| Section |
Page |
| BigIron RX |
1 |
| Contents |
3 |
| About This Document |
41 |
| In this chapter |
41 |
| Audience |
41 |
| Supported hardware and software |
41 |
| List of supported features |
42 |
| Unsupported features |
44 |
| What’s new in this document |
45 |
| Enhancements and configuration notes in release 02.7.02 |
45 |
| Enhancements and configuration notes in release 02.7.01 |
46 |
| Enhancements and configuration notes in release 02.7.00 |
46 |
| Enhancements and configuration notes in release 02.6.00 |
48 |
| Enhancements and configuration notes in patch release 02.5.00c |
50 |
| Enhancements and configuration notes in patch release 02.5.00b |
51 |
| Summary of enhancements and configuration notes in release 02.5.00 |
51 |
| Summary of enhancements and configuration notes in patch release 02.4.00c |
52 |
| Summary of enhancements and configuration notes in release 02.4.00 |
53 |
| Summary of enhancements in patch release 02.3.00a |
57 |
| Summary of enhancements and configuration notes in release 02.3.00 |
58 |
| Summary of enhancements and configuration notes in 02.2.01 |
63 |
| Summary of enhancements in release 02.2.00g |
67 |
| Summary of enhancements and configuration notes in 02.2.00 |
68 |
| Document conventions |
69 |
| Text formatting |
69 |
| Command syntax conventions |
69 |
| Notes, cautions, and danger notices |
69 |
| Notice to the reader |
70 |
| Related publications |
70 |
| Getting technical help or reporting errors |
70 |
| Web access |
71 |
| E-mail access |
71 |
| Telephone access |
71 |
| Getting Started with the Command Line Interface |
73 |
| In this chapter |
73 |
| Logging on through the CLI |
73 |
| On-line help |
74 |
| Command completion |
74 |
| Scroll control |
74 |
| Line editing commands |
75 |
| EXEC commands |
75 |
| Global level |
76 |
| CONFIG commands |
76 |
| Accessing the CLI |
79 |
| Navigating among command levels |
80 |
| CLI command structure |
80 |
| Searching and filtering output |
81 |
| Allowable characters for LAG names |
86 |
| Syntax shortcuts |
86 |
| Saving configuration changes |
86 |
| Getting Familiar With the BigIron RX Series Switch Management Applications |
89 |
| In this chapter |
89 |
| How to manage BigIron RX Series switch |
89 |
| Logging on through the CLI |
89 |
| On-line help |
90 |
| Command completion |
90 |
| Scroll control |
90 |
| Line editing commands |
91 |
| Searching and filtering output from CLI commands |
91 |
| Allowable characters for LAG names |
95 |
| Logging on through the Web Management Interface |
96 |
| Web Management Interface |
97 |
| Logging on through IronView Network Manager |
98 |
| Using a Redundant Management Module |
99 |
| In this chapter |
99 |
| How management module redundancy works |
99 |
| Management module redundancy overview |
99 |
| Management module switchover |
100 |
| Switchover implications |
101 |
| Management module redundancy configuration |
103 |
| Changing the default active Chassis slot |
103 |
| Managing management module redundancy |
103 |
| File synchronization between the active and standby management modules |
104 |
| Manually switching over to the standby management module |
106 |
| Rebooting the active and standby management modules |
106 |
| Monitoring management module redundancy |
107 |
| Determining management module status |
107 |
| Displaying temperature information |
108 |
| Displaying switchover information |
108 |
| Flash memory and PCMCIA flash card file management commands |
110 |
| Management focus |
111 |
| Flash memory file system |
111 |
| PCMCIA flash card file system |
112 |
| Wildcards |
113 |
| Formatting a flash card |
114 |
| Determining the current management focus |
114 |
| Switching the management focus |
115 |
| Displaying a directory of the files |
115 |
| Displaying the contents of a file |
117 |
| Displaying the hexadecimal output of a file |
118 |
| Creating a subdirectory |
118 |
| Removing a subdirectory |
120 |
| Renaming a file |
121 |
| Changing the read-write attribute of a file |
121 |
| Deleting a file |
122 |
| Recovering (“undeleting”) a file |
123 |
| Appending a file to another file |
124 |
| Copying files using the copy command |
124 |
| Copying files using the cp command |
129 |
| Loading the software |
129 |
| Saving configuration changes |
131 |
| File management messages |
132 |
| Securing Access to Management Functions |
133 |
| In this chapter |
133 |
| Securing access methods |
133 |
| Restricting remote access to management functions |
135 |
| Using ACLs to restrict remote access |
135 |
| Restricting remote access to the device to specific IP addresses |
138 |
| Specifying the maximum number of login attempts for Telnet access |
140 |
