extremexos concepts guide software version 12.1.2_100272-00 rev 03

ExtremeXOS Concepts Guide Software Version 12.1.2

Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 (408) 579-2800 http://www.extremenetworks.com Published: August 2008 Part number: 100272-00 Rev. 03

AccessAdapt, Alpine, Altitude, BlackDiamond, EPICenter, Essentials, Ethernet Everywhere, Extreme Enabled, Extreme Ethernet Everywhere, Extreme Networks, Extreme Standby Router Protocol, Extreme Turbodrive, Extreme Velocity, ExtremeWare, ExtremeWorks, ExtremeXOS, Go Purple Extreme Solution, ScreenPlay, Sentriant, ServiceWatch, Summit, SummitStack, Triumph, Unified Access Architecture, Unified Access RF Manager, UniStack, the Extreme Networks logo, the Alpine logo, the BlackDiamond logo, the Extreme Turbodrive logo, the Summit logos, the Powered by ExtremeXOS logo, and the Color Purple, among others, are trademarks or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and/or other countries. Adobe, Flash, and Macromedia are registered trademarks of Adobe Systems Incorporated in the U.S. and/or other countries. AutoCell is a trademark of AutoCell. Avaya is a trademark of Avaya, Inc. Internet Explorer is a registered trademark of Microsoft Corporation. Mozilla Firefox is a registered trademark of the Mozilla Foundation. sFlow is a registered trademark of sFlow.org. Solaris and Java are trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Specifications are subject to change without notice. All other registered trademarks, trademarks, and service marks are property of their respective owners. 2008 Extreme Networks, Inc. All Rights Reserved.

2

ExtremeXOS Concepts Guide, Software Version 12.1.2

ContentsPreface......................................................................................................................................... 31Introduction .............................................................................................................................31 Terminology........................................................................................................................31 Conventions..............................................................................................................................31 Platform-Dependent Conventions ..........................................................................................32 Text Conventions.................................................................................................................32 Related Publications .................................................................................................................33 Using ExtremeXOS Publications Online .................................................................................33

Part 1: Using ExtremeXOSChapter 1: Getting Started.............................................................................................................. 37Overview ..................................................................................................................................37 Software Required.....................................................................................................................38 Logging In to the Switch ............................................................................................................40 Understanding the Command Syntax...........................................................................................40 Syntax Helper .....................................................................................................................41 Command Shortcuts ............................................................................................................42 Names ...............................................................................................................................42 Symbols .............................................................................................................................43 Limits ................................................................................................................................43 Port Numbering ........................................................................................................................44 Stand-alone Switch Numerical Ranges ..................................................................................44 Modular Switch and SummitStack Numerical Ranges .............................................................44 Stacking Port Numerical Ranges...........................................................................................45 Line-Editing Keys......................................................................................................................45 Command History......................................................................................................................46 Common Commands..................................................................................................................46 Accessing the Switch for the First Time.......................................................................................48 Safe Defaults Setup Method.................................................................................................48 Configuring Management Access ................................................................................................49 Account Access Levels.........................................................................................................49 Configuring the Banner ........................................................................................................50 Startup Screen and Prompt Text ...........................................................................................50 Default Accounts.................................................................................................................52 Creating a Management Account...........................................................................................53 Failsafe Accounts ................................................................................................................53 Managing Passwords .................................................................................................................54 Applying a Password to the Default Account ..........................................................................55 Applying Security to Passwords.............................................................................................55 Displaying Passwords...........................................................................................................56 Access to Both MSM Console PortsModular Switches Only.........................................................57 Access to an Active Node in a SummitStack ................................................................................57


3

Contents Domain Name Service Client Services .........................................................................................57 Checking Basic Connectivity.......................................................................................................58 Ping...................................................................................................................................58 Traceroute ..........................................................................................................................59 Displaying Switch Information ....................................................................................................59

