user guide intel® netstructure™ 6000 switch a19070-001

A19070-001

Intel®NetStructure™ 6000SwitchUser Guide

Intel® N

etStructure™

6000 Sw

itchU

ser Guide

Copyright © 2000, Intel Corporation. All rights reserved.Intel Corporation, 5200 NE Elam Young Parkway, Hillsboro OR 97124-6497

Information in this document is provided in connection with Intel® products. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document. Except as provided in Intel's Terms and Conditions of Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to sale and/or use of Intel® products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. Intel products are not intended for use in medical, life saving, or life sustaining applications. Intel may make changes to specifications and product descriptions at any time, without notice.

*Other product and corporate names may be trademarks of other companies and are used only for explanation and to the owners’ benefit, without intent to infringe.

First Edition May 2000 A19070-001

ContentsUsing the Switch 5

Unpacking the Switch .................................................. 6

Overview ..................................................................... 7

Assessing the Installation Site ................................... 13

Attaching Rack Mount Brackets................................. 13

Setting Up the Chassis .............................................. 14

Troubleshooting ......................................................... 22

Equipment Replacement............................................ 23

Using Intel® Device View 31Overview .................................................................... 32

Installing Intel Device View ........................................ 32

Starting Intel Device View .......................................... 34

Installing a New Device.............................................. 35

Using the Device Tree ............................................... 36

Managing a Switch..................................................... 38

Viewing RMON information........................................ 39

Using the Web Device Manager 41Accessing the Web Device Manager ......................... 43

Navigating the Web Device Manager ........................ 44

View/Configure Device Menu..................................... 50

Configure Management Menu ................................... 66

VLAN Menu................................................................ 74

Routing Menu........................................................... 100

Reset and Update Menu .......................................... 114

Help Menu................................................................ 119

2

C o n t e n t s Intel® NetStructure™ 6000 Switch User Guide

2

Using Local Management 121Connecting the Switch.............................................. 122

The RS-232 Port ...................................................... 123

The RJ-45 Management Port ................................... 126

Setting a Password .................................................. 127

Setting the IP Address.............................................. 130

BOOTP/RARP and DHCP Client ............................. 131

BOOTP Relay Agent ................................................ 133

Command Console Interface.................................... 134

Accessing the Command Console through Telnet ... 136

Serial Line IP Connections (SLIP)............................ 137

Point-to-Point Protocol (PPP)................................... 138

Domain Name Service ............................................. 140

Diagnostics............................................................... 142

Upgrading the Firmware........................................... 143

Managing the Switch 145Layer 2 Switching ..................................................... 146

Link Aggregation ...................................................... 146

Aggregated Port Numbers........................................ 155

Virtual LANs (VLANs)............................................... 156

Spanning Tree Protocol............................................ 166

IGMP Snooping ........................................................ 172

Port Mirroring............................................................ 176

Layer 2 Frame Prioritization ..................................... 177

SNMP Agent............................................................. 178

RMON ...................................................................... 182

NVRAM Backup ....................................................... 182

SYSLOG................................................................... 184

3

3

C o n t e n t s Intel® NetStructure™ 6000 Switch User Guide

Broadcast and Multicast Storm Control ................... 185

Layer 3 Switching & Routing.................................... 187

IP Access Control .................................................... 187

Routing Management............................................... 192

GateD....................................................................... 194

Appendix A: Command Reference 211

Appendix B: GateD Reference 305Interfaces ................................................................. 306

Adding Static Routes ............................................... 308

RIP Configuration..................................................... 309

RIP Interface Configuration...................................... 310

OSPF Configuration................................................. 311

Configuring ASE Routes .......................................... 312

Configuring the Backbone........................................ 313

Configuring OSPF Interfaces ................................... 314

Virtual Links ............................................................. 315

OSPF Neighbor Table.............................................. 317

OSPF Area Link State Advertisement Database ..... 321

Route Table ............................................................. 322

Appendix C: Technical Information 325Support Services...................................................... 326

Regulatory Information............................................. 329

Limited Hardware Warranty ..................................... 330

Index 333

Using the Switch

Topic See Page

Unpacking the Switch 6

Overview 7

Assessing the Installation Site 13

Attaching Rack Mount Brackets 13

Setting Up the Chassis 14

Front Panel LEDs 21

Troubleshooting 22

Equipment Replacement 23

C H A P T E R 1 Intel® NetStructure™ 6000 Switch User Guide

6

Unpacking the Switch The chassis shipping carton contains the following items:

• Intel® NetStructure™ 6000 Switch chassis, with the fan assem-bly, one power supply and four AC power cords.

• Carrier Tray

• Control Processor (CP)

• Null modem cable for RS-232 Port

• Rack mount kit

• A pouch that includes

-Rubber adhesive-backed feet

-Product registration card

-The Intel® NetStructure™ 6000 Switch Quick Start

-The Intel® NetStructure™ 6000 Switch User Guide for the Gigabit and Fast Ethernet Modules

-The Intel® NetStructure™ 6000 Switch User Guide

-Late-breaking News

-The Intel® Device View CD-ROM.

Separate cartons include: an optional CP module, and, Gigabit Ethernet and Fast Ethernet modules that were ordered.

Note Do not unpack the modules until you are ready to install them in the chassis.

• Additional power supplies with AC power cords, if purchased. (Each power supply is shipped in a separate carton.)

C H A P T E R 1 Using the Switch

7

Overview

The chassis has five module slots. The bottom slot is reserved for the carrier tray which holds the primary and optional secondary control processors (CPs). The other slots may contain up to four I/O modules, which can be placed in any of the remaining slots. The table below describes the available modules.

I/O Modules

Available Modules per Chassis

Available Ports per Chassis

Features per Slot

1000Base-SX Switch Module

4 32 Eight-port full-duplex switched Gigabit Ethernet module

MODULES

CONTROL PROCESSORS

POWER SUPPLIES

AC POWER CONNECTION BACK

RS-232 PORT

10/100 ETHERNET (RJ-45) P

ORT

FAN ASSESMBLY


8

Each module and each CP has Light Emitting Diodes (LEDs) which are used to designate various board status. See the Intel® NetStructure™ 6000 Switch User Guide for the Gigabit and Fast Ethernet Modules for detailed information on the LEDs for each module.

1000Base-LX/1000Base-SX Switch Module

4 32 Eight-port full-duplex switch Gigabit Ethernet module with four LX and four SX ports.

10/100Base-TX Switch Module

4 96 100Base-TX Ethernet module containing 24 switched RJ-45 ports.

100Base-FX Module

4 48 100Base-FX Ethernet module containing 12 SC Fiber Optic connectors.

ControlProcessor

2 N/A Each contains one RS-232 (DB9) connector and one RJ-45 10/100 Ethernet management port.

I/O Modules

Available Modules per Chassis

Available Ports per Chassis

Features per Slot


9

The chassis also includes the cooling system which is made up of a series of three fans. The three fans are contained in a single fan module. The fan module is hot swappable and can be easily replaced. See “Fan Assembly Replacement” for instructions on replacing a fan assembly.

Warning Only fan assembly modules identified as “Hot Swappa-ble Fan” on the front of the chassis can be replacedwithout powering down the switch.

The power supply system consists of up to three individually replaceable power modules.

Note Dual power supplies are recommended for proper operation of four media modules.

In order to implement a redundant power supply system, any two of the three possible power supplies can be used to power the system. In the case where redundancy is required, the supplies load balance. Should one power supply fail, the other assumes the entire load.

Each power supply module may be replaced without turning off power to the switch. See “Installing Power Supplies” for instructions on replacing a power supply.

Redundant Control Processors

The CP module occupies one half of the control processor slot. Using two CP boards, creates a redundant CP system. This allows the switch to support hot standby CP board that takes over should the first CP board fail during normal operation. (In addition, the crossbar logic is duplicated on each CP board, eliminating single points of failure within the chassis.)

Each CP board contains a high-speed crossbar for moving data between boards connected to the backplane.

An RS-232 port is included for connection to a remote terminal or modem. A 10/100 Ethernet management port is also included for out-of-band management and firmware upgrades. This Ethernet port is not part of the switching fabric.


10

Fault Tolerance

The switch has a fault tolerant design to reduce network downtime with redundant fans, load-sharing power supplies, hot-swappable I/O and power modules. Non-volatile RAM (NVRAM) is available for backup and restoration of system parameters. See Chapter 5 for instructions on using the NVRAM backup commands.

Switch Management

Command line vs. Web browser

The switch is managed using a command-line interface or using a Web browser.

• Command Line Interface

The CP module supports a command-line interface through the serial port or via Telent through the 10/100 management port. The command-line interface enables local or remote unit installation and maintenance. A set of system commands allows effective monitoring, configuration and debugging of the device. See “Accessing the Command Console Interface” in Chapter 4 for more information about the management features.

• Web Device Manager

The Web Device Manager provides access to the switch’s configuration, administration and statistics through a Web browser. See Chapter 3 for details.

Layer 2 Switching

Layer 2 switching moves packets through the switching fabric based upon the destination MAC address of the packet. The switch supports wire-speed Layer 2 switching for all network protocols.

The functionality of the Layer 2 switching operates in the context of a single switched network segment. Multiple Virtual LAN (VLAN) operation and switching within a VLAN are discussed in Chapter 3 and Chapter 5.


11

Layer 3 Switching

Layer 3 switching performs a function similar to Layer 2 switching, except it looks at the network layer information rather than the destination MAC address. To improve the usability of the switch, it uses routing protocols to communicate existing routes to hosts and to coordinate route information with other routing devices.

The routing capability must be considered for all network layer protocols supported by the switch. For each network layer protocol one or more routing protocols may be invoked. For the Internet Protocol (IPv4), these protocols are RIP v1, RIP v2, and OSPF.

The functionality of Layer 3 switching relies upon the use of VLANs to define network segments. Routing occurs between the network segments. VLAN operation is discussed in Chapter 3 and Chapter 5.

Link Aggregation

The 6000 switch supports the 802.3ad draft link aggregation specification. Link Aggregation allows two or more physical ports on the switch to be grouped together to provide a single, aggregated port that has the combined bandwidth of the individual ports. Link Aggregation is useful when making connections between switches, stacks or to connect servers to the switch.An added benefit of Link Aggregation is increased performance, increased resiliency and fault tolerance. See Chapter 3 and Chapter 5 for instructions on configuring Link Aggregation.

Virtual LANs

Virtual LAN (VLAN) capability allows for the grouping of ports together into logical groups. Any port can be assigned to one or more virtual LANs, allowing effective reconfiguration without physically moving cables. The switch limits forwarding database (FDB) misses and broadcast and multicast traffic within a VLAN. The switch conforms to the IEEE 802.1Q definition of a VLAN aware bridge in a virtual bridge local area network. See Chapter 3 and Chapter 5 for instructions on setting up VLANs.


12

Spanning Tree ProtocolThe 6000 switch supports multilayer Spanning Trees.The IEEE 802.1D specification Spanning Tree Protocol allows switches or bridges to eliminate duplicate paths and loops in a network. However, the Spanning Tree Protocol must be operational on other bridges and switches throughout the network. The switch also supports 802.1s, a supplement to 802.1Q, that provides for multiple instances of Spanning Tree to run on a switch that has multiple VLANS. Each VLAN acts as a separate bridge or virtual bridge.

See Chapter 3 and Chapter 5 for more information on setting up the Spanning Tree Protocol.

Built-in SNMP

The switch supports standard management approaches, including SNMP, out-of-band management through an RS-232 console port or modem, and through a TELNET session. An extensive set of supported SNMP Management Information Bases (MIBs) includes:

• MIB II (RFC 1213)

• Four-group RMON 1 (RFC 1757)

• Etherlike MIB (STD50)

• RIP version 2 MIB (RFC 1724l)

• Bridge MIB (RFC 1493),

• Q-Bridge MIB

• OSPF MIB (RFC 1850)

• Link Aggregation MIB (802.3ad)

• IP Forwarding Table MIB (RFC 2096)

• Intel® proprietary MIB

See Chapter 5 for information on the SMNP agent commands.


13

Assessing the Installation SiteTo operate the switch, the site should have the following facilities:

• Power source to supply 6.0 A @ 125V, 60 Hz, or 3.0 A @ 250V, 50 Hz, for each switch.

• Operating environment temperature between 0º and 40º C (32º F to 104º F).

• Allow at least four inches (4") of space surrounding the switch to provide for proper ventilation.

• Do not exceed humidity levels at 90% non-condensing.

The switch may be placed on a desk or table top, or it may be mounted in a standard 19" equipment rack. Apply the adhesive-backed rubber feet to the bottom of the switch if the switch is placed on a flat surface.

Attaching Rack Mount BracketsTo mount the chassis in an equipment rack, attach the rack mount brackets provided.

1 Remove the four front-most screws on each side of the unit, as shown in the figure above.

2 Fasten the brackets using the screws provided.

Front Panel Screws


14

3 After the brackets are securely fastened, the switch can be mounted into a standard (19") equipment rack.

Caution Fully assembled, the switch weighs over 90 pounds. Mount the chassis prior to installing any modules or power supplies. Always use two people to lift the switch.

Setting Up the ChassisFollow the instructions below to install the Carrier tray, CP, modules and any additional power supplies that were ordered.

Assembled Chassis

MODULES

CONTROL PROCESSORS

POWER SUPPLIES

AC POWER CONNECTION BACK

RS-232 PORT

10/100 ETHERNET (RJ-45) P

ORT

FAN ASSESMBLY


15

Installing the Carrier Tray1 Remove the Carrier tray from the chassis carton.

2 Carefully remove the Carrier tray from the ESD protective bag and place it on a flat surface.

3 Lift the tray up by placing your hands on the sides of the tray or underneath the tray.

4 Carefully slide the tray into the bottom slot of the Chassis (Slot 5).

5 Push the tray back until it connects with the backplane.

Warning The backplane pins are easily bent. Use caution wheninserting the carrier tray to insure proper alignment.

6 Tighten both capture panel screws simultaneously.

Carrier Tray Installation

Carrier TrayGender Adapter Bar

Slot 5


16

Installing the Control Processor Modules 1 Remove the CP from the protective foam and caps.

2 Carefully remove the CP from the ESD protective bag and place it on a flat surface.

Warning Electrostatic Sensitive Device. Do not handle theprinted circuit board unless the working area is staticfree!.

3 Lift the board up by placing both hands on the side of the mod-ule faceplate panel or underneath the tray.

4 Carefully slide the module into the left side of the Carrier tray.

5 Push the module back until it connects with the gender adapter bar on the Carrier tray and the capture panel screws engage the chassis.

Control Processor Installation

Primary CP

Slot 5


17


7 If a secondary CP was ordered, repeat steps 1 through 6 and place the card on the right side of the Carrier tray.

Note If the primary CP fails during boot up on a dual CP system, the secondary CP will not become the primary CP for at least five minutes. When both CPs boot successfully, the secondary CP assumes control within sixty-five seconds after the master CP fails.

Installing Other Modules

The Gigabit Ethernet and Fast Ethernet module may be placed in any of the four remaining slots.

1 Remove the module from the modules’ carton.

2 Carefully remove the module from the ESD protective bag and place it on a flat surface.

Warning Electrostatic Sensitive Device. Do not handle theprinted circuit board unless the working area is staticfree!


4 Remove the blank filler tray from any of the slot bays.

Control Processor Module

CapturePanelScrew

RS-232 Port

Faceplate Panel

10/100 Ethernet Port (RJ-45)

Carrier Ready LED

Primary/Secondary LED

Diagnostics LED

Status LED


18

5 Carefully slide the module into the empty slot.

6 Push the module back until it connects with the backplane and the capture panel screws engage the chassis.

Warning The backplane pins are easily bent. Use caution wheninserting the module to insure proper alignment.


Caution Always place one of the spare blank filler plates in the unused slots. This helps to maintain proper air flow throughout the chassis and keeps it free from dust.

Module Installation

GigabitEthernetModule


19

Installing Power Supplies

If an additional power supply has been purchased, place it in any of the empty power supply bays at the top of the chassis.

Note Intel recommends that for proper operation, you install an additional power supply if there are four media boards.

1 Unpack the power supply from the carton.

2 Loosen the capture panel screws on the face plate of the power supply bay until the face plate can be removed.

3 Using the handle, pick up the power supply with one hand and support it underneath with the other hand.

.

4 Push the power supply into the power supply bay until the cap-ture panel screws engage the chassis.

5 Tighten the capture panel screws simultaneously.

Power Supply Installation

Capture PanelScrews


20

Connecting the Power Cords1 Attach a power cord to each installed power supply.

2 Plug the other end of each power cord into a properly protected AC power source.

Once power is supplied, the switch automatically detects and powers up the modules found in each slot.

Checking Physical Condition

Carefully review the switch installation instructions. Also complete the following physical examination of the switch and its cables:

1 Check the switch for physical damage.

2 Make sure the cables are installed according to instructions.

3 Make sure all connections are secure and complete.

4 Check the cables for possible crimps or excessive wear that may cause electrical short or incomplete connections.

Back Panel


21

Front Panel LEDs

Check the Control Processor (CP) front panel indicators (LEDs).

• The Status LED on the CP board should light solid yellow while the built-in self-test (BIST) sequence is run.

• The Status LED changes to flashing green if no errors are detected.

LED Color Definition

Status Solid Yellow Power up self-test running.

Flashing Yellow Power up diagnostics failed.

Flashing Green Normal Operation - the CP module is operating normally and the media boards have completed their power up cycle.

Solid Green Boot image mode.

Diagnostic Solid Yellow Running built-in self-test (BIST) sequence.

Solid Green Passed built-in self-test (BIST) sequence.

Carrier Ready Solid Green Carrier Board is operating.

Solid Yellow Carrier Board has failed.

Primary/Secondary

Solid Green Designates the active CP.

Solid Yellow Designates the standby CP (requires two CP modules).


22

• The Status LED changes to flashing yellow if an error condition is detected.

• The Status LED maintains a solid green light if the switch boots up in boot image mode instead of the system image. See the Troubleshooting section to diagnose if there is a problem.

Also check the Power Supply LEDs to ensure the power supplies are functioning properly.

See the Intel® NetStructure™ 6000 Switch User Guide for the Gigabit and Fast Ethernet Modules for a description of the module LEDs.

After completing the initial setup and power up, connect the switch to the network, set passwords for non-privileged and privileged mode, and assign an IP address to the switch. See Chapter 4 for details.

TroubleshootingIf the switch fails to operate, determine if there is a physical problem or a problem with the configuration of the switch to the network. This section gives you a quick guide to troubleshooting these problems.

Troubleshooting Checklist

Review the symptoms shown below for possible causes and recommended courses of action when the switch does not function as expected.

LED Color Definition

AC Solid Yellow AC input power present.

DC Solid Green Normal Operation - the power supply is operating normally. DC output is present.


23

Equipment Replacement

Fan Assembly Replacement

A fan failure can cause the chassis temperature to rise above acceptable levels. You are automatically notified on the console when a fan has failed.

Symptom Possible Cause Course of Action

No indicators lighted. Power cord is loose. Check power cord connections.

Power supply is faulty.

Refer to “Power Supply Replacement” for instructions on diagnosing power supply problems and replacing a power supply.

Module has failed three times in a row.

Use show sysfails command to detect failed module.

CP slot OK but other slots have no indicator lights

Bad board Use show sysfails command to detect failed module or power supply.

Power supply faulty

Incompatible firmware version.

Use show version command to detect firmware version.

CP LED display is solid green.

Processor is in boot image mode instead of system image mode.

Reload firmware from Intel Web site.

Failure reported in one or more diagnostic tests.

Internal hardware is faulty.

Contact Customer Support.


24

Type the non-privileged show sysfails command at the command line to display which of the three fans has failed.

6000 Switch>#>show sysfails

Fan Failure at Tue 6/8/99 12:59

Fan 2 had failed, and is still failing.

Note If the maximum operating temperature does not exceed 40º C (104º F), the switch continues to operate for the periods described in the following table Type show temperature at the command line to view the current switch temperature.

The following messages warn of impending shutdowns.

• Trigger: temperature sensor has reached 44º C

Warning: The switch temperature has reached 44º C. Automatic shutdown will occur at 48º C.

In Intel Device View, this is a yellow warning alert. This message is sent every five minutes until the temperature drops below 44º C or reaches 46º C.

• Trigger: temperature sensor has reached 46º C.

Critical Warning: The switch has reached 46º C. Automatic shutdown will occur at 48º C.

In Intel Device View, this is a yellow warning alert. This message is sent every minute until the temperature drops below 46º C or reaches 47º C.

• Trigger: temperature sensor has reached 47º C.Critical Warning: The switch temperature has reached 47º C. Automatic shutdown will occur at 48º C.

In Intel Device View, this is a red warning alert. This message is sent every one minute until the temperature drops below 47º C or reaches 48º C.

Number of Failed Fans Shut-down Time

1 None

2 12 hours

3 1 hour


25


Critical Warning: The switch temperature has reached 47º C. Automatic shutdown has commenced.

In Intel Device View, this is a red warning alert.

• Trigger: temperature sensor has reached 44, 46 or 47º C and then has dropped back to 43º C.

Critical Warning: The switch temperature has dropped below critical limits. The temperature is now 43º C.

In Intel Device View, this is a green alert. When one or two fans have failed, the warning messages are:


Critical Warning: The switch has reached 38C. Automatic shutdown will occur at 40º C.

In Intel Device View, this is a red warning alert. This message is sent every minute until the temperature drops below 38º C.


Critical Warning: The switch has reached 39ºC. Automatic shutdown will occur at 40º C.

In Intel Device View, this is a red warning alert. This message is sent every minute until the temperature drops below 38º C.

To replace the fan assembly

Warning Only fan assembly modules identified as “Hot Swappa-ble Fan” on the front of the chassis can be replacedwithout powering down the switch.

1 Locate the fan assembly on the front panel of the chassis.

2 Unscrew the capture panel screws on the fan assembly panel.

3 Grasp the fan assembly with both hands and carefully pull it out from the backplane.


26

4 Lift the fan assembly and place it safely on a flat surface.

5 Unpack the replacement fan assembly.

6 Slide the replacement fan assembly back until the capture panel screws engage the chassis.

7 Tighten the capture panel screws.

8 Reattach the power cords to the rear of the chassis.

9 Type the non-privileged command clear sysfails after replacing a power supply to reset the show sysfails command.

6000 Switch>#>clear sysfails

The system failure area has been cleared.

Hot Swappable F

an

Capture Panel Screw

Fan Assembly

Fan Assembly Panel

Hot Swappable Fan label


27

Power Supply Replacement

A loss or reduction of power causes a full or partial shutdown of the switch.

Type the show sysfails command at the terminal to determine which of the power supplies has failed.

Type the non-privileged command clear sysfails after replacing a power supply to reset the show sysfails command.

6000 Switch>#>clear sysfails

The system failure area has been cleared.

Caution If the switch has two power supplies, place the replace-ment in the empty power-supply bay before removing one of the power supplies. This prevents the switch from powering down during hot swap of the power sup-plies.

To replace a power supply

1 Loosen the capture panel screws on the front of the power sup-ply.

2 Using the handle, pull out the power supply with one hand and

Capture Panel

Power Supply


28

grab it underneath with the other hand.

3 Place the power supply on a flat surface.

4 Unpack the replacement power supply.

5 Place one hand on the handle and the other hand underneath to lift the power supply.

6 Carefully slide the power supply into the power supply bay.

7 Tighten the capture panel screws simultaneously.

8 If returning the power supply, pack the original power supply in the materials provided for the replacement power supply.

Note If a power supply bay is to remain empty, be sure to install the blank power supply face plate provided. This protects the chassis from dust.

Replacing a Control Processor Module

1 Remove the Control Processor from the carton.

2 Carefully remove the Control Processor from the ESD protec-tive bag and place it on a flat surface.

Warning Electrostatic Sensitive Device. Do not handle theprinted circuit board unless the working area is staticfree!.

Secondary Control Processor Installation

Secondary CP


29


4 Carefully slide the module into the empty side of the Carrier tray.

5 Push the module back until it connects with the gender adapter bar and the capture panel screws engage the chassis.


Note If the primary Control Processor fail to boot up on a dual Control Processor system, the secondary Control Processor will not become the primary Control Processor for at least five minutes. When both Control Processors boot success-fully, the secondary CP assumes control within sixty-five seconds after the master CP fails.

Replacing Modules

1 Disconnect the network interface cables from the module ports.

2 Loosen the capture panel screws on either side of the module face plate.

GigabitEthernetModule


30

3 Pull the module out, away from the backplane.

Warning Electrostatic Sensitive Device. Do not handle theprinted circuit board unless the working area is staticfree!

4 Place the module on a flat surface until you have removed the replacement module from the packing materials.

5 Remove the replacement module from the ESD protective bag.

6 Lift the module up by placing your hands on either side of the module face plate panel. Again, be careful not to touch the cir-cuit area.

7 Carefully slide the module into the slot.

8 Push the module back until the capture panel screws engage the chassis.


10 Pack the original module in the materials provided for the replacement module.

The modules are hot swappable. Removing and inserting a module does not reset the switch.

When a module is inserted or removed, the following message is displayed on the console, and the status LED on the CPU remains solid green.

6000 Switch>

Configuring system: Do not remove any media modules.

Preparing for hot swap: OK

Warning Do not insert or remove another medial module untilthe Status LED is flashing green. The system resets ifthe Status LED is not flashing.

The following message is displayed if a module is removed or inserted before the Status LED has changed to flashing green:

**************************************************

* Media removal/failure during configuration update

* Resetting system...

**************************************************

�

Using Intel® Device View

Topic See Page

Overview 32

Installing Intel® Device View 32

Starting Intel® Device View 34

Installing a New Device 35

Using the Device Tree 36

Managing a Switch 38

Viewing RMON Information 39


32

OverviewIntel® Device View, versions 2.1.6 or later, lets you manage the Intel® NetStructure™ 6000 Switch and other supported Intel networking devices on your network.

Intel Device View provides these features:

• The ability to configure new network devices

• Graphical device manager for Intel switches, hubs, and routers

• Autodiscovery, which finds supported Intel devices on the network

• The Device Tree, which shows all the supported devices detected on your network

• Remote Network Monitoring (RMON)

• Web or Windows* platform

• Plug-in to HP OpenView*, IBM Tivoli NetView*, and Intel LANDesk® Network Manager.

• Other useful tools such as a TFTP server, Telnet and Ping.

Installing Intel Device ViewBefore you install Intel Device View, make sure your PC meets the system requirements in the Intel® Device View User Guide, which is included on the Intel Device View CD-ROM.

C H A P T E R 2 Using Intel® Device View

33

To install Intel Device View1 Put the Intel Device View CD-ROM in your computer’s CD-ROM

drive. The Intel Device View installation screen appears. If it does not appear, run autoplay.exe from the CD-ROM.

2 Choose the version of Intel Device View you want to install.

• Click Install for Windows to install Intel Device View for use on this PC only.

• Click Install for Web to install Intel Device View on a Web server. You will be able to access the Device View server from any PC on your network with Internet Explorer 4.0x or later.

• Click Install as Plug-in to install Intel network device support for HP OpenView, IBM Tivoli NetView, or Intel LANDesk Network Manager. This option is not available if you don’t have OpenView, LANDesk Network Manager, or NetView installed on the PC.3

3 Follow the instructions on screen in the installation program.


34

Starting Intel Device ViewInstall either the Windows or Web version of Intel Device View.

Windows* version

If you manage devices with Intel Device View from only one location on the network, install the Windows version. From your desktop, click Start, then point to Programs > Intel Device View > Intel Device View - Windows. Intel Device View’s main screen appears.

Web version

If you want to manage devices from any PC on the network using Intel Device View, install the Web version.

• From your desktop, click Start, then point to Programs > Intel Device View > Intel Device View - Web. Intel Device View’s main screen appears.

• To view Intel Device View from another PC on your network, type the following URL, http://servername/devview/main.htm, where servername is the IP address or name of the server where Intel Device View is installed. In the example shown below, the URL is entered into the Address field in Internet Explorer.

Intel Device View’s main screen appears.


35

Installing a New DeviceAfter you’ve installed a new switch on your network, you can use Intel Device View’s Device Install Wizard to configure it for management.

To install and configure a new switch for management1 Start Intel Device View. The Device Install Wizard appears. If it

does not appear, click Install from the Device menu or double-click the appropriate MAC address in the Device Tree under Unconfigured Devices.

2 In the Device Install Wizard - Start screen, click Next.

3 In the Device Install Wizard - MAC Address screen, click the MAC address of the new switch, then click Next.

4 Follow the instructions in the wizard to assign an IP address and a name to the switch.


36

Using the Device TreeWhen you start Intel Device View, the Device Discovery service begins searching for supported Intel network devices on your network. As it discovers devices, the Device Discovery service adds an icon for each device to the Device Tree on the left side of the screen. Different states of the 6000 Switch are represented by unique icons in the Device Tree.

Device Tree icons

Device Tree root

Subnet

Intel NetStructure Switch (non-responding the icon is red)

Unconfigured Intel NetStructure Switch

Group of Intel NetStructure Switches

Intel NetStructure Switch (Layer 3 capable)


37

The Device Tree works much like Windows Explorer. To expand the root or a subnet, click the (+) next to the icon. To collapse the view, click the (-) next to the icon. Double-click a device icon to view the device image.

To add a device to the Device Tree1 Right-click anywhere on the Device Tree.

2 Click Add Device on the menu that appears.

3 In the Add Device dialog box, type the IP address of the switch you want to add.

4 Fill in the other fields, as appropriate.

5 Click OK.

The new switch’s icon appears in the Device Tree.

To refresh the Device Tree1 Right-click anywhere on the Device Tree.

2 Click Refresh on the menu that appears.

Refreshing the Device Tree updates it to show any newly discovered devices and changes in device status.

To delete a device from the Device Tree1 Right-click the device you want to remove from the Device Tree.

2 Click Delete on the menu that appears.

Deleting a device from the Device Tree does not affect the actual device.

To find a device in the Device Tree1 Right-click anywhere on the Device Tree.

2 Click Find on the menu that appears.

3 In the Find Device dialog box, type the IP address of the device you want to find in the tree.

4 Click OK.

The device’s icon is highlighted in the Device Tree.


38

Losing contact with a device

If Intel Device View loses contact with a switch, it replaces the switch icon with the non-responding switch icon. When the non-responding switch icon appears, you will not be able to manage the device in Intel Device View. If you’re unable to ping the device or start a Telnet session, try accessing the switch’s Local Management.

Managing a SwitchTo manage a 6000 switch, double-click the switch icon in the Device Tree. In the example shown below, the switch has been assigned an IP address of 124.123.122.3.


39

The 6000 switch’s Web Device Manager appears in the Intel Device View window. Use the Web Device Manager as described in Chapter 3.

For complete information on using Intel Device View, refer to the program’s on-line help or see the User Guide on the Intel Device View installation CD-ROM.

Viewing RMON informationThe remote monitoring (RMON) specification extends SNMP functionality to look at traffic patterns on the network instead of merely looking at the traffic for an individual device. The following RMON groups are supported:

• Group 1 (Statistics): Monitors utilization and error statistics for each network segment (10 Mbps or 100 Mbps).

• Group 2 (History): Records periodic statistical samples from variables available in the statistics group.


40

• Group 3 (Alarms): Allows you to set a sampling interval and alarm thresholds for statistics. When a threshold is passed, the switch creates an event. For example, you might set an alarm if switch utilization exceeds 30%.

• Group 9 (Events): Provides notification and tells the switch what to do when an event occurs on the network. Events can send a trap to a trap receiving station or place an entry in the log table, or both. For example, when the switch experiences an RMON Event, it sends out an Alarm. The switch also keeps a log that shows a list of the RMON Events and RMON Alarms that have occurred on the switch.

To view RMON statistics1 Right-click the switch’s icon in the Device Tree, then point to

RMON.

2 Click the RMON option you want to view:

You can also access RMON features by using LANDesk Network Manager, or an SNMP application that supports RMON such as OpenView. For more information about using RMON to monitor the switch, refer to the Intel Device View Help.

�

Using the Web Device Manager

Topic See Page

Accessing the Web Device Manager 43

Navigating the Web Device Manager 44

View/Configure Device Menu 50

Configure Management Menu 66

VLAN Menu 74

Routing Menu 100

Reset and Update Menu 114

Help Menu 119


42

The Web Device Manager is built into the Intel® NetStructure™ 6000 Switch, and it lets you use a Web browser to manage and monitor the switch. For example, you can use the Web Device Manager to configure the switch or individual ports, to monitor traffic statistics and utilization and to view and configure switch devices, Virtual LANs (VLANs) and routing.

Note If accessing the Web Device Manager through a serial or terminal connection, always make the connection through the management port instead of a media board port.

The Web Device Manager can be used with the following frame capable browsers: Microsoft Internet Explorer*, versions 4.05 or later and Netscape Navigator*, versions 4.0 or later. The monitor display resolution should be set at 1024 x 768 pixels for best results.

If you are using Microsoft Internet Explorer 4.0 or later, configure the browser to check for newer versions of stored pages each time you load the page.

C H A P T E R 3 Using the Web Device Manager

43

If you are using Netscape 4.0 or higher, configure the browser to compare cached documents to documents on the network every time.

Note The top-level menu is normally collapsed until you right-click to expand the menu items. Some older versions of Netscape browsers are incompatible and limit the mecha-nism for keeping track of open menu items. The Web Device Manager detects these incompatible browsers and expands all menu items.

The menus do not collapse with Netscape for Solaris*, version 4.04 and Netscape for Linux*, version 4.05

Netscape for Solaris, version 4.5 and Netscape for Linux, version 4.61 are compatible.

For additional information about using this interface, see Web Device Manager Help.

Accessing the Web Device Manager1 Type the switch’s IP address in your Web browsers’ address or

location field.

2 Click OK. The password dialog box is displayed.


44

3 Type in the default username priv.

4 The switch is shipped with a “null” password (i.e., no pass-word). Press OK to access the Web Device Manager. If you have not set a basic or privileged password, refer to the Config-ure Management menu later in this chapter for instructions on setting a password.

If you have set a password, type the current privileged password for the switch, then click OK. The Web interface recognizes the password that was set at the console command line.

Note If the basic password is used to login to the switch, you can-not configure or set features on the switch until you have logged in with the privileged password.

5 In the menu on the left, select options to configure and access the various administrative areas of the switch configuration.

Navigating the Web Device Manager1 Click a menu (such as View/Configure Device) on the left side

of the Web Device Manager window to show options.

2 Click an option in the menu. The corresponding screen appears on the right side of your Web browser window.


45


46

Display OptionsHypertext links are displayed in many of the tables. Click the link to access configuration screens for the selected option.

The table below describes the colors used to display port connection information.

Use the browser’s View menu font options to change the text size and display more data in the main frame.

Port Color 10/100 & Gigabit Ethernet

Gray Link Down

Green Link Up

Orange Cross Disabled Port


47

Buttons

Each configuration screen includes various buttons on the bottom of the screen.

Slot DisplayThe top frame displays a graphic of the current module that is installed in the first slot that contains a module.

Click a link under the graphic to configure a port, monitor port statistics, and display module hardware version information. Click Port Help to view port configuration help.

Note To view firmware versions, click the View/Configure menu, then Carrier.

Button Function

Submit Applies the configuration settings on the current screen. Saves the settings to NVRAM.

Reset Clears any changes you made on the current screen and restores the currently applied settings.

Apply Saves the current configuration.

Default Resets the current screen to the factory default settings.

Help Displays help for current screen.


48

Configuring a PortYou can use the Web Device Manager to enable or disable a port, and to change its speed, duplex, and priority settings.

To change port settings

1 Click Port Control under the displayed module.

2 Select the options that you want to change.

• Set Auto-negotiation: Auto-negotiation is enabled by default. Auto-negotiation allows each end of a link to query the other to determine a compatible mode of operation. For example, if both links support full-duplex operation, then the switch can determine this mode. When a link becomes active, the switch determines the highest throughput mode of operation between the two devices.

• State: You can configure any port as up (enabled and allowing data to pass) or down (disabled with no data transmission or reception). All ports are enabled by default.

• Priority: You can set the switch priority queue for packets sent or received on this port. Click the box to select the priority levels. The priority level ranges from seven (7), highest priority) to zero (0), lowest priority. Higher priority frames have precedence over lower priority or untagged frames.

3 Click Submit.


49

Monitor StatisticsUse the Web Device Manager to monitor transmit and broadcast traffic and errors.

To access statistics for a port, click Monitor Statistics below the displayed module.

The table displays the following statistics

• TX MCAST Pkts: Displays the number of multicast packets transmitted. Multicast packets are sent from one node to multiple nodes on a segment.

• TX BCAST Pkts: Displays the number of broadcast packets transmitted.

• TX UCAST Pkts: Displays the number of unicast packets transmitted.

• TX errors: The total number of transmission errors detected since the last switch reboot.

• RX MCAST Pkts: Displays the number of multicast packets received. Multicast packets are sent from one node to multiple nodes on a segment.

• RX BCAST Pkts: Displays the number of broadcast packets received.


50

• RX UCAST Pkts: Displays the number of unicast packets received.

• RX errors: The total number of receive errors detected since the last switch reboot.

Show Version InformationTo view module hardware version information, click Show Version Information under the displayed module.

View/Configure Device MenuUse the View/Configure Device menu to view module configuration information, configure or change basic switch settings, and control and monitor switch traffic.


51

Module informationThe type of modules that are installed in the 6000 switch are displayed in the Slot 1 through Slot 4 menu options. Click a slot number and the graphic changes to the selected module.

The 6000 switch supports two control processors for redundancy. CP A is the control processor on the left side of the chassis. Click CP A, the firmware version and other internal hardware information is displayed. If you have installed a backup control processor, then click CP B to view the same information.


52

Power Supplies & FansTo view power supply and fan status, click the View/Configure menu then Power Supplies & Fans. The Power Supplies, Fans and Temperature screen is displayed.

Note If the maximum operating temperature or high water mark exceeds 48º C (118.4º F), the switch automatically shuts down.

All Ports at a GlanceAll Ports at a Glance is used to view the current module configuration. Every media module that is installed in the switch is graphically displayed. Click any port and the Port Configuration screen is displayed. See Configuring a Port earlier in this chapter.


53

DNS ConfigurationThe switch supports contacting a server running the Domain Name Service (DNS) to substitute host names instead of network IP addresses.

yourcompany.com

192.2.2.150

192.2.2.152


54

To configure DNS

1 Set the DNS default domain name. This permits the use of sim-ple host names instead of network IP addresses each time a switch command is entered.

2 Set the IP address of the primary DNS server.

3 Set a backup DNS server in case the primary DNS server is unavailable. It is not mandatory to specify a backup server. It is provided as a redundancy feature.

4 Click Enable.

5 Click Submit.

Configuring the IP SettingsUse this feature to change the IP address of the switch. The information is stored in NVRAM.

Note Changes to the IP configuration do not take effect until the next reboot of the switch.

The out-of-band port or management port on the front of the CP is identified as interface et0.

In-band through the switched ports is identified by interfaces sw1 through sw4093 and are assigned for each VLAN configured to use IP.

To change the IP address

1 Type the new IP address, subnet mask and broadcast address.

2 Click Submit.


55

To change the default gateway

Note If you do not plan to use the switch for routing, you can set a default gateway.

1 Type the new default gateway address.

2 Click Submit.

Note Gateway changes take effect immediately. Type 0.0.0.0. to delete the default route.

172.21.255.2550.0.0.0

172.21.2.239

172.21.2.239

172.21.255.255

0.0.0.0


56

IP Access ControlAn Access Control List (ACL) is a list of rules used to permit or deny the flow of IP traffic through the network. The rules are created based on source and destination IP addresses.

The order in which rules are applied to an incoming packet is determined by the order that a rule was entered into the ACL. The 6000 switch supports a maximum of 128 filtering rules.

The source IP address and source subnet mask or destination IP address and destination wildcard mask represents a single host or a range of hosts in a network.

A wildcard mask is a method used to define a range of host IP addresses with an accompanying network or subnet IP address. It uses the same notation as the dotted decimal IP address. The wildcard mask cannot overlap with the corresponding network or subnet address

There are two rules that are always placed at the end of the list whether implied or explicitly added to the list.

• permit all all

• deny all all

If the ACL is empty or an end rule has been omitted, the “deny all all” rule is implied.

To add an IP Access Control rule

1 Click the View/ Configure menu, then click IP Access Con-trol. The IP Access Control configuration screen is displayed.

Note Disable ACL before adding rules.


57

2 Click Add to add a rule. A configuration dialog box is dis-played.


58


• Action: Click Permit or Deny to select the type of rule to add.