| Restricting remote access to the device to specific VLAN IDs |
140 |
| Disabling specific access methods |
141 |
| Setting passwords |
143 |
| Setting a Telnet password |
143 |
| Setting passwords for management privilege levels |
144 |
| Recovering from a lost password |
146 |
| Displaying the SNMP community string |
146 |
| Disabling password encryption |
146 |
| Specifying a minimum password length |
147 |
| Setting up local user accounts |
147 |
| Configuring a local user account |
148 |
| Configuring SSL security for the Web Management Interface |
150 |
| Enabling the SSL server on the device |
150 |
| Importing digital certificates and RSA private key files |
151 |
| Generating an SSL certificate |
151 |
| Configuring TACACS/TACACS+ security |
152 |
| How TACACS+ differs from TACACS |
152 |
| TACACS/TACACS+ authentication, authorization, and accounting |
152 |
| TACACS/TACACS+ configuration considerations |
156 |
| Enabling SNMP to configure TACACS/TACACS |
157 |
| Identifying the TACACS/TACACS+ servers |
157 |
| Specifying different servers for individual AAA functions |
158 |
| Setting optional TACACS/TACACS+ parameters |
158 |
| Configuring authentication-method lists for TACACS/TACACS+ |
160 |
| Configuring TACACS+ authorization |
161 |
| Configuring TACACS+ accounting |
164 |
| Configuring an interface as the source for all TACACS/TACACS+ packets |
166 |
| Displaying TACACS/TACACS+ statistics and configuration information |
167 |
| Configuring RADIUS security |
168 |
| RADIUS authentication, authorization, and accounting |
168 |
| RADIUS configuration considerations |
171 |
| RADIUS configuration procedure |
171 |
| Configuring Brocade-specific attributes on the RADIUS server |
172 |
| Enabling SNMP to configure RADIUS |
173 |
| Identifying the RADIUS server to the BigIron RX |
173 |
| Specifying different servers for individual AAA functions |
174 |
| Setting RADIUS parameters |
174 |
| Configuring authentication-method lists for RADIUS |
175 |
| Configuring RADIUS authorization |
176 |
| Configuring RADIUS accounting |
178 |
| Configuring an interface as the source for all RADIUS packets |
179 |
| Displaying RADIUS configuration information |
180 |
| Configuring authentication-method lists |
181 |
| Configuration considerations for authentication-method lists |
182 |
| Examples of authentication-method lists |
183 |
| Configuring Basic Parameters |
185 |
| In this chapter |
185 |
| Entering system administration information |
186 |
| Configuring Simple Network Management Protocol(SNMP) traps |
186 |
| Specifying an SNMP trap receiver |
187 |
| Specifying a Single trap source |
187 |
| Setting the SNMP Trap holddown time |
188 |
| Disabling SNMP traps |
188 |
| Disabling Syslog messages and traps for CLI access |
189 |
| Configuring an interface as the source for all Telnet packets |
190 |
| Cancelling an outbound Telnet session |
191 |
| Configuring an interface as the source for all TFTP packets |
191 |
| Configuring an interface as the source for Syslog packets |
192 |
| Specifying a Simple Network Time Protocol (SNTP) server |
193 |
| Setting the system clock |
194 |
| New Daylight Saving Time (DST) |
196 |
| Configuring CLI banners |
196 |
| Setting a message of the day banner |
196 |
| Setting a privileged EXEC CLI level banner |
197 |
| Displaying a message on the console when an incoming Telnet session is detected |
197 |
| Configuring terminal display |
198 |
| Checking the length of terminal displays |
198 |
| Enabling or disabling routing protocols |
198 |
| Displaying and modifying system parameter default settings |
199 |
| Enabling or disabling Layer 2 switching |
201 |
| CAM partitioning for the BigIron RX |
202 |
| Re-distributing CAM allocations |
202 |
| Nexthop table |
203 |
| Changing the MAC age time |
204 |
| Configuring static ARP entries |
204 |
| Configuring Interface Parameters |
205 |
| In this chapter |
205 |
| Assigning a port name |
205 |
| Assigning an IP address to a port |
206 |
| Speed/Duplex negotiation |
206 |
| Disabling or re-enabling a port |
207 |
| Changing the default Gigabit negotiation mode |
208 |
| Changing the negotiation mode |
208 |
| Disabling or re-enabling flow control |
208 |
| Specifying threshold values for flow control |
209 |
| Locking a port to restrict addresses |
209 |
| Wait for all cards feature |
210 |
| Port transition hold timer |
210 |
| Port flap dampening |
210 |
| Modifying port priority (QoS) |
212 |
| Assigning a mirror port and monitor ports |
212 |
| Configuration guidelines for monitoring traffic |
213 |
| Configuring port mirroring and monitoring |
213 |
| Monitoring an individual trunk port |
214 |
| Mirror ports for Policy-Based Routing (PBR) traffic |