Chapter 2: Managing the Switch .................................................................................................... 61Overview ..................................................................................................................................61 Understanding the ExtremeXOS Shell..........................................................................................62 Using the Console Interface .......................................................................................................62 Using the 10/100 Ethernet Management Port ..............................................................................63 Using EPICenter to Manage the Network .....................................................................................63 Authenticating Users .................................................................................................................64 RADIUS Client ....................................................................................................................64 TACACS+ ...........................................................................................................................64 Management Accounts.........................................................................................................64 Using Telnet .............................................................................................................................64 About the Telnet Client ........................................................................................................65 About the Telnet Server .......................................................................................................65 Connecting to Another Host Using Telnet...............................................................................66 Configuring Switch IP Parameters .........................................................................................66 Configuring Telnet Access to the Switch ................................................................................68 Disconnecting a Telnet Session ............................................................................................71 Using Secure Shell 2.................................................................................................................71 Using the Trivial File Transfer Protocol ........................................................................................72 Connecting to Another Host Using TFTP ................................................................................72 Understanding System RedundancyModular Switches and SummitStack Only .............................73 Node Election .....................................................................................................................74 Replicating Data Between Nodes ..........................................................................................75 Viewing Node Status............................................................................................................77 Understanding Hitless Failover SupportModular Switches and SummitStack Only ........................78 Protocol Support for Hitless Failover .....................................................................................79 Platform Support for Hitless Failover.....................................................................................81 Hitless Failover Caveats .......................................................................................................83 Understanding Power Supply Management ..................................................................................84 Using Power SuppliesModular Switches Only ......................................................................84 Using Power SuppliesSummit Family of Switches Only ........................................................87 Using Power Supplies - SummitStack Only ............................................................................88 Displaying Power Supply Information ....................................................................................88 Using the Simple Network Management Protocol .........................................................................88 Enabling and Disabling SNMPv1/v2c and SNMPv3 ................................................................89 Accessing Switch Agents......................................................................................................90 Supported MIBs ..................................................................................................................90 Configuring SNMPv1/v2c Settings ........................................................................................90 Displaying SNMP Settings....................................................................................................91 SNMPv3.............................................................................................................................91 Message Processing.............................................................................................................93 SNMPv3 Security ................................................................................................................93 SNMPv3 MIB Access Control ...............................................................................................95 SNMPv3 Notification...........................................................................................................96

4


Contents Using the Simple Network Time Protocol.....................................................................................99 Configuring and Using SNTP ................................................................................................99 SNTP Example..................................................................................................................102

Chapter 3: Managing the ExtremeXOS Software............................................................................. 103Overview ................................................................................................................................103 Using the ExtremeXOS File System ...........................................................................................104 Moving or Renaming Files on the Switch .............................................................................105 Copying Files on the Switch ...............................................................................................106 Displaying Files on the Switch ............................................................................................107 Transferring Files to and from the Switch ............................................................................108 Deleting Files from the Switch............................................................................................111 Managing the Configuration File ...............................................................................................112 Managing ExtremeXOS Processes .............................................................................................113 Displaying Process Information...........................................................................................113 Stopping a Process............................................................................................................114 Starting a Process .............................................................................................................115 Understanding Memory Protection ............................................................................................116 Monitoring CPU Utilization.......................................................................................................116 Disabling CPU Monitoring ..................................................................................................117 Enabling CPU Monitoring ...................................................................................................117 Displaying CPU Utilization History ......................................................................................117

Chapter 4: Configuring Stacked Switches ..................................................................................... 121Overview ................................................................................................................................121 SummitStack Terms ..........................................................................................................122 SummitStack Compatible Switches.....................................................................................124 SummitStack Topologies....................................................................................................125 Stack Depth .....................................................................................................................128 Understanding SummitStack Configuration Parameters, Configuration Files, and Port Numbering ... 129 Understanding Stacking Link Overcommitment ....................................................................130 About SummitStack Logging Messages................................................................................130 About QoS in Stacking.......................................................................................................130 About Power Management and Power Over Ethernet on Stacking ...........................................132 About Stacking Node Roles, Redundancy, and Failover .........................................................132 About the Failsafe Account on SummitStack Nodes..............................................................133 Logging into a SummitStack ....................................................................................................133 Logging in Through the Console Port ...................................................................................134 Logging in from the Management Network ...........................................................................134 Logging Into a Node From Another Node .............................................................................134 Configuring a New Stack..........................................................................................................135 About Easy Setup..............................................................................................................136 Configuration Procedure.....................................................................................................136 Example: Deploying a New Stack ........................................................................................137 Converting a Standalone Node Deployment to a Stack ................................................................141 Configuration Tasks for SummitStack........................................................................................142 Enabling the Stack ............................................................................................................143 Verifying the Configuration .................................................................................................143 Setting the Command Prompt.............................................................................................145


5

Contents Configuring Slot Numbers ..................................................................................................146 Configuring Node Priority ...................................................................................................147 Assigning a MAC Address for the Stack ...............................................................................148 Configuring Master-Capability.............................................................................................150 Configuring an Alternate IP Address and Gateway.................................................................151 Configuring the Failsafe Account on a Stack ........................................................................153 Disabling Stacking ............................................................................................................154 Saving the Configuration ....................................................................................................154 Managing an Operating SummitStack........................................................................................154 Managing Licenses on a SummitStack ................................................................................154 Stacking LEDs ..................................................................................................................158 Viewing the Alternate IP Address ........................................................................................158 Viewing Stacking Port Statistics..........................................................................................159 Adding a Node to a Stack...................................................................................................160 Replacing a Node with the Same Switch Type......................................................................162 Replacing a Node with a Different Switch Type ....................................................................163 Merging Two Stacks ..........................................................................................................164 Upgrading ExtremeXOS on a Stack......................................................................................170 Dismantling a Stack ..........................................................................................................172 Removing a Node from a Stack...........................................................................................172 Rebooting a Stack .............................................................................................................172 Troubleshooting a Stack...........................................................................................................173 Managing a Dual Master Situation ......................................................................................174 Setting Traps for Stacking ..................................................................................................176 Connecting to a SummitStack with No Master......................................................................176 Rescuing a Stack That Has No Master-Capable Node............................................................177 FAQs on SummitStack.............................................................................................................179