• Source: Select either Address/Mask, host or all

• Address: For a single device, select Address/Mask, or host. The address must be the designated IP address of the device.

If you select Address/Mask, type the designated IP address of the device in the Address box

If you select host, type the IP address. The wildcard mask is automatically set to 0.0.0.0.

If you select all, the address is automatically set to 0.0.0.0 and the mask is set to 255.255.255.255.

• Mask: The wildcard mask must be 0.0.0.0 or the word host.

• Destination: Select either Address/Mask, host or all

If you select Address/Mask, type the designated IP address of the device in the Address box.

If you select host, type the IP address. The mask is automatically set to the wildcard mask 0.0.0.0.

If you select all, the address is automatically set to 0.0.0.0 and the wildcard mask is set to 255.255.255.255.

• Address: Select the destination Address/Mask or host. The address must be the designated IP address of the device.

• Mask: The wildcard mask must be 0.0.0.0 or the word host.

4 Click Add to add the rule to the rules list. You are returned to the IP Access Control configuration screen.

See the IP Access Control Sample Configuration in Chapter 5 for an example of how to use Access Control Lists.

To place a new rule within an existing list, click a rule to select it then click Add. The Add Rule configuration window is displayed. After configuring the new rule, it is then placed after the rule that was highlighted. If no rule was highlighted, then the rule is placed at the beginning of the list.

5 Click Enable.

6 Click Submit.

You can swap two existing permit or deny rules from their current position to a new position within the rule list.


59

To swap rules

1 Select the rules that you want to swap or reverse order. Use Ctrl-click or Command-click to select the rules that you want to swap.

2 Click Swap.

Note You cannot swap two rules, if one is an end rule.

To delete a rule

1 Click the rule that you want to delete. To select more than one rule, use Ctrl-click or Command-click to highlight the rules that you want to delete.

2 Click Delete.

Port MirroringPort mirroring is a useful diagnostic tool because it allows you to send a copy of the good Ethernet frames transmitted or received on one port to another port. On the second port you can attach a protocol analyzer to capture and analyze the data without interfering with the client on the original port.

To configure Port Mirroring

1 Click the View/Configure menu, then Port Mirroring. The Port Mirroring configuration is displayed.


60


• Status: Click Enabled to activate Port Mirroring.

• Source Port: Type the port number for the port whose traffic you want to mirror. The range is determined by the number of ports installed in the chassis.

• Monitor Port: Type the port number for the port to receive the mirrored traffic. This would be a port to which you have connected a protocol analyzer. The range is determined by the number of ports installed in the chassis.

Note To change port settings, Port Mirroring must be disabled.

3 Click Submit.

BOOTP/DHCP Relay AgentA BOOTP relay agent enables the switch to pass DHCP and BOOTP broadcast messages from one subnet to another.

To configure the BOOTP relay agent

1 Click the View/Configure menu, then BOOTP/DHCP Relay Agent.


61


• BOOTP/DHCP Relay: Click Enabled to activate the relay agent.

• Maximum Number of Hops: Specifies a discard threshold. If a packet has traversed more hops than the value of the hops parameter, the router drops the packets. The range is between one and 16. The default is four. Select a number from the drop-down list.

• Click Submit.

Storm ControlAn excessive number of broadcast or multicast frames on a network can degrade network performance by starving out unicast traffic. Broadcast and multicast storm control is intended to safeguard against this threat by limiting the amount of broadcast and/or multicast traffic that a port is allowed to receive and forward.

To configure storm control

1 Click the View Configure menu, then Storm Control. The Storm Control Status table is displayed.


62

2 Click a port number to change the settings. A dialog box opens.


• Threshold: To protect against broadcast or multicast storms, a broadcast and/or multicast threshold is set for each port. A threshold is a percentage of the maximum bandwidth of the link. The higher you set the threshold percentage, the less effective the protection against broadcast storms. The default broadcast and multicast thresholds are 100 percent, which disables storm control.

Type the Broadcast and Multicast Threshold percentage. The range is one to 100. The default is 100.

• Discard Period: When the broadcast or multicast threshold for a port is exceeded, the switch disables frame reception for a given duration that is equal to the discard duration.

Type the Broadcast and Multicast discard period. The range is zero (0) to 256 seconds.The default is 5 seconds.

4 Click Submit.

Spanning TreeThe IEEE 802.1d specification for Spanning Tree protocol allows switches and bridges to eliminate duplicate paths and loops in a network. The protocol allows the switch to communicate with these other devices and to map the network.


63

The Spanning Tree Protocol controls different states for each port, i.e., listening, forwarding, or blocking.

To configure 802.1d or single spanning tree

1 Click the View/Configure menu, then Spanning Tree. The Spanning Tree configuration screen is displayed.

Note The forwarding database (FDB) should be set for Single VLAN Learning (SVL) mode before configuring 802.1d Spanning Tree. See VLAN FDB for instructions on chang-ing the mode.

2 Click Single in the Type box.

3 Click On to enable Spanning Tree.

4 Click Submit.

5 Click Spanning Tree Configure. The Spanning Tree Configure screen is displayed.


64

6 Type the priority value for the switch. The range is from 0 to 65,335. The device with the lowest number becomes the root device (the starting point for the spanning tree).

7 Click Submit.

To configure the ports

1 Click Port Configure. The Single Spanning Tree Port Config-ure screen is displayed.

2 Set the port cost. Type in a number from 1 to 65535. This value is used by the Spanning Tree Protocol to determine alternate routes in the network to forward traffic. The higher the cost of a port, the lower the chance of this port being used to forward traffic. When possible, give a port a low cost if it is connected to a fast network segment.

3 Set the port priority. Type in a number from 1 to 65535 to set the port’s priority in the Spanning Tree. The higher the value, the lower the chance of this port being used as the root port. If two ports have the same priority value, the Spanning Tree uses the port with the lowest number. For example, the Spanning Tree would choose port 1 over port 4 if they both had the same prior-ity setting.

4 Click Submit.


65

Link AggregationYou can increase the bandwidth to some devices using Link Aggregation. Link Aggregation allows you to combine two or more adjacent ports so that they function as a single high-speed link. Link Aggregation is useful when making connections between switches (or switch stacks) or to connect servers to the switch.

• Aggregate ports must be of the same media type, speed and belong to the same VLAN with the same tag status (tagged or untagged). Refer to VLAN Port Management for more information about VLAN frame tagging.

• The ports must be configured for full-duplex mode

• A maximum of 16 ports can be included in a single aggregation.

• Aggregation is not possible with the RS-232 port or management port.

To configure Link Aggregation

1 Click the View/Configure menu, then Link Aggregation. The Link Aggregation Basic Configuration table is displayed.


66

2 In the Media Port column, click the media ports that are to be aggregated or grouped together.

3 In the Select column, click the Aggregator Port that is to be used as the aggregator link number. Each media port is assigned an aggregator port number, which is the same as the media port number by default. Select the lowest media port number of the group of media ports as the aggregator port number. In the pic-ture above, media ports 1, 2, 3 and 4 are to be grouped together into aggregator link 1.

4 Click Submit.

The Link Aggregation Ports Table, Aggregators Table, Link Aggregation Port Statistics Table and Link Aggregation Ports Debug Table display information detailed in the IEEE 802.3ad draft specification.

For more advanced features of link aggregation, see Chapter 5 and Appendix A.

View CPU ProcessesThe View CPU Processes screen displays the current status of all the active processes in the switch’s multitasking operating system.

Configure Management MenuUse the Configure Management menu to view and set the switch configuration, set the date and time, change the basic and privileged password, Telnet to a terminal or console, ping a device and set SNMP configuration parameters.


67

System at a GlanceThe System at a Glance displays common configuration parameters for the switch.

To view the System at a Glance

1 Click the Configure Management menu, then System at a Glance.

2 Click a link to configure the parameters.


68

Date & TimeTo change the date and time

1 Click the Configure Management menu, then Date & Time. The Date and Time configuration screen is displayed.

2 To change the date, select the month, day and year.

3 To change the time, select the hour, minute, and second.

4 Click Submit.

Password, BasicTo change the basic switch password

1 Click the Configure Management menu, then Password, Basic. The Basic User Password screen is displayed.


69

2 Type the previous password in the Old Password box.

3 Type the new password in the New Password box.

Note The maximum number of characters in a password is 10.

4 Retype the new password in the Verify New Password box.

5 Click Submit.

Password, PrivilegedTo change the privileged switch password

1 Click the Configure Management menu, then Password, Privileged. The Privileged User Password screen is displayed.

2 Type the previous password in the Old Password box.

3 Type the new password in the New Password box.

Note The maximum number of characters in a password is 10.

4 Retype the new password in the Verify New Password box.

5 Click Submit.


70

Telnet to ConsoleYou can connect to the command console interface through Telnet. The switch’s firmware supports multiple simultaneous Telnet connections. The number of sessions is limited by the system resources. Telnet is enabled by default.

To Telnet to another device

1 Click Configure Management, then Telnet. The Telnet Fea-ture screen is displayed.

2 Click Enable to activate Telnet (if it has been disabled).

3 Click Open Console Session to open the Telnet window.

PingPing tests connectivity between the switch and other devices. Successful completion of a ping request indicates that the IP levels of each device are able to communicate with each other. This verifies correct operation of the network interface, interface address information, and any routing between source and destination.


71

To ping to a device

1 Click the Configure Management menu, then Ping. The Ping from Switch configuration screen is displayed.

2 Type in the IP address of the device you want to ping.

3 Select the number of seconds to time-out before a connection is made from the drop-down box. If the device is on a remote net-work, you may need to adjust the timeout in order to receive a response.

4 Click Ping to start the process.

SNMP ConfigurationSNMP Security Level, Community Configuration, and Host Configuration combine to control read, write, and trap access for the managed device. The Community string is used by network management applications to gain access to the SNMP data in the managed device.


72

To access SNMP configuration

1 Click Configure Management, then SNMP Configuration. The SNMP Configuration screen is displayed.

SNMP Community Configuration

To configure SNMP Communities

1 Click Communities. The SNMP Community Configuration screen is displayed.

2 Select the Security Level from the drop-down box. The default setting is 2, which allows stations in the host table to have write access. The other levels are described in the following table.


73

Note Only stations in the host table are able to view and config-ure the switch in Intel® Device View. Changing the default security level prevents this switch from being viewed by Intel Device View.

3 Click the check boxes to select a Community string. The SNMP agent, along with the type of messages that are identified with it (get, set, trap), is referred to as an SNMP community. Each community is identified by a community name The default community settings are defined in the table below.

4 Click Submit

Host Configuration

SNMP hosts provide an additional level of SNMP access control used in verifying SNMP permissions. For get and set operations, the agent verifies that the SNMP management station is in the host list. The list is also used to determine which management stations receive traps. As a configuration option, you can add up to eight IP addresses of network management stations where traps are specifically sent.

Level Behavior

1 Does not verify host in community. Anyone can configure the switch if they know the community string.

2 Verifies host in community for write privileges only.

3 Verifies host in community for read and write privileges.

Community Name Permissions

Public GET

Private SET

Trap GET, SET


74

To configure hosts

1 Click Hosts under SNMP Configuration. The SNMP Host Con-figuration screen is displayed.

2 In the Host box, type in the IP address of the management sta-tions.

3 In the Community box, type in the community where the man-agement station belongs. You can configure up to eight hosts.

4 Click Submit.

VLAN MenuUse the VLAN menu to create and manage VLANs, set VLAN security, configure IGMP Snooping and Spanning Tree for VLANs.

172.21.2.58

172.21.2.58

172.21.2.245

172.21.2. 258

172.21.2.58


75

VLAN Create/Delete To create a VLAN

1 Click the VLAN menu, then VLAN Create/Delete.

2 In the 802.1Q Tag box, type a VLAN identifier (VID).


76

Associate a physical port on the switch to one or more VLAN identifiers (VID). VLANs are assigned a number from 1 to 4,094. This number becomes the VID and the number that is used to identify a VLAN.

3 Type a name in the VLAN Name box (optional)

4 Click Submit.

To delete a VLAN

1 Click the list of VLANs.

2 Select the VLAN from the box that you want to delete.

3 Click Delete VLAN.

VLAN Port Management Use VLAN Port Management to view VLANs, add ports to existing VLANs and configure port tagging.

To View Existing VLANs

1 Click VLAN, then VLAN Port Management. The VLAN Port Management screen is displayed.

2 Click Display VLANs and Configure PVIDs to view all VLANs.

The VLANs are displayed in various colors. The VLAN identifier (VID) with the lowest number is displayed for ports that are members of multiple VLANs. Example: If Port 2 is a member of VLAN 1 (red), 3 (blue) and 5 (yellow), red is displayed in the “member other VLAN” row. Click Color Code Help to match VLANs and colors.

Ports that are members of multiple VLANs are indicated with the MV symbol.


77

Port Type Description

Global Port Refers to all ports in the switch. The first slot with an installed module begins the numbering sequence. A switch with four 8-port Gigabit Ethernet modules, would have ports 1 to 32.

Slot Subport For each module, the ports are numbered from left to right, beginning with Port 1. For example, on a Gigabit Ethernet module, the ports are number 1 to 8.


78

3 Click a slot or global port number to display all VLANs of which this port is a member. A new window opens that displays the default PVID and the VID or VLANs of which the port is a member.

To assign ports to a VLAN

1 Click the VLAN menu, then VLAN Port Management

2 Select a VLAN from the VLAN Port Management list.

3 Click Assign Ports to this VLAN.


79

4 Click the boxes under the port numbers on the Add to this VLAN row.

5 Click Submit.

Configure Port Tagging

A VLAN tagged frame carries an explicit identification of the VLAN to which it belongs. Such a frame is classified as belonging to a particular VLAN based on the value of the VID that is included in the tag header.

When frames are sent across the network, a tag header is used to indicate to which VLAN a frame belongs. This insures that the switch forwards the frame to only those ports that belong to that VLAN.

To configure port tagging

1 Click the VLAN menu, then VLAN Port Management.

2 Select a VLAN from the list.

3 Click Configure Port Tagging. The Configure Port Tagging screen is displayed.


80

4 Check individual ports to tag them for the selected VLAN.

5 Click Submit.

VLAN Interface Configuration

VLANs can be assigned an IP address to allow management of the switch from that VLAN or to route frames between VLANs. This creates a network interface for the switch. The number of VLANs that can be assigned a network interface IP address is limited to 128.

To create a VLAN interface

1 Click the VLAN menu, then VLAN Interface Config.

2 Select a VLAN from the list.

3 Type the IP address, netmask and the broadcast address.

4 Click Enable Routing check box.

VLAN routing configuration allows control of which VLAN IP frames can be routed. For example, it is possible to specify that a particular VLAN cannot be used as the source when forwarding IP frames.

Note If IP routing is disabled for a VLAN, it only applies to ingress or received IP frames. It is still possible for other VLANs to route to the VLAN.


81

VLAN routing configuration can be used in environments where VLANs exist, and those VLANs are given IP addresses for management, but no routing is required. In this environment, IP routing can be disabled for each VLAN.

5 Click Submit.

VLAN Reset

To reset all of the VLANs to the factory default

1 Click the VLAN menu, then VLAN Reset. The VLAN Reset screen is displayed.

2 Click Submit.

VLAN SecurityVLANs are used to limit traffic to a particular area of the network. 802.1Q introduces the concept of tagged frames, where VLAN information is included in the frame. Using tagged frames allows VLAN information to be communicated across multiple switches. Such a VLAN tag includes information for both the VID and the priority of the frame. However, storing VLAN and priority information in the frame can cause security problems.

To configure VLAN security

1 Click the VLAN menu, then VLAN Security. The VLAN Security options are displayed.


82

There are three main modes for setting VLAN security

• 802.1Q ingress checking.

• Trusted and untrusted 802.1Q tag mode.

• Acceptable frame types.

Ingress Checking

An “Enable Ingress Filtering” parameter is associated with each port. If the “Enable Ingress Filtering” parameter is set for a port, the ingress rule discards any frame received on a port from a VLAN that does not include that port within its member set.

To configure Ingress Checking

1 Click Ingress Checks. The VLAN Security Port Ingress Checks screen is displayed.

2 For each port that you want included in ingress checking, click the box under each port on the Ingress Rules Check row.

3 Click Submit.


83

VLAN Security Trusted and Untrusted Ports

Trusted and untrusted 802.1Q tag modes can be used for enhanced security in a VLAN aware network.

Each port in the system has a trusted or untrusted mode for the VID of a tagged frame. In trusted mode, the VID of a tagged frame is always used. In untrusted mode, the PVID of the port is used even if the frame is tagged.

To configure trusted and untrusted frame tagging

1 Click Trusted VID. The VLAN Security Trusted VID screen is displayed.

1 For each port that you want trusted, click the box under each port on the Trusted row.

2 For each port that you want designated untrusted, click the box under each port on the UnTrusted row.

3 Click Submit.


84

Similarly, each port in the system has a trusted or untrusted priority mode. In trusted priority mode, the priority of a tagged frame is always used. In untrusted priority mode, the default port priority is used even if the frame is tagged.

Note To configure the port priority level, see “Configuring a Port” earlier in this chapter.

To configure trusted and untrusted frame tagging

1 Click Trusted Priority. The VLAN Security Trusted Priority screen is displayed.

2 For each port that you want trusted, click the box under each port on the Trusted row.


85

3 For each port that you want designated untrusted, click the box under each port on the UnTrusted row.

4 Click Submit.

VLAN Security Accepted Frame Types

Associated with each port of a VLAN bridge is an “acceptable frame types” parameter that controls the reception of VLAN-tagged and non VLAN-tagged frames on that port. The valid parameters are “accept any frames and “accept only VLAN-tagged frames.

• Accept Any Frames

This is the default setting when there are no rules that apply regarding the format of an ingress frame. Any frame types are accepted.

• Accept only VLAN-tagged frames

When “accept only VLAN-tagged frames” is set, the ingress rule discards any untagged frames or priority-tagged frames received on that port. Tagged frames that are not discarded are classified and processed according to the ingress rules that applies to that port.

This mode can be used to prevent clients from gaining access to VLANs of which they are not a member.

1 Click Accepted Frame Types. The VLAN Security Accepted Frame Types configuration screen is displayed..


86

2 For each port that you want to only accept tagged frames, click the box under each port on the Tagged row.

3 For each port that you want to accept any type frames, click the box under each port on the Any row.

4 Click Submit.

VLAN IGMP SnoopingIGMP Snooping (Internet Group Management Protocol) is a feature that allows the switch to forward multicast traffic intelligently on the switch. Based on the IGMP query and report messages, the switch forwards traffic only to the ports that request the multicast traffic. This prevents the switch from broadcasting the traffic to all ports and possibly affecting network performance.

IGMP requires a router that learns about the presence of multicast groups on its subnets and keeps track of group membership. It is important to remember that multicasting is not connection oriented, so data is delivered to the requesting hosts on a best-effort level of service.

Note IVL mode must be configured prior to configuring IGMP Snooping. See VLAN FDB for instructions on setting IVL mode.

To configure IGMP snooping

1 Click the VLAN menu, then VLAN IGMP Snooping. The IGMP Basic Settings screen is displayed.


87

2 To enable IGMP Snooping, click Enabled. IGMP Snooping is disabled by default.

Note IGMP Snooping must be disabled if SVL mode is invoked.

3 In the IGMP Snooping Age-out Time box, type the amount of time acceptable (in seconds) between IGMP queries since the switch last received an IGMP query from the multicast server. The default value is 330 seconds.

A query allows the server to determine which network hosts are (or want to be) part of the IP multicast group, and are configured and ready to receive traffic for the given application.

4 Click Submit.

In configuring IGMP Snooping

• Identify which switch ports lead to routers and which switch ports lead to interested end-stations.

• Create a separate broadcast domain for each multicast group and include only ports with interested end-stations.

IGMP Snooping operates by recognizing multicast router ports and interested member ports and creating a separate broadcast domain for each multicast group.

Configuring Control Ports

Identifying the router ports is one of the prime features of IGMP Snooping. Once IGMP Snooping is enabled, auto discovery of ports is accomplished through the switch’s routing mechanism by sending ICMP router discovery messages or by snooping on the IGMP query messages sent by the multicast routers. However, in some cases, the multicast router ports may not be identified using auto discovery. Under such conditions, the network administrator needs to manually configure these router ports as control ports.

A control port can be set to one of three modes

• Normal

Normal is the default mode. When the control port is set to “normal” mode, the switch automatically determines if a port has a control element (i.e., switch with IGMP Snooping or router).


88

• Fixed

When auto discovery does not identify a router port, then it needs to be configured in the “fixed” mode. IGMP Snooping forwards host membership reports only on the router ports

• Forbid

The “forbid” mode excludes the port as a multicast router port.

To configure a control port

1 Click the VLAN menu, then VLAN IGMP Snooping. The IGMP Basic Settings screen is displayed.

2 Select the VLAN identifier (VID) of the VLAN that you want to configure.

3 Click Control Ports. The IGMP Snooping Control Port Set-tings for the VLAN that was selected is displayed.


89

4 Click the Control Mode box to set the mode for the port.

5 Click Submit.

Configuring a data port

There are two types of data ports

• All group - A port belongs to all IP multicast groups.

• IP group - A port belongs to a specific IP multicast group.

Data ports can only be set to one of the following modes within a given VLAN:

• Fixed

permanently belongs to all or IP group.

• Forbid

disallow port to become a member of all or IP group.

• Normal

IMGP Snooping determines what group the port belongs to from the received IGMP reports.

When an end station receives an IGMP Query message from the router, it responds with a Host Membership Report for each associated group. The switch marks ports as group member ports if it receives an IGMP Membership Group Report. For IGMP Snooping to work correctly, it is important that an IGMP Membership Report message be forwarded only to router ports.

A separate address class known as Class D is used to identify multicast groups. The Class D address ranges from 224.0.0.0 through 239.255.255.255, with addresses from 224.0.0.x and 224.0.1.x reserved for permanent assignment. Each of these addresses represents a group of IP end stations, also known as a “host group.”

To include or exclude a data port from a particular IP multicast group

1 Click the VLAN menu, then VLAN IGMP Snooping. The IGMP Basic Settings screen is displayed


3 Click Data Ports. The Configure IGMP Data Port screen is displayed.


90

4 In the Select the IP Group box, select an IP multicast group from the list or type a new multicast group IP address in the Add IP Group box.

5 If you typed an IP address of a multicast group, click Add IP Group. The Select Ports for IP Groups windows is displayed.


91

6 Click the mode for each port.

Note The multicast group is not created if all ports are set to ‘Normal” mode.

7 Click Submit.

8 Click Close to return to the Configure Data Ports screen.


92

Viewing IGMP Snooping Status1 Click the VLAN menu, then VLAN IGMP Snooping. The

IGMP Basic Settings screen is displayed


3 Click Status. The IGMP Snooping Status for the selected VLAN is displayed.

VLAN FDBThe 802.1Q standard defines two types of VLAN learning.

• A Shared VLAN Learning Bridge (SVL), uses a single forwarding database that is shared by all VLANs.

• An Independent VLAN Learning Bridge (IVL) uses a separate forwarding database for each VLAN.

Note IVL is required for per VLAN Spanning Tree and can be useful with IGMP snooping (when the same IP group is used on different VLANs).


93

Configure SVL Forwarding Database (FDB)

To configure SVL FDB

1 Click VLAN in the menu, then VLAN FDB. The VLAN For-warding Database screen is displayed.

2 Click FDS Configure. The FDB Configure screen is displayed.

3 Select the options that you want to change

• Learning Mode: Select SVL from the drop-down box.

• Aging: Aging is enabled by default. Click Disable to stop aging.

• Age Time: Change the forwarding database aging time to the number of seconds. The range is from 10 to 32,767 seconds.

4 Click Submit.


94

To add a static entry to the Forwarding Database

1 Click FDB Add/Delete Entry. The FDB Add/Delete Entry screen is displayed.

2 Type the static port number.

3 Type the MAC address of the port.

4 Click Submit.

To delete a static entry

1 Type the static port number.

2 Type the MAC address of the port.

3 Click the Delete check box.

4 Click Submit.


95

Configure IVL Forwarding Database

Note IVL mode must be configured prior to configuring VLAN Spanning Tree.

To configure IVL FDB

1 Click the VLAN menu, then VLAN FDB.

2 Click FDB Configure.


• Learning Mode: Select IVL from the drop-down box.

• Aging: Aging is enabled by default. Click disable to stop aging.

• Age Time: Type an aging time in seconds. The time period is between 10 to 32,767 seconds.

• Enter VLAN Identifier: A separate forwarding database is used for each VLAN. Type the VID in the VLAN identifier box and press Enter The VID is displayed in the VLAN identifier box. Or, select the VLAN identifier (VID) from the drop-down box of the VLAN.

4 Click Submit


96

To view FDB status

1 Click the VLAN menu, then VLAN FDB.

2 Click FDB Status. The VLAN forwarding Database for the selected FDB mode (IVL or SVL) is displayed.

3 Click Refresh to renew the FDB table or Clear to empty the learned entries in the FDB table.


97

VLAN Spanning TreeSpanning Tree per VLAN or PVSTP allows each VLAN to run a separate Spanning Tree with its own Bridge Protocol Data Units (BPDU’s). This allows different ports to be blocked or unblocked based on VLAN membership. Of the 2,048 VLANs, up to 100 PVSTPs can be stored in NVRAM

Note IVL mode must be configured prior to configuring Per VLAN Spanning Tree. See VLAN FDB for instructions on setting IVL mode.

To configure Spanning Tree per VLAN

1 Click the VLAN menu, then VLAN Spanning Tree. The Span-ning Tree configuration screen is displayed.

2 A separate forwarding database is used for each VLAN. Type the VID in the VLAN identifier box or select the VLAN identi-fier (VID) of the VLAN for which the FDB is to be created.

3 Select Per VLAN in the Type box.

4 Select On to enable Spanning Tree.

5 Select the VLAN to configure for Spanning Tree from the drop-down box.

6 Click Submit.


98

7 Click Spanning Tree Configure. The Per VLAN Spanning Tree Configure screen is displayed.

8 Select whether rapid reconfiguration is on or off. If set to On, rapid reconfiguration is triggered by one of two events, either a direct failure of the root port, or receiving an inferior BPDU from the local segment’s designated bridge on the root port link.

Note Rapid reconfiguration should only be used in switches that are end nodes in the Spanning Tree because it may lead to unexpected traffic flows if it is used at the core of the net-work.

9 Type the priority value for the VLAN. The range is from 0 to 65,335.

10 Click Submit.


99

To configure the ports

1 Click Port Configure. The Per VLAN Spanning Tree Port Configure screen is displayed.

2 Set the port cost. Type in a number from 1 to 65535. This value is used by the Spanning Tree Protocol to determine alternate routes in the network to forward traffic. The higher the cost of a port, the lower the chance of this port being used to forward traffic. When possible, give a port a low cost if it is connected to a fast network segment.

3 Set the port priority. Type in a number from 1 to 65535 to set the port’s priority in the spanning tree. The higher the value, the lower the chance of this port being used as the root port. If two ports have the same priority value, the spanning tree uses the port with the lowest number. For example, the spanning tree would choose port 1 over port 4 if they both had the same prior-ity setting.

4 Select On from the Quick Activation drop-down box. Quick Activation is useful when connecting the switch to a device that boots and connects to the switch faster than the 30-second for-warding delay that is the default for Spanning Tree. There is no need to transition through the listening and learning states for ports that connect to end stations.

5 Click Submit.


100

Routing Menu

Use the Routing menu to configure Static Routes and the RIP and OSPF protocols.

Click the Routing menu and the Routing Configuration Tutorial is displayed. This is a useful tutorial for learning how to configure RIP and OSPF through the Web Device Manager.

Saving and Applying Changes

After configuring any of the router configuration screens, you need to follow the instructions below to save the information to NVRAM.


101

To save configuration changes

1 Click Submit, the Configuration Status table changes to “Changes Pending.” The changes apply to the current session only. When you exit the Web Device Manager, all changes are lost.You can click Restore Previous to undo the previous action.

2 Click Apply Change and the messages changes to “Save Pend-ing.” The changes only apply to the current session only. When you exit the Web Device Manager, all changes are lost. Again, you can still click Restore Previous to restore the previous con-figuration.

3 To save the changes to NVRAM, click Save Changes. Restore Previous does not apply.


102

Routing ParametersTo configure Routing

1 Click the Routing menu, then click any Routing option. The Routing Protocols On/Off table is displayed.

2 Click the RIP or OSPF check box to configure either protocol.

3 Click Submit.

4 On the General Routing Configuration screen, set the Router ID for OSPF and the Scan Interval for all of the interfaces.

• If you plan to configure OSPF, type the Router ID in the Router ID box. The Router ID is a 32-bit number assigned to each router running the OSPF protocol. The number uniquely identifies the router within the autonomous system.

• Type the Scan Interval. The scan interval sets the number of seconds indicating how often the system checks for interface changes. This is a global option that affects all interfaces. The range is from 15 to 3600, the default is 60.


103

5 Click Submit, the Configuration Status table changes to “Changes Pending.” The changes apply to the current session only. When you exit the Web Device Manager, all changes are lost.You can click Restore Previous to undo the previous action.

6 Click Apply Change and the messages changes to “Save Pend-ing.” The changes only apply to the current session only. When you exit the Web Device Manager, all changes are lost. Again, you can still click Restore Previous to restore the previous con-figuration.

7 To save the changes to NVRAM, click Save Changes. Restore Previous does not apply.

Static RoutesStatic routes are used when IP routed packets are routed through remote hosts not directly connected to a physical network with its own routing table. If the keyword “default” is used for the destination address, a default route is created. The default route is used whenever there is no specific route to a destination. The network IP address associated with the default route is 0.0.0.0/0.


104

To add a static route

1 Click the Routing menu, then Static Routes. The Add Static Routes screen is displayed.

2 Select the options that you want to change

• Route: Fill in the Address/Length boxes with the destination IP address and length for this route. The length is the mask or prefix length of the netmask address. The length is between one (1) and 32.

• Gateway: The next hop IP address for the static route. It should be on the same subnet as the specified interface.

• Interface: The local interface which is used to send traffic to the static route. It should be attached to the same subnet as the gateway. You must use the actual IP address from a VLAN. The default is 0.0.0.0.

• Pref: The preference of the static route. The default preference for default route is 20, and the default preference for other static routes is 60. The range is zero to 255. The default is 20.

• Type: Select the statically configured route type. The choices are:

- retain: route is retained in forwarding database table after GateD is disabled.

- reject: packets destined to the route are rejected with ICMP sent to the source.

- blackhole: packets destined to the route are rejected silently.

- notinstalled: route is not installed in forwarding database table, but can be exported to other protocols.

- normal: default setting.


105

3 Click Add.

Note The new route is displayed in the View and Modify Static Routes table.

Default Route

The default route is used whenever there is no specific route to a destination. The network IP address associated with the default route is 0.0.0.0/0.

To add a default route

1 Under Add Static Routes, type the IP address 0.0.0.0 in the Address box.

2 Click zero (0) for the length.

3 Click Add. The words “Default Route” are displayed in the Route: Address/Length column.

RIP ConfigurationThe switch supports both RIP version 1, RFC1058, and version 2, RFC2453. It always accepts RIP packets from both versions when RIP is enabled. To send version 2 packets, the specific RIP interfaces need to be configured. Only RIP version 1 packets are sent by default.

To enable RIP

1 Click the Routing menu, then click any Routing option. The Routing Protocols On/Off table is displayed.

2 Check the RIP check box.

3 Click Submit.


106

To configure RIP

1 Click the Routing menu, then RIP Configuration. The RIP Interfaces screen is displayed.

2 In the Protocol Preference box, type the preference. The range is from zero to 255. The default is 100.

3 In the Metric box, type the Metric. The range is from zero to 16. Each RIP routing table entry contains a metric or cost for each destination, called a hop. RIP selects the route with the lowest hop count as the best route. However, the longest hop cannot exceed 15 hops.

4 Click Submit.

5 Click Apply Changes in the Configuration Status table. The changes apply to the current session only.

6 In the Add RIP Interface box, select an IP address from the list.

7 Click Add.


107

8 To save the changes to NVRAM, click Save Changes in the Configuration Status tables.

Configuring OSPFOpen Shortest Path First (OSPF) is a topology-based link-state routing protocol. It provides greater capabilities than RIP. Link-state changes are promptly reported to reflect the topology database changes. OSPF is implemented according to RFC1583.

To configure OSPF:

• Set the Router ID

• Enable OSPF

• Add an OSPF Area

• Configure the OSPF Area

Set the Router ID

Refer to Routing Parameters for instructions on setting the Router ID.

To enable OSPF

1 Click the Routing menu, then click any Routing option, the Routing Protocols On/Off table is displayed.

2 Check the OSPF check box.


108

Adding an OSPF Area

To add an OSPF Area

1 Click the Routing menu, then Areas. The Configure OSPF Area screen is displayed.

2 In the Add OSPF Area table, type the IP address of the area.

3 Click Submit.

4 Click Apply Changes in the Configuration Status table. The changes apply to the current session only.

5 To save the changes to NVRAM, click Save Changes in the Configuration Status tables.


109

To configure OSPF Area

1 Select an area in the Configure OSPF Area table.

2 Click the Interfaces link. Select an interface IP address from the list of valid interfaces in the Add Interface table. The table contains the list of configured VLANs.

3 To add the interface to the Area, click the Add button. The new interface is displayed in the View Interfaces table.

4 To save in NVRAM, click Save Changes. An OK message is displayed and the Configuration Status table changes to “Save Pending.”

Setting OSPF Protocol Preferences

The OSPF Protocol Preference is used to set OSPF protocol preference and allow the router to function as an OSPF Area Border Router (ABR).

To configure OSPF preference

1 Click the Routing menu, then Protocol Preference. The Global OSPF Configuration screen is displayed.


110


• Protocol Preference. It sets the preference for OSPF when importing intra- and inter-area Autonomous System External (ASE) routes into the OSPF routing table. The default is 10.

• Autonomous System Border Router: Areas exchange routing information with other areas within the autonomous system through area border routers. Click Yes to allow the router to be an OSPF autonomous system border router. This setting determines whether OSPF can process input routes from sources other than OSPF.

3 Click Submit.

BackboneOSPF requires that every area connect to the backbone and that every area, including the backbone area, be contiguous.

Before configuring a Virtual Link, the backbone area must be added.

To add the backbone

Note OSPF must be enabled prior to configuring the backbone area.

1 Click the Routing menu, then Backbone.

2 Click Add Backbone The Select OSPF Backbone View config-uration screen is displayed.


111

3 Click Authentication Type and the OSPF Backbone Authori-zation screen is displayed.

OSPF specifies authentication scheme per area. Each interface in the area must use the same authentication scheme although it may use a different authentication key. The current valid values are “None” for no authentication and “Simple” for simple password authentication. The default is none.

Virtual LinksA Virtual Link is used to logically connect an area to the Backbone, when it cannot physically connect to the Backbone. The two end points of a Virtual Link are Area Border Routers (ABR). The Virtual Link must be configured for each ABR.

To configure a Virtual Link:

• Add the Backbone.

• Add the area for each Area Border Router.

• Add the Router ID of the Area Border Router connected to each area.

• Set the transit area used to link the Virtual Link to the Backbone.


112

Add the backbone

1 Click the Routing menu, then click Backbone.

2 Click Add Backbone. The Select OSPF Backbone View con-figuration screen is displayed.

To add the area for the first Area Border Router

3 Click the Routing menu, then Areas. The Configure OSPF Area screen is displayed.

4 In the Add OSPF Area table, type the IP address of the area.

5 Click Submit.

6 Click the Routing menu, then Virtual Links. The OSPF Virtual Link Configuration screen is displayed.


113

7 In the Add VLINK box, type the Router ID of the ABR con-nected to the area.

8 Click Add.

9 Repeat steps 2 through 6 to configure the other Area Border Router.

Add the transit area

1 Click the Routing menu, then Virtual Links. The OSPF Virtual Link Configuration screen is displayed again

2 In the Add Vlink box, type the Router ID to modify the config-uration.

3 Click Add. The Vlink is added to the table.

4 Under the “Click link to modify Virtual Links” title is a table. Click Router ID. The Configure Vlink window opens.

5 Type in the transit area in the Transit Area box. This is the area that is used to link the Virtual Link to the Backbone.

0.0.0.1


114


• authkey: Sets the authentication key for SIMPLE or NONE authentication. The key must be the same network wide. The key is:

- one to eight decimal digits

- one to eight hex digits preceded by 0x, or

- one to eight characters between quotation marks (“”).

• helloInterval: Specifies the interval, in number of seconds, for which the hello packets are sent through the interface. The range is from one to 120 seconds. The default is 10 seconds.

• transitDelay: sets an estimated number of seconds it takes to transmit an Link State Advertisement (LSA) update over the interface. Transmission and propagation delays should be counted. The number is used in LSA age increment before the LSA is sent off from the interface. If the interface has a very low speed link, this needs to be carefully set. The range is from one to 120 seconds. The default is one second.

• retransInterval: It sets the number of seconds between LSA retransmissions. It should be set well over round trip transit delay.The range is from one to 3,600 seconds. The default is 5 seconds.

• deadInterval: It specifies the number of seconds for which a neighbor is believed dead if it is still not heard (no hellos for a period of time). The typical value is four times the hello interval. The range is one (1) to 3,600 seconds. The default is 40 seconds.

7 Click Submit.

For more information on virtual link configuration, refer to Chapter 5 and Appendix B.

Reset and Update MenuUse the Reset and Update menu to reset the system, save configuration information to NVRAM, and update the firmware.


115

ResetTo reset the switch

1 Click the Reset and Update menu, then Reset System.

2 Click Reset Now.

The switch is immediately reset. Click your browser’s Reload or Refresh button to reconnect to the switch.

NVRAM, SaveSave NVRAM backs up the configuration information stored in the non-volatile RAM.


116

To save system configuration information

1 Click the Reset and Update menu, then NVRAM, Save.

2 Click Download NVRAM File. The File Download window is displayed.

3 Click OK. The Save As window is displayed.

4 Type the file name in the File Name box.

The Web Device Manager default NVRAM backup file is nvram.nvr. To uniquely identify the file on your local drive or server, overwrite the file name and identify the file using the IP address of the switch or other unique name.

Note This is in contrast to the command line interface which requires that the NVRAM backup file is identified using the IP address of your switch in uppercase hex format. Refer to Chapter 5 for more information.

5 Click Save.

To restore the NVRAM file

1 Click the Reset and Update menu, then NVRAM, Restore.

2 Click Browse. The Choose File window is displayed.

3 Locate the file to add it to the File Name box.

4 Click Open.


117

5 Click Link State Advertisement to load the NVRAM file.

Updating with the Web Device ManagerThe Web interface is also available for upgrading the control processor, media boards and Web Device Manager.

The files can be downloaded from the Intel Web site prior to upgrading.

Note The file extension is not needed in the command syntax when typing the upgrade command.

To upgrade the Web Device Manager

1 Click the Reset and Update menu, then Upgrade Web Device Manager.

2 If privileged mode is not set, type the default user name “priv” and password in the password dialog box.

3 Click Browse and locate the webpage.bin file.

4 Click Update.


118

To upgrade the CP firmware

1 Click the Reset and Update menu, then Upgrade CP Firm-ware.

2 If privileged mode is not set, enter the default user name “priv” and password in the password dialog box.

3 Click Browse and locate the cprel.bin file.

4 Click Update.

To upgrade the Lookup Engine

1 Click the Reset and Update menu, then Upgrade Lookup Engine.

2 If privileged mode is not set, enter the default user name “priv” and password in the password dialog box.

3 Click Browse and locate the lue.bin fil.e

4 Click Update.


119

Help MenuUse the Help menu for links to Intel Customer Support Web pages and assistance in using the Web Device Manager features.

To access help

1 Click the Help menu, then Help Topics. The Help Topics menu is displayed.

2 Click a topic and instructions on using the feature are described.

3 For further assistance, the Help menu contains a link to the Intel Support Web pages.

� Using LocalManagement

Topic See Page

Connecting the Switch 122

The RS-232 Port 123

The RJ-45 Management Port 126

Setting a Password 127

Setting the IP Address 130

BOOTP/RARP and DHCP Client 131

BOOTP Relay Agent 133

Command Console Interface 134

Accessing the Command Console through Telnet 136

Serial Line IP Connections (SLIP) 137

Point-to-Point Protocol (PPP) 138

Domain Name Service 140

Diagnostics 142

Upgrading the Firmware 143


122

Connecting the SwitchThe Control Processor (CP) offers several network interfaces through three physical interfaces:

• In-band to the switched ports (i.e., onto the backplane)

• A serial port

• An RJ-45 Ethernet/Fast Ethernet management port.