215 |
| About hardware-based PBR |
215 |
| Configuring mirror ports for PBR traffic |
215 |
| Displaying mirror and monitor port configuration |
216 |
| Enabling WAN PHY mode support |
216 |
| Configuring IP |
217 |
| In this chapter |
217 |
| Overview of configuring IP |
217 |
| The IP packet flow |
218 |
| ARP cache table |
219 |
| Static ARP table |
219 |
| IP Route table |
220 |
| IP forwarding cache |
221 |
| Basic IP parameters and defaults |
221 |
| When parameter changes take effect |
221 |
| IP global parameters |
222 |
| IP interface parameters |
224 |
| Configuring IP parameters |
225 |
| Configuring IP addresses |
226 |
| Changing the network mask display to prefix format |
228 |
| Configuring the default gateway |
229 |
| GRE IP tunnel |
229 |
| IPv6 over IPv4 tunnels in hardware |
234 |
| Configuring Domain Name Server (DNS) resolver |
238 |
| Adding host names to the DNS cache table |
239 |
| Configuring packet parameters |
243 |
| Changing the encapsulation type |
243 |
| Setting maximum frame size per PPCR |
244 |
| Changing the MTU |
245 |
| Changing the router ID |
246 |
| Specifying a single source interface for Telnet, TACACS/TACACS+, or RADIUS packets |
247 |
| Configuring an interface as the source for Syslog packets |
249 |
| IP fragmentation protection |
250 |
| IP option attack protection |
250 |
| IP receive access list |
250 |
| Configuring ARP parameters |
251 |
| How ARP works |
251 |
| Rate limiting ARP packets |
252 |
| Applying a rate limit to ARP packets on an interface |
253 |
| Clearing the rate limit for ARP packets |
254 |
| Changing the ARP aging period |
254 |
| Creating a floating static ARP entry |
256 |
| Static route ARP validation check |
257 |
| Configuring forwarding parameters |
258 |
| Disabling ICMP messages |
260 |
| Disabling ICMP redirect messages |
262 |
| Configuring static routes |
263 |
| Static route tagging |
268 |
| Configuring a default network route |
272 |
| Configuring IP load sharing |
273 |
| Default route ECMP |
276 |
| IP receive access list |
277 |
| Configuring IRDP |
278 |
| Configuring UDP broadcast and IP helper parameters |
280 |
| Configuring BootP/DHCP forwarding parameters |
283 |
| Displaying IP information |
285 |
| Displaying IP interface information |
287 |
| Displaying interface name in Syslog |
288 |
| Displaying ARP entries |
289 |
| Displaying the forwarding cache |
291 |
| Displaying the IP route table |
292 |
| Clearing IP routes |
295 |
| Displaying IP traffic statistics |
295 |
| Displaying TCP traffic statistics |
298 |
| Link Aggregation |
301 |
| In this chapter |
301 |
| Link aggregation overview |
301 |
| LAG formation rules |
302 |
| LAG load sharing |
304 |
| Hash based load sharing |
304 |
| Migration from a pre-02.6.00 trunk or LACP configuration |
305 |
| Configuration of a LAG |
306 |
| Creating a Link Aggregation Group (LAG) |
307 |
| Deploying a LAG |
309 |
| Commands available under LAG once it is deployed |
310 |
| Configuring ACL-based mirroring |
310 |
| Disabling ports within a LAG |
311 |
| Enabling ports within a LAG |
311 |
| Monitoring an individual LAG port |
311 |
| Assigning a name to a port within a LAG |
312 |
| Enabling sFlow forwarding on a port within a LAG |
312 |
| Setting the sFlow sampling rate for a port within a LAG |
312 |
| Displaying LAG information |
313 |
| Displaying LAG statistics |
317 |
| Configuring LLDP |
319 |
| In this chapter |
319 |
| Terms used in this chapter |
319 |
| LLDP overview |
320 |
| Benefits of LLDP |
320 |
| General operating principles |
321 |
| Operating modes |
321 |
| LLDP packets |
322 |
| TLV support |
322 |
| MIB support |
325 |
| Syslog messages |
325 |
| Configuring LLDP |
325 |
| Configuration notes and considerations |
326 |
| Enabling and disabling LLDP |
326 |
| Changing a port’s LLDP operating mode |
327 |
| Specifying the maximum number of LLDP neighbors |
328 |
| Enabling LLDP SNMP notifications and Syslog messages |
329 |
| Specifying the minimum time between SNMP traps and Syslog messages |
329 |
| Changing the minimum time between LLDP transmissions |
330 |
| Changing the interval between regular LLDP transmissions |
330 |
| Changing the holdtime multiplier for transmit TTL |
331 |
| Changing the minimum time between port reinitializations |
331 |
| LLDP TLVs advertised by the Brocade device |
332 |
| Displaying LLDP statistics and configuration settings |
338 |
| LLDP configuration summary |
338 |
| LLDP statistics |
339 |
| LLDP neighbors |
340 |
| LLDP neighbors detail |
341 |
| LLDP configuration details |
343 |
| Resetting LLDP statistics |
344 |
| Configuring Uni-Directional Link Detection (UDLD) |
345 |
| In this chapter |
345 |
