbones
Fast Ethernet ports can be used as backbone links. The switch has two features that can
improve the performance and flexibility of Ethernet backbones. OmniChannel aggregates the
bandwidth of up to four (4) Fast Ethernet ports. This feature allows you to scale Fast Ethernet
links from 100 Mbps to 800 Mbps in 100 Mbps increments. OmniChannel is described in
OmniChannel on page 15-9. Fast Ethernet ports also support the 802.1Q tagging mechanism,
enhancing the compatibility of ports with other vendors’ equipment. 802.1Q is described in
Chapter 16, “Managing 802.1Q Groups.”
Gigabit Ethernet Modules
Gigabit Ethernet modules can be used as backbone links and used to support high-speed
servers. Kodiak Gigabit Ethernet modules support 802.1Q hardware tagging. See Chapter 16,
“Managing 802.1Q Groups,” for more information on 802.1Q hardware tagging for Gigabit
Ethernet Modules.
♦ Note ♦
For Kodiak-based 10/100 Ethernet modules, 802.1Q
is supported over OmniChannel. See Chapter 16,
“Managing 802.1Q Groups” for more information.
Page 15-1
Overview of Omni Switch/Router Ethernet Modules
Variety of Connector Options
Ethernet and Fast Ethernet modules are available in a variety of connector types. On the
OmniSwitch, Fast Ethernet modules use copper RJ-45 and fiber SC connectors. On the Omni
Switch/Router, 10/100 Ethernet modules use copper RJ-45 connectors and the ESX-100FM/FS12W Fast Ethernet module uses fiber MT-RJ connectors.
On the OmniSwitch, Ethernet 10 Mbps modules are available with copper RJ-45, fiber SC,
Telco (RJ-21), BNC, and AUI connectors. On the Omni Switch/Router, the 10 Mbps ESX-FM-24W
uses fiber VF-45 connectors.
Gigabit Ethernet modules on the OmniSwitch and Omni Switch/Router use fiber SC connectors. Refer to Chapter 3, “Omni Switch/Router Switching Modules,” for information on Omni
Switch/Router Ethernet hardware.
Three Generations of Modules
Ethernet modules in Release 3.1 and later contained advanced chip technology referred to as
“Mammoth.” This technology boosted the port density of modules, increasing the port count
available in each chassis. The Mammoth technology also included ports with 10/100 autosensing capability. This generation of Ethernet modules also uses a different set of software
commands to configure and monitor ports.
Ethernet modules in Release 4.3 and later contain another chip technology referred to as
“Kodiak.” The new Kodiak-based modules combine several features of the Mammoth and
early Ethernet modules. They support priority VLANs with 4 separate levels of priority; in
addition, ESX-K Series Kodiak-based Ethernet modules support the addition of a server
version of the OmniChannel. For information on priority VLANs, see Chapter 19, “Managing
Groups and Ports.” For information on OmniChannel and Server Channel features, see
OmniChannel on page 15-9.
The following table outlines the Kodiak Ethernet modules.
♦ Important Note ♦
In Release 4.5 and later, Mammoth-based Ethernet and
early-generation Ethernet modules are no longer
supported.
Page 15-2
Overview of Omni Switch/Router Ethernet Modules
Kodiak Ethernet Modules
Ethernet Module
(Chassis Type)
Speed Supported
(per port)
Software
Configurable?
Commands
Available
OmniChannel
Supported?
ESX-K-100C-32W
(Omni Switch/Router)
10/100 Mbs
Yes
10/100cfg
10/100vc
Yes
ESX-K-100FM/FS-16W
(Omni Switch/Router)
100 Mbs
Yes
10/100cfg
10/100vc
Yes
GSX-K-FM/FS-2W
(Omni Switch/Router)
1000 Mbs
Yes
10/100cfg
10/100vc
No
ESX-K Series Modules and Optimized Ports
Kodiak-based modules will flood packets with unknown destination addresses on ports
configured for optimized device mode. To prevent this condition, the following command can
be entered into the mpx.cmd file:
MamOptSwitchPorts=1
If the port is set to optimized and has not learned a MAC address, it will flood these packets
out regardless if the above condition is used. If the above flag is set, the port will not flood
multicast packets.
♦ Note ♦
For information on editing the mpx.cmd text files, see
Chapter 7, “Managing Files.”
Port Partitioning
Ethernet10BaseT, 10/100BaseT and 100BaseF boards can detect certain cabling errors and/or
physical media misconfigurations which could lead to multiple retries or reception of multiple spurious frames, affecting performance of attached devices. In this event, the system will
partition the affected port, which will be marked in the vi menu with Inactive (Inactv) operational status. (See Chapter 19, “Managing Groups and Ports,” for information about the vi
command.) If a cable drop is detected, the system will remove the partitioned state, bringing
the port back into a normal state once the link is detected.
If the original cabling problem has not been corrected, the link may become partitioned
again. In this event, normal operation will be enabled when the problem has been corrected.
Page 15-3
The Ethernet Management Menus
The Ethernet Management Menus
The eth100 and 10/100 sub-menus are described in this chapter. These sub-menus are part of
the physical interface sub-menu, which appears similar to the following display:
Command
--------------slipc
atm
eth100
10/100
tok
Physical Interface Menu
-------------------------------------------------------Configure SLIP (Serial Line IP) on a TTY Port
Enter the ATM Management sub-menu
Enter the 100BaseT sub-menu
Enter the 10/100BaseT sub-menu
Enter the Token Ring Management sub-menu
Main
File
Interface Security
Summary VLAN
System
Services
Networking
Help
The eth100 sub-menu contains commands for early generation Fast Ethernet modules. The
10/100 sub-menu has commands for Kodiak Ethernet modules.
When you enter eth100 at a system prompt, you enter the early generation Fast Ethernet submenu. This sub-menu displays as follows:
Command
--------------eth100vc
eth100cfg
100BaseT Menu
-------------------------------------------------------View 100BaseT Port Configuration Table
Configure 100BaseT Port Parameters
Main
File
Interface Security
Summary VLAN
System
Services
Networking
Help
♦ Important Note ♦
In Release 4.5 and later, early-generation Ethernet
modules are no longer supported.
When you enter 10/100 at a system prompt, you enter the Kodiak Ethernet configuration submenu. This sub-menu displays as follows:
Command 10/100 Menu
--------------- -------------------------------------------------------10/100vc
View 10/100 Port Configuration Table
10/100cfg
Configure 10/100 Port Parameters
crechnl
Create a Fast Ethernet Channel
delechnl
Delete a Fats Ethernet Channel
addprtchnl Add port/s to a fast Ethernet Channel
delprtchnl Delete port/s from a fast Ethernet Channel
chnlinfo
Display channel configuration parameters
Main
File
Interface Security
Summary VLAN
System
Services
Networking
Help
Descriptions for these commands begin on page 15-5. The commands in this sub-menu below
crechnl are used to configure OmniChannel; documentation for OmniChannel begins on page
15-9.
Page 15-4
Configuring 10/100 Auto-Sensing Ports
Configuring 10/100 Auto-Sensing Ports
The 10/100cfg command allows you to enable auto-negotiation, as well as configure link
speed (10 or 100 Mbps) and the link mode (full or half-duplex) on 10/100 Ethernet ports on
the ESX-K-100C-32W modules on the Omni Switch/Router.
Follow these steps to configure a 10/100 port:
1. Enter 10/100cfg at the system prompt and press <Enter>.
2. The system displays a prompt asking for the slot and port number:
Enter Slot/Interface :
Enter the slot number, a slash (/), and the port number of the Ethernet port that you want
to configure. Press <Enter>.
3. The system prompts you to enable or disable auto-sensing:
Autonegotiate [y,n, or quit] (Currently enabled (y)) :
Enter y to enable auto-negotiation or n to disable auto-negotiation. Auto-negotiation can
be used to determine the link speed and the link mode (full or half) of the connection.
If you choose y to enable auto-negotiation, the system will automatically detect whether
the connection speed of the attached device is 10 Mbps or 100 Mbps. It can also determine whether the link mode of the connection is half- or full-duplex.
♦ Note ♦
Auto-negotiated ports on GSX modules display inactive
ports as 1000 Mbps/full duplex.
If you enable auto-negotiation, continue with Step 6.
If you choose n to disable auto-negotiation, then you will be prompted for the Line
Speed. Continue on with the next step.
4. If you chose to disable auto-sensing, then the following prompt displays showing the
current line speed:
Line Speed [100 or 10] (Currently 100) :
Select whether you want the port to operate at 10 Mbps or 100 Mbps. The port will operate at this speed until you change it through the 10/100cfg command later. Press <Enter>
after you enter the Line Speed. The new line speed will take effect; no reboot is required.
Continue with the next step.
5. The following prompt displays, showing the current link mode:
Link Mode [Full, Half] (Currently (H)alf Duplex) :
Enter F to set the port to full-duplex mode or H to set the port to half-duplex mode. In
full-duplex mode, the full 100 or 10 Mbps of bandwidth is used for data traveling on each
direction of the cable. Press <Enter> after you enter the Mode. The new mode will take
effect; no reboot is required. You have completed the configuration of this port.
Page 15-5
Configuring 10/100 Auto-Sensing Ports
6. Since you have enabled auto-negotiation, the port will automatically sense the line speed
of the connection. You can also further enable auto-negotiation for the link mode. When
the following prompt displays:
Link Mode [Half or Auto] (Currently (H)alf Duplex) :
select whether you want the port to auto-sense the duplex mode (Auto) or whether you
want the port to default to half-duplex mode (Half). Enter an A for auto-sensing or enter
an H for half-duplex.
If you set the mode to half-duplex, then the port will always run in half-duplex. If you set
the mode to Auto, then the port will automatically detect whether the connection is halfor full-duplex and then operate in that mode. You have completed the configuration of
this port.
Connecting Kodiak Modules to Non-Auto-Negotiating Links
The ESX-K-100C-32W can auto-negotiate link speed. However, if you hard-configure (autonegotiation disabled) a Kodiak 10/100 module port for 10 Mbps, then you should not connect
that port to a non-auto-negotiating 100 Mbps port or device.
Page 15-6
Configuring Kodiak Ethernet Ports
Configuring Kodiak Ethernet Ports
The 10/100cfg command allows you to configure the link mode (full or half-duplex) for ports
on newer Kodiak Ethernet modules.
This procedure describes how to configure Ethernet modules on the Omni Switch/Router.
Follow these steps to configure a Kodiak Ethernet port:
1. Enter 10/100cfg at the system prompt and press <Enter>.
2. The system displays a prompt asking for the slot and port number:
Enter Slot/Interface :
Enter the slot number, a slash (/), and the port number of the Ethernet port that you want
to configure. Press <Enter>.
3. The following prompt displays, showing the current link mode:
Link Mode [Full, Half] (Currently (H)alf Duplex) :
Enter F to set the port to full-duplex mode or H to set the port to half-duplex mode. In
full-duplex mode, the full 100 or 10 Mbps of bandwidth is used for data traveling on each
direction of the cable. Press <Enter> after you enter the Mode. The new mode will take
effect; no reboot is required.
Page 15-7
Viewing Configurations for 10/100 Ethernet Modules
Viewing Configurations for 10/100 Ethernet Modules
The 10/100vc command allows you to view the current status of newer Ethernet modules (see
Kodiak Ethernet Modules on page 15-3). These modules support 100 Mbps, or 1000 Mbps
Ethernet. Ethernet 10/100 ports (e.g., ESX-K-100C-32) can auto-sense the connection speed of
the attached device.
Entering 10/100vc displays information similar to the following:
10/100 Configure Values for all slots
Slot/
Intf
----5/ 1
5/ 2
5/ 3
5/ 4
5/ 5
5/ 6
5/ 7
5/ 8
Slot/Intf.
DETECTED
SET
AutoLine
Duplex Line
Duplex
negotiate Speed Mode Speed Mode
----------- ------------- -----------enabled ?
?
auto
half-d
enabled 10
HALF-D auto
half-d
enabled 100
HALF-D auto
half-d
enabled 100
HALF-D auto
half-d
enabled ?
?
auto
half-d
enabled 10
HALF-D auto
half-d
enabled 100
HALF-D auto
half-d
enabled ?
?
auto
half-d
The slot and port number (Intf) where this Ethernet port is located.
Auto-negotiate. Indicates whether auto-negotiation is enabled on a 10/100 port. If enabled, the
port will automatically sense whether the attached device operates at 10 Mbps or 100 Mbps
and adjust accordingly. If disabled, the port does not automatically detect the connection
speed and instead uses the line speed you configure through the 10/100cfg command. You
enable or disable auto-negotiation through 10/100cfg. A value of n/a in this column means the
port does not support auto-sensing and the line speed defaults to either 10 or 100 Mbps.
The next set of columns are divided into DETECTED and SET. The columns under DETECTED
are the current operational Line Speed or Duplex Mode. The columns under SET are the configured values; these configured values will either be defaults or the values configured through
10/100cfg.
Line Speed. Indicates the speed (in Mbps) at which the port is currently operating (DETECTED)
or configured to operate (SET).
DETECTED values will be 10 (Mbps), 100 (Mbps), or a question mark (?). A question mark
(?) in this column indicates the port is not connected to a device.
SET values will be auto, 10 (Mbps,) or 100 (Mbps). The auto setting means auto-sensing is
enabled and the Line Speed will equal the speed for which the attached device is configured.
Duplex Mode. Indicates whether the port is operating (DETECTED) or configured (SET) for halfor full-duplex mode.
DETECTED values will be half-duplex (HALF-D), full-duplex (FULL-D), or a question mark
(?). A question mark (?) in this column indicates the port is not connected to a device.
SET values will be auto-sensing (auto), half-duplex (half-d), or full-duplex (full-d). If this
value is auto, then the switch automatically sets the duplex mode to the network device’s
setting. If this value is half-d, then the port will always run in half-duplex mode. If this
value is full-d, then the port will always run in full-duplex mode. You configure the
duplex mode through the 10/100cfg command. Note that you can only configure a 10/100
port for full-duplex if you disable auto-sensing.
Page 15-8
OmniChannel
OmniChannel
OmniChannel allows you to increase the bandwidth of Fast backbones by combining the
capacity of up to four (4) Fast Ethernet ports into one channel. The combined channel operates within Spanning Tree as one virtual port, and can provide up to 800 Mbps (in full-duplex
mode) of bandwidth. (In full-duplex mode, 400 Mbps is supported in each direction of the
OmniChannel.) This feature is useful for Ethernet-intensive networks that need to increase
bandwidth capacity without setting up ATM backbones using OC-3 or OC-12 connections.
The OmniChannel feature operates on 10/100 and 100 Mbps Ethernet ports employing Kodiak
chip technology, such as those modules listed in the table, Kodiak Ethernet Modules on page
15-3. OmniChannel does not operate on 10 Mbps ports or on early-generation Fast Ethernet
ports.
ESX
ESX
2
K1 K
O O
2
K1 K
O O
1 2 3 4 5 6 7 8
1 2 3 4 5 6 7 8
FD
D
H
T
AC
FD
D
H
T
AC
Tx
Tx
#1
#1
X
R
X
R
TX
TX
Link 1
#2
#2
X
R
X
R
TX
TX
#3
#3
X
R
X
R
TX
#4
#4
TX
Link 2
X
R
X
R
TX
TX
#5
#5
X
R
X
R
TX
TX
Link 3
#6
#6
X
R
X
R
TX
TX
#7
#7
X
R
X
R
TX
TX
Link 4
#8
#8
X
R
X
R
Up to Four 100 Mbps Links May Comprise an OmniChannel Backbone
Page 15-9
OmniChannel
♦ Note ♦
For Kodiak-based 10/100 Ethernet modules, 802.1Q
is supported over OmniChannel. See Chapter 16,
“Managing 802.1Q Groups” for more information.
OmniChannel balances the traffic load among links by MAC address. MAC addresses are
assigned to physical links in the OmniChannel in a round-robin fashion. The first MAC address
learned will transmit and receive data on the first link. The second MAC address learned will
transmit and receive over the second link, and so on regardless of the bandwidth requirements of each MAC address.
The Server Channel Feature
For ESX-K Series Kodiak-based Ethernet boards, you can create an OmniChannel that
connects to a server instead of another Omni Switch/Router. The intention of the Server
Channel is to give the user the option to increase the bandwidth between a server and Omni
Switch/Router for more client request support. This functionality is especially useful for internet servers such as B2C and B2B servers.
ESX-K
2
K1 K
O O
1 2 3 4 5 6 7 8
FD
D
H
T
AC
Tx
#1
X
R
Link 1
TX
#2
X
R
TX
#3
X
R
Link 2
#4
TX
X
R
TX
#5
X
R
Link 3
TX
#6
X
R
TX
#7
X
R
Link 4
TX
#8
X
R
Up to Four 100 Mbps Links May Comprise a Server Channel backbone
Page 15-10
OmniChannel
Server Channel Limitations
The following are limitations to creating a server channel on the Omni Switch/Router:
• The maximum number of Server Channels in the whole box is not fixed; however, it is
suggested that no more than 16 be created on the same switch.
• Each Server Channel can support up to 4 ports.
• Within one Server Channel, all of channel ports must be on the same slot.
• Within one Server Channel, all of channel ports must be in one VLAN.
• A port cannot be configured as Server Channel and Omni Channel port at the same time.
• Currently, Server Channel cannot be used with 802.1Q.
Creating an OmniChannel
You use the crechnl command to create an OmniChannel. Follow these steps:
1. Enter crechnl.
2. The following prompt displays:
Channel Number (2):
Enter the identification number you want to assign to this OmniChannel. By default, the
software lists the next available channel number in parentheses. (In this example, the next
available channel number is 2.) If you want to select the default, simply press <Enter>.
Otherwise, enter the desired channel number and press <Enter>.
3. The following prompt displays:
Channel type (1) omni_chnl (2) server_chnl
If the far end of the link is another Omni Switch/Router, you need to create an
OmniChannel. Select 1 and proceed to the next step. If the far end of the link is a server,
select 2 to create a Server Channel.
4. The following prompt displays:
To select a port, use the convention - Slot/Physical Port.
For eg. 2/1 is used to select Physical Port 1 on Slot 2
Primary Slot/Port:
Enter the slot and port that the switch will initially use as the Spanning Tree virtual port
for this channel. Each OmniChannel is considered a single virtual port within the network,
so only one physical port will participate in Spanning Tree.
♦ Note ♦
After a reboot or after a loss of a connection, the first
port in an OmniChannel that the switch brings up will
become the primary port. Therefore, one of the ports
you choose as the secondary port (explained in Step 5
below) could become the primary port and thus participate in Spanning Tree.
Page 15-11
OmniChannel
If the port you enter is already part of another OmniChannel, then it cannot be used in a
second OmniChannel. The following message displays for those ports that are already
part of another OmniChannel:
Primary port in use
5. The following prompt displays:
To select a port, use the convention - Slot/Physical Port.
For eg. 2/1 is used to select Physical Port 1 on Slot 2
Secondary Slot/Port:
Enter the other ports that will be used in this OmniChannel. Up to four (4) Fast Ethernet
Ports may participate in an OmniChannel. Therefore, you can specify up to three (3)
additional ports which will initially become secondary ports. These secondary ports must
be on the same module as the primary port. Secondary ports do not participate in the
Spanning Tree algorithm; they are used for data transmission only.
♦ Note ♦
As explained in Step 4 above, a port that you initially
configure as a secondary port can become a primary
port.
Specifying a Range of Ports. To specify a range of ports, enter the slot number, a slash (/),
the port number for the first secondary port, a dash (-), and the port number for the last
secondary port. For example, to specify ports 3, 4, and 5 on the Fast Ethernet module in
slot 2 as secondary ports in an OmniChannel, you would enter:
2/3-5
Specifying Multiple Ports.
To specify multiple ports (on the same module) that are not
physically contiguous, enter the slot number, a slash (/), the port number for the first
secondary port, a comma (,), and then the slot and port for the next secondary port. For
example, to specify ports 3 and 5 on the Fast Ethernet module in slot 2, you would enter:
2/3, 2/5
The order in which you specify secondary ports is important. In the event of a failure on
the primary port, the first secondary port specified will become the primary port in the
OmniChannel and participate in Spanning Tree.
Messages will display, informing you that secondary ports were saved in flash memory:
Successfully saved sec port in flash
Successfully saved sec port in flash
Page 15-12
OmniChannel
Adding Ports to an OmniChannel
After you create an OmniChannel with the crechnl command, you can add more secondary
ports to the same channel as long as the channel contains less than 4 ports. You use the
addprtchnl command to add ports to an OmniChannel. Follow these steps:
1. Enter addprtchnl.
2. The following prompt displays:
Channel Number :
Enter the channel number to which you want to add secondary ports. You can check the
current port assignments for a given OmniChannel by using the chnlinfo command, which
is described in Viewing OmniChannel Parameters on page 15-14.
3. The following prompt displays:
To select a port, the convention - Slot/Physical Port or Slot/Phy.
Port Range. For eg. 2/1 is used to select Physical Port 1 on Slot
2 and 2/2-4 selects physical ports 2,3 and 4 on Slot 2
Slot/Port(s):
Enter the additional ports that will be part of this OmniChannel. All the ports you enter
will initially be secondary ports (i.e., they do not participate in the Spanning Tree algorithm and are used for data transmission only). You can specify up to 4 ports on an
OmniChannel; only 3 of the ports can be secondary ports.
Specifying a Range of Ports. To specify a range of ports, enter the slot number, a slash (/),
the port number for the first secondary port, a dash (-), and the port number for the last
secondary port. For example, to specify ports 3, 4, and 5 on the Fast Ethernet module in
slot 2 as secondary ports in an OmniChannel, you would enter:
2/3-5
Specifying Multiple Ports.
To specify multiple ports (on the same module) that are not physically contiguous, enter the slot number, a slash (/), the port number for the first secondary port, a comma (,), and the slot and port for the next secondary port. For example, to
specify ports 3 and 5 on the Fast Ethernet module in slot 2, you would enter:
2/3, 2/5
Messages will display, informing you that secondary ports were saved in flash memory:
Successfully saved sec port in flash
Successfully saved sec port in flash
Deleting an OmniChannel
You can delete any existing OmniChannel through the delchnl command. Follow these steps:
1. Enter delechnl.
2. The following prompt displays:
Channel to be deleted:
Enter the channel number that you want to delete. You can obtain information on a
channel through the chnlinfo command, which is described in Viewing OmniChannel
Parameters on page 15-14. Press <Enter> and the channel, along with all port assignments, will be deleted.
Page 15-13
OmniChannel
Deleting Ports from an OmniChannel
You can delete ports from an OmniChannel using the delprtchnl command. Follow these
steps:
1. Enter delprtchnl.
2. The following prompt displays:
Channel Number :
Enter the channel number on which you want to delete ports. You can check the current
port assignments for a given OmniChannel by using the chnlinfo command, which is
described in Viewing OmniChannel Parameters on page 15-14.
3. The following prompt displays:
To select a port, the convention - Slot/Physical Port or Slot/Phy.
Port Range. For eg. 2/1 is used to select Physical Port 1 on Slot
2 and 2/2-4 selects physical ports 2,3 and 4 on Slot 2
Slot/Port(s):
Enter the port(s) that you want to delete from this OmniChannel.
Important Note
If you delete the primary port a secondary port will
become the new primary port. The secondary port that
will take over this role is the first secondary port specified through the crechnl command.
Deleting a Range of Ports. To delete a range of ports, enter the slot number, a slash (/), the
port number for the first port, a dash (-), and the port number for the last port. For example, to delete ports 3, 4, and 5 on the Fast Ethernet module in slot 2, you would enter:
2/3-5
Deleting Multiple Ports. To delete multiple ports (on the same module) that are not physically contiguous, enter the slot number, a slash (/), the port number for the first port, a
comma (,), and the slot and port for the next port. For example, to delete ports 3 and 5
on the Fast Ethernet module in slot 2, you would enter:
2/3, 2/5
Viewing OmniChannel Parameters
You can view the current configuration parameters and port assignments for an OmniChannel by using the chnlinfo command. Follow these steps:
1. Enter chnlinfo.
2. The following prompt displays:
Enter channel number for which information is required:
Enter the channel number for which you want to view information. If you want to view
information on all OmniChannels in the switch, simply press <Enter>.
Page 15-14
OmniChannel
3. A screen similar to the following displays:
Displaying channel 2
Channel Id
Phy. Port
Port Status
Mac Count
=====================================================================
2
5/6
5/7
Inactive
Inactive
0
0
3
5/3
5/4
5/5
Active
Active
Active
35
34
34
The following sections describe the variables in this table.
Channel Id.
The identification number assigned to this OmniChannel during the crechnl
configuration procedure.
Phy. Port.
The physical slot and port number for all ports included in the OmniChannel.
The slot number is listed first, then a slash (/), and the port number on the Ethernet
module.
Port Status. The current operational status of this physical port. If the port is Active, then a
cable is connected and data is capable of passing to and from the port. If the port is Inactive, then a cable may not be attached or the port is inoperational for hardware or software reasons.
Mac Count. The current number of MAC addresses that have been learned on this port. A
separate MAC count is given for each physical port in the OmniChannel.
Page 15-15
OmniChannel
Page 15-16
16
Managing 802.1Q Groups
This chapter documents User Interface (UI) commands to manage 802.1Q groups. For documentation on Command Line Interface (CLI) commands to manage 802.1Q groups, see the
Text-Based Configuration CLI Reference Guide.
♦ Important Notes ♦
In Release 4.4 and later, the Omni Switch/Router is
factory-configured to boot up in CLI (Command Line
Interface) mode, rather than in UI (User Interface)
mode. See Chapter 4, “The User Interface,” for documentation on changing from CLI mode to UI mode.
In Release 4.5 and later, Mammoth-based Ethernet
modules are no longer supported.
802.1Q is an IEEE standard for sending frames through the network tagged with VLAN identification. Alcatel has developed its own implementation of VLANs that closely follows the IEEE
standard (and enhances it). However, Alcatel VLANs and 802.1Q VLANs cannot interoperate
without special configuration.
If your network uses 802.1Q tagging, you will need to create 802.1Q groups and specify ports
that will handle 802.1Q traffic. This can be done for 10/100, Fast Ethernet and Gigabit Ethernet Kodiak ASIC-based modules. Up to 64 groups can be supported using multiple spanning
tree on an 802.1Q link for Kodiak ASIC-based Fast Ethernet and Gigabit Ethernet modules.
For Release 4.4 and later, Kodiak ASIC-based 10/100 Ethernet modules support 802.1Q traffic
over OmniChannel in multiple spanning tree mode. However, you must first create an
OmniChannel before creating 802.1Q groups. See Chapter 15, “Managing Ethernet Modules” for
information about OmniChannel. See Single vs. Multiple Spanning Tree on page 16-4 for information on single and multiple spanning tree.
Support for 802.1Q in the Omni Switch/Router allows you to set up port-based groups that
interoperate with 802.1Q-compliant equipment from other networking vendors.
Ports added to an 802.1Q group are done using Ethernet switch services. When using the
service commands to add ports to an 802.1Q group, multiple spanning tree instances on a
single port are supported. See Single vs. Multiple Spanning Tree on page 16-4 for additional
information on the differences between single and multiple spanning tree.
The 802.1Q specification defines trunk and access ports (and links). Trunk links are LAN
segments used for multiplexing VLANs between VLAN bridges. All devices that are directly
connected to a trunk link must be VLAN-aware. Access links are LAN segments used to multiplex one or more VLAN-unaware devices into a port of a VLAN bridge. (This also includes a
hybrid with some tagged and some untagged Groups.)
♦ Note ♦
The use of the word trunk in this document should not
be confused with the IEEE use of trunking with link
aggregation (such as OmniChannel and IEEE 802.3ad).
The general meaning of a trunk is an inter-switch link
over which different types of traffic are multiplexed.
Page 16-1
IEEE 802.1Q Sections Not Implemented
Some portions of the 802.1Q specification have not yet been implemented in the Omni
Switch/Router. These include the following:
• The tunneling of non-canonical 802.5 frames is not supported, since the Alcatel Omni S/R
handles such traffic by frame translations. This tunneling mode of operation involves the
Token Ring Encapsulation Flag in the 802.1Q header. It is not set or interpreted in the
Alcatel Omni S/R implementation.
• The Alcatel Omni S/R implementation does not support the SNAP-encoded Tag Header
(which is intended for Token Ring LANs). Only the Ethernet-encoded 4-byte Tag Header is
supported (and only Ethernet LANs are supported).
• Alcatel Omni S/R does not support the Generic Attribute Registration Protocol (GARP)
Multicast Registration Protocol (GMRP) and GARP VLAN Registration Protocol (GVRP) that
are defined in 802.1Q.
Page 16-2
Application Example
The following diagram illustrates a simple 802.1Q application:
Group 2
Group 2
E
A
B
12345678
123456
Switch X
Groups
2 and 3
F
12345678
123456
Switch Y
G
C
Group 3
Group 3
H
D
Simple 802.1Q Application
In the above diagram, the PC devices (endstations) need to be segmented into different
802.1Q VLANs. The switch port to which each device attaches is assigned to an 802.1Q group
(Group 2 for endstations A, B, E, and F, and Group 3 for endstations C, D, G, and H).
The ports connecting Switch X and Switch Y are also added to 802.1Q groups 2 and 3. All of
the switch ports that handle 802.1Q traffic are now capable of passing 802.1Q information.
Prior to Release 4.4, only Mammoth ASIC-based Ethernet, Fast Ethernet and Gigabit Ethernet
modules could be part of an 802.1Q group. For Release 4.4 and later, Kodiak ASIC-based 10/
100, Fast Ethernet and Gigabit Ethernet modules also support 802.1Q groups. In either configuration, existing policies for a group will not be affected by the group’s support for 802.1Q.
♦ Important Note ♦
Kodiak ASIC-based 10/100 Ethernet modules support
802.1Q traffic over OmniChannel in multiple spanning
tree mode. However, for 802.1Q support over
OmniChannel, you must first create an OmniChannel
before creating 802.1Q groups. See Chapter 15 for information about OmniChannel. For information on the
differences between single and multiple spanning tree,
see Single vs. Multiple Spanning Tree on page 16-4.
By matching switch ports with 802.1Q groups, you are statically assigning the port to the
group. Once assigned, an 802.1Q port cannot be dynamically assigned to another group.
However, the same switch port can be statically assigned to more than one 802.1Q group.
Page 16-3
Single vs. Multiple Spanning Tree
In previous releases of the Omni Switch/Router software (4.0 and earlier), spanning tree
support was done on a per port basis. In other words, a physical port could only participate
in one instance of a spanning tree on the network. If a network is passing both untagged and
IEEE tagged frames, single spanning tree support could lead to packets being lost. Lost packets could occur if a port specifically assigned to handle one type of traffic (e.g., IEEE 802.1Q)
is blocked by spanning tree, forcing traffic for that port to move to a port not assigned to
handle IEEE 802.1Q traffic.
VLAN 1
12345678
12345678
123456
123456
VLAN 2
Switch 1
Switch 3
VLAN 2
Blocked
Physical
Port
VLAN 1
12345678
123456
Switch 2
Port Based Spanning Tree
In the above diagram, the physical connection between Switch 1 and Switch 2 is blocked by
spanning tree. No traffic can pass over the connected ports.
Release 4.1 (and later) of the Omni Switch/Router allows for multiple spanning tree instances
on a single port. Put another way, a port can be part of separate spanning trees, with no
impact on packet delivery. This is done by basing spanning tree configuration on groups
rather than physical ports.
VLAN 1
12345678
12345678
123456
123456
Switch 1
Switch 3
VLAN 2 (Blocked)
VLAN 2
VLAN 2
VLAN 1 (Blocked)
VLAN 1
12345678
123456
Switch 2
Group Based Spanning Tree
The above diagram shows how traffic on VLAN 1 is blocked between Switch 1 and Switch 2,
Page 16-4
while VLAN 2 traffic is allowed to pass. The reverse is true for Switch 1 and Switch 3 (i.e.,
VLAN 2 traffic is blocked, while VLAN 1 traffic is allowed to pass).
Service commands are used in Ethernet modules to assign groups to 10/100 and Gigabit ports.
The cas, das, mas, and vas commands create, delete, modify, and view trunk services created
to handle 802.1Q traffic over an Ethernet backbone. This trunk service, coupled with the
default bridging service, allows you to pass both tagged and untagged frames over the same
port.
The following diagram shows the logical structure of the trunked 802.1Q groups:
Group 2
(802.1Q)
Group 1
(Untagged)
Group 3
(802.1Q)
Default Bridging
Service
802.1Q Trunking Services
Logical Ports
Physical Port
Logical Configuration of Multiple Groups on a Single Port
In the above diagram, Groups 2 and 3 have been trunked to the physical port with an 802.1Q
trunking service.
Page 16-5
Since spanning tree is group based, the physical port in the above diagram participates in
three spanning tree instances: one for untagged traffic and two for 802.1Q tagged traffic. Both
types of frames can now pass through the same port.
♦ Important Notes ♦
Since a trunk is a service, and Alcatel switches have a
16 (10/100) or 15 (Gigabit) services per port limit, only
15 or 14 802.1Q groups can be added to the same port.
In both cases, a default bridge service occupies one of
the service slots.
For Kodiak ASIC-based Fast Ethernet and Gigabit Ethernet modules, up to 64 groups are supported using
multiple spanning tree on an 802.1Q link. To support 64
groups, the following lines should be added into the
mpx.cmd file :
MaxEthQGroups=64
MaxGigaQGroups=64
See Chapter 7, “Managing Files,” for more information
on editing text files.
Page 16-6
Assigning an 802.1Q Group to a Port
Assigning an 802.1Q Group to a Port
Previous versions of the Omni Switch/Router (version 4.0 and earlier) only allowed for single
spanning tree configured 802.1Q groups using the addqgp, viqgp, and delqgp menu
commands. These commands were invalidated in the 4.1 release and replaced by the cas,
mas, vas, and das service commands.
The procedure for assigning an 802.1Q group to a port is slightly different, depending on
whether the port is a 10/100 or Gigabit Ethernet module port. (For additional information on
Gigabit and Kodiak-based Ethernet modules, see Chapter 15, “Managing Ethernet Modules.”)
Up to 64 groups can be supported using multiple spanning tree on an 802.1Q link for Kodiak
ASIC-based Fast Ethernet and Gigabit Ethernet modules.
♦ Important Notes ♦
For Release 4.4 and later, Kodiak ASIC-based 10/100
Ethernet modules support 802.1Q traffic over
OmniChannel in multiple spanning tree mode.
However, you must first create an OmniChannel before
creating 802.1Q groups. See Chapter 15, “Managing
Ethernet Modules” for information about OmniChannel.
For information about the differences between single
and multiple spanning tree, see Single vs. Multiple
Spanning Tree on page 16-4.
In most of the procedures described in this section, the screens displayed vary, depending on
what type of board and ASIC you are using. By viewing the front panel of your module, it
should be easy to determine which procedure applies to you.
Ethernet modules are designated by ESX-K. Gigabit modules are designated by either GSX-K.
Modules with a K on the front panel are Kodiak ASIC-based modules. For example, a module
with designation GSX-K is a Gigabit module using a Kodiak ASIC.
For information on assigning an 802.1Q group to a 10/100 port, see Configuring 802.1Q on
10/100 Ethernet Ports on page 16-8. For information on assigning an 802.1Q group to a Gigabit port, see Configuring 802.1Q on Gigabit Ethernet Ports on page 16-11.
♦ Note ♦
802.1Q Omni Switch/Router tagging does not work
with OmniCore 5200 tagging unless the OmniCore software is version 3.0.19 or later.
Page 16-7
Assigning an 802.1Q Group to a Port
Configuring 802.1Q on 10/100 Ethernet Ports
Use the cas command to assign 802.1Q groups to 10/100 ports. To use this command, follow
the steps below.
1. Enter cas at the system prompt, as shown:
cas <slot>/<port>
where <slot> is the slot of the module, and <port> is the port number that is to be added
to the group. For example, to add port 3 on slot 5, you would enter:
cas 5/3
2. If you have a legacy 10/100 board, the following screen displays:
Slot 3 Port 5 Ethernet 802.1Q Service
1) Description
2) Group ID
3) Tag
4) Priority
5) Mode
Multiple Spanning Tree (3)
Single Spanning Tree
(4)
:
:
:
:
:
If you have a Kodiak 10/100 board, the following screen displays:
Slot 3 Port 5 Ethernet 802.1Q Service
1) Description
2) Group ID
3) Tag
5) Mode
Multiple Spanning Tree (3)
Single Spanning Tree
(4)
:
:
:
:
You can modify the parameters by entering the line number, an equal sign, and the value
for the parameter. For example, to change the Group ID to 5, you would enter 2 (the line
number for Group ID), an equal sign (=), and a 5 (the group number), as shown:
2=5
3. Remember to save your changes by entering save at the system prompt when you have
finished with the configuration.
♦ Important Notes ♦
Because 802.1Q support over OmniChannel is
supported only in Multiple Spanning Tree mode on
Kodiak 10/100 Ethernet boards, the Mode screen option
is not configurable for this feature.
For 802.1Q support over OmniChannel, you must first
create an OmniChannel before creating 802.1Q groups.
See Chapter 15, “Managing Ethernet Modules” for
information about OmniChannel.
Page 16-8
Assigning an 802.1Q Group to a Port
The following sections describe the parameters shown in the screen on the preceding page.
Description
A textual description (up to thirty characters) for the service created when adding the port to
a group.
Group ID
The number of the group to which the port is to be added.
Tag
A simple identifier that is added to 802.1Q packets for identification. This value can be any
number between 1 and 4094.
Priority/Priority Remap Values
If the module uses a Kodiak ASIC, this field is labeled either Priority or Priority Remap Values.
In single spanning tree mode, it is Priority. In multiple spanning tree mode, it is Priority Remap
Values. See Mode below for more detailed information.
♦ Important Notes ♦
ESX-K and GSX-K Kodiak ASIC-based modules support
802.1p traffic prioritization. For chassis configurations
that include only ESX-K, GSX-K and/or WSX series
modules, 802.1p priority bits can be carried inbound on
a tagged port (configured with multiple spanning tree
802.1Q) across the backplane. This priority information
is used at the egress port to queue the packet, and is
sent out in the packet whether the egress port is tagged
or not.
The ESX-K and GSX-K modules can also remap incoming priority on an ingress port. If priority remapping
has been configured, the new priority will be carried
across the backplane. The priority information is used
to queue the packet, and is sent out in the packet if the
egress port is tagged.
Mode
This field allows you to choose either multiple or single spanning tree. This option only
appears if the module uses 10/100 Ethernet ports. Once you select a type of spanning tree for
a port, the port automatically retains the spanning tree selection for any other group it is
added to.
Page 16-9
Assigning an 802.1Q Group to a Port
For example, suppose that Port 3/1 is assigned to be in Group 2, and to use single spanning
tree. If the port were to be assigned to another group, it would automatically set itself to use
single spanning tree for that group as well.
When you set the Mode of the service, the cas screen changes to accommodate the selection
and allows you to set the priority of the service. If you select single spanning tree, for example, the screen changes to the following display, as shown:
Slot 3 Port 5 Ethernet 802.1Q Service
1) Description
2) Group ID
3) Tag
4) Priority
5) Mode
:
:
:
:
:4
If you select multiple spanning tree, the screen changes to the following display, as shown:
Slot 2 Port 1 Ethernet 802.1Q Service
1. Description (30 chars max) :
2. Group ID
:0
3. Tag
:0
4. Priority Remap Values
:
40. 0 - 0
41. 1 - 1
42. 2 - 2
43. 3 - 3
44. 4 - 4
45. 5 - 5
46. 6 - 6
47. 7 - 7
5. Mode
:3
The incoming priority level of the packet can be remapped to any value between 0 and 7,
with 7 being the highest priority. To set a value of 5 for an incoming priority value of 4, for
example, you would enter 44=5.
For more information on single vs. multiple spanning tree, see Single vs. Multiple Spanning
Tree on page 16-4.
Page 16-10
Assigning an 802.1Q Group to a Port
Configuring 802.1Q on Gigabit Ethernet Ports
Use the cas command to assign 802.1Q groups to Gigabit ports. To use this command, follow
the steps below.
1. Enter cas at the system prompt, as shown:
cas <slot>/<port>
where <slot> is the slot of the module, and <port> is the port number that is to be added
to the group. For example, to add port 3 on slot 5, you would enter:
cas 5/3
2. If you have a Kodiak Gigabit module, the following prompt displays:
Slot 3 Port 5 Ethernet 802.1Q Service
1. Description (30 chars max)
:
2. Group ID
:0
3. Tag
:0
4. Priority Remap Values
:
40. 0 - 0
41. 1 - 1
42. 2 - 2
43. 3 - 3
44. 4 - 4
45. 5 - 5
46. 6 - 6
47. 7 - 7
You can modify the parameters by entering the line number, an equal sign, and the value
for the parameter. For example, to change the Group ID to 5, you would enter 2 (the line
number for Group ID), an equal sign (=), and a 5 (the group number), as shown:
2=5
3. Remember to save your changes by typing save at the system prompt when you have
finished with the configuration.
Most of the fields are the same as described in Configuring 802.1Q on 10/100 Ethernet Ports
on page 16-8.
Page 16-11
Modifying 802.1Q Groups
Modifying 802.1Q Groups
802.1Q groups for both 10/100 and Gigabit Ethernet ports can be modified using the mas
command. The procedure is slightly different in each case. The screens for the mas command
change, depending on whether you have a legacy Ethernet board or a Kodiak ASIC-based
Ethernet board.
Modifying 802.1Q Groups for 10/100 Ports
To modify the configuration of an 802.1Q group for 10/100 ports, use the mas command as
shown:
mas <slot>/<port> <instance>
where <slot> is the slot number of the module on the switch, <port> is the port number where
the service was created, and <instance> is the identifier for the service on this port. For example, to modify 802.1Q service instance 1 on port 5 of slot 2, enter:
mas 2/5 1
If this is a legacy Ethernet module, the screen appears as shown:
Slot 2 Port 5 Ethernet 802.1Q Service
1) Tag
2) Priority
:3
:0
If this is a Kodiak ASIC-based module, the screen appears as shown:
Slot 2 Port 5 Ethernet 802.1Q Service
1. Description (30 chars max)
:
2. Tag
:0
3. Priority Remap Values
:
30. 0 - 0
31. 1 - 1
32. 2 - 2
33. 3 - 3
34. 4 - 4
35. 5 - 5
36. 6 - 6
37. 7 - 7
To change a field setting, enter the line number, an equal sign, and the new value. For example, to change the Priority setting to 7, you would enter a 3 (the line number for priority), an
equal sign (=), and a 37, as shown:
3=37
♦ Important Notes ♦
ESX-K and GSX-K Kodiak ASIC-based modules support
802.1p traffic prioritization. For chassis configurations
that include only ESX-K, GSX-K and/or WSX series
modules, 802.1p priority bits can be carried inbound on
a tagged port (configured with multiple spanning tree
802.1Q) across the backplane. This priority information
is used at the egress port to queue the packet, and is
sent out in the packet whether the egress port is tagged
or not.
Page 16-12
Modifying 802.1Q Groups
The ESX-K and GSX-K modules can also remap incoming priority on an ingress port. If priority remapping
has been configured, the new priority will be carried
across the backplane. The priority information is used
to queue the packet, and is sent out in the packet if the
egress port is tagged.
Remember to save the changes to the service by entering save at the system prompt when
finished.
To find the instance of a port service, use the vas command. See Viewing 802.1Q Groups in a