All network communication to the CP is done using TCP/IP.

The serial network interface may be accessed using SLIP or PPP. See “Serial IP Connections (SLIP)” and the “Point-to-Point Protocol (PPP)” in this chapter for detailed information on configuring SLIP and PPP.

All IP interfaces are configurable. Each port’s configuration is independent of any other interface. The IP configuration supports setting of the IP address, Classless Inter-Domain Routing (CIDR) subnet mask and broadcast address. SLIP and PPP interfaces also accept a destination address.

Any port may be configured as up (active and allowing data to pass) or down (inactive with no data transmission or reception). All ports are enabled by default. To disable an individual port, the privileged mode disable port port_number command is used.

Note Refer to “Setting a Password” later in this chapter for infor-mation on privileged mode.

Port numbersThe 6000 switch has five slots. The global port numbers refer to all of the media ports in the switch. The first slot with an installed module begins the numbering sequence. A switch with one 8-port Gigabit Ethernet modules and one 24-port 10/100Base-TX module, would have ports 1 to 32.

Aggregated ports are the same number as the global or media port number by default.The aggregated port number is used with Link Aggregation and other Layer 2 and Layer 3 switching features. Refer to Chapter 5 for more information on aggregated ports and Link Aggregation.

C H A P T E R 4 Using Local Management

123

The table below outlines the port numbers for the switch with one Gigabit Ethernet module and one 10/100 modules.

The Control Processor Module is always identified as port zero (0).

The RS-232 PortThe switch comes with a serial connector on the CP module. This connector provides access to a command console interface or a serial IP network connection using the SLIP and PPP protocols. SLIP and PPP are used for out-of-band management, as a console interface through Telnet, or to upgrade switch system firmware.

SlotMedia Port Numbers

Aggregated PortNumber

Slot 1 (8-port Gigabit Ethernet) 1-8 1-8

Slot 2 (Empty)

Slot 3 (Empty)

Slot 4 (24-port 100Base-TX) 9-24 9-24

Slot 5 (CP) 0

Primary CP Secondary CP

Slot 1

Slot 2

Slot 3

Slot 4

Slot 5

Port 1


124

.

Note A single-shielded null modem, six-foot DB9 female to DB9 female cable, Part Number 654694-001, is included to con-nect the RS-232 port to a terminal.

Connecting a Serial Console

The serial port is a DB9 connector and is wired in the same manner as a personal computer COM port, i.e., Data Terminal Equipment (DTE). When connecting a serial device, use a null modem cable to connect the switch to a remote Data Communications Equipment (DCE) device such as a modem or data service unit (DSU), and use a straight-through cable to connect the switch to a DTE device such as a terminal or PC.

IntelSwitch>


125

The following table is the pinout for serial port and PC port connection.

Default Data Transmission Settings

The default data transmission settings are as follows:

• 9600 baud

• 8 bits

• 1 stop bit

• no parity

You can change the baud rate with the privileged set baud command. The baud rate setting is stored in NVRAM so it is retained across a reset or power cycle.

Note Refer to “Setting a Password” later in this chapter for infor-mation on privileged mode.

A direct connection provides a command line. No other configuration is required.

Switch Serial Port PC Port

DB9 DTE DCE

TXD 2 3

RXD 3 2

GND 5 5


126

The RJ-45 Management Port

An 8-pin 10/100Base-TX Ethernet connection is also available for management of the switch. The management port is not part of the switching fabric.

The following table is the pinout for the RJ-45 connection.

The management port is identified as interface et0.

Pin Function

1 RX+

2 RX-

3 TX+

6 TX-

IntelSwitch>


127

In-band through the switched ports is identified by interfaces sw1 through sw4093 and are assigned for each VLAN configured to use IP. See Chapter 5 for information on VLAN interfaces.

Note For out-of-band management, the privileged disable et0ipfwd command can be used to disable IP forwarding to and from the management port. This provides added secu-rity between the in-band ports and out-of-band management port.The privileged enable et0ipfwd command resumes IP forwarding.

Setting a PasswordA password prompt is displayed after the switch has completed its power up diagnostics.

ROM> ===== 6000 Switch ROM Resident DIAGNOSTICS/STARTUP =====ROM> Waiting for Carrier Ready: OKROM> Processor checksROM> LED/ID/JUMPER checksROM> + CP ID: AROM> + JUMPERS: 000000DROM> LED Display checksROM> RS232 UART checks !"#$%&’()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTU-VWXYZ[\]^_‘abcdefghijklmnopqrstuvwxyz{|}~ROM> Capella Register checksROM> Size Memory = 01000000ROM> Bypassing DRAM checksROM> Copy ’Boot-Image’ from ROM --> DRAM: OKROM> Verify ’Boot-Image’: OKROM> Watchdog/Timer checksROM> PCI 82558 & IPC/PBM checksROM> + i82558 CSR Map range: 0F800000 -> 0F801000ROM> + Detected 82558 MAC Address: 00:40:2f:00:90:00ROM> + IPC/PBM Map range: 00000000 -> 00100000ROM> Bypassing Packet Buffer checksROM> DMA transfer checksROM> Copy Load-Image from ROM --> DRAM Hi-memory: OKROM> Verify Load-Image: OKROM> Waiting for Carrier Lock: OKROM> Validate RELEASE image: OKROM> Copy ’Release-Image’ from NAND --> DRAM: OKROM> Verify ’Release-Image’: OKROM> Released Carrier LockROM> Jump to Release-Image ’C’ BOOT-CODE in DRAMInitializing Powerup Diagnostics...Powerup BIST Diagnostics are run-ning:..........................Powerup BIST Diagnostics Passed 6000 Switch Console BOOTED: Mon 4/7/2000 13:00 PASSWORD:


128

The 6000 switch has two password modes:

• basic

• privileged

The basic password is used to login into the switch after initial boot up. You have limited access to the command line. You can view and display system information with the show or di commands.

The privileged password allows you to configure or set features on the switch.

To add or change the switch’s basic password

The switch is shipped with a “null” password (i.e., no password). Press Enter to get the command console prompt.

6000 Switch>

1 Type set passwdbasic, then press Enter.

2 Type the current password or press Enter.

6000 Switch>#>set passwd

ENTER OLD PASSWORD:

PASSWORD CHANGED

3 Type the characters for the password.

Note A password is limited to 10 alpha or numeric characters.

4 Verify the password by retyping it again.

ENTER NEW PASSWORD:

RETYPE NEW PASSWORD:

If the system accepts the new password, the console displays the message:

PASSWORD CHANGED

The switch stores the new password in its NVRAM. The new password is required the next time the command console is used.

After the password is correctly entered, the basic switch commands are available. Type help at the command line prompt to see a list of the available commands.


129

Accessing the privileged command set

Use the set priv command to access the administrator or privileged command set.

This command mode is password protected. However, as with the basic access password, the switch arrives from the factory with a “null” password defined for this mode. The first time set priv is executed, press the Enter key when prompted for a password.

When privileged command mode is active, a hash mark (#) is added to the command-line prompt.

6000 Switch>set priv

6000 Switch>#>

To set or change a password for privileged mode access

1 Type set passwdpriv, then press Enter at the prompt.

2 Enter the current password or press Enter.

6000 Switch>#>set passwdpriv

ENTER OLD PASSWORD:

ENTER NEW PASSWORD:

3 Type the new password, then press Enter.

4 Retype the new password.

RETYPE NEW PASSWORD:

PASSWORD CHANGED

The new password is stored in NVRAM. The next time privileged command mode is accessed, the password prompt appears.

Type help to display the available privileged commands. To end privileged mode, use the logout command. The screen returns to the basic prompt.

6000 Switch>#>logout

6000 Switch>


130

Setting the IP AddressAfter establishing a serial or management port connection:

1 Provide the switch with a valid IP address, subnet mask, and broadcast address.

If a Telnet connection is needed, use the enable telnetd command. See “Accessing the Command Console through Telnet” in this chapter for more information on the Telnet feature.

Type the privileged ifconfig interface ip_address command, where interface is et0 for the management port and ip_address is the IP address of the switch.

6000 Switch>#>ifconfig et0 192.221.222.4

Remember that the IP address above is only an example.

In-band through the switched ports is identified by interfaces sw1 through sw4093 and are assigned for each VLAN configured to use IP. See Chapter 5 for information on VLAN interfaces.

Note If you do not plan to use the switch for routing, you can set a default gateway with the route add default gateway com-mand, where gateway is the address of the gateway.

2 Set a network mask and IP address

The switch’s interface configuration command sets the default network mask and broadcast address and installs the correct routing information based on the class of the IP address. The network mask may be set in separate ifconfig commands as in these sample command lines:

Or both values can be set in one command line as in the following sample line:

See the command summary in Appendix A for a detailed description of the ifconfig command and all of its IP addressing options.

6000 Switch>#>ifconfig et0 192.168.200.4

6000 Switch>#>ifconfig et0 netmask 255.255.255.0

6000 Switch>#>ifconfig et0 192.168.200.4 netmask

255.255.255.0


131

The IP address assigned to the switch’s interface is stored in NVRAM. When the switch firmware starts, it automatically configures the interface with this stored IP address.

The ifconfig command inserts the appropriate routing information based upon the IP address specified. If a special network address mask is required, a separate ifconfig command should be issued last to set the mask.

Note If the netmask changes, use the ifconfig sl0 netmask com-mand after setting the IP address.

BOOTP/RARP and DHCP ClientBOOTP and RARP are software protocols commonly used to determine a machine’s own IP address when only the hardware address is known. When the switch powers up, it sends out simultaneous RARP and BOOTP requests. These requests are broadcast to all systems on the connected network or VLAN. BOOTP (or RARP) servers look for these requests, look up the requestor’s IP address based on the hardware address in the request packet, and send a response. If an IP address has already been set for the switch, neither BOOTP nor RARP requests are sent.

If the switch receives a response to either its BOOTP or RARP request, it uses the information in the response to configure its IP address. If no response is received, it re-broadcasts the requests 10 times, then terminates. At this point, the switch should be configured from the command-line console.

BOOTP or RARP operation is configured for each individual network interface. When enabled, this sends BOOTP and RARP requests on that interface each time the system starts. The address assigned in the response message is not stored in NVRAM.

If the switch receives both a BOOTP and a RARP response simultaneously, it uses the BOOTP response to configure its address.

The switch recognizes a BOOTP or RARP response from any standard BOOTP or RARP server. To configure the BOOTP or RARP server, the interfaces’ MAC address needs to be known. Type ifconfig -a to display the interface’s MAC address.


132

Configuring Network Interfaces

When the privileged bootp interface command is issued, the current IP address for the interface is removed, and BOOTP/RARP requests are sent. If a BOOTP/RARP reply is received, then the interface is configured. If after 10 times no responses to the BOOTP/RARP requests are received, then the interface is marked as down.

6000 Switch>#>bootp sw1

Starting BOOTP and RARP on sw1

If the bootp interface repeat command is used, the BOOTP/RARP requests are sent 10 times at the normal rate before backing off to a slower re-transmit interval. Repeated BOOTP never gives up.

On future reboots, the BOOTP/RARP requests are re-issued even if the previous BOOTP/RARP requests were replied to, i.e., once a bootp command has been issued to an interface, it continues to BOOTP on future reboots.

Issuing bootp interface identifies the interface as using BOOTP/RARP for all future power ups. When a BOOTP/RARP response is received, the next time the system reboots, the interface once again issues a BOOTP/RARP request.

Note Only the interfaces that have been enabled for BOOTP respond to BOOTP requests. The sw1 and et0 interfaces have BOOTP enabled by default. The IP address of the interface is not stored in NVRAM unless the response comes from Intel® Device View. Then the IP address is stored in NVRAM.

DHCP Client

DHCP is based on BOOTP and maintains some backward compatibility. BOOTP was designed for manual pre-configuration of the host information in a server database, while DHCP allows for dynamic allocation of network addresses and configurations to newly attached hosts.

Additionally, DHCP allows for recovery and reallocation of network addresses through a leasing mechanism.

In addition to the IP address, the 6000 switch’s DHCP client also requests the subnet mask and the default gateway for the client’s subnet.


133

To configure DHCP, type bootp interface dhcp.

To display how an interface is configured, type ifconfig -a.

The ifconfig command can be used to configure an interface even though one of the dynamic configuration protocols is being run on the interface. This is useful if a BOOTP or DHCP server cannot be found and you know of a static IP address that can be used temporarily.

To display the current state of the BOOTP/DHCP client process, type bootp show.

BOOTP Relay AgentIn many cases, BOOTP clients and their associated BOOTP server(s) do not reside on the same IP network or subnet. The switch acts as a BOOTP Relay Agent and transfers BOOTP and DHCP messages between clients and servers.

The 6000 switch complies with RFC 1542 and provides BOOTP Relay Agent support. The BOOTP Relay Agent configuration is stored in NVRAM. All relay agent commands are available only in privileged mode.

To configure the BOOTP Relay agent

1 Type relay enable.

2 To define a relay destination server IP address, type relay server add ip_address. Up to eight servers can be defined.

6000 Switch>#>relay server add 172.21.2.143

3 To specify the maximum number of hops or routers between the switch and the destination server, type relay maxHops count.

6000 Switch>#>relay maxHops 6

This sets a discard threshold. If a packet has traversed more hops than the value of the hops parameter, the router drops the packets. The range is between one and sixteen. The default is four.

To delete a destination server, type relay server del ip_address.

To delete all of the destination servers, type relay server del all.

Use show sys to display whether the agent is enabled or disabled.


134

To display the BOOTP Relay Agent configuration, type relay show.

6000 Switch>#>relay show

BOOTP/DHCP Relay : Enabled

Discard Threshold: 10 Hops

Server List : 172.21.3.143

: 0.0.0.0

: 0.0.0.0

: 0.0.0.0

: 0.0.0.0

: 0.0.0.0

: 0.0.0.0

: 0.0.0.0

Command Console InterfaceThe switch executes a multi-tasking operating system on its control processor that manages all system activities. This system allows the administrator to query and configure the switch from either an attached terminal, a remote modem, or through any of its attached network interfaces.

This section provides information on how to access the console commands and to set or enable the advanced configuration features in the switch.

Access to the console interface is also necessary to:

• Test the configuration and perform diagnostics.

• Upgrade system and Web Device Manager software.

Note The switch uses non-volatile memory (NVRAM) space to store configuration information. Each time the system starts, the switch reads the contents of its NVRAM and uses these values to set the system configuration. Most of the configu-ration options described in this section store their parame-ters in the NVRAM.


135

Console CommandsThe console command set consists of two types of commands: general usage commands and restricted-access or privileged commands.

General usage commands allow anyone with access to the console to display information about the switch. Access to privileged commands is restricted because these functions can alter the basic operation and configuration of the switch. Privileged command functions include operations such as loading a new firmware image, running diagnostics, or resetting factory default values. Normally, only network administrators need to use these commands.

Execute the following system commands from the management station to verify the configuration. See Appendix A for more information about these console commands.

Command Checks the following:

ifconfig -a Information about the network interfaces, including interface state, IP, network, and broadcast addresses, and counter values.

netstat Network statistics, i.e., active TCP connections.

ping Connectivity through the switch. ping sends test IP frames to a specified node.

set community Privileged commands that sets the type of messages identified with the SNMP agent.

set snmpmgr Privileged command that sets the SNMP agent to communicate with any SNMP management station.

show counters Counter values for specified ports

show fdb Current contents of the forwarding database.

show sys System configuration parameters.

enable syslog An optional privileged command that records configuration changes, logins, and error messages to a log stored on a remote host.


136

The syntax for the console commands can be abbreviated. The firmware recognizes a command when enough characters are typed to uniquely identify the command. The abbreviations only apply to the commands and not any of the options or parameters. Options still need to be spelled out completely. The upgrade commands are not abbreviated.

In the example below, the loaddefaults command can be typed as loaddef to reset the switch to its factory defaults.

6000 Switch>#>loaddef

Any of the show commands may be typed with di instead of the word show. The word show can be abbreviated by typing sh before any of the options.

6000 Switch>#>sh sys

6000 Switch>#>di sys

Accessing the Command Console through TelnetThe command console can be accessed over the network through a Telnet connection.

1 Telnet is enabled by default. If the command was manually dis-abled, used the privileged enable telnetd to activate the com-mand.

2 Connect to the switch using any Telnet application software installed on a network workstation or PC.

3 Include the IP address of the 6000 switch.

c:\windows\telnet.exe 192.22.2.12

The switch’s firmware supports multiple simultaneous Telnet connections. The number of sessions is limited by the system resources. When no more sessions are available, the client application receives the message:

connection refused.


137

Disabling Telnet

Disabling Telnet prevents the establishment of any Telnet connections. If Telnet is disabled, the only access to the command console is through the serial port. Use the disable telnetd command to disable Telnet.

Setting Time-out Interval

The default time-out on a Telnet session is 15 minutes. To limit or extend the time, a privileged user may change the default time-out interval.

To set the default time-out interval, type set timeout default value. The range is from two to thirty minutes.

6000 Switch>#>set timeout default 30

Since multiple sessions are supported, individual sessions may be set at different timeout intervals.

To change the interval, type set timeout current value. The range is from two to 30 minutes.

6000 Switch>#>set timeout current 15

To view the time-out intervals, type show timeout current.

6000 Switch>#>show timeout current

Login current timeout interval is 15 minutes.

Serial Line IP Connections (SLIP)Using the serial port with SLIP provides an additional network interface that a network manager may use to communicate with the switch. In some cases, this additional network connection may be a vital component of the overall network design. The serial connection may be used as an out-of-band connection (in case the connection to the switch over the network is lost) or as a means to contact remote sites through a modem.


138

With a working serial link, configuring a SLIP connection takes two steps:

1 Giving the serial interface an IP address.

2 Activating the SLIP software to convert the serial port from a console connection to a SLIP connection.

Starting SLIP

To start a SLIP connection

1 Type ifconfig sl0 ip_address, then press Enter.

The ifconfig command assigns the serial interface’s IP address. The command format uses sl0 for the name of the serial interface.

Because SLIP is a point-to-point connections, a destination address must be specified.

The following is a sample command line

2 Type the privileged command enable slip, then press Enter after the serial interface is configured.

This command converts the serial or management port from a command console interface into a SLIP interface. The serial port waits for a SLIP connection to be attached after the command is issued. The system completes all SLIP processing automatically.

Note The SLIP connection does not perform IP forwarding. It only connects the switch to the peer. During this connection, the peer cannot communicate with any other devices that are on the switched port.

3 Type the disable slip command to return the serial port to a command console connection.

Point-to-Point Protocol (PPP)The Point-to-Point Protocol (PPP) is supported as an additional network interface for the network manager to use to communicate with the switch.

6000 Switch>#>ifconfig sl0 192.3.2.1 192.3.2.22


139

With a working serial link, configuring a PPP connection takes two steps

1 Giving the serial interface an IP address.

2 Activating the PPP software to convert the serial port from a console connection to a PPP connection.

Starting PPP

1 Type the privileged ifconfig ppp0 ip_address, then press Enter to set the IP address of the PPP link. The interface is designated as ppp0.

Because PPP is a point-to-point connections, a destination address must be specified.

6000 Switch>ifconfig ppp0 192.3.2.1 192.3.2.22

2 Type the privileged enable ppp command, then press Enter after the serial interface is configured.

6000 Switch>enable ppp

Did you ifconfig ppp0 yet? y

This command converts the serial port from a command console interface into a PPP interface.

3 A message appears that ask you to confirm that you have used ifconfig to set the IP address of the ppp0 interface. Press y then press Enter to confirm you have completed Step 1.

Note The PPP interface does not perform IP forwarding. It only connects the switch to the peer. During this connection, the peer cannot communicate with any other devices that are on the switched ports.

The Password Authentication Protocol (PAP) is used before the PPP link is opened. At the command line, the switch requests that the connection is authenticated with a username of manager and a password which is the same as the non-privileged password.

4 Type disable ppp to return the serial port to a command console connection.


140

Logging PPP Connections

The set ppp log and set ppp nolog commands control the logging of PPP events. Enable the syslog function must first before the PPP log records Link Control Protocol (LCP), authentication, and Internet Protocol Control Protocol (IPCP) packets that are sent or received.

If PPP logging is not enabled, then only connection information is sent to the syslog.

Displaying the PPP Status

Use the show ppp command to query the status of a PPP connection. The output of this command depends on the current state of the PPP connection, as shown in the table below.

If a PPP connection is not currently open, the show ppp command displays the status of the last connection attempt. If the previous PPP connection failed, then the reason why it failed is displayed.

Domain Name ServiceThe switch supports contacting a server running the Domain Name Service (DNS) to substitute host names instead of network IP addresses as arguments for most commands.

Current PPP State Output to Console

PPP status for the last connection.

PPP is waiting for LCP to open.

Connection is being authenticated.

The message “PPP is authenticating the host.”

PPP link has been established. PPP status for the current connection.

PPP link is terminating. The message “PPP is terminating.”


141

The following commands accept host names (in addition to IP addresses) as arguments: arp, loadnv, netstat, ping, route, savenv, sn

Before running the enable dns command you need:

1 To set the IP address of the primary DNS server. Type the privi-leged set dns primary ip_address command.

6000 Switch>#>set dns primary 192.2.2.150

2 Type the privileged set backup dns ip_address command to set the backup DNS server.

3 Type set dns domain domain_name to set the DNS default domain.

6000 Switch>#>set dns domain xyz.com

Note The switch supports a default domain name of up to 64 characters.

4 Type enable dns to activate the use of the DNS.

6000 Switch>#>enable dns

Note The enable dns command fails if the primary DNS server has not been set.

5 Type the set dns primary command without the IP address of the server to clear the DNS primary server.

Note Clearing the DNS primary server automatically disables DNS.

6 Type show dns to display the current DNS settings.

Refer to Appendix A for additional DNS commands.


142

DiagnosticsDuring power up, the switch runs the ROM Resident Startup Diagnostics Report.

Note The switch displays an error message if it detects any errors, or failed components during the power up routine.

Boot Image Mode

The switch uses the boot image when the system image check has failed or become corrupted. The following message is displayed during Power Up Diagnostics:

Jump to Boot-Image ’C’ BOOT-CODE in DRAM

During normal boot up the command line reads:

Jump to Release-Image ’C’ BOOT-CODE in DRAM

ROM> ===== 6000 Switch ROM Resident DIAGNOSTICS/STARTUP =====ROM> Waiting for Carrier Ready: OKROM> Processor checksROM> LED/ID/JUMPER checksROM> + CP ID: AROM> + JUMPERS: 000000DROM> LED Display checksROM> RS232 UART checks !"#$%&’()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTU-VWXYZ[\]^_‘abcdefghijklmnopqrstuvwxyz{|}~ROM> Capella Register checksROM> Size Memory = 01000000ROM> Bypassing DRAM checksROM> Copy ’Boot-Image’ from ROM --> DRAM: OKROM> Verify ’Boot-Image’: OKROM> Watchdog/Timer checksROM> PCI 82558 & IPC/PBM checksROM> + i82558 CSR Map range: 0F800000 -> 0F801000ROM> + Detected 82558 MAC Address: 00:40:2f:00:90:00ROM> + IPC/PBM Map range: 00000000 -> 00100000ROM> Bypassing Packet Buffer checksROM> DMA transfer checksROM> Copy Load-Image from ROM --> DRAM Hi-memory: OKROM> Verify Load-Image: OKROM> Waiting for Carrier Lock: OKROM> Validate RELEASE image: OKROM> Copy ’Release-Image’ from NAND --> DRAM: OKROM> Verify ’Release-Image’: OKROM> Released Carrier LockROM> Jump to Release-Image ’C’ BOOT-CODE in DRAMInitializing Powerup Diagnostics...Powerup BIST Diagnostics are run-ning:..........................Powerup BIST Diagnostics Passed 6000 Switch Console BOOTED: Mon 6/7/99 13:00 PASSWORD:


143

If the switch is in boot image mode:

• The CP status light remains solid green.

• The prompt changes to:

Bootcons>

Note Reload the firmware available on the Intel Web site. If the switch continues to reboot, use Control X (^X) to end the reboot cycle.

Upgrading the FirmwareThe upgrade capability is possible through the use of flash programmable memory. The system image contains the full set of switch functionality. When the switch starts up, it verifies the contents of the system image. Upon verification, the switch loads the system firmware, and begins executing this image. The system image may be upgraded to add new features.

Warning Always upgrade the firmware through the RJ-45 man-agement port, et0. Do not use a media board port forupgrades.

To upgrade the CP system image

1 At the prompt, type set priv, then press Enter to enter privi-leged mode.

2 Type upgrade file_name ip_address_of_TFTP_ server

This command requests the image file from the TFTP server at the IP address specified by ip_address_of_TFTP_server. A host name may be substituted for an IP address, if DNS is enabled.

6000 Switch>#>upgrade /usr/6000switch/cprel

192.2.2.10

The upgrade file name is always cprel.

For Unix-based TFTP servers, the file names are case-sensitive. Windows* 95 and Windows NT* servers are not case sensitive.


144

Upon execution of the upgrade command, the system contacts the TFTP server and downloads the image files. After retrieving the files, the system erases flash memory and then reprograms it with the new image. This entire process should take less than one minute.

Note By default, the upgrade command requests multiple files named with the cprel prefix from the TFTP server’s root directory. TFTP is a file transfer protocol often used to pro-vide files to stand-alone devices. The TFTP server can be run on any number of nodes on a network. The upgrade command uses TFTP to download the specified files. To configure the TFTP server’s operation, refer to your TFTP server software documentation. See Appendix A for more information about the upgrade commands.

When upgrading the system image, always include an upgrade to the switch’s lookup engine.

3 To upgrade the lookup engine, type upgradelue file_name ip_address_of_TFTP_ server, then press Enter.

The upgradelue file name is always lue.

The following is a sample command line

6000 Switch>#> upgradelue lue 192.2.2.10

Warning Do not interrupt the upgrade command while it is exe-cuting.

4 Type diag reset to reset the switch after the new image is pro-grammed into the flash memory.

The following upgrade commands should only be used when directed by authorized support personnel.

Use the upgradeboot command to upgrade a new boot image.

Warning If the boot image upgrade is not successful, do not resetthe switch. Run the upgradeboot command again.

Use the upgradee24 command to upgrade the 10/100Base-TX module.

Use the upgradegs command to upgrade the Gigabit Ethernet module.

�

Managing the Switch

Topic See Page

Layer 2 Switching 146

Link Aggregation 146

Virtual LANs (VLANs) 156

Spanning Tree Protocol 166

IGMP Snooping 172

Port Mirroring 176

Layer 2 Frame Prioritization 177

SNMP Agent 178

RMON 182

NVRAM Backup 182

SYSLOG 184

Broadcast and Multicast Storm Control 185

Layer 3 Switching & Routing 187

IP Access Control 187

Routing Management 192

GateD 194

C H A P T E R 5 Managing the Switch

146

Layer 2 SwitchingLayer 2 switching forwards frames based upon the destination MAC address of the packet. The 6000 switch supports wire-speed Layer 2 switching for all network protocols. The Layer 2 switching operates in the context of a single switched network segment.

The 6000 switch performs the following Layer 2 functions

• Learning

The ability to learn the location of MAC addresses based on the source address (SA) in data packets received on the switch’s port.

• Switching

The ability to switch a data packet to the correct output port based on the destination address (DA) in the packet.

• Aging

Removes addresses from the FDB after a specified period of time.

The switch is a “store-and-forward” switch which means that the entire frame is stored in the switch’s memory before the frame is forwarded to the output port of the switch. This characteristic increases the latency of the switch but facilitates error checking and protocol translation.

Link AggregationThe 6000 switch supports the IEEE 802.3ad draft Link Aggregation specification. Link Aggregation allows two or more physical ports on the switch to be grouped together to provide a single, aggregated port that has the combined bandwidth of the individual ports. Link Aggregation is useful when making connections between switches, stacks or to connect servers to the switch.

The following restrictions apply when setting up aggregate ports:

• Aggregator ports must be of the same media type, speed and belong to the same VLAN with the same tag status (tagged or untagged). Refer to the VLAN section later in this chapter for more information about VLAN frame tagging.

• The ports must be configured for full-duplex mode


147

• A maximum of 16 ports can be included in a single aggregation.

• Aggregation is not possible with the serial port or management port.

Note Enable the Spanning Tree Protocol prior to configuring link aggregation to prevent loops in the network. See the Span-ning Tree protocol section later in this chapter.

Port numbering

Link aggregation combines two or more media ports into an aggregation link. When the ports are grouped together, the aggregation link is identified by an aggregator port number. Each media port on the switch is assigned an aggregated port number, which by default is the same number as the media port number.

It is recommended that you use the aggregator port number of the lowest media port as the aggregation link group number.

Normal, nonaggregatedlinks

Aggregated linkto server or switch


148

Configuring Link Aggregation

To quickly configure link aggregation:

• Select the media ports on the 6000 switch that are to be aggregated together into an aggregated link.

• Assigned an aggregated port number.

In the example below, the media ports are 13, 14, 15 and 16. Port 13 is the lowest numbered port.

Each media port that is to be aggregated must be added individually.

Slo1 Slot 2 Slot 4

MediaPortNumber

AggregatorPortNumber

MediaPortNumber


Media Port Number


1 1 9 9 17-40 17-40

2 1 10 10

3 1 11 11

4 4 12 12

5 5 13 13

6 6 14 14

7 7 15 15

8 8 16 16

Port 14Port 13

Port 15Port 16

Aggregation Link 13


149

To configure media ports 13, 14, 15 and 16 to aggregator port 13, type, set link media_ port port aggregator_port t

6000 Switch>#>set link 13 port 13




When the link aggregation link was formed, aggregator port 13 includes media ports 13, 14, 15, and 16 attached to it. Aggregator ports 14, 15 and 16 still exist, but are in the “down” state.

Note In the above example, port 13 is already set to aggregator port 13 by default. It is not required to set a media port to an aggregator port number that is already the default.

The show port group port_number command displays the aggregator link and the ports included in that link.

6000 Switch>#>show port group 13

port 13, key 000D

Other ports with same key { NONE }

Configured media ports { 13 14 15 16 }

Active media ports: { 13 14 15 16 }

Note The “active media ports” displayed are only ports with physical cables attached. Unconnected ports are not dis-played.

A single MAC address is assigned to the aggregated link for management functions Type show port aggregator_port to display the MAC address.

Deleting ports from an aggregation link

To delete a port from an aggregator link,

For example to remove port 16 from aggregator link 13, type set link port port_number agg_default.

6000 Switch>#>set link 16 agg_default

The port is no longer a member of the aggregator link and the aggregator port reverts back to its default aggregator port number, which is 16.


150

To reset all of the links, type set link port all agg_default. The ports return to their default aggregator number.

Aggregation between switches

The easiest way to configure link aggregation between switches requires that the aggregator ports, on either switch, be set to “active” mode. The ports on the 6000 switch are set to passive mode by default. Passive mode means that the port does not initiate a control frame. It responds to control frames, but it does not send out any. Active mode, automatically sends control frames.

To set a port to active mode, type set link media_ port port aggregator_port active.

6000 Switch>#>set link 3 port 3 active



If the aggregation link is already configured, to change the aggregator ports from the default passive mode to active mode, type set port aggregator_port active.

6000 Switch>#>set port 3 active

Note The aggregator ports on the other switch do not have to be set to “active.” As long as one end of a link is set to “active,” the other side responds.


151

Example A creates an aggregation link 3 on Switch A linking media ports 3, 4, and 5. The ports on Switch A should be set to active mode.

Example A

Switch A Switch B

Media Port Aggregator Media Port Aggregator

3 3 3 3

4 3 4 3

5 3 5 3

Switch A

Switch B

3,3 4,3 5,3

5,34,3

3,3


152

In Example B, the media port and aggregator port numbers are not the same on both ends of a link.

Example B

Switch A Switch B


1 1 4 4

2 1 5 4

3 1 6 4

Switch A

Switch B

1,1 2,1 3,1

6,4

5,44,4


153

In Example C, all ports on Switch A are in aggregator group 1, while each port on Switch B are in their own unique group. Therefore, no aggregation occurs between the aggregation links.

Example C

Switch A Switch B


1 1 1 1

2 1 2 2

3 1 3 3

Switch A

1, 1

2,1

3,1

Switch B

3,3

1,12,2

NO A

GGREGATIO

N


154

In Example D, all ports on Switch A are in aggregation link 1. A link can be made between Switch A, aggregation link 1 and Switch B, aggregation link 4. However, Port 6 cannot be linked since the aggregation link number does not match.

Example D

Switch A Switch B


1 1 4 4

2 1 5 4

3 1 6 6

Switch A

Switch B

1,1 2,1 3,1

6,6

5,44,4


155

For more information on Link Aggregation, refer to Appendix A.

Aggregated Port NumbersWith the implementation of link aggregation, many features of the 6000 switch now use the aggregator port number instead of the media port number. This includes:

• VLANs

• Spanning Tree

• Port Mirroring

• IGMP Snooping

• Broadcast and Multicast Storm Control

• Forwarding Database

The media ports on the switch are numbered from their position on the switch. Port 1 is the first port in the first module on the switch. In the example below, a 6000 switch has three 8-port Gigabit Ethernet modules and one 24-port 10/100Base-TX module. The switch would have forty-eight physical ports. If the switch has four 10/100Base-TX modules, the number of physical ports would be 96.

By default, the aggregator port number is the same as the media port number. When viewing configuration information for the features listed above, it is important to remember that you are viewing the aggregator port numbers and not media port numbers even if link aggregation is not configured.

Example of Default Port Settings

Slot Module

Media Ports Numbers

Aggregator PortNumbers

Slot 1 8-port 1000Base-SX 1-8 1-8

Slot 2 8-port 1000Base-SX 9-16 9-16

Slot 3 24-port 10/100Base-TX 17-40 17-40

Slot 4 8-port 1000Base-SX 41-48 41-48


156

Virtual LANs (VLANs)Virtual LANs or VLANs can be roughly equated to a broadcast domain. More specifically, VLANs can be seen as analogous to a group of end stations, perhaps on multiple physical LAN segments, that are not constrained by their physical location and can communicate as if they were on a common LAN.

The switch conforms to the IEEE 802.1Q specification for a VLAN-aware bridge in a virtual bridged local area network. The 6000 switch uses port-based VLANs, whereby VLAN membership of each untagged frame is determined by noting the port on which it arrives. The slot identification is not needed when configuring VLANs.

The switch supports 2,048 VLANs regardless of the number of ports available on the system. However, any of the 4,094 VLAN IDs may be assigned to the 2,048 VLANs.

Note 802.1Q VLANs and IGMP Snooping both share resources which might be limited with Link Aggregation. Link Aggre-gation consumes more resources and depending on your network configuration, might restrict the number of VLANs that can be created. instructions on configuring IGMP Snooping are included in this chapter.

Creating a VLAN To create a VLAN

1 At the prompt, type set priv to enter privileged mode.

2 Associate a port on the switch to one or more VLAN identifiers (VID). VLANs are assigned a number from 1 to 4,094. This number becomes the VID. Type vlan VID create. The ports do not have to exist in order to create a VID.

6000 Switch>#>vlan 2 create


157

3 Designate the port or ports assigned to a VLAN.

Type vlan VID add port(s) port

If the VLAN does not exist, then this command creates the VLAN. Each switch port can be assigned to one or more VLANs. The slot where the port resides is not applicable to the VLAN configuration.

For example, to connect ports 9 through 12 on the Gigabit Ethernet module to VLAN 2

6000 Switch>#>vlan 2 add ports 9 12

Note If Link Aggregation is configured, the ports are aggregator ports designated by the aggregator port number. If Link Aggregation is not configured, then the media port number is used.

4 Type vlan print to verify that the ports have been added to the correct VLAN.

The factory default has all VLANs as members of VLAN 1. The ports need to be removed from VLAN 1 if they are no longer members of VLAN 1.

5 Type vlan VID del port(s) port to remove the ports connected to a VLAN.

6000 Switch>#>vlan 1 del ports 8 10

6 Assign a Port VLAN Identifier (PVID).

VLAN 1SALES

192.22.22.1SW1

VLAN 2ENGINEERING

192.22.22.2SW2

VLAN 3MARKETING192.22.22.3

SW3

VLAN 4ACCOUNTING

192.22.22.4SW4

Port 1(VID 1)

Ports 8 & 16 (VID 4)

Ports 9-12VID 2

Port 7

IntelSwitch>

IntelSwitch>

IntelSwitch>

IntelSwitch>

IntelSwitch>

IntelSwitch>

IntelSwitch>

IntelSwitch>

IntelSwitch>

(VID 3)


158

Type vlan port port PVID pvid to assign the PVID.

6000 Switch>#>vlan port 2 pvid 1001

All untagged and priority-tagged frames received by a port belong to the VLAN whose port VLAN identifier (PVID) is associated with that port.

The PVID must contain a valid VLAN identifier value. It should not contain the reserved null value of zero (0) or the number 4,095. The default PVID is one (1).

Type vlan source_ VID move port(s) port_list vlan destination_VID to move a port from one VLAN to another.

The example below, moves port 8 in VLAN 2 to VLAN 4.

6000 Switch>#>vlan 2 move port 8 vlan 4

Assigning VLAN NamesVLANs can also be identified by which group or departments they belong to by using an identifier or name, such as “engineering” or “sales.”

Note A VLAN must be created using the VID prior to assigning or using a name.

To assign a name to a VLAN, type vlan VID name string.

6000 Switch>vlan 2 name sales

VLAN names must have the following properties:

1 The name must be unique across all VLANs.

2 The name can contain only alphanumeric characters (a..z, A..Z, 0..9).

3 A name cannot exceed 15 characters.

4 The name must contain at least one letter (1234 is not a valid VLAN name.)

If names have been assigned to the VLANs, the vlan print command lists the VID with the name in parentheses, i.e., VLAN 2 (sales).

VLANs are referenced by using the VlD or the VLAN name. For example, if VLAN 2 has been named “sales” then the following commands are identical:


159

6000 Switch> vlan 2 add port 3

6000 Switch> vlan sales add port 3

The VLAN name can be substituted for the VID in all of the VLAN commands, including the vlan name command.This command line changes the name of the sales VLAN to accounts.

6000 Switch> vlan name sales accounts

Confirming VLAN MembershipThe vlan print command identifies which ports are members of which VLANs. The vlan print and vlan print by port commands can be used in both privileged and non-privileged mode.

The information is displayed in VLAN order.

VLAN Configuration StorageAll changes that are made to the VLAN configuration are stored in the non-volatile memory of the switch. When the switch is rebooted, the VLAN configuration is automatically returned to how it was set before the reboot.

The VLAN configuration is not reset when a new module is inserted into the chassis. The VLAN settings conform to the settings of the previous media board. For example, if a Gigabit Ethernet card is replaced with a 24-port 10/100Base-TX module, the VLAN configuration would remain on the first eight ports of the 10/100 card.

With a change in media card type, it is recommended to reset the VLAN configuration. Use the vlan reset slot slot_number command. This resets all ports on the media card to be a member of VLAN 1 with a PVID of 1. The vlan reset command without parameters resets all of the slots.


160

Frame TaggingThe switch supports the IEEE 802.1Q specification for VLAN tagging.

There are three basic types of frames:

• Untagged

• Priority-tagged

• Tagged

An untagged frame or a priority-tagged frame does not carry any identification of the VLAN to which it belongs. Such frames are classified as belonging to a particular VLAN based on parameters associated with the receiving port.

A VLAN tagged frame carries an explicit identification of the VLAN to which it belongs. Such a frame is classified as belonging to a particular VLAN based on the value of the VID that is included in the tag header.

When frames are sent across the network, a tag header is used to indicate to which VLAN a frame belongs. This insures that the switch forwards the frame to only those ports that belong to that VLAN.

The switch supports both tagged and non-tagged frames simultaneously on a per VID and port basis.

Type vlan VID {tag | untag} port(s) port_list to set the frame type that is transmitted to the port or ports of the specified VLAN.

6000 Switch>#>vlan 2 tag ports 2 6

Warning If a port is a member of two or more VLANs, it is rec-ommended that only one VLAN on the port transmituntagged frames. The untagged VLAN should equal thePVID for that port


161

.

For example, in the Overlapping VLAN Configuration drawing above, VLAN 1 and VLAN 2 share Port 12. Station 172.22.1.1 would not receive frames from Station 172.22.1.2 unless the frames are tagged since it shares Port 12 through a hub with Station 172.21.1.2, and the PVID for Port 12 is 2.

Warning Untagged overlapping VLANs can create problemswith routing protocols, such as OSPF.