| Configuration considerations |
346 |
| Configuring UDLD |
346 |
| Changing the keepalive interval |
346 |
| Changing the keepalive retries |
347 |
| Displaying UDLD information |
347 |
| Displaying information for all ports |
347 |
| Displaying link-keepalive information |
347 |
| Displaying information for a single port |
349 |
| Clearing UDLD statistics |
350 |
| VLANs |
351 |
| In this chapter |
351 |
| Overview of Virtual Local Area Networks (VLANs) |
351 |
| Tagged, untagged, and dual-mode ports |
351 |
| Protocol-based VLANs |
353 |
| VLAN configuration rules |
354 |
| VLAN ID range |
354 |
| Tagged VLANs |
354 |
| VLAN hierarchy |
354 |
| Multiple VLAN membership rules |
355 |
| Layer 2 control protocols on VLANs |
355 |
| Configuring port-based VLANs |
355 |
| VLAN byte accounting |
356 |
| Strictly or explicitly tagging a port |
358 |
| Assigning or changing a VLAN priority |
358 |
| Assigning a different ID to the default VLAN |
359 |
| Configuring protocol-based VLANs |
359 |
| Configuring an MSTP instance |
360 |
| Configuring virtual routing interfaces |
360 |
| Bridging and routing the same protocol simultaneously on the same device |
361 |
| Integrated Switch Routing (ISR) |
362 |
| VLAN groups |
363 |
| Configuring a VLAN group |
363 |
| Configuring super aggregated VLANs |
365 |
| Configuring aggregated VLANs |
367 |
| Complete CLI examples |
368 |
| Configuring 802.1q-in-q tagging |
371 |
| Configuration rules |
372 |
| Enabling 802.1Q-in-Q tagging |
372 |
| Example configuration |
374 |
| Configuring 802.1q tag-type translation |
374 |
| Configuration rules |
376 |
| Enabling 802.1q tag-type translation |
377 |
| Private VLANs |
378 |
| Implementation notes |
379 |
| Configuration notes |
379 |
| Configuring a private VLAN |
380 |
| Enabling broadcast, multicast or unknown unicast traffic to the private VLAN |
382 |
| CLI example for Figure 30 |
383 |
| Other VLAN features |
383 |
| Allocating memory for more VLANs or virtual routing interfaces |
383 |
| Hardware flooding for Layer 2 multicast and broadcast packets |
383 |
| Unknown unicast flooding on VLAN ports |
384 |
| Flow based MAC learning |
385 |
| Configuring uplink ports within a port-based VLAN |
385 |
| Configuring control protocols in VLANs |
386 |
| Other configuration options |
386 |
| Displaying VLAN information |
386 |
| Displaying VLAN information |
386 |
| Displaying VLAN information for specific ports |
387 |
| Displaying VLAN status and port types |
388 |
| Displaying VLAN group information |
389 |
| Transparent firewall mode |
389 |
| Enabling a transparent firewall |
389 |
| Configuring Spanning Tree Protocol |
391 |
| In this chapter |
391 |
| IEEE 802.1D Spanning Tree Protocol (STP) |
391 |
| Enabling or disabling STP |
391 |
| Default STP bridge and port parameters |
393 |
| Changing STP bridge parameters |
394 |
| Changing STP port parameters |
394 |
| STP root guard |
394 |
| Spanning Tree Protocol (STP) BPDU guard |
396 |
| Displaying STP information |
396 |
| IEEE Single Spanning Tree (SSTP) |
402 |
| SSTP defaults |
402 |
| Enabling SSTP |
403 |
| Displaying SSTP information |
404 |
| PVST/PVST+ compatibility |
404 |
| Overview of PVST and PVST+ |
405 |
| VLAN tags and dual mode |
405 |
| Enabling PVST+ support |
406 |
| Displaying PVST+ support information |
406 |
| Configuration examples |
407 |
| SuperSpan™ |
409 |
| Customer ID |
410 |
| BPDU forwarding |
410 |
| Configuring SuperSpan |
415 |
| Configuring Rapid Spanning Tree Protocol |
419 |
| In this chapter |
419 |
| Overview of Rapid Spanning Tree Protocol |
419 |
| Bridges and bridge port roles |
419 |
| Assignment of port roles |
420 |
| Ports on Switch 1 |
421 |
| Ports on Switch 2 |
421 |
| Ports on Switch 3 |
421 |
| Ports Switch 4 |
422 |
| Edge ports and edge port roles |
422 |
| Point-to-point ports |
423 |
| Bridge port states |
423 |
| Edge port and non-edge port states |
424 |
| Changes to port roles and states |
424 |
| State machines |
424 |
| Handshake mechanisms |
425 |
| Convergence in a simple topology |
435 |
| Convergence at start up |
436 |
| Convergence after a link failure |
438 |
| Convergence at link restoration |
439 |
| Convergence in a complex RSTP topology |
441 |
| Propagation of topology change |
443 |
| Compatibility of RSTP with 802.1D |
446 |
| Configuring RSTP parameters |
447 |
| Enabling or disabling RSTP in a port-based VLAN |
447 |
| Enabling or disabling RSTP on a single spanning tree |
448 |
| Disabling or enabling RSTP on a port |
448 |
| Changing RSTP bridge parameters |
448 |
| Changing port parameters |
449 |
| Fast port span |
450 |
| Fast uplink span |
453 |
| Displaying RSTP information |
455 |
| Metro Ring Protocol (MRP) Phase 1 and 2 |