Chapter 5: Configuring Slots and Ports on a Switch....................................................................... 181Overview ................................................................................................................................181 Details on I/O Ports ...........................................................................................................182 Disabling MSM-G8X I/O Ports...................................................................................................183 Configuring Ports on a Switch...................................................................................................184 Port Numbering ................................................................................................................185 Enabling and Disabling Switch Ports ...................................................................................186 Configuring Switch Port Speed and Duplex Setting ...............................................................186 WAN PHY OAM .................................................................................................................190 Jumbo Frames ........................................................................................................................191 Jumbo Frames ..................................................................................................................192 Enabling Jumbo Frames.....................................................................................................193 Path MTU Discovery ..........................................................................................................194 IP Fragmentation with Jumbo Frames..................................................................................194 IP Fragmentation within a VLAN .........................................................................................195 Link Aggregation on the Switch ................................................................................................195 Link Aggregation Overview..................................................................................................196 Link Aggregation and Software-Controlled Redundant Ports...................................................197 Dynamic Versus Static Load Sharing ...................................................................................197 Load-Sharing Algorithms ....................................................................................................198 LACPDynamic Link Aggregation.......................................................................................200 Guidelines for Load Sharing ...............................................................................................203 Configuring Switch Load Sharing ........................................................................................205

6


Contents Load-Sharing Examples .....................................................................................................207 Displaying Switch Load Sharing ..........................................................................................208 Mirroring ................................................................................................................................209 Guidelines for Mirroring .....................................................................................................210 Mirroring Rules and Restrictions .........................................................................................213 Mirroring Examples ...........................................................................................................214 Verifying the Mirroring Configuration ...................................................................................215 Remote Mirroring ....................................................................................................................215 Configuration Details .........................................................................................................216 Guidelines ........................................................................................................................218 Use of Remote Mirroring with Redundancy Protocols ............................................................218 Remote Mirroring with EAPS ..............................................................................................218 Remote Mirroring With STP................................................................................................220 Extreme Discovery Protocol ......................................................................................................221 Software-Controlled Redundant Port and Smart Redundancy .......................................................222 Guidelines for Software-Controlled Redundant Ports and Port Groups .....................................223 Configuring Software-Controlled Redundant Ports.................................................................224 Verifying Software-Controlled Redundant Port Configurations.................................................224 Configuring Automatic Failover for Combination Ports.................................................................225 Displaying Port Configuration Information..................................................................................227

Chapter 6: Universal Port............................................................................................................. 229Overview ................................................................................................................................229 Profile Types.....................................................................................................................230 Dynamic Profile Trigger Types ............................................................................................232 How Device Detect Profiles Work ........................................................................................235 How User Authentication Profiles Work................................................................................235 Profile Configuration Guidelines..........................................................................................236 Collecting Information from Supplicants..............................................................................241 Supplicant Configuration Parameters ..................................................................................243 Universal Port Configuration Overview .................................................................................243 Using Universal Port in an LDAP or Active Directory Environment ..........................................245 Configuring Universal Port Profiles and Triggers .........................................................................245 Creating and Configuring New Profiles.................................................................................246 Editing an Existing Profile ..................................................................................................246 Configuring a Device Event Trigger......................................................................................247 Configuring a User Login or Logout Event Trigger .................................................................247 Configuring a Universal Port Timer......................................................................................247 Configuring a Timer Trigger ................................................................................................247 Creating an EMS Event Filter..............................................................................................248 Configuring an EMS Event Trigger.......................................................................................248 Enabling and Disabling an EMS Event Trigger ......................................................................248 Unconfiguring a User or Device Profile Trigger .....................................................................248 Unconfiguring a Timer .......................................................................................................248 Managing Profiles and Triggers.................................................................................................249 Manually Executing a Static or Dynamic Profile....................................................................249 Displaying a Profile ...........................................................................................................249 Displaying Timers..............................................................................................................249 Displaying Universal Port Events.........................................................................................250 Displaying Profile History ...................................................................................................250 Verifying a Universal Port Profile.........................................................................................250