Overlapping VLAN Configuration

Port 9 Port 16Port 12

172.21.1.2 172.22.1.2

172.22.1.1

VLAN1 VLAN2

IntelSwitch>

IntelSwitch>

IntelSwitch>

IntelSwitch>

172.21.1.1

PVID 1 PVID 2PVID 2

Hub


162

VLAN tagging must be used when connecting two or more switches that share a common VLAN.

Each switch in the figure above shares VLAN 1 and VLAN 2 through Port 1. The frames must be tagged between the two switches to determine the frame destination. The tagging allows the transmittal of frames from the Sales department in the North Wing to the Sales department in the South Wing and the Accounting department in the North Wing to the Accounting department in the South Wing. Once the switch knows the destination of the frame, the tagging is removed and the frame is sent untagged to the VLAN.

VLAN SecurityVLANs are used to limit traffic to a particular area of the network. The IEEE 802.1Q specification introduces the concept of tagged frames, where VLAN information is included in the frame. Using tagged frames allows VLAN information to be communicated across multiple switches. Such a VLAN tag includes information for both the VID and the priority of the frame. However, storing VLAN and priority information in the frame can cause security problems.

SalesVLAN 1

AccountingVLAN 2

SalesVLAN 1

AccountingVLAN 2

Tagged Link

Port 1taggingforVLAN 1& VLAN 2

Port 2PVID 1

Port 1taggingforVLAN 1& VLAN 2

Port 3PVID 2

Port 3PVID 2

Port 2PVID 1

VLAN 1 = {Port 1, Port 2}VLAN 2 = {Port 1, Port 3}

VLAN 1 = {Port 1, Port 2}VLAN 2 = {Port 1, Port 3}

Untagged

Untagged

NORTH WING SOUTH WING


163

• Clients can set the VID of a tagged frame to any value.

• Clients can set the priority of a tagged frame to any value.

Trusted and untrusted 802.1Q tag mode, 802.1Q ingress checking, and the control of acceptable frame types addresses these security issues.

Trusted and untrusted IEEE 802.1Q tags

Trusted and untrusted 802.1Q tag modes can be used for enhanced security in a VLAN aware network.

Each port in the system has a trusted or untrusted mode for the VID of a tagged frame. In trusted mode, the VID of a tagged frame is always used. In untrusted mode, the PVID of the port is used even if the frame is tagged. The default is trusted.

To set the security mode

1 Type vlan ports port_list untrusted for untrusted VID mode.

6000 Switch>#>vlan ports 3 4 untrusted

2 Type vlan ports port_list trusted for trusted VID mode.

6000 Switch>#>vlan ports 8 10 trusted

Similarly, each port in the system has a trusted or untrusted priority mode. In trusted priority mode, the priority of a tagged frame is always used. In untrusted priority mode, the default port priority is used even if the frame is tagged. See “Layer 2 Frame Prioritization” later in this chapter for information on setting the priority.

The trusted or untrusted modes for VID and priority can be used in environments where security is an issue. The untrusted VID mode is similar to the acceptable frame-type mode for each port.


164

802.1Q ingress checking and acceptable frame types

An “Enable Ingress Filtering” parameter is associated with each port. If the “Enable Ingress Filtering” parameter is set for a port, the ingress rule discards any frame received on a port from a VLAN that does not include that port within its member set. The default is to have ingress checking disabled.

Type vlan ports port_list enable ingcheck to enable ingress checking.

Type vlan ports port_list disable ingcheck to disable ingress checking.

An example of the use of ingress checking could apply to a student/faculty environment VLAN setup. In this environment there are two VLANs, one for students and one for faculty. Clients on either VLAN should not be able to access machines on the other VLAN. This is easy to set up using PVIDs and connecting the students machines to one set of ports, and the faculties to another set of ports. The problem is that it is possible for a student to send a VLAN tagged frame with the tag set to the VID of the faculties VLAN. Without ingress checking this frame would be transmitted to the faculty VLAN. With ingress checking enabled, the frame is dropped since the ingress port is not a member of the faculty VLAN.

Acceptable Frame Types

Associated with each port of a VLAN bridge is an “acceptable frame types” parameter that controls the reception of VLAN-tagged and non VLAN-tagged frames on that port. The valid parameters are “accept any frames” and “accept only VLAN-tagged frames.”

• accept any frames

This is the default setting when there are no rules that apply regarding the format of an ingress frame. Any frame type is accepted.

Type vlan ports port_list admit any to set the configuration to accept any frames.


165

• accept only VLAN-tagged frames

When “accept only VLAN-tagged frames” is set, the ingress rule discards any untagged frames or priority-tagged frames received on that port. Tagged frames that are not discarded are classified and processed according to the ingress rules that apply to that port.

Note A priority tagged frame is not a VLAN tagged frame. A pri-ority tagged frame has an 802.1Q tag but the VID is zero.

Type vlan ports port_list admit tagonly to set the configuration to accept only tagged frames,


Configuring a VLAN with an IP AddressVLANs can be assigned an IP address to allow management of the switch from that VLAN or to route frames between VLANs. This creates a network interface for the switch labeled swVID. The number of VLANs that can be assigned a network interface IP address is limited to 128.

The VLAN network interface number matches the VID. For example, VLAN 1 creates interface sw1, VLAN 80 creates sw80, etc.

Type vlan VID ifconfig ip_address to configure a VLAN with an IP address.

6000 Switch>#>vlan 2 ifconfig 192.2.22.166

Use the ifconfig -a command to view the network interfaces.

Type ifconfig interface delete to remove an interface.

VLAN Routing ConfigurationVLAN routing configuration allows routing to be enabled or disabled for specific VLANs. This feature enhances the security of a network.

Type vlan VID enable iproute to enable VLAN routing.

The switch’s VLANs are used to provide IP routing interfaces, e.g., VLAN 3 can be configured with an IP address, which causes the IP interface sw3 to be created.


166

VLAN routing configuration allows control of what VLAN IP frames can be routed. For example, it is possible to specify that VLAN 3 cannot be used as the source when forwarding IP frames.

Note If IP routing is disabled for a VLAN, it only applies to ingress or received IP frames. It is still possible for other VLANs to route to the VLAN.

VLAN routing configuration can be used in environments where VLANs exist, and those VLANs are given IP addresses for management, but no routing is required. In this environment, IP routing can be disabled for each VLAN.

Type vlan VID disable iproute to disable VLAN routing.

Caution For more complex environments, access control lists should be used to control IP routing. See IP Access Control in this chapter.

Spanning Tree ProtocolThe 6000 Switch adds an extra layer of functionality with the introduction of multilayer Spanning Trees. The two types of Spanning Tree models are:

• IEEE 802.1d Spanning Tree

The switch becomes a bridge for which Spanning Tree parameters can be set. Every port, regardless of VLAN membership, is part of the same Spanning Tree.

• Spanning Tree per VLAN

The switch supports IEEE 802.1s, a supplement to 802.1Q, that provides for multiple instances of Spanning Tree to run on a switch that has multiple VLANS. Each VLAN acts as a separate bridge or Virtual Bridge which allows you to set the entire range of Spanning Tree commands for that bridge and the bridge ports.This allows traffic to pass that would otherwise be blocked.

To activate the Spanning Tree protocol

1 Type enable spantree in privileged mode.

2 Select which type of Spanning Tree to implement.

Type set spantree type stp to configure 802.1d Spanning Tree.


167

Type set spantree type pvstp to configure a separate Spanning Tree for each VLAN.

Note Spanning Tree can only be defined per bridge for all ports on that bridge. Single Spanning Tree (STP) and Port VLAN Spanning Tree (PVSTP) cannot run at the same time on a single bridge.

802.1d Spanning Tree

The IEEE 802.1d specification for Spanning Tree protocol allows switches and bridges to eliminate duplicate paths and loops in a network. The protocol allows the switch to communicate with these other devices and to map the network.

Note When the Spanning Tree protocol has been enabled, direct communication with the switch (e.g., Telnet or SNMP) is not available for 15 to 30 seconds as the protocol initializes itself for operation on the network. This delay also applies upon power up after the protocol has been enabled.

The Spanning Tree protocol controls different states for each port:

• listening

• forwarding

• blocking

By default, Spanning Tree protocol is disabled in the switch.


168

The Spanning Tree protocol:

• Assigns a unique address to each switch (usually the MAC address of the Control Processor).

• Assigns a priority value to each switch.

• Selects a root switch. This is the starting point for the Spanning Tree.

• Assigns a unique address to each port on each switch.

• Calculates a path cost for each port on each switch.

• Assigns the root port of the switch based on path cost.

To configure the Spanning Tree protocol

1 The Root Switch

The bridge with the lowest identifier (usually the MAC address) is the root switch. The MAC address is assigned when the IP address is assigned for the switch.

2 Assign the Switch’s Priority.

Type the privileged set spantree priority value command. The range is from 0 to 65,335. The default is 32,768.

6000 Switch>set spantree priority 1

3 Assign the Root Port.

Type the set spantree portpri port_number value command to assign a priority value to a port. The range is from 1 to 255. The default is 128.

After the root switch is selected, the other switches determine which port is the most cost-effective path to the root switch. This port becomes the root port.

The command line below sets the priority of port 3 to 1.

6000 Switch>set spantree portpri 3 1

4 Set the Port Cost.

Finally, the Spanning Tree protocol detects the switch and switch ports that have access to the root. The bridge then enables those ports to be used for forwarding packets and disables others ports to prevent loops. These disabled ports are kept in backup mode in case a primary port or link fails.


169

With Link Aggregation, multiple physical links are formed into a single, higher speed, logical link. Spanning Tree uses the link speed as an indication of the path cost in an attempt to block lower speed ports in preference to higher speed ports. Spanning Tree needs to be able to change the path cost for that port.

Type set spantree portcost port_number auto to automatically set the path cost to the link speed of the port.

6000 Switch>set spantree portcost 9 auto

Port cost can be set manually on the switch. Ports set manually are fixed and the path cost does not change even if the link speed changes. If the media type changes, the port reverts to auto mode.

Note The Spanning Tree protocol must be enabled before setting the port cost. The protocol settings are held in NVRAM.

To set the port cost for port 9, type set spantree portcost port_number value.

6000 Switch>set spantree portcost 9 10

5 Type show spantree to display the current Spanning Tree Con-figuration,

6 Type set spantree defaults to return the parameters to the default values.

Spanning Tree per VLAN

Spanning Tree per VLAN or PVSTP allows each VLAN to run a separate Spanning Tree with its own Bridge Protocol Data Units (BPDU’s). This allows different ports to be blocked or unblocked based on VLAN membership. Of the 2,048 VLANs, up to 100 PVSTPs can be stored in NVRAM.

The 802.1Q standard defines two types of VLAN learning.

• A Shared VLAN Learning Bridge (SVL), uses a single forwarding database that is shared by all VLANs.

• An Independent VLAN Learning Bridge (IVL) uses a separate forwarding database for each VLAN.

A switch that supports PVSTP must be configured as an IVL switch. If the switch is configured as an SVL switch, 802.1d Spanning Tree is enabled.


170

Type fdb mode ivl to set the switch as an IVL switch.

When in IVL mode, the VLAN ID (VID), MAC address, and port number are stored in the forwarding database.

To configure per VLAN Spanning Tree

1 Type the privileged set spantree priority priority_value VID to assign the VLAN priority. The range is from 0 to 65,335. The default is 16,384.

6000 Switch>set spantree priority 1 3

2 Type set spantree portpri port_number portpriority_value VID to assign a priority value to a port within a VLAN,. The range is from 1 to 255. The default is 128.

6000 Switch>set spantree portpri 3 3

3 Port cost can be automatically set to the link speed of the port. Type set spantree portcost port_number auto VID

6000 Switch>set spantree portcost 3 auto 3

Type set spantree portcost port_number portcost_value VID to manually assign a portcost to an individual port within a VLAN.

6000 Switch>set spantree portcost 3 1 3

Note Manually set ports are fixed and the path cost does not change even if the link speed changes. If the media type changes, the port reverts to auto mode.

4 Type show spantree all to display the current per VLAN Span-ning Tree Configuration.

5 Type set spantree defaults to reset all ports and bridge values to their default value.

Rapid Reconfiguration

Rapid reconfiguration

• Places a root port on a failed path into a blocking state.

• Selects a non-designated port as the new root.

• Immediately activates that port, passing the listening and learning states.

Rapid reconfiguration can never be initiated on a bridge that has been selected as the root bridge because a root bridge has no root ports.


171

Type set spantree rapid on VID to set rapid reconfiguration for a PVSTP domain.

Type set spantree rapid on to set rapid reconfiguration for a STP domain.

Note If rapid reconfiguration is set for a STP domain, it cannot be turned on for a PVSTP domain.

When rapid reconfiguration feature is triggered, the switch either removes all entries from the forwarding database that point to the failed link or it redirects them to the new root port.

Rapid Port Activation

Rapid port activation is useful when connecting the switch to a device that boots and connects to the switch faster than the 30-second forwarding delay that is the default for Spanning Tree. There is no need to transition through the listening and learning states for ports that connect to end stations.

Type set spantree portquick port_number on to set rapid port activation.

Note Rapid port activation should only be used when connecting a single end station to a switch port. If a port is connected with rapid port activation to a port on another switch or router, network loops may occur.

Type set spantree portquick port_number off to disable rapid port activation,

Type show spantree all in either privileged or non-privileged mode to display the Spanning Tree configuration,.


172

IGMP SnoopingIGMP Snooping is a Layer 2 function of the switch. It reduces the flooding of IP multicast traffic, optimizes the usage of the network bandwidth, and prevents multicast traffic from being flooded to parts of the network that do not need it.

The 6000 switch supports IGMP snooping as it is defined by IGMPv1, specified in RFC-1112, and IGMPv2, specified in RFC-2236.

IGMP snooping is disabled by default on the switch. When disabled, all IGMP and IP multicast traffic floods within a given VLAN.

Basic configurationNote IVL mode must be configured prior to configuring IGMP

Snooping. In SVL mode, information pertaining to the VLAN ID is no longer available in the forwarding database. See Spanning Tree Per VLAN earlier in this chapter for instructions on setting IVL mode. IGMP Snooping must be disabled if SVL mode is invoked.

Type enable igmpsnoop to enable IGMP Snooping.

Configuring multicast router ports

In configuring IGMP Snooping

• Identify which switch ports lead to routers and which switch ports lead to interested end stations

• Create a separate broadcast domain for each multicast group and include only ports with interested end stations

IGMP Snooping operates by recognizing multicast router ports and interested member ports and creating a separate broadcast domain for each multicast group.

Identifying the router ports is one of the prime features of IGMP Snooping. Once IGMP Snooping is enabled, auto discovery of ports is accomplished through the switch’s routing mechanism by sending ICMP router discovery messages or by snooping in the IGMP query messages sent by the multicast routers. However, in some cases, the


173

multicast router ports may not be identified by using auto discovery. Under such conditions, the network administrator needs to manually configure these router ports as control ports.

Type igmpsnoop port(s) port_list control mode { normal | fixed | forbid }VID to configure a control port.

A control port can be set to one of three modes:

• normal

The default mode of a port is “normal.” When the control port is set to “normal” mode, the switch automatically determines if a port has a control element (i.e., switch with IGMP Snooping or router).

• fixed

When auto discovery does not identify a router port, then it needs to be configured in the “fixed” mode. IGMP Snooping forwards host membership reports only on the router ports

• forbid

The “forbid” mode excludes the port as a multicast router port.

For example, to configure router port 20 in fixed mode:

6000 Switch>#>igmpsnoop port 20 control mode fixed

VID 3

Configuring a data port

There are two types of data ports:

• All group - A port belongs to all IP multicast groups.

• IP group - A port belongs to a specific IP multicast group.

Data ports can be only be set to one of the following modes within a given VLAN:

• fixed

permanently belonging to all or IP group.

• forbid

disallow port to become a member of all or IP group.


174

• normal

IMGP Snooping determines what group the port belongs to from the received IGMP reports.

When an end station receives an IGMP Query message from the router, it responds with a Host Membership Report for each group member. The switch marks ports as group member ports if it receives an IGMP Membership Group Report. For IGMP Snooping to work correctly, it is important that an IGMP Membership Report message be forwarded only to router ports.

A separate address class known as Class D is used to identify multicast groups. The Class D address ranges from 224.0.0.0 through 239.255.255.255, with addresses from 224.0.0.x and 224.0.1.x reserved for permanent assignment. Each of these addresses represents a group of IP end stations, also known as a “host group.”

Adding or excluding ports from an IP multicast group

Type igmpsnoop port(s) port_list group ip_group mode { normal | fixed | forbid } VID to include or exclude a data port from a particular IP multicast group

6000 Switch>#>igmpsnoop ports 1 2 3 group

239.147.6.99 mode fixed VID 1

In the example above, port 1, 2, and 3 are included as members of IP multicast group 239.147.6.99 regardless of whether an IGMP membership report for that group is received or not.

If the forbid keyword is substituted in the above command, ports 1, 2, and 3 are excluded from IP multicast group even though the system has received an IGMP membership report for the same group. This is a security feature to disallow an end station to participate in a particular multicast session. Instead of a particular IP multicast group, the “all” keyword implies all IP multicast groups. Therefore, if you type:

igmpsnoop ports 1 2 3 group all mode forbid VID 1

Port 1, 2, and 3 are prohibited from receiving any multicast traffic. If the keyword “fixed” is used instead, IGMP Snooping is disabled on those ports. This feature is useful for network management purpose, i.e., the port is attached to a management station that is in a promiscuous mode.


175

Resetting control and data ports

The reset commands are used to set the control and data port configuration to normal mode. For example, type igmpsnoop port control reset VID 1 to reset all control ports in VID 1 to normal mode.

Type igmpsnoop port data reset all to reset all control ports on VID 1 to normal mode,.

Displaying configured ports

Type igmpsnoop print config VID to display the configuration for all ports on a particular VLAN.

Type igmpsnoop print config all to display the configuration for all ports on a particular VLAN.

Type igmpsnoop print all to view the active multicast groups.

Type igmpsnoop print VID to view the status per VLAN.

The configuration information is immediately stored in NVRAM. The switch loads the configuration from NVRAM during boot up.

If the number of configuration entries exceeds the allotted NVRAM space, new configuration entries are not saved and a warning message is issued.

Note Only configuration information is saved. Snooping status (i.e., membership information) is not saved.

Setting aging time

An aging time is used to specify the time acceptable (in seconds) between IGMP queries since the switch last received an IGMP query from the multicast server. A query allows the server to determine which network hosts are (or want to be) part of the IP multicast group, and are configured and ready to receive traffic for the given application.


176

Type igmpsnoop set agetime value to set the timer,. The range is from 330 to 500 seconds. The default value is 330 seconds.

6000 Switch>igmpsnoop set agetime 400

Port Mirroring Port mirroring is a useful diagnostic tool because it provides the ability to diagnose a connection by attaching a packet analyzer to a port and “snooping” all of the traffic transmitted. On the second port you can attach a protocol analyzer to capture and analyze the data without interfering with the client on the original port. Port mirroring is disabled by default on the switch.

All VLAN traffic is transmitted to the source port and its mirror port to ensure that all frames received by the source port are transmitted to the destination or monitor port.

Any port may be selected as a source or monitor port, regardless of the speed of the port. For example, it is acceptable to designate a Gigabit Ethernet port as the source and a 10/100 port as the monitor port even though there might be some frame loss on the monitor port. This permits diagnosing problems on the Gigabit Ethernet connection using a 10 or 100 MB packet analyzer.

To support this function, set a source and destination mirrored port.

1 Type set portmirror sourceport port_number to set the source port.

2 Type set portmirror monitorport port_number to set the mon-itor port.

3 Type enable portmirror to activate port mirroring.

Note Port mirroring must be disabled prior to setting the source and destination port numbers. Type disable portmirror to disable portmirroring.

Restrictions

• Ports are aggregated ports. It’s not possible to mirror a single media port inside a multiport aggregation.

• If the monitor port is a multiport aggregation then all mirrored traffic is sent to the lowest numbered media port in that aggregation.


177

• A network loop occurs if both source and monitor ports are plugged into a hub.

Type show portmirror to display the port mirroring configuration information.

Layer 2 Frame PrioritizationToday’s local area networks must respond to delivering new technologies that require congestion control and prioritization. Layer 2 provides packet prioritization capabilities for the application of network policies. The switch supports the IEEE 802.1p, 802.1D and 802.1Q specification for traffic prioritization of Layer 2 frames.

This standard defines how network frames are tagged with user priority levels ranging from 7 (highest priority) to 0 (lowest priority). Switches and routers prioritize traffic delivery according to the user priority tag, giving higher priority frames precedence over lower priority or untagged frames.

Each port is assigned a default user priority. That default user priority is only used on untagged frames. Tagged frames already contain a priority. All of the ports have a factory default user priority of zero (0). You must be in privileged mode to configure the ports.

Type set priority port(s) port_ list pri to set the default user priority for individual ports.

6000 Switch>#>set priority port 3 7

Type set priority port(s) all pri to set the default priority for all ports.

6000 Switch>#>set priority ports all 7

Type set priority port(s) { all | port list} default To reset a port or all of the ports to their factory default setting.

6000 Switch>#>set priority ports all default

Each port in the system also has a trusted or untrusted priority mode. In trusted priority mode, the priority of a tagged frame is always used. In untrusted priority mode, the default port priority is used even if the frame is tagged.

1 Type set priority ports port_list trusted To reset a port or all of the ports to their factory default setting,

6000 Switch>#>set priority ports 8 10 trusted


178

2 Type set priority ports port_list untrusted for untrusted prior-ity.

6000 Switch>#>set priority ports 3 4 untrusted

Type show priority to view the port priority and priority mode.

SNMP AgentThe switch comes with an SNMP agent. After the switch’s IP address is set, the SNMP agent can communicate with any SNMP management station.

The SNMP agent:

• Responds to requests from the network management station for the value of a MIB variable using the get-request or get-next-request format.

• Responds to requests from the network management station to set or change MIB variables.

• Sends messages or traps to the network management station that a significant change has occurred. The table describes the supported traps.

Generic Trap Number

SpecificTrapNumber Condition Description

0 Cold StartSystem starting from power down state.

1 Warm StartSystem restart without power down.

2 Link Down

The link state of a port is changed from up to down.

3 Link Up

The link state of a port is changed from down to up.

6 1CarrierCPSlotChangeEvent

The primary CP board is changed from slot A to slot B or vice-versa.


179

SNMP Communities

The SNMP agent, along with the type of messages that are identified with it (get, set, trap), is referred to as an SNMP community. Each community is identified by a community string or name and a community number. The community_number is any number from 1 to 3.

6 2CarrierStatusAChangeEvent

The status (inserted/running) of the CP in slot A has changed.

6 3CarrierStatusBChangeEvent

The status (inserted/running) of the CP in slot A has changed.

6 4MediaCardChangeEvent

One or more of the media cards is inserted or removed.

6 5 FanFailEventOne or more fans has failed.

6 6 PowerSupplyFailEventOne or more power supplies has failed.

6 7 HighTemperatureEvent

The temperature exceeded the High TemperatureMark and the switch shuts down immediately.

Community Number

Community String Permissions

1 Public GET

2 Private SET

3 Trap GET, SET

Generic Trap Number

SpecificTrapNumber Condition Description


180

Configuring the SNMP Agent

1 Type the privileged set snmpmgr host_ip_address community _number [index] command to set the manager or host address for one station.

6000 Switch>set snmpmgr 193.1.1.143 1 1

If assigning an address to additional stations, follow the IP address with the community number and index number of the station. Up to eight indexes or hosts can be added.

2 Type set snmpmgr to assign the IP address 0.0.0.0 to remove an address from the list, as in the following command line: set snmpmgr 0.0.0.0 [index]

6000 Switch>set snmpmgr 0.0.0.0 1

As a configuration option, you can give your switch up to eight IP addresses of network management stations to which traps should be specifically sent. However, one station is the most common scenario.

3 Type show community to display the SNMP community string for all access types to the SNMP MIBs

4 Type the privileged set community community_number string [get] [set] [trap] command to set the type of messages to be exchanged between the SNMP manager and agent.

6000 Switch>#>set community 1 public get trap

6000 Switch>#>set community 2 private get set trap


181

5 Type set snmpSecurityLevel level to control security levels on the switch. The default setting is 2, which allows stations in the host table to have write access.

6000 Switch>#>set snmpSecurityLevel 3

Note Only stations in the host table are able to view and config-ure the switch in Intel® Device View. Changing the default security level prevents other stations from being viewed by Intel Device View.

If the switch does not respond to an SNMP query:

• Check to see if the host appears in a show snmpmgr command.

• Check to see if the community is a valid string.

• Check the console to see if the SNMP query is generating any errors.

If the switch is slow to respond, there might be a host that is bombarding the switch with SNMP traffic that is not on the snmpmgr list. If this is the case, the switch is being slowed down by sending “Authentication Failure” traps.

To fix the problem:

• Find the offending host.

• Stop it from requesting information from the switch.

• Or, add it to the snmpmgr list with the set snmpmgr command.

6000 Switch>set snmpmgr 193.1.1.90 1 1

Level Behavior

1

Does not verify host in community. Anyone can configure the switch if they know the community string.

2Verifies host in community for write privileges only.

3Verifies host in community for read and write privileges.


182

RMONRMON1 is supported. RMON is an extension to SNMP and is defined by of RFC1757, “Remote Network Monitoring Management Information Base.” Four of the nine RMON1 groups are supported.

RMON history is available for the first 10 ports after boot up. To add history for other ports, use Intel Device View or a third-party RMON compliant browser to delete the history-control table row for a port already in the table.

The total number of entries in the history control table must be less than or equal to 20. By default, each port has two entries, one for 30-second sample intervals, and one for 30-minute sample intervals.

There are no command line commands to enable or disable the RMON agent. A graphical network management interface is available through Intel Device View and third-party RMON compliant browsers.

NVRAM BackupAs part of the switch’s fault tolerant structure, non-volatile RAM (NVRAM) is used to store configuration information for the switch.

Use the NVRAM Backup privileged command savenv to back up this configuration information.

If the CP carrier module has failed, use the loadnv command to restore the system parameters from the backup file located on the TFTP server to the replacement CP carrier module.

Note To configure the TFTP server’s operation, refer to the TFTP server software documentation.

Group Name Group Number

Statistics 1

History 2

Alarms 3

Events 9


183

Backup

Note Before the backup file is uploaded to the TFTP server, the file must already exist and be able to be read and written by everyone.

To begin the backup

1 Create the file.

The file name is the switch’s IP address in hex uppercase format (i.e. IP address 192.2.2.1 is named C0020201.)

Note To get the file name, use the savenv command with the IP address of the switch. The command returns the file name in hex uppercase format. An error message occurs, because the file was not created in advance.

6000 Switch>#>savenv 192.2.2.1

Using remote file name = C002023F saving nvram ver-

sion 1

No response from TFTP server

TFTP upload failed.

2 Create the file on the TFTP server. To configure the TFTP server’s operation, see the TFTP server software documentation

3 Type the savenv [path] ip_address_of_tftp_server command.

Use the path argument only to save the NVRAM to a file in a directory other than the default directory “/tftpboot.”

Example without path address:

6000 Switch>#>savenv 192.2.2.12

Example with path address:

6000 Switch>#>savenv /pathname 192.2.2.12

Restore

Type the privileged loadnv [path] ip_address_of_tftp_server command to restore the non-volatile RAM. The loadnv command checks that the version of the non-volatile RAM file is compatible with the system version before it restores non-volatile RAM.

6000 Switch>#>loadnv 192.2.2.1

Note After restoring the NVRAM, you are prompted to reset the switch. Type Y for yes to begin the reset process.


184

Use the path argument only if the NVRAM file was saved in a directory other than the default directory “/tftpboot.” By default, the filename on the server is assumed to be the IP address of the switch in uppercase hex format (i.e., C0020201.)

SYSLOGThe syslog feature records such events as logins, configuration changes and error messages that occur on the switch. If an error condition occurs, the switch attempts to write an entry to the system log. The log information is sent to a syslog service on a remote host. All of the syslog command settings and log entries are held in NVRAM.

To set the Syslog service address

1 Type the privileged set syslog ipaddr ip_address to set the address of where the syslog service resides.

6000 Switch>#>set syslog ipaddr 192.2.2.143

2 Type enable syslog to begin the output to the system log.

6000 Switch>#>enable syslog

The table below displays a typical entry in the system log on the remote host.

Logging Commands

The switch’s syslog can log all user commands that are typed from any console session.

1 Type the privileged set syslog lcmds to enable this feature.

The following is an example of the system log when command logging is enabled:

Oct 27 11:16:08 6000Switch Console[2]: syslog startedOct 27 11:17:26 6000Switch Console[2]: Non-privileged user logged inOct 27 11:17:35 6000Switch Console[2]: Privileged user logged inOct 27 11:17:43 6000Switch Console[2]: Privileged user logged outOct 27 11:17:44 6000Switch Console[2]: Non-privileged user logged out

Oct 27 11:24:24 6000Switch Console[2]: command, "di sys"Oct 27 11:24:39 6000Switch Console[2]: command, "enable spantree"Oct 27 11:25:05 6000Switch Console[2]: command, "di fdb"


185

Only valid commands are logged. If a command is not understood, then it is not logged.

2 Type the privileged set syslog nolcmds to disable logging of all the commands.

Similar to command logging, the switch’s syslog can record all output from any console session.

3 Type the privileged set syslog lout to log all output from the switch.

4 Type the privileged set syslog nolout to disable logging of the output information.

To display the Syslog setup

Type show syslog to display the current syslog parameters.

Type disable syslog to end output to the syslog.

Broadcast and Multicast Storm ControlAn excessive number of broadcast or multicast frames on a network can degrade network performance by starving out unicast traffic. Broadcast and multicast storm control is intended to safeguard against this threat by limiting the amount of broadcast and/or multicast traffic that a port is allowed to receive and forward.

To protect against broadcast or multicast storms, a broadcast and/or multicast threshold is set for each port. A threshold is a percentage of the maximum bandwidth of the link. The higher you set the threshold percentage, the less effective the protection against broadcast storms. The default broadcast and multicast thresholds are 100 percent, which disables storm control.

1 Type set storm bthreshold percentage { all | port_number } to set the parameters for broadcast storm control.

6000 Switch>set storm bthreshold 90 3

2 Type set storm mthreshold percentage { all | port_number } to set the parameters for multicast storm control.

6000 Switch>set storm mthreshold 95 3


186

3 If the port is set to zero, it can discard indefinitely. Type set storm nodiscard { all | port_number } to resume receiving on a port that is discarding.

The switch does not have the ability to discard broadcast or multicast traffic selectively. The discarding state is actually a “receive disabled” state. When the broadcast or multicast threshold for a port is exceeded, the switch disables frame reception for a given duration that is equal to the discard duration. The discard duration range is zero (0) to 256 seconds.The default is 5 seconds.

1 Type set storm bdiscard seconds { all | port_number } to set the broadcast discard duration.

6000 Switch>set storm bdiscard 4 3

2 Type set storm mdiscard seconds { all | port_number } to set the multicast discard duration.

6000 Switch>set storm mdiscard 8 3

A duration of zero (0) seconds is used to permanently disable the port until it is changed. The switch sends alerts that notify the system administrator that the port has exceeded a threshold and the port has been disabled for the stated duration.

6000 Switch>set storm mdiscard 0 1

The following message is displayed:

Port 1 will be disabled when broadcast load reaches

threshold. User interaction is required to remove the

port from discarding state.

Note The switch may or may not detect a rate that is over the threshold. The switch does not enter discard mode unless the calculated rate is at least one percent more than the threshold for two consecutive four-second periods. It takes from eight to eleven seconds to detect a rate that is two per-cent more than the threshold.

Type show storm to display the storm control information,. Select from the following parameters:

• Active displays the storm control information for all the ports that are actively monitoring.

• Discarding displays storm control information for all the ports that are currently discarding packets.


187

• All displays storm control information for all the ports, regardless of what state the storm control software has for that port.

6000 Switch>#>show storm all

Using a port number instead of any of the other parameters displays only the storm control information for that port.

6000 Switch>#>show storm 3

The Storm Control configuration is stored in the NVRAM of the switch.

Layer 3 Switching & RoutingLayer 3 switching supports dynamic routing protocols to maintain the routing tables. For each network layer protocol, one or more routing protocols may be invoked. For IP, these protocols are RIP v1, RIP v2, and OSPF.

Layer 3 switching moves frames through the switching fabric based upon the destination network protocol address of the packet. The switch supports wire-speed Layer 3 switching for IP networks.

Layer 3 switching operates in the context of multiple switched network segments. This functionality relies upon multiple VLAN operation.

IP Access ControlOn the 6000 switch, IP Access Control is applied to incoming routable traffic to limit access to end devices on different networks or subnets.

An Access Control List (ACL) of rules is used to permit or deny the flow of IP traffic through the network. The rules are created based on source and destination IP addresses.

ACL rules are enforced on routable traffic only. IP frames between two end devices connected to the switch on different VLANs may be blocked and unable to ping or Telnet each other.


188

IP access control and access lists do not apply to frames that are switched within the same VLAN. If the devices are on the same VLAN, they maintain their IP connectivity and are able to ping or Telnet each other even though ACL rules may forbid IP traffic between the two.

IP connection between an end station and the 6000 switch is never subjected to ACL rules. An end station can Telnet the switch or use an SNMP agent for management activities.

The IP Access Control configuration is stored in NVRAM.

ACL rules

The order rules are applied to an incoming packet are determined by the order that a rule was entered into the ACL. The 6000 switch supports a maximum of 128 filtering rules.

The source IP address and source wildcard mask or destination IP address and destination wildcard mask represents a single host or a range of hosts in a network.

A wildcard mask is a method used to define a range of host IP addresses with an accompanying network or subnet IP address. It uses the same notation as the dotted decimal IP address. The wildcard mask cannot overlap with the corresponding network or subnet address.

For a single device or host, the address must be the designated IP address of the device and the wildcard mask must be 0.0.0.0 or the word “host.”

permit 172.18.1.2 0.0.0.0 172.18.3.2 0.0.0.0

or

permit 172.18.1.2 host 172.18.3.2 host

Wildcard Mask Examples

Network/Subnet Address

Wildcard Mask Description

172.18.1.0 0.0.0.255All the host addresses in the range172.18.1.0. through 172.18.1.255,

172.18.2.0 0.0.0.7All the host addresses in the range172.18.2.0. through 172.18.2.7,

172.18.3.0 0.0.255.255 Invalid since address and mask overlap,


189

For a range of devices, the address must represent a network or subnet address and the wildcard mask must identify the range of IP addresses. The address and wildcard mask pair of 0.0.0.0/255.255.255.255 or the word “all” represents all possible IP addresses.

6000 Switch>#>deny 172.18.2.0 0.0.0.255 172.18.3.0 0.0.0.255

In the example below, the rule denies any packets from being sent from source IP 17.18.4.0/ 0.0.0.255 to all IP addresses.

6000 Switch>#>deny 172.18.4.0 0.0.0.255 all

The format for any rule includes:

• An action (deny or permit)

• A source IP address and source wildcard mask

• A destination IP address and destination wildcard mask

Adding a permit rule

Type acl add rule_number permit (source_address source_wildcard_mask)( destination_address destination_wildcard_mask) in privileged mode to add a permit rule.

6000 switch>#>acl add 1 permit 172.18.1.2 0.0.0.0

172.18.3.2 0.0.0.0

When adding a rule, all subsequent rules (starting from the requested rule number) are shifted one position down towards the last rule. An end rule can only be overwritten with a new end rule.

For example, if a new rule 1 is added. The existing rule 1 becomes rule 2 and all of the other rules shift down one number.

3 Type enable acl to activate IP Access Control once you have completed adding all of the rules to the ACL.

6000 switch>#>enable acl

Note ACL is disabled by default. When disabled, all routable packets are forwarded to the destination interface. It is rec-ommended that ACL remain disabled while adding rules to the rules list.


190

Adding a deny rule

1 Type acl add rule_number deny (source_address source_wildcard_mask)( destination_address destination_wildcard_mask) in privileged mode to add a deny rule.

6000 switch>#>acl add 1 deny 172.18.2.0 0.0.0.255 all

2 Type enable acl in privileged mode to activate ACL.

Adding an end rule

There are two rules that are always placed at the end of the list whether implied or explicitly added to the list.

• Permit all all

• Deny all all

If the ACL is empty or an end rule has been omitted, the “deny all all” rule is implied.

Moving a permit or deny rule

1 You can move an existing permit or deny rule from its current position to a new position within the rule list. Type acl move rule_number to rule_number to move a rule.

6000 switch>#>acl move 4 to 2

You cannot move an end rule or move any other rule to the end rule position.

Note An end rule cannot be overwritten unless the target rule is itself an end rule.

Modifying a rule

You can modify existing rules.

Type acl modify rule_number permit (source_address source_wildcard_mask)( destination_address destination_wildcard_mask.) to modify a permit rule.

6000 switch>#>acl modify 5 permit 172.18.1.3 host

172.18.3.0 0.0.0.3

Note You cannot modify an existing rule with an end rule unless the existing rule itself is an end rule.


191

Deleting a rule

1 Type acl del rule_number to delete a rule.

6000 switch>#>acl del 1

2 Type acl del all to delete all of the rules.

6000 switch>#>acl del all

Displaying the rule list

Type acl print rules to display the existing list of rules.

For example, the diagram of a hospital network displays how IP filtering might be used in a typical network. Seven ports on the switch are being used to connect two servers and five workstations. The network has been divided into three subnets.

• Subnet 1, the finance department, includes collections, admissions and the network manager.

• Subnet 2 is the radiology department.

• Subnet 3 is the computer room and includes all of the shared resources that need to be protected.

The following access rules are required in this network:

• Collections can access the billing server only.

• Admissions can access both the billing and patient records servers.

IP Access Control Sample Configuration

192.168.1.2

192.168.1.3

192.168.2.2 192.168.2.3

192.168.3.21 6

VLAN 1: 192.168.1.1

VLAN 2:192.168.2.1

VLAN 3:192.168.3.1

Hospital Billing

Patient Records

Radiology Department

Admissions

Collections

192.168.1.4

NetworkManager

3

Rule 1,4

Rule 2,4

Rule 3,4Rule 5

Rule 3,6

6000 Switch

IntelSwitch>

IntelSwitch>

IntelSwitch>

IntelSwitch>

IntelSwitch>

7

5

2

4192.168.3.3


192

• The network manager can access all devices on all subnets.

• The radiology subnet can access the patient records server only.

Routing ManagementThe routing and Layer 3 switching functions are divided into two areas: the switching engine and routing table management.

Configuration of the routing protocols is performed for each of the network interfaces. The configuration parameters and the application to perform the routing protocols is based on the GateD daemon.

For each protocol and configurable option, the system displays the following characteristics:

• A protocol is started (or stopped) when it is added (or removed) from an interface.

• Protocol operation occurs only on the interfaces where it has been enabled.

• The interface reports the correct status and configuration information.

Rule ActionIP Source Address

SourceWildcard Mask

IP Destination Address

Destination Mask

1 Permit 192.168.1.2. host 192.168.3.2 host

2 Permit 192.161.1.3 host 192.168.30 0.0.0.3

3 Permit 192.168.1.4 host ALL

4 Permit 192.168.3.0 0.0.0.255 ALL

5 Permit 192.168.2.0 0.0.0.3 192.168.3.3 host

6 Permit 192.168.2.0 0.0.0.255 192.168.1.4 host

7 Deny ALL ALL


193

RIP

The Routing Information Protocol (RIP) is an interior gateway protocol (IGP) used by routers to exchange routing table information for local networks. RIP is a distance vector protocol which sends the complete routing table to its neighbor routers.

RIP uses broadcast User Datagram Protocol (UDP) data packets to exchange routing information. Each router sends or advertises routing information updates every 30 seconds.

The switch supports both RIP version 1, RFC1058, and version 2 , RFC2453. It always accepts RIP packets from both versions when RIP is enabled. To send version 2 packets, the specific RIP interfaces need to be configured. Only RIP version 1 packets are sent by default.

For information on the gated commands associated with the RIP protocol, see “RIP Configuration” later in this section.

OSPF

Open Shortest Path First (OSPF) is a topology-based link-state routing protocol. It provides greater capabilities than RIP. Link-state changes are promptly reported to reflect the topology database changes. OSPF is implemented according to RFC1583.

In a link-state protocol, each router maintains a database for each connected area network topology, which it builds out of the collected link-state advertisements of all involved routers of the area.

OSPF allows networks to be grouped into areas. Routing information passed between areas is abstracted, potentially allowing a significant reduction in routing traffic. OSPF areas are connected by the backbone area, identified by 0.0.0.0.