459 |
| In this chapter |
459 |
| Metro Ring Protocol (MRP) phase 1 |
459 |
| MRP rings without shared interfaces |
461 |
| Ring initialization |
462 |
| How ring breaks are detected and healed |
465 |
| Master VLANs and customer VLANs in a topology group |
466 |
| Configuring MRP |
467 |
| Adding an MRP ring to a VLAN |
468 |
| Changing the hello and preforwarding times |
469 |
| MRP phase 2 |
469 |
| Ring initialization for shared interfaces |
471 |
| How ring breaks Are detected and healed between shared interfaces |
472 |
| Selection of master node |
472 |
| RHP processing in rings with shared interfaces |
473 |
| Normal flow |
473 |
| Flow when a link breaks |
474 |
| Configuring MRP with shared interfaces |
475 |
| Using MRP diagnostics |
476 |
| Enabling MRP diagnostics |
476 |
| Displaying MRP diagnostics |
476 |
| Displaying MRP information |
477 |
| Displaying topology group information |
477 |
| Displaying ring information |
478 |
| MRP CLI example |
479 |
| Commands on switch A (master node) |
480 |
| Commands on switch B |
480 |
| Commands on switch C |
481 |
| Commands on switch D |
481 |
| Virtual Switch Redundancy Protocol (VSRP) |
483 |
| In this chapter |
483 |
| Overview of Virtual Switch Redundancy Protocol (VSRP) |
483 |
| Layer 2 and Layer 3 redundancy |
485 |
| Master election and failover |
485 |
| Configuring basic VSRP parameters |
490 |
| Enabling Layer 3 VSRP |
491 |
| Configuring optional VSRP parameters |
491 |
| Disabling VSRP on a VRID |
491 |
| Configuring authentication |
491 |
| Configuring a VRID IP address |
492 |
| VSRP fast start |
493 |
| Changing the backup priority |
494 |
| Saving the timer values received from the master |
494 |
| VSRP slow start |
495 |
| Changing the Time-To-Live (TTL) |
495 |
| Changing the hello interval |
496 |
| Changing the dead interval |
496 |
| Changing the backup hello state and interval |
496 |
| Changing the hold-down interval |
497 |
| Changing the default track priority |
497 |
| Specifying a track port |
498 |
| Disabling or re-enabling backup pre-emption |
498 |
| Port transition hold timer |
498 |
| Clearing VSRP information |
499 |
| VSRP and MRP signaling |
499 |
| Displaying VSRP information |
501 |
| Displaying VRID information |
501 |
| Displaying a summary of VSRP information |
503 |
| Displaying VSRP packet statistics for VSRP |
504 |
| Displaying the active interfaces for a VRID |
505 |
| Topology Groups |
507 |
| In this chapter |
507 |
| Topology overview |
507 |
| Master VLAN and member VLANs |
507 |
| Master VLANs and customer VLANs in MRP |
508 |
| Control ports and free ports |
508 |
| Configuration considerations |
508 |
| Configuring a topology group |
509 |
| Displaying topology group information |
510 |
| Displaying topology group information |
510 |
| Configuring VRRP and VRRPE |
511 |
| In this chapter |
511 |
| Overview of VRRP |
511 |
| Standard VRRP |
512 |
| Brocade enhancements of VRRP |
514 |
| Overview of VRRPE |
516 |
| VRRP and VRRPE parameters |
518 |
| Configuring parameters specific to VRRP |
520 |
| Configuring the owner |
520 |
| Configuring basic VRRP parameters |
521 |
| Configuring the owner |
521 |
| Configuring a backup |
521 |
| Configuration rules for VRRP |
521 |
| Configuring parameters specific to VRRPE |
522 |
| Configuration rules for VRRPE |
522 |
| Configuring additional VRRP and VRRPE parameters |
523 |
| Authentication type |
523 |
| Suppression of RIP advertisements on backup routers for the backup up interface |
524 |
| Hello interval |
524 |
| Dead interval |
525 |
| Backup hello message state and interval |
525 |
| Track port |
525 |
| Track priority |
526 |
| Backup preempt |
526 |
| Master router abdication and reinstatement |
527 |
| Displaying VRRP and VRRPE information |
528 |
| Displaying summary information |
528 |
| Displaying detailed information |
529 |
| Displaying statistics |
532 |
| Clearing VRRP or VRRPE statistics |
533 |
| Configuration examples |
533 |
| VRRP example |
534 |
| VRRPE example |
535 |
| Configuring Quality of Service |
537 |
| In this chapter |
537 |
| Overview of Quality of Service (QoS) |
537 |
| Classification |
537 |
| Processing of classified traffic |
538 |
| Marking |
540 |
| Configuring DSCP classification by interface |
540 |
| Configuring port, MAC, and VLAN-based classification |
541 |
| Configuring ToS-based QoS |
542 |
| Enabling ToS-based QoS |
542 |
| Specifying trust level |
542 |
| Enabling marking |
543 |
| Configuring the QoS mappings |
543 |
| Changing the CoS –> DSCP mappings |
543 |
| Changing the DSCP –> DSCP mappings |
544 |
| Changing the DSCP –> internal forwarding priority mappings |
544 |
| Changing the CoS –> internal forwarding priority mappings |