Port on page 16-16 for more information.
Page 16-13
Modifying 802.1Q Groups
Modifying 802.1Q Groups for Gigabit Ethernet Ports
To modify the configuration of an 802.1Q group for Gigabit ports, use the mas command as
shown:
mas <slot>/<port> <instance>
where <slot> is the slot number of the module on the switch, <port> is the port number where
the service was created, and <instance> is the identifier for the service on this port. For example, to modify 802.1Q service instance 1 on port 5 of slot 2, enter:
mas 2/5 1
If this is a legacy Ethernet module, the screen appears as shown:
Slot 2 Port 5 Ethernet 802.1Q Service
1) Tag
2) Priority
:3
:0
If this is a Kodiak ASIC-based module, the screen appears as shown:
Slot 2 Port 5 Ethernet 802.1Q Service
1. Description (30 chars max)
:
2. Tag
:0
3. Priority Remap Values
:
30. 0 - 0
31. 1 - 1
32. 2 - 2
33. 3 - 3
34. 4 - 4
35. 5 - 5
36. 6 - 6
37. 7 - 7
To change a field setting, enter the line number, an equal sign, and the new value. For example, to change the Priority setting to 7, you would enter a 3 (the line number for priority), an
equal sign (=), and a 37, as shown:
3=37
♦ Important Notes ♦
ESX-K and GSX-K Kodiak ASIC-based modules support
802.1p traffic prioritization. For chassis configurations
that include only ESX-K, GSX-K and/or WSX series
modules, 802.1p priority bits can be carried inbound on
a tagged port (configured with multiple spanning tree
802.1Q) across the backplane. This priority information
is used at the egress port to queue the packet, and is
sent out in the packet whether the egress port is tagged
or not.
The ESX-K and GSX-K modules can also remap incoming priority on an ingress port. If priority remapping
has been configured, the new priority will be carried
across the backplane. The priority information is used
to queue the packet, and is sent out in the packet if the
egress port is tagged.
Page 16-14
Modifying 802.1Q Groups
Remember to save the changes to the service by entering save at the system prompt when
finished.
To find the instance of a port service, use the vas command. See Viewing 802.1Q Groups in a
Port on page 16-16 for more information.
♦ Note ♦
Tags (field number 1) do not apply if proprietary
tagging is used on this port.
Page 16-15
Viewing 802.1Q Groups in a Port
Viewing 802.1Q Groups in a Port
To view which ports use which 802.1Q groups, enter the vas command at the system prompt,
as shown:
vas <slot>/<port>
where <slot> is the slot number of the module on the switch and <port> is the port number
where the service was created. For example, to view an 802.1Q service on port 5 of slot 2,
enter:
vas 2/5
A screen similar to the following is displayed:
Slot/Port/Inst
Vport
Group Tag
============
2 5 1
=====
33
=====
2
====
2
Priority
Tagging Mode Description
or
PriorityRemap
============= ============= ==========
4
Mult STree
As a variation of this command, it is possible to enter vas without a slot or port number. This
will display all services configured for the switch.
♦ Note ♦
The above screen is for Gigabit ports. The display is
slightly different for 10/100 ports. See descriptions
below for more details.
The following section describes the fields displayed using the vas command.
Slot.
The slot number of the switch on which the service is located.
Port.
The port number of the slot on which the service is located.
Instance.
The service identifier for the 802.1Q service. This is assigned when the service is
created.
Vport.
Group.
Tag.
The virtual port number that the service uses.
The group identifier for the group attached to this service.
The tag information entered into tagged frames, as specified when creating the service.
Priority or PriorityRemap.
The priority number assigned to packets from this service.
Tagging Mode.
This field displays different information depending on whether the switch ports
are 10/100 or Gigabit. If the ports are 10/100 or Kodiak-based Gigabit, this field shows either
multiple or single spanning tree. For 802.1Q support over OmniChannel on Kodiak 10/100
Ethernet boards, this field will display as Mult S Tree.
Description.
A textual description used to identify the service.
For more information on single vs. multiple spanning tree, see Single vs. Multiple Spanning
Tree on page 16-4.
Page 16-16
Viewing 802.1Q Statistics for 10/100 Ports
Viewing 802.1Q Statistics for 10/100 Ports
The viqs command provides a display of statistics for 802.1Q groups assigned to 10/100 ports.
Enter the viqs command, as shown:
viqs <slot>/<port> <groupId>
where <slot> is the slot number of the module on the switch, <port> is the port number where
the service was created, and <groupId> is the number of the group that the port belongs to.
For example, to view an 802.1Q service for group 2 on port 5 of slot 2, enter:
viqs 2/5 2
A screen similar to the following displays:
Physical
Port
------------2/5
Physical Port.
Group Id
(802.1Q)
-------------2
Transmit
Pkts
-------------29
Received
Pkts
-------------0
Transmit
Octets
-------------41
Received
Octets
--------------0
The slot and port number for this port.
Group Id (802.1Q ).
The 802.1Q group to which this port was assigned.
Transmit/Received Pkts.
The number of packets transmitted and received on this port.
Transmit/Received Octets.
The number of bytes transmitted and received on this port.
Page 16-17
Deleting 802.1Q Groups from a Port
Deleting 802.1Q Groups from a Port
802.1Q groups for both 10/100 and Gigabit Ethernet ports can be deleted using the das
command. The procedure is slightly different in each case.
To delete an 802.1Q group from a 10/100 port using single spanning tree, use the das
command, as shown:
das <slot>/<port> <instance> <groupId>
where <slot> is the slot number of the module on the switch, <port> is the port number where
the service was created, <instance> is the identifier for the service on this port, and <groupId>
is the number of the group that the port belongs to. For example, to delete an 802.1Q service
for group 2, instance 1 on port 5 of slot 2, enter:
das 2/5 1 2
To delete 802.1Q groups from a Gigabit port or 10/100 ports using multiple spanning tree,
enter the das command, as shown:
das <slot>/<port> <instance>
where <slot> is the slot number of the module on the switch, <port> is the port number where
the service was created, and <instance> is the identifier for the service on this port. For example, to delete 802.1Q service instance 1 on port 5 of slot 2, enter:
das 2/5 1
In either case, a message will appear, confirming the delete operation:
802.1Q service deleted for Group ID 3 on 3/9 (slot/Port)
♦ Important Notes ♦
You must delete X802.1Q groups in the same order on
both ends of the link. For example, if you delete
groups 1, 2, 3, 4, and 5 on the local switch, you must
delete the same five groups in the same order on the
remote switch. If groups are not deleted in this manner,
X802.1Q packets will not be routed correctly.
To delete 802.1Q support over OmniChannel, you must
first delete the 802.1Q service before you delete the
OmniChannel.
Page 16-18
17
Configuring Bridging
Parameters
This chapter describes how to configure and maintain bridging parameters. Bridges are
devices that interconnect LANs using one (or more) of the available standards such as transparent bridging, source route bridging, or source route to transparent bridging. Bridges primarily operate at Layer 2 of the OSI reference model, which controls data flow, transmission
errors, physical addressing, and access to physical medium.
There are different types of bridging that are used to manage networks:
• Transparent Bridging. Used mainly in Ethernet environments, packets are usually forwarded
without any changes being made to the packet. An ethernet environment is shown in the
diagram below:
Transparent Bridge
Segment 2
Segment 1
• Source Route Bridging. Used mainly in Token Ring environments, packets are transmitted
along routes predetermined by explorer frames sent along multiple paths. Source Route
Bridging modifies the routing information of the packet as it traverses the network. A
token ring environment is shown in the diagram below:
Source Route Bridge
Segment 1
Segment 2
Page 17-1
• Source Route to Transparent Bridging. Used in mixed Ethernet and Token Ring environments, this protocol provides easy translation between transparent and source route bridging. A mixed ethernet and token ring environment is shown in the diagram below:
SRTB Bridge
Segment 1
Segment 2
Spanning tree and fast spanning tree are also used to prevent physical loops in the network
from creating excess traffic by blocking packet transmission on one or more ports.
This chapter describes the commands used for configuring various bridging commands for the
above mentioned protocols, as well as diagnostic, spanning tree and fast spanning tree
information.
♦ Important Notes ♦
In Release 4.4 and later, the Omni Switch/Router is
factory-configured to boot up in CLI (Command Line
Interface) mode, rather than in UI (User Interface)
mode. See Chapter 4, “The User Interface,” for documentation on changing from CLI mode to UI mode.
Beginning with Release 4.4, FDDI is no longer
supported. Beggining with Release 4.5, Token Ring and
ATM are no longer supported.
Page 17-2
Configuration Overview
Configuration Overview
When configuring bridging parameters, you will need to perform at least some of the
following steps:
Step 1. Select a group
The bridging menu commands operate only on the currently selected group (or, for certain
commands, VLAN). You can select a group with the selgp command. For information on using
these commands, see Selecting a Default Group on page 17-7.
Step 2. Configure Bridging Parameters
There are several commands that allow you to configure and view basic bridging functions
such as static MAC addresses, bridge forwarding tables, MAC information and statistics, and
remote Trunking stations. Many of these commands are useful in diagnosing network problems, as they allow you to find specific MAC addresses and the port on which they were
learned. For information on these commands, see Bridging Commands on page 17-8.
Step 3. Enable Spanning Tree (Optional)
Spanning tree is an algorithm that helps prevent broadcast storms by blocking ports in the
network from transmitting data. If you plan to use spanning tree, you can use the spanning
tree commands to configure and view IEEE and IBM Spanning Tree. For information on using
spanning tree commands, see Configuring Spanning Tree on page 17-23.
Step 4. Enable Fast Spanning Tree (Optional)
Fast Spanning Tree is an algorithm that helps provide quick recovery from link, port and
device failures on a network, by bringing blocked secondary links into forwarding mode as
quickly as possible. You can the Fast Spanning Tree commands in the Bridge Management
Menu to view and enable/disable Fast Spanning Tree parameters on a selected group or
VLAN. For information on using Fast Spanning Tree commands, see Configuring Fast Spanning Tree on page 17-34.
Page 17-3
Bridge Management Menu
Bridge Management Menu
To view the Bridge Management Menu, enter the br command at the system prompt. If you
are in verbose mode, the following table appears outlining the commands available to you. If
you are not in verbose mode, enter a ? at the prompt to display the Bridge Management
Menu.
Command
--------------fls
flc
sts
fstps
actfstps
stc
stps
stpc
srs
src
srsf
srtbcfg
srtbrif
srtbclrrif
fwt
fs
fc
bps
macinfo
macstat
macclrstat
selgp
rts
dbrmap
+/-
Bridge Management Menu
---------------------------------------------------------------------------------------------Display Flood Limit of selected Group
Configure Flood Limit on selected Group
Display Spanning Tree parameters on selected Group
Display Fast Spanning Tree port parameters on selected VLAN
Activate Fast Spanning Tree port parameters on selected VLAN
Configure Spanning Tree parameters on selected Group
Display Spanning Tree Port parameters on selected VLAN
Configure Spanning Tree Port parameters on selected VLAN
Display Source Routing parameters on selected Group
Configure Source Routing parameters on selected Group
Enable or disable Source Routing SAP Filter Support
View and configure Source Route to Transparent Bridging
View learned RIF from Source Route to Transparent Bridging Table
View and Clear learned RIF from Source Route to Transparent
Bridging Table
Display Bridge Forward table on selected VLAN
Display Bridge Static Address
Configure Bridge Static Address
Display Bridge Port Statistics on selected VLAN
Locate learned Bridge MAC address in this chassis
Show statistics of Bridge MAC address
Clear statistics of Bridge MAC address
A Group can be selected for the bridge operations or to generate MIB
reports
Display remote Trunking Stations discovered
View the Domain Bridge Mapping table
Select next / previous VLAN
Details on commands included in the Bridge Management Menu commands are given in the
following sections:
Setting the Default Group. These commands allow you to choose which group you are modifying or viewing, and include the selgp, +, and - commands. For more information, see:
• Selecting a Default Group on page 17-7
• Using the + or - to Change Groups on page 17-7 for more information.
Page 17-4
Bridge Management Menu
Bridging Commands.
These commands allow you to view bridge forward tables, create and
view static address tables, display bridge port statistics, view MAC address information, view
remote trunking stations, and view the domain bridge mapping table. Commands in this
section include fwt, fs, fc, bps, macinfo, macstat, macclrstat, rts, and dbrmap. For more
information, see:
• Displaying Bridge Forwarding Table on page 17-8
• Configuring a Static Bridge Address on page 17-10
• Displaying Static Bridge Addresses on page 17-13
• Displaying Bridge Port Statistics on page 17-14
• Displaying Media Access Control (MAC) Information for a Specific MAC address on page
17-16
• Display Statistics of Bridge MAC Addresses on page 17-17
• Clear Statistics of Bridge MAC Addresses on page 17-18
• Display Remote Trunking Stations on page 17-18
• View the Domain Bridge Mapping Table on page 17-19
Setting Flood Limits.
These commands allow you to configure and view flood limits for a
specific group using the flc and fls commands. For more information, see:
• Setting Flood Limits for a Group on page 17-21
• Displaying Group Flood Limits on page 17-22
Configuring Spanning Tree. These commands allow you to configure and view IEEE and IBM
Spanning Tree for a specific group, and include the stc, sts, stpc and stps commands. (The
stc and sts commands can also be used to configure and view Fast Spanning Tree for a
selected VLAN.) For more information, see:
• Configuring Spanning Tree Parameters on page 17-25
• Display Spanning Tree Bridge Parameters on page 17-28
• Configuring Spanning Tree Port Parameters on page 17-30
• Displaying Spanning Tree Port Parameters on page 17-32
Page 17-5
Bridge Management Menu
Configuring Fast Spanning Tree.
These commands allow you to configure and view Fast
Spanning Tree for a specific group or VLAN, and include the actfstps and fstps commands.
Information is also included on configuring the Truncating Tree Timing and Speedy Tree
Protocol features. For more information, see:
• Configuring Truncating Tree Timing & Speedy Tree Protocol on page 17-35
• Displaying Fast Spanning Tree Port Parameters on page 17-36
• Enabling Fast Spanning Tree Port Parameters on page 17-38
• Disabling Fast Spanning Tree Port Parameters on page 17-39
Page 17-6
Selecting a Default Group
Selecting a Default Group
Most commands in the Bridge Management Menu allow you to specify a group when
entering the command at the system prompt. If you do not specify a group when entering a
command, the bridge operations are performed on the currently selected group.
♦ Note ♦
You can view the current groups in the switch by
entering gp at any prompt.
To select a group, enter the selgp command as follows:
selgp <group number>
where <group number> is the number of the group you wish to modify or view. For example,
to select Group 2 you would enter selgp and the number 2 as shown:
selgp 2
A message confirming the selection of the new group ID followed by the group description.
Group number: 2 is now selected (New GROUP (#1)).
Using the + or - to Change Groups
At any time from the system prompt, you can select a different group by typing a plus (+) to
move up one group, or a minus (-) to move back one group. For example, if you are
currently working on Group 4 and wish to change to Group 3, you would enter a - at the
system prompt. The following message displays to confirm the change:
Currently GROUP 3 is selected (New GROUP (#3))
Page 17-7
Bridging Commands
Bridging Commands
The Bridge Management menu provides several commands that are useful in pinpointing
problems in the network. The commands allow you to lookup specific MAC addresses and
where they were learned, create and view static bridge addresses, view information on
remote trunking stations, view MAC address statistics for a group or a port, or look up information on domain mappings. Many times a network problem can be tracked down by viewing MAC address information, finding out where it came from, and where it forwards data.
The following sections detail the specific bridging commands that perform these functions.
Displaying Bridge Forwarding Table
You can display the MAC addresses and their forwarding and filtering information for a given
group. The information in the table is used by the transparent bridging function in determining how to propagate a received frame.
To display the information for a group in the switch follow these steps:
1. Enter the fwt command at the system prompt as follows:
fwt <group number>
where <group number> is the number of the group for which you want to view MAC
addresses. For example, to view MAC addresses for group 2, you would enter:
fwt 2
As a variation of this command, you can enter the fwt command without a group ID. This
will display MAC addresses for the currently selected group in this switch. For information on selecting a group, see Selecting a Default Group on page 17-7.
2. Once you have entered the group number you will be prompted for a slot and port, as
shown:
Enter Slot/Interface (return for all ports):
3. Enter the slot and interface (port) number and press <return>. For example, to view MAC
addresses for port 2 on slot 3, enter 3/2 as shown:
Enter Slot/Interface (return for all ports): 3/2
The following screen appears listing the MAC addresses on this port:
Total number of MAC addresses learned for VLAN 2: 8
Non-Canonical
Group
Sl/If/Srvc/In MAC Address
MAC Address
T
ID
----------------- ------------------------ ------------------------ -- --------3/1/ Brg/ 1 0020DA:A373B0 00045B:C5CE0D E
2
3/1/ Brg/ 1 0020DA:8656F0 00045B:616A0F E
2
3/1/ Brg/ 1 00045B:ED48C0 00045B:2251A1 E
2
3/1/ Brg/ 1 000077:8DDBB9 00045B:65EE22 E
2
3/1/ Brg/ 1 000039:F5520C 0009E4:3ED444 E
2
3/1/ Brg/ 1 009027:17F7EB 00045B:2D43EF E
2
3/1/ Brg/ 1 0020DA:0C41E5 00045B:ED48C0 E
2
3/1/ Brg/ 1 0020DA:9645A1 0000EE:B1DB9B E
2
Page 17-8
CAM
Indx
------305A
3060
3080
3010
300E
3018
3078
304E
Last
Exp ATM
S Seen Timer VCI
-- -------- --------- ------T
11
300
T
11
300
T
29
300
T
29
300
T
35
300
T
59
300
T
26
300
T
18
300
Bridging Commands
Field Descriptions
The following section explains the fields displayed with the fwt command.
Sl/In/Srvc/In.
The slot number (Sl), interface (port) number (In), type of service (Src), and
service instance (In). For example, a bridge service on port 1 of slot 3 would be:
3/1/Brg/1
Services provide connection options for switches in a LAN, between LANs, or in a WAN.
Other possible services include trunking, routing, and LANE. It is possible to have more than
one instance of a service if there are more than one connections on a single port.
MAC Address.
The learned MAC address for this port.
Non-Canonical MAC address.
The non-canonical version of the learned MAC address. The noncanonical MAC address is different from a canonical MAC address in that the order in which
the address information is sent is different. Ethernet uses canonical address, while other
media (e.g., token ring, FDDI) use non-canonical.
T.
The protocol type of this MAC address. There are two possibilities:
E
Ethernet
F
FDDI
T
Token Ring
Group ID.
The associated group ID for this learned MAC address.
CAM Indx. The index number to the Content-Addressable Memory (CAM), where the MAC
addresses are stored, in hexadecimal form.
S.
The source of the MAC address (how it was learned). There are two possibilities:
T
Transparent Bridge
S
Source Route Frame.
Last Seen.
Exp. Timer.
The time in seconds since this MAC address was last seen on this port.
There are three possibilities for this column:
Value
The configured ageing timer, in seconds, for this MAC address is shown.
Once this time period is exceeded, the MAC address is removed from the
CAM.
STATIC
This MAC address was manually assigned to this group and will not age
out.
OPSWT
This MAC address was learned on an optimized switch port and will not
age out.
ATM VCI.
The ATM Virtual Channel Identifier (VCI) for this MAC address entry. The VCI is
shown for any media that uses Virtual Circuits (ATM, LANE).
Page 17-9
Bridging Commands
Configuring a Static Bridge Address
You can configure static bridge address information by entering the fc command. A static
bridge address is a fixed MAC address bridge that does not change or age out.
To configure a static MAC address follow these steps:
1. Enter the fc command as follows:
fc <groupNumber>
where <groupNumber> is the number of the group for which you want to create a static
bridge MAC address. For example, to set up a static bridge address for Group 2, you
would enter the following:
fc 2
As a variation of this command, you can enter the fc command at the system prompt with
no group number. This will allow you to set up a static bridge address on the currently
selected group. For information on selecting a group, see Selecting a Default Group on
page 17-7.
The system displays the following:
Bridge Static Address for Group 2 (New GROUP (#2))
Index
-------1
MAC Address
Slot/Intf/Service/Inst
(A)
----------------------- -----------------------------21A33E:00B001
3/ 1/
Brg/1
Static Status
(B)
------------------permanent
The entries can be modified by specifying the index and column.
For Static Status, use 2 to delete, 3 for Permanent,
4 for Delete on Reset, 5 for Delete on Timeout
To add an entry: Use command 'add MAC addr, receiving port, static status'.
Receiving port and Status must be provided.
Port could either be slot/intf or virtual port begin with v.
For non-canonical MAC format add 'nc' before MAC.
ie: add 123456:7890AB, 2/3, 3 or add nc001122:334455, v99, 3
NOTE: add command will be executed immediately.
save|cancel|next only applies to existing entry.
add|save|cancel|next :
2. To add an entry, use the format as described in the above screen:
add [MAC Addr], [Slot/Intf], [Static Status]
For example, to add a permanent non-canonical MAC address of 123456:123456 to port 2
of slot 3, you would enter the following:
add nc123456:123456, 3/2, 3
When you complete the operation by pressing <return>, an entry with MAC address
123456:123456, on slot 2, port 3, with a Static Status of Permanent is created.
3. Type save at the fc command prompt to save the entry. If you do not save the entry
before exiting the fc command, the static bridge address is not created.
♦ Note ♦
The newly created static bridge address will not show
up in the fc command table until you have exited the
fc command by typing cancel at the command prompt.
Page 17-10
Bridging Commands
Field Descriptions
The following section describes the fields in the fc command table.
Index. A number assigned to the row to identify a previously created static bridge address,
when modifying the address.
MAC address.
The canonical MAC address for this static bridge.
Slot/Intf/Service/Inst. The
slot number, interface (port) number, type of service, and service
instance. For example, a bridge service on port 1 of slot 3 would be:
3/1/Brg/1
Static Status. The status of the static MAC address as determined when created. The Status will
be one of the following:
Invalid
This entry was deleted within the current session.
Permanent
This entry is in use and will remain so until it is deleted from the
table. See Deleting a Static Bridge Address on page 17-12 for
specific information.
deleteOnReset
This entry is in use and will remain so until the bridge is reset.
deleteOnTimeOut
This entry is currently in use and will remain so until it is aged out.
Modifying a Static Bridge Address
Once you have created a static bridge address, you can modify its interface assignment or its
status. To modify a static bridge address:
1. Enter the fc command as documented above. The Bridge Static Address table will display
as shown:
Bridge Static Address for Group 2 (Default GROUP (#2))
Index
-------1
2
MAC Address
Slot/Intf/Service/Inst
(A)
----------------------- -----------------------------21A33E:00B001
3/ 1/
Brg/1
001122:223344
3/ 2/
Brg/1
Static Status
(B)
--------------------permanent
deleteOnReset
The entries can be modified by specifying the index and column.
For Static Status, use 2 to delete, 3 for Permanent,
4 for Delete on Reset, 5 for Delete on Timeout
To add an entry: Use command 'add MAC addr, receiving port, static status'.
Receiving port and Status must be provided.
Port could either be slot/intf or virtual port begin with v.
For non-canonical MAC format add 'nc' before MAC.
ie: add 123456:7890AB, 2/3, 3 or add nc001122:334455, v99, 3
NOTE: add command will be executed immediately.
save|cancel|next only applies to existing entry.
add|save|cancel|next :
Page 17-11
Bridging Commands
2. To modify an entry, use the index number for the specific static bridge address (listed in
the leftmost column), the column letter for the column you want to change, an equal sign,
and a new value. For example, to change the Static Status of the first address’s in the table
from permanent to deleteOnReset, you would enter a 1 (the static bridge address Index
number), a b (the column letter for Static Status), an equal sign (=), and the number 4 (the
value for deleteOnReset), as shown:
1b=4
3. Press <return> to complete the operation.
4. Type save at the fc command prompt to save the changes.
Deleting a Static Bridge Address
Deleting a previously created static bridge address is much the same process as modifying a
Static Bridge Address. To delete a Static Bridge Address, follow these steps:
1. Enter the fc command as documented above. The Bridge Static Address table will display
as shown:
Bridge Static Address for Group 2 (Default GROUP (#2))
Index
-------1
2
MAC Address
Slot/Intf/Service/Inst
(A)
----------------------- -----------------------------21A33E:00B001
3/ 1/
Brg/1
001122:223344
3/ 2/
Brg/1
Static Status
(B)
--------------------permanent
deleteOnReset
The entries can be modified by specifying the index and column.
For Static Status, use 2 to delete, 3 for Permanent,
4 for Delete on Reset, 5 for Delete on Timeout
To add an entry: Use command 'add MAC addr, receiving port, static status'.
Receiving port and Status must be provided.
Port could either be slot/intf or virtual port begin with v.
For non-canonical MAC format add 'nc' before MAC.
ie: add 123456:7890AB, 2/3, 3 or add nc001122:334455, v99, 3
NOTE: add command will be executed immediately.
save|cancel|next only applies to existing entry.
add|save|cancel|next :
2. To delete an entry, use the index number for the specific static bridge address, the
column letter b (the column letter for Static Status), an equal sign (=), and a 2 (the value
for Delete).
For example, to delete the first address in the table, you would enter a 1 (the static bridge
address Index number), a b (the column letter for Static Status), an equal sign (=), and the
number 2 (the value for Delete), as shown:
1b=2
3. Press <return> to complete the operation.
4. Type save at the fc command prompt to save the changes. The Static Status will change to
Invalid. Once you exit the fc command, the Static Bridge Address is removed from the
table.
Page 17-12
Bridging Commands
Displaying Static Bridge Addresses
You can view static bridge address information by entering the fs command. To display the
information, enter the fs command as follows:
fs <group number>
where <group number> is the number of the group for which you want to view static bridge
MAC addresses. For example, to view MAC addresses for Group 1, you would enter the
following:
fs 1
This command will display a table similar to the following:
Bridge Static Address Summary for Group 1 (Default GROUP (#1))
MAC Address
--------------------------002A3113:0012EA
Slot/Intf/Service/Inst
-----------------------------3/ 1/
Brg/ 1
Static Status
------------------permanent
As a variation of this command, you can enter the fs command at the system prompt with no
group number. This will allow you to view the static bridge addresses on the currently
selected group. For information on selecting a group, see Selecting a Default Group on page
17-7.
The descriptions for the variables in the table displayed with the fs command are the same as
those in the table displayed with the fc command. For details on these variables, see Configuring a Static Bridge Address on page 17-10.
Page 17-13
Bridging Commands
Displaying Bridge Port Statistics
You can display statistics on bridge ports with the bps command. To view bridge port statistics enter the bps command as follows:
bps <group number>
where <group number> is the number of the group for which you want to view bridge port
statistics. For example, to view statistics for Group 1, you would enter the following:
bps 1
This command will display a table similar to the following:
Frames discarded due to full Forwarding Database:0
Port Statistics for Group 1
Slot/Intf
Frames
Service/Inst
In
=========== ========
2/ 1/ Brg/ 1
0
2/ 2/ Brg/ 1
0
3/ 1/ Brg/ 1
3354
3/ 2/ Brg/ 1
0
3/ 3/ Brg/ 1
0
3/ 4/ Brg/ 1
0
3/ 5/ Brg/ 1
0
3/ 6/ Brg/ 1
0
3/ 7/ Brg/ 1
0
3/ 8/ Brg/ 1
0
/VLAN/Bridge %
Frames
Out
========
0
0
85
0
0
0
0
0
0
0
MTU
Delay
In Frames Exceeded Exceeded
Discards Discards Discards
======== ======== ========
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Flood
Limit
Discards
========
0
0
0
0
0
0
0
0
0
0
As a variation on this command, you can enter bps at the prompt without a group number.
This will display the port statistics for the currently selected group. For information on selecting a group, see Selecting a Default Group on page 17-7.
Page 17-14
Bridging Commands
Field descriptions
The following section describes the fields displayed in the above table.
Frames discarded to full Forwarding Database. The number of frames that were not transmitted
because the forwarding database is full. The forwarding database holds all known MAC
address for this bridge and is used to learn the next hop MAC address for the packet(s) in
question.
Slot/Intf/Service/Inst. The slot number (Sl), interface (port) number (Intf), type of service
(Service), and service instance (Inst). For example, a bridge service on port 1 of slot 3 would
be:
3/1/Brg/1
Services provide connection options for switches in a LAN, between LANs, or in a WAN.
Other possible services include trunking, routing, and LANE. It is possible to have more than
one instance of a service if there are more than one connections on a single port.
Frames In.
The number of frames received on the associated port.
Frames Out.
The number of frames sent on the associated port.
In Frames Discards.
The number of received frames discarded due to error.
MTU Exceeded Discards. The number of frames that were discarded because they exceeded the
Maximum Transmission Unit (MTU) size. The MTU is set to the default of the media type
(Ethernet, Token Ring, etc.) and is not configurable.
Delay Exceeded Discards.
Frames that were delayed, usually due to collisions, but that were
ultimately transmitted.
Flood Limit Discards. The number of frames that were discarded because they exceeded the
flood limit set for the port or the group in which this port is a member. This flood limit is set
with the flc command for groups or the modvp command for ports. For more information on
setting flood limits, see Setting Flood Limits on page 17-21 for the flc command. For details on
using the modvp command, see Chapter 19, “Managing Groups and Ports.”
Page 17-15
Bridging Commands
Displaying Media Access Control (MAC) Information for a Specific MAC
address
Media Access Control (MAC) information for the switch can be examined by using the macinfo
command. You can view specific MAC address information, or choose a slot and view all
MAC addresses associated with the selected slot.
To view MAC information for a specific address:
1. Enter macinfo at the system prompt and press <return>.
2. You will be prompted with the following message:
Enter MAC address ([XXYYZZ:AABBCC] or return for none):
Enter the MAC address you are interested in viewing, and press <return>.
3. You will be prompted with the following message:
Is this MAC in Canonical or Non-Canonical form (C or N) [C]:
Enter c for Canonical or n for Non-Canonical (the default is at the end of the prompt in
brackets) and press <return>. A table similar to the following is shown:
Group
Slot/Intf/Srvc/Inst ID
------------------------- -------3/ 1/ Brg/ 1
1
CAM Set MAC Last Exp ATM
Index by Type Seen Timer VCI Protocol
-------- ----- ------- ------- -------- ------- ------------0346 TB ETH
11
15
Field Descriptions
The following section explains the fields displayed using the macinfo command that are not
previously explained in other sections.
Set by.
This field lists what type of bridging was used to learn this MAC address. There are
two possibilities:
TB
This MAC address was learned using Transparent Bridging.
SR
This MAC address was learned using Source Routing.
MAC Type.
The media type of this MAC address. There are two possibilities:
E
Ethernet
F
FDDI
T
Token Ring
Protocol. If Group Mobility is enabled, this field will list the type of packet encapsulation used
when this MAC address was learned. For additional information on Group Mobility, see
Chapter 19, “Managing Groups and Ports.”
Page 17-16
Bridging Commands
Displaying Media Access Control (MAC) Information for all MAC addresses
Media Access Control (MAC) information for the switch can be examined by using the macinfo
command. You can view all MAC addresses associated with the selected slot.
To view MAC information for all addresses:
1. Enter macinfo at the system prompt and press <return>. You will be prompted with the
following message:
Enter MAC address ([XXYYZZ:AABBCC] or return for none):
2. Press <return>. You will be prompted with the following message:
Enter Slot Number (1-3):
Enter the slot number for the slot for which you are interested in viewing MAC addresses.
The possible options are displayed on the right in parenthesis. A screen similar to the
following is shown:
Total number of MAC addresses learned for VLAN 2: 8
Non-Canonical
Group
Sl/If/Srvc/In MAC Address
MAC Address
T
ID
----------------- ------------------------ ------------------------ -- --------3/1/ Brg/ 1 0020DA:A373B0 00045B:C5CE0D E
2
3/1/ Brg/ 1 0020DA:8656F0 00045B:616A0F E
2
3/1/ Brg/ 1 00045B:ED48C0 00045B:2251A1 E
2
3/1/ Brg/ 1 000077:8DDBB9 00045B:65EE22 E
2
3/1/ Brg/ 1 000039:F5520C 0009E4:3ED444 E
2
3/1/ Brg/ 1 009027:17F7EB 00045B:2D43EF E
2
3/1/ Brg/ 1 0020DA:0C41E5 00045B:ED48C0 E
2
3/1/ Brg/ 1 0020DA:9645A1 0000EE:B1DB9B E
2
CAM
Indx
------305A
3060
3080
3010
300E
3018
3078
304E
Last
Exp
S Seen Timer
-- -------- --------T
11
300
T
11
300
T
29
300
T
29
300
T
35
300
T
59
300
T
26
300
T
18
300
Descriptions of the fields displayed with the macinfo command are identical to those
displayed using the fwt command. See Displaying Bridge Forwarding Table on page 17-8 for
more information.
Display Statistics of Bridge MAC Addresses
The macstat command allows you to view a list of MAC address statistics for this switch on a
slot-by-slot basis. To view MAC address statistics, enter the macstat command at the system
prompt as shown:
macstat <slot>
where <slot> is the slot number on the switch for which you want to see statistics. For example, to view statistics for MAC addresses on slot 3, you would enter:
macstat 3
A table similar to the following is shown:
Slot
====
3
Discarded
==========
0
Aged
==========
4
Learned
==========
7
in CAM
==========
37
As a variation of this command, you can enter macstat at the prompt with no slot specified.
This will display the statistics for all slots in the switch.
Page 17-17
Bridging Commands
Field Descriptions
The following section describes the fields displayed using the macstat command.
Slot.
The slot number of the switch to which the MAC address statistics apply.
Discarded. The number of MAC addresses that have been discarded on this slot due to the
CAM being full.
Aged. The number of MAC addresses that have exceeded the age limit and been removed
from the CAM by this slot.
Learned.
The number of MAC address that have been learned on this slot.
in CAM. The total number of MAC addresses currently stored in the Content-Addressable
Memory (CAM) of this module.
Clear Statistics of Bridge MAC Addresses
MAC address statistics for a slot can be cleared using the macclrstat command. To clear statistics, enter the macclrstat command at the system prompt as shown:
macclrstat <slot>
where <slot> is the slot number of the switch for which you want to clear MAC address statistics. For example, to clear statistics for slot 3, you would enter:
macclrstat 3
Once you have enter the command, a message appears to confirm the action.
As a variation of this command, you can enter macclrstat without specifying a slot. This will
clear MAC statistics for all slots.
Display Remote Trunking Stations
The rts command displays a table of the remote trunking stations learned by this switch. A
remote trunking station is a switch that has set up a trunking service to convey media through
a network. Trunking services allow for media to be masked so that it appears to be a different type (for example, trunking ethernet over an ATM backbone). To display the remote
trunking stations this switch has learned, follow these steps:
1. Enter the rts command as shown
rts <groupNumber>
where <groupNumber> is the number of the group on the local switch for which you want
to view known trunking stations. For example, to view remote trunking stations for Group
1, you would enter the following:
rts 1
As a variation of this command, you can enter the rts command without a group number.
This will show all the remote trunking stations for all groups in this switch.
Page 17-18
Bridging Commands
2. The following prompt is shown:
Enter service’s Slot/Station (return for all services):
Enter the slot and station (port) number for the local switch for which you wish to view
remote trunking services. For example, to list the trunking station at port 1 of slot 3, you
would enter:
3/1
If you do not enter a specific slot and station, the system automatically sends information
on all services for the remote trunking stations associated with this group.
3. Once you have entered a slot and station, a table similar to the following is shown:
Remote Trunking Stations
Slot/Station
Group ID
Remote MAC
==========
=======
=============
3/ 1
1
0020DA:022061
3/ 1
1
0020DA:05EAD1
Field Descriptions
The following sections describes the fields displayed by the rts command.
Slot/Station.
The slot number and station (port) number associated with the remote trunking
station.
Group ID.
The group number of the switch that is associated with this remote trunking station.
Remote MAC.
The Media Access Control address of the remote trunking service.
View the Domain Bridge Mapping Table
The dbrmap command allows you to display the mapping between a packet’s destination
MAC address and the remote Domain Bridge behind which it originated. To view this table:
1. Enter the dbrmap command as shown:
dbrmap <groupNumber>
where <groupNumber> is the number of the group for which you want to see domain
mappings of MAC addresses. For example, to view the mapping table for group 2, you
would enter:
dbrmap 2
As a variation of this command, you can enter the dbrmap command without specifying a
group. This will display mapping information for all groups on this switch.
2. A prompt asking for a canonical MAC address is displayed, as shown:
Enter canonical MAC address ([XXYYZZ:AABBCC] or return to display everything):
Enter the MAC address you want to see the Domain Mapping for, or press <return> without entering a MAC address to see the mappings for all MAC addresses associated with
this group.
Page 17-19
Bridging Commands
3. A screen similar to the following is shown:
DOMAIN BRIDGE MAPPING
Group 2
Destination MAC
00:20:da:7d:ef:44
00:20:da:7d:ef:45
00:20:da:7d:ef:46
Group ID
2
2
2
Age
14
120
220
Slot / Intf
8/ 1
8/ 1
8/ 1
Domain MAC
00:20:da:6c:fb:85
00:20:da:6c:fb:85
00:20:da:6c:fb:86
Field Descriptions
The fields displayed by the dbrmap command are described below.
Destination MAC.
Group ID.
Age.
The destination MAC address learned from a domain bridge port.
The destination MAC’s group number.
The time, in seconds, since the destination MAC address was last seen.
Slot/Intf.
The slot and interface number on this switch where the destination MAC address was
learned.
Domain MAC.
was learned.
Page 17-20
The remote domain MAC address behind which this destination MAC address
Setting Flood Limits
Setting Flood Limits
The flood limit is the number of bytes per second of flooded data that may be transmitted on
a port on a group. This limit is a mechanism for controlling broadcast storms on the network.
The default flood limit for a port, regardless of the media type, is 192,000 bytes per second.
You can change this default by configuring the flood limit on a per port or a per Group basis.
The modvp command (described in Chapter 19, “Managing Groups and Ports”) allows you to
set the flood limit on a per port basis. The flc command (described in the following section)
allows you to set the flood limit on a per Group basis. Configuring the flood limit for a Group
is particularly useful when you need to disable flood limits for all ports in a single Group.
Setting Flood Limits for a Group
The flc command allows you to set flood limits for a Group. To set the flood limit for a Group
1. Enter the following at the system prompt follow these steps:
flc <groupNumber>
where <groupNumber> is the number of the group for which you are setting the flood
limit. For example, to set the flood limit on Group 2 you would specify:
flc 2
As a variation of this command, you can enter the dbrmap command without specifying a
group. This will display mapping information for all groups on this switch.
The following prompt displays:
Enter flood limit override value (bytes/second) for Group 2 (192000):
2. Enter the flood limit for this Group and press <Return>.
♦ Note ♦
A value of negative one (-1) disables flood limits for the
Group.
When new ports are added to a group, they will use the flood limit specified through flc. If a
value has not been specified through flc for this Group, then the default port value (192000)
is used.
♦ Note ♦
Flood limits set through modvp (set on a per-port basis)
override the flood limit set through flc.
Page 17-21
Setting Flood Limits
Displaying Group Flood Limits
The fls command allows you to view the current flood limits set for groups. The limits are set
using the flc command. To display flood limits for all Groups, enter
fls <groupNumber>
where <groupNumber> is the number of the group for which you are viewing the flood limit.
For example, to set the flood limit on Group 2 you would specify:
flc 2
A message similar to following is shown:
Flood Limit Override for Group 2(Group Name 1) is 190000 bytes per second.
A value will only be displayed for a Group on which flc has been used to set a flood limit.
As a variation of this command, you can enter fls at the system prompt without specifying a
group number. This will return flood limit information for each group configured for this
switch.
Page 17-22
Configuring Spanning Tree
Configuring Spanning Tree
Spanning Tree is an algorithm developed to help prevent the occurrence of broadcast storms
in a network. A packet can be broadcast multiple times in a network if the network is physically configured with loops.
If packets are broadcast to all ports (or flooded) in an attempt to deliver the data, networks
with physical loops will rebroadcast packets repeatedly and cause a network to become
severely congested. This congestion will adversely affect network performance.
Spanning Tree prevents broadcast storms by establishing a loop-free topology throughout the
network. This is done by blocking ports in the physical topology that could result in flooded
traffic being looped.
Both the IEEE and IBM versions of spanning tree are supported in the OmniSwitch/Router.
The IBM Spanning Tree protocol is only supported by IBM Token Ring environments that
make use of functional addresses for the transmission of Bridge Protocol Data Units (BPDUs).
The following are the primary differences between the IEEE 802.1d and IBM Spanning Tree
algorithms:
• The Hello BPDU in IBM Spanning Tree is sent to the bridge functional address,
X’C00000000100’. In the IEEE 802.1d Spanning Tree, it is sent to the Group address
X’800143000000’.