All areas must be logically contiguous and the backbone is no exception. To permit maximum flexibility, OSPF allows the configuration of virtual links, which enable the backbone area to appear contiguous despite the physical reality of the network.

For information on the gated commands associated with the OSPF protocol, see “OSPF Configuration” later in this section.


194

GateDThe Gated Routing Daemon or GateD1 is included with the switch to manage IP routing protocols. When GateD* is configured, the switch acts as a router. GateD is enabled by default.

The network administrator uses GateD to control the import and export of routing information by:

• Individual protocol

• Autonomous system

• Source and destination interface

• Previous hop router

• Specific destination address.

The configuration can be modified, added to or deleted without restarting GateD, while still preserving the previous configuration. The command line interface also provides the ability to query different GateD contents, such as the GateD routing table or OSPF LSA (link-state advertisement) database.

GateD consists of various routing protocols. Using these routing protocols, the switch exchanges routing information with its neighbors within their routing domain and contributes the learned routes into the GateD routing table.

GateD selects the best routes from its centralized database and stores them in the system forwarding table. It also retrieves system information including real-time events and then sends it to routing protocols.

Routing Protocols

The GateD syntax supports Interior Routing Protocols (IRP), which include RIP and OSPF. Interior protocols are used to exchange routing information within an autonomous system (AS).

1.©1995, 1996, 1997, 1998 The Regents of the University of MichiganAll Rights Reserved.

Gate Daemon was originated and developed through release 3.0by Cornell University and its collaborators.


195

Interface

An interface is the connection between a router and one of its attached networks. It is always identified by an IP address in GateD.

GateD learns all interfaces from the system. The route to an interface has a preference of 0 which is the highest since it is directly connected.

Static Routes

Static routes are manually configured. When configuring static routes, all necessary information must be provided to form a useful route entry for forwarding traffic.

Preference

Different protocols can find different paths (i.e., routes) to a destination network. They are all stored in the GateD routing table. Preference determines which one is going to be selected for the system forwarding table. The table displays the default preference in GateD.

The route with the lowest preference number is selected. The preference can be set manually in different protocols.

Components

When in GateD, the prompt indicates the current component.

gated>rip

gated/rip>

Source of Route Default

local interface 0

OSPF 10

static routes 60

RIP 100

OSPF AS external 150


196

The major components are listed below:

When a command is issued, it only applies to the current component. For example, di without any arguments, displays all attributes and sub-components (but not recursively) of the current component. In the examples below, RIP is the current component.

Examples

gated/rip> di pref

preference:100

gated/rip> di

rip:

preference: 100

defaultmetric: 16

trustedgates: 172.18.3.182, 172.16.2.1, 172.21.2.1

if[172.18.1.101]

if[172.18.2.101]

if[172.18.5.101]

gated/rip> di if[172.18.1.101]

if[172.18.1.101]

mode: both

version: 1

metricIn: 1

metricOut: 0

authtype: none

authkey:

Component Description

ifs Interfaces

static Static Route

policy Import or Export Policy

rip Routing Information Protocol

ospf Open Shortest Path First Protocol

rTable GateD Routing Database


197

Configuring GateD1 Type gated, then press Enter at the privileged prompt to start

GateD.

The prompt changes to gated>.

6000 Switch>set priv

ENTER PASSWORD:

6000 Switch>#>gated

gated>

2 Type config, then press Enter to enter configuration mode.

gated> config

gated#

Configuration mode is required to add components and set attributes. Once in config mode, the prompt includes a hash mark (#) without the greater than (>) sign.

3 Type add component_name, then press Enter.

gated# add rip

The components include: ifs, static, policy, rip, ospf, and rTable.

4 Type the component name at the gated# prompt, then press Enter to display or configure attributes for the selected compo-nent.

gated#rip

gated/rip#

5 Type display or di, then press Enter to view the configurable attributes for the component.

gated/rip# di

rip

-----------------------------

preference: 100

defaultMetric: 16

trustedGates:

stats

6 Type set value to select the RIP version, then press Enter.

gated/rip#set version 2


198

The set command assigns a value to an attribute

7 Type activate or act, then press Enter.

gated/rip# activate

The new configuration does not take effect until the activate command is issued.

The first stage of activation is semantics checking. The add, del, set and save commands impact the network configuration. Once these commands are issued, semantics checking is conducted to ensure that the change is consistent with the remainder of the system.

If the command passes semantics checking, it is executed. If it fails, the command is voided and has no impact.

8 Type save, then press Enter.

gated/rip#save

The save command is used to permanently save the current configuration into NVRAM.

9 Type end, then press Enter to leave configuration mode and return to the gated prompt.

gated>config

gated#rip

gated/rip#set version 2

gated/rip# activate

gated/rip# save

gated/rip# end

gated> exit

6000 switch>

If end is used prior to the save command, the configuration is not stored in NVRAM.

10 The display or di command can be used to view the current configuration.

11 Type exit to exit GateD.


199

Adding Interfaces

The IP interfaces are configured with VLANs with the ifconfig command. GateD maintains a copy of the IF (interface) table, which is the GateD ifs component. A GateD interface is the connection between a router and one of its attached networks.

The set scanInterval time is a global option that affects all interfaces. It sets the number of seconds indicating how often GateD checks the system for interface changes. The range is from 15 to 3600 seconds. The default is 60 seconds.

Adding Static Routes

Static routes are used to manually configure entries into the routing table. A static route creates a path to an IP network not visible by the routing protocol.

If the keyword default is used for the destination address, a default route is created. The default route is used whenever there is no specific route to a destination. The network IP address associated with the default route is 0.0.0.0/0.

The maximum number of static routes is 1024.

gated>config

gated#ifs

gated/ifs#set scaninterval 75

gated/ifs#if[172.16.3.1]

gated/ifs/if[172.16.3.1]#di

if[172.16.3.1]

-------------------------------------

ifIndex: 2

state: UP

transitions: 0

mtu: 1436

media:BCAST

metric: 0

mask: 255.255.240.0

potocols: NONE

preference: 0

gated/ifs/if[172.16.3.1]#


200

To add a static route

1 At the gated> prompt type config, then press Enter to enter configuration mode. The prompt changes to gated#.

gated>config

gated#

2 Type add static, then press Enter.

gated#add static

3 Type static, then press Enter to enter static component mode.

gated/#static

4 Type di to display the attributes required to configure the static route.

gated/static#di

static

--------------------

default

route[192.27.2.3/1]

The interface and gateway need to be defined.

5 Type add route [x.x.x.x/l], then press Enter.

The x.x.x.x is the IP address of the route and /l (l for length) is the mask or prefix length of the netmask address.

Note Always include the brackets when the add command is used to add an interface address. The brackets are not used with the set command.


201

gated/static#add route 192.27.2.3/24

To add a default route

1 Type add default, then press Enter at the prompt.

gated/static#add default

2 Type default, then press Enter at the prompt to configure the default component.

gated/static/#default

3 Type di to display the attributes required to configure the static route.

gated/static/default#di

if: 0.0.0.0

gateway: 0.0.0.0

pref: none

type: 60

The interface and gateway need to be defined.

4 Type set if ip_address, then press Enter to set the interface.

gated/static/default#set if 192.25.1.1

Note The brackets are not used with the set command to config-ure IP addresses.

5 Type set gateway ip_address, then press Enter to set the gate-way address.

gated/static/default#set gateway 192.255.25.0

gated>

gated>config

gated#add static

gated#static

gated/static#add route [192.27.2.3/24]

gated/static#di

static

--------------------

default

route[192.27.2.3/1]

gated/static#


202

6 Type activate, then press Enter.

gated/static/default#activate

7 Type save, then press Enter to save the configuration in NVRAM.

gated/static/default#save

Note The switch supports up to 1024 static and dynamic routes.

RIP ConfigurationRIP selects the route with the lowest “hop count” (metric) as the best route. The hop count is the number of routers through which data must pass to reach its destination. RIP assumes that the best approach is the one that uses the fewest routes.

RIP deletes routes from the routing table if the metric is greater than 15 hops away. All routes through a gateway are also deleted if no updates are received by the gateway within a specified time period. Generally, RIP issues routing updates every 30 seconds. If a gateway does not issue routing updates within 180 seconds, all routes through that gateway are deleted from the routing table.

RIP does not require a considerable amount of configuration. The basic RIP defaults should work for any system that is running RIP.

gated>

gated>config

gated#add static

gated#static

gated/static#add default

gated/static/#default

gated/static/default#di

if: 0.0.0.0

gateway: 0.0.0.0

pref: none

type: 60

gated/static/default#set if 192.25.1.1

gated/static/default#set gateway 192.255.255.0

gated/static/default#activate

gated/static/default#save


203

To configure RIP

1 Type config at the gated> prompt, then press Enter to enter configuration mode. The prompt changes from gated> to gated#.

gated> config

gated#

2 Type add rip, then press Enter at the gated# prompt.

gated# add ripgated#

3 Type rip, then press Enter at the gated# prompt. The prompt changes to gated/rip#.

gated# rip

gated/rip#

4 Add the interfaces used by RIP, where interfaces are always designated by if[x.x.x.x].

Note Always surround the interface address with square brackets ([ ]) when using the add command. The switch supports 128 interfaces.

gated/rip# add if[172.18.4.101]

5 Type the interface at the gated/rip# prompt to display or config-ure attributes for the selected interface.

gated/rip# if[172.18.4.101]

gated/rip/if[172.18.4.101]#

6 Type di, then press Enter to display the attributes required to configure the RIP interface.

gated/rip# if[172.18.4.101] di

if[172.18.4.101]

----------------------------------------

mode: both

version: 1

metricIn: 1

metricOut: 0

authType: none

authKey:

stats


204

7 Set the RIP version number. Type set version or ver 1 or set version or ver 2 to specify the RIP packet version (RIP 1 or RIP 2) sent from the interface. The default is RIP 1.

gated/rip/if[172.18.4.101]#set ver 2

Note Incoming RIP packets from both versions are always accepted by the interface regardless of this setting.


9 Type save, then press Enter to save the configuration in NVRAM.

See Appendix B, GateD Reference, for more information on the RIP protocol configuration.

OSPF Configuration OSPF is a protocol designed to be used inside Autonomous Systems. It is not designed to route between Autonomous Systems. OSPF is more complicated to configure than RIP. Before beginning the OSPF configuration, a network plan should be drawn to identify the topology of the network.

gated>config

gated#add rip

gated#rip

gated/rip# add if[172.18.4.101]

gated/rip# if[172.18.4.101]

gated/rip/if[172.18.4.101]#set version 2

gated/rip/if[172.18.4.101]#activate

gated/rip/if[172.18.4.101]#save


205

To configure OSPF

1 Type config, then press Enter at the gated> prompt to enter configuration mode. The prompt changes from gated> to gated#.

gated>configgated#

2 Type set routerID x.x.x.x, then press Enter to set the routerID. The x.x.x.x is the IP address of the router.

gated#set routerid 193.21.2.2

The routerID is a 32-bit number assigned to each router running the OSPF protocol. The number uniquely identifies the router withn the autonomous system.

3 Type add ospf, then press Enter at the gated# prompt.

gated#add ospf

4 Type ospf, then press Enter.

Subnet CHOST 3

Subnet BHOST 2

Subnet AHOST 1

Router 3 (R3)OSPF ON

VLAN 3VLAN 2

Ports 1-3Ports 9-11

Ports 6-8Ports 14-15


Backbone

Area 0.0.0.1

0.0.0.0

Area 0.0.0.2

193.21.2.1 194.21.2.2

193.21.2.22 194.21.2.22


VLAN 1

Ports12-13

192.21.2.1

192.21.2.22

IntelSwitch


206

The OSPF component is ready for configuration.

gated#ospf

gated/ospf#

5 Type add area [x.x.x.x], then press Enter.

Type the router ID of the Area Border Router

gated/ospf#add area[0.0.0.2]

Each OSPF router must be configured into at least one OSPF area. If more than one area is configured, at least one must be the backbone. Add an area number to set the areaID for the interface.

6 Type area[x.x.x.x], then press Enter at the gated/ospf# prompt. The prompt changes to include the area.

gated/ospf#area[0.0.0.2]

gated/ospf/area[0.0.0.2]#

7 Add the interfaces. The add if[x.x.x.x] command defines the interfaces used by OSPF.

Note The switch supports up to 128 interfaces. The maximum number of interfaces within the same area is 32.

gated/ospf/area[0.0.0.1]#add if[193.21.2.22]

8 Type the interface address, then press Enter at the gated/ospf/area[0.0.0.1]# prompt. The prompt changes to include the inter-face.

gated/ospf/area[0.0.0.2]#

gated/ospf/area[0.0.0.2]#if[193.21.2.22

gated/ospf/area[0.0.0.2]/if[193.21.2.22#


gated/ospf/area[0.0.0.2]/if[193.21.2.22#act

10 Type save, and then press Enter to save the configuration in NVRAM.

gated/ospf/area[0.0.0.2]/if[193.21.2.22#save


207

Creating Virtual Links

The OSPF protocol requires that all areas must be connected to the backbone. OSPF requires that every area connect to the backbone and that every area, including the backbone area, be contiguous.

A virtual link is used to logically connect an area to the backbone, when it cannot physically connect to the backbone. The two end points of a virtual link are Area Border Routers (ABR). The virtual link must be configured for each ABR.

To configure a virtual link

• Add the area for each Area Board Router.

• Add the Router ID of the Area Border Router connected to each area.

• Add the backbone.

• Set the transit area used to link the virtual link to the backbone.

In the Virtual Link Topology example, Area 0.0.0.1 is connected to the backbone through ABR1. Area 0.0.0.2 needs to be connected through ABR1 to Area 0.0.0.1 to be connected to the backbone.

gated>config

gated#set routerid 193.21.2.2

gated#add ospf

gated#ospf


gated/ospf#area[0.0.0.2]

gated/ospf/area[0.0.0.2]#add if[193.21.2.22]

gated/ospf/area[0.0.0.2]#activate

gated/ospf/area[0.0.0.2]#save


208

To create a virtual link for Area 0.0.0.2 through ABR1

1 Type config, then press Enter at the gated> prompt to enter con-figuration mode. The prompt changes from gated> to gated#.

gated>config

gated#

2 Type add ospf, then press Enter at the gated# prompt.

gated#add ospf

3 Type ospf, then press Enter to configure the OSPF component.

gated#ospf

gated/ospf#

4 Type add area [x.x.x.x], then press Enter to add area 0.0.0.1 to OSPF.


5 Type add area[0.0.0.1]/if[172.20.3.101], then press Enter to add the IP address of the interface connected to the area. The interface in this example is the address for VLAN2.

gated/ospf#add area[0.0.0.1]/if [172.20.3.101]

Transit Area

BackboneArea 0.0.0.0

172.20.6.101

Vlan1PVID 1Ports 5-8172.18.3.101

Vlan2PVID 2Ports 1-4172.20.3.101

ABR2Router ID 1.0.0.2

ABR1 Router ID 1.0.0.1

Area 0.0.0.1

Area 0.0.0.2


209

6 Type add backbone, then press Enter to add the backbone area.

gated/ospf#add backbone

The backbone may only be configured with the keyword backbone. It may not be specified as area 0.

7 Type add backbone/vlink [1.0.0.2], then press Enter to add the routerID of ABR2, which is one end of the virtual link.

gated/ospf/backbone#add vlink [1.0.0.2]

8 Type set backbone/vlink/transitarea 0.0.0.1 to add area 0.0.0.1 as the transit area.

The virtual link must be inside of the transit area.gated/ospf/#set backbone/vlink [1.0.0.1]/transitarea 0.0.0.1



Repeat this process on ABR2, which is the router at the other end of the virtual link.

11 Type add backbone, then press Enter to add the backbone area.


gated>config

gated#add ospf

gated#ospf

gated/ospf#


gated/ospf#add area[0.0.0.1]/if [172.20.3.101]


gated/ospf#add backbone/vlink [1.0.0.2]

gated/ospf#set backbone/vlink[1.0.0.2]/transitarea

0.0.0.1

gated/ospf#activate

gated/ospf#save


210

12 Type add backbone/vlink [1.0.0.1], then press Enter to add the routerID of ABR1.

gated/ospf/backbone#add vlink [1.0.0.1]

13 Type set backbone/vlink/transitarea 0.0.0.1, then press Enter to add area 0.0.0.1 as the transit area.



See Appendix B for more information about virtual links.


gated/ospf#add backbone/vlink [1.0.0.2]

gated/ospf#set backbone/vlink[1.0.0.2]/

transitarea 0.0.0.1

gated/ospf#activate

gated/ospf#save

$Appendix A:CommandReference

A P P E N D I X A Command Reference

212

This appendix is a reference for the command console interface. This interface allows you to control and configure your switch as well as to troubleshoot its installation.

You can access the switch’s command-line interface directly from the serial or management port with a terminal or emulator (such as HyperTerminal* in Windows 95/98), or Telnet via PPP or SLIP protocol through one of the I/O ports.

To access the interface via Telnet, use any standard Telnet application. To access the interface via a direct serial connection, plug in one end of a serial cable to the serial port on the switch control processor and the other end into a terminal or a computer installed with terminal emulation software.

See Chapter 4 for more details about using these methods to access the command line interface.

6000 Switch>

A P P E N D I X A Intel® NetStructure™ 6000 Switch User Guide

213

Conventions Used in this Section

item | itemvertical bars separate mutually exclusive items in a command line.

[ item | item]square brackets enclose optional items.

{item |... item}braces enclose mutually exclusive items, one of which is mandatory.

Command Line EditingTo make changes and correct mistakes before entering a command, use the following short-cut keys to edit the command line.

^H (backspace) erases previous character

^W erases previous word (up to space or start of line)

^U erases entire line

^C interrupts current command

Non-printable characters are displayed as the percent sign (%).

Use the exclamation point (!) as a shortcut to repeat previously entered commands.

The following are the ! options:

!! repeats the last command entered.

! history_number repeats the command associated with the line number specified by history_number as reported by the historycommand.

! stringrepeats the most recent command starting with the stringor substring specified by string.


214

Console Command SummariesThe table below groups the commands by function. Note that some commands are privileged operations designed for switch administration only. Access to these commands is restricted and requires an administrator password. These commands are designated with a check mark (✓).

Type Command Function

Utility ? Displays a list of the switch commands.

batch

Downloads then executes the contents of the file as a list of console commands.

clear ✓ Clears various tables or counters.

help Displays the switch commands.

history

Displays the contents of the command history buffer for the current session.

kill ✓ Ends a process.

psDisplays the status of all currently active processes.

Display di Displays information about the switch. The same as the show command.

show

Displays information about switch configuration and operation.

Network Interface arp ✓

Displays or modifies the contents of the Addressess Resolution Protocol (ARP) table.


215

fdb ✓Allows manual manipulation of forwarding database addressesses.

gated ✓Allows management of routing protocols.

ifconfig ✓Controls a network interface.

netstat

Displays specified network protocol statistics and routing information.

pingTests connectivity between the switch and another IP node.

route ✓Manipulates information in the IP routing table.

System Administration bootp ✓

Tests BOOTP and RARP processing on the network.

dateDisplays or sets the switch’s clock/calendar.

diag reset ✓ Resets the switch.

loaddefaults ✓Reloads non-volatile RAM to the factory default settings.

loadnv ✓

Restores non-volatile RAM configuration that was stored on a host system.

logoutExits privileged command mode or console access.

relay ✓Transfers BOOTP messages between clients and servers.



216

savenv ✓Backs up system configuration stored in non-volatile RAM.

upgrade ✓Programs new system software image.

upgradelue ✓Programs new lookup engine image.

upgradewp ✓

Programs new Web Server pages and images into flash memory.

upgradeboot ✓Programs a new boot image in flash memory.

upgradee24 ✓

Programs a new 10/100Base-TX module image into flash memory.

upgradeegs ✓

Programs a new Gigabit Ethernet module image into flash memory.

System Configuration acl ✓

Controls flow of IP traffic with Access Control List of rules.

disable ✓Deactivates a configurable switch option.

enable ✓Activates a configurable switch option.

igmpsnoop ✓Prevent flooding of IP multicast traffic.

set ✓ Modifies switch configuration.

vlan ✓ Sets up virtual LANs.



217

Note Except for the upgrade commands, the syntax for the switch console commands may be abbreviated. The software recog-nizes a command when you type enough characters to uniquely identify the command. The abbreviations only apply to the commands and not any of the options. Options still need to be spelled out completely.


218

?

DescriptionDisplays a list of the switch’s commands and their command line syntax. Only those commands available for the current mode (privileged or non-privileged) are displayed.

Example for non-privileged mode6000 Switch>?Commands:--------------------------------------------? Display this messageacl Access-list configuration commandsarp Examine the address resolution tabledate Display/set datedi Display, use ’show help’ for more infodisable Disable optionsenable Enable optionsgated Enter gated user interfacehelp Display this messagehistory Display command historyifconfig Configure a network interfaceigmpsnoop Configure IGMP Snoopinglogout Logout of privileged command mode or sessionnetstat Display network protocol statisticsping Run icmp echops Display active processesset Set, use ’set help’ for more infoshow Display, use ’show help’ for more infovlan VLAN configuration commands

Example for privileged mode6000 Switch>#>?Commands:--------------------------------------------

Command See also? help


219

? Display this message

? acl arp batch bootp clear datedi diag disable enable fdb gated helphistory ifconfig igmpsnoop kill loaddefaultsloadnv logout ls netstat ping ps route savenv show upgrade upgradbootupgradee24 upgradegsupgradelueupgradewpvlan

Display this messageAccess-list configuration commandsExamine the address resolution tableExecute commands from RAMSend BOOTP/RARP requestsClear, use ’clear help’ for more infoDisplay/set dateDisplay, use ’show help’ for more infoRun diagnostic MenusDisable optionsEnable optionsAdd/Delete/Lookup FDB entriesEnter gated user interfaceDisplay this messageDisplay command historyConfigure a network interfaceConfigure IGMP SnoopingSend a signal to a processLoad factory defaults into NVRAMLoad NVRAM from the networkLog out of command mode or sessionDisplay FilesDisplay network protocol statisticsRun icmp echoDisplay active processesAdd/delete/display an ip routeUpload NVRAM to the networkSet, use ’set help’ for more infoDisplay, use ’show help’ for more infoDownload a new FLASH image and program it inDownload a new boot image and program it inDownload a new Ether FLASH image and program it inDownload a new Gig FLASH image and program it inDownload a new LUE FLASH image and program it inDownload a new Web Page and FLASH it.VLAN configuration commands


220

acl

DescriptionAn Access Control List (ACL) of rules is used to permit or deny the flow of IP traffic through the network. The rules are created based on source and destination IP addresses.

The following are the acl options 6000 Switch>#>acl ?Usage: acl add <rule_no> {permit | deny} <src> <src_wild> <dest> <dest_wild> acl modify <rule_no> {permit | deny} <src> <src_wild> <dest> <dest_wild> acl move <rule_no> to <rule_no> acl del {<rule_no> | all} acl print {rules | counters | all}Notes: A <src> is a source IP address. A <dest> is a destination IP address. A <sa_wild> is a wildcard mask for a range of source IP addresses. A <da_wild> is a wildcard mask for a range of destination IP addresses. Use ’host’ for a wildcard mask of 0.0.0.0. Use ’all’ for an address/mask pair of 0.0.0.0/255.25.255.255. A "permit all all" or a "deny all all" ends the list. An implicit "deny all all" is assumed in the absence of an end rule.Examples: acl add 4 permit 192.168.1.3 host 192.168.3.0 0.0.0.3 acl add 5 deny all all acl modify 1 deny all 192.168.3.0 0.0.0.255 acl move 2 to 4 acl del 3

acl add rule_number { permit | deny } source_address source_address_wildcard_mask destination_address destination_address_wildcard_maskThis ACL command adds a rule at a specified position in the rule list. The position must be within the range of positions of the existing rules or after the last rule of the current list, so long as the last existing rule is not an end rule. All subsequent rules (starting from the requested position) are shifted one position towards the last rule. Also, use this command to overwrite an end rule with a new end rule.

Example6000 Switch>#>acl add 1 permit all all6000 Switch>#>acl add 1 permit 192.168.1.2 host 192.168.3.2 host6000 Switch>#>acl add 2 permit 192.168.1.3 host 192.168.3.0 0.0.0.36000 Switch>#>acl add 3 permit 192.168.1.4 host all6000 Switch>#>acl add 4 permit all 192.168.3.0 0.0.0.2556000 Switch>#>acl add 5 denyall all

Commandacl option


221

acl modify rule_number { permit | deny } source_address source_address_wildcard_mask destination_address destination_address_wildcard_maskpermits modification of an existing rule at a specified position in the rule list. The position must be within the range of positions of the existing rules. This command does not allow a rule to be overwritten with an end rule unless the target rule is itself an end rule.

Example6000 Switch>#>acl modify 4 permit 192.168.3.0 0.0.0.255 ALL6000 Switch>#>acl modify 5 permit all all

acl move rule_nunber to rule_nunberpermits moving an existing rule from its current position to a new position within the rule list. The positions must be within the range of positions of the existing rules. If an end rule exists in the ACL, the end rule cannot be moved. Any other rule cannot be moved to the end rule position.

Examples6000 Switch>#>acl move 4 to 26000 Switch>#>acl move 3 to 4

acl del { rule_number | all }permits deletion of a rule at a specified position in the rule list or empties the rule list. The position must be within the range of positions of the existing rules when deleting a single rule.

Example6000 Switch>#>acl del 16000 Switch>#>acl del all


222

acl print { rules | counters | all }displays the existing list of rules, counters or both.

Example6000 Switch>#>acl print rules

Total # of entries found in the ACL = 7Total # of implicit denials reported in the ACL = 0Total # of denials reported in the ACL = 0

Example6000 Switch>#> acl print counters

Example6000 Switch>#> acl print all

Rule Action IP SA Source wildcard IP DA Dest wildcard1 Permit 192.168.1.2. host 192.168.3.2 host2 Permit 192.161.1.3 host 192.168.30 0.0.0.33 Permit 192.168.1.4 host ALL4 Permit 192.168.2.0 0.0.0.255 ALL5 Permit 192.168.2.0 0.0.0.3 192.168.3.3 host6 Permit 192.168.2.0 0.0.0.255 192.168.1.4 host7 Deny ALL ALL

Rule Action Hits

1 Permit 0000000000

2 Permit 0000000000

3 Permit 0000000000

4 Permit 0000000000

5 Permit 0000000000

6 Permit 0000000000

7 Deny 0000000000

Rule Action IP SA Source wildcard IP DA Dest wildcard1 Permit 192.168.1.2. host 192.168.3.2 host1 Hits= 00000000002 Permit 192.161.1.3 host 192.168.30 0.0.0.32 Hits= 00000000003 Permit 192.168.1.4 host ALL3 Hits= 00000000004 Permit 192.168.2.0 0.0.0.255 ALL4 Hits= 00000000005 Permit 192.168.2.0 0.0.0.3 192.168.3.3 host5 Hits= 00000000006 Permit 192.168.2.0 0.0.0.255 192.168.1.4 host6 Hits= 00000000007 Deny ALL ALL7 Hits= 0000000000


223

arp

DescriptionDisplays or modifies the contents of the switch’s Address Resolution Protocol (ARP) table. This table maps a host’s IP addresses to its associated network hardware addresses. The table is maintained automatically.

The following are the arp options:

arpdisplays arp options.

Example6000 Switch>arpUsage: arp -a arp -d { hostname | ip_address } arp -s { hostname | ip_address } hardware_address

arp -adisplays the current contents of the switch’s ARP table. Available in non-privileged mode.

Example6000 Switch>arp -a192.2.21.58 at 00:60:08:bf:4d:c9192.2.21.229 at 00:60:97:67:27:60

arp -d { hostname | ip_address }privileged command that deletes the IP address specified by ip_address from the switch’s ARP table. The IP address must be in the standard four-part, decimal-separated format. If DNS is enabled, a host name can be substituted for the IP address.

Example6000 Switch>arp -d 192.168.43.210

arp -s { hostname | ip_address } hardware_addressprivileged command that adds the specified IP-to-hardware address mapping to the ARP table. The IP address must be in the standard four-part, decimal-separated format, and the hardware-addresses must be in colon-separated hexadecimal format using IEEE canonical order (see Examples). If DNS is enabled, a host name may be substituted for the IP address

Example6000 Switch>arp -s 192.168.43.210 00:02:f4:01:23:45

Commandarp option


224

batch

DescriptionAllows the network manager to define standardized configuration information in a batch file on the server. Then with one command, the administrator can automate the configuration process.

A batch file can contain any of the valid console commands and must have the word “end” as the final statement.

The following are the batch options:

batchdisplays batch help.

Example6000 Switch>batchUsage: batch filename [server]

batch filename [ server ]downloads the file specified by filename from a specific server, then executes the contents of the file as a list of console commands. The server parameter identifies the server’s IP address and must be in the standard four-part, decimal-separated format. If DNS is enabled, a host name is also valid. The batch file is transferred to the switch with TFTP.

Command See alsobatch option set snmpmgr


225

bootp

DescriptionA privileged command used to test BOOTP/RARP or DHCP client processing for a given interface.

The following are the bootp options.

bootp helpdisplays help for the command.

Example6000 Switch>#>bootp helpUsage: bootp <interface> (Use BOOTP) bootp <interface> repeat (Use Repeated BOOTP) bootp <interface> dhcp (Use DHCP) bootp help bootp show

bootp interface

Note Only the interfaces that have been enabled for BOOTP respond to a BOOTP requests. The sw1 and et0 interfaces have BOOTP enabled by default. The IP address of the interface is not stored in NVRAM unless the response comes from Intel® Device View. Then the IP addresses are stored in NVRAM.

Example6000 Switch>#>bootp sw2Starting BOOTP and RARP on interface sw2.Sending RARP request to sw2 with address 02:51:41:10:00:09Sending BOOTP request to sw2 with address 02:51:41:10:00:09Sending RARP request to sw2 with address 02:51:41:10:00:09Sending BOOTP request to sw2 with address 02:51:41:10:00:09Sending RARP request to sw2 with address 02:51:41:10:00:0Sending BOOTP request to sw2 with address 02:51:41:10:00:09Sending RARP request to sw2 with address 02:51:41:10:00:09Sending BOOTP request to sw2 with address 02:51:41:10:00:09Sending RARP request to sw2 with address 02:51:41:10:00:09Sending BOOTP request to sw2 with address 02:51:41:10:00:09Sending RARP request to sw2 with address 02:51:41:10:00:09Sending BOOTP request to sw2 with address 02:51:41:10:00:09Sending RARP request to sw2 with address 02:51:41:10:00:09Sending BOOTP request to sw2 with address 02:51:41:10:00:09Sending RARP request to sw2 with address 02:51:41:10:00:09Sending BOOTP request to sw2 with address 02:51:41:10:00:09Sending RARP request to sw2 with address 02:51:41:10:00:09Sending BOOTP request to sw2 with address 02:51:41:10:00:09Sending RARP request to sw2 with address 02:51:41:10:00:09No BOOTP or RARP response received for sw2.

Command See alsobootp option relay. ifconfig, vlan


226

bootp interface repeatconfigures an interface for Repeated BOOTP. Repeated BOOTP re-transmits the BOOTP request 10 times at the ‘normal’ rate before backing off to a slower re-transmit interval. Repeated BOOTP never gives up.

Example6000 Switch>#>bootp sw4 repeat(NO MESSAGE)

bootp interface dhcpconfigures an interface for DHCP. The DHCP client uses several states for processing the protocol. The current state can be determined by running the show command listed below.

Example6000 Switch>#>bootp sw5 dhcp(NO MESSAGE)

If the interface has not been created, the message is"bootp_start: Could not find interface <sw5>.Use the "vlan" commands or "ifconfig sw5 create" to create a VLAN interface.Aborting BOOTP and RARP."

bootp showdisplays the current state of the BOOTP/DHCP client process.

Example

6000 Switch>#>bootp show

numClients: 5type.00 DHCPifname.00 sw1DHCP state.00 SELECTING

type.01 DHCPifname.01 sw4DHCP state.01 SELECTING

type.02 Repeated BOOTPifname.02 sw3xmitCount.02 372

type.03 BOOTPifname.03 sw2xmitCount.03 6

type.04 DHCPifname.04 et0DHCP state.04 BOUNDlease.server.ipAddr.04

172.21.3.4

lease.ourIpAddr.04 172.21.10.10lease.length.04 600lease.subnetMask.04 255.255.0.0lease.routers.04 172.21.3.4


227

This example displays five interfaces that are being dynamically configured by the BOOTP client process. The first two – sw1 and sw4 – are running DHCP and are in the Selecting state (i.e., they have not contacted any DHCP servers). The third entry is running Repeated BOOTP and has transmitted a BOOTP request 372 times. The fourth entry is running BOOTP and has transmitted 6 requests. The fifth entry is running DHCP and is in the BOUND state (i.e., this interface has been configured successfully).


228

clear

DescriptionA privileged utility that allows the counters and forwarding database to be emptied.

The following are the clear options:

clear helpdisplays help for the command.

Example6000 Switch>#>clear helpUsage: clear counters clear fdb clear fdb <VID> clear fdb IP clear sysfails

clear counterssets to zeros all the counters in the system.

Example6000 Switch>clear counters(NO MESSAGE)

clear fdbremoves all entries from the forwarding database.

Example6000 Switch>clear fdb(NO MESSAGE)

clear fdb IPremoves all IP switching entries from the forwarding database and lookup engine.

Example6000 Switch>clear fdb IP(NO MESSAGE)

clear fdb VIDclears the forwarding database for a VLAN. Independent VLAN learning mode (IVL) must be set with the fdb mode ivl command.

Example6000 Switch>clear fdb 5(NO MESSAGE)

Command See alsoclear option show fdb, show counters


229

clear sysfailsclears out error messages generated from the show sysfails commands.

Example6000 Switch>#>clear sysfailsThe system failure area has been cleared.


230

date

DescriptionDisplays or sets the system’s clock/calendar.

The following are the date options:

datedisplays the current date information.

Example6000 Switch>#>date helpUsage: date Display date and time date mm/dd/yy hh:mm Set date and time(24hr mode)example: date 5/23/95 11:43

date weekday mm/dd/yy hh:mm sets the calendar where weekday is the three-letter abbreviation for the day of the week; mm is the number of the month; dd is the two-digit date; yy is the last two digits of the year; hh is the hour; and mm is the minute. The clock is set for 24 hour mode.

Example6000 Switch>date Tue 5/23/99 11:43 AM6000 Switch>date Tue 5/01/00 13:43 PM

Commanddate option


231

di

DescriptionDisplays information about the system in both privileged and non-privileged mode.

Example6000 Switch>#>di ?

Note di is functionally equivalent to the show command. See the show command for details about the options.

Command See alsodi option show

Commands

------------------------------

show ? show communityshow counters show dnsshow fdb show help show hwversionshow lastboot show linkshow memstatsshow microtime show portshow portmirrorshow ppp show priorityshow snmpmgrshow spantreeshow stormshow sysshow sysfailsshow syslogshow temperature show treetypeshow version

Display this messageDisplay SNMP community tableDisplay port countersDisplay DNS infoDisplay Forwarding DatabaseDisplay this messageDisplay hardware revision infoDisplay last boot timeDisplay link mode of a portDisplay mbuf and malloc statsDisplay system clockDisplay port aggregationDisplay port mirroring parameters Display PPP infoDisplay 801.D/Q priority informationDisplay SNMP Manager addressesDisplay Spanning Tree infoDisplay storm control infoDisplay system configurationDisplay system failuresDisplay syslog parametersDisplay temperatureDisplay login timeout for Telnet sessionDisplay software version number


232

diag reset

DescriptionA privileged command that resets the switch. The terminal returns to the power up diagnostics screen.

Warning Only field support engineers should use the other diag-nostic commands.

Commanddiag reset


233

disable

DescriptionA privileged command that deactivates a configurable switch option and stores changes to the options in non-volatile memory.

The following are the disable options:

disable { ? | help }displays the list of disable options.

Example6000 Switch>#>disable ?Commands:--------------------------------------------

disable acldisables access control lists. (See acl for details on the Access Control List commands.)

Example6000 Switch>disable aclacl has been disabled

disable agingdisables aging of the forwarding database entries. Aging is enabled by defaultIf Independent VLAN Learning (IVL) mode is set, the command is displayed as disable aging VID, where VID is a VLAN identifier. To set the mode to Independent VLAN Learning (IVL), type fdb mode ivl.

Command See alsodisable option enable

?aclagingdnset0ipfwdhelp igmpsnoopportportmirrorpppslip spantree syslogtelnetd web

Display this messageDisable ACLDisable FDB agingDisable DNSDisable IP forward to/from et0Disable this messageDisable IGMP SnoopingDisable a portStop port mirroringDisable PPPDisable Serial Line IP (slip)Disable spanning treeDisable syslogStop the Telnet daemonStop the HTTP daemon


234

Example6000 Switch>disable agingAging disabled.

disable dnsterminates the use of the domain name server.

Example6000 Switch>disable dns(NO MESSAGE)

disable et0ipfwddisables IP forwarding to and from the management console port, identified as interface et0.

Example6000 Switch>disable et0ipfwdIP Forwarding to/from et0 disabled

disable igmpsnoopdisables IGMP Snooping. IGMP Snooping is disabled by default. When disabled, all IGMP and IP multicast traffic floods within a given VLAN.

Example6000 Switch>disable igmpsnoopigmpsnoop has been disabled.

disable port portnumterminates usage of a port.

Example6000 Switch>disable port 2(NO MESSAGE)

disable portmirrorterminates portmirroring. This option is disabled by default. See set portmirror sourceport port_number and set portmirror monitorport port_number commands

Example6000 Switch>disable portmirrorPortmirror has been disabled.

disable pppstops the current Point-to-Point Protocol (PPP) on the serial or management port on the front panel; the serial port can now be used for a direct-connect terminal console. PPP is disabled on the serial port by default.

Example6000 Switch>disable ppp(NO MESSAGE)


235

disable slipdisables Serial Line IP (SLIP) control of the serial or management port on the front panel; the serial port can now be used for a direct-connect terminal console. SLIP is disabled on the serial port by default.

Example6000 Switch>disable slip(NO MESSAGE)

disable spantreedeactivates the Spanning Tree Protocol. The protocol is disabled by default.

Example6000 Switch>disable spantreeSpanning Tree disabled.

disable syslogdisables output to the system log. The syslog command is disabled by default.

Example6000 Switch>disable syslog(NO MESSAGE)

disable telnetddisables the Telnet daemon; the switch refuses subsequent Telnet connection attempts. The Telnet daemon is enabled by default.

Example6000 Switch>disable telnetd(NO MESSAGE)

disable webprivileged command disables the HTTP daemon.

Example6000 Switch>disable web(NO MESSAGE)


236

enable

DescriptionA privileged command that activates a configurable switch option and stores changes to the options in non-volatile memory.

The following are the enable options:

enable { ? | help }displays the list of enable options.

Example6000 Switch>#>enable ?

Commands:--------------------------------------------

enable aclenables access control list. (See acl for details on the Access Control List commands.)

Example6000 Switch>enable aclacl has been enabled.

Command See alsoenable option disable

? aclaging dnset0ipfwdhelp igmpsnoopportportmirrorpppslip spantree syslogtelnetd web

Display this messageEnable ACLEnable FDB agingEnable DNSEnable IP forward to/from et0Display this messageEnable IGMP SnoopingEnable a portStart port mirroringEnable PPPEnable Serial Line IP (slip)Enable spanning treeEnable syslogStart the Telnet daemonStart the HTTP daemon


237

enable aging enables aging of the forwarding database entries. This option is enabled by default. See the set agingtime command to set the number of seconds for the age time. The default aging time is 300 seconds. If Independent VLAN Learning (IVL) mode is set, the command is displayed as enable aging VID, where VID is a VLAN identifier. To set the mode to Independent VLAN Learning (IVL), type fdb mode ivl.

Example6000 Switch>#>enable agingAging enabled with an age time of 300 seconds.

6000 Switch>#>fdb mode ivl6000 Switch>#>enable aging Aging enabled with an age time of 300 seconds.

enable dnsPrivileged command that activates the use of the DNS domain name. (See set dns primary ip_address.)

Example6000 Switch>set dns primary 192.2.2.1226000 Switch>enable dns

enable et0ipfwdenables IP forwarding to/from the management console port, identified as interface et0.

Example6000 Switch>enable et0ipfwd6000 Switch>IP Forwarding to/from et0 enabled

enable igmpsnoopenables IGMP Snooping. IGMP Snooping is disabled by default. When disabled, all IGMP and IP multicast traffic floods within a given VLAN.