545 |
| Displaying QoS configuration information |
546 |
| Determining packet drop priority using WRED |
547 |
| How WRED Operates |
548 |
| Calculating avg-q-size |
548 |
| Calculating packets that are dropped |
549 |
| Using WRED with rate limiting |
549 |
| Configuring packet drop priority using WRED |
549 |
| Enabling WRED |
549 |
| Setting the averaging-weight (Wq) parameter |
550 |
| Displaying the WRED configuration |
553 |
| Scheduling traffic for forwarding |
554 |
| Configuring traffic scheduling |
554 |
| Configuring multicast traffic engineering |
558 |
| Displaying the multicast traffic engineering configuration |
559 |
| QoS for the oversubscribed 16 x 10GE modules |
560 |
| Aggregation NP QOS modes |
560 |
| Port group assignments |
560 |
| Setting the server and storage modes |
561 |
| Switching between server and storage modes |
561 |
| Qos profiles |
561 |
| Setting the group port weights |
562 |
| Calculating the values for WFQ storage mode traffic scheduling |
562 |
| Egress port shaping |
563 |
| Mirroring ports |
563 |
| Supported ACLs |
564 |
| Configuring QoS for the 16 x 10G module |
564 |
| Configuring Traffic Reduction |
567 |
| In this chapter |
567 |
| Traffic policing on the BigIron RX Series |
567 |
| Traffic reduction parameters and algorithm |
568 |
| Requested rate |
568 |
| Maximum burst |
568 |
| Actual rate |
568 |
| Configuration considerations |
569 |
| Configuring rate limiting policies |
570 |
| Configuring a port-based rate limiting policy |
570 |
| Configuring a port-and-priority-based rate limiting policy |
571 |
| Configuring a port-and-VLAN-based rate limiting policy |
571 |
| Configuring a VLAN-group-based rate limiting policy |
572 |
| Configuring a port-and-IPv6 ACL-based traffic reduction |
574 |
| NP based multicast, broadcast, and unknown-unicast rate limiting |
575 |
| Displaying traffic reduction |
576 |
| Layer 2 ACLs |
577 |
| In this chapter |
577 |
| Filtering based on ethertype |
577 |
| Configuration rules and notes |
577 |
| Configuring Layer 2 ACLs |
578 |
| Creating a Layer 2 ACL table |
578 |
| Example Layer 2 ACL clauses |
579 |
| Inserting and deleting Layer 2 ACL clauses |
580 |
| Binding a Layer 2 ACL table to an interface |
580 |
| Increasing the maximum number of clauses per Layer 2 ACL table |
580 |
| Viewing Layer 2 ACLs |
580 |
| Example of Layer 2 ACL deny by MAC address |
581 |
| Access Control List |
583 |
| In this chapter |
583 |
| How the device processes ACLs |
584 |
| Disabling or re-enabling Access Control Lists (ACLs) |
585 |
| Default ACL action |
585 |
| Types of IP ACLs |
585 |
| ACL IDs and entries |
585 |
| Enabling support for additional ACL statements |
586 |
| ACL-based inbound mirroring |
586 |
| Considerations when configuring ACL-based inbound mirroring |
586 |
| Configuring ACL-based inbound mirroring |
587 |
| Creating an ACL with a mirroring clause |
587 |
| Applying the ACL to an interface |
587 |
| Specifying the destination mirror port |
587 |
| Configuring ACL-based mirroring for ACLs bound to virtual interfaces |
589 |
| Configuring numbered and named ACLs |
590 |
| Configuring standard numbered ACLs |
590 |
| Configuring extended numbered ACLs |
592 |
| Configuring standard or extended named ACLs |
601 |
| Configuring super ACLs |
603 |
| Displaying ACL definitions |
605 |
| Displaying of TCP/UDP numbers in ACLs |
606 |
| ACL logging |
616 |
| Enabling the new logging method |
617 |
| Specifying the wait time |
617 |
| Modifying ACLs |
617 |
| Adding or deleting a comment |
619 |
| Deleting ACL entries |
621 |
| From numbered ACLs |
621 |
| From named ACLs |
622 |
| Applying ACLs to interfaces |
623 |
| Reapplying modified ACLs |
623 |
| ACL automatic rebind |
623 |
| Manually setting the ACL rebind |
623 |
| Applying ACLs to a virtual routing interface |
623 |
| Configuring the Layer 4 session log timer |
624 |
| Displaying ACL log entries |
624 |
| QoS options for IP ACLs |
625 |
| Enabling ACL duplication check |
626 |
| ACL accounting |
626 |
| Displaying accounting statistics for all ACLs |
627 |
| Displaying statistics for an interface |
627 |
| Clearing the ACL statistics |
628 |
| Enabling ACL filtering of fragmented or non-fragmented packets |
629 |
| ACL filtering for traffic switched within a virtual routing interface |
630 |
| ICMP filtering for extended ACLs |
630 |
| Troubleshooting ACLs |
632 |
| Policy-Based Routing |
635 |
| In this chapter |
635 |
| Policy-Based Routing (PBR) |
635 |
| Configuration considerations |
635 |
| Configuring a PBR policy |
636 |
| Configure the ACLs |
636 |
| Configure the route map |
638 |
| Enabling PBR |
638 |
| Configuration examples |
639 |