• The Port ID in IBM Spanning Tree consists of a ring identifier and a bridge number. In
802.1d, it consists of a port priority and port number.
• IBM Spanning Tree has no learning process. Therefore, a port can be in one of three
states—blocking, listening, or forwarding.
• IBM Spanning Tree does not support the Topology Change Notification (TCN) protocol.
• When you enable IBM Spanning Tree, the switch automatically sets defaults for the maximum age, forward delay, and hello time. In the interests of screen consistency, it is possible to change these defaults with the UI. In IBM Spanning Tree specification, these values
are fixed, and should remain at the set defaults.
• When you enable IBM Spanning Tree, some additional defaults are set:
– All virtual ports attached to the group with a physical port speed of 4 or 16
Mb are set to use Functional Addresses rather than Group Addresses.
– All virtual ports attached to the group with a physical port speed that is not
4 or 16 Mb are set to manual forwarding.
– As other virtual ports are attached to the group, the above two rules are
applied.
Virtual ports in a manual forwarding state do not participate in either the IEEE or IBM
versions of spanning tree. Any IEEE Spanning Tree frame received on a port in a manual
forwarding state is forwarded to all other virtual ports in the same group also in a manual
forwarding state. This is done to prevent loops from occurring in the network topology
that could arise from applying the second default condition automatically.
Page 17-23
Configuring Spanning Tree
• IBM SRT bridges send an IEEE-style STE RIF over Token Ring networks. The Omni
Switch/Router does not support this frame, and any frame of this type received by the
switch is discarded.
• The OmniSwitch/Router does not support using the same Functional Address (FA) for both
data and spanning tree frames. The FA for IBM Spanning Tree is programmed into the
MPX CAM, and all data frames with this FA are claimed by the MPX. Therefore, any data
with the same FA as the IBM Spanning Tree FA will not be able to pass through the
switch. There are two workarounds for this situation:
– If you are not using IBM Spanning Tree and you want to prevent the specific
FA from being programmed into the MPX CAM, then enter the command
faBpGrpDisable into the mpx.cmd file, before the cmInIt command, with a
value of 1.
– If you are using IBM Spanning Tree and need the FA (0300 0000 0800), and
you are using all Alcatel equipment (or other third party switch that allows
you to change the IBM Spanning Tree FA), you can enter the command
faBpGrpOverride into the mpx.cmd file with a new value for the lower 32-bit
part of the address (0000 0800).
♦ Note ♦
If you change a group to IBM Spanning Tree, all nonToken Ring ports are put into manual forwarding state.
Messages are displayed indicating these port state
changes; in addition, SNMP traps are sent to indicate
these changes. (Manual forwarding state is where the
port is put into forwarding state and the Spanning Tree
algorithm is disabled.) Token Ring ports will be set to
use functional addresses.
The following sections provide specific information on using the spanning tree commands.
Page 17-24
Configuring Spanning Tree
Configuring Spanning Tree Parameters
The stc command allows you to configure parameters for the spanning tree, and enable or
disable the Fast Spanning Tree feature for a VLAN. To configure these parameters:
1. Enter the stc command as follows:
stc <groupNumber>
where <groupNumber> is the number of the group in the switch for which you are configuring spanning tree. For example, to configure spanning tree for Group 2, you would
enter:
stc 2
2. The system shows you the current values and allows you to change them through a series
of prompts, the first of which is shown below:
Spanning Tree Parameters for Group 2 (New GROUP (#2))
Spanning Tree is OFF for this Group, set to ON ?
(y/n) :
Enter y to enable spanning tree or n to leave it disabled and press <return>. This field
allows you to toggle spanning tree On or OFF by typing the appropriate response.
Answering Yes (y) selects the option opposite the currently selected option.
♦ Important Note ♦
Remember to read the prompt carefully before
responding. If spanning tree has already been activated for this group, this prompt will ask you if you
would like to turn it off.
3. The following prompt is displayed asking whether you would like to use IEEE or IBM
Spanning Tree:
IEEE spanning tree for this Group, set to IBM ?
(y/n) :
Enter n to use IEEE Spanning Tree, or y to use IBM Spanning Tree, and press <return>.
Select either the IEEE 802.1d Spanning Tree or IBM Spanning Tree. Answering Yes (y)
changes the spanning tree type to the type not currently in use for this Group. The system
automatically sets defaults for later stc prompts, such as Bridge Hello Time and Bridge Max
Age, based on the spanning tree type you select here.
♦ Important Note ♦
Remember to read the prompt carefully before
responding. If IEEE Spanning Tree is what you would
like to use, the correct response to this prompt is no. A
yes response changes it to IBM Spanning Tree.
Page 17-25
Configuring Spanning Tree
4. The following prompt is displayed asking whether you would like to use the Fast
Spanning Tree feature:
Fast Spanning Tree is OFF for this Group, set to ON?
(y/n) :
Enter n to leave Fast Spanning Tree disabled, or y to enable Fast Spanning Tree, and press
<return>. Answering Yes (y) changes the setting of Fast Spanning Tree to the status not
currently in use for this Group.
♦ Important Note ♦
Read the prompt carefully before responding. If Fast
Spanning Tree is what you would like to use, the
correct response to this prompt is yes. A no response
leaves the Fast Spanning Tree feature disabled.
5. The following prompt is shown allowing you to set the priority:
New Priority (0..65535)
(current value is 32768[0x8000]) :
Enter the Priority value as a number between 0 and 65535, or press <return> to accept the
default listed in parenthesis. A value of 0 is the highest priority. Bridge priority is utilized
by the spanning tree algorithm to decide which bridge will be the root bridge. You can
set the bridge priority by entering a decimal number from 0 to 65,535. 0 is the highest
priority.
♦ Note ♦
To make sure that the proper negotiation occurs for the
switch to become the Spanning Tree root bridge,
always set the priority for the switch accordingly. Do
not rely on MAC addresses to determine which switch
becomes the root bridge.
6. The following prompt is displayed allowing you to set the Bridge Hello Time:
New Bridge Hello Time (1..10 secs)
(current value is 2) :
Enter the Bridge Hello Time as a number between 1 and 10, or press <return> to accept the
default listed in parenthesis. The amount of time between the transmission of Configuration Bridge Protocol Data Units (BPDUs) on any designated port. Enter a value between 1
and 10 seconds. Shortening the time will make the protocol more robust, while lengthening the time lowers the overhead of the algorithm as the interval between transmission of
configuration messages is larger.
7. The following prompt is displayed allowing you to set the Bridge Maximum Age:
New Bridge Max Age (6..40 secs)
(current value is 6) :
Enter the Bridge Max Age Time as a number between 6 and 40, or press <return> to accept
the default listed in parenthesis. The maximum age of Spanning Tree Protocol information learned from the network on any port before it is discarded, in seconds. Enter a value
between 6 and 40 seconds. A smaller value causes Spanning Tree to reconfigure more
often.
Page 17-26
Configuring Spanning Tree
8. The following prompt is displayed allowing you to set the Bridge Forward Delay:
New Bridge Forward Delay (4..30 secs)
(current value is 4) :
Enter the Forward Delay Time as a number between 4 and 30, or press <return> to accept
the default listed in parenthesis. This time value controls how fast a port changes its
spanning state when moving toward the Forwarding state. The value determines how
long the port stays in each of the Listening and Learning states, which precede the
Forwarding state. This value is also used when a topology change has been detected and
is underway to age out all dynamic entries in the Forwarding Database. Enter a value
between 4 and 30 seconds. A value that is too small can cause temporary loops in the
network due to data being forwarded before the reconfiguration message has reached all
nodes on the network.
9. The following prompt is displayed allowing you to set the Ageing Time:
Ageing Time (10..1000000 sec)
(current value is
300) :
Enter the Ageing Time as a number between 10 and 1000000, or press <return> to accept
the default listed in parenthesis. The timeout period in seconds for aging out dynamically
learned forwarding information. Enter a new Ageing Time between 10 and 1000000
seconds.
10. The following prompt is displayed allowing you to set the Auto-Tracker VLAN Ageing
Time:
Auto-Tracker VLAN Ageing Time (10..1000000 sec) (current value is
1200) :
Enter the Auto-Tracker VLAN Ageing TIme as a number between 10 and 1000000, or press
<return> to accept the default listed in parenthesis. The length of time in seconds to
remember which VLAN a port belonged to even after the port has been aged out of the
Bridge Filtering Database. The MAC and port information are preserved for the set length
of time. In the case of IPX it should be set to greater than the server Keep Alive Timer in
order to prevent the server from losing communication with the station. The default is
1200 seconds.
11. The final prompt is displayed asking you if you would like to save the new parameters:
Save the new Spanning Tree Bridge parameters ? y/n :
Enter y to save the parameters, or n to discard them. If you chose to save the parameters,
a confirmation message similar to the following is shown:
Port 5/1 set to Forwarding!
Port 5/2 set to Forwarding!
Port 5/3 set to Forwarding!
As a variation of this command you can enter the stc command without specifying a
group. This will allow you to set up spanning tree for the previously selected group. For
information on selecting a group see Selecting a Default Group on page 17-7.
Page 17-27
Configuring Spanning Tree
Display Spanning Tree Bridge Parameters
The sts command allows you to display spanning tree bridge parameters. To display
spanning tree parameters, enter the sts command as shown:
sts <groupNumber>
where <groupNumber> is the number of the group in the switch for which you want to view
spanning tree bridge parameters. For example, to view parameters for Group 2, you would
enter:
sts 2
A screen similar to the following is displayed:
Spanning Tree Parameters for Group 2 (New GROUP (#2))
Spanning Tree Status
:
ON
Fast Spanning Tree Status:
OFF
Bridge Protocol Use
:
IEE E 802.1D
Priority
:
32768 (0x8000)
Bridge ID
: 8000-0020DA:022860
Designated Root
: 8000-0020DA:022860
Cost to Root Bridge
:
0
Root Port
:
None
Next Best Root Cost
:
0
Next Best Root Port
:
None
Hold Time
:
1
Topology Changes
:
1
Last Topology Change
:
1 hours, 25 minutes, 54 seconds ago
Bridge Aging Timer
:
300
Current Parameters
--------------------------------------------------------Max Age
20 secs
Forward Delay
15 sec
Hello Time
2 secs
Parameters system uses when
attempt to become root
----------------------------------------------------System Max Age
20 secs
System Forward Delay
15 secs
System Hello Time
2 secs
As a variation of this command, you can enter sts at the system prompt without specifying a
group. This will display bridge parameters for the currently selected group. For information
on selecting a group, see Selecting a Default Group on page 17-7.
Field Descriptions
The following sections describe the fields displayed using the sts command.
Spanning Tree Status.
Spanning tree is either ON or OFF.
Fast Spanning Tree Status.
Fast spanning tree is either ON or OFF.
The bridge spanning tree protocol is set up through the stc command.
This protocol can be IEEE 802.1D or IBM Spanning Tree. The type of spanning tree protocol
used will affect other bridge parameters, such as Maximum Age, Forwarding Delay, and Hello
Time. See Configuring Spanning Tree Parameters on page 17-25 for more information on the
differences between IEEE and IBM Spanning Tree.
Bridge Protocol Used.
Priority. Bridge priority is utilized by the spanning tree algorithm to decide which bridge will
be the root bridge. You can set the bridge priority by entering a decimal number from 0 to
65,535. Zero is the highest priority.
Bridge ID. The bridge identification number
Priority with its six-byte MAC address.
Page 17-28
is a number created by concatenating the bridge
Configuring Spanning Tree
Designated Root. The bridge identifier of the root of the spanning tree as determined by the
spanning tree protocol. It is created by concatenating the root bridge Priority with its six-byte
MAC address.
Cost to Root Bridge. The cost of the path to the root bridge as seen from this bridge. Cost
represents the distance of the group from the root bridge, in number of hops. If this is the
root bridge, this number is 0.
The slot number, port number, and service type of the root port. The root port is
the bridge’s preferred path to the root bridge.
Root Port.
The next-best available cost of the path to the root bridge as seen from
this bridge. Cost represents the distance of the group from the root bridge, in number of
hops. If this is the root bridge, this number is 0.
Next Best Root Cost.
The next-best available root port (slot number, port number, and service
type). The root port is the bridge’s preferred path to the root bridge.
Next Best Root Port.
This time value determines the interval length during which no more than two
Configuration Bridge BPDUs shall be transmitted, in seconds.
Hold Time.
The total number of topology changes detected by this bridge since the
management entity was last reset or initialized. Topology changes happen when spanning
tree reconfigures to prevent logical loops from occurring.
Topology Changes.
Last Topology Change.
The time since the last time a topology change was detected by the
bridge entity.
Bridge Aging Timer. The timeout period in seconds for aging out dynamically learned
forwarding information.
The maximum age (in seconds) of spanning tree protocol information learned from
the network on any port before it is discarded.
Max Age.
This time value (in seconds) controls how fast a port changes its spanning tree
state when moving toward the Forwarding state. The value determines how long the port
stays in each of the Listening and Learning states, which precede the Forwarding state. This
value is also used when a topology change has been detected and is underway to age out all
dynamic entries in the Forwarding Database.
Forward Delay.
The amount of time (in seconds) between the transmission of Configuration Bridge
Protocol Data Units (BPDUs) on any port when it is the root of the spanning tree, or trying to
become so.
Hello Time.
Page 17-29
Configuring Spanning Tree
Configuring Spanning Tree Port Parameters
The stpc commands allows you to configure port parameters (as opposed to bridge parameters) for spanning tree. To configure port parameters
1. Enter the stpc command as shown:
stpc <groupNumber>
where <groupNumber> is the number of the group in the switch for which you want to
configure spanning tree port parameters. For example, to configure parameters for Group
1, you would enter:
stpc 1
As a variation of this command, you can enter the stpc command without specifying a
group. This will allow you to configure the port parameters on the currently selected
group. For information on how to select a group, see Selecting a Default Group on page
17-7.
A screen similar to the following is displayed:
Spanning Tree Port Configuration for Group 1 (Default GROUP (#1))
Index Slot/Intf/Service/Inst
-------- -----------------------------1
2/ 1/
Brg/ 1
2
2/ 2/
Brg/ 1
3
3/ 1/
Brg/ 1
4
3/ 2/
Brg/ 1
5
3/ 3/
Brg/ 1
6
3/ 4/
Brg/ 1
7
3/ 5/
Brg/ 1
8
3/ 6/
Brg/ 1
9
3/ 7/
Brg/ 1
10
3/ 8/
Brg/ 1
11
3/ 9/
Brg/ 1
12
3/ 10/
Brg/ 1
13
3/ 11/
Brg/ 1
14
3/ 12/
Brg/ 1
15
3/ 13/
Brg/ 1
16
3/ 14/
Brg/ 1
save|cancel|next|prev :
Port
Priority
(a)
----------128
128
128
128
128
128
128
128
128
128
128
128
128
128
128
128
Path
Cost
(b)
------10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
10
Enable
tx
Spanning Tree FA
(c)
(d)
--------------------- ---y
NA
y
NA
y
NA
y
NA
y
NA
y
NA
y
NA
y
NA
y
NA
y
NA
y
NA
y
NA
y
NA
y
NA
y
NA
y
NA
Manual
Mode
(e)
----------n
n
n
n
n
n
n
n
n
n
n
n
n
n
n
n
2. To modify a parameter, enter the index (row) number, column letter (a, b, c, d, or e), an
equal sign (=), and then the new parameter, as follows.
<index><column>=<new parameter>
For example, if you wanted to enable transmit Functional Address (tx FA in column d) for
the slot identified by index 10, then you would enter:
10d=y
Page 17-30
Configuring Spanning Tree
Field Descriptions
The following section explains the fields displayed by the stpc command.
Index
A number assigned as an identifier for the port.
Slot/Intf/Service/Inst
The slot number (Slot), interface (port) number (Intf), type of service (Service), and service
instance (Inst). For example, a bridge service on port 1 of slot 3 would be:
3/1/Brg/1
Services provide connection options for switches in a LAN, between LANs, or in a WAN.
Other possible services include trunking, routing, and LANE. It is possible to have more than
one instance of a service if there are more than one connections on a single port.
Port Priority
The value of the priority field contained in the first (in network byte order) octet of the (2
octet long) Port ID. This value allows you to specify a particular port as more favorable if the
bridge has more than one port connected in a loop.
Path Cost
The contribution of this port to the path cost towards the spanning tree root bridge that
includes this port. 802.1D-1990 recommends that the default value of this parameter be in
inverse proportion to the speed of the attached LAN. Path cost is a measure of the distance of
the listed port from the root bridge, in number of hops.
Enable Spanning Tree
Whether or not spanning tree is enabled, either y or n.
tx FA
Transmit Functional Address. Values are:
NA
Function Addresses are not applicable because this port is not using
spanning tree.
y
Transmit Functional Address instead of normal Spanning Tree Multicast
Address.
n
Transmit normal Spanning Tree Multicast Address. This is the default
setting.
Page 17-31
Configuring Spanning Tree
Manual Mode
Allows you to manually set the state for each port (forwarding or blocking) or defer the port’s
state configuration to the spanning tree protocol, which will either be IEEE 802.1d or IBM.
This column is especially helpful if you are using the IBM Spanning Tree protocol with nonToken Ring (e.g., FDDI or Ethernet) ports that do not support this IBM Spanning Tree. In this
situation you can manually set those ports to a forwarding (or blocking) state since the IBM
Spanning Tree protocol will not be able to control these ports. The possible settings for this
column are:
f
The port is in forwarding state and remains so unless you change it.
b
The port is in blocking state and remains so unless you change it.
n
The state of the port is determined by the IEEE 802.1d Spanning Tree
protocol. This option is not recommended because it means this Group
will have a hybrid spanning tree algorithm that mixes the IEEE 802.1d
and IBM Spanning Tree.
Displaying Spanning Tree Port Parameters
The stps command allows you to view the current spanning tree port parameters. To view the
port parameters, enter the stps command as shown:
stps <groupNumber>
where <groupNumber> is the number of the group in the switch for which you want to view
spanning tree port parameters. For example, to view parameters for Group 1, you would
enter:
stps 1
A screen similar to the following is shown:
Spanning Tree Port Summary for Group 1 (Default GROUP (#1))
Slot
Intf
----3/1
Service
Inst
---------Brg/ 1
Pri
----128
State
----------FORWD
MAC
----------C473C4
Path Desig
Cost Cost
------ ------10
10
Des
Pt
-----No
Rt
Pt
-----Yes
Swt
Pt
-----No
Fw
Tx
---0
Root Bridge ID
Desig BridgeID
-------------------------------0010-0020DA:81D5B0
8000-0020DA:0C41E1
As a variation to this command, you can enter stps at the system prompt without specifying a
group number. This will allow you to view the port parameters on the currently selected
group. For information on how to select a group, see Selecting a Default Group on page 17-7.
Page 17-32
Configuring Spanning Tree
Field Descriptions
The following section explains the fields displayed by the stps command.
Slot/Intf.
The slot and interface (port) number of the port.
Service/Inst.
Pri.
The service type and instance of the service connected to the port.
The value (from 0 to 256) of the priority of the port, 0 being the highest priority.
State. The port's current state as defined by application of the spanning tree protocol. This
state controls what action a port takes on reception of a frame. The State values are:
Disabled
This port has been disabled.
Blocking
This port is not participating in transmitting data to prevent loops.
Listening
This port is preparing to transmit data, but is temporarily disabled to
prevent loops.
Learning
This port is preparing to transmit data, but is temporarily disabled to
prevent loops. This is different from Listening in that the port is acquiring data to facilitate data transmission.
Forwarding
This port is transmitting data.
Some of these values are not available if you are using IBM Spanning Tree. For information
on the differences between IEEE and IBM Spanning Tree, see Configuring Spanning Tree
Parameters on page 17-25.
Path Cost. The contribution of this port to the path cost towards the spanning tree root. The
spanning tree root will include this port.
The path cost to the designated port of the segment connected to this port. If this
is the root bridge this value is 0.
Desig Cost.
Des Port.
The unique port identifier of the bridge port believed to be the designated port for
the LAN associated with the port.
Rt Pt. This field indicates if this port is the root port. The root port is the port that offers the
lowest cost path to the root bridge.
Swt Pt. This field indicates if this port is in Optimized Switch Mode. Optimized Switch Mode is
appropriate for dedicated connections to a single workstation or server. For more information, see Chapter 19, “Managing Groups and Ports.”
The number of times this port has changed from the Learning state to the
Forwarding state.
FWD Transition.
Root Bridge ID.
The bridge identification number of the root bridge.
Desig Bridge ID.
The unique bridge identifier of the designated bridge for this port (LAN).
Page 17-33
Configuring Fast Spanning Tree
Configuring Fast Spanning Tree
The Fast Spanning Tree (Rapid Reconfiguration) feature is designed to help provide an
802.1D standards-based method of quick recovery in the event of link, port and device
failures in an Ethernet local area network. By automatically identifying and utilizing
alternative secondary links, Fast Spanning Tree can rapidly converge backup connections
between network devices within as little as 1 second. In addition, new Spanning Tree
information can be processed faster.
If packets are broadcast to all ports (or flooded) in an attempt to deliver the data, networks
with physical loops will rebroadcast packets repeatedly and cause a network to become
severely congested. This congestion will adversely affect network performance.
While Spanning Tree prevents broadcast storms by blocking ports in the physical topology
that could result in flooded traffic being looped, Fast Spanning Tree minimizes downtime by
bringing these blocked secondary links into Forwarding mode as quickly as possible. If the
Root Port is lost, an Alternate Port on the Bridge can be made the new Root Port, and placed
into a Forwarding state immediately. The prior Root Port switches to a Listening state if it
becomes a Designated Port; otherwise, it enters a Blocking state.
Similarly, any Designated Port on the Bridge can be made the new Root Port, and placed into
a Forwarding state immediately. In this event, the existing (prior) Root Port changes to a
Designated Port role, without a corresponding gain or loss of connectivity. A Backup Port can
also be made the new Root Port and placed into Forwarding mode, resulting in the
Designated Port assuming a Listening state.
The following diagram illustrates how a typical network connection can fail, such as the A-C
Link shown below. Rapid Reconfiguration brings a blocked link - such as the B-C Link - into
Forwarding state, helping achieve quick recovery from failure of networked devices.
Bridge C
Bridge C
Bridge B
Bridge A
(Root Bridge) (Backup Root 1)
Root Port =
Spanning Tree Link =
Redundant Link =
Designated Bridge for Link =
Bridge A
Bridge B
A-C Link that will Fail =
B-C becomes Root Port for C
Recovering from Linked Device Failure with Fast Spanning Tree
Page 17-34
Configuring Fast Spanning Tree
Truncating Tree Timing & Speedy Tree Protocol
Two additional enhancements are also included with the Fast Spanning Tree feature for
improved performance: Truncating Tree Timing and Speedy Tree Protocol.
Truncating Tree Timing
Truncating Tree Timing allows Designated Ports attached to Point-to-Point links to change to
Forwarding mode faster, by utilizing two extra bits in the Configuration BPDU for
communication between neighboring bridges. This enhancement promotes quicker
restoration of service between communicating stations and reduced flooding of traffic during
relearning of station location information.
Speedy Tree Protocol
Speedy Tree Protocol significantly improves reconfiguration performance by allowing inferior
information sent by the designated bridge for each LAN to be accepted, rather than timed out.
Additionally, information previously received expires immediately on link failure. In both
cases, spanning tree recomputation occurs, which can cause changes in both root and
designated ports.
Configuring Truncating Tree Timing & Speedy Tree Protocol
Both Truncating Tree Timing and Speedy Tree Protocol are enabled by default. These features
are configured by editing the following lines in the command file (mpx.cmd):
truncatingSt=1
speedySt=1
To disable the Truncating Tree Timing feature, change the numeric entry for truncatingSt from
1 to 0. (To re-enable the feature, change the numeric entry back to 1.)
To disable the Speedy Tree Protocol feature, change the numeric entry for speedySt from 1 to
(To re-enable the feature, change the numeric entry back to 1.)
0.
♦ Important Note ♦
Do not attempt to edit the command file (mpx.cmd)
unless you have had significant experience working
with files of this type. For additional information, see
Editing Text Files in Chapter 7, “Managing Files.”
Page 17-35
Configuring Fast Spanning Tree
Displaying Fast Spanning Tree Port Parameters
The fstps command allows you to view the current Fast Spanning Tree port parameters on a
selected group or VLAN. To view the port parameters, enter the fstps command as shown:
fstps <groupNumber>
where <groupNumber> is the number of the group in the switch for which you want to view
Fast Spanning Tree port parameters. For example, to view parameters for Group 1, enter:
fstps 1
If Fast Spanning Tree is not enabled (default), a screen similar to the following will appear:
Fast Spanning Tree not enabled for Group 1 (Default GROUP (#1))
Primary Port
Slot Service
Slot Service
Intf
Inst State Role Fwrds Frwdr FrgetRPs PPs Link Ups Intf
Inst
----- --------------------------------------------------- ------ ------ ---- ----------- ------------8/3 Brg/ 1 FORWD ROOT 0
0
0
0
0
2
As a variation on this command, you can enter fstps at the system prompt without specifying
a group number. This will allow you to view the port parameters on the currently selected
group. For information on how to select a group, see Selecting a Default Group on page 17-7.
The fields displayed by the fstps command include.
Slot/Intf.
The slot and interface (port) number of the port.
Service/Inst.
The service type and instance of the service connected to the port.
State. The port's current state as defined by application of the fast spanning tree protocol.
This state controls what action a port takes on reception of a frame. The State values include:
Page 17-36
DSABL
Disabled - The port has been disabled.
BLOCK
Blocking - The port is not participating in transmitting data in order to
prevent loops.
LISTN
Listening - The port is preparing to transmit data, but is temporarily
disabled in order to prevent loops. BPDU processing does occur, but no
user data is being passed.
LEARN
Learning - The port is preparing to transmit data, adding source MAC
addresses to the bridging table, but incoming data frames are dropped.
FORWD
Forwarding - The port is transmitting data. This state applies to Root
Ports and Designated Ports.
FRWDS
Forwards - The port is transmitting data. This state applies to Designated
Ports, and monitors old root ports for a period equivalent to two times
the Forward Delay Timer default time period (default = 15 seconds).
FRWDR
Forwarder - The port is transmitting data. This state applies to
Designated Ports, and monitors old root ports for a period equivalent to
the Forward Delay Timer default time period (default = 15 seconds).
FRGET
Forgetting - The port is discarding frames, and is not learning source
addresses. This state applies to prior Designated Ports that are placed
into an Alternate Role. Forgetting State minimizes potential denial of
service due to information races during extensive reconfigurations.
Configuring Fast Spanning Tree
Role. The port’s current
Role values include:
role as defined by application of the fast spanning tree protocol. The
DISABLED
The port has been disabled.
ROOT
The Root Port on a Bridge has the best path to the Root Bridge, and
connects the Bridge to the Root Bridge.
DESIGNATED The
Designated Port on a Bridge provides an attached LAN the best path
to the Root Bridge, and connects the LAN through the Bridge to the Root
Bridge, forwarding frames between them. (A Designated Port can be in a
Listening, Learning, Forwards, Forwarder, or Forwarding state.)
ALTERNATE
The Alternate Port is connected to a LAN with another bridge
functioning as the Designated Bridge. (An Alternate Port may be in either
a Forgetting state or a Blocking state.)
BACKUP
The Backup Port is connected to a LAN with another port on the same
Bridge functioning as the Designated Port. (Backup Ports are always in a
Blocking state.)
Frwds.
This counter records each instance when the port is in the Forwards state.
Frwdr.
This counter records each instance when the port is in the Forwarder state.
Frget.
This counter records each instance when the port is in the Forgetting state.
RPs. This
PPs.
counter records each instance when the Root Port is retired.
This counter records each instance when the Primary Port is retired.
Link Ups.
This counter records each instance when the port is linked up.
Primary Port Slot Intf.
The slot and interface (port) number of the Primary Port.
Primary Port Service Inst.
The service type and instance of the service connected to the
Primary Port.
Page 17-37
Configuring Fast Spanning Tree
Enabling Fast Spanning Tree Port Parameters
The actfstps command allows you to activate Fast Spanning Tree port parameters on a
selected group or VLAN. To enable Fast Spanning Tree, enter the actstps command as shown:
actfstps <groupNumber>
where <groupNumber> is the number of the group in the switch for which you want to view
Fast Spanning Tree port parameters. For example, to view parameters for Group 1, enter:
actfstps 1
If Fast Spanning Tree is not enabled (default), a screen similar to the following will appear:
Fast Spanning Tree disabled for Group 1 (Default GROUP (#1))
Enable 1/ Disable 2 Fast Spanning Tree/ Return nothing?
To enable the Fast Spanning Tree feature, enter 1 at the prompt. (If you press the Enter key
without typing anything, the setting will not be changed.)
No confirmation message will appear. To view the Fast Spanning Tree Port Summary, enter
the prompt. For details about the Fast Spanning Tree Port Summary, see Displaying
Fast Spanning Tree Port Parameters on page 17-36.
fstps at
♦ Important Notes ♦
To determine whether Fast Spanning Tree is enabled
on a VLAN, enter sts at the prompt.
To enable Fast Spanning Tree on a VLAN, enter stc at
the prompt, then follow the onscreen instructions to
enable it. For more details, see Configuring Spanning
Tree Parameters on page 17-25.
Page 17-38
Configuring Fast Spanning Tree
Disabling Fast Spanning Tree Port Parameters
The actfstps command allows you to disable Fast Spanning Tree port parameters on a
selected group or VLAN. To disable Fast Spanning Tree, enter the actstps command as shown:
actfstps <groupNumber>
where <groupNumber> is the number of the group in the switch for which you want to view
Fast Spanning Tree port parameters. For example, to view parameters for Group 1, enter:
actfstps 1
If Fast Spanning Tree is enabled, a screen similar to the following will appear:
Fast Spanning Tree Port Summary for Group 1 (Default GROUP (#1))
Enable 1/ Disable 2 Fast Spanning Tree/ Return nothing?
To disable the Fast Spanning Tree feature, enter 2 at the prompt. (If you press the Enter key
without typing anything, the setting will not be changed.)
No confirmation message will appear. To view the Fast Spanning Tree Port Summary, enter
the prompt. For details about the Fast Spanning Tree Port Summary, see Displaying
Fast Spanning Tree Port Parameters on page 17-36.
fstps at
♦ Important Notes ♦
To determine whether Fast Spanning Tree is enabled
on a VLAN, enter sts at the prompt.
To disable Fast Spanning Tree on a VLAN, enter stc at
the prompt, then follow the onscreen instructions to
disable it. For more details, see Configuring Spanning
Tree Parameters on page 17-25.
Page 17-39
Configuring Source Routing
Configuring Source Routing
The srs and src commands allow you to display and configure the source routing parameters
for the selected group.
SAP Filtering
The Service Advertising Protocol (SAP) filter is a method for allowing the user to decide what
type of source routed packets are allowed to be transmitted out of the switch. When the
filters are configured, they examine the DSAP (destination) and SSAP (source) fields in an
outgoing packet, compare them to the filter values to see if they match, and then either
allows or blocks packet transmission.
There are two types of filters that can be configured: a “permit” filter and a “deny” filter. If a
packet matches the value in a deny filter, and the value is not 0, then the packet is discarded.
If a permit filter is configured, and a packet does not match the filter value, then the packet is
discarded. Only two of each type of filter can be configured.
To use this feature, it must first be enabled, then configured. Once a filter is enabled and
configured, it can be viewed as part of the source routing statistics. These procedures are
covered in the following sections:
• For information on enabling the SAP filter see Enabling SAP Filtering on page 17-40.
• For information on configuring SAP filters, see Configuring SAP Filtering on page 17-41.
• For information on viewing SAP filters, see Viewing SAP Filtering on page 17-42.
Enabling SAP Filtering
To use the srsf command to enable SAP filtering, follow the steps below:
1. Enter the srsf command at the system prompt.
2. The following message is displayed:
SAP Filter support is OFF, set it to ON? (n) :
Enter y and press <return>.
3. Another message is displayed confirming the activation of the SAP filtering feature:
SAP Filter Support is now “ON”
Page 17-40
Configuring Source Routing
Disabling SAP filtering
To disable the SAP feature, use the srsf command as shown:
1. Enter the srsf at the system prompt.
2. The following message is displayed:
SAP Filter support is ON, set it to OFF? (n) :
Enter y and press <return>.
3. The following message is displayed:
Remove all SAP Filter values? (n) :
Enter a y to remove the configured filters, or an n to keep configured filters, and press
<return>. See Configuring SAP Filtering on page 17-41 for information on how to set up a
SAP filter.
4. Another message is displayed confirming the deactivation of the SAP filtering feature:
SAP Filter Support is now “OFF”
Configuring SAP Filtering
Once SAP filtering is activated, it is necessary to configure the filter value. This value is
compared to the value of the packets DSAP and SSAP fields. Filters consist of 4 alphanumeric
bits, 2 for the DSAP and 2 for SSAP. After enabling SAP filtering, another column is added to
the src command, and four prompts are added to the ring configuration options.
To configure the filter value:
1. Enter the src command at the system prompt. The following screen is displayed:
Source Routing Parameters for Group 1 (Default GROUP (#1))
1.
2.
3.
4.
5.
6.
7.
Slot
Intf
----2/ 1
3/ 1
3/ 2
3/ 3
3/ 4
3/ 5
3/ 6
Type/
Inst/Srvc
-----------------Brg/ 1/ na
Brg/ 1/ na (V)
Brg/ 1/ na
Brg/ 1/ na
Brg/ 1/ na
Brg/ 1/ na (V)
Brg/ 1/ na (V)
Ring
Number
------------1 (0x001)
2 (0x002)
4 (0x004)
5 (0x005)
3 (0x003)
2 (0x002)
3 (0x003)
Bridge Largest HopCnt Port
Number frame In Out Type
------------ ---------- --- ----- ------10 (0xA)
590
6
6 SRT
10 (0xA)
4472 7
7 SRT
10 (0xA)
4472 7
7 SRT
10 (0xA)
4472 6
6 SRT
10 (0xA)
4472 7
7 SRT
10 (0xA)
4472 7
7 SRT
10 (0xA)
4472 7
7 SRT
Block
ARE
--------n
n
n
n
n
n
n
SAP
Filter
---------
Enter index of the entry to configure (e.g. 1) <RETURN> to exit :
2. Enter the index number (on the far left) for the ring you want to filter.
3. Several prompts for configuring the ring are displayed. Follow the prompts and enter
the values required, or accept the current values if the ring is already configured. The
following prompt is shown:
Output SAP Deny Filter 1
(0000):
Enter the SAP value that the first deny filter should screen. Any packet matching this filter
will be rejected. Excepting the default of 0000 is the same as not having a filter.
Page 17-41
Configuring Source Routing
4. Press <return>. The second deny filter prompt is displayed:
Output SAP Deny Filter 2
(0000):
Enter the SAP value that the first deny filter should screen. Any packet matching this filter
will be rejected. Excepting the default of 0000 is the same as not having a filter.
5. Press <return>. The first permit filter prompt is displayed:
Output SAP Permit Filter 1
(0000):
Enter the SAP value that the first permit filter should screen. Any packet not matching this
filter will be rejected. Excepting the default of 0000 is the same as not having a filter.
6. Press <return>. The second permit filter prompt is displayed:
Output SAP Permit Filter 2
(0000):
Enter the SAP value that the first permit filter should screen. Any packet not matching this
filter will be rejected. Excepting the default of 0000 is the same as not having a filter.
7. Press <return>. A final message asking to save the new configuration is displayed:
Save the new configuration? (y/n) :
Enter a y to save the configuration, or an n to cancel the operation.
Viewing SAP Filtering
To see how many SAP filters are configured for a specific ring, enter the srs command at the
system prompt. A screen similar to the following appears:
Source Routing Parameters for Group 1 (Default GROUP (#1))
1.
2.
3.
4.
5.
6.
7.
Slot
Intf
----2/ 1
3/ 1
3/ 2
3/ 3
3/ 4
3/ 5
3/ 6
Type/
Inst/Srvc
-----------------Brg/ 1/ na
Brg/ 1/ na (V)
Brg/ 1/ na
Brg/ 1/ na
Brg/ 1/ na
Brg/ 1/ na (V)
Brg/ 1/ na (V)
Ring
Number
------------1 (0x001)
2 (0x002)
4 (0x004)
5 (0x005)
3 (0x003)
2 (0x002)
3 (0x003)
Bridge Largest HopCnt Port
Number frame In Out Type
------------ ---------- --- ----- ------10 (0xA)
590
6
6 SRT
10 (0xA)
4472 7
7 SRT
10 (0xA)
4472 7
7 SRT
10 (0xA)
4472 6
6 SRT
10 (0xA)
4472 7
7 SRT
10 (0xA)
4472 7
7 SRT
10 (0xA)
4472 7
7 SRT
Block
ARE
--------n
n
n
n
n
n
n
SAP
Filter
--------1
2
Enter index of the entry to configure (e.g. 1) <RETURN> to exit :
The last column (SAP Filter) lists how many SAP filters are in place for the ring. See Configuring SAP Filtering on page 17-41 for information on configuring the SAP filter.
Page 17-42
Configuring Source Route to Transparent Bridging
Configuring Source Route to Transparent Bridging
In order to provide switching between source-routed token ring networks supporting the IBM
Spanning Tree, and transparently bridged networks (primarily Ethernet supporting 802.1d
Spanning Tree), commands have been provided in the bridging menu to enable Source Route
to Transparent Bridging (SRTB) on a configured group basis.
It is important not to confuse SRTB with source-route transparent (SRT) bridging. SRT bridging is the defined method for bridging on source-routed networks. In SRT bridging, all
bridges run the 802.1d Spanning Tree. SRT bridges have the ability to forward a frame based
on source-routing information if a Routing Information Field (RIF) is present. Frames without
a RIF are bridged transparently. SRT does not provide the ability to switch between a pure
source-routed network and a transparent network.
SRTB allows source-routed token ring networks and transparently bridged networks to exist
in the same group, and supports connectivity between end systems on the token ring
network and the end systems on the transparently bridged network.
The SRTB functions in the following network environments:
• Between token ring and Ethernet networks.
• Between token ring networks and Ethernet LAN emulation (LANE).
• Between token ring LAN emulation and Ethernet networks.
♦ Note ♦
Ethernet networks include 10Mbit, 10/100 MB, and
Gigabit networks.
Page 17-43
Configuring Source Route to Transparent Bridging
Enabling SRTB for a Group
The srtbcfg command allows you to display configured groups and the status of SRTB (either
on or off), and to enable or disable SRTB for a specific group. To display groups and the
status of SRTB:
1. Enter the srtbcfg command at the system prompt, as shown
srtbcfg
A screen similar to the following is displayed:
Group
Group
1: SRTB is OFF
2: SRTB is ON
Default Explorer: STE Ethernet Ring ID: 291(x123)
Group 3: SRTB is ON
Default Explorer: ARE Ethernet Ring ID: 561(x231)
/VLAN SRTB>
2. To enable SRTB for a group, enter the srtbcfg command at the system prompt, as shown:
srtbcfg <groupNumber>
where <groupNumber> is the number of the group for which SRTB is to be enabled. For
example, to enable SRTB for Group 1, you would enter the following:
srtbcfg 1
3. Once you have entered the command, a screen similar to the following is displayed:
Group 1: SRTB is OFF
Would you like to turn on SRTB ? (n) :
Enter y to enable SRTB for this group.
4. Once you have enabled SRTB, the following prompt appears:
Enter Ring ID for Ethernet segment(s) (0 - 0x0)? :
Create a ring ID for the Ethernet segment assigned to this group. This number can be in
decimal or hexadecimal form, but it must be unique. For example, if you have a token
ring segment with a ring ID of 2, then you could not assign the number 2 to an Ethernet
ring ID.
5. Once you have assigned an Ethernet token ID, the following prompt appears:
Send Multicast/unknown frames as STE or ARE ? (STE) :
Choose to employ Spanning Tree Explorer (STE) frames or All Route Explorer (ARE)
frames by entering ste or are. Explorer frames are sent to learn MAC addresses when
there is no record in the RIF table. ARE frames ignore port blocks set up by spanning tree
to avoid loops, while STE frames adhere to the spanning tree configuration. The default is
STE.
Page 17-44
Configuring Source Route to Transparent Bridging
6. Once you have selected the frame type, you are returned to the menu prompt. By reentering the srtbcfg command as you did in step 1, you can now see that SRTB has been activated for group 1, as shown:
Group
Group
Group
1: SRTB is ON
Default Explorer: STE Ethernet Ring ID: 871(x321)
2: SRTB is ON
Default Explorer: STE Ethernet Ring ID: 291(x123)
3: SRTB is ON
Default Explorer: ARE Ethernet Ring ID: 561(x231)
The ring ID and default explorer frame are shown as well.
Disabling SRTB for a Group
To turn SRTB off for a group, enter the srtbcfg command as shown
srtbcfg <groupNumber>
where <groupNumber> is the number of the group for which you want to disable SRTB. For
example, to disable SRTB on Group 3, you would enter:
srtbcfg 3
The following prompt appears:
Group
3: SRTB is ON
Default Explorer: ARE Ethernet Ring ID: 561(x231)
Would you like to turn off SRTB ? (n) :
Enter y to disable SRTB. Once you have done this you are returned to the system prompt. To
view the changes to the group, enter the srtbcfg command to display a screen similar to the
following:
Group
Group
Group
1: SRTB is ON
Default Explorer: STE Ethernet Ring ID: 871(x321)
2: SRTB is ON
Default Explorer: STE Ethernet Ring ID: 291(x123)
3: SRTB is OFF
Page 17-45
Configuring Source Route to Transparent Bridging
Viewing the RIF Table
A Routing Information Field (RIF) is stored for each MAC address learned on a token ring
port. One RIF is stored for each MAC address. The maximum size of each RIF is 32 bytes
(long enough to traverse 15 bridge hops)
Once a RIF is learned for a MAC address, it is maintained until the MAC address is aged out
of the CAM. You can view a list of RIFs using the srtbrif command. To view the RIF table
follow these steps:
1. Enter the srtbrif command at the menu prompt. The following prompt is displayed:
Enter MAC address ([XXYYZZ:AABBCC] or return for none) :
Enter the MAC address for which you want to see the RIF and press <return>, or enter a
<return> without a MAC address to list all RIFs.
2. Once you enter a MAC address (or <return>), the following prompt appears:
Enter Group ID (return for all Group) :
Enter a group ID and press <return>, or enter a <return> without a group ID to list the RIFs
for all groups.
3. Once you enter the group ID (or <return>), a screen similar to the following appears:
Port
---------------4/ 1/Brg/ 1
Group
ID
--------------2
Non-Canonical
MAC Address
----------------------10009E:4B7DE1
CAM
Indx Len
-------- -----010E
6
RIF
------------------------0610:1231:0010:
Field Descriptions
The following section describes the fields shown using the srtbrif command.
Port.
This field lists the slot, port number, service type, and instance number for where the
RIF was learned for this MAC address.
Group ID.
The group number with which this RIF is associated.
Non-Canonical MAC Address.
The MAC address for this RIF. It is shown in non-canonical form.
CAM Indx. The index number in the Content-Addressable Memory (CAM), where the MAC
addresses are stored, in hexadecimal form.
Len.
The length of the RIF packet, in bytes.
RIF.
The RIF address for this MAC address.
Page 17-46
Configuring Source Route to Transparent Bridging
Clearing the RIF Table
If there is a topology change in your network, you most likely will need to clear one or more
RIFs from the table so that SRTB can relearn them. You can clear specific entries for MAC
addresses in the RIF table, or flush the entire table with the srtbclrrif command. To clear an
entry in the RIF table:
1. Enter the srtbclrrif command at the system prompt. The following prompt appears:
Enter MAC address ([000000:000036] or return for none) :
Enter the MAC address for the RIF entry you wish to clear in canonical or non-canonical
form, and press <return>. If you enter <return> without a MAC address, you will flush the
entire table of RIF entries.
2. Once you have entered the MAC address, the following prompt appears:
Is this MAC in Canonical or Non-Canonical (C or N) [N] :
If you entered the MAC address in canonical form, enter a c. If you entered the MAC
address in non-canonical form, enter an n. If you respond incorrectly, the RIF entry will
not be deleted.
3. Once you entered the distinction of canonical or non-canonical, the following prompt
appears to verify the deletion on the RIF entry:
RIF clear successfully!
Page 17-47
Configuring Source Route to Transparent Bridging
Page 17-48
18
Configuring
Frame Translations
Any-to-Any Switching
Because the Omni Switch/Router is a LAN switch that carries frames from multiple media
types on its backplane fabric, it offers the facility to switch frames from any media to any
other media. For example, an Ethernet frame onto a Token Ring. This feature is referred to as
Any to Any Switching.
Normally, the only way for data to get from one media type to another is via routing. Routing
removes the media specific headers of a received frame and prepends the new media specific
aspects of the destination port before the frame is retransmitted on the new media. In this
process the frame itself is not transmitted from one media to another, only the information
within it. This process involves heavy computation, requiring table lookups to guide the
header deletion/creation and additional router-to-router protocols to set up and maintain
these tables.
Routing is not restricted, nor even primarily intended, for moving data between unlike media
but instead seeks to break networks down into a number of smaller networks, each of which
is a broadcast domain. Historically, networks based on different technologies and media naturally form distinct broadcast domains.
The advent of LAN switching has rewritten these rules. Today, the formation of broadcast
domains and the allocation of devices to them is driven by logical requirements such as
Virtual LANs and LAN switches. They seek to break free of topology and network constraints
imposed by mere media differences.
Within this new paradigm there is still a place for routing. The installed base of clients and
servers must communicate by established routing protocols but the broadcast domains
handled by a router need not now consist of a single media.
To support this paradigm a LAN switch must “transform” a frame on one media into a frame
on the other media in such a way that the frame is still acceptable to the routing protocols.
Unfortunately, the requirements for this “transformation” algorithm are specific to the various
protocols that currently exist. There is no single, simple algorithm that will allow the frame to
be switched between media transparently to the higher level protocols and frame formats.
This leads to a fairly complex set of configuration options and limitations on the applicability
of the any to any switching features.
Page 18-1
Any-to-Any Switching
In order to understand why these options and limitations arise and to better understand the
configuration options available, it is advisable to understand as background the theory of
operation of any to any switching. This material is also required if you are trying to determine the applicability of any to any switching to a protocol not described in the reference
material.
♦ Important Notes ♦
In Release 4.4 and later, the Omni Switch/Router is
factory-configured to boot up in CLI (Command Line
Interface) mode, rather than in UI (User Interface)
mode. See Chapter 4, “The User Interface,” for documentation on changing from CLI mode to UI mode.
Beginning with Release 4.4, FDDI is no longer
supported. Beggining with Release 4.5, Token Ring and
ATM are no longer supported.
Page 18-2
Translating the Frame
Translating the Frame
In order to discuss these issues independent of particular media and protocols, consider that
every frame, of any protocol, on any media, consists of the following parts.
MAC Header
RIF
Encapsulation
Network Header
Data
The Essential Parts of Frame
MAC Header
Consists of a source and destination address specifying the transmitting station in the broadcast domain and the intended recipient(s), as well as other media specific fields. For example, AC and FC fields in Token Ring, FC in FDDI, etc.
RIF (Router Information Field)
If present, it is defined by the source routing standard and is only found on Token Ring and
FDDI media.
Encapsulation
Defined by the various standards for the media, many of which reference common standards.
For example, on Ethernet media, as defined by Ethernet II, this is a 16 bit type field. On
Ethernet media, as defined by the IEEE 802.3 committee, this is a length field together with
any encapsulation defined by the IEEE 802.2 Logical Link Control (LLC) committee. On Token
Ring and FDDI, it is any encapsulation defined by the IEEE 802.2 LLC committee.
Network Header
Defined by the organization responsible for the particular routing protocol whose data is
being carried within the frame. The values of fields defined in the Encapsulation area allow
the recipient to identify which protocol standard to use to decode the Network Header part of
the frame.
Data
The payload being carried between the end-stations.
In a routing implementation the first three fields (i.e., MAC header, RIP, and Encapsulation)
are the ones stripped and rebuilt when the frame is forwarded. These are the three areas that
have to be manipulated. The next sections examine each of these frame packet areas further
to see the media and protocol dependencies. We can also examine their interactions.
Page 18-3
The MAC Header
The MAC Header
MAC Header
RIF
Encapsulation
Network Header
Data
The format and values defined for the MAC header are covered in the media standards but
even here a variety of choices which are dictated by the upper layer protocol can be found.
Canonical versus Non-Canonical
The first requirement of the switch transformation is the bit ordering of the address fields. For
Token Ring and FDDI, this is the so called non-canonical ordering or most significant bit
first. For Ethernet, this is canonical or least significant bit first. Thus, when a frame is moved
between these media, the addresses must be bit-swapped.
Abbreviated Addresses
The FDDI and 802.5 Token Ring media allow for the use of small 16 bit addresses or full 48
bit addresses. The Omni Switch/Router only supports 48 bit MAC address LANs thus abbreviated address based protocols cannot be supported.
Functional Addresses and Multicasts
The 802.5 media also have different rules for the formation of multicast addresses or group
addresses. In Ethernet a single bit defines the address as a multicast. In 802.5 a single bit also
indicates a multicast but the remaining bits are structured into so called Functional Address
groups with pre-assigned meanings and functions.
The Omni Switch/Router does not map MCASTs and Functional Addresses; thus protocols
dependent on these features may not be switchable any to any.
Page 18-4
The RIF Field
The RIF Field
MAC Header
RIF
Encapsulation
Network Header
Data
The same source routing standard is supported by FDDI and Token Ring so the RIF fields can
be switched without problems between these media.
Ethernet does not support source routing thus frames with RIF fields cannot be switched onto
these media. However, if you enable “RIF Stripping” you can switch source route frames with
RIFs less than 2 bytes long.
The alternative of stripping fields, remembering them and reinserting them on replies, i.e. to
terminate a source routed connection and act as a proxy to a transparent device is not well
standardized and is difficult to execute and manage.
Source Route Termination by Proxy Not Supported
The Omni Switch/Router will not therefore allow RIF based frames onto Ethernet media
unless RIF Stripping is enabled.
Ethernet frames are allowed onto rings if they support transparent bridging, i.e. the port is
configured as either Transparent or Source Route/Transparent. Otherwise all communication
between SR configured ring ports and transparent Ethernet ports is barred.
Page 18-5
Encapsulation
Encapsulation
MAC Header
RIF
Encapsulation
Network Header
Data
Encapsulation is the biggest problem for implementing a transformation algorithm in support
of any to any switching. All of the media provide a choice of more than one encapsulation
and not all encapsulations are available on all media. Additionally, the methodology of these
encapsulations vary from protocol to protocol.
An ideal protocol would dictate a single encapsulation which would be the same on all
media.
Most protocols make use of more than one encapsulation. For example, IP uses Ethertype
most of the time on Ethernet and SNAP (an instance of an 802.2 LLC) on FDDI and Token
Ring. In this case, there may be clearly established rules for transforming from one encapsulation to another as media are traversed.
Some protocols may allow more than one encapsulation even on a single media type. Some
might use the encapsulation to separate functional parts of the protocols, for example, routing table updating protocols from user data forwarding protocols. Others, like IPX may simply
allow the user to arbitrarily choose them.
Some, most notably IPX, may entangle the notion of encapsulation with the notion of the
network level broadcast domain to create multiple logical networks over a single physical
broadcast domain.
Clearly, then there is no single algorithmic rule by which the any to any transformation function can switch arbitrary protocols. There are two choices available to address this situation.
1. The switch must be configurable, per device, per protocol, per media to select the transformation of encapsulations.
2. The switch performs a single transformation and the user must configure all end-stations
and routers to use this single choice made by the switch.
The Omni Switch/Router uses the first approach for IP and IPX as the dominant protocols in
the market. It uses the second approach for all other protocols.
Protocols other than IP and IPX
For protocols other than IP or IPX three encapsulations are possible on Ethernet media:
• Ethertype
• IEEE 802.2 LLC
• IEEE 802.2 SNAP (This is an instance of an LLC encapsulation defined by the 802.2
committee to support the transformation of Ethertype Ethernet frames to media which
don’t support that encapsulation.)
On Token Ring and FDDI, two encapsulations are permitted by the standards:
• IEEE 802.2 LLC
• IEEE 802.2 SNAP.
Page 18-6
Encapsulation
The SNAP Conversion
The intent of the 802.2 committee is that Ethertype frames are transformed to SNAP on crossing from Ethernet media to 802 media and restored to Ethertype in the reverse direction.
The Omni Switch/Router could follow this rule for all protocols including IP; however, this
would prevent AppleTalk interworking between Ethernet and FDDI. The Omni Switch/Router
explicitly checks for the AppleTalk protocol. If found, the rule is not applied. In addition, the
Omni Switch/Router checks for the Banyan Vines protocol and translates according to the
media type (see Banyan Vines on page 18-13).
As there may be other protocols with this problem, the SNAP-to-Ethertype transformation is
configurable for all protocols other than AppleTalk.
Other Conversions
There are no equivalent algorithmic approaches which the transformation function can adopt
for dealing with protocols which require Ethertype on Ethernet and some form of LLC encapsulation on FDDI and/or Token Ring. The mapping between Ethertype values and LLC values
is arbitrary requiring tables indexed by protocol.
The approach followed in the Omni Switch/Router is therefore to simply pass LLC encodings
between Ethernet, FDDI and Token Ring with no changes other than to insert/strip the length
field required by IEEE 802.3 on Ethernet.
This leaves protocols which require transformations between Ethertype and LLC encapsulations as unswitchable unless the clients and servers can be configured to use SNAP.
Summary of Non-IPX Encapsulation Transformation Rules
To summarize:
• Ethertype/SNAP transformations are configurable for all protocols except AppleTalk and
Banyan Vines. Ethertype frames going to FDDI or Token Ring are translated to SNAP
unconditionally. SNAP frames going to Ethernet are translated to Ethertype or left as SNAP
as per configuration, unless the protocol is AppleTalk in which case they are left as SNAP.
• LLC frames are passed unchanged in value but with the length field required on Ethernet
media stripped/inserted.
Page 18-7
Encapsulation
IPX Encapsulation Transformation Rules
For IPX the encapsulation problems described above are compounded by the introduction of
a fourth encapsulation on Ethernet media. Novell introduced a frame format when the IEEE
802.3 standards committee produced its version of Ethernet which was incompatible with
Ethernet.
Novell places its network header and data within a raw IEEE 802.3 Ethernet frame with no
intervening IEEE 802.2 LLC header. This is in direct contravention of the standards but has
become a de facto standard encapsulation.
Novell refers to this encapsulation types as ETHERNET_802.3. It is also widely known as
Novell Proprietary, Novell Raw, Raw 802.3, etc. Such frames are identifiable only by the fact
that the Novell Network header starts with a two byte field called the checksum, which is
never used and assumes the value 0xFFFF.
Routers, bridges and switches therefore check for the checksum after an 802.3 length field. In
effect, Novell has usurped the value OxFF for the Destination and Source SAP addresses
(DSAP/SSAP) of an LLC header.
Thus on Ethernet media there are four encapsulations for IPX
• Ethertype - value 0x8137
• Novell Proprietary
• LLC - SAP value 0xE0
• SNAP - Protocol Identifier 0x0000008137
On Token Ring and FDDI, the same LLC and SNAP encapsulations are found as on Ethernet
(without the length field.)
This leaves an aggregate of four encapsulations across all media with only two being universal (LLC and SNAP).
Unfortunately, the SNAP conversion rule isn’t applicable and there is no algorithmic determination for the use of particular encapsulations on any media - it’s purely the choice of the
network administrator. Worse, multiple encapsulations can be found on a single media to
create multiple logical networks over a single physical broadcast domain.
The Omni Switch/Router therefore allows configuration of the encapsulation transformations
of IPX frames. Before transmission of a frame occurs the switch determines first the current
encapsulation of the frame. Then, it consults configuration information to determine which of
the permitted encapsulations for the media the frame is to be transmitted on is required.
Thus, the administrator can choose not only a single output option but an option per possible received encapsulation.
For example, over FDDI media, LLC and SNAP are permissible so the administrator might
configure one of the following:
• LLC and SNAP encapsulations received from other FDDI, Token Ring or Ethernet media
are translated to SNAP.
• Ethertype and Proprietary encapsulations from Ethernet are translated to LLC.
Essentially, for each encapsulation, transformation to each of the other three encapsulations is
available, but may simply be left as is. This choice may be further constrained by the output
media type, for example, Ethertype is not a valid option on FDDI or Token Ring.
Page 18-8
The Network Header
The Network Header
MAC Header
RIF
Encapsulation
Network Header
Data
There are essentially two requirements for the any to any switching transformation function to
address the network header fields:
• Network Address to MAC Address Mapping
In every protocol there is a mechanism for mapping global network wide addresses to the
MAC addresses required in the local broadcast domain.
• Frame Size Requirements of the Media
Different media have different minimum and maximum frame sizes leading to the issues
of padding insertion/stripping and fragmentation/reassembly or maximum frame size
negotiation protocols at the network level.
Address Mapping
There are almost as many ways to map a global network level address to a local subnetwork
MAC address as there are routing protocols. These may or may not be affected by any to any
switching.
Some may construct MAC addresses algorithmically, for example, DECNET model. Some may
involve table lookups with an additional protocol to build and maintain these tables, for
example, the IP/ARP model. Others may involve some form of building the network address
around the MAC address as in the IPX model.
In all cases these mechanisms are susceptible, without good design and forethought, to the
problem of canonical versus non-canonical representation of addresses in the network header
area.
Address Mapping in IP: ARP
To map a 32-bit IP network address into the MAC address of a locally connected station a
router uses the Address Resolution Protocol (ARP) to build an ARP Table. The router broadcasts a request containing the IP address in the body of the frame. The station with that IP
address responds with its MAC address in the body of an ARP reply frame. The router inserts
these two addresses in its ARP table and can then use the MAC address received to transmit
any frames addressed to that IP address.
Since a router can have interfaces to Ethernet ports (canonical MAC addresses) and FDDI and
Token Ring (non-canonical MAC addresses), it is crucial that the router keeps track of what
media type it receives on each port.
If IP ARP were defined such that all MAC addresses, when conveyed in the body of an ARP,
were in canonical format, switching would be easy. A router, when taking an address from
the ARP table and using it as the destination MAC address on an Ethernet port would use the
address as is. If sending to FDDI or Token Ring it would bit swap the address to non-canonical format as required by the media.
Page 18-9
The Network Header
Given this model of implementation a station responding with an ARP on Ethernet which was
switched to FDDI would result in the same representation of the MAC address in the ARP
table of the router. The router would then use the bit swapped form in the MAC address of
subsequent frames to the FDDI ring and the switch would bit swap these MAC header
address as it transformed the frame onto Ethernet, resulting in the correct representation to be
received by the original station.
Unfortunately, this model has only been defined in IP for Ethernet and FDDI. Token Ring
stations place MAC addresses into the body of ARP frames in their native, non-canonical
format and routers use addresses from the ARP table as is when sending to Token Ring ports.
To achieve any to any switching with IP it is therefore necessary for the Omni Switch/Router
to be sensitive to ARP frames and to bit swap the MAC addresses in the body of the ARP when
switching a frame between Token Ring and FDDI or Ethernet.
♦ Important Note ♦
Beginning with Release 4.4, FDDI is no longer
supported.
Because IP is well designed, the issue of address mapping being confined to the ARP protocol, this is sufficient to isolate the problem allowing all subsequent IP frames to be switched
any to any.
Address Mapping in IPX
A network address in IPX consists of three parts:
1. Network Number -- a globally unique identifier of a particular broadcast domain.
Strictly, because of the formation of logical networks using encapsulations, this is not
equivalent to a physical broadcast domain but the distinction can be put aside for the
purposes of this particular discussion.
2. Node Address -- the MAC address of a station on that domain.
3. Socket Number -- the task (process) within that station which should process the message.
Just as in IP, routers move a frame along hop by hop on the basis of the network number
portion of the destination address. To do this, IP needs the MAC address of the next hop
router. This address is obtained from the RIP table that is built up from the RIP updates sent
out by all routers. When a router receives a RIP update frame it uses the source node address
in the frame as the MAC address for the next hop router.
Although there is not an explicit ARP like protocol for mapping addresses in IPX, this same
function is achieved by the use of source node addresses in RIP frames.
In IPX, as in IP, the canonical versus non-canonical representation of addresses in ARPs still
applies. In switching, this needs to be considered for the source node address in IPX frames.
In IPX Ethernet and FDDI observe a convention of using MAC addresses in the IPX header in
canonical format. For Token Ring these addresses are non-canonical.
Proprietary Token Ring IPX switching
The Omni Switch/Router offers the facility to modify IPX frames switching between Token
Ring and FDDI or Ethernet. ARP bit swapping for IP is a de facto standard widely implemented in the industry. This is not the case with IPX. The switch must be able to co-exist
with bridges that do not support any to any switching or applications where this feature is not
required. Therefore this feature can be configured on or off.
Page 18-10
Frame Size Requirements
Frame Size Requirements
The frame size requirement for the different media cause two problem areas which have to
be addressed by the any to any switching transformation function.
• Ethernet has a minimum frame size requirement. This requires that padding is inserted on
frames switched to it which are below the minimum size and stripped from frames
switched from it.
• All media have different maximum frame size requirements. This gives rise to the problems of fragmenting large frames and/or negotiating maximum frame sizes.
Insertion of Frame Padding
Ethernet has a minimum frame size of 64 bytes. For frames smaller than 64 bytes it is a simple
task for the Omni Switch/Router to perform padding. Stripping such padding from Ethernet
frames when switching to FDDI or Token Ring is not so easy.
In most implementations of IP that we have tested the presence of padding on FDDI or
Token Ring frames appears not to cause any problems. However, IPX implementations are
adversely affected by its presence. Therefore the Omni Switch/Router takes a conservative
approach for all frames, regardless of protocol type, and strips padding where it can be
detected.
Stripping of Padding for all IEEE 802.3 Frames.
Ethernet frames in IEEE 802.3 format can be stripped of padding because of the presence of
the length field. This includes all LLC and hence SNAP encapsulated protocols as well as
Novell Proprietary format.
No stripping of non-IPX Ethertype Frames
Padding can only be detected for Ethertype encapsulated frames if the protocol is known and
the protocol has some length information which can allow the valid data size to be inferred.
This is protocol specific and is currently only performed for IPX frames. Thus, the Omni
Switch/Router does not strip padding from non-IPX Ethertype encapsulated frames including
IP.
IPX Specific Stripping
For IPX the Omni Switch/Router performs pad stripping for all frame types including Ethertype. This is possible because all IPX frames have a common header that includes the data
length, allowing the frame size to be inferred.
In fact, for IPX, the length in the IPX header is used to strip padding in all frame encapsulations including the 802.3 based formats. This is because many IPX Ethernet implementations
also pad frames to an even byte length. This single byte pad when performed on 802.3 based
frames is included in the 802.3 length field. Thus the generic 802.3 based stripping technique
is not sufficient to strip this odd-byte padding. When performing any to any switching FDDI
implementations of IPX were found to be tolerant of this extra byte whereas Token Ring
implementations would not work with it present. By adopting the single IPX stripping strategy of using the IPX header length these problems are avoided thus the Omni Switch/Router
unconditionally strips all padding from IPX frames.
Also, it does not support odd-byte pad insertion when switching to Ethernet. This was a
feature added to overcome limitations of some NIC cards which is now of only historical
importance and in fact, Netware 4.1 servers provide this insertion as a port configuration
option.
Page 18-11
Frame Size Requirements
MTU Handling
Routers address the problem of maximum frame size limitations with the notion found in
many protocols of a Maximum Transmission Unit (MTU) size. Protocols use this notion in two
possible ways.
• PDU Fragmentation/Reassembly
The router is configured with the MTU of each port. If a frame that is too large is required
to be sent on a port, the Protocol Data Unit (PDU) within the frame is fragmented into
many smaller PDUs, each of which is re-encapsulated and sent as a frame that fits within
the MTU.
• Connection-oriented end-to-end MTU negotiation
When an end-station enters into a protocol to communicate with another station the initial
PDU exchanges are guaranteed to fit all possible MTUs. In the handshaking between endstations to establish the connection a phase is entered where large frames are sent. If an
intervening link has an MTU too small for these frames it will be dropped and the handshaking will time out. The end-stations send progressively smaller frames until the handshaking succeeds and hence establish the MTU to be used between the two stations for
the remainder of their connection use.
IP supports the former mechanism and IPX the latter.
IP Fragmentation
The Omni Switch/Router Ethernet interfaces will use IP fragmentation if they are allowed to
(i.e., if the Don’t Fragment bit is not set.) Fragmentation by FDDI and Token Ring is not
supported though technically the Token Ring could send frames larger than those supported
by FDDI and LAN Emulation could generate frames larger than both.
ICMP Based MTU Discovery
IP uses the Don’t Fragment bit to support an MTU discovery protocol that superficially resembles the negotiation of IPX. The difference is that when IP stations attempt to discover an
MTU size for their use, which doesn’t require fragmentation by intermediate routers, the
protocol expects a protocol response by the intermediate router, this is an ICMP reporting that
a frame was dropped because it couldn’t be fragmented.
The Omni Switch/Router transformation function of any to any switching does not support
this ICMP generation but just silently drops IP frames which can’t be fragmented. The IP
router in the Omni Switch/Router does honor this protocol and support ICMP. It is only the
any to any switching which doesn’t because it is not a router and may not even have an IP
address with which to respond.
IPX Packet Size Negotiation
For IPX the requirement of intervening devices is simply to drop frames that are too large to
be forwarded. This is what the Omni Switch/Router does.
Other Protocols
Dropping oversize frames is the approach for all protocols other than IP. If the protocol in
question is modeled like IPX this will be the correct thing to do and will not cause problems.
If the protocol is modeled like IP and expects fragmentation to occur or requires explicit
response from the Omni Switch/Router then the protocol will not succeed in any to any
switching.
Page 18-12
Banyan Vines
Banyan Vines
Banyan Vines supports Ethernet, FDDI, and Token Ring networks. Each type of network
generates a different frame format, so the Omni Switch/Router performs translations for
frames moving from one network type to another. The Banyan Vines protocol only uses one
frame format per network type—no user configuration of translations is necessary. This protocol uses Ethernet II frames on Ethernet, SNAP frames on FDDI, and IEEE 802.2 (LLC) frames
on Token Ring. The Omni Switch/Router uses these frame formats when translating Banyan
Vines frames.
Note
Checksums for Banyan Vines frames are automatically
set to the null checksum, 0xFFFF, so that the checksum header does not require recalculation. Receiving
stations will ignore this field and assume the sender is
not using checksums.
Page 18-13
Configuring Encapsulation Options
Configuring Encapsulation Options
You will configure frame encapsulation based on the destination MAC address or the destination switch port. Whether a frame is encapsulated based on the destination MAC or the port
depends whether the frame has a unicast, multicast, or broadcast destination.
Forwarding versus Flooding
Such frames will be handled in two ways:
• Forwarded Frames. If the frame has a unicast destination address which has been learned
on a particular port, the encapsulation translation choices are driven by options associated
with the destination MAC address.
• Flooded/Multicast Frames. If the frame has a unicast destination address which has not been
learned on a particular port, or if the destination address is a multicast address, then the
frame has to be transmitted on potentially many ports. In this case the encapsulation translation choices are driven by options associated with each destination port.
Port Based Translation Options
The translation options for ports allow configuration of IP and IPX protocols on a per encapsulation basis.
MAC Address Based Translation Options
The translation options for MACs arises from two possible sources.
• Inheritance from Port Options During Source Address Learning
• When a source MAC address is learned, the translation options of the port on which it is
learned are copied into the MAC-based database.
• Automatic Determination by AutoTracker
• When a frame is processed by AutoTracker as part of determining the VLAN to be associated with the MAC the frames protocol type and encapsulation are also determined. This
information is used to update/set the translation options in the MAC based database.
Which of these options is used is determined by setting the autoencaps option.
Page 18-14
Configuring Encapsulation Options
“Native” versus “Non-Native” on Ethernet
For the Ethernet one further distinction is made. If the frame received from the backplane is
an Ethernet media type frame from another Ethernet switching module in the same chassis,
then no encapsulation translations are applied. Such frames are referred to as Native frames.
If the frame is of an Ethernet media type but was put onto the backplane by some other type
of switching module, for example, the frame came from a FDDI card via a trunk port, or from
the MPX via routing, then encapsulation translations are applied. Such frames are referred to
as Non-Native frames.
♦ Important Note ♦
The .cmd file contains a command called hreXnative
that by default is set to 1. If your switch uses multiple
encapsulations (for example, VLAN 2:1 is 802.3 IPX and
VLAN 3:1 is Ethernet II IPX) then the hreXnative
command must be set to 0. See Chapter 7, “Managing
Files,” for more information on the .cmd file.
“Native” versus “Non-Native” on FDDI and Token Ring
For FDDI, Token Ring and LAN Emulation on ATM, a native/non-native distinction is not
made. Instead, no encapsulation translations are applied by these switching modules to
frames which are of their own media type.
No Translation on Trunk or PTOP ports
Switching modules which support encapsulation mechanisms, such as Trunking ports on
FDDI and Token Ring, and Point to Point ports on ATM do not apply translation to frames
destined to such ports.
All other aspects of the transformation process are driven by the media type of the frame, the
media type of the port on which the frame is to be transmitted and the protocol type determined for the frame. Thus frame padding insertion/stripping, IP fragmentation, IP ARP bit
swapping, etc., are all automatic.
The Proprietary Token Ring IPX Option
The one area which remains configurable is the bit swapping of source addresses for IPX in
order to allow Token Ring to work with FDDI and Ethernet. This is the equivalent function to
IP ARP bit swapping.
This option is configurable and by default is on.
Page 18-15
The User Interface
The User Interface
This chapter documents User Interface (UI) commands to configure encapsulation options.
For documentation on Command Line Interface (CLI) commands to configure encapsulation
options, see the Text-Based Configuration CLI Reference Guide.
♦ Important Note ♦
In Release 4.4 and later, the Omni Switch/Router is
factory-configured to boot up in CLI (Command Line
Interface) mode, rather than in UI (User Interface)
mode. See Chapter 4, “The User Interface,” for documentation on changing from CLI mode to UI mode.
Simple encapsulation options can be configured through the modvp, addvp, crgp commands.
More advanced encapsulation options can be found in the commands under the Switch menu.
Essentially, the forwarding code is now capable of applying the transformation function per
protocol per encapsulation per port for flooded/mcast traffic and per protocol per encapsulation per destination MAC address for forwarded unicast traffic. The old interface provides a
small subset of these possible port translation options.
Page 18-16
The User Interface
The addvp, modvp and crgp Commands
All of these commands include in their dialogue an Output Format question for ports and a
subsidiary IEEE 802.2 Pass through option.
The options offered are:
• a default,
• Ethertype,
• SNAP and
• LLC.
Each of these represents a set of translation options for the IP and IPX protocols. The names
chosen for these sets basically represent the translations for IPX with the translation for IP
being implied.
For example, LLC represents a translation set where all IPX encapsulations are configured to
translate to IEEE 802.2. This is not a valid encapsulation for IP which is therefore configured
to a default appropriate to the media, Ethertype for Ethernet ports and SNAP for FDDI and
Token Ring ports. The translation of all other protocol types and encapsulations is fixed by
the Omni Switch/Router. Thus AppleTalk is never translated and Ethertype/SNAP based
protocols follow the IP option.
For those options which imply a translation of IEEE 802.2 IPX frames to something else a
subsidiary question is asked, “IEEE 802.2 IPX Pass Through(y/n):” An IEEE 802.2 pass through
option is provided because 4.1 Novell servers use this encapsulation by default and it is
becoming Novell’s encapsulation of choice.
The Default Translation Option
The meaning of the default is determined separately for each media type and is fully configurable. The factory defaults are chosen so that the latest release is fully compliant with earlier
ones. The default translation option is provided to allow a “single point of configuration of all
ports” capability. When the default option for a media is changed all ports of that media type
whose encapsulation is configured as default will inherit the new translation setting. All MAC
address-based translation options which were inherited from those ports, as opposed to those
set by AutoTracker, will also be updated. Ports which have an encapsulation setting other
than default will be unaffected.
Page 18-17
The User Interface
Ethernet Factory Default Translations
For Ethernet switching module ports the factory default is set to the following:
Ethernet Media - Default Mode
No translation is performed on outbound Ethernet frames where
the inbound interface was Ethernet.
IP frames of any encapsulation are transmitted as Ethernet II
frames.
IPX frames are transmitted as IEEE 802.3 Proprietary as the
default setting. The only exception is when LLC passthrough
mode is enabled, then the IEEE 802.2 (LLC) frames are
forwarded as is.
No translation is performed on Appletalk frames, and we
currently support only Appletalk Phase II (SNAP format).
Banyan Vines frames are transmitted as Ethernet II frames.
Other than IP and IPX, all other Ethernet II and SNAP encapsulated protocols are sent as Ethernet II frames.
All other IEEE 802.3 with LLC encapsulated protocols are not
translated.
FDDI Factory Default Translations
For FDDI switching module ports the factory default is set to the following:
FDDI Media - Default Mode
IP of any encapsulation is encapsulated SNAP
IPX encapsulations are encapsulated SNAP except for IEEE 802.2
which is forwarded as is.
Banyan Vines of any type are transmitted as SNAP.
All other Ethertype and SNAP encapsulated protocols are sent as
for IP.
All other LLC encapsulated protocols are forwarded as is.
Page 18-18
The User Interface
Token Ring Factory Default Translations
For Token Ring switching module ports the factory default is set to the following:
Token Ring Media - Default Mode
IP of any encapsulation is encapsulated SNAP
IPX encapsulations are encapsulated SNAP except for IEEE 802.2
which is forwarded as is.
Banyan Vines of any type are transmitted as LLC.
All other Ethertype and SNAP encapsulated protocols are sent as
for IP.
All other LLC encapsulated protocols are forwarded as is.
ATM LANE Factory Default Translations
For ATM LAN Emulation service ports the factory default is set to the following:
ATM LANE - Default Mode
No translations performed on Ethernet frames.
FDDI and Token Ring frames are translated to either SNAP or
LLC and are transmitted as such on ATM LANE.
Banyan Vines Token Ring and FDDI frames are translated to
Ethertype.
Page 18-19
The User Interface
The Ethertype Option
This option can only be applied to Ethernet switching module ports. It is set to the following:
Ethernet Media - Ethernet II Mode
No translation is performed on outbound Ethernet frames where
the inbound interface was Ethernet.
IP frames are transmitted as Ethernet II frames.
All IPX frames are transmitted as Ethernet II frames. The only
exception is when LLC passthrough mode is enabled, then the
IEEE 802.2 (LLC) frames are forwarded as is.
No translation is performed on Appletalk frames, and we
currently support only Appletalk Phase II (SNAP format).
Other than IP and IPX, all other Ethernet II or SNAP frames are
transmitted as Ethernet II frames.
Other IEEE 802.3 with LLC are not translated.
ATM LANE - Ethernet II Mode
IPX frames from FDDI, Token Ring, and Ethernet SNAP frames
are translated to Ethertype.
All other SNAP frames from FDDI, Token Ring, and Ethernet
SNAP are translated to Ethertype. However, Appletalk ARP SNAP
frames from Token Ring and FDDI are left as SNAP; Banyan
Vines frames from FDDI are translated to Ethertype.
All other 802.2 frames from FDDI, Token Ring, and Ethernet are
left as is. The exception are Banyan Vine frames from Token
Ring, which are translated to Ethertype.
All Ethernet Ethertype frames are not translated.
Page 18-20
The User Interface
The SNAP Option
This option can be applied to all media type ports and is set to the following:
Ethernet Media - SNAP Mode
No translation is performed on outbound Ethernet frames where
the inbound interface was Ethernet.
IP frames are transmitted as SNAP frames.
All IPX frames are transmitted as SNAP frames.
No translation is performed on Appletalk frames, and we
currently support only Appletalk Phase II (SNAP format).
Other than IP and IPX, all other Ethernet II or SNAP frames are
transmitted as SNAP frames.
Other IEEE 802.2 with LLC are not translated.
FDDI / Token Ring Media - SNAP Option
No translation is performed on outbound FDDI or Token Ring
frames where the inbound interface was the same media type.
IP frames of any encapsulation type are transmitted as SNAP
frames.
IPX frames received that do not have an IEEE 802.2 encapsulation type, are transmitted as SNAP.
IPX frames received that are of IEEE 802.2 encapsulation type
are transmitted as SNAP if the LLC passthrough is disabled. If the
LLC passthrough is enables, these frames will not be translated.
No translation is performed on Appletalk frames, and we
currently support only Appletalk Phase II.
All other LLC encapsulated protocols are left as is.
In the modvp or addvp commands for FDDI and Token Ring the only choices other than
default are SNAP or LLC and the default must be one of these. As the factory default is SNAP
with IPX 802.2 Pass through and the SNAP does not imply pass through the additional question about pass through is not asked on FDDI and Token Ring ports as the preference can be
expressed by choosing default or SNAP explicitly.
Page 18-21
The User Interface
ATM LANE - SNAP Mode
All IPX frames are translated to SNAP unless they are already
SNAP, in which case they are forwarded as is.
All Ethertype or SNAP frames from Ethernet and SNAP frames
from Token Ring or FDDI are translated to SNAP or left as SNAP.
The exception is Banyan Vines frames from FDDI, which are
translated to Ethertype.
All other LLC frames are left as is. The exception is Banyan Vines
from Token Ring, which is translated to Ethertype.
Page 18-22
The User Interface
The LLC Option
This option can be applied to all media type ports and is set to the following:
Ethernet Media - LLC Mode
No translation is performed on outbound Ethernet frames where
the inbound interface was Ethernet.
IP frames are transmitted as Ethernet II frames.
All IPX frames are transmitted as IEEE 802.2 (LLC) frames.
No translation is performed on Appletalk frames, and we
currently support only Appletalk Phase II (SNAP format).
Other than IP and IPX, all other Ethernet II or SNAP frames are
transmitted as Ethernet II frames.
Other IEEE 802.2 with LLC are not translated.
FDDI / Token Ring Media - LLC Mode
No translation is performed on outbound FDDI or Token Ring frames where
the inbound interface was the same media type.
IP frames are transmitted as SNAP frames.
All IPX frames are transmitted as IEEE 802.2 (LLC) frames.
No translation is performed on Appletalk frames, and we currently support
only Appletalk Phase II (SNAP format).
Other than IP and IPX, all other Ethernet II or SNAP frames are transmitted
as SNAP frames.
Other IEEE 802.2 with LLC are not translated.
In the modvp or addvp commands for FDDI and Token Ring the only choices other than
default are SNAP or LLC and the default must be one of these. As the factory default is SNAP
with IPX 802.2 Pass through and SNAP does not imply IPX 802.2 Pass through, the additional
question about pass through is not asked on FDDI and Token Ring ports. By choosing SNAP,
it is implied that there is no IPX 802.2 Pass through.
Page 18-23
The User Interface
ATM LANE - LLC Mode
IPX frames are translated to 802.2 LLC.
All other SNAP frames from FDDI, Token Ring, and Ethernet SNAP are
translated to Ethertype. However, Appletalk ARP SNAP frames from Token
Ring and FDDI are left as SNAP; Banyan Vines frames from FDDI are translated to Ethertype.
All other LLC frames are not translated. The exception is Banyan Vines
frames from Token Ring, which are translated to Ethertype
Interaction with the new interface
If the port to which these commands are being applied has been configured with the new
interface commands its encapsulation will be displayed as SWCH in the vi command output.
The user is alerted to this fact in these commands by the default response to the output
format question in the modvp command being displayed as “*” instead of d,e,s or l. A simple
return will leave the options unchanged in this case. If the port is currently one of d,e,s or l
and the user types “*” in response the encapsulation is changed to SWCH and the options are
set to a null translation set.
The “vi” Command
The encaps column displays the encapsulation subset options set for each port. If the port has
been configured with the new interface this is indicated by displaying “SWCH.” The “canned”