7

Contents Handling Profile Execution Errors .......................................................................................250 Disabling and Enabling a Profile .........................................................................................251 Deleting a Profile ..............................................................................................................251 Deleting a Timer ...............................................................................................................251 Deleting an EMS Event Trigger ...........................................................................................251 Sample Universal Port Configurations........................................................................................251 Universal Port Handset Provisioning Module Profiles ............................................................252 Sample Static Profiles .......................................................................................................256 Sample Configuration with Device-Triggered Profiles.............................................................259 Sample Configuration with User-Triggered Profiles ...............................................................261 Sample Timer-Triggered Profile ..........................................................................................264 Sample Profile with QoS Support ........................................................................................264 Sample Event Profile .........................................................................................................265 Sample Configuration for Generic VoIP LLDP .......................................................................267 Sample Configuration for Generic VoIP 802.1x ....................................................................268 Sample Configuration for Avaya VoIP 802.1x .......................................................................269 Sample Configuration for a Video Camera ............................................................................271

Chapter 7: Using CLI Scripting ..................................................................................................... 273Overview ................................................................................................................................273 Setting Up Scripts...................................................................................................................273 Enabling and Disabling CLI Scripting ..................................................................................274 Creating Scripts ................................................................................................................274 Using Script Variables .......................................................................................................275 Using Special Characters in Scripts ....................................................................................276 Using Operators ................................................................................................................276 Using Control Structures in Scripts .....................................................................................277 Using Built-In Functions ....................................................................................................278 Controlling Script Configuration Persistence.........................................................................279 Saving, Retrieving, and Deleting Session Variables ...............................................................279 Executing Scripts ..............................................................................................................280 Configuring Error Handling .................................................................................................280 Displaying CLI Scripting Information.........................................................................................280 Viewing CLI Scripting Status ..............................................................................................281 Viewing CLI Scripting Variables ..........................................................................................282 Controlling CLI Script Output .............................................................................................282 CLI Scripting Examples ...........................................................................................................282

Chapter 8: LLDP .......................................................................................................................... 285Overview ................................................................................................................................285 LLDP Packets .........................................................................................................................287 Transmitting LLDP Messages ...................................................................................................288 Receiving LLDP Messages........................................................................................................289 Managing LLDP ......................................................................................................................289 Supported TLVs ......................................................................................................................290 Mandatory TLVs ................................................................................................................293 Optional TLVs ...................................................................................................................294 Configuring LLDP....................................................................................................................299 Enabling and Disabling LLDP .............................................................................................299 Configuring the System Description TLV Advertisement.........................................................300 Configuring LLDP Timers ...................................................................................................300

8


Contents Configuring SNMP for LLDP ...............................................................................................300 Configuring Optional TLV Advertisements ............................................................................301 Unconfiguring LLDP ..........................................................................................................305 Displaying LLDP Settings.........................................................................................................305 Displaying LLDP Port Configuration Information and Statistics ..............................................305 Displaying LLDP Information Detected from Neighboring Ports ..............................................305

Chapter 9: CFM ........................................................................................................................... 307Overview ................................................................................................................................307 Ping and Traceroute ................................................................................................................311 Supported Instances for CFM ...................................................................................................312 Configuring CFM .....................................................................................................................312 Creating Maintenance Domains ..........................................................................................313 Creating and Associating MAs.............................................................................................313 Creating MPs and the CCM Transmission Interval .................................................................315 Executing Layer 2 Ping and Traceroute Messages .................................................................315 Displaying CFM.......................................................................................................................316 CFM Example .........................................................................................................................316

Chapter 10: PoE .......................................................................................................................... 319Overview ................................................................................................................................319 Extreme Networks PoE Devices.................................................................................................319 Summary of PoE Features ........................................................................................................320 Power Checking for PoE Module ...............................................................................................321 Power Delivery ........................................................................................................................321 Enabling PoE to the Switch ................................................................................................321 Power Reserve Budget .......................................................................................................322 PD Disconnect Precedence ................................................................................................323 Port Disconnect or Fault ....................................................................................................324 Port Power Reset...............................................................................................................324 PoE Usage Threshold.........................................................................................................325 Legacy Devices .................................................................................................................325 PoE Operator Limits ..........................................................................................................326 Configuring PoE ......................................................................................................................326 Enabling Inline Power........................................................................................................327 Reserving Power................................................................................................................327 Setting the Disconnect Precedence .....................................................................................328 Configuring the Usage Threshold ........................................................................................330 Configuring the Switch to Detect Legacy PDs .......................................................................330 Configuring the Operator Limit ...........................................................................................331 Configuring PoE Port Labels ...............................................................................................331 Power Cycling Connected PDs ............................................................................................331 Adding an S-PoE Daughter Card to an Existing Configuration.................................................331 Displaying PoE Settings and Statistics ......................................................................................333 Clearing Statistics .............................................................................................................333 Displaying System Power Information..................................................................................334 Displaying Slot PoE Information on Modular Switches...........................................................335 Displaying PoE Status and Statistics on Stand-alone Switches...............................................336 Displaying Port PoE Information .........................................................................................336