Example6000 Switch>#>enable igmpsnoopUnable to enable IGMP Snooping: FDB is in SVL mode.

6000 Switch>#>enable igmpsnoopigmpsnoop has been enabled


238

enable port port_numberany port can be configured as up (active and allowing data to pass) or down (inactive with no data transmission or reception). All ports are enabled by default.

Example6000 Switch>enable port 8(NO MESSAGE)

enable portmirrorstarts portmirroring. This option is disabled by default. See set portmirror sourceport port_number and set portmirror monitorport port_number commands

Example6000 Switch>enable portmirrorPortmirror has been enabled.

enable pppactivates the Point-to-Point Protocol (PPP) control of the serial or management port on the CP for out-of-band management. PPP connections provide network access through the serial port. The command console is not available on the serial port while PPP is active; only Telnet control is available. This option is disabled by default. The serial interface using PPP is identified by the interface ppp0.

Example6000 Switch>enable pppDid you ifconfig ppp0 yet? y

enable slipactivates Serial Line IP (SLIP) control of the serial or management port on the CP for out-of-band management. SLIP connections provide network access through the serial port. The command console is not available on the serial port while SLIP is active; only Telnet control is available. This option is disabled by default. The serial interface using SLIP is identified by the interface sl0.

Example6000 Switch>enable slipDid you ifconfig sl0 yet? y

enable spantreeactivates the Spanning Tree Protocol. The Spanning Tree Protocol is disabled by default.

Example6000 Switch>enable spantreeSpanning tree enabled.


239

enable syslog ip_addressenables output to the system log. Syslog is disabled by default.

Example6000 Switch>enable syslog(NO MESSAGE)

enable telnetdenables the Telnet daemon, allowing the switch to accept Telnet connection attempts. This option is enabled by default.

Example6000 Switch>enable telnetd(NO MESSAGE)

enable webprivileged command that enables the HTTP daemon. This option is enabled by default.

Example6000 Switch>enable web{NO MESSAGE}


240

fdb

DescriptionPrivileged command that supports manual deletion, addition and lookup of MAC addresses.

The following are the fdb command options:

fdb { ? | help }lists the available fdb options.

Example6000 Switch>fdb ?Usage: fdb add {VID} <mac> <port> fdb del {VID} <mac> fdb lookup {VID} <mac> fdb mode {IVL | SVL}Note: <mac> format is aa:bb:cc:dd:ee:ff IVL is Independent VLAN Learning FDB mode SVL is Shared VLAN Learning FDB mode

fdb add { VID } mac port Adds a MAC addresses to the FDB. If Independent VLAN (IVL) mode is set, then a MAC address can be added to a VLAN forwarding database.

Example6000 Switch>#>fdb add 08:00:07:4e:56:70 3 address 08:00:07:4e:56:70 added on port 3

fdb del { VID } macDeletes a MAC address from the forwarding database. If Independent VLAN Learning (IVL) mode is set, then a MAC address can be deleted from a VLAN forwarding database.

Example6000 Switch>#>fdb del 08:00:07:4e:56:70 address 08:00:07:4e:56:70 removed

fdb lookup { VID } macLook up a MAC address in the forwarding database.If Independent VLAN Learning (IVL) mode is set, then look up of a VLAN MAC address is available.

Example6000 Switch>#>fdb lookup 08:00:07:4e:56:70 08:00:07:4e:56:70 Found on Port 3

Commandfdb option


241

fdb mode { ivl | svl }sets the mode of the forwarding database. IVL is Independent VLAN Learning mode. When in IVL mode, there is one forwarding database for each VLAN.SVL is Shared VLAN Learning mode. When in SVL mode, there is one forwarding database shared by all VLANs.

Example6000 Switch>#>fdb mode svlfdb mode set to SVL (Shared VLAN Learning)

6000 Switch>#>fdb mode ivlfdb mode set to IVL (Independent VLAN Learning)


242

gated

The Gated Routing Daemon or GateD1 is included with the switch to manage IP routing protocols. GateD is enabled by default.

See Appendix B, GateD Reference, for a comprehensive list of all of the GateD commands. Privileged mode is required to configure GateD. Example6000 Switch>#>gated helpavailable gated commands---------------------------

Commandgated option

1.©1995, 1996, 1997, 1998 The Regents of the University of MichiganAll Rights Reserved.

Gate Daemon was originated and developed through release 3.0by Cornell University and its collaborators.

<sub-comp>activateaddaliasactconfigdeletedisplayendexithelphistoryrestartsaveset

- change to the subcomponent- activate new config- add a subcomponent- set up or display simple aliases- activate new config- enter gated config mode- delete a subcomponent- display content of attr or comp- end the config mode- exit from gated UI- help on cmd, comp, attr- show history of commands- restart gated with the current configuration- save the current config in NVRAM- set/reset/unset an attribute


243

help

DescriptionDisplays the switch commands. Typing an individual command with help displays the available options. Only those commands available for the current mode (privileged or non-privileged) are displayed

Example6000 Switch>#>helpCommands:--------------------------------------------? Display this messagearp Examine the address resolution tablebatch Execute commands from rambootp Send bootp/rarp requestsclear Clear, use ‘clear help’ for more infodate Display/set datedi Display, use ‘show help’ for more infodiag Run diagnostic menusdisable Disable optionsenable Enable optionsfdb Add/Delete/Lookup FDB entriesgated Enter gated user interfacehelp Display this messagehistory Display command historyifconfig Configure a network interfacels Display Fileslogout Logout of privileged command mode or Sessionnetstat Display network protocol statisticsping Run icmp echops Display active processesset Set, use ‘set help’ for more infoshow Display, use ‘show help’ for more infovlan VLAN configuration commandsweb Start the HTTP daemon

Example6000 Switch>#>fdb helpUsage: fdb add {VID} <mac> <port> fdb del {VID} <mac> fdb lookup {VID} <mac> fdb mode {IVL | SVL}Note: <mac> format is aa:bb:cc:dd:ee:ff IVL is Independent VLAN Learning FDB mode SVL is Shared VLAN Learning FDB mode

Command See alsohelp ?


244

history

DescriptionDisplays the contents of the command history buffer for the current session, identifying each command with a reference number. Use history command with the ! event identifier to shorten command-line entry.

Example6000 Switch>#>history 2 history 3 ifconfig -a 4 help 5 set priv 6 kill ? 7 show ? 8 show temperature 9 show sysfails 10 show sys 11 show sys 12 show lastboot 13 clear ? 14 di ? 15 history

Command See alsohistory Command Line Editing


245

ifconfig

DescriptionControls a network interface. Enter all IP addresses and mask values in standard four-part, decimal-separated format (e.g.,192.2.2.1.). The values for interface include the following:

Note All ifconfig commands are privileged except ifconfig -a.

The following are the ifconfig options:

ifconfig displays ifconfig options.

Example6000 Switch> ifconfigUsage: ifconfig -a ifconfig <interface> <address> ifconfig <interface> up | down ifconfig <interface> {create | delete} ifconfig <interface> netmask <mask> ifconfig <interface> broadcast <broad_addr> ifconfig <interface> netmask <netmask> broadcast <broad_addr> ifconfig <interface> <address> netmask <netmask> ifconfig <interface> <address> broadcast <broad_addr> ifconfig <interface> <address> netmask <netmask> broadcast <broad_addr> ifconfig <interface> <srcaddr> <dstaddr>

ifconfig -adisplays all information about all network interfaces available. This includes the interface state, IP address, netmask, broadcast address, and counter values.

Commandifconfig option

et0 RJ-45 Ethernet/Fast Ethernet Connector on the active CP module.

sl0 Serial interface using SLIP.

ppp0 Serial interface using PPP.

sw1-sw4093

In-band through the switched ports. sw_number interfaces are assigned for each VLAN configured to use IP.


246

Example6000 Switch>ifconfig -aet0: flags=8063<UP,BROADCAST,MULTICAST,RUNNING> inet 192.16.3.10 netmask 255.255.240.0 broadcast 192.16.15.255 ether 02:51:41:17:00:00 InPackets 1864 InErrors 0 OutPackets 1 OutErrors 0lo0: flags=8009<UP,LOOPBACK,MULTICAST> inet 127.0.0.1 netmask 255.0.0.0 InPackets 0 InErrors 0 OutPackets 0 OutErrors 0ppp0: flags=8010<DOWN,POINTOPOINT,MULTICAST> InPackets 0 InErrors 0 OutPackets 0 OutErrors 0sl0: flags=c010<DOWN,POINTOPOINT,MULTICAST> InPackets 0 InErrors 0 OutPackets 0 OutErrors 0sw1 [VLAN 1]: flags=8063<UP,BROADCAST,MULTICAST,RUNNING> inet 1.1.1.1 netmask 255.0.0.0 broadcast 1.255.255.255 ether 02:51:41:17:00:08 InPackets 56 InErrors 0 OutPackets 4 OutErrors 0sw2 [VLAN 2]: flags=8063<UP,BROADCAST,MULTICAST,RUNNING> inet 2.2.2.2 netmask 255.0.0.0 broadcast 2.255.255.255 ether 02:51:41:17:00:09 InPackets 57 InErrors 0 OutPackets 4 OutErrors 0sw3 [VLAN 3]: flags=8063<UP,BROADCAST,MULTICAST,RUNNING> inet 3.3.3.3 netmask 255.0.0.0 broadcast 3.255.255.255 ether 02:51:41:17:00:0a InPackets 0 InErrors 0 OutPackets 1 OutErrors sw4 [VLAN 4]: flags=8063<UP,BROADCAST,MULTICAST,RUNNING> inet 4.4.4.4 netmask 255.0.0.0 broadcast 4.255.255.255 ether 02:51:41:17:00:0b InPackets 57 InErrors 0 OutPackets 4 OutErrors sw5 [VLAN 5]: flags=8063<UP,BROADCAST,MULTICAST,RUNNING> inet 5.5.5.5 netmask 255.0.0.0 broadcast 5.255.255.255 ether 02:51:41:17:00:0c InPackets 56 InErrors 0 OutPackets 4 OutErrors 0sw6 [VLAN 6]: flags=8063<UP,BROADCAST,MULTICAST,RUNNING> inet 6.6.6.6 netmask 255.0.0.0 broadcast 6.255.255.255 ether 02:51:41:17:00:0d InPackets 0 InErrors 0 OutPackets 1 OutErrorssw7 [VLAN 7]: flags=8063<UP,BROADCAST,MULTICAST,RUNNING> inet 7.7.7.7 netmask 255.0.0.0 broadcast 7.255.255.255 ether 02:51:41:17:00:0e InPackets 56 InErrors 0 OutPackets 4 OutErrors sw8 [VLAN 8]: flags=8063<UP,BROADCAST,MULTICAST,RUNNING> inet 8.8.8.8 netmask 255.0.0.0 broadcast 8.255.255.255 ether 02:51:41:17:00:0f InPackets 57 InErrors 0 OutPackets 4 OutErrors

ifconfig interface create | deleteCreates a network interface without any IP addresses information assigned. The interface is assigned an sw_number only. The VLAN identified by the sw_number is created, but no ports are assigned. Use also to delete an interface.

Example6000 Switch>#>ifconfig sw1 create


247

ifconfig interface ip_address [ dest_address ]configures the specified IP address for the interface specified by interface. For the point-to-point SLIP or PPP interface, the destination address is specified by dest_address and is required.

Example Setting the point-to-point addresses for the SLIP interface:6000 Switch>ifconfig sl0 192.2.2.131 192.2.2.132

ifconfig interface { up | down }changes the state of the interface specified. If the state is up, the interface is enabled and can send and receive network traffic. If the state is down, the specified interface is disabled and will not send or receive network traffic.

ifconfig interface [netmask netmask ] [broadcast broadcast_address ] sets the network address mask to netmask and the broadcast address to broadcast_address for the interface specified by interface.

ifconfig interface ip_address netmask netmask broadcast broadcast_addresschanges all address information for the interface, setting the address to ip_address, and the network address mask to netmask, and the broadcast address to broadcast_address for the interface specified by interface.

Example Setting a network address mask and a broadcast address for the switch.6000 Switch>ifconfig sw0 netmask 255.255.255.0 broadcast 192.2.2.255

ifconfig ppp0 deleteremoves any IP address information from ppp0. The interface is marked as being down.

ifconfig sl0 deleteremoves any IP address information from sl0. The interface is marked as being down.


248

ifconfig et0 deleteremoves any IP address information from the management port, et0. The interface is marked as being down.

Note ifconfig adjusts the network address mask and broadcast address according to the IP address specified. Therefore, you do not need to provide a mask or broadcast address when set-ting the IP address unless you are using subnetworks. If you are using subnetworks, you must set the network address mask and broadcast address at the same time or after changing the IP address. If ifconfig changes an existing IP address to a new IP address with a different network class, then you must set the network address mask after changing the IP address.


249

igmpsnoop

DescriptionA privileged command used to reduce the flooding of IP multicast traffic. All configurations are saved in the NVRAM immediately.

The following are the igmpsnoop options

igmpsnoop helpdisplays the command options.

Example6000 Switch>#>igmpsnoop helpUsage: igmpsnoop port{s} <port list> control mode {normal | fixed | forbid} VID <ID> igmpsnoop port{s} <port list> group {<ip addr> | all} mode {normal | fixed | forbid} VID <ID> igmpsnoop port {control | data} reset {VID <ID> | all} igmpsnoop {set | print} agetime {<value (secs)>} igmpsnoop print {config} {VID <ID> | all}Notes: A <port list> is a list of port numbers such as 1 2 3 4. Use ’igmpsnoop {control | data} reset’ to reset ports on all slots to normal mode. Use ’igmpsnoop print {VID <ID> | all} for listing of active multicast groups.Examples: igmpsnoop port 5 control mode fixed VID 2 igmpsnoop port 4 control mode normal VID 1 igmpsnoop port 1 2 group all mode forbid VID 1 igmpsnoop port 4 6 group 239.1.1.1 mode fixed VID 3 igmpsnoop port data reset all igmpsnoop set agetime 500 igmpsnoop print config VID 3

igmpsnoop print alligmpsnoop port(s) port_list control mode { normal | fixed | forbid } VID ID used to manually configure a router port as a control port for IGMP Snooping. A control port can be set to one of three modesnormalThe default mode of a port is “normal.” When the control port is set to “normal” mode, the switch automatically determines if a port has a control element (i.e., switch with IGMP Snooping or router).fixedWhen auto discovery does not identify a router port, then it must be configured to the “fixed” mode. IGMP Snooping forwards host membership reports only on the router ports

Commandigmp options


250

forbidThe “forbid” mode excludes the port as a multicast router port.

igmpsnoop port(s) port_list group { ip_group | all } mode { normal | fixed | forbid } VID IDused to recognize interested member ports and creates a separate broadcast domain for each multicast group.

Example6000 switch>#>igmpsnoop ports 1 2 3 group 239.147.6.99 mode fixed VID 1

Port 1, 2, 3 are included as members of IP multicast group 239.147.6.99 even when an IGMP membership report for the group has not been received on those ports.

6000 switch>#>igmpsnoop ports 1 2 3 group all mode forbid VID If the forbid keyword is substituted in the above command, ports 1, 2, and 3 are excluded from IP multicast group even though the system has received an IGMP membership report for the same group from those ports. This is a security feature to disallow an end station from participating in a particular multicast session. Instead of a particular IP multicast group, the all keyword implies all IP multicast groups.

igmpsnoop port { control | data } reset { VID ID | all }resets the ports to normal mode.

Example

To reset all control ports on VID 1 to normal mode.6000 switch>#>igmpsnoop port control reset VID 1

To reset all data ports in the system (all VLANs) to normal mode.6000 switch>#>igmpsnoop port data reset all

igmpsnoop { set | print } agetime { value (secs) }set or display the aging time used to specify the time acceptable (in seconds) between IGMP queries since the switch last received an IGMP query from the multicast server. the range is from 330 to 500 seconds. The default is 330 seconds.

ExampleSets the agetime.6000 switch>#>igmpsnoop set agetime 350 Displays the previous configured aging value.6000 switch>#>igmpsnoop print agetime


251

igmpsnoop print { config } { VID ID | all }displays the port configuration either for an individual VLAN or for all of the ports.

Example

Displays the configuration for all ports on an individual VLAN 6000 switch>#>igmpsnoop print config VID 1

Displays the configured ports for all VLAN in the system.6000 switch>#>igmpsnoop print config all

igmpsnoop print { all | VID ID }displays all VLANs that have active multicast sessions.

Example

The MAC address column displays the on-going multicast group(s) for the VLAN. The IP address column indicates that IGMP Snooping saw these two IP addresses mapped into the same MAC address. However, IGMP Snooping can not differentiate which port belongs to which IP multicast group.6000 switch>#>igmpsnoop print allVID MAC Address IP Address(es) Port(s)

2 0x01-00-5e-13-06-63 239.147.6.99225.19.6.99

1, 2, 6, 7

2 0x01-00-5e-00-00-01 239.0.0.1 1, 5

5 0x01-00-5e-00-01-02 225.0.1.2 10, 15, 18, 20

8 0x01-00-5e-00-05-03 238.0.5.3 54,67,72


252

kill

DescriptionA privileged command used to kill processes. The following are the valid signals:

1 equivalent to SIGHUP - hang-up a process

2 equivalent to SIGINT - interrupts a process

3 equivalent to SIGKILL - kills a process

All signals terminate the specified process.

Example6000 Switch>#>ps (displays the processes that are running)

6000 Switch>#>kill 3 5 (kills pid number 5 the telnet process)

Command See alsokill signal pid ps

pid name Status wakeups stack usage wait address

012345

KernelcalloutconsoletelntdxsnmpdTelnet05

ReadySleepingSleepingRunningRunningRunning

021100222435

116070440836811041240

0x800be3000x80148c100x800fb3ae0x800faf38


253

loaddefaults

A privileged command that is used to reload non-volatile RAM to the factory default settings. This includes loading the default VLAN configuration.

Warning This command takes effect immediately. To save newconfiguration information, use the savenv commandprior to using loaddefaults. See the savenv command.

Example6000 Switch>#>loaddefaultsDo you really want to load the factory defaults? (y/n)y..........Loading Factory Defaults ..........

Commandloaddefaults


254

loadnv

DescriptionA privileged command that is used to restore the non-volatile RAM contents. The command checks that the version of the non-volatile RAM is the same as the version in the file before it restores the non-volatile RAM.

The following is the loadnv option:

loadnv [path] {ip_address_of_tftp_server | hostname_of_tftp_ server}

Use the path argument only if you have saved the NVRAM file in a directory other than the TFTP server’s root directory. The filename on the server is the IP address of the switch in uppercase hex format, i.e., C0020201.

Example6000 Switch>#>loadnv 192.2.21Using RAM address 80181638Loading C002023F to nvram/done

Command See alsoloadnv savenv


255

logout

DescriptionThe logout command is used to return to non-privileged mode from privileged mode. A password is needed to activate another console or Telnet session. In non-privileged mode, type set priv to access a password prompt.

ExamplePASSWORD: 6000 Switch>set privENTER PASSWORD:6000 Switch>#>6000 Switch>#>logout6000 Switch>

Commandlogout


256

ls

DescriptionPrivileged command that displays all of the files associated with the Web Device Manager.

Note The enable web command must be activated before the ls command displays the files.

Example6000 Switch>#>lsffileName = nvram.nvr, size = 2fileName = xint_msg.txt, size = 2381fileName = vlan.htm, size = 226fileName = arp.htm, size = 232fileName = contents.htm, size = 14192fileName = date_time.htm, size = 12071fileName = empty_foot.htm, size = 177

Commandls


257

netstat

DescriptionDisplays the specified network protocol statistics and routing information.

The following are the netstat options:

netstat [tcp | udp | ip | icmp | igmp | igmpsnoop | mbuf | tftp | routes] displays the list of currently active network connections.

Example6000 Switch>netstat

netstat tcpdisplays statistics for the Transmission Control Protocol.

Command See alsonetstat option route

Active Internet connections (including servers)

Proto Recv-Q Send-Q Local address Foreign address (state)

tcp 0 3 192.2.2.222:23 192.2.2.211:1301 ESTABISHED

tcp 0 0 *.:23 *.:0 LISTEN

tcp 0 0 *.:80 *.:0 LISTEN

utp 0 0 *.:161 *.:0

utp 0 0 *.:1024 *.:0


258

Example6000 Switch>netstat tcptcp:

netstat udpdisplays statistics for the User Datagram Protocol.

Example6000 Switch>netstat udpudp:0 incomplete headers0 bad data length fields13 bad checksums0 socket overflows0 no such ports

netstat ipdisplays statistics for the Internet Protocol.

Example6000 Switch>netstat ipip:15535 total packets received1 bad header checksum0 with size smaller than minimum0 with data size < data length0 with header length < data size0 with data length < header length

845 data packets (37362 bytes)0 data packets (0 bytes) retransmitted17 ack-only packets (8 delayed)0 URG only packets0 window probe packets0 window update packets4 control packets1342 packets received853 acks (for 37370 bytes)4 duplicate acks0 acks for unsent data746 packets (869 bytes) received in-sequence0 completely duplicate packets (0 bytes)0 packets with some dup. data (0 bytes duped)0 out-of-order packets (0 bytes)0 packets (0 bytes) of data after window0 window probes0 window update packets0 packets received after close0 discarded for bad checksums0 discarded for bad header offset fields0 discarded because packet too short0 connection requests5 connection accepts5 connections established (including accepts)4 connections closed (including 0 drops)0 embryonic connections dropped847 segments updated rtt (of 848 attempts)0 retransmit timeouts0 connections dropped by rexmit timeout0 persist timeouts0 keepalive timeouts


259

0 fragments received0 fragments dropped (dup or out of space)0 fragments dropped after timeout0 packets forwarded2527 packets not forwardable0 redirects sent

netstat icmpdisplays statistics for the Internet Control Message Protocol.

Example6000 Switch>netstat icmpicmp:0 calls to icmp_error0 errors not generated ‘cuz old message was icmp0 messages with bad code fields0 messages < minimum length0 bad checksums0 messages with bad length0 message responses generated

netstat igmpdisplays counters for the Internet Group Management Protocol.

Example6000 Switch>netstat igmpsnoop0 Messages received0 Messages received with too few bytes0 Members queries received 0 Membership queries received with invalid field(s)0 Membership reports received0 Membership reports received with invalid fields(s)0 Membership reports received for groups to which we belong0 Membership reports sent

netstat igmpsnoopdisplays IGMP Snooping statistics.

Example6000 Switch>#>netstat igmpsnoop 0 IGMP frames received 0 membership queries received 0 membership reports received 0 membership leaves received 0 membership queries dropped because port(s) in forbidden state 0 membership reports dropped because port(s) in forbidden state 0 membership leaves dropped because port(s) in forbidden state 0 membership queries forwarded to VLAN ports 0 membership reports forwarded to VLAN ports 0 membership leaves forwarded to VLAN ports 32 membership queries generated and sent 44 membership queries dropped because VLAN interface(s) is not set 0 membership reports dropped because VLAN interface(s) is not set 0 membership leaves dropped because VLAN interface(s) is not set


260

netstat mbufdisplays how many memory buffers are in use.

Example6000 Switch>netstat mbuf3 out of 384 mbufs in use3 mbufs allocated to protocol control blocks0/80 extended mbufs in use0 requests for memory denied0 requests for memory delayed0 call to protocol drain routines

netstat tftpdisplays counters for the Trivial File Transfer Protocol.

Example6000 Switch>netstat tftptftp:tftp put stats:

0 blocks rcvd0 puts finished OK

tftp get stats:0 blocks_rcvds0 acks sent0 timeouts0 blocks out of sequence

0 gets finished OK

netstat routesdisplays the contents of the system’s routing table.

Example6000 Switch>netstat routesRouting tables

Internet:

Destination Gateway Flags Refs Use Interface

127.0.0.1 127.0.0.1 UH 0 0 lo0

192.21 link# UC 0 0 sw0

192.2.2.26 00:60:97:67:24:7F UHL 1 14928 sw0


261

ping

DescriptionTests connectivity between the switch and another node. Successful completion of a ping request indicates that the IP levels of each node are able to communicate with each other. This verifies correct operation of the network interface, interface address information, and any routing entries needed to get to the destination node.

For each packet sent, ping prints a status message showing the size of the packet, its destination IP address, and a sequence number. When the specified number of packets have been sent (or when you stop ping with control-c [^C]), ping displays a summary of the results.

The following are the ping options:

ping [ help ]displays the command options.

Example6000 Switch>#>ping helpUsage: ping [-s] {ip_address | hostname} [size] [cnt] ^C to stop pinger.

ping ip_address | hostname sends one ICMP echo request packet to the node with the IP addresse specified by ip_address or hostname. A host name can be substituted for an IP address, if DNS is enabled.

Example6000 Switch>ping 192.2.2.1 64 10PING 192.2.2.1: 64 data bytes72 bytes from 192.168.2.1: icmp_seq=0. 72 bytes from 192.168.2.1: icmp_seq=1. 72 bytes from 192.168.2.1: icmp_seq=2. 72 bytes from 192.168.2.1: icmp_seq=3.

----192.168.2.1 PING Statistics----10 packets transmitted, 10 packets received, 0% packet loss

ping -s ip_address | hostnamecontinuously sends echo request packets at one second intervals. Enter a control-c (^C) to stop ping execution. A host name can be substituted for an IP address, if DNS is enabled.

Command See alsoping option ifconfig, route, netstat, vlan


262

ping ip_address | hostname sizechanges the byte size, specified by size, of the echo request packet payload. The total packet size will be eight bytes larger than size. A host name can be substituted for an IP address, if DNS is enabled.

ping ip_address | hostname size count specifies the number of packets to send. If count is used, then size must also be present. The -s option overrides the count parameter. A host name can be substituted for an IP address, if DNS is enabled.


263

ps

DescriptionPrivileged command that displays the current status of all the active processes in the switch’s multitasking operating system.

The following are the ps options:

ps displays all process information.

Example6000 Switch>#>ps

ps -sdisplays information about the stack space allocated to each process.

Example6000 Switch>ps -s

Commandps option

pid name Status wakeups stack usage wait address

012345


ReadySleepingSleepingSleepingSleepingRunning

021100222435

116070440836811041240

0x800be3000x80148c100x800fb3ae0x800faf38

pid name status pgroup stack usage stack base size

0123456

KernelcalloutConsoletelnet03httpdtelnetdxsnmp

ReadySleepingSleepingSleepingSleepingSleepingSleeping

0023450

1848106465615688406441320

0x80fffff00x80f813f00x80f82bf00x80f8a7f00x80f84ff00x80f863f00x80f893f0

40965120614451206144512012288


264

ps -pdisplays extended process information.

Example6000 Switch>ps -p

ps -idisplays information about signals pending, ignored, and blocked.

Example6000 Switch>ps -i

pid name status pc pblk address current sp

012345


ReadySleepingSleepingSleepingSleepingRunning

0x80000f240x80000f240x80000f240x80000f240x80000f240x80000f24

0x80119ee00x8011a5000x8011ab200x8011b1400x8011b7600x8011bd80

0x801fff500x801ff3700x801fe7300x801fcdc80x801fcdc80x801fc238

pid name pgroup pending ignored block

012345


002305

0x00000000 0x000000000x000000000x000000000x000000000x00000000

0xffffffff0xffffffff0xffffffff0xfffffffc0xffffffff0xffffffff

0x000000000x000000000x000000000x000000000x000000000x00000000


265

relay

DescriptionPrivileged command that is used to transfer BOOTP messages between clients and servers.

A BOOTP relay agent enables the switch to pass BOOTP and DHCP broadcast messages from one subnet to another. To support and use BOOTP and DHCP service across multiple subnets, routers connecting each subnet must comply with BOOTP relay agent capabilities described in RFC 1542. To be compliant with RFC 1542 and provide relay agent support, the switch must be able to recognize BOOTP and DHCP protocol messages and process (relay) them appropriately. Because DHCP uses the same message structure and the same UDP port numbers (ports 67 and 68) as BOOTP, routers intercept DHCP messages as BOOTP messages and act on them in the same way.

The following are the relay options

relay helpdisplays command options.

Example6000 Switch>#>relayUsage: relay ? relay help relay disable relay enable relay maxHops <count> relay server {add | del} {<ipAddr> | all} relay showNotes: <count> is 1-16 with a default of 4. A maximum of 8 server <ipAddr> may be <add>ed. <all> is only valid with <del>.

relay disableused to disable the relay agent.

Example6000 Switch>#>relay disablerelay has been disabled

Commandrelay option


266

relay enableused to enable the relay agent.

Example6000 Switch>#>relay enablerelay has been enabled

relay maxHops countused to specify the maximum number of hops (or routers) between the switch and the destination server. If the hops count of a BOOTREQUEST message is greater than the maxHops setting, the message is discarded.

Example6000 Switch>#>relay maxHops 10

relay server { add | del } { ip_address | all }used to add/delete the relay destination server IP address. Up to eight servers can be defined.

Examples6000 Switch>#>relay server add 172.21.2.1436000 Switch>#>relay server del 172.21.2.1436000 Switch>#>relay server del all

relay showdisplays the BOOTP Relay Agent configuration.

Example6000 Switch>#>relay show

BOOTP/DHCP Relay : DisabledDiscard Threshold : 10 HopsServer List : 0.0.0.0 : 0.0.0.0 : 0.0.0.0 : 0.0.0.0 : 0.0.0.0 : 0.0.0.0 : 0.0.0.0 : 0.0.0.0

The show sys command also displays whether the agent is enabled or disabled.


267

route

Description: Privileged command that manipulates information in the IP routing table. The routing table specifies a path to network nodes not directly attached to the switch.

route [ help | ? ]displays help for the command.

Example6000 Switch>#>route helpUsage: route add <dst> <gateway> route add <dst> netmask <mask> <gateway> route add default <gateway> route delete default route delete <dst> netmask <mask> route display

route add destination netmask [ netmask ] gateway adds an IP route, where destination is the address of the remote host and gateway is the address of an intermediate host, a router, or a computer with routing capabilities. The intermediate host will be the first (and possibly only) step in forwarding packets sent from the switch to the remote host. Specify all IP addresses in standard four-part, decimal-separated format.It is possible to assign a generic route. This allows the switch to send packets destined to any node on the specified subnetwork through the given gateway. The destination parameter specifies the IP addresss, in dotted-decimal notation, of the subnetwork with the host portion of the address set to 0. The remaining parameters are the same as above.

Example6000 Switch>#>route add 192.1.1.0 192.1.1.124 1(NO MESSAGE)

route add destination netmask mask gatewayadds a non-standard netmask address, where destination is the IP address of the remote host, and gateway is the address of an intermediate host, a router, or a computer with routing capabilities.

Example6000 Switch>#>route add 198.139.158.55 netmask 255.255.255.224 198.139.158.32(NO MESSAGE)

Command See alsoroute option netstat


268

route add default gateway adds a generic default route as the destination address when invoking the route command. The routing table lists the IP address of the default route as 0.0.0.0.

Example6000 Switch>#>route add default 192.1.1.0 (NO MESSAGE)

route delete { destination | default }deletes a route.

Example6000 Switch>#>route delete 192.1.1.0 (NO MESSAGE)


269

savenv

DescriptionA privileged command that is used to back up the non-volatile RAM configuration.

The following is the savenv option:

savenv [ path ] ip_address_of_tftp_server | hostname_of_tftp_server

Use the path argument only to save the NVRAM to a file in a directory other than the default directory “/tftpboot”. The file name is the IP address of the switch in uppercase hex format.

Example6000 Switch>#>savenv 192.2.2.144Using remote filename = C002023F-done6000 Switch>#>

Command See alsosavenv loadnv


270

set

DescriptionPrivileged command that modifies the switch’s configuration options.

The following are the set options:

set { ? | help }displays the list of set options.

Example6000 Switch>#>set help

set agingtime { VID } timenon-privileged command that changes the forwarding database aging time to the number of seconds specified by value (10 to 32,767 seconds). The current aging time value can be seen through the show fdb or show sys command. If Independent VLAN Learning (IVL) mode is set, the command is displayed as set agingtime VID time, where VID is a VLAN identifier. To set the mode to Independent VLAN Learning (IVL), type fdb mode ivl.

Command See alsoset option show

Commands:--------------------------------------------

set ? set agingtimeset baudset communityset dnsset help set linkset passwdbasicset passwdprivset portmirrorset pppset priorityset priv set privpasswdset promptset snmpmgrset snmpSecurityLevelset spantreeset stormset syslogset timeout

Display this messageSet FDB aging timeSet baud rateSet SNMP community stringsSet dns featuresDisplay this messageSets operating mode of a portSet a new basic user passwordSet a new privileged passwordset port mirroring parametersSet PPP optionsSet 802.1D/Q priority parametersSet priviledge mode for executing debug commandsSet a new priv passwordSet promptSet IP address of SNMP ManagersSet security level of SNMPSets Spanning Tree protocolSet broadcast/multicast storm control parametersSet syslog featuresSet login timeout for telnet session


271

Example6000 Switch>set agingtime 300(NO MESSAGE)

set baud [600 | 1200 | 2400 | 4800 | 9600 | 19200 | 38400]changes the serial port’s baud rate to the given baud rate.

Example6000 Switch>set baud 9600System RS-232 baud rate set

set community community_number string [get] [set] [trap]sets the SNMP community string for read-write access to the SNMP MIBs.

Example6000 Switch>#>set community 2 private get set trap

set dnsprivileged command that sets dns features.

set dns domain domain_namesets the DNS default domain. The switch supports a default domain name of up to 64 characters. To clear the DNS default domain, use the command without the domain_name.

Example6000 Switch>set dns domain xyz.com

set dns primary ip_address sets the IP address of the primary DNS server. Must be set before you can execute the enable DNS command. To clear the DNS primary server, use the set dns primary command without the IP address of the server.

Example6000 Switch>set dns primary 192.2.2.150

Community Number

Community String

Permissions

1 Public GET

2 Private SET

3 Trap GET, SET


272

set dns backup ip_addresssets a backup DNS server if the primary DNS server is unavailable. It is optional to set a backup DNS server.

Example6000 Switch>set dns backup 192.2.2.111

To clear the backup DNS server, use the set dns command without the IP address of the backup server.

Example6000 Switch>set dns backup

set linksets the operating mode of a port.

set link port_number [autoneg | noautoneg] enables or disables auto-negotiation from a Gigabit Ethernet port. Auto-negotiation is on by default.

set link port_number {[autoneg | noautoneg] [100 | 10 ] [full | half ] defaults]}

sets the speed and duplex of the ports on the 10/100 module. The link configuration is stored in non-volatile memory. (See show link to display the current state of the link.)The port_number is one of the 24 ports on the module and options are one of the following:default restores autonegotiation.100 sets port to 100Mb half-duplex mode.10 sets port to 10Mb half-duplex mode.Full sets port to full-duplex mode.Half sets port to half-duplex mode.

Example6000 Switch>set link 6 defaults

set link port { port | active | passive | aggregate | individual | agg_default }configures the state of media ports for link aggregation.

set link port port_numberSets the aggregator port number for a media port.

Example6000 Switch>set link 5 port 56000 Switch>set link 6 port 56000 Switch>set link 8 port 5


273

Select from the following parameters: set link port port_number { active | passive }link aggregation between switches requires that at least one of the aggregated ports, on either switch, be set to “active” mode. The ports on the 6000 switch are set to passive mode by default. Passive mode means that the port does not initiate a control frame. It responds to control frames, but it does not send out any. Active mode, automatically sends control frames.

To set a port to active mode, type set link media_ port port aggregated_port active.

Example

The example below creates an aggregator group 3 on Switch A linking media ports 3, 4, and 5 and sets the mode to active. 6000 Switch>set link 3 port 3 active6000 Switch>set link 4 port 3 active6000 Switch>set link 5 port 3 active

set link port port_number aggregateused to reset a port that was restricted from being part of an aggregator link with the “individual” mode setting. The port is then able to be part of an aggregation link.

set link port port_number individualports set to individual mode cannot be part of an aggregation link.

set link port { port_number | all } agg_defaultreturns a port or all aggregator links to their default aggregator setting.

set passwdbasicchanges the switch’s access password. This password is requested when the serial console is first connected or when a new Telnet connection is accepted. When you change the password, you are asked to enter the current password and the new password, then to re-enter the new password to validate it. The password must be 10 characters or less.

Example6000 Switch>set passwdbasicENTER OLD PASSWORD:ENTER NEW PASSWORD:RETYPE NEW PASSWORD:PASSWORD CHANGED


274

set passwdprivchanges the privileged password. The system requests the privileged password upon execution of the set priv command. When changing the password, you are asked to enter the current password and the new password, then to re-enter the new password to validate it. The password must be 10 characters or less.

Example6000 Switch>#>set passwdpriv help

ENTER OLD PRIV PASSWORD:ENTER NEW PRIV PASSWORD:RETYPE NEW PRIV PASSWORD:PRIV PASSWORD CHANGED.

set ppp [log | nolog | negip | nonegip]enables or disables logging of Point-to-Point (PPP) packets sent or received. The negip and nonegip command allows or refuses IP addresses proposed by the peer.

Example6000 Switch>set ppp log(NO MESSAGE)

set portmirror monitorport port_number. sets the port that a protocol analyzer may be attached to analyze the traffic transmitted from a source port. Port mirroring must be disabled prior to setting the source port.In order to ensure that all frames received by the source port are transmitted to the destination or monitor port, the monitor port automatically receives traffic from all VLANs of which the source port is a member.

Example6000 Switch>#>set portmirror helpUsage: set portmirror sourceport <portnum> set portmirror monitorport <portnum>To start port mirroring use the "enable portmirror" command

Example6000 Switch>set portmirror monitorport 3(NO MESSAGES DISPLAYED)

set portmirror sourceport port_numbersets the source mirrored port for port mirroring. Port mirroring must be disabled prior to setting the source port.

Example6000 Switch>set portmirror sourceport 5(NO MESSAGES DISPLAYED)


275

set privnon-privileged command that allows access to privileged commands. Use of this command requires you to type the privileged password. Use logout to quit privileged mode.

Example6000 Switch>set privENTER PASSWORD: 6000 Switch>#>

set priority port(s) { all | port_list } default resets a port or all of the ports to their factory default settings.

Example6000 Switch>#>set priority ports all default

set priority port(s) { all | port_list } pri

Example6000 Switch>#>set priority ports all default

set priority port{s} { all | port list } { trusted | untrusted }Trusted and untrusted 802.1Q tag modes are used for enhanced security in a VLAN aware network.Each port in the system has a trusted or untrusted mode for the VID of a tagged frame. In trusted priority mode, the priority of a tagged frame is always used. In untrusted priority mode, the default port priority is used even if the frame is tagged.

Example6000 Switch>#>set priority ports 8 10 trusted6000 Switch>#>set priority ports 3 4 untrusted

set prompt [ -d ] promptstringprivileged command that changes the command console prompt to the string specified by promptstring. If the -d option is included, then the prompt becomes the default prompt for all future console sessions. Prompt settings are not stored in non-volatile memory, so must be reset each time the system restarts.

Example6000 Switch> set prompt -d newnamenewname>

set snmpmgr host_ip_address community_number [ index ]privileged command that sets the IP addresses of an SNMP manager. The switch’s SNMP agent notifies up to eight different SNMP managers with SNMP trap messages. The IP address of a management node or host is entered as host_ip_address. If index is a value from 1 through 8, then index is taken as an index into a table of manager addresses and replaces the specified entry with the new addresses. The


276

default value for index is 1. If you want to delete an entry, use the IP address of 0.0.0.0. and include the index number. Only SNMP management stations whose IP address has been listed with the 6000 Switch SNMP agent are able to set SNMP values. Other SNMP stations are limited to read-only access.

Example6000 Switch>set snmpmgr 193.1.1.90 1 1

set snmpSecurityLevel controls SNMP security levels on the switch. The default setting is 2, which allows stations in the host table to have write access.

Note Only stations in the host table are able to view and config-ure the switch in Intel Device View. Changing the default security level prevents other stations from being viewed by Intel Device View.

Example6000 Switch>#>set snmpSecurityLevel 3

set spantreeprivileged command that changes the Spanning Tree protocol parameters.

Example6000 Switch>#>set spantree helpUsage: set spantree type <stp | pvstp> set spantree priority <value> <VID> set spantree portcost <port_num> {auto | <value>} <VID> set spantree portpri <port_num> <value> <VID> set spantree rapid <on/off> <VID> set spantree portquick <port_no> <on/off> <VID> set spantree defaults set spantree type <stp | pvstp>

Level Behavior

1 does not verify host in community. Anyone can configure the switch if they know the community string.

2 verifies host in community for write privileges only.