subsets offered in this interface are displayed as follows:
• DFLT. This indicates that the port is using the default translation options applicable to the
media type of this port. See above.
• 802.2. This indicates that IPX frames of any encapsulation will be encapsulated with IEEE
802.2. Non-IPX frames other than AppleTalk will be transformed to Ethertype on Ethernet
ports and SNAP on FDDI or Token Ring ports. AppleTalk frames are never transformed.
• SNAP. This indicates that Ethertype frames of all protocols and IPX proprietary frames will
be translated to SNAP and all SNAP frames will be left as is.
IEEE 802.2 encapsulated IPX frames may be left as is if the IEEE 802.2 pass through option
is in effect for this port. All other IEEE 802.2 encapsulated protocols are left as is.
• ETH. This indicates that SNAP frames of all protocols except AppleTalk will be translated to
Ethertype.
SNAP and Proprietary IPX frames will be transformed to Ethertype.
IEEE 802.2 encapsulated IPX frames may be left as is if the IEEE 802.2 pass through option
is in effect for this port.
All other IEEE 802.2 encapsulated protocols are left as is.
To discover whether IEEE 802.2 pass through is in effect on a port the user must either use
the swch command from the switch menu or use modvp and observe the encapsulation
offered and/or the default response for the pass through question.
Page 18-24
The Switch Menu
The Switch Menu
The switch menu contains commands that allow you to set translation options discussed
earlier in this chapter. It also contains commands to change the default values.
To view the switch menu, enter switch at the prompt. If you are in verbose mode, the following screen is displayed. Otherwise, type a ? at the switch menu prompt to display the Switch
Menu:
Command
---------------------propipx
facdef
ethdef
fddidef
trdef
swch
swchmac
autoencaps
Switch Menu
--------------------------------------------------------------------------------------------------Configure Default Proprietary IPX Token Ring to any switching
Configure Defaults to Factory values
Configure Default Ethernet Translation
Configure Default FDDI Translation
Configure Default TR Translation
Configure Any To Any Switching Port Translations
View per MAC Translation Options
Turn AutoTracker translations On or OFF
The commands above and their operations are described in the sections below.
Proprietary IPX Token Ring
The propipx command allows you to turn on or off the default proprietary IPX switch translation. (Refer to Appendix B, “Output Translation Options,” for information on the Proprietary
IPX feature.)
To turn on the Proprietary IPX feature (the default), enter the following at the system prompt:
propipx on
A message is displayed to confirm the activation of the Proprietary IPX feature. Please note
that the switch must be rebooted for the setting to take effect.
To turn off the Proprietary IPX feature type:
propipx off
Factory Defaults
You can reset all ports in the switch to their default factory settings. Any custom translations
you configured through modvp, ethdef, fddidef, trdef, or swch commands will be overridden by
the default translation for the given media type (i.e., Ethernet, FDDI, etc.). Factory defaults for
each media type are described earlier in this chapter.
To reset to factory defaults, enter the facdef command at the system prompt. The following
screen displays:
This will reset the default translations for each media type to a factory default.
It will then set all port translation options to inherit these defaults.
It will then reset the forwarding table translation options for all addresses learnt on
those ports to those port defaults.
Do you want to do this? (no):
Enter a Y to reset all port settings.
Page 18-25
The Switch Menu
Default Ethernet Translations
The ethdef allows you to set up default translations for all Ethernet ports. To do so:
1. Enter ethdef at the system prompt. The following screen displays:
This will reset the default translations for Ethernet media to a new value.
All Ethernet ports currently set to default will inherit these new translation options.
It will thenreset the forwarding table translation options for all addresses learnt on
those ports to those port defaults.
Do you want to do this? (no):
2. Press Y at the Do you wish to do this? prompt to indicate that you want to change the
defaults. The current settings for Ethernet ports are displayed, in a screen similar to the
following:
Translation Options:
1
IP Ethertype
2
IP IEEE 802 SNAP
-> Ethertype
-> Ethertype
3
4
5
6
-> 802.3
-> 802.3
-> 802.3
-> 802.3
IPX ETHERNET_II
IPX ETHERNET_802.3
IPX ETHERNET_802.3/FDDI/TOKEN_RING
IPX ETHERNET_SNAP/FDDI_SNAP/TOKEN-RING_SNAP
There are six frame types for which you can set translation options. The frame type in the
left column indicates the incoming frame, and the frame type in the right column (after
the ->) indicates the outgoing frame. You can configure the outgoing frame type for each
incoming frame.
3. You change an outgoing frame type by entering its line number, an equal sign (=) and a
frame type indicator (e, s, 2, or 3). The frame type indicators represent the following
frames:
e
Ethernet II or Ethertype
s
SNAP
2
802.2 or LLC
3
Ethernet 802.3
For example, if you wanted to change incoming IPX Ethernet II frames to Ethernet 802.3
frames, then you would enter
3=3
Please note that the IP Translation Options accept only Ethertype (e) or SNAP (s).
4. When you are done changing translations, enter save to save all of your settings. If you
enter quit, you will exit the ethdef command without saving your changes.
Page 18-26
The Switch Menu
Default FDDI Translations
The fddidef command allows you to set up default translations for all FDDI ports. To do this:
1. Enter the fddidef command at the system prompt. The following screen displays:
This will reset the default translations for FDDI media to a new value.
All FDDI ports currently set to default will inherit these new translation options.
It will thenreset the forwarding table translation options for all addresses learnt on
those ports to those port defaults.
Do you want to do this? (no):
2. Press Y at the Do you wish to do this? prompt to indicate that you want to change the
defaults. The current settings for FDDI ports are displayed, in a screen similar to the
following:
Translation Options:
1
IP Ethertype
2
IP IEEE 802 SNAP
-> Ethertype
-> Ethertype
3
4
5
6
-> 802.3
-> 802.3
-> 802.3
-> 802.3
IPX ETHERNET_II
IPX ETHERNET_802.3
IPX ETHERNET_802.3/FDDI/TOKEN_RING
IPX ETHERNET_SNAP/FDDI_SNAP/TOKEN-RING_SNAP
There are six frame types for which you can set translation options. The frame type in the
left column indicates the incoming frame, and the frame type in the right column (after
the ->) indicates the outgoing frame. You can configure the outgoing frame type for each
incoming frame.
3. You change an outgoing frame type by entering its line number, an equal sign (=) and a
frame type indicator (e, s, 2, or 3). The frame type indicators represent the following
frames:
e
Ethernet II or Ethertype
s
SNAP
2
802.2 or LLC
3
Ethernet 802.3
For example, if you wanted to translate incoming IPX Ethernet 802.3 frames to Ethernet
802.3 frames (FDDI raw), then you would enter
4=3
Please note that the IP Translation Options accept only Ethertype (e) or SNAP (s).
4. When you are done changing translations, enter save to save all of your settings. If you
enter quit, you will exit the ethdef command without saving your changes.
Page 18-27
The Switch Menu
♦ Important Note ♦
The IP Translation Options allow only SNAP (s). The
IPX translations allow SNAP (s), and LLC (2) for all
frame types. The Ethertype (e) translation is not
allowed for FDDI. The Ethernet 802.3 translation (3) is
allowed only on incoming Ethernet 802.3 frames, which
referred to as “FDDI raw.”
The fddidef command will accept your input and will
not return an error message if you try to change an IPX
translation option to Ethertype or Ethernet 802.3.
However, that does not mean that the IPX frames are
being translated to Ethertype or 802.3. Regardless of
what the fddidef screen displays, switch software does
not translate FDDI frames to Ethertype for any frame or
to 802.3 for any frame accept incoming 802.3.
Default Token Ring Translations
The trdef command allows you to set up default translations for all Token Ring ports. To do
so:
1. Enter the trdef command at the system prompt. The following screen displays:
This will reset the default translations for TR media to a new value.
All TR ports currently set to default will inherit these new translation options.
It will thenreset the forwarding table translation options for all addresses learnt on
those ports to those port defaults.
Do you want to do this? (no):
2. Press Y at the Do you wish to do this? prompt to indicate that you want to change the
defaults. The current settings for FDDI ports are displayed:
Translation Options:
1
IP Ethertype
2
IP IEEE 802 SNAP
-> Ethertype
-> Ethertype
3
4
5
6
-> 802.3
-> 802.3
-> 802.3
-> 802.3
IPX ETHERNET_II
IPX ETHERNET_802.3
IPX ETHERNET_802.3/FDDI/TOKEN_RING
IPX ETHERNET_SNAP/FDDI_SNAP/TOKEN-RING_SNAP
There are six frame types for which you can set translation options. The frame type in the
left column indicates the incoming frame, and the frame type in the right column (after
the ->) indicates the outgoing frame. You can configure the outgoing frame type for each
incoming frame.
Page 18-28
The Switch Menu
3. You change an outgoing frame type by entering its line number, an equal sign (=) and a
frame type indicator (e, s, 2, or 3). The frame type indicators represent the following
frames:
e
Ethernet II or Ethertype
s
SNAP
2
802.2 or LLC
3
Ethernet 802.3
For example, if you wanted to translate incoming IPX SNAP frames to LLC frame, then
you would enter
6=2
4. When you are done changing translations, enter save to save all of your settings. If you
enter quit, you will exit the trdef command without saving your changes.
♦ Important Note ♦
The IP Translation Options allow only SNAP (s). The
IPX translations allow only SNAP (s), and LLC (2) for all
frame types. The Ethertype (e) and 802.3 translations
are not allowed for Token Ring.
The trdef command will accept your input and will not
return an error message if you try to change an IPX
translation option to Ethertype or Ethernet 802.3.
However, that does not mean that the IPX frames are
being translated to Ethertype or 802.3. Regardless of
what the trdef screen displays, switch software does not
translate Token Ring frames to Ethertype or 802.3.
Page 18-29
The Switch Menu
Port Translations
The swch command allows you configure translations on a port-by-port basis. Its translation
options are similar to those for ethdef, fddidef, and trdef. However, instead of applying translations to all ports for a particular media type, swch applies translations only to the port you
specify.
To specify translation for a single port:
1. Start the swch command by entering it at the prompt as shown:
swch <slot>/<port>
where <slot> is the board on which the port is located and <port> is the port number. For
example, to set the translation for port 1 on slot 2, enter the following:
swch 2/1
2. Something like the following screen displays, showing the current translation settings for
the port:
Port Translations for Ethernet port 2/1/brg/1
0
Framing Type: DFLT
Translation Options:
1
IP Ethertype
2
IP IEEE 802 SNAP
-> Ethertype
-> Ethertype
3
4
5
6
-> 802.3
-> 802.3
-> 802.3
-> 802.3
IPX ETHERNET_II
IPX ETHERNET_802.3
IPX ETHERNET_802.2/FDDI/TOKEN_RING
IPX ETHERNET_SNAP/FDDI_SNAP/TOKEN-RING_SNAP
The top line of the display indicates the media type of the port as well as the slot number,
port number, service type, and service number. The next line, Framing Type, indicates the
framing type applied to this port through the modvp command. If the framing type had
been defined through the Switch menu, then this field would read SWCH.
3. The Translation Options section shows the six frame types for which you can set translation options. The frame type in the left column indicates the incoming frame, and the
frame type in the right column (after the ->) indicates the outgoing frame. You can configure the outgoing frame type for each incoming frame.
Note that the default option is a question mark (?). If you press <Return>, the help information will be redisplayed
4. You change an outgoing frame type by entering its line number, an equal sign (=) and a
frame type indicator (e, s, 2, or 3). The frame type indicators represent the following
frames:
e
Ethernet II or Ethertype
s
SNAP
2
802.2 or LLC
3
Ethernet 802.3
For example, if you wanted to translate incoming IPX SNAP frames to LLC frames, then
you would enter
6=2
Page 18-30
The Switch Menu
5. When are done changing translations, enter save to save all your settings. If you enter
quit, you will exit the swch command without saving your changes.
Please note that valid translation options depend on the media type of the port. Ethernet
ports allow all frame translation options, but FDDI and Token Ring ports have limitations. See
Default FDDI Translations on page 18-27 and Default Token Ring Translations on page 18-28
for more information on media limitations.
Configuring Additional Ports
If you want to configure additional ports, you can use the n option of the swch command to
configure the next port, or the p option of the swch command to configure the previous port.
For example, if you want to configure translations on port 2 for the card in slot 4 after configuring Port 1 in Slot 4, enter
n
at the prompt. You are now ready to configure port 3 of slot 4.
If you want to configure translations on port 1 for the card in slot 5 after configuring Port 2 in
Slot 5, enter
p
at the prompt. You are now ready to configure port 1 of slot 5.
When are done changing translations, enter save to save all your settings. If you enter quit,
you will exit the swch command without saving your changes.
Displaying Ethernet Switch Statistics
The swch command can also be used to display basic statistics for Ethernet ports. These statistics are the lowest level, most primitive statistics maintained by an Ethernet board. The more
familiar RMON and MIB II statistics are generated from these statistics. If you want to display
the switch statistics for an Ethernet port, enter
swch <slot>/<port>
where <slot> is the slot number of the module, and <port> is the number of the port for which
you want to view statistics. For example, to look at statistics for port 4 in slot 3, enter:
swch 3/4
A screen similar to the following is displayed:
Port Translations for Ethernet port 3/4/brg/1
0
Framing Type: DFLT
Translation Options:
1
IP Ethertype
2
IP IEEE 802 SNAP
-> Ethertype
-> Ethertype
3
4
5
6
-> 802.3
-> 802.3
-> 802.3
-> 802.3
IPX ETHERNET_II
IPX ETHERNET_802.3
IPX ETHERNET_802.2/FDDI/TOKEN_RING
IPX ETHERNET_SNAP/FDDI_SNAP/TOKEN-RING_SNAP
If this port is an Ethernet media port, enter r at the system prompt and then press <Return>. If
you do this for a port other than an Ethernet port, this will be ignored.
Page 18-31
The Switch Menu
If the port selected is an Ethernet based port, something like the following would be
displayed:
Ethernet Statistics for Ethernet port 3/4/Brg/1
Received Good Octets
0
Transmitted Good Octets
Received Bad Octets
0
Total Octets
0
Received Unicasts
0
Transmitted Unicasts
Received Multicasts
0
Transmitted Multicasts
Received Broadcasts
0
Transmitted Broadcasts
Received Buffer Discards
0
Transmitted Buffer Discards
Received Collision Count
0
Transmitted Retry Count
Received Runt Count
0
Transmitted More Count
Received Error Discard
0
Transmitted Once Count
Drop Event Count
0
Transmitted Defer Count
Received Jabbers
0
Loss Carrier Count
Received Over Size
0
Transmitted Late Collisions
Received Late Collision
0
Transmit Underflow
Received 1024 +
0
Port Filtered
Received 512 +
0
Vlan Filtered
Received 256 +
0
Mtu Exceeded
Received 128 +
0
Received 65 +
0
Received 64
0
vseTxDiscard
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
The fields displayed by the r option of the swch command are described below:
♦ Note ♦
The first group of statistics are the numbers of bytes
transmitted and received. These are useful in working
out bandwidth usage by the port. Bad octets are important to count in the total octets count as they consume
bandwidth at the expense of useful traffic. To ignore
them would lead to mysterious loss of bandwidth in
any calculations performed.
Received Good Octets.
Received Bad Octets.
Total Octets.
The total number of bytes received in good frames.
The total number of bytes received in bad frames.
The total number of octets transmitted or received in good or bad frames on this
port.
Transmitted Good Octets.
Received Unicasts.
The total number of bytes successfully transmitted.
The number of frames received on this port whose destination address is a
unicast format.
Transmitted Unicasts.
The number of frames transmitted on this port whose destination address
is a unicast format.
Received Multicasts.
The number of frames received on this port whose destination address is
a multicast format.
Transmitted Multicasts. The number of frames transmitted on this port whose destination
address is a multicast format.
Received Broadcasts.
The number of frames received on this port whose destination address is
the broadcast address.
Page 18-32
The Switch Menu
Transmitted Broadcasts.
The number of frames transmitted on this port whose destination
address is the broadcast address.
Note that these statistics merely indicate the format of the destination address of frames transmitted/received on this port, not that the addressed device and/or devices necessarily reside
on that port. For example, unknown unicast addressed frames are flooded to many ports.
Received Buffer Discards. Due to congestion of traffic from multiple ports on the board, timely
access to buffers was not available to receive a frame from the network port and the frame
was discarded.
Transmitted Buffer Discards.
Due to a shortage of buffers and/or congestion on the network
port, frames received from the backplane destined to this port were dropped.
Transmit Underflow.
Due to congestion of traffic from multiple ports on the board, timely
access to the buffer containing the frame currently being transmitted by this port was not
obtained and the frame had to be aborted and discarded.
vseTxDiscard.
Due to congestion of traffic from multiple ports and boards in the system, traffic received from the network port could not be queued to the backplane due to buffer availability.
Received Collision Count, Received Runt Count. These counts may be considered normal on a
shared segment (e.g., AUI and BNC connected Ethernet) where more than two stations exist.
The first indicates that a frame which the port started to receive from a station was subjected
to a collision from a third station. This is normal. Such collisions between third party stations
may cause this port to see fragments of a frame which are discarded as runts. This too is
normal on multiple station Ethernet segments. On point to point 10Base-T connections these
events may be considered abnormal indicating a possible intermittent wiring problem (unless
hubs which propagate fragments are in use.) These statistics do not indicate the loss of any
frame but rather events associated with the attempts to finally successfully transfer the frame.
Transmitted Defer Count, Transmitted Once Count, Transmitted More Count, and Transmitted Retry
Count. These statistics are all related to collisions and deferral where this port is actively trying
to transmit a frame. The CSMA part of CSMA/CD, the protocol of Ethernet, requires that a
station which wishes to transmit first listens to the media to see if a transmission is already in
progress. If it is, then the station must defer transmission until the media is quiet. The Defer
count is the number of times this happens and is normal. A high defer count, relative to total
numbers of frames transmitted by the port, can be indicative of a busy segment. If a transmission is not in progress the station may begin to transmit. Due to propagation delays it is
possible for a station to suffer a collision from another station trying to transmit, even though
both listened for quiet media. When this occurs, both stations “back off” for a random time
before attempting transmission again. In theory, subsequent collisions may occur on these
retries. Once, More, and Retry indicate whether this is occurring. If a collision occurs but
succeeds on the retry, the Once counter is incremented, i.e., we collided once. If more than
one retry is required, the More count is incremented. If up to 16 retries are attempted and all
collide, then the frame is dropped and the Retry count is incremented. Again, Once, More,
and Retry are normal events on CSMA/CD media but high numbers, relative to total transmitted frames, are again indicative of a very busy segment whose throughput could be increased
by further segmentation.
Received Error Discard.
A frame was received with an FCS and/or alignment error. A high
count here, relative to total received frames, is indicative of a noisy media subject to errors.
Loss Carrier Count. This is a count of transmitted frames which are lost due to a loss of carrier.
This is indicative of poor quality/noisy wiring or adapter cards.
Page 18-33
The Switch Menu
Received Late Collision, Transmitted Late Collisions.
A late collision is a collision which occurs in
a frame when more than 64 bytes have been received/transmitted. On a correctly configured
network, which doesn't exceed physical limits of size, impedance, station spacing, etc.,
stations should always collide within 64 bytes due to propagation times. Late collisions indicate that the network is violating such restrictions or some stations are having a problem
which prevents them correctly implementing the CSMA/CD protocol. For example, a station
with a faulty receiver can not “hear” transmissions in progress and so may fail to defer its
transmissions causing late collisions to be seen by other stations.
Received Jabbers, Received Over Size.
The maximum frame size on Ethernet is 1518 bytes.
Frames longer than this are illegal.When such a frame has a valid FCS it is counted as oversize. If it has an FCS error then it is counted as a Jabber. The former is indicative of a device
with improper software, the latter of a device with some hardware fault on its transmitter. In
both cases the faulty station causes other devices, such as this port, to see these errors.
Drop Event Count.
When a frame is dropped, for example, frame reception is aborted because
of lack of buffers, there may be only one or there may be many frames so affected. In either
case there is a single occurrence of an “event” during which frames were lost. This is what
this statistic counts. This statistic is used in RMON as follows. For example, at network start
up there may be a huge amount of flooded traffic leading to much lost traffic. When a
network administrator subsequently looks at the statistics they might see 2 million frames
transmitted with 5000 frames lost. At that point they have no clue as to when and why those
5000 frames were lost. If drop event is 5000 it may indicate an intermittent problem where
single frames are being lost. If drop event is 5 or 6 it might indicate a few events when large
numbers of frames were lost such as in our example, the network restart.
Received 1024 +, Received 512 +, Received 256 +, Received 128 +, Received 65 +, and Received 64.
These count the number of frames in the indicated frame sizes: Received 64 counts 64 byte
frames, Received 65+ counts frames between 65 and 127 inclusive, Received 128+ counts
between 128 and 255, etc. These statistics are only applied to received frames.
♦ Note ♦
The Received 1024 +, Received 512 +, Received 256 +,
Received 128 +, Received 65 +, and Received 64 fields
will always display zero for Gigabit ports.
Port Filtered.
On shared media ports, Station A transmitting to Station B will be directly delivered. Therefore, the frame received by this port just needs to be dropped. This action is
referred to as filtering and this counts the number of frames so filtered.
Vlan Filtered.
The Omni Switch/Router restricts traffic above the normal Level 2 filtering by
applying VLAN rules. Frames which are dropped because of VLAN rules are counted here.
Mtu Exceeded.
Page 18-34
This statistic is not currently supported and is always zero.
The Switch Menu
Displaying Token Ring Switch Statistics
In Release 3.4 and later, you can display statistics for the new generation of Token Ring
modules known as “Bigfoot” (e.g., TSM-CD-16W, TSX-CD-16W, and TSX-C-32W). For example, if you want to display the switch statistics for a Token Ring port on Port 1 on Slot 4,
enter:
swch 4/1
at the system prompt. Press r and then press <Enter> at the prompt. Something like the following displays:
n={e,s,2,3},quit,save,? (?) : r
Token Ring Statistics for 4/16 Mbit Token Ring port 4/1/Brg/1
Rx MAC Good Bytes
Rx Total Mac Packets
Rx MAC Errored Bytes
Rx Unicast Packets
Rx Multicast Packets
Rx Broadcast Packets
Rx Buffer Discards
Rx Error Discards
Ring Purge Events
Beacon Events
Claim Token Events
Internal Errors
Burst Errors
Abort Errors
Congestion Errors
Frequency Errors
Soft Errors
Internal Errors
Received 18_63 byte Pkts
Received 128_255 byte Pkts
Received 512_1023 byte Pkts
Received 2048_4097 byte Pkts
Received 8K_18000 byte Pkts
n={e,s,2,3},quit,save,? (r) : ?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Rx LLC Good Bytes
Rx Total LLC Packets
Rx LLC Errored Bytes
Tx Unicast Packets
Tx Multicast Packets
Tx Broadcast Packets
Tx Buffer Discards
Tx Error Discards
Ring Purge Packets
Beacon Packets
Claim Token Packets
Line Errors
AC Errors
LostFrame Errors
Frame Copied Errors
Token Errors
Ring Poll Events
NAUN Changes
Received 64_127 byte Pkts
Received 256_511 byte Pkts
Received 1024_2047 byte Pkts
Received 4096_8191 byte Pkts
Received 18000+ byte Pkts
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Note that the default option is now r. If you press <Enter>, the switch statistics will be redisplayed.
The fields displayed by the r option of the swch command for Token Ring are described
below.
The first group of statistics are the numbers of bytes transmitted and received. These are
useful in working out bandwidth usage by the port. Bad octets are important to count in the
total octets count as they consume bandwidth at the expense of useful traffic. To ignore them
would lead to mysterious loss of bandwidth in any calculations performed.
Rx MAC Good Bytes. The total number of bytes received in good Media Access Control (MAC)
packets. (MAC packets are used for management of the Token Ring network.)
Rx LLC Good Bytes. The total number of bytes received in good Logical Link Control (LLC)
packets. (LLC packets are used to transfer data.)
Rx Total MAC Packets.
Rx Total LLC Packets.
The total number of bytes received in MAC packets.
The total number of bytes received in LLC packets.
Rx MAC Errored Bytes.
The total number of bytes received in bad MAC packets.
Page 18-35
The Switch Menu
Rx LLC Errored Octets.
The total number of bytes received in bad LLC packets.
The next group of statistics are the types of packets being transmitted and received.
Rx Unicast Packets.
The number of packets received on this port whose destination address is
a unicast format.
Tx Unicast Packets. The number of packets transmitted on this port whose destination address
is a unicast format.
Rx Multicast Packets.
The number of packets received on this port whose destination address is
a multicast format.
Tx Multicast Packets. The number of packets transmitted on this port whose destination
address is a multicast format.
Rx Broadcast Packets. The number of packets received on this port whose destination address
is the broadcast address.
Tx Broadcast Packets. The number of packets transmitted on this port whose destination
address is the broadcast address.
Note that these statistics merely indicate the format of the destination address of packets
transmitted/received on this port, not that the addressed device and/or devices necessarily
reside on that port. For example, unknown unicast addressed packets are flooded to many
ports.
The next group of statistics are the buffer resource related statistics. The NI board receives
packets from the backplane to be transmitted to the network ports and receives packets from
the network ports to be transmitted to the backplane. It requires buffers to store these packets in while being transferred across the board in this manner. Under heavy and congested
traffic a shortage of buffers or lack of timely access to these buffers may occur. These statistics count these events which are more indicative of the amount of traffic on the board as
opposed to this particular port.
Rx Buffer Discards.
Due to congestion of traffic from multiple ports on the board, timely access
to buffers was not available to receive a frame from the network port and the frame was
discarded.
Tx Buffer Discards. Due to a shortage of buffers and/or congestion on the network port, packets received from the backplane destined to this port were dropped.
The next group are also indicative of network segment health but are indicative of ill health
and indicate events where a frame is lost.
Rx Error Discards. The total number of errored packets (bad CRC, code violations, invalid
frame length, etc.) received by this port that were discarded.
Tx Error Discards. The total number of errored packets exceeding the maximum frame length
(MTU exceeded, FIFO uderruns, etc.) by this port that were discarded.
The next group describe events that can occur when stations are inserted or removed from a
ring.
Ring Purge Events. The total number of times this port enters the ring purge state from the
normal ring state.
Ring Purge Packets.
Beacon Events.
The total number of beacon packets received and transmitted by this port.
Beacon Packets.
The number of beacon MAC packets detected by this port.
Claim Token Events.
Page 18-36
The total number of times that this port enters a beaconing state.
The total number of times that this port enters the claim token state from
The Switch Menu
the normal ring state or ring purge state to elect a new active monitor.
Claim Token Packets.
The total number of claim packets transmitted by this port.
The next group describe error statistics for token, MAC, and LLC packets.
Internal Errors.
The total number of times this port detects a recoverable internal error.
Line Errors. The total number of errors caused by problems with the physical links (code
violations, Frame Check Sequence (FCS) errors inside a frame).
Burst Errors. The total number errors when this port detects the absence of transmissions for
five (5) half-bit timers (burst-five errors).
AC Errors.
The total number of token packets with an invalid Access Control (AC) byte.
Abort Errors.
The total number of times that this port detects an abort delimiter while transmitting a packet.
LostFrame Errors. The total number of packets that failed to reach their destination after the
token ring rotation timer has expired.
Congestion Errors.
The total number of packets lost due to the fact that no buffer was available at the destination station.
Frame Copied Errors.
The total number of times that a frame has been incorrectly copied by
another station on the ring or copied by a station with a duplicate address.
Frequency Errors. The total number of timing errors frames detected by this port that did not
contain a proper ring-clock frequency.
Token Errors.
The total number of times this port detects that a new token was generated by
the Active Monitor on the ring due to a lost token.
Soft Errors.
The total number of recoverable errors detected by this port.
The next group describe statistics for changes in ring topology.
Ring Poll Events.
The total number of times that this port has learned its upstream neighbor’s
address and has broadcasted the inserting adapter’s address to the port’s downstream neighbor.
Internal Errors.
The total number of insertion failures.
NAUN Changes. The number of times that the Nearest Active Upstream Neighbor (NAUN) for
this port has changed.
The next set of statistics display information on network traffic. These statistics are only
applied to received packets.
Received 18_63 byte Pkts.
The total number of packets received on this port that were at least
18 bytes (octets) long and less than or equal to 63 bytes long.
Received 64_127 byte Pkts.
The total number of packets received on this port that were at least
64 bytes (octets) long and less than or equal to 127 bytes long.
Received 128_255 byte Pkts. The total number of packets received on this port that were at
least 128 bytes (octets) long and less than or equal to 255 bytes long.
Page 18-37
The Switch Menu
Received 256_511 byte Pkts. The total number of packets received on this port that were at
least 256 bytes (octets) long and less than or equal to 511 bytes long.
Received 512_1023 byte Pkts. The total number of packets received on this port that were at
least 512 bytes (octets) long and less than or equal to 1023 bytes long.
Received 1024_2047 byte Pkts.
The total number of packets received on this port that were at
least 1024 bytes (octets) long and less than or equal to 2047 bytes long.
Received 2048_4097 byte Pkts.
The total number of packets received on this port that were at
least 2048 bytes (octets) long and less than or equal to 4095 bytes long. [check]
Received 4096_8191 byte Pkts.
The total number of packets received on this port that were at
least 4096 bytes (octets) long and less than or equal to 8191 bytes long.
Received 8k_18000 byte Pkts. The total number of packets received on this port that were at
least 8192 bytes (octets) long and less than or equal to 18,000 bytes long.
Received 18000+ byte Pkts.
than 18,000 bytes long.
Page 18-38
The total number of packets received on this port that were more
The Switch Menu
Any to Any MAC Translations
The swchmac command allows you to view the current frame translation settings for a given
MAC address. Follow these steps:
1. Enter swchmac and the following prompt displays:
Enter MAC address ([XXYYZZ:AABBCC] or return for none :
2. Enter the MAC for which you want to view translations. The following prompt displays:
Is this MAC in Canonical or Non-Canonical (C or N) [C] :
3. Enter if the MAC address you entered is expressed in canonical (C) or non-canonical
format. The default is canonical. A screen similar to the following displays:
Port Translations for Ethernet port 3/4/brg/1
Translation Options:
IP Ethertype
IP IEEE 802 SNAP
-> Ethertype
-> Ethertype
IPX ETHERNET_II
IPX ETHERNET_802.3
IPX ETHERNET_802.2/FDDI/TOKEN_RING
IPX ETHERNET_SNAP/FDDI_SNAP/TOKEN-RING_SNAP
-> 802.3
-> 802.3
-> 802.3
-> 802.3
Proprietary Token Ring IPX Switching
-> Off
The screen shows how each incoming frame type is translated. The frame type in the left
column indicates the incoming frame type, and the frame type in the right column (after
the ->) indicates the outgoing frame translation.
Page 18-39
The Switch Menu
Default Autoencapsulation
Autoencapsulation is a technique employed by AutoTracker software to learn the protocol
and encapsulation type used by a source MAC address and automatically translate frames
bound to that MAC address to the appropriate encapsulation type.
Normally all devices attached to a switch port receive frames translated according to the translation options defined for that port. However, some devices attached to the same port may
require different frame formats.
For example, one workstation may support IPX 802.3 frames and another may support IPX
SNAP frames. The switch port may be configured to translate incoming IPX 802.3 frames to
LLC frames, which would not satisfy either of the workstations. If autoencapsulation is on,
then the switch would translate frames for the first workstation to IPX 802.3 and frames for
the second workstation to IPX SNAP. The translation setting for the port is overridden for
those ports that require a special translation.
Autoencapsulation operates only on learned unicast frames. It does not work for broadcast,
multicast, or unlearned unicast frames. For this reason it is recommended only for ports
attached to client devices. It is not recommended for ports attached to servers due to high
volume of broadcast traffic on such a connection.
In addition, autoencapsulation is not supported for Banyan Vines frames. It operates only on
IP and IPX frames.
To turn on autoencapsulation type the following at the prompt:
autoencaps on
To turn off autoencapsulation type the following at the prompt:
autoencaps off
Page 18-40
Translational Bridging
Translational Bridging
Translational Bridging enables internetworking between FDDI, Ethernet, and Token Ring
LANs. There is no standard which encompasses this. The Omni Switch/Router’s features
focus on bridging of frames between media and translating the MAC and LLC headers into the
appropriate “native” frame formats. This provides media-independent internetworking.
Learning
For VLAN trunk frames, the switch will learn the source MAC address of the encapsulated
frame and associate this with the source MAC address of the originating switch. When a frame
arrives, the switch checks to see if the frame has been learned. If so, then the frame will be
encapsulated and sent directly to the destination switch. If not, then the switch will learn the
association of VLAN, trunk service, virtual port, source, and destination MACs. If the switch
has no ports in the VLAN associated with the frame’s destination, the frame is dropped.
Translations across Trunks
The Omni Switch/Router sends frames onto the trunk in the same format as the original LAN
type. Any required translation is done at the destination switch.
Page 18-41
Dissimilar LAN Switching Capabilities
Dissimilar LAN Switching Capabilities
Switching traffic between like media requires no changes to the frame, whereas switching
traffic between unlike media requires some level of change to the frame. To fully explain the
various changes possible we need to define the portion of the frame where changes could
occur.
Media Specific fields and MAC address fields are different for Token Ring, FDDI, and Ethernet. For Token Ring and FDDI, the switch generates MAC addresses in non-canonical format,
where Ethernet generates MAC addresses in canonical format. The Omni Switch/Router will
perform media translations which means the media specific, source MAC and destination MAC
will be changed for each frame which changes media.
The source routing field is optional, and use of this field is driven by endstations who wish to
communicate using source routing. The Omni Switch/Router participates in source routing on
FDDI and Token Ring interfaces when it is configured as a Source Route Bridge. The Omni
Switch/Router will also forward source route frames transparently while performing standard
switching of frames on Token Ring and FDDI interfaces as well as when using the virtual ring
feature.
The encapsulation type field can be a number of different encapsulations, which really
includes the Media Specific fields, source MAC address, and destination MAC address. The
choices are Ethernet II, IEEE 802.2 (LLC), SNAP, and Novell 802.3 or FDDI proprietary
formats. There are configuration options for Ethernet, FDDI, and Token Ring interfaces. The
encapsulation type field may or may not be changed. This decision is made based on the
incoming encapsulation type, the user configuration, and the topology that frame is traveling.
The data field is the remainder of the frame which is application dependent. This data field is
not changed for switched traffic. Each frame is followed by a CRC.
Below are some examples when translation can occur.
Switching Between Similar LANs
Translations are not performed for switched traffic between similar LANs within one Omni
Switch/Router. For example in the diagram below, if Station A on an Ethernet segment wants
to talk to Station B on another Ethernet segment, the switched frames are not changed.
This is true for any two media where the originating media and the destination media are of
the same type (i.e. Ethernet, FDDI, Token Ring).
Ethernet
Ethernet
Station A
Station B
Similar LANs
Page 18-42
Dissimilar LAN Switching Capabilities
Switching Between Ethernet LANs Across a Trunked Backbone
Frames that are switched between like media across a Trunked backbone will only be translated at the egress port of the egress Omni Switch/Router. For example in the figure below,
frames switched from Station A to Station B will be translated at point 4, where point 4 is the
egress port of Switch 2. Frames switched from Station B to Station A will be translated only at
point 1, where point 1 is the egress port of Switch 1.
This is true if the originating media and destination media are Ethernet. It is not true if the
originating media and destination media are either Token Ring or FDDI.
Switch 2
Switch 1
Trunked Backbone (ATM or FDDI)
2
3
1
4
Ethernet
Ethernet
Station A
Station B
Ethernet LANs Across a Trunked Backbone
Page 18-43
Dissimilar LAN Switching Capabilities
Switching Between Similar LANs across a Native Backbone
Switched traffic between similar LANs across a non-trunked or native backbone will have
translations performed at each egress point. In the figure below, for traffic originating from
Station A destined to Station B, point 1 represents the ingress (input) port of Switch 1. Likewise, point 2 represents the egress (output) port of Switch 1, point 3 represents the ingress
(input) port of Switch 2 and the point 4 represents the egress (output) port of Switch 2.
Translations will occur at each egress port. For traffic from Station A to Station B, output
translations will occur at points 2 and 4. For traffic from Station B to Station A, output translations will occur at points 3, and 1.
Switch 1
Switch 2
FDDI Native Backbone
2
3
1
4
Ethernet
Ethernet
Station A
Station B
Similar LANs Across a Native Backbone
In the above example, the backbone could be of any media type other than Ethernet. If all
three media types were Ethernet, then no translations would occur, because the traffic is
being switched from like media to like media.
Page 18-44
Dissimilar LAN Switching Capabilities
The following table shows interoperability between dissimilar LANs with two switches where
the client and server are resident on like media types and the connection is switched over
various LAN backbone types. This table is representative of the IP and IPX protocol only.
Backbone
Token
Ring
FDDI
Ethernet
ATM
Token Ring to Token
Ring
No
Yes
Yes
No
FDDI to FDDI
Yes
No
Yes
No
Ethernet to Ethernet
Yes
Yes
No
No
Dissimilar LANs
Page 18-45
Dissimilar LAN Switching Capabilities
Page 18-46
19
Managing Groups and Ports
In a traditional hub-based network, a broadcast domain is confined to a single network interface, such as Ethernet, or even a specific physical location, such as a department or building
floor. In a switch-based network, such as one comprised on Omni Switch/Routers,
(OmniS/Rs) a broadcast domain—or Group— can span multiple physical switches and can
include ports using multiple network interfaces. For example, a single OmniS/R Group could
span three different switches located in different buildings and include Ethernet and WAN
physical ports.
An unconfigured Omni Switch/Router contains one Group, or broadcast domain. It also
contains one default Virtual Network, or VLAN, referred to as “default VLAN #1”. The default
Group, Group #1, and its default VLAN contain all physical ports in the switch. When a
switching module is added to the switch all of these additional physical ports are also
assigned to Group #1, VLAN #1.
You can create Groups in addition to this default Group. When you add a new Group, you
give it a name and number, optionally configure a virtual router port for its default VLAN, and
then add switch ports to it. The switch ports you add to a new Group are moved from the
default Group #1 to this new Group. (For more information on how ports are assigned to
Groups, see How Ports Are Assigned to Groups on page 19-2.)
Up to 500 Groups can be configured on each OmniS/R. An entire OmniS/R network can
contain up to 65,535 Groups. Each Group is treated as a separate entity.
There are three main types of Groups:
1. Mobile Groups. These groups allow ports to be dynamically assigned to the Group based
on AutoTracker polices. In contrast to non-mobile Groups, AutoTracker rules are assigned
directly to a mobile Group. No AutoTracker VLANs are contained within a mobile Group.
(However, mobile groups do contain a default VLAN 1 to which AutoTracker policies are
assigned; policies assigned to this default VLAN apply to the entire mobile group.) Any
AutoTracker policy may be used as criteria for membership in a mobile Group. Mobile
groups are described in more detail in Mobile Groups on page 19-5.
2. Mobile Groups based on authentication. Authenticated Groups are a special form of
mobile Group. These Groups include devices that are dynamically assigned based on an
authentication criteria. Typically the user will have to log in with a valid password before
being included in an authenticated mobile Group. Group membership is based on users
proving their identity rather than the physical location of user devices. Authenticated