9

Contents

Chapter 11: Status Monitoring and Statistics ................................................................................ 339Overview ................................................................................................................................339 Viewing Port Statistics .............................................................................................................339 Viewing Port Errors ..................................................................................................................340 Using the Port Monitoring Display Keys .....................................................................................342 Viewing VLAN Statistics...........................................................................................................342 Performing Switch Diagnostics .................................................................................................343 Running Diagnostics..........................................................................................................344 Observing LED Behavior During a Diagnostic Test.................................................................347 Displaying Diagnostic Test Results......................................................................................353 Using the System Health Checker .............................................................................................353 Understanding the System Health Checker ..........................................................................353 Enabling Backplane Diagnostic Packets on the SwitchModular Switches Only......................355 Configuring Backplane Diagnostic Packets on the SwitchModular Switches Only ..................355 Disabling Backplane Diagnostic Packets on the SwitchModular Switches Only .....................356 Displaying the System Health Check SettingAll Platforms ..................................................356 System Health Check Examples: Backplane DiagnosticsModular Switches Only ...................356 Setting the System Recovery Level............................................................................................358 Configuring Software Recovery............................................................................................359 Configuring Hardware RecoverySummitStack and Summit Family of Switches Only ..............359 Configuring Module RecoveryModular Switches Only .........................................................362 Using ELSM ...........................................................................................................................368 About ELSM .....................................................................................................................369 ELSM Hello Messages .......................................................................................................369 ELSM Port States..............................................................................................................370 Link States .......................................................................................................................370 ELSM Link States .............................................................................................................371 ELSM Timers ....................................................................................................................372 Configuring ELSM on a Switch ...........................................................................................373 Displaying ELSM Information .............................................................................................376 Using ELSM with Layer 2 Control Protocols .........................................................................378 ELSM Configuration Example .............................................................................................379 Viewing Fan Information ..........................................................................................................379 Viewing the System Temperature ..............................................................................................380 System Temperature Output ...............................................................................................381 Power Supply TemperatureModular Switches Only.............................................................382 Fan Tray TemperatureBlackDiamond 10808 Switch Only...................................................382 Using the Event Management System/Logging ...........................................................................382 Sending Event Messages to Log Targets...............................................................................383 Filtering Events Sent to Targets ..........................................................................................384 Displaying Real-Time Log Messages ....................................................................................392 Displaying Event Logs........................................................................................................392 Uploading Event Logs ........................................................................................................393 Displaying Counts of Event Occurrences ..............................................................................393 Displaying Debug Information.............................................................................................394 Logging Configuration Changes...........................................................................................394 Using sFlow............................................................................................................................395 Sampling Mechanisms.......................................................................................................396 Configuring sFlow..............................................................................................................397 Additional sFlow Configuration Options ...............................................................................399

10


Contents sFlow Configuration Example..............................................................................................400 Displaying sFlow Information..............................................................................................401 Using RMON ..........................................................................................................................401 About RMON ....................................................................................................................401 Supported RMON Groups of the Switch ...............................................................................402 Configuring RMON ............................................................................................................404 Event Actions ...................................................................................................................405 Displaying RMON Information ............................................................................................405

Chapter 12: VLANs ...................................................................................................................... 407Overview ................................................................................................................................407 Benefits ...........................................................................................................................407 Virtual Routers and VLANs .................................................................................................408 Types of VLANs.......................................................................................................................408 Port-Based VLANs .............................................................................................................409 Tagged VLANs ..................................................................................................................411 Protocol-Based VLANs .......................................................................................................413 Precedence of Tagged Packets Over Protocol Filters .............................................................415 Default VLAN....................................................................................................................415 VLAN Names ..........................................................................................................................415 Renaming a VLAN .............................................................................................................416 Configuring VLANs on the Switch .............................................................................................416 Creating and Configuring VLANs .........................................................................................417 Enabling and Disabling VLANs ...........................................................................................417 VLAN Configuration Examples ............................................................................................418 Displaying VLAN Settings.........................................................................................................419 Displaying Protocol Information ..........................................................................................420 Private VLANs.........................................................................................................................421 PVLAN Overview ...............................................................................................................421 Configuring PVLANs ..........................................................................................................429 Displaying PVLAN Information............................................................................................433 PVLAN Configuration Example 1.........................................................................................434 PVLAN Configuration Example 2...............................................................................................436 VLAN Translation ....................................................................................................................439 VLAN Translation Behavior .................................................................................................440 VLAN Translation Limitations .............................................................................................441 Configuring Translation VLANs ...........................................................................................442 Displaying Translation VLAN Information .............................................................................442 VLAN Translation Configuration Examples ...........................................................................443