| Basic example |
639 |
| Setting the next hop |
640 |
| Setting the output interface to the null interface |
641 |
| Trunk formation |
641 |
| Configuring IP Multicast Protocols |
643 |
| In this chapter |
643 |
| Overview of IP multicasting |
643 |
| Multicast terms |
644 |
| Changing global IP multicast parameters |
644 |
| Defining the maximum number of DVMRP cache entries |
645 |
| Defining the maximum number of PIM cache entries |
645 |
| IP multicast boundaries |
645 |
| Configuring multicast boundaries |
646 |
| Displaying multicast boundaries |
646 |
| Passive Multicast Route Insertion (PMRI) |
646 |
| Configuring PMRI |
647 |
| Displaying hardware-drop |
647 |
| Changing IGMP V1 and V2 parameters |
647 |
| Modifying IGMP (V1 and V2) query interval period |
648 |
| Modifying IGMP (V1 and V2) membership time |
648 |
| Modifying IGMP (V1 and V2) maximum response time |
648 |
| Adding an interface to a multicast group |
649 |
| IGMP v3 |
649 |
| Default IGMP version |
651 |
| Compatibility with IGMP V1 and V2 |
651 |
| Enabling the IGMP version per interface setting |
651 |
| Enabling the IGMP version on a physical port within a virtual routing interface |
652 |
| Setting the query interval |
653 |
| Setting the group membership time |
654 |
| Setting the maximum response time |
654 |
| Displaying IGMPv3 information |
654 |
| Clearing IGMP statistics |
658 |
| IGMP V3 and source specific multicast protocols |
658 |
| Configuring a static multicast route |
658 |
| Next hop validation check |
660 |
| PIM dense |
660 |
| Initiating PIM multicasts on a network |
661 |
| Pruning a multicast tree |
661 |
| Grafts to a multicast tree |
663 |
| PIM DM versions |
663 |
| Configuring PIM DM |
664 |
| Failover time in a multi-path topology |
668 |
| Modifying the TTL |
668 |
| PIM Sparse |
668 |
| PIM Sparse router types |
669 |
| RP paths and SPT paths |
670 |
| Configuring PIM Sparse |
670 |
| Anycast RP |
675 |
| Route selection precedence for multicast |
679 |
| Changing the Shortest Path Tree (SPT) threshold |
681 |
| Displaying PIM Sparse configuration information and statistics |
682 |
| PIM-SSMv4 |
692 |
| Enabling SSM |
693 |
| Configuring Multicast Source Discovery Protocol (MSDP) |
693 |
| Peer Reverse Path Forwarding (RPF) flooding |
695 |
| Source active caching |
695 |
| Configuring MSDP |
696 |
| Enabling MSDP |
696 |
| Configuring MSDP peers |
696 |
| Designating an interface’s IP address as the RP’s IP address |
697 |
| Filtering MSDP source-group pairs |
697 |
| Filtering incoming source-active messages |
697 |
| Filtering advertised source-active messages |
699 |
| Displaying the differences before and after the source active filters are applied |
700 |
| Configuring MSDP mesh groups |
702 |
| Configuring MSDP mesh group |
703 |
| Displaying summary information |
710 |
| Displaying peer information |
711 |
| Displaying source active cache information |
714 |
| Clearing MSDP information |
714 |
| Clearing peer information |
715 |
| Clearing the source active cache |
715 |
| Clearing MSDP statistics |
715 |
| DVMRP overview |
715 |
| Initiating DVMRP multicasts on a network |
716 |
| Pruning a multicast tree |
716 |
| Grafts to a multicast tree |
718 |
| Configuring DVMRP |
719 |
| Enabling DVMRP globally and on an interface |
719 |
| Modifying DVMRP global parameters |
719 |
| Modifying DVMRP interface parameters |
722 |
| Displaying information about an upstream neighbor device |
723 |
| Configuring a static multicast route |
723 |
| Configuring IP multicast traffic reduction |
724 |
| Enabling IP multicast traffic reduction |
725 |
| Layer 2 multicast filters |
729 |
| PIM SM traffic snooping |
730 |
| Static IGMP membership |
734 |
| Configuring RIP |
737 |
| In this chapter |
737 |
| Overview of Routing Information Protocol (RIP) |
737 |
| Configuring RIP parameters |
737 |
| Enabling RIP |
738 |
| Configuring metric parameters |
738 |
| Changing the administrative distance |
738 |
| Configuring redistribution |
739 |
| Configuring route learning and advertising parameters |
740 |
| Changing the route loop prevention method |
741 |
| Suppressing RIP route advertisement on a VRRP or VRRPE backup interface |
742 |
| Using prefix lists and route maps as route filters |
743 |
| Setting RIP timers |
744 |
| Displaying RIP filters |
744 |
| Clearing the RIP routes from the routing table |
745 |
| Configuring OSPF Version 2 (IPv4) |
747 |
| In this chapter |
747 |
| Overview of OSPF (Open Shortest Path First) |
747 |
| Designated routers in multi-access networks |
748 |
| Designated router election in multi-access networks |
749 |
| OSPF RFC 1583 and 2328 compliance |
750 |
| Reduction of equivalent AS external LSAs |