3 verifies host in community for read and write privileges.


277

set spantree portcost port_number { auto | cost_value }VIDchanges the Spanning Tree bridge port cost associated with the port specified by port_number to the value specified by cost. If Independent VLAN Learning (IVL) mode is set, the command is displayed as set spantree rapid { on | off } VID, where VID is a VLAN identifier. To set the mode to Independent VLAN Learning (IVL), type fdb mode ivl.

ExampleTo set the port cost for Gigabit Ethernet port 3:6000 Switch>#>set spantree portcost 3 10

set spantree portpri port_number value VIDsets the bridge port priority to the value specified by value for the Spanning Tree Protocol. If Independent VLAN Learning (IVL) mode is set, the command displays as set spantree rapid { on | off } VID, where VID is a VLAN identifier. To set the mode to Independent VLAN Learning (IVL), type fdb mode ivl.

ExampleThe following command line, sets the priority of port 3 to 1:6000 Switch>set spantree portpri 3 1

set spantree rapid { on | off } VIDRapid reconfiguration quickly designates a new root port for a root port that is on a failed path. If Independent VLAN Learning (IVL) mode is set, the command displays as set spantree rapid { on | off } VID, where VID is a VLAN identifier. To set the mode to Independent VLAN Learning (IVL), type fdb mode ivl.

If rapid reconfiguration is set for an STP domain, it cannot be turned on for a PVSTP domain.

Example6000 Switch>set spantree rapid on 1(NO MESSAGE)


278

set spantree portquick port_number { on | off } VIDsets or disables rapid port activation. Use rapid port activation only when connecting a single end station to a switch port. If a port is connected with rapid port activation to a port on another switch or router, network loops may occur. If Independent VLAN Learning (IVL) mode is set, the command displays as set spantree rapid { on | off } VID, where VID is a VLAN identifier. To set the mode to Independent VLAN Learning (IVL), type fdb mode ivl.

Example6000 Switch>set spantree portquick 1(NO MESSAGE)

set spantree defaultsall ports and bridge values are set to the default values.

Example6000 Switch>set spantree defaults(NO MESSAGE)

set spantree type { stp | pvstp }select to configure 802.1d Spanning Tree (stp) or a separate Spanning Tree for each VLAN (pvstp).

Example6000 Switch>set spantree type stp(NO MESSAGE)

set stormprivileged command to limit the amount of broadcast and multicast frames traffic that a port is allowed to receive and forward.

Example6000 Switch>#>set storm helpUsage: set storm bthreshold <percentage> <all | port1 [port2 ...]> set storm bdiscard <seconds> <all | port1 [port2 ...]>Usage: set storm mthreshold <percentage> <all | port1 [port2 ...]> set storm mdiscard <seconds> <all | port1 [port2 ...]>To resume receiving on a port that is discarding: set storm nodiscard <all | port1 [port2 ...]>

set storm bthreshold percentage { all | port_number } sets the parameters for broadcast storm control. The default broadcast threshold is 100 percent, which disables storm control.

Example

6000 Switch>set storm bthreshold 90 3


279

set storm bdiscard seconds { all | port_number }sets the broadcast discard duration. The discard duration range is zero (0) to 256 seconds.The default is 5 seconds.

Example

6000 Switch>set storm bdiscard 4 3

set storm mthreshold percentage { all | port_number }sets the parameters for multicast storm control. The default multicast threshold is 100 percent, which disables storm control.

Example

6000 Switch>set storm mthreshold 95 3

set storm mdiscard seconds { all | port_number }sets the multicast discard duration. The discard duration range is zero (0) to 256 seconds.The default is 5 seconds.

Example6000 Switch>set storm mdiscard 8 3

set storm nodiscard { all | port_list }resumes receiving on a port that is discarding. The discard duration range is zero (0) to 256 seconds.The default is 5 seconds.

Example6000 Switch>set storm mdiscard 0 1

The following message is displayed:Port 1 will be disabled when broadcast load reaches threshold. User interaction is required to remove the port from discarding state.

set syslogThe syslog feature records such events as logins, configuration changes and error messages that occur on the switch. If an error condition occurs, the switch attempts to write an entry to the system log. The log information is sent to a syslog service on a remote host. All of the syslog command settings and log entries are held in non-volatile RAM.

Example6000 Switch>#>set syslog helpUsage: set syslog host {ip_address | hostname} set syslog {lcmds | nolcmds} set syslog {lout | nolout} set syslog facility <facility-type><facility-type> can be auth, authpriv, cron. daemon, kern, lpr, mail,news, syslog, user, uucp, or local0 through local7.Default <facility-type> is local0.


280

set syslog host [ ip_address | hostname ]privileged command that sets the address of the syslog daemon host.

Example6000 Switch>set syslog 192.2.2.143

set syslog facility facility_typeoffers the ability to change the facility level to where the syslog messages are sent. While the priority of a syslog message determines the level of severity, the facility level describes who the message came from. The table below lists the facility types.

set syslog lcmdsenables syslog to log all commands that are entered.

Facility Types Description

auth The authorization system

authprivSame as auth. Messages are logged to a file with restricted read rights.

cronUnix clock daemon that executes commands at specified dates and times.

daemon System daemons.

kern Messages generated by the kernel.

lpr The line printer spooling system.

mail The mail system.

newsReserved for the USENET network news system.

syslogMessages generated internally by syslog.

user Messages generated by user processes.

uucpReserved for the UUP system. It currently does not use the syslog mechanism.

local0 through local7Reserved for local use. The default facility level for the switch is local0.


281

Example6000 Switch>set syslog lcmds(NO MESSAGE)

set syslog nolcmdsdisables the syslog from logging all commands.

Example6000 Switch>set syslog nolout(NO MESSAGE)

set syslog loutenables the syslog to log all output from the 6000 Switch console.

Example6000 Switch>set syslog lout(NO MESSAGE)

set syslog noloutdisables the syslog from logging all output from the 6000 Switch console.

Example6000 Switch>set syslog nolout(NO MESSAGE)

set timeout privileged command that sets login timeout for Telnet session. The range is from two to thirty minutes.

Example6000 Switch>#>set timeoutUsage:set timeout current <value>. set timeout default <value>.Login timeout range is 2..30 minutes

set timeout current valuechanges the current timeout interval for a Telnet session. The range is from two to 30 minutes.

Example6000 Switch>#>set timeout current 15(NO MESSAGE)

set timeout default valuesets the default time-out interval, The range is from two to thirty minutes.

Example6000 Switch>#>set timeout default15(NO MESSAGE)


282

show

DescriptionThe show command displays information about the switch configuration and operation. Most of these commands are only useful in diagnostic situations.

Note show is functionally the same as the di command.

The following are the show options:

show { ? | help }lists the various show options available.

EXAMPLE6000 Switch>#>show ?

Command See alsoshow option set

Commands:

show ?show communityshow countersshow dnsshow fdbshow helpshow hwversionshow lastbootshow linkshow memstatsshow microtimeshow portshow portinfoshow portmirrorshow pppshow priorityshow snmpmgrshow snmpSecurityLevelshow spantreeshow spromshow stormshow sys show sysfailsshow syslogshow temperatureshow treetypeshow timeoutshow version

Display this messageDisplay SNMP community tableDisplay Sweet countersDisplay DNS infoDisplay Forwarding DatabaseDisplay this messageDisplay Hardware Version infoDisplay last boot timeDisplay link mode of a portDisplay mbuf and malloc statsDisplay system clockShow port aggregationDisplays Spanning Tree port infoDisplays port mirroring parametersDisplay PPP infoDisplays 802.1D/Q priority informationDisplay SNMP Manager addressesDisplay secuirty level of SNMPDisplay Spanning Tree infoDisplay serial eepromDisplay storm control informationDisplay system configurationDisplay system failuresDisplay syslog parametersDisplay temperatureDisplay Spanning Tree TypeDisplay login timeout for Telnet sessionDisplay Software Version Number


283

show community privileged command that displays the SNMP community string for all access types to the SNMP MIBs.

Example6000 Switch>#>show communityCommunity Table:

Community 1: public Permissions: GET|---|----Community 2: private Permissions: ---|SET|----Community 3: trap Permissions: GET|SET|----

show counters {physical} { all | port1 {port2 ...} | {et0}}displays counter values for the port specified by port_number.

Example6000 Switch>show counters all

show dnsDisplay the current Domain Name Service settings.

Example6000 Switch>show dnsDNS : EnabledDNS Domain Name: xyz.comDNS Primary Server: 192.2.2.122DNS Backup Server: 192.2.2.111

PORT

00 01 02 03 04

TX multicast packets okTX broadcast packets okTX unicast packets okRX multicast packets okRX broadcast packets okRX unicast packets okTX packets badTX packets deferredlate collision packetsexcessive collisionscarrier sense errorsSQEs RX alignment errorRX packet too longRX CRC errorsframes w/1 collisionmore than 1 collisionRX byte countTX byte count

0000000000000000000100000000000000000000000000000000016989520000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000226560000000000

00000000000000000001000135036900000000000000000000000169916000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000134465358400000000000

0000000000000000000100013503300000000000000000000000016991600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013445405690000000000

0000000000000000000100013121960000000000000000000000016599390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013143633490000000000

0000000000000000000100013116270000000000000000000000016607380000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013139212860000000000


284

show fdb option displays the current contents of the forwarding database.

Example6000 Switch>show fdb

show fdb [ entry_count ]displays no more than the number of addressesses specified by entry-count. The default is the first 200 or less addressesses.

show fdb alldisplays all the addressesses in the database. The maximum number that can be stored is 55,000.

show fdb tallydisplays the number of addressesses stored for each port.

show fdb IP [tally]displays the number of addressesses

show fdb VIDIndividual VLAN Learning (IVL) mode must be activiated with the fdb mode ivl command to display the VLAN information.

6000 Switch>#>show fdbFDB mode is indepedent (IVL)

FDB for VLAN 1, FDB age time 10 seconds, aging is enabled

VID MAC Address Port Network1 00:00:00:00:01:01 ---- 1 GIG LEARNED1 00:00:00:00:01:02 ---- 2 GIG LEARNEDFDB for VLAN 1: there were 2 entries found

FDB for VLAN 2, FDB age time 300 seconds, aging is enabled

FDB aging time 300 seconds, Aging is Enabled.

MAC addresses Port Network

00:00:00:00:00:0300:a0:24:d7:e0:2400:a0:24:e0:22:7400:a0:24:e0:2c:ae00:a0:24:e0:36:3000:a0:24:e0:36:bb

---- 3 ---- 3 ---- 3 ---- 3 ---- 3 ---- 3

GIG LEARNEDGIG LEARNEDGIG LEARNEDGIG LEARNEDGIG LEARNEDGIG LEARNED

there were 6 entries found


285

VID MAC Address Port Network2 00:00:00:00:01:01 ---- 3 GIG LEARNEDFDB for VLAN 2: there were 1 entries found

FDB for VLAN 3, FDB age time 10 seconds, aging is disabled

VID MAC Address Port Network3 00:00:00:00:03:03 ---- 4 GIG LEARNEDFDB for VLAN 3: there were 1 entries found

show hwversiondisplays the hardware version information.

Example6000 Switch>show hwversionCP/CARRIER BOARD REVISIONS:

show lastbootdisplays the date and time the system was restarted.

Example6000 Switch>show lastbootBOOTED: Wed 3/13/00 04:18

CP Location Carrier StatusCP A inserted CP B inserted CP A running CP B running 8051 Microcontroller Revision Xilinx CP Control RevisionXilinx Carrier Revision Scontroller Revision BCT RevisionLUE 3 parser/resolverLUE 3 editor LUE 3 memsize LUE 3 typeLUE 4 parser/resolver

:Slot A/Primary:Ready:Yes:No:Yes:No:3:c:a:2:1f:c:ed11:128K:LUE2P1E, LXA Interface:c


286

show link { port_number | all }displays the basic media configuration for the port number designated by port_number or for all ports.

Example6000 Switch>#>show link 18Port 18 (10/100) Autonegotiation is enabled. Speed=10Mb Duplex=half. Link is UP.

Link Partner NOT autoneg capableLocal Advert: 100BX Full Duplex | 100BX | 10 BT Full Duplex | 10BT

6000 Switch>#>show link 1Port 1 (Switched Gbe) Autonegotiation is enabled. Link is UP.

Local Advert: No tx flow control. Obeys flow control. Duplex=full.Remote Advert: No tx flow control. Does NOT obey flow control.

Duplex=full.

show link agg { port_number | all }displays the current state of the port link specified by all for all ports or a selected port number designated by port_number. This command is available in both privileged and non-privileged mode. These are the configuration parameters that are stored in NVRAM via the set link command. The table of aggregator parameters is displayed followed by the table of media port parameters.

Example6000 Switch>#>show link agg 4

Field definitions (not included in command line display)

----------------- Aggregator 802.3ad Configuration -------------------------------

GP SPri System ID NameAdmin-State AKey

4 8000 00:40:2F:02:24:01 Agport_28 up 001C

Show Field 802.3ad MIB

set link option Description

GP n/a n/a Global port number (starts at 1 and counts through installed ports only).

SPri AggActorSystemPriority (no) System priority (16 bit hex).

System ID

AggActorSystemID (no) System ID for the local system in MAC address format.

Name AggName (no) ASCII name for aggregator (15 chars)

Admin State

AggAdminState up, down

“Up” allows aggregation, “down” disables aggregation.

AKey AggActorAdminKey akey Key for the aggregator (16 bit hex)


287

Field definitions (not included in command line display)

show memstatsdisplays memory resource usage.

----------------- Media Port 802.3ad Configuration ------------------------------------------------------------------- Admin Partner Information ----------

MP LACPPort

PKey Pri State SPri System ID Key Port PPri State

4 0004 0004 80 ALP 8000 00:00:00:00:00:00

0001 0001 80 4

Show Field set link option IEEE 802.3ad MIB DescriptionMP n/a n/a Media port number (starts at 1

and counts through installed ports only).

LACP Port

(no) AggPortActorPort Port number (16 bit hex) used by Link Aggregation Control Pro-tocol (automatically derived from MP).

PKey key AggPortActorAdminKey Key (16 bit hex) assigned to the media port.

Pri pri AggPortActorPortPriority Priority of media port (8 bit hex).

State active, passive, short_tmo, long_tmo, aggre-gate, individual

AggPortActorAdminState Media port state displayed as:G=aggregate, I=individual, S=short_tmo, L=long_tmo, A=active, P=passive(Following parameters are the administrative partner values used when the link has timed out and default values must be used.)

SPri partner_ system_pri

AggPortPartnerAdmin Sys-temPriority

Partner system priority (16 bit hex)

System ID partner_ system AggPortPartnerAdmin Sys-temID

Partner system ID (MAC address format)

Key partner_ key AggPortPartnerAdminKey Partner port key (16 bit hex value)

Port partner_ port AggPortPartnerAdminPort Partner port number (16 bit hex)PPri partner_ port_pri AggPortPartnerAdmin

PortPriorityPartner port priority (8 bit hex)

State partner_ state AggPortPartnerAdmin State

Partner state (8 bit hex)Bit0: 0 = passive,1= activeBit1: 0=long, 1=short timeoutBit2: 0=individual, 1= aggre-gateBit3: 1=in sync (with other mports in agg group)Bit4: 1=collecting (rx enabled)Bit5: 1=distributing (tx enabled)Bit6: 1=defaulted (rx timeout)Bit7: 1= expired


288

Example6000 Switch>#>show memstatsMBSTATS: 3 out of 384 mbufs in use

3 mbufs allocated to protocol control blocks0/80 extended mbufs in use0 requrests for memory denied0 requests for memory delayed0 call to protocol drain routines

MALLOC STATS (64 byte chunks): chunks 1024 free chunks 757

show microtimelists the number of seconds and microseconds since the system was last restarted as well as the last restart date and time.

Example6000 Switch>show microtimeSystem clock is 4807 seconds, 900000 microsecondsBOOTED: Wed 3/13/0 04:18

show port { port_number | all }displays port and port aggregation information. If a port has been disabled with the disable port command, then the port status is displayed as disabled. An active port is displayed as being “up” or “down.”

Example6000 Switch>#>show port 1

6000 Switch>#>show port allPort= 1, ID= 1, mac=00:40:2F:02:1E:C8, mode=A, status=DOWN at sysUpTime 0 Combined data rate=0MB over 0 attached mports (of 0 SELECTED or STANDBY).Port= 2, ID= 2, mac=00:40:2F:02:1E:C9, mode=A, status=DOWN at sysUpTime 0 Combined data rate=0MB over 0 attached mports (of 0 SELECTED or STANDBY).Port= 3, ID= 3, mac=00:40:2F:02:1E:CA, mode=A, status=DOWN at sysUpTime 0 Combined data rate=0MB over 0 attached mports (of 0 SELECTED or STANDBY).Port= 4, ID= 4, mac=00:40:2F:02:1E:CB, mode=A, status=DOWN at sysUpTime 0 Combined data rate=0MB over 0 attached mports (of 0 SELECTED or STANDBY).Port= 5, ID= 5, mac=00:40:2F:02:1E:CC, mode=A, status=DOWN at sysUpTime 0 Combined data rate=0MB over 0 attached mports (of 0 SELECTED or STANDBY).Port= 6, ID= 6, mac=00:40:2F:02:1E:CD, mode=A, status=DOWN at sysUpTime 0 Combined data rate=0MB over 0 attached mports (of 0 SELECTED or STANDBY).Port= 7, ID= 7, mac=00:40:2F:02:1E:CE, mode=A, status=DOWN at sysUpTime 0 Combined data rate=0MB over 0 attached mports (of 0 SELECTED or STANDBY).Port= 8, ID= 8, mac=00:40:2F:02:1E:CF, mode=A, status=DOWN at sysUpTime 0 Combined data rate=0MB over 0 attached mports (of 0 SELECTED or STANDBY).

6000 Switch>#>sh port 1Port= 1, ID= 1, mac=00:99:99:00:00:00, mode=A, status=UP at sysUpTime 684890 Combined data rate=200MB over 2 attached mports (of 2 SELECTED or STANDBY). [(8000,00-40-2F-02-1B-81,0001,00,0000),(8000,00-00-00-00-00-00,0001,00,0000)] Actor (key=0001) Partner (key=0001) MP Port Pri State Churn RxState/T MuxState Port Pri State Churn 01 0001 80 .FDCSGLP No DEFAULT/00 DISTRIBUTING 0001 80 ..DCSGLP No 02 0002 80 .FDCSGLP No DEFAULT/00 DISTRIBUTING 0001 80 ..DCSGLP No .


289

show portinfo port_numberprivileged command to display the Spanning Tree port information.

Example6000 Switch>#>show portinfo 3

show portmirrorDisplays port mirroring parameters.

Example6000 Switch>show port mirroringPort Mirroring Info:Port Mirroring is Enabled. Source Port 22, Destination Port 23.

If both source and mirror ports are removed the display would say:

6000 Switch>show portmirrorPort Mirroring Info:Source port is not set to a valid port.Monitor port is not set to a valid port.Port Mirroring is Enabled.

show pppshow the PPP options that have been negotiated or failure reasons.

Example6000 Switch>show pppPPP is attempting to start up a link.Modem control is disabled.The previous PPP attempt was successful.

Spantree stats: tx_configs: 0x93 rx_configs: 0x0 tx_bpdus: 0x0 rx_bpdus: 0x0llc rx 79009 tx 147 rxbad 79009

stpdebug:port_id: root_age:state: designated_root: designated_cost:designated_bridge: designated_port:tx_configs:rx_configs:tx_bpdus:rx_bpdusstpdebug:

0x00x80030x0forwarding00:00:55:55:00:000x000:00:55:55:00:000x80030x310x00x00x00x0

top_change FALSE bridge_top_chg_time 23 top_timer_active: FALSE top_value 23change_detected FALSE

msg_age:msg_age: msg_age:

0x00x00x0


290

show ppp statsdisplays PPP statistics, such as packets dropped, compressed packets, etc.

Example6000 Switch>show ppp stats

show priorityDisplays 802.1D/Q priority information.

Example6000 Switch>#>show priority

show snmpmgrdisplays the current set of eight SNMP manager addresses that the switch uses.

Kernel PPP error counts:Unsupported protocols:Mbuf failures: Compression failures: Input packets dropped:Input queue full: Bad FCS:Packet too short:Packet too bigGarbage received:Missing UI: Bad protocols:

VJ Compression Statistics:

Outbound packets: Outbound compressed packets:Searches for connection state:Times could not find conn. state:Inbound uncompressed packets: Inbound compressed packets: Inbound unknown type packets:Inbound packets discarded due to error:

000000000000

000000000

Port PortPriority

Trusted Port PortPriority

Trusted Port PortPriority

Trusted

1 0 YES 2 0 YES 3 0 YES4 0 YES 5 0 YES 6 0 YES7 0 YES 8 0 YES 9 0 YES10 0 YES 11 0 YES 12 0 YES13 0 YES 14 0 YES 15 0 YES16 0 YES 17 0 YES 18 0 YES19 0 YES 20 0 YES


291

Example6000 Switch>show snmpmgr1>192.2.2.212 Community: public2>192.2.2.214 Community: private3>192.2.2.216 Community: trap4>192.2.2.218 Community: trap5>0.0.0.0 Community None6>0.0.0.0 Community None7>0.0.0.0 Community None8>0.0.0.0 Community None

show snmpSecurityLevelDisplays security level of SNMP

show spantreedisplays current Spanning Tree configuration. If Individual VLAN Learning (IVL) mode is activated with the fdb mode ivl command, the command syntax is show spantree {VID | all }.


292

ExampleSTP mode6000 Switch>#>show spantree__________________________________________________________Spanning tree enabled

PVSTP Mode6000 Switch>#>show spantree 55__________________________________________________________Spanning tree enabledSPANNING TREE FOR VID 55Designated Root 00:40:2f:02:25:01Designated Root Priority 16384Designated Root Cost 0Designated Root Port 0Root Max Age 20 sec Hello Time 2 sec Forward Delay 18 sec

Bridge ID 00:40:2f:02:25:01Bridge ID Priority 16384Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 18 secRapid Off

Port 36 Quick N State forwarding Path Cost Auto 19 Port Priority 128______________________________________________________________

Spanning tree enabledDesignated Root Designated Root PriorityDesignated Root CostDesignated Root Port

00:00:55:55:00:001638400

Root Max Age 20 sec Hello Time 2 sec Forward Delay 13 secBridge ID Bridge ID Priority

00:00:55:55:00:0032768

Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 secPort 1 Quick N State forwarding Path Cost Auto 4 Port Priority 128Port 2 Quick N State blocking Path Cost Auto 4 Port Priority 128Port 3 Quick N State blocking Path Cost Auto 4 Port Priority 128Port 4 Quick N State blocking Path Cost Auto 4 Port Priority 128Port 5 Quick N State blocking Path Cost Auto 4 Port Priority 128Port 6 Quick N State blocking Path Cost Auto 4 Port Priority 128Port 7 Quick N State blocking Path Cost Auto 4 Port Priority 128Port 8 Quick Y State blocking Path Cost Auto 4 Port Priority 128


293

show sprom slotID privileged command to display the contents of the serial EEPROM. This is a command that provides information to Customer Support during diagnostics, i.e., serial number, MAC address, version number, etc. If the slotID is not designated, the command defaults to the Control Processor slot, which is always in Slot 5.

6000 Switch>#>show sprom

show storm [ active | discarding | all ] Displays storm control configuration.

Select from the following parameters:

active displays the storm control information for all the ports that are actively monitoring

discarding displays storm control information for all the ports that are currently discarding packets.

all displays storm control information for all the ports, regardless of what state the storm control software has for that port.

CP and Carrier BD Serial EEPROM Contents:Protected Area:

EEPROM validModelMfg DateSerial NumberRev LevelVarianceMAC addressMAC SizeFeature Bits Personality Value

: 55aa: CP:1/8/99: 8: 0: Jan99: 00:40:2f:00:b0:00: 128: 0002: (erased)

Hardware Checksum values: 1: ffffffff 2: ffffffff 3: ffffffff 4: ffffffff 5: ffffffff 6: ffffffff 7: ffffffff 8: ffffffff6000 Switch>#>


294

Example6000 Switch>#>show storm 3Broadcast Storm Control Settings and State Info

show sysdisplays system configuration parameters.

Example6000 Switch>show sys

show sysfailsprivileged commmand to show any system failures such as fan or temperature failures. To clear out the show sysfails messages, type clear sysfails.

PORT THRESHOLD DISCARD PERIOD

BCAST_RATE

MCAST_RATE

CURRENT STATE

BCAST MCAST BCAST MCAST

percent seconds percent percent

--------------------------------------------------------------------------3 100 100 5 5 na na not monitoriing

Broadcast: disables 0 enables 0, Multicast: disables 0 enables 0

ET0 IP address ET0 IP netmask ET0 IP broadcast ET0 MAC addressDefault GatewayPrimary SNMP MgrSpanning TreeTelnetdWeb ServerDNSGateDSyslogSyslog IP addressModem controlAging FDB age timeSerial Baud

: 192.2.2.144: 255.255.255.0: 192.2.2.255: 00:00:55:55:00:00: invalid: 0.0.0.0: Disabled: Enabled: Enabled: Enabled: Disabled Disabled: 0.0.0.0: Disabled: Disabled: 300 seconds: 9600 bps

HARDWARE CONFIGURATION:Slot 1 has a 10/100BaseT board with 24 portsSerial Number is: -1Slot 5 has:CP A Serial Number : -1Carrier Serial Number: 24


295

Example6000 Switch>#>show sysfailsThere have been no system failures.

If one fan has failed, the output is as follows:

6000 Switch>#>show sysfailsFan Failure at Tue 6/8/99 12:59Fan 2 had failed, and is still failing.

Other messages include:

Fan fan_number had failed, but it is currently working.

Temperature exceeded high water mark: degrees C on time

Board in slot slot_number has failed number times in a row and is currently DIS-ABLED.Will attempt to enable it on the next reboot.

Board in slot slot_number has failed number times in total.

Slot slot_number DISABLED due to insufficient power.

The switch was shutdown since the temperature (degrees C) was too high.

All media boards were disabled since the maximum shutdown period was reached on a fan failure.

show syslogdisplays the current parameters for the syslog feature. This command is available in privileged and non-privileged mode.

Example6000 Switch>#>show syslogSyslog : DisabledSyslog IP address : 0.0.0.0Log user commands: DisabledLog all output : Disabled

show temperature privileged command that displays the chassis temperature.

Example6000 Switch>#>show temperatureTemperature is 34 degrees centigrade.

show timeout { current | default }displays the current or default time out interval for a Telnet session.

Example6000 Switch>#>show timeout currentLogin current timeout interval is 15 minutes.6000 Switch>#>show timeout defaultLogin default timeout interval is 15 minutes.


296

show timeout { current | default }displays the timeout interval set for a Telnet session.

Example6000 Switch>#>show timeout currentLogin current timeout interval is 15 minutes.6000 Switch>#>show timeout defaultLogin default timeout interval is 15 minutes.

show treetypeDisplays Spanning Tree type.

Example6000 Switch>#>show treetypeSingle Spanning Tree

show versiondisplays the firmware version number. This command is available in privileged and non-privileged mode.

Example6000 Switch>#>show version

CP Version CP Boot Version LUE VersionWeb Page Version

6070_v7.0.latest Apr 13 2000 11:20:49 [7.0] (DEBUG)6002_v6.0.latest Feb 25 2000 16:49:46 BOOTROM [6.0a]LFA P2E1.PR25.ED45 Dec 28 19996070_v7.0.latest Apr 13 2000 10:28:50 [7.0]


297

upgrade

DescriptionPrivileged command that programs new system software into the switch’s flash memory. The image is located in a file on a host that is running a TFTP server.

Example6000 Switch>upgrade help

The following are the upgrade options:

upgrade filename ip_address | hostname requests image files from the TFTP server at the IP address specified by ip_address to upgrade the CP system image. A host name can be substituted for an IP address, if DNS is enabled.

Example6000 Switch>#>upgrade /usr/6000switch/cprel 192.2.2.10

upgrade ip_address | hostnamerequests the default image file cprel from the TFTP server at the IP address specified by ip_address. [Extensions added as needed.A host name may be substituted for an IP address, if DNS is enabled.]

Example6000 Switch>#> upgrade 192.2.2.10

Note ip_address is the IP address of the TFTP server and filename is the name of the file that is downloaded to the CP Flash mem-ory.

Commandupgrade option

Usage: upgrade template_filename {ip_address | hostname} upgrade {ip_address | hostname}The template_filename specified should be the name of theimage minus the filename extension.CP system software: cprel


298

upgradelue

DescriptionPrivileged command that programs new lookup engine firmware into the switch’s flash memory. The image is located in a file on a host that is running a TFTP server.

The following are the upgradelue options:

upgradelue helpdisplays help for the command.

Example6000 Switch>#>upgradelue helpUsage: upgradelue template_filename {ip_address | hostname} upgradelue {ip_address | hostname}The template_filename specified should be the name of theimage minus the filename extension.LUE software: lue

upgradelue template_filename { ip_address | hostname }requests image files from the TFTP server at the IP address specified by ip_address to upgrade the lookup engine.

Example6000 Switch>#>upgradelue /usr/6000switch/lue 192.2.2.10

upgradelue { ip_address | hostname }requests the default image file Web page from the TFTP server at the IP address specified by ip_address. [Extensions added as needed.]

Example6000 Switch>#> upgradelue 192.2.2.10

Note ip_address is the IP address of the TFTP server and filename is the name of the file that is downloaded to the 6000 Switch flash memory.

Commandupgradelue option


299

upgradewp

DescriptionA privileged command that programs new Web Devices Manager pages and images into the switch’s flash memory. The image is located in a file on a host that is running a TFTP server.

The following are the upgradewp options:

upgradewp helpdisplays help for the command.

Example6000 Switch>#>upgradewpUsage: upgradelue template_filename {ip_address | hostname} upgradelue {ip_address | hostname}The template_filename specified should be the name of theimage minus the filename extension.Web system software: webpage

upgradewp web_page_filename { ip_address | hostname } requests image files from the TFTP server at the IP address specified by ip_address to upgrade the Web Server images.

Example6000 Switch>#>upgradewp /usr/6000switch/webpage 192.2.2.10

upgradewp { ip_address | hostname }requests the default image file webpage from the TFTP server at the IP address specified by ip_address. [Extensions added as needed.]

Example6000 Switch>#> upgradewp 192.2.2.10

Note ip_address is the IP address of the TFTP server and filename is the name of the file that is downloaded to the 6000 Switch flash memory.

Commandupgradewp option


300

vlan

DescriptionPrivileged command that allows you to define virtual LANs (VLANs). VLANs allow you to limit broadcast packets, multicast packets and forwarding lookup failures to a subset of the ports on the switch.6000 Switch>vlan help

The following are the vlan options:

vlan VID createCreates a VLAN identifier (VID). VLANs are assigned a number from 1 to 4,094. The ports do not have to exist in order to create a VID.

vlan [ VID | name ] del port[s] port list removes one or more ports connected to a VLAN.

vlan [ VID | name ] add port[s] port list connects the switch port specified by portID to the VLAN specified by vlanID. If the VLAN does not exist, this command also creates it. The vlanID may be a VLAN number or VLAN name.

Example6000 Switch>vlan 2 add port 2 Adding flood to VLAN 2 from port 2

vlan { srcVID | name } move port[s] port_list vlan { dstVID | name }command used to move ports from one VLAN to another. The srcVID identifies the source VLAN and the dstVID is the destination VLAN.

Commandvlan option

Usage: vlan <VID> create vlan <VID | name> delete vlan <VID | name> {add | del} port{s} <port list> vlan <src VID | name> move port{s} <port list> vlan <dst VID | name> vlan <VID | name> {tag | untag} port{s} <port list> vlan <VID | name> name <string> vlan <VID | name> ifconfig {<ipadd> | netmask <mask> | broadcast <broad>} vlan <VID | name> ifconfig {create | delete} vlan <VID | name> ifconfig ip delete vlan port{s} <port list> PVID <pvid> vlan print {by port} vlan reset {slot <slot>}Notes: A <port list> is a list of port numbers such as 1 2 3 4. Use "vlan reset" to reset ports on all slots. Type "vlan <VID | name> ifconfig" for help on configuring interfaces.


301

Example6000 Switch>#>vlan 2 move port 8 vlan 4

vlan [ VID | name ] {tag | untag} port[s] port listsets the frame type that is transmitted from a port to a given VLAN.

Example6000 Switch>#>vlan 2 tag ports 2 6

vlan [ VID | nam e] name stringsets a description used to identify a VLAN, i.e., VLAN 2 is sales.

Example6000 Switch>vlan 2 name sales

vlan [ VID | name ] ifconfig { ip_address | netmask mask | broadcast broadcast_address }command to configure a VLAN with an IP address.This creates a network interface for the CP module, which is labeled sw_numberVID.

vlan [ VID | name ] ifconfig {create | delete}command to create a network interface for a VLAN. If the VLAN has not been previously created, it creates the VLAN along with the interface. Also used to delete a network interface for a VLAN.

Example6000 Switch>vlan 9 ifconfig createCreated VLAN 9Created Interface sw9 for VLAN 9

vlan ports port_list admit tagonlyThe ingress rule discards any untagged frames or priority-tagged frames received on the port. Tagged frames that are not discarded are classified and processed according to the ingress rules that apply to that port.

Note A priority-tagged frame is not a VLAN tagged frame. A prior-ity-tagged frame has an 802.1Q tag but the VID is zero.

To set the configuration to accept only tagged frames, type vlan ports port_list admit tagonly


vlan ports port_list enable ingcheckVLAN security command.If the “Enable Ingress Filtering” parameter is set for a port, the ingress rule discards any frame received on a port from a VLAN that does not include that port


302

within its member set. To disable ingress checking, type vlan ports port_list disable ingcheck.

Example6000 Switch>vlan port 5 enable ingcheck

vlan port{s} port list PVID pvidcommand is used to assign the PVID. The switch supports the 802.1Q specification for VLAN tagging. All untagged and priority-tagged frames received by a port belong to the VLAN whose port VLAN identifier (PVID) is associated with that port. The PVID must contain a valid VLAN identifier value and shall not contain a null value of zero (0). The default PVID is one (1).

Example6000 Switch>#>vlan port 2 pvid 1001

6000 Switch>#>vlan port 23 pvid 23Changing port 23’s PVID to 23.

vlan print [by port]displays all ports assigned to a Virtual LAN. If names have been assigned, the name is listed in parentheses next to the VLAN number, i.e., VLAN2 (sales).

Example6000 Switch>vlan print

VLAN 1 (NoName1): ip routing from this VLAN: enabled Port Members: { 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 } Forbidden Members: { None }VLAN 22 (NoName22): inet 192.168.1.2 mask 255.255.255.0 bcast 192.168.1.255 ip routing from this VLAN: enabled ether 00:40:2f:02:25:09 Port Members: { 13 } Forbidden Members: { None }

Port PVID Trusted Ing. check Admint Any1 1 Yes No Yes2 1 Yes No Yes3 1 Yes No Yes4 1 Yes No Yes5 1 Yes No Yes6 1 Yes No Yes7 1 Yes No Yes8 1 Yes No Yes9 1 Yes No Yes10 1 Yes No Yes


303

VLAN 33 (NoName33): inet 192.168.2.2 mask 255.255.255.0 bcast 192.168.2.255 ip routing from this VLAN: enabled ether 00:40:2f:02:25:0a Port Members: { 23 } Forbidden Members: { None }VLAN 44 (NoName44): inet 192.168.3.2 mask 255.255.255.0 bcast 192.168.3.255 ip routing from this VLAN: enabled ether 00:40:2f:02:25:0b Port Members: { 24 } Forbidden Members: { None } 6000 Switch>vlan print byport

vlan reset slot { slot ]clears all VLAN settings for both the current session and all future sessions, i.e., clears configuration in non-volatile memory. The vlan reset command without the slot identifier resets all ports.

Example6000 Switch>#>vlan resetVLANs reset to defaults

Port PVID Trusted Ing. Check Admit Any VID-Membership1 1 Yes No Yes { 1 }2 1 Yes No Yes { 1 22}3 1 Yes No Yes { 1 }4 1 Yes No Yes { 1 }5 1 Yes No Yes { 1 }6 1 Yes No Yes { 1 }7 1 Yes No Yes { 1 }8 1 Yes No Yes { 1 }9 1 Yes No Yes { 1 }10 1 Yes No Yes { 1 55}

% Appendix B:GateD Reference

A P P E N D I X B GateD Reference

306

This appendix is a supplementary reference for the GateD* command structure.

InterfacesThe interface statement is used to define routing characteristics for the network interfaces. An interface is the connection between a router and one of its attached networks. In the GateD command syntax, an interface is identified as ifs.

Configurable Parameters

scanInterval time

The scanInterval is a global parameter affecting all of the interfaces. Controls how often GateD checks the system for interface changes. The range is from 15 to 3600 seconds. The default is 60 seconds.

preference preference

Sets the preference for routes to this interface when it is up and functioning properly. Preference is determined by the system or import policy. The range is from zero (0) to 255. The default is 0.

gated/ifs# di

ifs----------------------- scanInterval: 60

if[127.0.0.1]if[172.28.91.175]if[172.28.92.175]if[172.28.93.175]if[172.28.94.175]if[172.28.95.175]

A P P E N D I X B Intel® NetStructure™ 6000 Switch User Guide

307

Read-Only Parameters

ifIndex The index of the interface in the system interface (IF) table.

state The up or down state of the interface.

transitions The number of UP/DOWN transitions for the interface.

mtu

The maximum transmission unit (MTU) is the largest packet size that can be transmitted by the interface without fragmentation. The default for Ethernet is 1500 bytes.

media There are four types of interfaces. The switch currently only supports

three.

gated/ifs> if[192.0.0.1gated/ifs/if[192.0.0.1]> di if[192.0.0.1]---------------------------- ifIndex: ifName: state: transitions: mtu: media: metric: mask: protocols: preference:

1lo0UP0472LOOPBACK0255.255.255.255NONE0

Type Description

LOOPBACK A simulated adapter that is always identified by the IP address 127.0.0.1.

BCAST

A multi-access interface, cable of a physical level broadcast, such as Ethernet and Token Ring. There is an associated subnet mask and broadcast address.

POINT-TO-POINT (P2P)

A tunnel to another host, usually on a serial link


308

metric

The metric learned from the system. The default OSPF link cost is based on the metric. (defined by speed/bandwidth). The range is from zero to 16.

mask The network mask of the subnet to which the interface is attached.

protocols The protocols running on the interface.

Adding Static RoutesStatic routes are used when IP routed packets are routed through remote hosts not directly connected to a physical network with its own routing table. The route [x.x.x.x/l] command is used to manually configure static routes.

If the keyword default is used for the destination address, a default route is created. The default route is used whenever there is no specific route to a destination. The network IP address associated with the default route is 0.0.0.0/0.

Static routes are created under the static component.


gateway ip_addr

Sets the next hop IP address for the route. It must be on the subnet of the specified interface.

if ip_addr

Sets the local interface for the statically configured route. It must be attached to the same network as the gateway.


Sets the preference for this static route. The range is from 0 to 255. The default is 60.

gated/static/default#diif: 0.0.0.gateway: 0.0.0.0pref: nonetype: 60


309

type

RIP ConfigurationRIP selects the route with the lowest “hop count” (metric) as the best route. The hop count is the number of routers through which data must pass to reach its destination. RIP assumes that the best approach is the one that uses the fewest routes.

RIP maintains routes in the routing table. First, if the metric is greater than 15 hops away, then the route is deleted. All routes through a gateway are also deleted if no updates are received from the gateway within a specified time period. Generally RIP issues routing updates every 30 seconds. If a gateway does not issue routing updates within 180 seconds, all routes through that gateway are deleted from the routing table.

Type Description

NORMAL Normal static route. This is the default type.

RETAINThe static route is kept in the system forwarding table, even when GateD is disabled.

REJECT

The packet destined to the network is rejected. ICMP unreachable is sent to originator. Note: The reject route can be exported into different routing domains.

BLACKHOLEThe packet is dropped silently. The blackhole route is not picked up by any protocols.

NOINSTALL The route is not installed into the system forwarding table, but can be exported into routing protocols.


310



Sets the route preference learned from RIP. The default preference is 100. This may be overridden by a preference specified in the import policy.

defaultMetric metric

Each RIP routing table entry contains a metric or cost for each destination, called a hop. RIP selects the route with the lowest hop count as the best route. However, the longest hop cannot exceed 15 hops. The metric can be overridden by the export policy.