Chapter 13: vMAN, PBB, and PBB-TE............................................................................................ 449Overview ................................................................................................................................449 vMAN Configuration Options and Features ...........................................................................456 Configuration ..........................................................................................................................462 Configuring vMANs............................................................................................................462 Configuring PBB Networks .................................................................................................465 Configuring vMAN Options .................................................................................................469 Displaying Information.............................................................................................................472 Displaying vMAN Information .............................................................................................473 Displaying PBB Network Information...................................................................................473


11

Contents Configuration Examples ...........................................................................................................474 vMAN Example, Black Diamond 8810.................................................................................474 vMAN Example, Black Diamond 10808...............................................................................475 LAG Port Selection Example...............................................................................................476 Ethertype Selection Example ..............................................................................................477 Inter-vMAN Forwarding Example .........................................................................................479 PBB Network Example .......................................................................................................480 PBB-TE Example...............................................................................................................483

Chapter 14: Web-Based Device Management................................................................................ 487Overview ................................................................................................................................487 Setting Up ScreenPlay.............................................................................................................487 HTTP and HTTPS Setup ....................................................................................................488 Client Setup .....................................................................................................................488 Launching ScreenPlay .......................................................................................................489 ScreenPlay Dashboard .............................................................................................................490 ScreenPlay Common Functions...........................................................................................491 Dashboard Workspace........................................................................................................495 Configuration ..........................................................................................................................496 ConfigurationPorts .........................................................................................................496 ConfigurationVLANs .......................................................................................................500 ConfigurationStacking ....................................................................................................503 ConfigurationSNMP........................................................................................................505 ConfigurationDynamic ACLs ............................................................................................507 Statistics and Monitoring .........................................................................................................510 Statistics & MonitoringEvent Log .....................................................................................510 Statistics & MonitoringPorts............................................................................................511 Statistics & MonitoringQoS .............................................................................................514 Administration ........................................................................................................................514 AdministrationUser Accounts ..........................................................................................515 AdministrationUser Sessions ...........................................................................................519 AdministrationCLI Shell..................................................................................................520 Help ......................................................................................................................................521

Chapter 15: FDB .......................................................................................................................... 523Overview ................................................................................................................................523 FDB Contents ...................................................................................................................523 How FDB Entries Get Added...............................................................................................524 FDB Entry Types ...............................................................................................................524 Differing FDB Table Sizes ..................................................................................................525 Managing the FDB ..................................................................................................................527 Adding a Permanent Static Entry ........................................................................................527 Configuring the FDB Aging Time.........................................................................................527 Clearing FDB Entries .........................................................................................................527 Managing Multiple Port FDB Entries ...................................................................................528 Supporting Remote Mirroring..............................................................................................528 Displaying FDB Entries ............................................................................................................529 MAC-Based Security................................................................................................................529 Managing MAC Address Learning........................................................................................530 Managing Egress Flooding..................................................................................................531

12


Contents Displaying Learning and Flooding Settings...........................................................................533 Creating Blackhole FDB Entries ..........................................................................................533 Multicast FDB with Multiport Entry ...........................................................................................534

Chapter 16: Virtual Routers.......................................................................................................... 537Overview ................................................................................................................................537 Types of Virtual Routers .....................................................................................................538 User Virtual Router Configuration Domain............................................................................539 Managing Virtual Routers .........................................................................................................540 Creating User Virtual Routers .............................................................................................540 Configuring Ports to a Single or to Multiple Virtual Router(s) .................................................540 Adding Routing Protocols to a Virtual Router........................................................................541 Displaying Ports and Protocols............................................................................................542 Configuring the Routing Protocols and VLANs ......................................................................542 Virtual Router Configuration Example ........................................................................................543

Chapter 17: Policy Manager ........................................................................................................ 545Overview ................................................................................................................................545 Creating and Editing Policies....................................................................................................545 Using the Edit Command ...................................................................................................546 Using a Separate Machine .................................................................................................546 Checking Policies ..............................................................................................................546 Refreshing Policies............................................................................................................547 Applying Policies ....................................................................................................................547 Applying ACL Policies........................................................................................................548 Applying Routing Policies ..................................................................................................548

Chapter 18: ACLs ........................................................................................................................ 549Overview ................................................................................................................................549 ACL Rule Syntax .....................................................................................................................550 Matching All Egress Packets...............................................................................................551 Comments and Descriptions in ACL Policy Files ...................................................................552 Types of Rule Entries.........................................................................................................553 Match Conditions ..............................................................................................................553 Actions.............................................................................................................................553 Action Modifiers................................................................................................................554 ACL Rule Syntax Details ....................................................................................................556 IPv6 ACL Address Masks ...................................................................................................562 vMAN ACLs ............................................................................................................................562 vMAN ACL Actions ............................................................................................................563 vMAN ACL Action Modifiers ...............................................................................................563 vMAN ACL Examples .........................................................................................................564 Layer-2 Protocol Tunneling ACLs ..............................................................................................566 ACL Byte Counters ..................................................................................................................566 Dynamic ACLs ........................................................................................................................567 Creating the Dynamic ACL Rule ..........................................................................................568 Configuring the ACL Rule on the Interface ...........................................................................569 Configuring ACL Priority.....................................................................................................570