Groups are described in more detail in the Switch Network Services User Manual.
3. Non-mobile Groups. These Groups are the original Group type used in previous releases.
They contain statically assigned ports and may contain AutoTracker or Multicast VLANs.
These VLANs within a non-mobile Group use AutoTracker policies to filter traffic.
AutoTracker rules are not assigned to non-mobile Groups, they are assigned to the VLANs
within the Group. Non-mobile groups are described in more detail in Non-Mobile Groups
and AutoTracker VLANs on page 19-15.
All three types of Groups may co-exist on the same switch. However, a switch port cannot
belong to a non-mobile group and a mobile group.
Page 19-1
How Ports Are Assigned to Groups
How Ports Are Assigned to Groups
There are two methods for assigning physical OmniS/R ports to a Group. One method is
static and requires manual configuration by the network administrator; the other method is
dynamic and requires only the configuration of AutoTracker rules for port assignment to
occur. The two methods are described in this section.
Static Port Assignment
In the static method, the network administrator manually assigns a port to a Group through
the crgp and addvp commands. The static method can be restrictive because it limits the
mobility of users in a multi-Group network. Users can only move within their assigned
Group. In addition, customized access for individual users is limited by this method. You can
use the static method of port assignment with mobile and non-mobile groups. Static port
assignment can be combined with dynamic port assignment for mobile groups, while static
port assignment is the only method for assigning ports to non-mobile groups.
Dynamic Port Assignment (Group Mobility)
The dynamic method is available with the Group Mobility feature. Initially each port is part of
the default Group #1 (only ports in the default Group and ports in mobile Groups are candidates for dynamic port assignment). Based on the nature of traffic and configured
AutoTracker policies, ports are dynamically assigned to the appropriate Group.
For example, if a device attached to a port transmits traffic from the 140.0.0.0 subnet,
AutoTracker will check to see if a policy exists for this IP address. If it does, then it will move
the port from the default Group to the first Group using this policy. If this device detaches
from the network the port will be re-assigned to a Group without intervention by the network
administrator.
A port can belong to multiple mobile groups (up to 16) as long as devices attached to that
port match policies of these mobile groups. However, an individual device, or MAC address,
can only belong to one mobile group per protocol.
The dynamic method of port-to-Group assignment still requires the creation of Groups
through the crgp command. The criteria for the dynamic assignment of ports to a Group are
determined by AutoTracker policies that you can configure during the crgp procedure.
Only Ethernet ports can be dynamically assigned to Groups.
If more than one Group has the same type of rule, then ports matching that policy will be
assigned to the first Group matching the policy. For example, if a device matched policies in
both Groups 2 and 5, the port would be assigned to Group 2. To make the most out of
Group Mobility it is best not to duplicate policies among Groups.
Configuring Dynamic Port Assignment
You can enable dynamic port assignment while creating a group through the crgp command.
During the crgp procedure, you will be prompted
Enable Group Mobility on the Group ? [y/n] (n):
Answer Yes to this question to give this Group the capability of having ports and devices
dynamically added to the Group. Port and devices will be dynamically assigned based on
AutoTracker rules you define.
Service Ports and Group Mobility
These ports may be automatically added to the mobile group during the crgp procedure or
through the cats command.
Page 19-2
How Ports Are Assigned to Groups
How Dynamic Port Assignment Works
Initially each port is assigned to the default Group. In this example, all three ports have workstations that belong to three different IP subnets (130.0.0.0, 138.0.0.0, and 140.0.0.0). All three
ports start out in the default Group.
Group Mobility examines traffic coming from OmniS/R ports. Three mobile groups are
defined on the switch and each uses a different IP policy. Traffic that matches IP policies for a
Group will trigger the movement of the port to the matching Group.
OmniS/R
12345678
123456
Group 2
IP Network 130.0.0.0
Group 4
IP Network 140.0.0.0
Group 1
Default Group
Group 3
IP Network 138.0.0.0
Port 1
130.0.0.1
Port 2
138.0.0.5
Port 3
140.0.0.3
Initial Configuration: All Ports in Default Group
As soon as the workstations start transmitting traffic, Group Mobility checks the source subnet
of the frames and looks for a match with any configured IP policies. If a match is found—and
in this example all three ports can be matched with a corresponding Group—the port is
moved to the matching Group.
Devices matching a policy trigger the assignment of a port to a mobile group. Therefore, the
device is moved to the mobile group at the same time as the port to which it is attached. If
more than one device comes in on a port, then that port can belong to more than one mobile
group. Similarly, if a device transmits more than one protocol—such as IP and IPX—then the
port to which it is attached can belong to more than one mobile group.
Page 19-3
How Ports Are Assigned to Groups
As the illustration below shows, the three ports are each moved from the default Group to a
Group with a policy that matches the subnet address of the workstation attached to the port.
AutoTracker IP address policies have been set up in Groups 2, 3, and 4. The ports are moved
to the Group with policies matching the subnet of the workstation.
OmniS/R
12345678
123456
Group 2
IP Network 130.0.0.0
Group 4
IP Network 140.0.0.0
Group 1
Default Group
Group 3
IP Network 138.0.0.0
Port 1
130.0.0.1
Port 2
138.0.0.1
Port 3
140.0.0.1
Ports Move to Groups With Matching Policies
Page 19-4
Mobile Groups
Mobile Groups
Switch ports can be dynamically assigned to mobile groups through AutoTracker policies.
Support for dynamic port assignment is one of the main differences between mobile groups
and non-mobile groups. AutoTracker rules are assigned directly to a mobile group. In
contrast, AutoTracker rules are assigned to the VLANs within a non-mobile group. No
AutoTracker VLANs are contained within a mobile Group, and each mobile group constitutes
a single spanning tree.
A switch port can belong to multiple mobile groups, whereas a switch port can belong to
only one non-mobile group. However, a port can not belong to a mobile and a non-mobile
group at the same time.
Ports can be assigned to mobile groups either statically or dynamically. A port is statically
assigned to a mobile group when one of the following occurs:
• Port by default assigned to default group 1
• Port assigned to a group through crgp or addvp commands
Although switch ports can belong to multiple mobile groups, it is not possible to assign a port
to two different groups using the addvp command. However, a switch port could be assigned
to one mobile group via the addvp command and then gain membership to another mobile
group by matching the policy criteria for that group.
A switch port is dynamically assigned to a mobile group after one of its attached devices
matches an AutoTracker policy for that mobile group. An overview of how ports and devices
are dynamically assigned to mobile Groups can be found in How Ports Are Assigned to Groups
on page 19-2.
Authenticated Groups
Mobile groups provide the added flexibility of user-authentication policies. Using Authentication Management Console (AMC) software, you can configure mobile groups to use log-in
procedures as a means of assigning group membership. Mobile groups that use authentication are a special group type called an Authenticated Group. Authenticated Groups are
described in more detail in the Switch Network Services User Manual.
Configuring Mobile Groups
You configure mobile Groups through the crgp command. During the crgp procedure you
will receive a prompt asking if you want to create a mobile Group
Enable Group Mobility on this Group ? [y/n] (n):
You must answer Yes to this prompt to set up a mobile group. After this question, you will be
asked to configure virtual ports and AutoTracker policies for the Group. Documentation for
the full crgp procedure can be found in Creating a New Group on page 19-18.
Page 19-5
Mobile Groups
Turning Group Mobility On or Off
The gmstat command turns group mobility on or off for a Group that you specify. Essentially,
you can change a non-mobile group into a mobile group and a mobile group back into a
non-mobile group through gmstat. The group you specify must previously have been created
through the crgp command.
Use the following syntax for the gmstat command:
gmstat <group number>
For example, if you wanted to change the group mobility status of group 2, you would enter:
gmstat 2
Mobile Group to Non-Mobile Group
If this group is already a mobile group, the following would display:
Group Mobility is ON for Group 2
Change Group Mobility Status for Group 2 to OFF ? [y/n] (y):
If you wanted to change this mobile group back to a non-mobile group, you would press
<enter> and the group would lose its mobile status. All AutoTracker policies you set up for
the Group would no longer be valid.
If you decided not to turn off group mobility, enter n and the following prompt displays:
Group Mobility Status unchanged
Non-Mobile Group to Mobile Group
If this group is currently a non-mobile group, the following would display:
Group Mobility is OFF for Group 8
Change Group Mobility Status for Group 8 to ON ? [y/n] (y):
If you wanted to turn on Group Mobility, you would press <enter> and would then be asked
if you want to configure AutoTracker policies. If you answer yes, then the AutoTracker policies menu would display as follows:
Select rule type:
1. Port Rule
2. MAC Address Rule
21) MAC Address Range Rule
3. Protocol Rule
4. Network Address Rule
5. User Defined Rule
6. Binding Rule
7. DHCP PORT Rule
8. DHCP MAC Rule
81) DHCP MAC Range Rule
Enter rule type (1):
You define policies for a mobile Group. Non-mobile groups do not require policies.
However, mobile Groups use policies to define membership. Instructions for specifying
AutoTracker policies may be found in Chapter 22.
♦ Note ♦
As of the current release, the MAC Address Range Rule
and DHCP MAC Range are not supported for
AutoTracker VLANs
Page 19-6
Mobile Groups
If you decided not to turn group mobility on, you would enter n at the group mobility prompt
and the following message would display:
Group Mobility Status unchanged
Understanding Port Membership in Mobile Groups
Switch ports can belong to multiple mobile groups. A port becomes a member of a mobile
group as long as one of its attached devices matches the policy criteria for that group.
However, the movement of ports between groups and the status of port membership in
groups can be affected by more than just whether or not devices match policy criteria.
Group mobility uses three variables that can affect a port’s default group and whether or not
a port ages out of a group. These variables are as follows: def_group, move_from_def, and
move_to_def. The def_group and move_to_def variables can be configured through the gmcfg
command, which is described on page 19-12. The move_from_def variable is enabled by
default, but can be disabled by entering a statement in the mpx.cmd file. The effects of these
three variables are described through diagrams on the following pages.
From the perspective of a device or switch port, there are three types of mobile group—
default, primary, and secondary. Keep in mind that definitions of these three types are relative and can change for each port and device depending on the settings of the group mobility variables and traffic patterns of devices.
Default Group
The default group is the group a port or device is statically assigned to by “default.” Typically, a port’s default group will be Group 1. A port can also be statically assigned to its
default group through the crgp or addvp commands. A port or device does not have to match
a policy to gain membership into its default group.
The default group for a port or device is stored in memory; it can only be manually changed
through the addvp or crgp commands. Depending on the settings of other group mobility variables a device or port can age out of other mobile groups but still remain a member of its
default group.
Primary Group
The primary group is the group upon which Spanning Tree operations converge. The primary
group is similar to the default group. There are two main differences between a primary and
a default group.
1. A primary group only contains devices that have matched one of its AutoTracker policies.
In contrast, switch ports may end up in a default group without matching any policy.
2. It is possible for the primary group of a port or device to change through learning or
aging. For example, if the move_from_def variable is enabled and a device matches the
policies of a mobile group other than its default group, then this new mobile group
becomes the primary group for the device and the port to which the device is attached
(see diagram on page 19-10). In this case the default group and primary group will be
different.
If the move_from_def is disabled, the port always remains in the default group (which can
now also be the primary group).
In addition a port can age out of its primary group if the move_to_def variable is enabled
(see diagram on page 19-11). A port cannot age out of its default group.
Page 19-7
Mobile Groups
Secondary Group
Switch ports and devices may become members of multiple mobile groups. A switch port
starts in its default group, which initially is also its primary group. The primary group may
change if the move_from_def variable is enabled. Any subsequent mobile groups to which a
port gains membership beyond the primary group are “secondary” mobile groups. A port can
age out of these secondary groups if the move_to_def variable is enabled (see diagram on
page 19-11).
Page 19-8
Mobile Groups
How a Device Is Dropped from the Default Mobile Group (def_group)
Default Group 1
Group 3
Device sends traffic that is forwarded to the MPX for processing. If the traffic matches the policies of an existing
mobile group, then it will become a member of that group.
If the device does not match the policies of any mobile
group, then the def_group variable determines whether
that device becomes a member of the default group.
If def_group is enabled....
If def_group is disabled....
Default Group 1
Default
Mobile Group 1
Group 3
The device that does not
match any policies becomes a
member of the default group.
Secondary
Mobile Group 3
All traffic from the device that
does not match any policies
is dropped. The device is not
a member of any mobile
group, including the default
mobile group.
Why enable def_group?
Why disable move_from_def?
• Ensure that all network devices will be a
member of at least one mobile group.
• Reduces traffic to and from devices that
do not satisfy any network policies.
Page 19-9
Mobile Groups
How a Port’s Primary Mobile Group Changes (move_from_def)
Default/Primary
Mobile Group 1
Port assigned to default
group 1 or another group
through crgp or addvp.
If move_from_def is enabled....
Default/Pri
Mobile Group 1
Default Group 1
Primary Group 3
Device on port matches policy in another mobile group
(3). Group 3 becomes primary group.
Helpful Hints:
• Reduces broadcasts to the default group.
• Best used when only one device is
attached to each port.
Page 19-10
If move_from_def is disabled....
Secondary
Mobile Group 3
Device on port matches policy in another mobile group
(3). Group 1 remains primary
group. Group 3 is now a
“secondary” group for this
port.
Why disable move_from_def?
• When multiple devices are attached to
the switch port, the port must support
multiple traffic in the default group as
well as traffic in the secondary mobile
groups.
Mobile Groups
How a Port Ages Out of a Mobile Group (move_to_def)
Default
Mobile Group
Primary
Group 2
Default
Mobile Group
Secondary
Group 3
Port becomes a member of
other mobile groups when it
matches their policies. These
groups may be primary or
secondary groups.
Port assigned to default group.
If move_to_def is enabled....
Default
Mobile Group
If move_to_def is disabled....
Default
Mobile Group
Primary
Group 2
Secondary
Group 3
Port will be removed from
other groups when attached
devices age out of filtering
database.
Primary
Group 2
Secondary
Group 3
Port remains a member of all
mobile groups with which it
has satisfied a policy criteria
even if its devices age out of
the filtering database.
Why enable move_to_def?
Why disable move_to_def?
• Security. Mobile groups only contain
devices and ports that have recently
matched policy criteria.
• Switch ports retain group membership
even when idle for some time. May be
appropriate for silent devices, such as
printers.
If the port is in “optimized mode,” then the MAC does not age out and the port would stay in
the mobile group even if move_to_def is enabled.
Page 19-11
Mobile Groups
Configuring Switch-Wide Group Mobility Variables
There are several switch-wide group mobility variables that you can configure through the
gmcfg command. These variables control the status of group mobility on all groups in a
switch as well as the use of the default group. These variables are illustrated through
diagrams on pages 19-9 to 19-11.
Follow these steps to use the gmcfg command:
1. Enter gmcfg. You do not need to specify a group number as this command applies to all
mobile groups in this switch.
2. The following prompt displays:
Group Mobility is Enabled. Disable Group Mobility ? [yes/no] (no) :
This prompt controls the status of group mobility in this switch. If you disable group
mobility here then mobile groups will not be supported in this switch even if they are
configured through the crgp command.
Default Group 1. When group mobility is enabled, default group 1 in the switch will be
treated as a mobile group and you will not be able to create AutoTracker VLANs within
this group. When group mobility is disabled, default Group 1 in the switch will be treated
as a non-mobile group in which AutoTracker VLANs could be created.
The default is to turn Group Mobility off. If you want to enable group mobility, then you
need to indicate that choice at this prompt. The prompt will always show the current
status of Group Mobility and then ask if you want to change that status. If you want to
change the current status, then enter a y at this prompt and press <enter>. To keep the
current status, simply press <enter>.
3. The following prompt displays:
move_to_def is set to Disabled. Set to Enable ? [yes/no] (no) :
The move_to_def variable determines what happens to a port once the devices on that
port age out of the filtering database. By default this variable is Disabled, which means
that a port will remain a member of a mobile group as long as its attached device satisfied the criteria for membership in that mobile group at one point. If devices on a port
stop transmitting, the port will still retain all its mobile group memberships.
If the move_to_def variable is Enabled, then a port will lose its membership in a mobile
group if its devices age out of the filtering database for that mobile group (i.e., they stop
transmitting traffic that satisfies the criteria for membership in the mobile group). Once a
port loses membership in all criteria-based mobile groups, it will return to its default
group. The effect of this variable is illustrated on page 19-11.
By default, the move_to_def variable is Disabled. If you want to enable it (ports lose
mobile group membership when they age out), then you need to indicate that choice at
this prompt. The prompt will always show the current status of move_to_def and then ask
if you want to change that status. If you want to change the current status, then enter a y
at this prompt and press <enter>. To keep the current status, simply press <enter>.
4. The following prompt displays:
def_group is set to Enable. Set to Disable ? [yes/no] (no) :
The def_group variable determines what happens to devices that do not match any
mobile group policies. If def_group is Enabled (the default), then devices that do not
match any mobile group policies will be part of the default group for that port. If the
def_group variable is Disabled, then devices that do not match any mobile group policies
will be dropped from their default group and will not be part of any mobile group.
Page 19-12
Mobile Groups
By default the def_group variable is Enabled. If you want to disable it (devices that do not
meet criteria for mobile group membership will not be part of any mobile group), then
you need to indicate that choice at this prompt. The prompt will always show the current
status of def_group and then ask if you want to change that status. If you want to change
the current status, then enter a y at this prompt and press <enter>. To keep the current
status, simply press <enter>.
The move_from_def Variable
The move_from_def variable controls whether or not a port’s primary group can differ
from the port’s default mobile group. This variable is enabled by default, but can be
changed to disabled in the mpx.cmd file.
The original default group for a port is group 1 or the group to which the port is assigned
through the crgp or addvp commands. The primary group at this point is the same as the
default group. However, if the move_from_def variable is enabled, the primary group can
change as soon as a device on the port matches the policy criteria for another mobile
group.
For example, Port 5 may start out in Group 1, its default group. The primary group in this
case will also be Group 1. If the move_from_def variable is enabled and Port 5 matches
AutoTracker polices for mobile group 3, then the new primary group for Port 5 will be
Group 3. All further Spanning Tree operations for the port will converge on group 3
rather than group 1. The effects of the move_from_def variable are further illustrated
though diagrams on page 19-10.
If you disable the move_from_def variable, then the primary group for a port will always
match the default group regardless of the number of other mobile groups to which it
gains membership. To disable the move_from_def variable, enter the following statement
in the mpx.cmd file
move_from_def=0
For this new setting to take place you need to reboot the switch.
Page 19-13
Mobile Groups
Viewing Ports in a Mobile Group
The vpl command lists all the Groups in the switch currently configured as mobile Groups
and the ports currently assigned to those Groups. Since ports are assigned to mobile groups
dynamically, this display is helpful to find out which ports the switch already sees in each
group. Ports will only display in this screen for secondary groups (i.e., not default or primary
groups). Enter vpl and a screen similar to the following displays:
================================================
Group ID
Physical Port
Virtual Port
================================================
Group ID: 2
4/2 4/3 4/4 4/5
12 13 14 15
Group ID: 3
3/1 5/2
8 20
Group ID: 6
NULL Port List
Group ID: 8
4/1 5/1
11 19
Group ID.
The group number assigned to this mobile group during the crgp procedure.
Physical Port. The physical switch ports that have been dynamically assigned to this group
because they matched an AutoTracker policy. (Primary groups do not display in this screen.
For a display of port-to-primary group mappings, use the vi command) If this column reads
NULL Port List, then no physical ports have been assigned to the group yet.
Virtual Port. The virtual ports that are part of this mobile group. For Ethernet switch ports,
there is a one-to-one relationship between physical and virtual ports.
Viewing a Port’s Mobile Group Affiliations
The vigl command lists all the ports in the switch that have been assigned to mobile Groups.
It is similar to the vpl command, but it lists ports first and then Groups. Since ports are
assigned to mobile groups dynamically, this display is helpful to find out which ports the
switch already sees in each group. Ports will only display in this screen for secondary groups
(i.e., not default or primary groups). Enter vigl and a screen similar to the following displays:
================================================
Virtual Port
Physical Port
Group ID
================================================
12 13 14 15
4/2 4/3 4/4 4/5
Group ID: 2
8 20
3/1 5/2
Group ID: 3
NULL Port List
Group ID: 6
11 19
Physical Port
Group ID
Virtual Port. The virtual ports in this mobile group. For Ethernet switch ports, there is a one-toone relationship between physical and virtual ports.
Physical Port. The physical switch ports that have been dynamically assigned to this secondary mobile group because they matched an AutoTracker policy. (Primary groups do not
display in this screen. For a display of port-to-primary group mappings, use the vi command)
If this column reads NULL Port List, then no physical ports have been assigned to the group
yet.
Group ID.
Page 19-14
The group number assigned to this mobile group during the crgp procedure.
Non-Mobile Groups and AutoTracker VLANs
Non-Mobile Groups and AutoTracker VLANs
Non-mobile Groups are comprised of physical entities—switch ports. Groups can span multiple switches, but they are still made up of physical ports that you can see and touch. But just
as physically-based broadcast domains are limited, entirely port-based Groups can also be
limiting. In a large, flat, switched network, broadcast traffic can overload the network. There
needs to be a method for subdividing traffic even further. That’s where virtual networks, or
VLANs, come into play.
VLANs are created within a Group to subdivide network traffic based on specific criteria. The
criteria you use to define a VLAN are called AutoTracker™ policies. AutoTracker policies can
be defined by port, MAC address, protocol, network address, a user-defined policy, or a multicast policy. VLANs are described in more detail in Chapter 22, “Managing AutoTracker VLANs”
and Chapter 23, “Multicast VLANs.”
Routing in a Non-Mobile Group
Communication within a Group containing only the default VLAN is switched; the ports are in
the same broadcast domain and do not require routing to communicate. Communication
between VLANs in the same Group or to VLANs in other Groups requires routing. That’s why
all VLANs—including the default VLAN within each Group—may contain their own virtual
router port. A virtual router port for each VLAN can be configured to support IP and/or IPX
routing. If you do not configure a virtual router port for a VLAN, the devices in that VLAN will
not be able to communicate with devices in other VLANs unless there is an external router
between the VLANs.
Each OmniS/R supports up to 32 virtual router ports. A single router port, using one MAC
address, can support IP routing, IPX routing, or both types of routing. When you enable a
router port for a default VLAN, you are actually creating a static route to that VLAN. Routing is
covered in more detail in Chapters 25 and 27.
♦ Note ♦
For mobile, non-mobile groups and AutoTracker
VLANs, the router port operational status is not active
unless an active switch port is a member of the group
or VLAN.
Page 19-15
Non-Mobile Groups and AutoTracker VLANs
Spanning Tree and Non-Mobile Groups
Each Group uses one Spanning Tree for bridging. The OmniS/R supports both 802.1d and
IBM Spanning Tree protocols. The Spanning Tree state for the port is Forwarding. Ports that
are in Blocked state, or in another non-Forwarding state, will not receive frames from the
router port. The figure below illustrates this concept.
OmniS/R
12345678
123456
Virtual Router
Group 2
Ports 1 and 2
VLAN
1
VLAN
2
(default VLAN #1)
Port 1: Forwarding
State
Routed frames received
because attached port
is in Forwarding state.
Port 2: Blocked
State
Routed frames not
received because attached
port is in Blocking state.
Server
Workstation
Spanning Tree State and Routed Frames
Page 19-16
Group and Port Software Commands
Group and Port Software Commands
Group and Virtual Port commands are part of the VLAN menu within the User Interface. Entering vlan at any prompt displays the following menu:
Command
VLAN Management Menu
gp
crgp
modvl
rmgp
View the list of Groups currently defined
Create a Group
Modify a VLANs configuration/availability
Remove a Group
addqgp
delqgp
viqgp
via
vi
vs
ve
Add 802.1q group/s to a port
Delete 802.1q group/s from a port
Display 802.1q groups on port/s
View ports assigned to the selected Group
View info on a specific virtual port
View statistics on a virtual port attachment
View errors on a virtual port attachment
addvp
modvp
rmvp
Add ports to a GROUP
Modify existing VPORT configuration information
Remove ports from a Group
pmapcr
pmapdel
pmapmod
pmapv
br
prty_mod
prty_disp
at
Create a Port Map
Delete a Port Map
Modify a Port Map
View Port Mapping Configuration
Enter the Bridge Configuration/Parameter sub-menu
Modify the priority of a group
Display the priority of a group
Enter the AutoTracker sub-menu
Main
Interface
File
Security
Summary
System
VLAN
Services
Networking
Help
The VLAN menu commands are divided into four sets of commands. The first set, at the top of
the menu beginning with gp, contains commands that create, modify, delete, and view
Groups. The second set of commands, beginning with addqgp are obsolete and no longer
control 802.1Q implementation. (See Chapter 16 for information on 802.1Q.) The third set,
beginning with addvp, contains commands for adding, modifying, and deleting virtual ports.
All of these commands are described in this chapter.
The final set of commands at the bottom of the menu, br and at, are actually entry points to
the Bridging and AutoTracker submenus, respectively. Commands for the Bridge Management (br) sub-menu are documented in Chapter 17, “Configuring Bridging Parameters.”
Commands for the AutoTracker (at) sub-menu are documented in this chapter and in Chapter 22, “Managing AutoTracker VLANs” and Chapter 23, “Multicast VLANs.” Some commands in
the at sub-menu apply to mobile groups and authenticated groups; those commands are
described in this chapter.
The pmapcr, pmapdel, pmapmod, and pmapv commands allow you to create port mapping
configurations. The port mapping feature is documented in Port Mapping on page 19-66. The
prty_mod and prty_disp commands allow you to modify and view the priority of a selected
group. These commands are detailed in Priority VLANs on page 19-73.
Page 19-17
Creating a New Group
Creating a New Group
There are several steps involved in creating a new Group. Note that some steps apply only to
mobile groups. These steps are as follows:
1. Enter Basic Group Information, such as the Group number and type. This section starts on
page 19-19.
2. Configure the Virtual Router Port (Optional). This section starts on page 19-21.
3. Enable/disable Group Mobility and User Authentication. This section starts on page 19-27.
4. Configure Virtual Ports. This section starts on page 19-28.
5. Configure AutoTracker policies (for mobile groups only). This section starts on page 1934.
WAN Routing Groups follow a slightly different procedure for their creation. You will receive
prompts during the procedure asking whether you want to create one of these special
Groups.
Page 19-18
Creating a New Group
Step 1. Entering Basic Group Information
a. Type crgp at any prompt.
b. The following prompt displays:
GROUP Number (5):
By default the Group number you entered or the next available Group number is
displayed in parentheses. Enter the Group number or accept the number shown in parentheses. Each Group must have a unique number, which may range from 2 to 65,535.
(Group 1 is the default switch Group. It does not need to be created and it cannot be
deleted.) Press <Enter> after entering the Group number.
c. The following prompt displays:
Description (no quotes) :
Enter a descriptive name for the new Group. Group names can consist of up to 30 alphanumeric characters. Press <Enter> after entering the Group name.
d. The following prompt displays:
Enable WAN Routing? (n):
If you want to perform WAN Routing through this Group you must enter a y at this
prompt. If you do not need to support WAN Routing, then answer n at this prompt and
continue with Step e.
♦ Note ♦
You do not need to create a special WAN Routing
Group to bridge or trunk traffic over a WAN connection. If you are just Bridging or Trunking on WAN,
answer n to this prompt and continue with Step e.
A WAN Routing Group is different from other Groups; it must contain only WAN ports. In
addition, the virtual router and virtual ports are configured differently. Please skip ahead
to Creating a WAN Routing Group on page 19-35 to continue setting up this WAN Routing
Group.
e. The following prompt displays:
Enable ATM CIP? (n):
Answer n at this prompt and skip ahead to Step 2. Configuring the Virtual Router Port
(Optional) on page 19-21.
♦ Note ♦
ATM is not supported in Release 4.5 and later.
Page 19-19
Creating a New Group
f.
The following prompt displays:
Enable MPLS? (n):
Multi-Protocol Label Switching (MPLS) must be enabled if this group is going to be used for
machines in the network that communicate via MPLS. Answer n at this prompt and skip
ahead to Step 2. Configuring the Virtual Router Port (Optional) on page 19-21.
♦ Note ♦
MPLS is not supported in Release 4.5 and later.
Page 19-20
Creating a New Group
Step 2. Configuring the Virtual Router Port (Optional)
You can now optionally configure the virtual router port that the default VLAN in this Group
will use to communicate with other VLANs. When you define a virtual router, a virtual router
port for the default VLAN in the Group is created. If you do not define a virtual router, no
virtual router port is created and the default VLAN in the new Group will be “firewalled,”
unable to communicate with other VLANs.
♦ Important Note ♦
Use caution when setting up routing on the default
VLAN for a Group. In some configurations enabling
routing on the default VLAN may not be necessary or
desirable. You can always enable routing on other,
non-default VLANs, within this Group. Refer to
AutoTracker Application Example 4 in Chapter 24 for
more information.
You will have the choice of configuring IP, IPX, or both IP and IPX routing. Continue with the
steps below:
a. After answering n to the Enable ATM CIP? prompt, the following prompt displays:
Enable IP (y):
Press <Enter> if you want to enable IP Routing on this virtual router port. If you do not
enable IP, then the default VLAN in this Group will not be able to route IP data. If you
don’t want to set up an IP router, enter n, press <Enter> and skip to Step j.
♦ Note ♦
You may enable routing of both IP and IPX traffic on
this router port. If you set up dual-protocol routing, you
must fill out information for both IP and IPX parameters.
b. The following prompt displays:
IP Address:
Enter the IP address for this virtual router port in dotted decimal notation (e.g.,
198.206.181.10). This IP address is assigned to the virtual router port of the default VLAN
within this Group. After you enter the address, press <Enter>.
c. The following prompt displays:
IP Subnet Mask (0xffffff00):
The default IP subnet mask (in parentheses) is automatically derived from the default
VLAN IP address class. Press <Enter> to select the default subnet mask or enter a new
subnet mask in dotted decimal notation or hexadecimal notation and press <Enter>.
d. The following prompt displays:
IP Broadcast Address (198.200.10.255):
The default IP broadcast address (in parentheses) is automatically derived from the default
VLAN IP address class. Press <Enter> to select the default address or enter a new address in
dotted decimal notation and press <Enter>.
Page 19-21
Creating a New Group
e. The following prompt displays:
Description (30 chars max):
Enter a useful description for this virtual IP router port using alphanumeric characters. The
description may be up to 30 characters long. Press <Enter>.
f.
The following prompt displays:
Disable routing?
(n) :
Indicate whether you want to disable routing in the group. You can enable routing later
through the modvl command.
g. The following prompt displays:
IP RIP Mode {Deaf (d),
Silent (s),
Active (a),
Inactive (i)}
(s):
Define the RIP mode in which the virtual router port will operate. RIP (Router Information
Protocol) is a network-layer protocol that enables the default VLAN in this Group to learn
and advertise routes. The RIP mode can be set to one of the following:
Silent. The default setting shown in parentheses. RIP is active and receives routing information from other VLANs, but does not send out RIP updates. Other VLANs will not receive
routing information concerning the default VLAN in this Group and will not include the
VLAN in their routing tables. Simply press <Enter> to select Silent mode.
Deaf. RIP
is active and sends routing information to other VLANs, but does not receive RIP
updates from other VLANs. The default VLAN in this Group will not receive routing information from other VLANs and will not include other VLANs in its routing table. Enter d and
press <Enter> to select Deaf mode.
Active. RIP
is active and both sends and receives RIP updates. The default VLAN in this
Group will receive routing information from other VLANs and will be included in the routing tables of other VLANs. Enter a and press <Enter> to select Active mode.
Inactive. RIP
is inactive and neither sends nor receives RIP updates. The default VLAN in
this Group will neither send nor receive routing information to/from other VLANs. Enter i
and press <Enter> to select Inactive mode.
h. If routing domains are not configured on the switch, go to the next step. If routing
domains are configured on the switch, the following prompt displays:
Apply to Routing Domain ID (none) :
Enter a routing domain in which this group should be included, or press Enter. A routing
domain is a grouping of IP router interfaces that can forward packets only within the
domain. Routing domains are part of Advanced Routing software and are not part of the
base code. For more information about routing domains, see Chapter 14, “Routing
Domains,” in the Advanced Routing User Manual.
i.
After you enter the RIP mode, or after you enter a routing domain ID, the following
prompt displays:
Default framing type [Ethernet II(e),
fddi (f),
token ring (t),
Ethernet 802.3 SNAP (8),
source route token ring(s)} (e):
Page 19-22
Creating a New Group
Select the default framing type for the frames that will be generated by this router port
and propagated over the default VLAN to the outbound ports. Set the framing type to the
encapsulation type that is most prevalent in the default VLAN. If the default VLAN contains
devices using encapsulation types other than those defined here, the switching modules
must translate those frames, which slows throughput. The figure on the next page illustrates the Default Framing Type and its relation to Virtual Router Port communications.
OmniS/R
12345678
123456
Virtual Router
SNMP AGENT
RIP
Virtual Router Port
Group
VLAN
1
(default VLAN #1)
The Default Router
Framing Type determines the type of
frame transmitted
through the Virtual
Router Port to the
default VLAN.
Workstation A
Workstation B
Default Framing Type and the Virtual Router Port
j.
You can now configure IPX routing on this port. The following message displays:
Enable IPX? (y) :
Press <Enter> if you want to enable IPX Routing on this virtual router port. If you do not
enable IPX, then the default VLAN in this Group will not be able to route IPX data. You
can set up a virtual router port to route both IP and IPX traffic.
If you don’t want to set up an IPX router for the default VLAN in this Group, enter n, press
<Enter>, and skip ahead to step p below. You can always set up IPX routing for other
VLANs within this Group.
Page 19-23
Creating a New Group
k. After selecting to enable IPX, the following prompt displays:
IPX Network:
Enter the IPX network address. IPX addresses consist of eight hex digits and you can enter
a minimum of one hex digit in this field. If you enter less than eight hex digits, the system
prefixes your entry with zeros to create eight digits.
l.
The following prompt displays:
Description (30 chars max):
Enter a useful description for this virtual IPX router port using alphanumeric characters.
The description may be up to 30 characters long. Press <Enter>.
m. The following prompt displays:
IPX Delay in ticks
(0):
Enter the number of ticks you want for the IPX network. A tick is about 1/18th of a
second. The default is 0.
n. The following prompt displays:
IPX RIP and SAP mode {RIP and SAP active (a)
RIP only active (r)
RIP and SAP inactive (i)}
(a):
Select how you want the IPX protocols, RIP (router information protocol) and SAP (service
access protocol), to be configured for the default VLAN in this Group. RIP is a networklayer protocol that enables this VLAN to learn routes. SAP is also a network-layer protocol
that allows network services, such as print and files services, to advertise themselves. The
choices are:
RIP and SAP active.
The default setting. The default VLAN to which this IPX router port is
attached participates in both RIP and SAP updates. RIP and SAP updates are sent and
received through this router port. Simply press <Enter> to select RIP and SAP active.
The default VLAN to which this IPX router port is attached participates in
RIP updates only. RIP updates are sent and received through this router port. Enter an r
and press <Enter> to select RIP only active.
RIP only active.
RIP and SAP inactive. The IPX
router port is active, but the default VLAN to which it is
attached does not participate in either RIP nor SAP updates. Enter an i and press <Enter> to
select RIP and SAP inactive.
Page 19-24
Creating a New Group
o. After selecting the RIP and SAP configuration, the following prompt displays the default
router framing type options:
Default router framing type for : {
Ethernet Media:
Ethernet II (0),
Ethernet 802.3 LLC (1),
Ethernet 802.3 SNAP (2),
Novell Ethernet 802.3 raw (3),
FDDI Media:
fddi SNAP (4),
source route fddi SNAP (5),
fddi LLC (6),
source route fddi LLC (7),
Token Ring Media:
token ring SNAP (8),
source route token ring SNAP (9),
token ring LLC (a),
source route token ring LLC (b) }
(0) :
Select the default framing type for the frames that will be generated by this router port
and propagated over the default VLAN to the outbound ports. Set the framing type to the
encapsulation type that is most prevalent in the default VLAN. If the default VLAN contains
devices using encapsulation types other than those defined here, the switching modules
must translate those frames, which slows throughput. See the figure, Default Framing
Type and the Virtual Router Port on page 19-23 for an illustration of the Default Framing
Type and its relation to Virtual Router Port communications.
♦ Note ♦
The .cmd file contains a command called hreXnative
that by default is set to 1. If physical ports in an end
station are using a different encapsulation than the
virtual router ports (for example, the modvl command
shows router ports set to Ethernet II IPX, but the swch
command shows that physical ports are using SNAP)
then the hreXnative command must be set to 0. See
Chapter 9, “Switch Wide Parameters,” for more information about the .cmd file.
p. If you chose a Source Routing frame format in the last step (options 5, 7, 9, or b), an additional prompt displays:
Default source routing broadcast type : {
ARE broadcasts(a), STE broadcasts(s)}
(a) :
Select how broadcasts will be handled for Source Routing. The choices are:
ARE broadcasts.
All Routes Explorer, the default setting. Broadcasts are transmitted over
every possible path on inter-connected source-routed rings. This setting maximizes the
generality of the broadcast. Simply press <Enter> to select All Routes Explorer.
STE broadcasts.
Spanning Tree Explorer. Broadcasts are transmitted only over Spanning
Tree paths on inter-connected source-routed rings. This setting maximizes the efficiency
of the broadcast. Enter an s and press <Enter> to select Spanning Tree Explorer.
Page 19-25
Creating a New Group
q. The following prompt displays:
Enter a priority level (0...7)(0):
Prioritizing VLANs allows to you set a value for traffic based on the destination VLAN of
packets. Traffic with the higher priority destination will be delivered first. VLAN priority
can be set from 0 to 7, with 7 being the level with the most priority.
Modifying and displaying a group’s priority is described in Priority VLANs on page 19-73.
You have now completed the configuration of the virtual router port for this group. At
this point, you will be asked whether you want to enable group mobility. The following
prompt will display:
Enable Group Mobility on the Group ? [y/n] (n):
Mobile groups are discussed in detail in Mobile Groups on page 19-5. If you want to
enable group mobility answer Y to this prompt, press <enter>, and go on to Step 3. Set Up
Group Mobility and User Authentication on page 19-27.
If you do not want to configure group mobility answer N at the prompt, press <enter>,
and go on to Step 4. Configuring Virtual Ports on page 19-28 for further instructions.