RIP Interface ConfigurationThe ifs command defines the interfaces used by RIP and defines the configuration parameters for that interface.


mode {none | ripin | ripout | both}

version ver {1 | 2 }

Specifies the RIP packet version (RIP 1 or RIP 2) sent from the interface. The default is RIP 1. Note: incoming RIP packets from both versions are always accepted on the interface regardless of this setting.

gated/rip# d rip--------------------- preference: 100defaultMetric: 16 stats

Type Description

NONE disable RIP on the interface

RIPIN receives RIP packets only

RIPOUT sends RIP packets only

BOTH receives and sends RIP packets (default)


311

metricIn metric

Specifies the RIP metric increment to the learned routes before they are installed. Using this parameter makes the routes learned from this interface less preferable.

metricOut metric

Specifies the RIP metric increment to the routes sent out via this interface. Using this parameter makes the routes received from this link less preferable.

authType authtype {none | simple}

It is only meaningful to RIP version 2. When SIMPLE authentication is used, a network-wide authKey is provided. The default is none.

authKey key

It is only used when authentication type is SIMPLE. The authKey (password) must be the same network wide.

OSPF Configuration OSPF is a protocol designed to be used inside Autonomous Systems. It is not designed to route between Autonomous Systems.



It sets the preference for OSPF when importing intra- and inter-area Autonomous System External (ASE) routes into the GateD routing table. The default is 10.

asBdrRtr { yes |no }

gated/ospf# di ospf--------------------- preference: asBdrRtr: stats lsaDb nbrTable asearea[0.0.0.1]gated/ospf#

10yes

]


312

Areas exchange routing information with other areas within the autonomous system through area border routers. Set the flag to allow (yes) or disallow (no) the router to be an OSPF autonomous system border router. This setting determines whether OSPF can process input routes from sources other than OSPF.

Configuring ASE RoutesThe following parameters specify how to import OSPF ASE routes into the GateD routing table and how to export routes from the GateD routing table into OSPF ASEs.


The preference is used to determine how OSPF routes compete with routes from other protocols in the GateD routing table. The default value is 150.

cost cost

The cost is used when exporting a non-OSPF route from the GateD routing table into OSPF as an ASE. The default value is 1. This may be explicitly overridden in the export policy.

Because of the nature of OSPF, the rate at which ASEs are flooded must be limited. The parameters below can be used to adjust those rate limits.

gated/ospf/ase# di ase------------------- preference: cost: expInterval: expLimit:0gated/ospf/ase#

15011100

Parameter Definition

expInterval time

Specifies how often a batch of ASE link-state advertisements (LSAs) are generated and flooded in OSPF from the GateD routing table. The default is once per second.

expLimit routesSpecifies how many ASEs are generated and flooded into OSPF each time. The default is 100.


313

Configuring the BackboneThe backbone may only be configured with the keyword backbone. It may not be specified as area 0. The backbone interface may be a virtual link.

Each OSPF router must be configured into at least one OSPF area (area[x.x.x.x]). If more than one area is configured, at least one must be the backbone.

authType {none | simple}

OSPF specifies authentication scheme per area. Each interface in the area must use the same authentication scheme although it may use a different authentication key. The current valid values are none for no authentication and simple for simple password authentication. The default is none.

networks ip_addr/l ... ip_addr/l

Specifies the networks that compose the area. This helps reduce area LSA traffic.

areaType {stub | nssa | normal}

The type of area. Normal is the default setting.

defRtCost defCost

The cost is used for injecting a default route into OSPF stub or nssa area. It is only used by area border routers. The range is from 0 to 1000. The default is 1.

gated/ospf/backbone# di backbone-----------------authType: nonenetworks: stats lsaDb

Type Description

STUBA stub area. No ASE and it uses the default route to external destination.

NSSAA “not-so-stub area.” No ASEs flooded into area, but can generate ASEs within an area.

NORMAL Normal OSPF transit area.


314

Configuring OSPF InterfacesInterfaces are defined as the interfaces used by OSPF. The following are read-only parameters.

mediaType { bcast | p2p }

Specifies the media type of the interface to which it is connected. The options are broadcast or point-to-point. Broadcast is the default media type.

cost cost

Specifies the default cost (i.e., type of service (TOS) 0 cost) of the link attached to the interface. The sum of the costs along links is the base of the SPF algorithm.

tos tos/cost, .. tos/cost

Specifies the TOS this interface supports. TOS 0 is always supported regardless the setting. The range is from zero (0) to 30.

authKey {simple |none}

Sets the authentication key for SIMPLE or no authentication (None). The key must be the same network wide. The key is:

• one to eight decimal digits

• one to eight hex digits preceded by 0x, or

• one to eight characters between quotation marks (“”).

gated/ospf/backbone/if[172.28.95.175]> d if[172.28.95.175]------------------------- cost: tos: authKey: priority: helloInterval: transitDelay: retransInterval: deadInterval: neighbor: mediaType: dr: bdr: events:

10/1

1101540

BCAST172.0.0.1750.0.0.02


315

priority priority

Priority is used in designated router (DR) election. The router with the highest priority (highest number) becomes a designated router for the attached network. Priority 0 means the router is ineligible for DR. The priority range is from zero (0) to 255. The default is one (1).

helloInterval time

Specifies the number of seconds the hello packets are sent via the interface. The range is from one (1) to 120 seconds. The default is 10.

transitDelay time

Sets the estimated number of seconds it takes to transmit an LSA update over the interface. Transmission and propagation delays are counted. The range is from one (1) to 120 seconds. The default is one (1).

retransInterval time

Sets the number of seconds between LSA retransmissions. It should be greater then round trip transit delay time. The range is from one (1) to 3600 seconds. The default is five (5).

deadInterval time

Specifies the number of seconds that a neighbor is not heard from, i.e., if a neighbor does not send any “hellos” during the time period, that neighbor is presumed to no longer function. It should be the same network wide. Typical value is four times the hello interval. The range is from one (1) to 3600 seconds. The default is 40.

dr ip_addrThe designated router (DR) of the subnet attached to the interface.

bdr ip_addrThe backup DR of the subnet attached to the interface.

events numberThe number of times the OSPF interface changed its state.

Virtual LinksOSPF requires that every area connect to the backbone and that every area, including the backbone area, be contiguous. When an Area Border Router (ABR) cannot physically connect to the backbone, a virtual link is used to logically connect the ABR to the backbone. The virtual link uses a transit area that is connected to the backbone. The transit area


316

cannot be a stub area. This link is treated as a point-to-point link belonging to the backbone. OSPF packets are sent to the neighbor IP address at the other end of the virtual link.

A virtual link is part of the backbone area. It has more parameters than the normal OSPF interfaces. Virtual links are indexed by the routerID at the other end of the virtual link.


transitArea areaID

Specifies the transit area in which the virtual link is established. The transit area must be in this system.

Each area, including the backbone, has a link-state advertisement database (lsaDb). In GateD, it is a table of link state advertisements (LSAs).

lsa {router | net | stub | ase1 | ase2 }The Link State Advertisements types include the following.

lsidID

The ID of an LSA, which could be a routerID, network address or interface address. It depends on the type of LSA.

advRtr routerIDThe router ID which advertised the link state.

gated/ospf/backbone/vLink[0.0.0.1]# di vLink[0.0.0.1]-------------------------- transitArea: 0.0.0.1 authKey: helloInterval: 10 transitDelay: 1retransInterval: 5 deadInterval: 40 events: 0

LSA Types Parameter

ROUTER LSA router

NETWORK LSA net

STUB AREA LSA stub

NETWORK SUMMARY LSA ase1

ASE LSA ase2


317

age timeThe age of the LSA in the form d:h:m:s or h:m:s

seq number

The sequence number of the LSA which is used to detect outdated LSA or duplicated LSA.

chksum numberThe LSA check sum Value used to detect any data corruption.

OSPF Neighbor TableThe OSPF neighbor table has two subtables. One table contains OSPF neighbors dynamically discovered over broadcast interfaces. Another table is the collection of configured OSPF neighbor or virtual links. Both tables are indexed by neighbor addresses.

Read-Only Parameters

nbrRtr

The routerID of the neighbor router. It is provided as an IP address in 32-bit dotted decimal format.

priorityThe priority of the neighbor in designated router (DR) election.

state

The state of the neighbor in establishing adjacency. Adjacency is a relationship formed between selected neighboring routers for the purpose of exchanging routing information.

State Description

DOWN the neighbor is down

ATTEMPT attempt to talk with the neighbor (nbma)

INIT hello received, but one way only.

2WAY two way communications established.

EXSTART negotiation for data-base exchange.


318

mode The mode of the neighbor in the database exchange master.

drBdr The role of the neighbor:

lastHello The time when the last hello was received from the neighbor.

lastExchange The time when the last database exchange occured.

lsRetransQlen The current length of the retransmission queue.

events The number of times in which the neighbor state has been changed.

interface

The interface on this route, which is on the same subnet as the neighbor. It is used to communicate with the neighbor.

EXCHANGE exchange database description

LOADING loading database (delta) content.

FULL full adjacency established.

Mode Description

MASTER The neighbor with the master copy of the database.

SLAVE The neighbor that receives the database from the router.

Role Description

DR The neighbor is a designated router.

BDR The neighbor is a backup designated router.

OTHER other

State Description


319

Virtual NeighborA virtual neighbor describes the state and relationship with a router that is established via a virtual link.

Read-only Parameters

transitArea

The area in which the virtual link is established and the neighbor that is at the other end of the link.

The following parameters are the same as for neighbor.

OSPF StatisticsStatistics are used for information gathering.

nbrRtr lastHello

state lsRetransQlen

mode lastExchange

events

gated/ospf/stats# di

stats----------------------------- interfaces: neighbors: externLsa: chkSumExLsaDb: originatedLsa: receivedLsa: helloPktReceived: helloPktSent: dbPktReceived: dbPktSent: lsReqPktReceived: lsReqPktSent lsAckPktReceived: lsAckPktSent:lsUpdatePktReceived lsUpdatePktSent:

0421624120013300000000


320

Read-only Parametersinterfaces The number of OSPF interfaces configured on the router

neighbors The number of OSPF neighbors known by the router.

externLSA The number of external OSPF LSA databases.

chkSumExLSADb

Checksum of OSPF external LSA database. Used to determine if the database is update to date.

chkSumLSADb

The checksum of the LSA database of this area used to determine if the database is up-to-date.

originatedLSA

Number of LSAs originated by this router including external LSA if this router is an AS border router.

receivedLSA The number of LSAs received and installed by the router.

helloPktReceived The number of hello packets the router has received.

helloPktSent The number of hello packets the router has sent.

dbPktReceivedThe number of database description packets the router has received.

dbPktSent The number of database description packets the router has sent.

lsReqPktReceived The number of link state request packets the router has received.

lsReqPktSent The number of link state request packets the router has sent.

lsAckPktReceived The number of link state acknowledge packets the router has received.


321

lsAckPktSent The number of link state acknowledge packets the router has received.

lsUpdatePktReceived The number of link state update packets the router has received.

lsUpdatePktSent The number of link state update packets the router has sent.

OSPF Area Link State Advertisement DatabaseThe OSPF Area Link State Advertisement Database (LsaDb) is a table of Link State Advertisements (LSAs).

Read-only Parameters

Entry

The entry field displays the LSA number. The maximum is the number of entries in the LsaDb table.

type

The type field displays the parameter function of the LSA. The possible values are

Type Value

ROUTERLSA router

NETWORKLSA network

STUBAREALSA stub

NETWORKSUMMARYLSA ase1

ASELSA ase2


322

lsidIdDisplays the ID of an LSA. The possible values are:

• routerID

• network address

• interface address

AdvRtr

Displays the ID of the router which advertised the link state.

ageDisplays the age of the LSA. Format: d:h:m:s or h:m:s

seq

Displays the sequence number of the LSA which is used to detect an outdated or duplicated LSA.

chksum Displays the LSA checksum value used to detect any data corruption.

Route Table The route table defines the how the router forwards packets. The destination address of each packet is used to perform a route table lookup based on a best-match search of the table. Each IP (Internet Protocol) packet destination address is compared with each prefix (path) in the table. The best match is the entry with the longest match in the table.

Read-only parameters

route

The route field is a prefix of an IP destination address used in the best match search of the route table. Each prefix is composed of an IP address x.x.x.x (in 32 bit internet address dotted decimal notation) and a length l. Bits not included in the length are zero (e.g., 128.10.0.0/16).

path

The path field is an index used to enumerate multiple routes.

state

Displays if the entry can be used for route table lookup.


323

The possible values are listed below:

nextHop

Displays where the packet is sent next by the router. The next hop is an IP address.

ifSend

Displays the local interface on which the packet is sent to the nextHop address.

srcGateway

Displays the gateway from which the route entry was learned. The value is an IP address, and is zero for static and local route entries.

protocol

Displays the method used in calculation of the route entry. If the protocol is OSPF, it indicates the type of OSPF route. The possible values are:

preference

Displays the weighting factor used when adding entries to the routing table. It is usually determined by the preference of protocol unless policy changed it for the path. The range is from 1 to 100.

tosDisplays the type of service value (TOS) for the entry. When installed, only traffic with this TOS value is sent using this path. It is normally 0, and is only valid for protocols that support it. the range is from zero to 30.

Value Description

ACTIVE Used in kernel forwarding table

ELIGIBLE Eligible to become active

HIDDEN Not used because of policy.

PENDING pending due to hold down on another route.

DELETE Deleted and subject to removal

intra-area route ase type 1inter-area route ase type 2 routeroute


324

metric

Displays the cost to the destination specified by the prefix. A metric is only valid for protocols that support it (distance vector based protocols such as RIP). The range is from 1 to 16.

age

Displays the number of seconds since last update on the path.

type

Displays router processing for the entry. Possible values include:

Value Description

RETAIN Keep path in system after gated died.

REJECT Reject packets to the route.

BLACKHOLE Silently drop packets to the route.

MULTICAST a multicast route.

&Appendix C:TechnicalInformation

�

Support Services

Intel offers a range of support services for your new product. You can learn about the options available for your area by visiting the Intel® NetStructure™ 6000 support Web site at http://www.intel.com/network/services and choosing your geography.

Worldwide Access to Technical Support

Intel has technical support centers worldwide. Technicians who speak the local languages staff many of the centers. Visit our Web site at http://support.intel.com/.

North America only

For support, call (800) 838-7136 or (916) 377-7000.

Japan only

For support, call +81-298-47-0800.

Other areas

For support in other countries, use the following table to dial the toll-free support number. Using the table, locate the country from which you are calling, dial the access number, await the dial tone and then dial the listed 800 number.

Country Dialing Information

Australia Dial 1-800-881-011, await dial tone, dial 800-838-7136

China 3 Dial 10811, await dial tone, dial 800-838-7136

Hong Kong Dial 800-1111, await dial tone, dial 800-838-7136

India 5 Dial 000-117, await dial tone, dial 800-838-7136

Indonesia 2 Dial 001-801-10, await dial tone, dial 800-838-7136

Korea 1 Dial 0-911, await dial tone, dial 800-838-7136

A P P E N D I X C Technical Information

327

Malaysia 4 Dial 800-0011, await dial tone, dial 800-838-7136

New Zealand Dial 000-911, await dial tone, dial 800-838-7136

Singapore Dial 800-0111-111, await dial tone, dial 800-838-7136

Sri Lanka Dial 430-430, await dial tone, dial 800-838-7136

Taiwan 1 Dial 0080-10288-0, await dial tone, dial 800-838-7136

Thailand 5 Dial 0019-991-1111, await dial tone, dial 800-838-7136

Austria 1 4 Dial 022-903-011, await dial tone, dial 800-838-7136

Belgium 1 Dial 0-800-100-10, await dial tone, dial 800-838-7136

Denmark Dial 8001-0010, await dial tone, dial 800-838-7136

Finland 1 Dial 9800-100-10, await dial tone, dial 800-838-7136

France (Includes Andorra) Dial 19-0011, await dial tone, dial 800-838-7136

Germany Dial 0130-0010, await dial tone, dial 800-838-7136

Italy (Includes Vatican City) 1 Dial 172-1011, await dial tone, dial 800-838-7136

Netherlands 1 Dial 06-022-9111, await dial tone, dial 800-838-7136

Norway Dial 800-190-11, await dial tone, dial 800-838-7136

Poland 1 3 Dial 0-0-800-111-1111, await dial tone, dial 800-838-7136

Portugal 3 Dial 05017-1-288, await dial tone, dial 800-838-7136

Russia 1 2 3 Dial 755-5042, await dial tone, dial 800-838-7136

Spain Dial 900-99-00-11, await dial tone, dial 800-838-7136

Sweden Dial 020-795-611, await dial tone, dial 800-838-7136

Switzerland 1 Dial 0-800-550011, await dial tone, dial 800-838-7136

United Kingdom (Mercury) 3 Dial 0500-89-0011, await dial tone, dial 800-838-7136

United Kingdom (BT) 3 Dial 0800-89-0011, await dial tone, dial 800-838-7136


A P P E N D I X C Intel® NetStructure™ 6000 Switch User Guide

328

RSA (South Africa) Dial 0-800-99-0123, await dial tone, dial 800-838-7136

Philippines Dial 105-11, await dial tone, dial 800-838-7136

Vietnam Dial 12010288, await dial tone, dial 800-838-7136

Pakistan Dial 0080001001, await dial tone, dial 800-838-7136

Notes:

1 Public phones require coin or deposit

2 Use phones allowing international access

3 May not be available from every phone

4 Public phones require local phone payment through the call duration

5 Not available from public phones


329


Regulatory InformationFCC Part 15 Compliance Statement This product has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.

This product generates, uses, and can radiate radio fre-quency energy and, if not installed and used in accor-dance with the instruction manual, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particu-lar installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning this equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

. Change the direction of the radio or TV antenna.

. To the extent possible, relocate the radio, TV, or other receiver away from the product.

. Plug the product into a different electrical outlet so that the product and the receiver are on different branch circuits.

. If these suggestions don’t help, consult your dealer or an experienced radio/TV repair technician for more suggestions.

NOTE This device complies with Part 15 of the FCC Rules. Operation is subject to the following two condi-tions: (1) This device may not cause harmful interfer-ence, and (2) this device must accept any interference received, including interference that may cause undes-ired operation.

CAUTION If you make any modification to the equip-ment not expressly approved by Intel, you could void your authority to operate the equipment.

Canada Compliance Statement (Industry Canada)Cet appareil numérique respecte les limites bruits radioélectriques applicables aux appareils numériques de Classe A prescrites dans la norme sur le matériel brouilleur: “Appareils Numériques,” NMB-003 édictée par le Ministre Canadien des Communications.

This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the interference-causing equipment standard entitled: “Digital Apparatus,” ICES-003 of the Canadian Depart-ment of Communications.

CE Compliance StatementThe Intel® NetStructure™ 6000 Switch complies with the EU Directive, 89/336/EEC, using the EMC standards EN55022 (Class A) and EN55024. This product also complies with the EU Directive, 73/23/EEC, using the safety standard EN60950 A1/A2/A3/A4/A11.

CISPR 22 Statement

Taiwan Class A EMI Statement

VCCI Class A (Japan)

Australia

Warning

This is a class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate mea-sures.

A P P E N D I X C Technical Information

330

Limited Hardware Warranty Intel warrants to the original owner that the hardware product delivered in this package will be free from defects in material and workmanship for one (1) year following the latter of: (i) the date of purchase only if you register by returning the registration card as indicated thereon with proof of purchase; or (ii) the date of manufacture; or (iii) the registration date if by electronic means pro-vided such registration occurs within thirty (30) days from purchase. This warranty does not cover the product if it is damaged in the process of being installed. Intel recommends that you have the company from whom you purchased this product install the product.

INTEL RESERVES THE RIGHT TO FILL YOUR ORDER WITH A PRODUCT CONTAINING NEW OR REMANUFAC-TURED COMPONENTS. THE ABOVE WARRANTY IS IN LIEU OF ANY OTHER WARRANTY, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY OF NONINFRINGEMENT OF INTELLECTUAL PROPERTY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR ANY WARRANTY ARISING OUT OF ANY PROPOSAL, SPECIFICATION, SAMPLE OR OTHERWISE.

This warranty does not cover replacement of products damaged by abuse, accident, misuse, neglect, alteration, repair, disaster, improper installation or improper testing. If the product is found to be otherwise defective, Intel, at its option, will replace or repair the product at no charge except as set forth below, provided that you deliver the product along with a return material autho-rization (RMA) number either to the company from whom you purchased it or to Intel (North America only). If you ship the prod-uct, you must assume the risk of damage or loss in transit. You must use the original container (or the equivalent) and pay the shipping charge. Intel may replace or repair the product with either new or remanufactured product or parts, and the returned product becomes Intel’s property. Intel warrants the repaired or replaced product to be free from defects in material and workman-ship for a period of the greater of: (i) ninety (90) days from the return shipping date; or (ii) the period of time remaining on the original one (1) year warranty. This warranty gives you specific legal rights and you may have other rights which vary from state to state. All parts or components contained in this product are covered by Intel’s limited warranty for this product; the product may contain fully tested, recycled parts, warranted as if new. For warranty information call one of the numbers below.

Returning a Defective Product (RMA)Before returning any product, contact an Intel Customer Support Group and obtain an RMA number by calling:

North America only: (800) 838-7136 or (916) 377-7000

Other locations: Return the product to the place of purchase.

If the Customer Support Group verifies that the product is defective, they will have the Return Material Authorization Department issue you an RMA number to place on the outer package of the product. Intel cannot accept any product without an RMA number on the package.

LIMITATION OF LIABILITY AND REMEDIES

INTEL SHALL HAVE NO LIABILITY FOR ANY INDIRECT OR SPECULATIVE DAMAGES (INCLUDING, WITHOUT LIMITING THE FOREGO-ING, CONSEQUENTIAL, INCIDENTAL AND SPECIAL DAMAGES) ARISING FROM THE USE OF OR INABILITY TO USE THIS PRODUCT, WHETHER ARISING OUT OF CONTRACT, NEGLIGENCE, TORT, OR UNDER ANY WARRANTY, IRRESPECTIVE OF WHETHER INTEL HAS ADVANCE NOTICE OF THE POSSIBILITY OF ANY SUCH DAMAGES, INCLUDING, BUT NOT LIMITED TO LOSS OF USE, INFRINGEMENT OF INTELLECTUAL PROPERTY, BUSINESS INTERRUPTIONS, AND LOSS OF PROFITS, NOTWITHSTANDING THE FOREGOING, INTEL’STOTAL LIABILITY FOR ALL CLAIMS UNDER THIS AGREEMENT SHALL NOT EXCEED THE PRICE PAID FOR THE PRODUCT. THESE LIMITATIONS ON POTENTIAL LIABILITIES WERE AN ESSENTIAL ELEMENT IN SET-TING THE PRODUCT PRICE. INTEL NEITHER ASSUMES NOR AUTHORIZES ANYONE TO ASSUME FOR IT ANY OTHER LIABILITIES.

Some states do not allow the exclusion or limitation of incidental or consequential damages, so the above limitations or exclusions may not apply to you.

Critical Control Applications: Intel specifically disclaims liability for use of the hardware product in critical control applica-tions (including, for example only, safety or health care control systems, nuclear energy control systems, or air or ground traffic control systems) by Licensee or Sublicensees, and such use is entirely at the user’s risk. Licensee agrees to defend, indemnify, and hold Intel harmless from and against any and all claims arising out of use of the hardware product in such applications by Lic-ensee or Sublicensees.

Software: Software provided with the hardware product is not covered under the hardware warranty described above. See the applicable software license agreement which shipped with the hardware product for details on any software warranty.


331

Limited Hardware Warranty (Europe only)Intel warrants to the original owner that the hardware product delivered in this package will be free from defects in material and workmanship for one (1) year following the latter of: (i) the date of purchase only if you register by returning the registration card as indicated thereon with proof of purchase; or (ii) the date of manufacture; or (iii) the registration date if by electronic means pro-vided such registration occurs within thirty (30) days from purchase. This warranty does not cover the product if it is damaged in the process of being installed. Intel recommends that you have the company from whom you purchased this product install the product.

INTEL RESERVES THE RIGHT TO FILL YOUR ORDER WITH A PRODUCT CONTAINING NEW OR REMANUFAC-TURED COMPONENTS. THE ABOVE WARRANTY IS IN LIEU OF ANY OTHER WARRANTY, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY OF NONINFRINGEMENT OF INTELLECTUAL PROPERTY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, OR ANY WAR-RANTY ARISING OUT OF ANY PROPOSAL, SPECIFICATION, SAMPLE OR OTHERWISE.

This warranty does not cover replacement of products damaged by abuse, accident, misuse, neglect, alteration, repair, disaster, improper installation or improper testing. If the product is found to be otherwise defective, Intel, at its option, will replace or repair the product at no charge except as set forth below, provided that you deliver the product along with a return material autho-rization (RMA) number either to (a) the company from whom you purchased it or (b) to Intel, North America only (if purchased in Europe you must deliver the product to "(a)". If you ship the product, you must assume the risk of damage or loss in transit. You must use the original container (or the equivalent) and pay the shipping charge. Intel may replace or repair the product with either new or remanufactured product or parts, and the returned product becomes Intel’s property. Intel warrants the repaired or replaced product to be free from defects in material and workmanship for a period of the greater of: (i) ninety (90) days from the return shipping date; or (ii) the period of time remaining on the original one (1) year warranty.

This warranty gives you specific legal rights and you may have other rights which vary from state to state. All parts or compo-nents contained in this product are covered by Intel’s limited warranty for this product; the product may contain fully tested, recy-cled parts, warranted as if new. For warranty information call one of the numbers below.

Returning a Defective Product (RMA)

Before returning any product, contact an Intel Customer Support Group and obtain an RMA number by calling the non-toll free numbers below:

If the Customer Support Group verifies that the product is defective, they will have the Return Material Authorization Department issue you an RMA number to place on the outer package of the product. Intel cannot accept any product without an RMA number on the package.

LIMITATION OF LIABILITY AND REMEDIES

INTEL SHALL HAVE NO LIABILITY FOR ANY INDIRECT OR SPECULATIVE DAMAGES (INCLUDING, WITHOUT LIMITING THE FOREGO-ING, CONSEQUENTIAL, INCIDENTAL AND SPECIAL DAMAGES) ARISING FROM THE USE OF OR INABILITY TO USE THIS PRODUCT,

WHE THER ARISING OUT OF CONTRACT, NEGLIGENCE, TORT, OR UNDER ANY WARRANTY, IRRESPECTIVE OF WHETHER INTEL HAS ADVANCE NOTICE OF THE POSSIBILITY OF ANY SUCH DAMAGES, INCLUDING, BUT NOT LIMITED TO LOSS OF USE, INFRINGEMENT OF INTELLECTUAL PROPERTY, BUSINESS INTERRUPTIONS, AND LOSS OF PROFITS, NOTWITHSTANDING THE FOREGOING, INTEL’S TOTAL LIABILITY FOR ALL CLAIMS UNDER THIS AGREEMENT SHALL NOT EXCEED THE PRICE PAID FOR THE PRODUCT. THESE LIMITATIONS ON POTEN-TIAL LIABILITIES WERE AN ESSENTIAL ELEMENT IN SETTING THE PRODUCT PRICE. INTEL NEITHER ASSUMES NOR AUTHORIZES ANYONE TO ASSUME FOR IT ANY OTHER LIABILITIES.

Critical Control Applications: Intel specifically disclaims liability for use of the hardware product in critical control applica-tions (including, for example only, safety or health care control systems, nuclear energy control systems, or air or ground traffic control systems) by Licensee or Sublicensees, and such use is entirely at the user’s risk. Licensee agrees to defend, indemnify, and hold Intel harmless from and against any and all claims arising out of use of the hardware product in such applications by Lic-ensee or Sublicensees.

Software: Software provided with the hardware product is not covered under the hardware warranty described above. See the applicable software license agreement which shipped with the hardware product for details on any software warranty.

Country Number Language

Franch +33 (0) 1 41 91 85 29 French

Germany +49 (0) 69 9509 6099 German

Italy +39 (0) 2 696 33276 Italian

UK +44 (0) 870 607 2439 English

, IndexSymbols

? command 218

Numerics

802.1d Spanning Tree 62, 167802.3ad draft Link Aggregation 146

A

Access Control List 56, 220(see also IP Access Control) 187

aging time of forwarding databasedisabling 233setting 270

ASE routes 312

B

backbone 110, 313backup non-volatile RAM 183

savenv 269batch files

defining configuration information in 224

boot image mode 142BOOTP Relay Agent 60, 133BOOTP/RARP 131

bootp command 225how switch uses 131

Broadcast and Multicast Storm Control 61, 185

C

carrier trayinstalling 15

chassissetting up 14

clear commandsclear counters 228clear fdb 228clear fdb IP 228clear sysfails 294

I N D E X Intel® NetStructure™ 6000 Switch User Guide

334

Command Console Interface 134configuration information

defining in a batch file 224Configure Management menu 66

date & time 68password, basic 68password, privileged 69ping 70SNMP configuration 71system at a glance 67Telnet to console 70

Console Commands 135console commands

? 218acl 189, 220arp 220, 223batch 224bootp 225date 230di 231diag reset 232disable 233enable 236fdb 240gated 242help 243history 244ifconfig 135, 245igmpsnoop 174, 249kill 252loaddefaults 253loadnv 254logout 255netstat 135, 257ping 135, 261ps 263relay 265savenv 269

set 270upgrade 297upgradelue 298upgradewp 299vlan 300

control processorinstalling 16, 28

counter valuesdisplaying 283

CP 16, 28

D

data transmission settings 125date command 230defining configuration information

in a batch file 224deleting a route 268DHCP Client 132di command (see show command) 231diag reset command 144diagnostics 142disable commands

disable acl 233disable aging 233disable dns 234disable et0ipfwd 127, 234disable help 233disable igmpsnoop 234disable port 122, 234disable portmirror 176, 234disable ppp 234disable slip 138, 235disable spantree 235disable syslog 185, 235disable telnetd 137, 235disable web 235


335

display commandsdi 231show 282

displaying 285contents of IP routing table 260counter value 283counters for Internet Group Manage-

ment Protocol 259counters for TFTPfirmware version number 296IGMP Snooping statistics. 259memory buffers in use 260memory resource usage 287network protocol statistics and rout-

ing information 257SNMP manager addresses 290Spanning Tree configuration 291statistics for ICMPstatistics for Internet Protocol 258switch information configuration and

operation 282switch’s MAC address 131system configuration 294

DNS 53, 140Domain Name Service. (see DNS)

E

enable commandsenable acl 189enable aging 237enable dns 141, 237enable et0ipfwd 127, 237enable help 236enable igmpsnoop 172, 237enable port 238enable portmirror 176

enable ppp 139, 238enable slip 138, 238enable spantree 166, 238enable syslog 135, 239enable telnetd 130, 136, 239enable web 239, 256

F

fan assemblyreplacement 23

fault tolerance 10fdb commands

fdb add 240fdb del 240fdb lookup 240fdb mode 241

firmwaredisplaying version number of 296upgrading 143

flash memoryprogramming new system firmware

into 297, 298, 299forwarding database

listing contents of 284

G

gated 194, 242ASE routes 312backbone 313components 195configuring 197default route 201interfaces 195, 199, 306, 310, 314OSPF 193, 204OSPF area link state advertisement


336

database 321OSPF neighbor table 317OSPF statistics 319preference 195RIP 193, 202, 309route table 322routing protocols 194static routes 195, 199, 308virtual links 207, 315

H

hardware version 285help command 129, 243history command 244

I

ICMPdisplaying statistics 259

ifconfig 130, 131, 138, 245IGMP 259

displays counters for 259IGMP Snooping 86, 172Intel Device View

configuring switch for management 35

installation 32managing a switch 35starting, Web version 34starting, Windows version 34using the device tree 36viewing RMON information 39

interface statechanging 247enabling 247

interfaces

adding 199configuring OSPF 314

internet control message protocol (see IC-MP)

internet group management protocol (see IGMP)

Internet Protocol statisticsdisplaying 258

IP Access Control 56(see also Access Control List) 187adding a deny rule 190adding a permit rule 189adding an end rule 190deleting a rule 191displaying the rule list 191modifying a rule 190moving a permit or deny rule 190

IP addresschanging interface addresses 247configuring for an interface 247setting 130setting for SNMP manager 275

IP routing tableadding generic default route 268adding route 267displaying the contents of 260manipulating information in 267

IP statisticsdisplaying 258

K

kill command 252

L

Layer 2


337

frame prioritization 146switching 146

layer 3 187LEDs 21Link Aggregation 65, 146loaddefaults command 136, 253loadnv command 182, 254logout command 129, 255

M

MAC addressdisplaying 131

management console port 126memory buffers

displays how many in use 260memory resource usage

displaying 287modules

installing 17replacing 29

N

netstat commandsnetstat icmp 259netstat igmp 259netstat igmpsnoop 259netstat ip 258netstat mbuf 260netstat routes 260netstat tcp 257netstat tftp 260netstat udp 258

network interfacedisplaying all information about 245

network interface commands 267

arp 220, 223fdb 240gated 242ifconfig 245netstat 257ping 261

network interface commands netstat 257network mask

setting 130network statistics

displaying 257NVRAM

backup 115, 182restoring 116, 183

O

OSPF 107, 193, 204, 311area link state advertisement database

321interfaces 314neighbor table 317statistics 319virtual links 207, 315

P

passwordchanging basic in Web Device Man-

ager 68changing privileged command pass-

word 274privileged mode 129

ping 261in Web Device Manager 70

pinoutfor serial connection 125


338

for the RJ-45 connection 126point-to-point protocol. (see PPP)Port Mirroring 59, 176Port VLAN Identifier. (see PVID)power cords

connecting 20power supplies 52

installing 19replacement 27Web Device Manager 51

PPPdisplaying status 140logging connections 140starting 139

privileged command modeaccessing 129changing password 127, 274setting access to 275

programmingnew system firmware into flash mem-

ory 297, 298, 299ps command 263PVID 157

R

rack mount bracketsattaching 13

relay agentBOOTP/DHCP 133

replacing modules 29Reset 114Reset & Update menu

NVRAM, Restore 116NVRAM, Save 115

Reset and Update menureset switch 115

update CP firmware 118update lookup engine 118updating with the Web Device Man-

ager 117reset switch 115

diag reset command 144RIP 193, 202, 309

interface configuration 310preference 195Routing menu

RIP Configuration 105RJ-45 management console port 126RMON 182routes

adding 267adding generic default route 268adding non-standard netmask address

267deleting 268route commands 267, 268

routingbackbone 110, 313gated 194in Web Device Manager 100layer 3 187OSPF 107, 204RIP 105, 202routing management 192virtual links 111, 315

Routing menuconfiguring OSPF 107routing parameters 102static routes 103virtual links 111

RS-232 port 123


339

S

savenv command 182, 269serial IP connections. (see SLIP)serial port

RS-232 port 123set commands

set agingtime 270set baud 125, 271set community 135, 271set dns 271set dns primary 141set help 270set link 149, 150, 272, 273set passwdbasic 128, 273set passwdpriv 129, 274set portmirror 176set ppp 140, 274set priority 177, 275set priv 129, 143set prompt 275set snmpmgr 135, 275set snmpSecurityLevel 181, 276set spantree 166, 276set storm 185set syslog 280set timeout 137, 281

settinga password 127access to privileged command mode

275data and time 68IP address of an SNMP manager 275network mask 130switch’s calendar 230

show commandsshow community 283show counters 135

show dns 141, 283show fdb 135show help 282show hwversion 285show lastboot 285show link 286show memstats 287show microtime 288show port 149, 288show port group 149show portinfo 289show portmirror 177, 289show ppp 140, 289show priority 290show snmpmgr 290show snmpSecuirtyLevel 291show spantree 170, 171, 291show sprom 293show storm 186, 293show sys 135, 294show sysfails 27, 294show syslog 185, 295show temperature 24, 295show timeout 137, 295, 296show treetype 296show version 296

site requirements 13SLIP

enabling 238starting 138

SNMP 71displaying addresses 290in Web Device Manager 71MIBs 12SNMP Agent 178SNMP manager, setting address of

275Spanning Tree per VLAN 169


340

Rapid Port Activation 171Rapid Reconfiguration 170

Spanning Tree Protocol 12, 62, 166displaying configuration 291

static routes 195, 199, 308Web Device Manager

static routes 103Storm Control 61, 185subnetwork

setting the IP and broadcast address before 248

switch calendarsetting 230

switch configuration and operationdisplaying information about 282enabling 236

SYSLOG 184logging commands 184

system administration commandsbootp 225date 230diag reset 232loaddefaults 253loadnv 254logout 255relay 265savenv 269upgrade 297upgradelue 298upgradewp 299

system configuration commandsacl 220disable 233enable 236igmpsnoop 249set 270vlan 300

system failures

show sysfails command 27system firmware

updates 297, 298, 299system restart times

listing seconds and microseconds since last 288

T

TCPdisplaying statistics 257

Telnet 70, 136, 137disabling 137, 235enabling 239

TFTPdisplaying statistics 260

Transmission Control Protocol (see TCP)Trivial File Transfer Protocol (see TFTP)troubleshooting 22

checklist 22

U

UDPdisplaying statistics 258

upgrade 144upgrade command 297upgradewp command 299use with TFTP 144

upgradelue 144upgrading 117

CP firmware in Web Device Manager 118

lookup engine in Web Device Manag-er 118

upgradelue 144Web Device Manager 117


341

user datagram protocol. (see UDP)utility commands

? 218batch 224clear 228help 243history 244kill 252ps 263

V

VID 76, 156View/Configure Device menu

all ports at a glance 52BOOTP/DHCP relay agent 60broadcast and multicast storm control

61configuring IP settings 54DNS configuration 53IP Access Control 56link aggregation 65module information 51port mirroring 59power supplies & fans 52Spanning Tree 62view CPU processes 66

View/Configure menupower supplies and fans 51

virtual links 111, 207virtual neighbor 319VLAN commands

set priority 177set priority ports port_list untrusted

178vlan add port 300vlan add port(s) 157

vlan create 300vlan del port 157vlan delete port 300vlan disable iproute 166vlan enable iproute 165vlan ifconfig 301vlan ifconfig create 301vlan ifconfig delete 301vlan move 158vlan move port 300vlan name 158, 301vlan port PVID 158, 302vlan ports admit any 164vlan ports admit tagonly 301vlan ports disable ingcheck 164, 302vlan ports enable ingcheck 164, 301vlan ports port_list admit tagonly

165, 301vlan ports port_list enable ingcheck

164, 301vlan print 157, 159, 302vlan reset 159, 303vlan tag/untag port 301vlan VID del port(s) 157

VLAN identifiers. (see VID)VLAN menu

configure port tagging 79IGMP Snooping 86VLAN Create/Delete 75VLAN FDB 92VLAN interface configuration 80VLAN port management 76VLAN reset 81VLAN security 81VLAN Spanning Tree 97

VLAN Security802.1Q ingress checking 164Acceptable Frame Types 164


342

acceptable frame types 85ingress checking 82, 164trusted and untrusted tags 83, 163

VLANSsecurity 162

VLANs 11configuration storage 159Configuring a VLAN with an IP Ad-

dress 165creating 156, 300frame tagging 160membership 159names 158overlapping 161PVID 157Spanning Tree per VLAN 97, 169VID 76, 156vlan commands 300vlan ifconfig 165vlan ports admit tagonly 165vlan ports trusted 163vlan ports untrusted 163VLAN routing configuration 165vlan tag/untag port{s} 160

W

Web Device Manager 43accessing 43all ports at a glance 52backbone

Routing menubackbone 110

BOOTP/DHCP relay agent 60broadcast and multicast storm control

61configure management 66

configuring a port 48configuring IP settings 54configuring OSPF 107data & time 68display options 45DNS configuration 53Help menu 119IGMP Snooping

IGMP Snooping 86IP Access Control 56link aggregation 65module information 51monitoring statistics 49navigating 44NVRAM, Restore 116NVRAM, Save 115password, privileged password

changing privileged in Web De-vice Manager 69

password,basic 68ping 70port mirroring 59power supplies & fans 52reset switch 115RIP configuration 105Routing menu 100routing parameters 102SNMP configuration 71Spanning Tree 62system at a glance 67Telnet to console 70update Web Device Manager 117update, CP firmware 118update, lookup engine 118updating with the Web Device Man-

ager 117upgrading 114version information 50


343

view CPU processes 66view/configure device menu 50virtual links 111VLAN Create/Delete 75VLAN FDB 92VLAN interface configuration 80VLAN menu 74VLAN port management 76VLAN reset 81VLAN security 81VLAN Spanning Tree 97

user guide intel® netstructure™ 6000 switch a19070-001

Documents