13

Contents ACL Evaluation Precedence......................................................................................................573 BlackDiamond 10808 and BlackDiamond 12800 Series Switches Only .................................573 BlackDiamond 8800 Series Switches, SummitStack, and the Summit Family of Switches Only 574 Applying ACL Policy Files ........................................................................................................576 Displaying and Clearing ACL Counters .................................................................................576 Example ACL Rule Entries .................................................................................................576 ACL Mechanisms ....................................................................................................................579 ACL Masks and Rules ........................................................................................................580 ACL Slices and Rules ........................................................................................................586 Policy-Based Routing ..............................................................................................................597 Layer 3 Policy-Based Redirect ............................................................................................597 Layer 2 Policy-Based Redirect ............................................................................................599 Policy-Based Redirection Redundancy.................................................................................601 ACL Troubleshooting ...............................................................................................................604 Unicast Reverse Path Forwarding with ACLs ..............................................................................605 uRPF Disabled on a Switch ................................................................................................605 uRPF Enabled on a Switch in Loose Mode ...........................................................................606 uRPF Enabled on a Switch in Strict Mode ...........................................................................606

Chapter 19: Routing Policies ....................................................................................................... 607Overview ................................................................................................................................607 Routing Policy File Syntax..................................................................................................607 Applying Routing Policies ..................................................................................................612 Policy Examples ................................................................................................................612

Chapter 20: QoS and HQoS .......................................................................................................... 617Overview ................................................................................................................................617 Applications and Types of QoS ...........................................................................................617 Traffic Groups...................................................................................................................619 QoS Profiles .....................................................................................................................623 Meters .............................................................................................................................626 Egress Port Rate Limits .....................................................................................................626 Egress Queue Rate Limits ..................................................................................................627 Bi-Directional Rate Shaping ...............................................................................................627 Configuring QoS......................................................................................................................629 QoS Configuration Guidelines .............................................................................................630 Changing the 802.1p Priority to QoS Profile Mapping ...........................................................630 Replacing 802.1p Priority Information on Egress..................................................................631 Enabling and Disabling 802.1p Examination .......................................................................632 Enabling and Disabling Diffserv Examination .......................................................................633 Changing the DSCP to QOS Profile Mapping ........................................................................633 Replacing a DSCP on Egress ..............................................................................................634 DiffServ Example ..............................................................................................................635 Configuring a Source Port ..................................................................................................635 Configuring a Source VLAN ................................................................................................636 Creating an ACL Meter.......................................................................................................636 Configuring an ACL Meter ..................................................................................................636 Associating a Meter with an ACL.........................................................................................637 Configuring Egress Port Rate Limiting .................................................................................637 Configuring Egress Queue Rate Limiting ..............................................................................639 Configuring Bi-Directional Rate Shaping..............................................................................640

14


Contents Verifying QoS Configuration and Performance ............................................................................640 Verifying Port and VLAN QoS Settings .................................................................................641 Displaying QoS Profile Information......................................................................................641 Displaying Meters..............................................................................................................641 Monitoring Performance.....................................................................................................642 Hierarchical QoS .....................................................................................................................642 Overview...........................................................................................................................643 Setting the HQoS Mode .....................................................................................................645 HQoS Implementation .......................................................................................................645 Guidelines for Using Ingress-Only and Ingress and Egress HQoS ............................................650 Configuring HQoS Ingress and Egress Queues ......................................................................651 Displaying HQoS ...............................................................................................................654 HQoS Examples ................................................................................................................656

Chapter 21: Network Login .......................................................................................................... 671Overview ................................................................................................................................671 Web-Based, MAC-Based, and 802.1x Authentication............................................................672 Multiple Supplicant Support ..............................................................................................673 Campus and ISP Modes .....................................................................................................674 Network Login and Hitless Failover .....................................................................................674 Configuring Network Login .......................................................................................................675 Enabling or Disabling Network Login on the Switch ..............................................................676 Enabling or Disabling Network Login on a Specific Port ........................................................676 Configuring the Move Fail Action ........................................................................................676 Displaying Network Login Settings ......................................................................................677 Exclusions and Limitations.................................................................................................677 Authenticating Users ...............................................................................................................677 Local Database Authentication .................................................................................................678 802.1x Authentication.............................................................................................................681 Interoperability Requirements.............................................................................................682 Enabling and Disabling 802.1x Network Login .....................................................................683 802.1x Network Login Configuration Example......................................................................683 Configuring Guest VLANs ...................................................................................................684 Post-authentication VLAN Movement ..................................................................................687 802.1x Authentication and Network Access Protection .........................................................687 Web-Based Authentication .......................................................................................................691 Enabling and Disabling Web-Based Network Login ...............................................................691 Configuring the Base URL..................................................................................................692 Configuring the Redirect Page ............................................................................................692 Configuring Proxy Ports......................................................................................................692 Configuring Session Refresh ...............................................................................................693 Configuring Logout Privilege ...............................................................................................693 Configuring the Login Page ................................................................................................693 Customizable Authentication Failure Response ....................................................................695 Customizable Graphical Image in Logout Popup Window .......................................................696 Web-Based Network Login Configuration Example ................................................................696 Web-Based Authentication User Login.................................................................................697 MAC-Based Authentication ......................................................................................................699 Enabling and Disabling MAC-Based Network Login ...............................................................700 Associating a MAC Address to a Specific Port ......................................................................700 Adding and Deleting MAC Addresses...................................................................................700