Page 19-26
Creating a New Group
Step 3. Set Up Group Mobility and User Authentication
A mobile group offers more flexibility than a non-mobile group. With a mobile group, ports
are assigned dynamically to the group based on AutoTracker policies that you configure. In a
non-mobile group, ports are statically defined and AutoTracker policies are assigned to individual VLANs within the Group. In most cases, you will want to set up a mobile group. The
following steps show you how.
a. After configuring the virtual router port, you will receive the following prompt:
Enable Group Mobility on the Group ? [y/n] (n):
To create a mobile group, enter a Y as this prompt, press <enter>, and continue with step
b. If you want to configure a non-mobile Group, enter N, press <enter>, and you will see
the following prompt:
This Group will not participate in Group Mobility
If you are not creating a mobile group, go on to Step 4. Configuring Virtual Ports on page
19-28.
b. The following prompt displays:
Enable User Authentication on the Group ? [y/n] (n):
An authenticated group is a special type of mobile group. It uses an authentication
process as it criteria for group membership. Typically, users will be prompted for an id
and password before gaining membership to an authenticated group. Authenticated
groups require additional Windows NT server software. More detailed information on
these groups can be found in the Switch Network Services User Manual. If you are not sure
whether this is an authenticated group, simply press <enter> at this prompt.
c. The following prompt displays:
Enable spanning tree for this group [y/n] (y):
Spanning Tree prevents broadcast storms by limiting logical loops in the network. For
more information on Spanning Tree, see Chapter 17, titled “Configuring Bridging Parameters.” If you wish to enable Spanning Tree, enter y and press <enter>. Otherwise, enter n.
d. The following prompt displays:
Do you wish to configure the interface group for this Virtual LAN at this time? (y)
You can assign physical ports to the new Group at this time. To begin assigning ports to
the new Group, press <Enter> and go to Step 4.
To assign ports to the Group later, type n and <Enter>. The new Group is configured but
does not yet contain any ports. You can use the addvp command later to assign ports to
the Group (see Adding Virtual Ports on page 19-44). A message similar to the following
displays confirming the creation of the new Group.
GROUP 6 has been added to the system.
You may add interfaces to this group using the addvp command at a later date.
For now, the GROUP is inactive until you add interfaces.
Configure Auto-Activated LANE service ? [y/n] (y) :
If you want to configure switch ports later (or simply rely on the dynamic port assignment capability’s of the mobile group) skip ahead to Step 5. Configuring AutoTracker Policies (Mobile Groups Only) on page 19-34.
Page 19-27
Creating a New Group
Step 4. Configuring Virtual Ports
You can now enter configuration parameters for each switch port to be included in this
Group. These configuration parameters include the bridging mode, output format type, and
administrative state. In addition, if the port you are configuring is Ethernet (10/100 Mbps),
you can also configure port mirroring.
Prompts for configuring virtual ports follow directly after Group Mobility prompts. You can
choose to add ports now or add them later through the addvp command. Follow these steps:
a. After you have stepped through the Routing and/or Group Mobility prompts, the following
message displays:
Do you wish to configure the interface group for this Virtual LAN at this time? (y)
You can assign physical ports to the new Group at this time. To begin assigning ports to
the new Group, press <Enter> and go to Step b.
To assign ports to the Group later, type n and <Enter>. The new Group is configured but
does not yet contain any ports. You can use the addvp command later to assign ports to
the Group (see Adding Virtual Ports on page 19-44). A message similar to the following
displays confirming the creation of the new Group.
GROUP 6 has been added to the system.
You may add interfaces to this group using the addvp command at a later date.
For now, the GROUP is inactive until you add interfaces.
b. After indicating that you want to set up ports, the following prompt displays:
Initial Vports (Slot/Phys Intf. Range) - For example, first I/O Module
(slot 2), second interface would be 2/2. Specify a range of interfaces
and/or a list as in: 2/1-3, 3/3, 3/5, 4/6-8
Enter the port or ports that you want to include in this new Group. The notation for
adding a port to a group is
<slot number of module>/<port number on the module>
OmniS/R-3 are numbered from 1 to 3 top to bottom and OmniS/R-5 slots are numbered
from 1 to 5 top to bottom. OmniS/R-9 slots are numbered 1-9, left to right. Port numbers
are labelled on the front panel of switching modules.
You may enter multiple ports from multiple switching modules. For example, to add ports
1 through 3 on the module in slot 2, specify 2/1-3. To additionally add the third and fifth
port on the module in the third slot, specify 3/3, 3/5. The complete slot port specification
would be:
2/1-3, 3/3, 3/5
c. If you enter a port that is already assigned to another Group, then you will be prompted
on whether or not you want to change its assignment. A message similar to the following
displays for each port that you enter:
Initial Slot/Interface Assignments: 2/8
2/8 - This interface has already been assigned to GROUP 1 (Default GROUP #1).
Do you wish to remove it from that GROUP and assign it (with
new configuration values) to this GROUP (n)?
Simply enter a y at each port prompt to change its Group assignment and begin setting
port parameters. You could also enter a c at this prompt to accept all default port parameters and skip port configuration prompts. If you enter a c, all remaining ports are automatically added to the Group with default settings, and your work is complete.
Page 19-28
Creating a New Group
d. The virtual port configuration menu displays:
Modify Ether/8 Vport 2/8 Configuration
1) Vport
2) Description
3) Bridge Mode
31) Switch Timer
4) Flood Limit
5) Output Format Type
6) Ethernet 802.2 Pass Through
7) Admin, Operational Status
8) Mirrored Port Status
9) MAC address
:9
:
: Auto-Switched
: 60
: 192000
: Default (IP-Eth II, IPX-802.3)
: Yes
: Enabled, inactive
: Disabled, available
: 000000:000000
Command {Item=Value/?/Help/Quit/Redraw/Next/Previous/Save} (Redraw) :
Descriptions for each of the fields in this display follow. To change any default value,
enter the line number for item, an equal sign (=), and then the value for the parameter.
Enter save to save all configured settings and move onto the next step in the group
creation process.
1) Vport
The virtual port number for this port. The next virtual port number available in the switch
is shown by default in this field.
2) Description
Enter a useful description for this virtual port using alphanumeric characters. The description may be up to 30 characters long.
3) Bridge Mode
Select the bridge mode used by this port. The choices are:
Spanning Tree Bridge.
The default setting for all non-Ethernet ports. This mode is appropriate for backbone and hub connections. The port acts as a standard 802.1d bridge port. It
forwards BPDU frames out the port. When frames are received, Spanning Tree BPDUs are
processed, and Spanning Tree dynamically controls the forwarding state. If flooding
occurs, all frames destined for unknown MAC addresses, broadcast addresses, or multicast
addresses will be sent to all ports in the same Group. Enter 3=b and press <Enter> to
select Spanning Tree Bridge mode.
Optimized Device Switching.
This mode is appropriate for dedicated connections to a single
workstation or server. Spanning Tree is turned off. No Spanning Tree BPDUs will be sent
and the port will always be in the forwarding state. The port will stay in this mode even if
a Spanning Tree BPDU is detected. In addition, all MACs learned will not be aged out
(regardless of the Bridge Aging Timer setting) until the port is disconnected or configured
to be administratively down. No flooding of packets with an unknown destination address
is allowed after at least one MAC address has been learned. (An exception to this rule
occurs on newer Mammoth-generation Ethernet modules, such as the ESM-100C-12, ESM100F-8, and ESM-C-32. When these ports are in optimized mode, packets with unknown
destination addresses will be flooded.) Packets with a broadcast or multicast destination
will always be allowed. Enter 3=o and press <Enter> to select Optimized Device Switching
mode.
Page 19-29
Creating a New Group
Auto-Switch.
The default setting for all Ethernet ports. This mode is appropriate for dedicated connections requiring a switch-over to bridge mode when multiple devices are
detected. A port in Auto-Switch mode will start in Optimized Device Switching mode (see
description above). The port will remain in Optimized Device Switching mode until a
Spanning Tree BPDU is detected or more than one MAC address transmits data. Once
either of these conditions is met, the port will switch to Spanning Tree Bridge mode and
Spanning Tree will start (if configured in the switch).
An Auto-Switch port will remain in Spanning Tree Bridge mode as long as there are
BPDUs and multiple MACs. However, the port can revert back to Optimized Device
Switching Mode if the time specified in the next field (Switch Timer) transpires without
BPDUs and multiple MACs. Also, if the port is disconnected or configured to be administratively down, then an Auto-Switch port will revert back to Optimized Device Switching
mode when it becomes operational again. Enter 3=a and press <Enter> to select AutoSwitch mode.
No
Optimized
Device
Switching
Mode
Greater
Than 1
MAC?
No
BPDUs
Detected?
Yes
Yes
Spanning
Tree
Bridge
Mode
No
No
Yes
BPDU
Detected?
Yes
Only 1
MAC Address
Detected?
No
Switch
Timer Period
Elapsed?
Yes
How Auto-Switch Bridge Mode Works
31) Switch Timer
If you selected the Auto-Switch bridge mode, then you can configure this field. Enter the
time-out period, in seconds, for an Auto-Switch port that has turned to Spanning Tree
Bridge mode port to revert back to Optimized Switching mode. When in Auto-Switch
mode, a port switches to Spanning Tree Bridge mode as soon as it detects a BPDU or
more than one MAC address. The port will switch back to Optimized Switching mode after
the time-out value you define here.
Page 19-30
Creating a New Group
4) Flood Limit
The flood limit allows you to tune a virtual port to limit the flooding of broadcast, multicast, and unknown destination packets. This feature is useful for controlling broadcast
storms on your network. While each network is different, in general the amount of
flooded traffic represents a relatively small percentage of network traffic.
The flood limit is actually a “transmit credit” that is issued every five (5) seconds. When a
packet is flooded on this port, the size of the packet, in bytes, is decremented from the
current credit value. The credit value is the value you enter in this field multiplied by five.
An additional credit, in the amount of the value you enter here multiplied by five, is allocated to each virtual port every five (5) seconds. If the credit value ever falls below zero,
then all flooded packets are discarded until another credit is allocated. Flood limit checking is disabled if you enter a flood limit of zero (0). The flood limit default is 192,000
bytes per second, which equates to a transmit credit of 960,000 bytes every five seconds.
5) Output Format Type
The output format setting determines the kind of frame that will be sent out this physical
port. If translation is necessary, then incoming frames will be translated to this format
before being sent out this port. For example, on an Ethernet port incoming FDDI frames
need to be translated to Ethernet. However, there are four types of Ethernet frames—
Ethernet II, IPX 802.3, SNAP, and LLC. The format type you select here would determine
the frame format to which non-Ethernet frames would be translated. The following figure
illustrates how a port’s framing type affects communication with attached devices.
♦ Note ♦
This parameter differs from the router framing type
selected during the configuration of the virtual router
port. The router framing type is the encapsulation done
on a router port, whereas this output format type
applies only to translations on this virtual port.
Page 19-31
Creating a New Group
OmniS/R
12345678
123456
Virtual Router
Group 2
Ports 1 and 2
VLAN
1
(default VLAN #1)
Ethernet Port 1:
Format set to
Ethernet II
Ethernet Port 2:
Format set to
SNAP
Server
Receives frames in
Ethernet II format.
Workstation
Receives frames in SNAP
format.
The Output Format Type
you set for each port determines the type of frames
that devices attached to
that port receive.
Output Framing Type on Physical Ports
Note that for Ethernet, the default output format option is Ethernet II for IP frames and
802.3 for IPX frames.
You can customize your frame translation settings even further through the Switch menu.
The Switch menu allows you to set translations at the frame format level (i.e., incoming
SNAP frames could be translated one way, while incoming LLC frames could be translated
another way) based on protocol type (IP or IPX). The Switch menu is explained in Chapter 18, “Configuring LAN Switch Translations.”
6) Ethernet 802.2 Pass Through
For Ethernet ports only. If you answer Yes to this prompt, then frames received in the
IEEE 802.2 format will not be translated according the Output Format Type chosen in line
5; they will be sent as is in their native IEEE 802.2 format. If you answer No, then 802.2
frames will be subject to the Output Format Type chosen in line 5.
Page 19-32
Creating a New Group
7) Admin, Operational Status
Select whether to administratively enable or disable this port. When you enable the port,
the port can transmit and receive data as long as a cable is connected and no physical or
operational problems exist. When you disable a port, the port will not transmit or receive
data even if a cable is connected and the physical connection is operational. If you
disable the port at this point, you can enable it later through the modvp command (see
Modifying a Virtual Port on page 19-45).
8) Mirrored Port Status
If the port you are configuring is Ethernet (10 or 10/100 Mbps), you can set up port
mirroring. You can mirror traffic on this port to another like port. Port mirroring is a
useful feature for monitoring traffic on particular ports. It is discussed in more detail later
in this chapter in Port Mirroring on page 19-57.
If you want to mirror this port, enter a 8=e, press <Enter> and you will be prompted for
the slot and port number of the “mirroring” port (i.e., the port that can “see” all traffic for
this port):
Mirroring vport slot/port ? ( ) :
Enter the mirroring port’s slot and port number and press <Enter>.
If port mirroring is not supported on this port, then the following prompt will display:
mirroring not supported on this port type
9) MAC address
Enter the MAC address for this virtual port if it is known.
After the MAC address prompt, the switch confirms the addition of the port to the group
with a message similar to the following:
Adding port 2/8 to Group 6. . .
Make configuration changes to the port until you are satisfied. If you have completed the
final virtual port, then your work is complete. You can always alter Group parameters
(including virtual router parameters for the default VLAN) later through the modvl
command (see Modifying a Group or VLAN on page 19-40) and modify virtual port parameters through the modvp command (see Modifying a Virtual Port on page 19-45).
Page 19-33
Creating a New Group
Step 5. Configuring AutoTracker Policies (Mobile Groups Only)
When you have completed configuring mobile group and auto-activated LANE services, you
can begin configuring AutoTracker policies for this mobile group. Instructions for configuring
these rules can be found in Chapter 20, “Configuring Group and VLAN Policies.” Please refer
to that chapter for instructions on configuring each policy type. After you configure
AutoTracker policies, you are done configuring this mobile group and a prompt similar to the
following displays:
VLAN 9: 1 created successfully
You can configure rules for this group later through the modatvl command. This command
also works with mobile groups as long as you indicate you want to alter VLAN 1 in the
mobile group (i.e., the command line would read modatvl 3:1 to modify mobile group 3).
♦ Note ♦
If the mobile group is initially created without rules, the
modatvl command cannot be used to add them later.
You must turn off group mobility and then reinstate it
to add the rules.
Page 19-34
Creating a WAN Routing Group
Creating a WAN Routing Group
After entering basic Group information as described in Step 1. Entering Basic Group Information on page 19-19, you should have answered Yes to the following prompt:
Enable WAN Routing? (n):
if you want to enable WAN Routing. WAN Routing Groups are treated differently than other
Groups, as described earlier. The following steps complete the configuration of the WAN
Routing Group.
a. After answering y to the Enable WAN Routing? prompt, the following prompt displays:
Enable IP (y):
Press <Enter> if you want to enable IP Routing on the virtual router port for this Group. If
you do not enable IP, then this WAN Group will not be able to route IP data. If you don’t
want to set up IP routing, enter n, press <Enter> and skip to Step g.
♦ Note ♦
You may enable routing of both IP and IPX traffic over
a WAN connection. If you set up dual-protocol routing,
you must fill out information for both IP and IPX
parameters.
b. The following prompt displays:
IP Address:
Enter the IP address for this virtual router port in dotted decimal notation or hexadecimal
notation (e.g., 198.206.181.10). This IP address is assigned to the virtual router port of the
default VLAN within this Group. After you enter the address, press <Enter>.
c. The following prompt displays:
IP Subnet Mask (0xffffff00):
The default IP subnet mask (in parentheses) is automatically derived from the default
VLAN IP address class. Press <Enter> to select the default subnet mask or enter a new
subnet mask in dotted decimal notation or hexadecimal notation and press <Enter>.
d. The following prompt displays:
IP Broadcast Address (198.200.10.255):
The default IP broadcast address (in parentheses) is automatically derived from the default
VLAN IP address class. Press <Enter> to select the default IP broadcast address or enter a
new broadcast address in dotted decimal notation or hexadecimal notation and press
<Enter>.
e. The following prompt displays:
Description (30 chars max):
Enter a useful description for this virtual IP router port using alphanumeric characters. The
description may be up to 30 characters long. Press <Enter>.
Page 19-35
Creating a WAN Routing Group
f.
The following prompt displays:
IP RIP Mode {Deaf (d),
Silent (s),
Active (a),
Inactive (i)}
(s):
Define the RIP mode in which the virtual router port will operate. RIP (Router Information
Protocol) is a network-layer protocol that enables the default VLAN in this Group to learn
and advertise routes. The RIP mode can be set to one of the following:
Silent. The default setting shown in parentheses. RIP is active and receives routing information from other VLANs, but does not send out RIP updates. Other VLANs will not receive
routing information concerning the default VLAN in this Group and will not include the
VLAN in their routing tables. Simply press <Enter> to select Silent mode.
Deaf. RIP
is active and sends routing information to other VLANs, but does not receive RIP
updates from other VLANs. The default VLAN in this Group will not receive routing information from other VLANs and will not include other VLANs in its routing table. Enter d and
press <Enter> to select Deaf mode.
Active. RIP
is active and both sends and receives RIP updates. The default VLAN in this
Group will receive routing information from other VLANs and will be included in the routing tables of other VLANs. Enter a and press <Enter> to select Active mode.
Inactive. RIP
is inactive and neither sends nor receives RIP updates. The default VLAN in
this Group will neither send nor receive routing information to/from other VLANs. Enter i
and press <Enter> to select Inactive mode.
g. You can now configure IPX routing on this port. The following message displays:
Enable IPX? (y) :
Press <Enter> if you want to enable IPX Routing on this virtual router port. If you do not
enable IPX, then the default VLAN in this WAN Group will not be able to route IPX data.
You can set up a virtual router port to route both IP and IPX traffic.
If you don’t want to enable IPX routing for the default VLAN in this Group, enter n and
press <Enter>. You can always set up IPX routing for other VLANs within this Group.
You are done configuring this WAN Routing Group. See the appropriate WAN interface
chapter for further information on configuring this Routing service.
h. After selecting to enable IPX, the following prompt displays:
IPX Network:
Enter the IPX network address. IPX addresses consist of eight hex digits and you can enter
a minimum of one hex digits in this field. If you enter less than eight hex digits, the
system prefixes your entry with zeros to create eight digits.
i.
The following prompt displays:
Description (30 chars max):
Enter a useful description for this virtual IPX router port using alphanumeric characters.
The description may be up to 30 characters long. Press <Enter>.
j.
The following prompt displays:
IPX Delay in ticks
(0):
Enter the number of ticks you want for the IPX network. A tick is about 1/18th of a
second. The default is 0.
Page 19-36
Creating a WAN Routing Group
k. After entering a description, the following prompt displays:
IPX RIP and SAP mode {RIP and SAP active (a)
RIP only active (r)
RIP and SAP inactive (i)}
RIP and SAP triggered (t)}
(a):
Select how you want the IPX protocols, RIP (router internet protocol) and SAP (service
access protocol), to be configured for the default VLAN in this Group. RIP is a networklayer protocol that enables this VLAN to learn routes. SAP is also a network-layer protocol
that allows network services, such as print and files services, to advertise themselves. The
choices are:
RIP and SAP active.
The default setting. The default VLAN to which this IPX router port is
attached participates in both RIP and SAP updates. RIP and SAP updates are sent and
received through this router port. Simply press <Enter> to select RIP and SAP active.
The default VLAN to which this IPX router port is attached participates in
RIP updates only. RIP updates are sent and received through this router port. Enter an r
and press <Enter> to select RIP only active.
RIP only active.
RIP and SAP inactive. The IPX
router port is active, but the default VLAN to which it is
attached does not participate in either RIP nor SAP updates. Enter an i and press <Enter> to
select RIP and SAP inactive.
RIP and SAP triggered. The IPX router port is active, but RIP and SAP information will be
sent out on the port only when a network change has occurred. This option is more cost
effective for WAN links and is best suited for smaller network environments that don’t
change often. Enter a t and press <Enter> to select RIP and SAP triggered.
When you are done entering Router parameters, a message similar to the following
displays:
GROUP 5 has been added to the system
You should now follow the instructions for configuring a WAN Routing Service described
in the appropriate WAN interface chapter.
Page 19-37
Viewing Current Groups
Viewing Current Groups
The gp command provides information on all currently defined Groups in a switch including
Group number, network address, protocol type, and encapsulation type. You can obtain
information on all groups in a switch by entering:
gp
A screen similar to the following displays:
Group
ID
Group Description
(:VLAN ID)
===== ===========================
1
Default GROUP (#1)
2
New GROUP (#2)
3
New GROUP (#3)
4
New Group (#4)
5
New GROUP
Network Address
Proto/
(IP Subnet Mask)
Encaps
or (IPX Node Addr)
=============== ========
198.206.182.115
IP /
(ff.ff.ff.00)
ETH2
198.206.101.12
IP /
(ff.ff.ff.00)
SNAP
198.206.181.10
IP/
(ff.ff.ff.00)
1490
198.206.183.44
IP /
(ff.ff.ff.00)
ETH2
12314526
IPX /
(0020da:020484)
8023
198.206.143.11
CIP /
(ff.ff.ff.00)
1483
You can also get information on a specific Group by entering gp followed by the Group
number. For example,
gp 3
displays information just on Group 3:
Group
ID
Group Description
(:VLAN ID)
===== ===========================
3
New GROUP (#3)
Network Address
Proto/
(IP Subnet Mask)
Encaps
or (IPX Node Addr)
=============== ========
198.206.181.10
IP /
(ff.ff.ff.00)
1490
The following sections describe the columns in this table:
Group ID (:VLAN ID). The identification number assigned to this Group when it was created
through the crgp command. The Group identifier is typically consistent network-wide (i.e.,
Group 3 in this switch should be the same Group as Group 3 configured in all other Omni
Switch/Routers in the network). If this Group contains any VLANs, then they will be listed
below the Group number. If the default VLAN in the Group supports both IP and IPX routing, then information on both (network address, etc) will display. Group 4 in the screen
sample above shows a case where both IP and IPX routing are supported.
Group Description.
The textual description of this Group that was entered when the Group was
created or modified. This description is limited to 30 characters.
Network Address (IP Subnet Mask) or (IPX Node Addr). For each virtual router port configured,
two addresses are listed. Both of these addresses were configured when the Group was
created or modified through crgp or modvl. The first address is the Network Address, which is
the address of the virtual router port for the default VLAN (VLAN #1) in this Group. For an IP
virtual router port, this address is the IP address, which is shown in dotted decimal format.
For an IPX virtual router port, this address is the IPX network address, which is shown as
eight hex characters.
Page 19-38
Viewing Current Groups
A second address is displayed below the Network address. For IP, this address is the IP
Subnet Mask, which is normally derived from the default VLAN IP address class. For IPX, this
address is the IPX Node Address.
Proto/Encaps.
For each Group or VLAN listed, the top field is the Protocol supported by this
virtual router port. Possible values in the field are: IP (IP router), IPX (IPX router), and CIP
(Classical IP Group with CIP router). If you configured an IP and an IPX router port, then two
router entries will be listed—one with a Protocol of IP and the other with a Protocol of IPX.
The bottom field is the encapsulation used for outgoing frames on the router port. This
encapsulation was configured when the router port was configured. Possible values for this
field depend on the Protocol and type of Group.
Frame Relay WAN Groups will always display 1490 to indicate RFC 1490 encapsulation is
performed on frames.
IP and IPX routers have additional possible encapsulation types. For IP virtual router ports,
the possible encapsulation types are as follows:
•
•
•
•
•
ETH2
SNAP
FDDI
8025
TSRS
Ethernet II
Ethernet 802.3 SNAP
FDDI
Token Ring 802.5
Token Ring Source Routing
For IPX virtual router ports, the possible encapsulation types are as follows:
•
•
•
•
•
•
•
•
•
•
•
•
ETH2
LLC
SNAP
8023
FDDI
FSRS
FLLC
FSRL
8025
TSRS
TLLC
TSRL
Ethernet II
Ethernet 802.3 LLC
Ethernet 802.3 SNAP
Ethernet 802.3 (Novell raw)
FDDI SNAP
FDDI Source Routing SNAP
FDDI LLC
FDDI Source Routing LLC
Token Ring SNAP
Token Ring Source Routing SNAP
Token Ring LLC
Token Ring Source Routing LLC
Page 19-39
Modifying a Group or VLAN
Modifying a Group or VLAN
After creating a Group (through crgp) or VLAN (through cratvl, see Chapters 20 and 22), you
can change any of their parameters through the modvl command. In addition, if you did not
set up a virtual router port (IP or IPX) during the initial Group or VLAN configuration, you can
set one up with modvl. To use this command, enter modvl followed by the Group number and
VLAN number to change. For example, to modify parameters in Group 2, VLAN 1, enter:
modvl 2
Note that you do not need to specify a VLAN number to modify the default VLAN within a
Group. To modify parameters in Group 2, VLAN 2, you would enter:
modvl 2:2
A screen similar to the following displays.
Current values associated with GROUP 2.1 are as follows:
1) GROUP Number
- 2:1
2) Description
- New GROUP (#2)
IP Parameters:
3) IP enabled
-Y
4) IP Network Address - 198.206.101.12
5) IP Subnet Mask
- 255.255.255.0
6) IP Broadcast Address - 198.206.101.255
7) Router Description
- Router Port #2
8) RIP Mode
- Silent
{Active (a), Inactive (i), Deaf (d), Silent (s)}
9) Routing disabled
-N
11) Default Framing
- Ethernet II
{Ethernet II(e), Ethernet 802.3 (8), fddi (f),
token ring (t), source route token ring (s)}
IPX parameters:
12) IPX enabled
-N
(save/quit/cancel)
:
The Group number at the top of this sample screen is followed by the number 1 (GROUP 2.1),
meaning that the information applies to default VLAN #1 in this Group. If this screen displayed
information on Group 2, VLAN 2, then this field would read GROUP 2:2.
The colon prompt (:) at the bottom of the screen is used to prompt for user input. To change
a value, type the line number of the item you want to change, followed by an equal sign (=)
and the new value. For example, to set a new description you could enter:
2=Engineering
All of the modvl parameters are described in the section for creating a new Group, Creating a
New Group on page 19-18.
♦ Note ♦
Line numbering for the modvl command will vary
depending on whether you have an IP or IPX router
configured. Each type of router contains several parameters that require extra line numbers.
Page 19-40
Modifying a Group or VLAN
Viewing Your Changes
When you enter a change at the colon prompt, the modvl screen does not normally refresh. If
you want to see the current Group or VLAN settings, including any changes you made, enter a
question mark (?) at the colon prompt. The modvl screen will refresh.
Saving Your Changes
Once you have entered all your modifications and you want to save them, type save at the
colon prompt. You will exit the modvl command and your changes will take effect.
Canceling Your Changes
You can also exit the modvl command without saving any changes you made in the current
session. Simply enter cancel at the colon prompt or enter <Ctrl>-d. The modvl command will
end and none of the changes you made will be saved.
Changing the IP Address
Changing the IP address can also affect the Subnet Mask and the Broadcast Address. The new
IP address means that the Subnet Mask and Broadcast Address must be re-generated and the
following message displays:
New IP address generates new subnet and broadcast address
Enter ‘?’ to view the changes
The system automatically creates new Subnet Mask and Broadcast addresses based on the
new IP address. If you enter a question mark (?) at this point you could view these changes.
If you remove the last IP address in the system, you will see a warning message that SNMP
(and other applications) are now inoperational.
Changing the IP Subnet Mask
Changing the IP Subnet Mask can also affect the IP Broadcast Address. The new Subnet Mask
means that the Broadcast Address must be re-generated and the following message displays:
New mask caused change in broadcast address
The system automatically created a new Broadcast address based on the new Subnet Mask. If
you entered a question mark (?) at this point you could view these changes.
Page 19-41
Modifying a Group or VLAN
Enabling IP or IPX Routing
If you enable IP or IPX routing by setting the corresponding modvl lines from N to Y, then the
screen automatically refreshes with additional lines for the new router port parameters. All
lines are set to router defaults. The router defaults are as follows:
IP Router
IP Network Address
IP Subnet Mask
IP Broadcast Address
Router Description
Routing Disabled
RIP Mode
Default Framing Type
0.0.0.0
0.0.0.0
0.0.0.0
(no description shown for default)
No
Silent
Ethernet II
IPX Router
IPX Network Address
Router Description
Delay in Ticks
RIP/SAP Mode
Default Framing Type
0x0
(no description shown for default)
0
RIP and SAP are active
Ethernet II
You can change any of these defaults as you would any other modvl parameters: enter the
line number, followed by an equal sign (=) and the new parameter.
♦ Note ♦
You must at least enter a Network Address for a new
router or you will not be able to save the configuration.
Page 19-42
Deleting a Group
Deleting a Group
You can delete a Group as long as it does not contain any virtual ports. The default Group,
Group #1, cannot be deleted. To delete a Group, enter rmgp followed by the Group number
you want to delete. For example, if you wanted to delete Group 5, you would enter:
rmgp 5
If the Group does not contain any virtual ports, then a confirmation message displays:
GROUP 5 removed.
If the Group still contains virtual ports, then a message similar to the following displays:
GROUP 5 has active entries, you must remove
these prior to removing the GROUP (use rmvp for this).
You must first remove the Group’s virtual ports before the Group can be removed. The rmvp
command allows you to remove virtual ports. See Deleting a Virtual Port on page 19-46 for
information on using this command.
♦ Note ♦
Some commands in the Bridge Management menu
(described in Chapter 17, “Configuring Bridging Parameters”) require you to select a Group before making
configuration changes. If you delete the currently
selected Group with rmgp, then the new currently
selected Group reverts to the default Group, Group #1.
Page 19-43
Adding Virtual Ports
Adding Virtual Ports
You can add virtual ports to a Group at any time after the Group is created. The addvp
command allows you to add one or more ports to a Group you specify. If you have used the
crgp command to add virtual ports, then you will find the addvp command fields very familiar.
To use addvp, enter the command followed by the Group number to which you want to add
the port. Next, specify the port or ports you want to add.
addvp <Group Number for port> <Module Slot>/<Port Number>
For example, if you wanted to add ports 4 through 6 on the module in slot 4 to Group #5,
then you would specify:
addvp 5 4/4-6
The procedure for using addvp is as follows:
1. Enter addvp followed by the Group number where you want this port to reside, followed
by the physical slot and port numbers you want to configure.
2. If you enter a port that is already assigned to another Group, then you will be prompted
on whether or not you want to change its assignment. A message similar to the following
displays for each port that you enter:
4/4 - This interface has already been assigned to GROUP 1 (Default GROUP #1).
Do you wish to remove it from that GROUP and assign it (with
new configuration values) to this GROUP (n)?
Simply enter a y at each port prompt to change its Group assignment and begin setting
port parameters. You could also enter a c at this prompt to accept all default port parameters and skip port configuration questions. If you enter a c, all remaining ports are automatically added to the Group with default settings, and your work is complete.
3. The virtual port configuration menu displays:
Modify Ether/8 Vport 4/4 Configuration
1) Vport
2) Description
3) Bridge Mode
31) Switch Timer
4) Flood Limit
5) Output Format Type
6) Ethernet 802.2 Pass Through
7) Admin, Operational Status
8) Mirrored Port Status
9) MAC Address
:9
:
: Auto-Switched
: 60
: 192000
: Default (IP-Eth II, IPX-802.3)
: Yes
: Enabled, inactive
: Disabled, available
: 000000:000000
Command {Item=Value/?/Help/Quit/Redraw/Next/Previous/Save} (Redraw) :
Descriptions for each of the fields in this display begin on page 19-29. To change any
default value, enter the line number for the item, an equal sign (=), and then the value for
the parameter. When you have completed the configuration for this port, enter save to
save all configured settings.
Page 19-44
Modifying a Virtual Port
Modifying a Virtual Port
You can modify a virtual port through the modvp command. The modvp command is very
similar to the addvp command and the port configuration phase of the crgp command. To use
modvp, enter the command, followed by the Group number for the port, and the physical slot
and port number for the port:
modvp <Group Number for port> <Module Slot>/<Port Number>
You can specify only one port at a time. For example, if you wanted to modify the parameters for Port 7 on the module in Slot 4, and the Port currently resides in Group 6, then you
would enter:
modvp 6 4/7
The procedure for using modvp is as follows:
1. Enter modvp followed by the Group number where the port currently resides, the physical slot and port number.
2. A prompt displays requesting your confirmation:
Modify local port 7 (Virtual port (#14)) ?
(y) :
Simply press <Enter> if this is the correct virtual port. The Virtual Port number in parentheses (Virtual Port #14 in this case) is the virtual port number within this entire Omni
Switch/Router. Virtual ports are numbered sequentially within the switch, not within a
Group or VLAN.
3. The virtual port configuration menu displays:
Modify Ether/8 Vport 4/7 Configuration
1) Vport
2) Description
3) Bridge Mode
31) Switch Timer
4) Flood Limit
5) Output Format Type
6) Ethernet 802.2 Pass Through
7) Admin, Operational Status
8) Mirrored Port Status
9) MAC Address
:9
:
: Auto-Switched
: 60
: 192000
: Default (IP-Eth II, IPX-802.3)
: Yes
: Enabled, inactive
: Disabled, available
: 000000:000000
Command {Item=Value/?/Help/Quit/Redraw/Next/Previous/Save} (Redraw) :
Descriptions for each of the fields in this display begin on page 19-29. To change any
default value, enter the line number for the item, an equal sign (=), and then the value for
the parameter. When you have completed the configuration for this port, enter save to
save all configured settings.
Page 19-45
Deleting a Virtual Port
Deleting a Virtual Port
You can delete a virtual port from its existing Group by using the rmvp command. When you
remove a virtual port, the port is moved to the default switch Group, Group #1, and all port
parameters are reset to defaults except for the port name. For example, if you configured a
port with a special flood limit and customized translation settings and you then removed the
port, you would lose those port settings.
To remove a port, enter the rmvp command, followed by the Group number where the port
currently resides and the physical slot and port number for the port:
rmvp <Group number> <Module Slot>/<Port Number>
For example, to delete Port 7 on the module in Slot 4, and the Port currently resides in Group
6, you would enter:
rmvp 6 4/7
A prompt displays requesting that you confirm the deletion:
Local port 7 (Virtual po...) is attached to this slot/interface - remove? (n):
Enter a y and press <Enter> to remove the port. Another message displays confirming the
deletion:
BRIDGE port on 4/7 moved to GROUP 1.
If the port you specified did not exist in the Group you specified in the rmvp command, then
a message similar to the following would display:
Specified port(s) not found on GROUP 6.
Page 19-46
Viewing Information on Ports in a Group
Viewing Information on Ports in a Group
The via command allows you to view port attachments associated with a specified Group or
all Groups in a switch. Entering
via
displays summary information for all virtual ports in the switch. You can also display virtual
interface attachments for a specific Group by specifying the Group ID after the via command.
For example, to view ports for Group 2, you would enter
via 2
The same type of information is displayed for a single Group as is displayed for all Groups.
The following screen shows a sample from the via command when specified without a Group
ID.
GROUP Interface Attachments For All Interfaces
GROUP:
Service/
Slot/Intf
Description
Instance
======= ============================= ==========
1.1 : * GROUP #1.0 IP router vport
Rtr
/ 1
2.1 : * for group 2
Rtr
/ 2
1:2/1 Virtual port (#2)
Brg
/ 1
1:2/2 Virtual port (#3)
Brg
/ 1
1:2/3 Virtual port (#4)
Brg
/ 1
2:2/4 finance server
Brg
/ 1
1:2/5 Virtual port (#6)
Brg
/ 1
1:2/6 Virtual port (#7)
Brg
/ 1
1:2/7 Virtual port (#8)
Brg
/ 1
1:2/8 Virtual port (#9)
Brg
/ 1
1:3/1 Virtual port (#1)
Brg
/ 1
1:4/1 Virtual port (#10)
Brg
/ 1
1:4/2 Virtual port (#11)
Brg
/ 1
1:4/3 Virtual port (#12)
Brg
/ 1
1:4/4 Virtual port (#13)
Brg
/ 1
1:4/5 Virtual port (#14)
Brg
/ 1
1:4/6 Virtual port (#15)
Brg
/ 1
Protocol
=========
IP
IP
Tns
Tns
Tns
Tns
Tns
Tns
Tns
Tns
Tns
Tns
Tns
Tns
Tns
Tns
Tns
Admin
Status
=======
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
GROUP: Slot/Intf. GROUP
is the group number to which this port is assigned. When the Group
displays as a Group number followed by a decimal and a 1 (1.1 and 2.1 in the above sample),
it represents the router port on the default VLAN within that Group. Slot is the position in the
chassis of the switching module where this port is located. Intf (Interface) is the physical port
on the switching module. When the Slot and Interface are shown as an asterisk (*)—as the
top two entries in the above table display—it represents as virtual router port that does not
have a corresponding physical interface.
Description.
The textual description entered for either the virtual router port or the virtual
switch port. This description was entered through crgp or modvl for virtual router ports, or
through crgp, addvp, or modvp for virtual switch ports.
Service/Instance. Service
is the service type configured for this port. Instance is an identifier of
this service type within the switch. For example, multiple virtual router ports within the
switch will be labelled consecutively (1, 2, 3, etc.), and will each have a different Instance
number.
Values for the service type are as follows:
Page 19-47
Viewing Information on Ports in a Group
•
•
•
•
•
•
•
•
Rtr
Brg
Tnk
T10
FRT
Lne
CIP
Vlc
Virtual router port
Virtual bridge port
Virtual trunk port (used for WAN)
802.10 FDDI service port
Frame Relay trunk port
LAN Emulation service port
Classical IP service port
VLAN Clusters (X-LANE) service port
Protocol. The bridging protocol for virtual ports and services or the routing protocol for virtual
router ports. Possible values are:
• Tns
• SR
• SRT
• IP
• IPX
• FR
Page 19-48
Transparent bridge. Bridges maintain a dynamic table of known MAC
addresses on connected segments. The table is used to make forwarding decisions. When a frame is received that contains a destination address that
matches an address in the table, it is forwarded to designated bridge ports
that are in forwarding state.
Source Routing Bridge. Normally used in Token Ring environments. Routing
information is determined by looking at the Routing Information Field (RIF) in
a frame. The RIF contains the segment and bridge numbers that create the
path to the destination.
Source Routing Transparent. Normally used in Token Ring environments.
Allows Source Routing and Transparent bridges to coexist. The Source Routing Transparent Bridge will form a Spanning Tree with other Transparent
Bridges and Source Routing Transparent Bridges and will forward frames that
do not contain a Routing Information Field (RIF) to destinations reachable by
the Spanning Tree. If the bridge detects routing information in the RIF, it will
forward it the same way Source Routing bridges do.”
IP Routing Protocol. Routing Information Protocol (RIP) used to learn routes
from neighboring routers. You configure an IP router through the crgp or
modvl commands. Other IP routing parameters can be set through the
Networking menu commands, which are described in Chapter 25, “IP Routing.”
IPX Routing Protocol. Uses RIP to learn routes from neighboring routers and
the Service Advertising Protocol (SAP) to maintain a database of network
services for requesting workstations. Other IPX routing parameters can be set
through the Networking menu commands, which are described in Chapter 27,
“IPX Routing.”
Frame Relay IP Routing. WAN Routing Groups are configured slightly different from other Groups. Frame Relay IP Routing is IP Routing with some
enhancements to account for the Frame Relay network.
Viewing Information on Ports in a Group
Admin Status. Indicates whether the port is administratively Enabled or Disabled. When Enabled,
the port can transmit and receive data as long as a cable is connected and no physical or
operational problems exist. When Disabled, the port will not transmit or receive data even if a
cable is connected and the physical connection is operational. You can set the Admin Status
during port configuration phase of the crgp, addvp, or modvp commands.
Page 19-49
Viewing Detailed Information on Ports
Viewing Detailed Information on Ports
The vi command displays detailed information about virtual ports. Entering
vi
displays information for all virtual ports in the switch. You can also display information for
only ports in a specific Group by specifying the Group ID after the vi command. For example, to view information only for ports in Group 6, you would enter