15

Contents Displaying the MAC Address List ........................................................................................701 Configuring Reauthentication Period ...................................................................................701 Secure MAC Configuration Example ....................................................................................701 MAC-Based Network Login Configuration Example................................................................702 Additional Network Login Configuration Details ..........................................................................703 Configuring Netlogin MAC-Based VLANs..............................................................................703 Configuring Dynamic VLANs for Netlogin .............................................................................705 Configuring Netlogin Port Restart........................................................................................707 Authentication Failure and Services Unavailable Handling ....................................................708

Chapter 22: Security ................................................................................................................... 711Overview ................................................................................................................................711 Safe Defaults Mode .................................................................................................................713 MAC Security..........................................................................................................................713 Limiting Dynamic MAC Addresses.......................................................................................714 MAC Address Lockdown .....................................................................................................717 MAC Address Lockdown with Timeout .................................................................................717 DHCP Server ..........................................................................................................................722 Enabling and Disabling DHCP ............................................................................................722 Configuring the DHCP Server..............................................................................................722 Displaying DHCP Information .............................................................................................723 IP Security .............................................................................................................................723 DHCP Snooping and Trusted DHCP Server...........................................................................724 Source IP Lockdown ..........................................................................................................728 ARP Learning ...................................................................................................................730 Gratuitous ARP Protection..................................................................................................732 ARP Validation..................................................................................................................734 Denial of Service Protection .....................................................................................................735 Configuring Simulated Denial of Service Protection ..............................................................736 Configuring Denial of Service Protection ..............................................................................736 Protocol Anomaly Protection...............................................................................................737 Unicast Reverse Path Forwarding........................................................................................738 Authenticating Management Sessions Through the Local Database ..............................................743 Authenticating Management Sessions Through a TACACS+ Server ...............................................743 Configuring the TACACS+ Client for Authentication and Authorization ....................................744 Configuring the TACACS+ Client for Accounting ...................................................................746 Authenticating Management Sessions Through a RADIUS Server .................................................749 How Extreme Switches Work with RADIUS Servers ...............................................................750 Configuration Overview for Authenticating Management Sessions ...........................................751 Authenticating Network Login Users Through a RADIUS Server ...................................................751 How Network Login Authentication Differs from Management Session Authentication ..............752 Configuration Overview for Authenticating Network Login Users .............................................752 Configuring the RADIUS Client .................................................................................................753 Configuring the RADIUS Client for Authentication and Authorization ......................................753 Configuring the RADIUS Client for Accounting .....................................................................755 RADIUS Server Configuration Guidelines ...................................................................................756 Configuring User Authentication (Users File)........................................................................756 Configuring the Dictionary File ...........................................................................................765 Configuring Command Authorization (RADIUS Profiles).........................................................766 Additional RADIUS Configuration Examples .........................................................................768

16


Contents Implementation Notes for Specific RADIUS Servers..............................................................772 Setting Up Open LDAP ......................................................................................................774 Configuring a Windows XP Supplicant for 802.1x Authentication.................................................779 Hyptertext Transfer Protocol .....................................................................................................780 Secure Shell 2........................................................................................................................780 Enabling SSH2 for Inbound Switch Access ..........................................................................780 Viewing SSH2 Information .................................................................................................783 Using ACLs to Control SSH2 Access ...................................................................................783 Using SCP2 from an External SSH2 Client ..........................................................................785 Understanding the SSH2 Client Functions on the Switch ......................................................786 Using SFTP from an External SSH2 Client ...........................................................................787 Secure Socket Layer ................................................................................................................788 Enabling and Disabling SSL ...............................................................................................789 Creating Certificates and Private Keys .................................................................................789 Displaying SSL Information ................................................................................................791

Chapter 23: CLEAR-Flow .............................................................................................................. 793Overview ......................................................

extremexos concepts guide software version 12.1.2_100272-00 rev 03

Documents