vi 6
The same type of information is displayed for a single Group as is displayed for all Groups.
The following screen shows a sample from the vi command when specified without a Group
ID.
Virtual Interface Summary Information- For All Interfaces
Status
Slot/ Type/
-----------------------------------Group Intf
Inst/Srvc
MAC Address Prt Encp Admin Oper Spn Tr Mode
===== === =========== ============= === ==== ====== ===== ====== ======
1 All Rtr/ 1
0020da:020d40 IP ETH2 Enabld Active N/A
N/A
2 All Rtr/ 2
0020da:020d43 IP ETH2 Enabld Active N/A
N/A
2 All Rtr/ 3
0020da:020d44 IP ETH2 Enabld Active N/A
N/A
1 3/1 Brg/ 1/ 1 0020da:048730 Tns DFLT Enabld Inactv Disabl Bridged
1 4/1 Brg/ 1/ na 0020da:030990 Tns DFLT Enabld Active Fwdng Bridged
1 4/2 Brg/ 1/ na 0020da:030991 Tns DFLT Enabld Inactv Disabl Bridged
1 4/3 Brg/ 1/ na 0020da:030992 Tns DFLT Enabld Inactv Disabl Bridged
1 4/4 Brg/ 1/ na 0020da:030993 Tns DFLT Enabld Inactv Disabl Bridged
1 4/5 Brg/ 1/ na 0020da:030994 Tns DFLT Enabld Inactv Disabl Bridged
1 4/6 Brg/ 1/ na 0020da:030995 Tns DFLT Enabld Inactv Disabl Bridged
1 4/7 Brg/ 1/ na 0020da:030996 Tns DFLT Enabld Inactv Disabl Bridged
2 4/8 Brg/ 1/ na 0020da:030997 Tns DFLT Enabld Inactv Disabl Bridged
1 5/1 Brg/ 1/ na 0020da:022860 Tns DFLT Enabld Inactv Disabl Bridged
Group.
The Group number to which this port is currently assigned.
Slot/Intf. The slot (Slot) is the position in the chassis of the switching module where this port
is located. The interface (Intf) is the physical port on the switching module. If this column
reads All, then this port is a router port that supports all virtual ports in the Group.
Type/Inst/Srvc. The Service Type (Type), Instance (Inst) of this Service Type in the switch, and
service number (Srvc) for this virtual port. Service Type values are as follows:
•
•
•
•
•
•
•
•
Rtr
Brg
Tnk
T10
FRT
Lne
Vlc
CIP
Page 19-50
Virtual router port
Virtual bridge port
Virtual trunk port (used for WAN)
802.10 FDDI service port
Frame Relay trunk port
LAN Emulation service port
VLAN clusters (X-LANE) service port
Classical IP service port
Viewing Detailed Information on Ports
The Instance (Inst) is an identifier of this type of service within the switch. For example, if
more than one virtual router port is configured in the switch, then each “instance” of a router
will be given a different number. The service number (Srvc) is port-specific. If a port has
more than one service configured on it, then each service will be identified by a different
service number.
MAC Address.
The MAC address for this virtual port. Each virtual port is allocated a MAC
address.
Prt.
The bridging or routing protocol supported by this virtual port. Descriptions of these
protocol types are provided on page 19-48. Possible values are:
•
•
•
•
•
•
•
Tns
SR
SRT
IP
IPX
CIP
FR
Transparent Bridge
Source Routing Bridge
Source Routing Transparent Bridge
IP Routing Protocol
IPX Routing Protocol
Classical IP Routing (RFC 1577)
Frame Relay IP Routing
Encp. Encapsulation used for outgoing packets on this virtual router or switch port. Possible
encapsulation values are:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
DFLT
SWCH
ETH2
ESNP
ELLC
8023
8025
TSRS
TLLC
TSRL
FDDI
FSRS
FLLC
FSRL
1490
1483
SNAP
LLC
Default format for this switch port (differs for each interface type)
Frame translations have been customized through the Switch menu
Ethernet II
Ethernet 802.3 SNAP (virtual router ports)
Ethernet 802.3 LLC (IPX router ports only)
Ethernet 802.3, Novell Raw (IPX router ports only)
Token Ring 802.5 SNAP (virtual router ports)
Token Ring Source Routing SNAP (virtual router ports)
Token Ring LLC (IPX router ports only)
Token Ring Source Routing LLC (IPX router ports only)
FDDI SNAP (virtual router ports)
FDDI Source Routing SNAP (IPX router ports only)
FDDI LLC (IPX router ports only)
FDDI Source Routing LLC (IPX router ports only)
Frame Relay Routing (RFC 1490)
Classical IP Routing (RFC 1483)
SNAP (switch ports only)
LLC (switch ports only)
Admin. Indicates whether the port is administratively Enabled or Disabled. When Enabld, the
port can transmit and receive data as long as a cable is connected and no physical or operational problems exist. When Disabld, the port will not transmit or receive data even if a cable
is connected and the physical connection is operational. You can set the Administrative Status
during the port configuration phase of the crgp command, the addvp command, or the modvp
command. A port can have an Administrative Status of Enabled, but still be operationally
Inactive. See the description of the Oper column below.
Page 19-51
Viewing Detailed Information on Ports
Oper. Indicates the current Operational Status of the port. The port will be Active (Active) or
Inactive (Inactv). If the port is Active, then the port can pass data and has a good physical
connection. If it is Inactive, then it may not have a good physical connection and it is not
capable of passing data at this time.
Spn Tr.
The port’s current state as defined by the Spanning Tree Protocol. The possible Spanning Tree States are: Disabled, Blocking, Listening, Learning, and Forwarding. This state
controls the action a port takes when it receives and transmits a frame. For ports which are
Administratively disabled or Operationally Inactive, this state will be Disabled (Disabl), meaning the Spanning Tree algorithm is not active on this port. If the state is Blocking, then only
BPDUs will be transmitted and received. If the state is Forwarding, then both data and BPDU
frames will be transmitted and received. This Spanning Tree Protocol state is not applicable to
virtual router ports and will read N/A for those ports.
Mode. The
Bridge Mode currently in use on this port. This mode is chosen during the port
configuration phase of the crgp command, through the addvp command, or through the
modvp command. It is not applicable to virtual router ports and will read N/A for those ports.
Possible values are:
• Bridged
Spanning Tree Bridge.
• AutoSw
Auto Switch.
• Optimzd
Optimized Device Switching.
See page 19-29 for a description of these bridge modes.
Page 19-52
Viewing Port Statistics
Viewing Port Statistics
The vs command displays transmit and receive statistics for ports in the switch. Entering
vs
displays statistics for all virtual ports in the switch. You can also display statistics for only
ports in a specific Group by specifying the Group ID after the vs command. For example, to
view statistics only for ports in Group 6, you would enter
vs 6
You can also display statistics for a specific port by entering the slot and port number after
the vs command. For example, to view statistics only for Port 1 on the module in Slot 4, you
would enter
vs 4/1
The same type of information is displayed for a single Group or port as is displayed for all
ports in a switch. The following screen shows a sample from the vs command when specified without any Group or port parameters.
Virtual Interface Statistical Information- For All Interfaces
Frames
Octets
UcastPkts
NUcastPkts
Slot/ Service/
In
In
In
In
Group Intf
Instance
Out
Out
Out
Out
===== === =========== =========== =========== ============ =============
1 All Rtr/ 1
2 All Rtr/ 2
3 All Rtr/ 3
1 3/1 Tnk/ 1
0
0
0
0
0
0
0
0
1 4/1 Brg/ 1
17774
1739560
1707
16067
684
103048
681
3
1 4/2 Brg/ 1
0
0
0
0
0
0
0
0
1 4/3 Brg/ 1
0
0
0
0
0
0
0
0
1 4/4 Brg/ 1
0
0
0
0
0
0
0
0
1 4/5 Brg/ 1
0
0
0
0
0
0
0
0
1 4/6 Brg/ 1
0
0
0
0
0
0
0
0
1 4/7 Brg/ 1
0
0
0
0
0
0
0
0
1 4/8 Brg/ 1
0
0
0
0
0
0
0
0
1 5/1 Brg/ 1
0
0
0
0
0
0
0
0
Group, Slot/Intf. These
Service/Instance. The
columns are described for the vi command on page 19-50.
Service Type (Service) and Instance (Instance) of this Service Type in the
switch.
Page 19-53
Viewing Port Statistics
Service Type values are as follows:
•
•
•
•
•
•
•
•
Rtr
Brg
Tnk
T10
FRT
Lne
Vlc
CIP
Virtual router port
Virtual bridge port
Virtual trunk port (used for WAN)
802.10 FDDI service port
Frame Relay trunk port
LAN Emulation service port
VLAN clusters (X-LANE) service port
Classical IP service port
The Instance (Inst) is an identifier of this type of service within the switch. For example, if
more than one virtual router port is configured in the switch, then each “instance” of a router
will be given a different number.
Frames In/Out.
The number of frames received or sent from this port. The top number for each
port row is the number of frames received, and the bottom number is the number of frames
sent. Statistics are not provided for virtual router ports in this display, but they are provided
through Networking menu commands. See Chapters 25 and 27 for further information on
router port statistics.
Octets In/Out. The number of octets, or bytes, received or sent from this port. The top number
for each port row is the number of octets received, and the bottom number is the number of
octets sent. Statistics are not provided for virtual router ports, but they are provided through
Networking menu commands. See Chapters 25 and 27 for further information on router port
statistics.
Ucast Pkts In/Out.
The total number of unicast packets received or sent from this port. The top
number for each port row is the number of unicast packets received, and the bottom number
is the number of unicast packets sent. Statistics are not provided for virtual router ports, but
they are provided through Networking menu commands. See Chapters 25 and 27 for further
information on router port statistics.
Non Ucast Pkts In/Out. The total number of non-unicast packets received or sent from this port.
Non-unicast frames include multicast and broadcast frames. The top number for each port
row is the number of non-unicast packets received, and the bottom number is the number of
non-unicast packets sent. Statistics are not provided for virtual router ports, but they are
provided through Networking menu commands. See Chapters 25 and 27 for further information on router port statistics.
Page 19-54
Viewing Port Errors
Viewing Port Errors
The ve command displays port error statistics for ports in the switch. Entering
ve
displays error statistics for all virtual ports in the switch. You can also display errors statistics
for only ports in a specific Group by specifying the Group ID after the ve command. For
example, to view errors only for ports in Group 6, you would enter
ve 6
You can also display error statistics for a specific port by entering the slot and port number
after the ve command. For example, to view errors only for Port 1 on the module in Slot 4,
you would enter
ve 4/1
The same type of information is displayed for a single Group or port as is displayed for all
ports in a switch. The following screen shows a sample from the ve command when specified without any Group or port parameters.
Virtual Interface Error Information- For All Interfaces
Slot/ Service/
Buffer Discards
Error Discards
Group Intf
Instance
In
Out
In
Out
===== === =========== =========== =========== ============ =============
2 All Rtr/ 1
3 All Rtr/ 2
1 All Rtr/ 1
1 3/1 Tnk/ 1
0
0
0
0
1 4/1 Brg/ 1
0
0
0
0
1 4/2 Brg/ 1
0
0
0
0
1 4/3 Brg/ 1
0
0
0
0
1 4/4 Brg/ 1
0
0
0
0
1 4/5 Brg/ 1
0
0
0
0
1 4/6 Brg/ 1
0
0
0
0
1 4/7 Brg/ 1
0
0
0
0
1 4/8 Brg/ 1
0
0
0
0
1 5/1 Brg/ 1
0
0
0
0
Group, Slot/Intf. These
columns are described for the vi command on page 19-50.
Service/Instance. The Service Type (Service) and Instance (Instance) of this Service Type in the
switch. Service Type values are as follows:
•
•
•
•
•
•
•
•
Rtr
Brg
Tnk
T10
FRT
Lne
Vlc
CIP
Virtual router port
Virtual bridge port
Virtual trunk port (used for WAN)
802.10 FDDI service port
Frame Relay trunk port
LAN Emulation service port
VLAN clusters (X-LANE) service port
Classical IP service port
Page 19-55
Viewing Port Errors
The Instance (Inst) is an identifier of this type of service within the switch. For example, if
more than one virtual router port is configured in the switch, then each “instance” of a router
will be given a different number.
Buffer Discards In/Out. For transmit (Out) and receive (In), the number of frames discarded due
to a lack of buffer space. Buffer discard information is not provided for virtual router ports.
Error Discards In/Out.
For transmit (Out) and receive (In), the number of frames discarded due
to errors. Error discard information is not provided for virtual router ports.
Page 19-56
Port Mirroring
Port Mirroring
You can set up Port Mirroring for any pair of Ethernet (10 or 10/100 Mbps) within the same
switch chassis. Ethernet ports supporting port mirroring include10BaseT (RJ-45), 10BaseFL
(fiber), 10Base2 (BNC), and 10Base5 (AUI) connectors. When you enable port mirroring, the
active, or “mirrored,” port transmits and receives network traffic normally, and the “mirroring” port receives a copy of all transmit and receive traffic to the active port. You can connect
an RMON probe or network analysis device to the mirroring port to see an exact duplication
of traffic on the mirrored port without disrupting network traffic to and from the mirrored
port.
Port mirroring is supported on Omni Switch/Router chassis for Ethernet (10 or 10/100 Mbps)
ports only. An Ethernet port can only be mirrored by one other Ethernet port. A mirroring
port can only mirror one port at a time. Up to five (5) mirroring sessions (mirrored-mirroring
port pairs) are supported in a single switch chassis. The mirrored and mirroring ports can be
in different Groups and different VLANs.
How Port Mirroring Works
When a frame is received on a Mirrored Port it is copied and sent to the Mirroring Port. The
received frame is actually transmitted twice across the switch backplane—once for normal
bridging and then again to the Mirroring Port.
When a frame is transmitted by the mirrored port, a copy of the frame is made, tagged with
the mirroring port as the destination, and sent back over the switch backplane to the mirroring port. The following diagram illustrates the data flow for a Mirrored-Mirroring port pair.
Mirrored Port
Mirroring Port
Copied Incoming Frames
Incoming and outgoing
frames on the Mirrored port
are copied and transmitted
to the Mirroring Port.
Incoming
Frames
Copied Outgoing Frames
Outgoing
Frames
Relationship Between Mirrored and Mirroring Port
When port mirroring is enabled, there may be some performance degradation since all frames
received and transmitted by the Mirrored port need to be copied and sent to the Mirroring
port.
What Happens to the Mirroring Port
Once you set up port mirroring and attach cables to the Mirrored and Mirroring ports, the
Mirroring port is administratively disabled and no longer a part of the Bridging Spanning Tree.
The Mirroring port does not transmit or receive any traffic on its own. In addition, the Admin
Status of the mirroring port displays in switch software commands, such as vi, as
M <slot> <port>
Page 19-57
Port Mirroring
where <slot> is the slot number of the module containing the mirrored port, and <port> is the
port number of the mirrored port. For example, if the Admin Status of a port displayed as
M 3 02
then you would know this port is mirroring traffic for Port 2 on the module in Slot 3.
If a cable is not attached to the Mirrored port, port mirroring will not take place. In this case,
the Mirroring Port reverts back to its normally operational state and will bridge frames as if
port mirroring were disabled.
Using Port Mirroring With External RMON Probes
Port mirroring is a helpful monitoring tool when used in conjunction with an external RMON
probe. Once you set up port mirroring, the probe can collect all relevant RMON statistics for
traffic on the mirrored port. You can also move the Mirrored Port so that the Mirroring Port
receives data from different ports. In this way, you can roam the switch and monitor traffic at
various ports.
If you attach an external RMON probe to a mirroring port, that probe must have an IP address
that places it in the same VLAN as the mirrored port. In addition if you change the mirrored
port, then you must again make sure that the RMON probe is in the same VLAN as that new
mirrored port.
Mirrored Port
Mirroring Port
RMON Probe
Must be in same VLAN.
Mirrored and Mirroring Ports in Same VLAN
Frames received from an RMON probe attached to the Mirroring Port can be seen as being
received by the Mirrored Port. These frames from the Mirroring Port are marked as if they are
received on the Mirrored Port before being sent over the switch backplane to an NMS station.
Therefore, management frames from an NMS station that are destined for the RMON probe are
first forwarded out the Mirrored Port. After being received on the Mirrored Port, copies of the
frames are mirrored out the Mirroring Port—the probe attached to the Mirroring Port receives
the management frames. The illustration on the following page shows this data flow.
Page 19-58
Port Mirroring
Mirrored Port
Mirroring Port
probe frames sent
➊ RMON
from the Mirroring Port.
probe frames from
➋ RMON
the Mirroring Port appear to
RMON Probe
come from the Mirrored Port
when the NMS workstation
receives them.
NMS
Workstation
Mirrored Port
Mirroring Port
mirroring sends cop➍ Port
ies of management frames
to the Mirroring Port.
frames from the
➌ Management
NMS workstation are sent to
the Mirrored Port.
RMON Probe
NMS
Workstation
Port Mirroring Using an External RMON Probe
♦ Important Note ♦
The Mirroring Port is not accessible from the NMS
device. From the NMS station, the Mirroring Port will
appear disabled or down.
Page 19-59
Port Mirroring
Setting Up Port Mirroring
You set up port mirroring when you add or modify a port through the addvp or modvp
commands. The switch software senses the type of port you are configuring, so it will only
prompt you for port mirroring when configuring an Ethernet port. Follow the steps below to
set up port mirroring.
1. Start the addvp or modvp command for the virtual port that you want to mirror.
2. At the Command prompt enter 8=e, press <Enter> and you will be prompted for the slot
and port number of the “mirroring” port (i.e., the port that can “see” all traffic for this
port):
Mirroring vport slot/port ? ( ) :
3. Enter the mirroring port’s slot, a slash (/), the port number, and then press <Enter>. The
port that you indicate here will be disabled and only capable of receiving duplicate traffic
from the mirrored port. If port mirroring is not supported on this port, then the following
prompt will display:
mirroring not supported on this port type
After entering the Mirroring slot and port number, the addvp or modvp screen of options
re-displays with the changes you entered. If you are done modifying or adding the port,
enter save at the Command prompt. If using the addvp command a message indicating that
you have successfully set up the port displays. Port mirroring takes place immediately, so
you could now connect a probe or network analyzer to the Mirroring port.
Disabling Port Mirroring
You can disable port mirroring through the modvp command. Follow these steps to disable
port mirroring.
1. Start the modvp command for the virtual port on which you want to disable port mirroring.
2. At the Command prompt enter 8=d, press <Enter>. The modvp screen re-displays. The
Mirrored Port Status field should read Disabled, available.
Page 19-60
Port Monitoring
Port Monitoring
An essential tool of the network engineer is a network packet capture device. A packet
capture device is usually a PC-based computer, such as the Sniffer®, that provides a means for
understanding and measuring data traffic of a network. Understanding data flow in a VLANbased switch presents unique challenges primarily because traffic takes place inside the
switch, especially on dedicated devices.
The port monitoring feature built into OmniS/R software allows the network engineer to
examine packets to and from a specific Ethernet 10BaseT port. Port monitoring has the
following features:
•
•
•
•
•
•
•
•
•
•
Software commands to enable and display captured port data.
Captures data in Network General® file format.
Limited protocol parsing (basic IP protocols and IPX) in console dump display.
Data packets time stamped.
One port monitored at a time.
RAM-based file system.
Memory buffer space from 1 MB to 8 MB.
Statistics gathering and display
Monitors only Ethernet 10BaseT ports
Filtering limited to basic packet type—broadcast, multicast or unicast.
You can select to dump real-time packets to the terminal screen, or send captured data to a
file. Once a file is captured, you can FTP it to a Sniffer for viewing.
Port Mirroring
An alternate method of monitoring ports is Port Mirroring, which allows a network engineer
to attach a Sniffer to one Ethernet port and mirror traffic to and from any other Ethernet port.
Port mirroring is described in Port Mirroring on page 19-57.
Port Monitoring Menu
The port monitoring commands are contained on the port monitoring menu, which is a submenu of the Networking menu. The port monitoring menu displays as follows:
Command
Port Monitoring Menu
pmon
pmcfg
pmstat
pmd
pmp
Port monitor utility
Configure port monitor parameters
View port monitor statistics
Port monitor disable
Port monitor pause
Main
File
Interface Security
/Networking/Monitor %
Summary
System
VLAN
Services
Networking
Help
The commands in this menu are described in the following sections.
Page 19-61
Port Monitoring
RAM Disk System for Data Capture Files
Port monitoring uses a RAM disk for fast temporary storage of data capture files. The RAM disk
has a separate directory designation of /ram. RAM-based files are created in DOS-FAT format
and they are displayed in UPPERCASE.
You can copy files between the /ram disk system and the standard /flash file system. In addition, files in the RAM disk system are retrievable via FTP. Both the /ram file system and the
/flash file system are accessible by using the UNIX/DOS-style change directory (cd) command.
♦ Note ♦
The RAM drive is part of DRAM memory. If you power
off or reboot the switch, any files saved in the RAM
drive will be lost.
Configuring RAM Drive Resources (pmcfg)
The pmcfg command allows you to select the size of the RAM disk file system or to delete the
RAM disk. In addition, it allows you to configure the amount of data collected for each packet
capture. To begin configuring RAM drive resources, enter
pmcfg
A screen similar to the following displays:
RAM disk size : 1000 Kilobytes
Lines displayed: 1
Change any of the above (y/n)? (n)
To change one of the settings, enter a Y and press <enter>. You will be prompted for a new
RAM drive size. Select a size in kilobytes between 1000 and 8000. You can also delete the
RAM drive by entering a size of zero (0). Changing the RAM disk size also requires that you
reboot the system.
The Lines displayed controls the amount of data displayed to the terminal when you choose to
dump session data to the computer screen. You can specify the number of lines to display
while viewing port monitor data on the screen.
Changing the Default System Directory (cd)
After a port monitoring session is enabled the default directory is the RAM disk system (/ram).
To switch back to the standard default flash file system (/flash) use the cd command. To
switch back to the default directory, enter
cd /flash
To switch back to the RAM disk directory, enter
cd /ram
Page 19-62
Port Monitoring
Starting a Port Monitoring Session (pmon)
You enable a port monitoring session through the pmon command. To start a session, enter
pmon followed by the slot and port number that you want to monitor. For example, to monitor a port that is the first port in the fourth slot of the switch, you would enter
pmon 4/1
You can only monitor Ethernet 10BaseT ports. If a port is already being mirrored (enabled
through the addvp or modvp command) you cannot monitor it. Also, you cannot set up more
than one monitoring session on the same port.
If the port is currently being monitored, or mirrored, the following message displays:
Port 4/1 is being monitored.
Disable monitoring? (y)
If the port is not being monitored, or mirrored, the following message displays:
Port 4/1 is not being monitored, or mirrored.
Enable monitoring? (y)
Enter a Y and press <enter> at this prompt. The following screen of options displays:
Slot/Port
: 5/1
RAM disk size
1000 Kilobytes
Capture to filename
:y
Capture filename
: PMONITOR.ENC
Dump to screen
:y
Broadcast frames
:y
Multicast frames
:y
Unicast frames
:y
Change any of the above (y/n)? (n) :
If you want to change any of the values, enter a Y and press <enter>. You will be prompted
for all of the values in the screen except the RAM disk size, which you must change through
the pmcfg command before starting the session. The information selected in this screen will
be saved in flash configuration memory.
Enter any new values as prompted. The above screen re-displays to show the new values.
Press <enter> to accept the updated values. Messages similar to the following display:
1048576 byte RAM drive /ram already initialized.
Bytes remaining on RAM disk = 1040384
The port monitoring session has begun. What happens at this point depends on whether you
chose the Dump to screen option. The sections below describe what happens in each case.
♦ Note ♦
If you change the capture filename from the default,
you must specify /ram. Otherwise, the file will be saved
in the flash directory.
Page 19-63
Port Monitoring
If You Chose Dump to Screen
If you selected the Dump to screen option, then a real-time synopsis of the session displays on
your terminal screen. The following shows an example of this data
Enter 'p' to pause, 'q' to quit.
Destination
| Source
| Type | Data
-------------------------------------------------------------------------------------------------------------00:20:DA:04:01:02 | 00:20:DA:04:01:01 | ICMP | 01:02:03:04:05:06:07:08
00:20:DA:04:01:02 | 00:20:DA:04:01:01 | ICMP | 01:02:03:04:05:06:07:08
FF:FF:FF:FF:FF:FF
| 00:20:DA:02:10:E3 | ARP-C | 08:06:00:01:08:00:06:04
FF:FF:FF:FF:FF:FF
| 00:20:DA:6F:97:A3 | RIP
| 08:00:45:00:00:34:22:30
Each line in the display represents a packet. The destination MAC address, source MAC
address, protocol type and actual packet data are shown. The amount of data shown is
configured through the pmcfg command. The above sample shows 16 bytes of data per
packet. You can stop the data dump to the screen at anytime by pressing q to quit. You can
also pause the data dump by pressing p to pause.
If You Did Not Choose Dump to Screen
If you did not select the Dump to screen option, then the system prompt will return and port
monitoring occurs in the background. You can continue using other UI commands. The port
monitoring session data is saved in the file you indicated through the pmon screen. You can
monitor the session at anytime by using the pmstats command. You can also end or pause an
in-progress session using the pmdelete or pmpause commands, respectively. The following
sections describes pmdelete and pmpause.
Ending a Port Monitoring Session (pmdelete)
The pmdelete command ends a port monitoring data capture session that is being saved to file
but not being dumped to the console screen. To end the session, enter:
pmd
A message similar to the following displays:
Port monitoring session terminated, data file is xxxxx.ENC.
If a port monitoring session was not in progress then the following message displays:
No ports being monitored.
Pausing a Port Monitoring Session (pmpause)
The pmpause command pauses a port monitoring data capture session that is being saved to
file but not being dumped to the console screen. To pause the session, enter:
pmp
The following message displays
Pausing monitor data capture/display.
To resume the port monitoring session, enter pmp again. The following message displays:
Resuming monitor data capture.
If a port monitoring session was not in progress, then the following message would display:
No ports being monitored.
Page 19-64
Port Monitoring
Ending a Port Monitoring Session
After you quit a port monitoring session, the default directory changes to /ram and the current
files on the RAM drive are listed. The screen below shows an example of the display at the
completion of a monitoring session.
Port monitoring capture done. Current capture files listed:
Current working directory ‘/ram’.
PM0302.ENC
PM0303.ENC
65536
32768
10/20/96 12:12
10/20/96 11:15
950272 bytes free
Viewing Port Monitoring Statistics (pmstat)
The pmstat command displays the statistics gathered for the current or most recent port monitoring session. If a port monitoring session is currently in progress, then it displays the results
of the in-progress session. If a port monitoring session is not in progress, then it displays
results of the most recently completed session. To view session statistics, enter
pmstat
A screen similar to the following displays:
Viewing capture statistics:
Percent RAM available: 96%
Frame type
#Frames
------------------------------Broadcast
108
Multicast
253
Unicast
301
The Percent RAM available indicates how much of the configured RAM disk has been used by
this port monitoring session. You can configure the size of the RAM disk through the pmcfg
command; the default size is 1 MB. The remaining items in the display show the number of
packets passed on the port broken down into broadcast, multicast, and unicast frames.
Page 19-65
Port Mapping
Port Mapping
The OmniS/R began as an any-to-any switching device, connecting different LAN interfaces,
such as Ethernet As networks grew and the traffic on them increased, a need arose for
controlling some traffic, such as broadcasts. Virtual LANs, or VLANs, were introduced to
segment traffic such that devices could only engage in switched communication with other
devices in the same VLAN.
Some applications today require a further degree of traffic segmentation than that provided by
VLANs. The port mapping feature allows you to further segment traffic within a VLAN or
group by isolating a set of ports.
Groups/VLANs and Port Mapping
Port mapping does not affect existing group or AutoTracker VLAN operations in a switch.
Group and VLAN membership are checked and applied before port mapping constraints are
applied. Therefore, any constraints applied by port mapping only limit traffic flow within a
group or VLAN; port mapping parameters do not provide any additional connectivity to a port.
So if you add a port to a port mapping set, that port will be first subject to the constraints of
its Group/VLAN and then the restrictions imposed by port mapping. Up to 128 port mapping
sets can be configured per switch.
The illustration below helps show how group and port mapping constraints interact. The
ports in slot 2 and 5 (2/1—2/4 and 5/1—5/4) are part of group 3. By group membership, all
of these ports have switched communication with each other. Likewise, the ports in slot 3 and
slot 4 have switched communication with each other as they all belong to group 2.
OmniS/R
Port
Map 1
Ingress
Ports
2/1
2/2
2/3
2/4
Port
Map 2
Ingress
Ports
3/1
3/2
3/3
3/4
Group 3
Group 2
4/1
4/2
4/3
4/4
Port Map 2 Egress Ports
5/1
5/2
5/3
5/4
Port Map 1 Egress Ports
Groups and Port Mapping
Once a port mapping set is constructed, communication within each of the groups becomes
more restricted. A port mapping set consists of ingress and egress ports; ingress ports can only
send traffic to egress ports. In the above figure, all ports on slots 2 and 3 are ingress ports and
ports on slots 4 and 5 are egress ports.
Page 19-66
Port Mapping
Port communication is uni-directional. A mapping between an ingress port and an egress port
can only pass data from the ingress port to the egress port. To allow traffic to flow the from
the egress port to the ingress port, it is necessary to create a new mapping.
This configuration restricts each port to communication only with the other four ports in the
opposite port mapping subset within the same group. For example, port 2/1 can only send traffic to ports 5/1, 5/2, 5/3, and 5/4. It can no longer communicate with ports 2/2, 2/3, and 2/4
even though they are part of the same group. Port mapping restricts ports from communicating with other ports within the same subset.
Port mapping does not affect other ports in the group that are not part of the port mapping
set.
The Details of Port Mapping
Port mapping can be thought of as special rule that is applied after standard group and VLAN
rules are applied. This rule statically assigns a port as either an ingress or egress port. Ingress
ports can only communicate with egress ports. In this sense, one subset of ports is “mapped”
to another subset of ports. Ports within the same subset can not communicate with each other
or with another switch port that is not a member of the opposite port mapping subset.
♦ Note ♦
Port mapping restrictions are only applied to ports on
10/100 Ethernet modules (e.g., ESM-100F-8, ESM-C-32,
ESM-FM-16W, ESM-100C-12).
As an illustration, see the diagram of three Ethernet modules below. The modules are in slots
2, 3, and 4. The ports that are circled are included in a port mapping subset. The three ports
at the top—2/1, 3/1, and 4/1—are ingress ports. The six ports below —2/4, 2/5, 3/4, 3/5, 4/4,
and 4/5—are egress ports in the port mapping set.
3
7
8
8
8
9 10 11 12
9 10 11 12
9 10 11 12
t
Slo
4
T
AC
K
LN
T
AC
K
LN
T
AC
K
LN
1x
1x
1x
2x
2x
2x
3x
3x
3x
4x
4x
4x
5x
5x
5x
6x
6x
6x
7x
7x
7x
8x
8x
8x
One side of the
paired set. Ports
2/1, 3/1, and 4/1.
These ports are
subset A.
t
Slo
6
7
7
2
6
6
t
Slo
Other side of the
paired set. Ports
2/4, 2/5, 3/4, 3/5,
4/4, and 4/5.
These ports are
subset B.
Port Subsets in the Port Mapping Set
Page 19-67
Port Mapping
Who Can Talk to Whom?
The following matrix outlines which ports can communicate with each other in the example
shown on the previous page assuming all ports are part of the same group or VLAN. A port
can only communicate with ports in the opposite subset within the port mapping set.
Switch Ports That May Communicate*
2/1
2/4
2/5
3/1
3/4
3/5
4/1
4/4
4/5
2/1
N/A
Yes
Yes
No
Yes
Yes
No
Yes
Yes
2/4
No
N/A
No
No
No
No
No
No
No
2/5
No
No
N/A
No
No
No
Yes
No
No
3/1
No
Yes
Yes
N/A
Yes
Yes
No
Yes
Yes
3/4
No
No
No
No
N/A
No
No
No
No
3/5
No
No
No
No
No
N/A
No
No
No
4/1
No
Yes
Yes
No
Yes
Yes
N/A
Yes
Yes
4/4
Yes
No
No
Yes
No
No
Yes
N/A
No
4/5
Yes
No
No
Yes
No
No
Yes
No
N/A
*Read table from right (ingress ports) to left only.
Port communication is uni-directional. A mapping between an ingress port and an egress port
can only pass data from the ingress port to the egress port. To allow traffic to flow the from
the egress port to the ingress port, it is necessary to create a new mapping.
It’s important to remember that the port mapping configuration is affected by existing
group/VLAN rules. If the ports in the above example belonged to three groups based on IP
network rules, then they would be restricted by group membership and port mapping.
Port mappings can be created between switch ports and uplink ports, but not between uplink
ports. For example, you could map ethernet ports 3/1-12 to an WAN uplink port 4/1. This is
useful when there is no traffic between ethernet ports, but all ports are to be forced to the
uplink module. You cannot, however, map uplink port 4/1 to uplink port 4/2.
Port Mapping Limitations
The following are restrictions to the use of the port mapping feature:
• Port mapping cannot be used with ports assigned to an 802.1Q group.
• Port mapping cannot be used with an OmniChannel unless all ports in the OmniChannel
are included in the port mapping (on either the ingress or egress list). For example, if ports
3/1-3/4 are an OmniChannel, all four ports must be in the ingress or egress list. You could
not just map port 3/1.
Page 19-68
Port Mapping
Creating a Port Mapping Set
Use the pmapcr command to create a port mapping set. Follow these steps:
1. Enter pmapcr at a system prompt.
2. The following screen displays:
Port Map Configuration
1. Ingress List
2. Egress List
:
:
Enter the ingress ports and egress ports for this map set. This is done by entering the line
number, an equal sign, and the port (or ports) to be added. For example, if you want to
create a map set with and ingress port of 3/6 and an egress port of 4/6, you would enter
the following at the prompt:
1=3/6
2=4/6
This must be done in two separate operations, one for the ingress and one for the egress
lists. You can add more than one port to a list by using a comma (,) between slot/port
designations, or a dash (-) between port numbers. For example, if you wanted to make
ports 4/1, 4/6, 4/7, 4/8, and 4/9 egress ports for this map set, you would enter the following:
2=4/1, 4/6-9
A switch port in the ingress list can only communicate with switch ports in the egress list.
Switch ports in the same list cannot communicate with each other or any other ports in
the switch. For example, if you enter:
1=2/1, 3/1
2=2/2, 3/2
then you are creating a paired set of four ports. Port 2/1 can only communicate with ports
2/2 or 3/2. It cannot communicate with any other ports in the switch, including port 3/1.
Port 3/1 also can only communicate with ports 2/2 and 3/2, but no others.
Any port type may be added to a port mapping set. However, only Mammoth-generation
Ethernet ports will be restricted by port mapping limitations. For example, you could add
a non-Ethernet port to the set, but traffic from that port would not be restricted.
3. You will want to save your configuration, so enter an s at the port-mapping prompt. Your
configuration will be saved. A prompt similar to the following appears to confirm the
creation of the port map:
Port Map 7 created.
The port map number is used when modifying the map set.
It is important to remember that port communication is uni-directional. A mapping between
an ingress port and an egress port can only pass data from the ingress port to the egress port.
To allow traffic to flow the from the egress port to the ingress port, it is necessary to create a
new mapping.
Page 19-69
Port Mapping
Adding Ports to a Port Mapping Set
You can add ports to a port map set once it has been created using the pmapmod command.
Follow these steps:
1. Enter the pmapmod command at a system prompt, as shown:
pmapmod <pmap id>
where <pmap id> is the map set number shown when the map set was created. (To view a
list of all existing map sets, see Viewing a Port Mapping Set on page 19-72.) For example,
to modify map set 5, you would enter the following:
pmapmod 5
2. The following screen displays:
Port Mapping Configuration
=======================
Port Map Id
----------------5
Ingress Ports
------------------3/1, 3/2, 3/3
Egress Ports
-----------------4/1, 4/2, 4/3
Modify Port Map 5
1. Add Ports to Ingress List
2. Add Ports to Egress List
3. Delete Ports from Ingress List
4. Delete Ports from Egress List
5. View Port Map Configuration
:
:
:
:
:
Note that the current ports in the port mapping set are displayed. Use this information to
make decisions on the ports you want to add or remove from the set.
Enter the line number for the operation you want to perform (a 1 for the ingress list or a 2
for the egress list), an equal sign (=), and the ports to be added. For example, add port
3/2 to the ingress list and the egress list, enter the following (in two separate operations):
1=3/2
2=3/2
You can add more than one port to a list by using a comma (,) between slot/port designations, or a dash (-) between port numbers. For example, if you wanted to make ports 4/1,
4/6, 4/7, 4/8, and 4/9 egress ports for this map set, you would enter the following:
2=4/1, 4/6-9
3. To view the changes, enter a 5 (View Port Map Configuration), and equal sign (=), and a y,
as shown:
5=y
This will refresh the Port Mapping Configuration screen and display any changes you
have made.
4. Quit the session by entering a q at the prompt.
Page 19-70
Port Mapping
Removing Ports from a Port Mapping Set
You can remove ports to a port map set once it has been created using the pmapmod
command. Follow these steps:
1. Enter the modpmap command at a system prompt, as shown:
pmapmod <pmap id>
where <pmap id> is the map set number shown when the map set was created. (To view a
list of all existing map sets, see Viewing a Port Mapping Set on page 19-72.) For example,
to modify map set 5, you would enter the following:
pmapmod 5
2. The Port Mapping Configuration screen displays (as shown above in Adding Ports to a
Port Mapping Set on page 19-70).
Enter the line number for the operation you want to perform (a 3 for the ingress list or a 4
for the egress list), an equal sign (=), and the ports to be added. For example, remove
port 3/2 to the ingress list and the egress list, enter the following (in two separate operations):
3=3/2
4=3/2
You can remove more than one port to a list by using a comma (,) between slot/port
designations, or a dash (-) between port numbers. For example, if you wanted to remove
ports 4/1, 4/6, 4/7, 4/8, and 4/9 from the egress list of this map set, you would enter the
following:
4=4/1, 4/6-9
3. To view the changes, enter a 5 (view port may configuration), an equal sign (=), and a y,
as shown:
5=y
This will refresh the Port Mapping Configuration screen and display any changes you
have made.
4. Quit the session by entering a q at the prompt.
Page 19-71
Port Mapping
Viewing a Port Mapping Set
You can view a port mapping set using the vpmap command. Enter the pmapv command as
shown:
pmapv <pmap id>
where <pmap id> is the map set number shown when the map set was created. For example,
to modify map set 5, you would enter the following:
pmapv 5
The following screen is shown:
Port Mapping Configuration
=======================
Port Map Id
----------------5
Ingress Ports
------------------3/1, 3/2, 3/3
Egress Ports
-----------------4/1, 4/2, 4/3
As a variation of this command, enter the vpmap command with no port map identification.
This will display all port mapping sets configured for this switch.
Port Map Id.
An identification number for the port map set, generated when the set is created.
Ingress Ports. The switch ports designated as ingress ports for this port map set. Ingress ports
can only communicate with egress ports.
Egress Ports. The switch ports designated as egress ports for this port map set. Egress ports
can only communicate with ingress ports.
Deleting a Port Mapping Set
You can delete a port mapping set after it is created. Enter pmapdel at a prompt as shown:
pmapdel <pmap id>
where <pmap id> is the map set number shown when the map set was created. (To view a list
of all existing map sets, see Viewing a Port Mapping Set on page 19-72.) For example, to
modify map set 5, you would enter the following:
pmapdel 5
Page 19-72
Priority VLANs
Priority VLANs
Prioritizing VLANs allows you to set a value for traffic based on the destination VLAN of packets. Traffic with the higher priority destination will be delivered first. VLAN priority can be set
from 0 to 7, with 7 being the level with the most priority.
The following diagram illustrates this idea:
Client 1
Switch A
VLAN 1
(Priority 0)
Client 2
12345678
12345678
123456
123456
Client 3
VLAN 2
(Priority 7)
Switch B
Client 4
In the above diagram, traffic from Client 3 in VLAN 2 (with a priority of 7) to Client 2 takes
precedence over traffic from Client 1 in VLAN 1 (with a priority of 0) to Client 4.
Group priority can be set when creating a group using the crgp command. For more information on the crgp command, see Creating a New Group on page 19-18.
Group priority can modified or viewed using the prty_mod and prty_disp commands, detailed
below.
Mammoth vs. Kodiak Priority VLANs
Although the range of VLAN priority is 0-7, the Mammoth based modules only supports two
levels of priority. In other words, 0-3 is one level and 4-7 is another. Future releases will
expand the number of priority levels.
Kodiak based modules support up to 4 levels of priority (0-1, 2-3, 4-5, 6-7). These two
different implementations of the VLAN priority are not compatible. Kodiak based priority VLANs can be used with other Kodiak based priority VLANs. This is true for Mammoth
based VLANs as well.
Page 19-73
Priority VLANs
Configuring VLAN Priority
To configure the priority of a VLAN:
1. Enter the prty_mod command at the system prompt, as shown:
prty_mod <groupId>
where <groupId> is the group number associated with the VLAN whose priority is being
set. For example, to modify the priority of the VLAN for Group 2, you would enter the
following:
prty_mod 2
The following prompt is shown:
Enter a priority value which is between 0 and 7: 0
2. Enter the number value that is to be the new priority level for this VLAN. The highest
(most important) value is

advertisement

Was this manual useful for you? Yes No
Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Related manuals

ADTRAN 1200350L1 User manual

ADTRAN

TSU Router Module

  • User manual
D-Link DI-1135 Reference Manual

D-Link

DI-1135

  • Reference Manual
Lithonia Lighting WSX IV Contractor Select WSX Series 120-277 Volt Ivory Wall Switch Occupancy Sensor Specification

Lithonia Lighting

WSX IV

  • Specification
Alcatel 9000 User guide

Alcatel

9000

  • User guide
Alcatel-Lucent OmniSwitch Family Network 6600 User guide

Alcatel-Lucent

OmniSwitch Family Network 6600

  • User guide
Alcatel Carrier Internetworking Solutions 8008 Network Card User's Guide

Alcatel Carrier Internetworking Solutions

8008

  • User's Guide
Alcatel Carrier Internetworking Solutions omniswitch Switch User guide

Alcatel Carrier Internetworking Solutions

OmniSwitch

  • User guide
Bay Networks CLAM Reference Manual

Bay Networks

CLAM

  • Reference Manual
Download PDF

advertisement