750 |
| Support for OSPF RFC 2328 appendix E |
752 |
| Dynamic OSPF activation and configuration |
753 |
| Configuring OSPF |
753 |
| Configuration rules |
754 |
| OSPF parameters |
754 |
| Enable OSPF on the router |
755 |
| Assign OSPF areas |
755 |
| Assigning an area range (optional) |
759 |
| Assigning interfaces to an area |
760 |
| Modify interface defaults |
760 |
| Change the timer for OSPF authentication changes |
763 |
| Block flooding of outbound LSAs on specific OSPF interfaces |
763 |
| Assign virtual links |
764 |
| Modify virtual link parameters |
766 |
| Configuring an OSPF non-broadcast interface |
767 |
| OSPF point-to-point links |
769 |
| Changing the reference bandwidth for the cost on OSPF interfaces |
771 |
| Define redistribution filters |
772 |
| Modify default metric for redistribution |
774 |
| Enable route redistribution |
774 |
| Disable or re-enable load sharing |
776 |
| Configure external route summarization |
777 |
| Configure default route origination |
778 |
| Configuring a default network route |
779 |
| Modify SPF timers |
780 |
| Modify redistribution metric type |
780 |
| Modify administrative distance |
781 |
| Configure OSPF group Link State Advertisement (LSA) pacing |
782 |
| OSPF ABR type 3 LSA filtering |
782 |
| Displaying the configured OSPF area prefix list |
785 |
| Modifing OSPF traps generated |
786 |
| Modify OSPF standard compliance setting |
788 |
| Modify exit overflow interval |
788 |
| Specify types of OSPF Syslog messages to log |
788 |
| Displaying OSPF information |
789 |
| Displaying general OSPF configuration information |
790 |
| Displaying CPU utilization and other OSPF tasks |
791 |
| Displaying OSPF area information |
792 |
| Displaying OSPF neighbor information |
793 |
| Displaying OSPF interface information |
795 |
| Displaying OSPF route information |
797 |
| Displaying OSPF external link state Information |
799 |
| Displaying OSPF database link state information |
800 |
| Displaying OSPF ABR and ASBR information |
801 |
| Displaying OSPF trap status |
802 |
| Displaying OSPF virtual neighbor and link information |
802 |
| OSPF graceful restart |
804 |
| Configuring BGP4 (IPv4 and IPv6) |
809 |
| In this chapter |
809 |
| Overview of BGP4 |
810 |
| Relationship between the BGP4 route table and the IP route table |
811 |
| How BGP4 selects a path for a route |
812 |
| BGP4 message types |
813 |
| Brocade implementation of BGP4 |
815 |
| Memory considerations |
816 |
| Configuring BGP4 |
816 |
| When parameter changes take effect |
818 |
| Activating and disabling BGP4 |
820 |
| Note regarding disabling BGP4 |
820 |
| Entering and exiting the address family configuration level |
821 |
| Filtering specific IP addresses |
821 |
| Defining an AS-path filter |
823 |
| Defining a community filter |
823 |
| Configuring a switch to allow routes with its own AS number |
824 |
| BGP Null0 routing |
825 |
| Aggregating routes advertised to BGP4 neighbors |
829 |
| Configuring the BigIron RX to always compare Multi-Exit Discriminators (MEDs) |
829 |
| Disabling or re-enabling comparison of the AS-path length |
830 |
| Redistributing IBGP routes |
830 |
| Disabling or re-enabling client-to-client route reflection |
831 |
| Configuring a route reflector |
831 |
| Enabling or disabling comparison of the router IDs |
831 |
| Configuring confederations |
832 |
| Configuring route flap dampening |
835 |
| Originating the default route |
836 |
| Changing the default local preference |
836 |
| Changing the default metric used for redistribution |
837 |
| Changing administrative distances |
837 |
| Requiring the first AS to be the neighbor’s AS |
838 |
| Neighbor local-AS |
838 |
| Enabling fast external fallover |
839 |
| Setting the local AS number |
839 |
| Changing the maximum number of shared BGP4 paths |
840 |
| Treating missing MEDs as the worst MEDs |
840 |
| Customizing BGP4 load sharing |
841 |
| Configuring BGP4 neighbors |
841 |
| Removing route dampening from suppressed neighbor’s routes |
845 |
| Encryption of BGP4 MD5 authentication keys |
846 |
| Configuring a BGP4 peer group |
848 |
| Peer group parameters |
849 |
| Specifying a list of networks to advertise |
851 |
| Using the IP default route as a valid next hop for a BGP4 route |
853 |
| Enabling next-hop recursion |
853 |
| Modifying redistribution parameters |
856 |
| Using a table map to set the tag value |
859 |
| Changing the keep alive time and hold time |
859 |
| Changing the BGP4 next-hop update timer |
860 |
| Changing the router ID |
860 |
| Adding a loopback interface |
861 |
| Changing the maximum number of paths for BGP4 load sharing |
861 |
| Configuring route reflection parameters |
862 |
| Filtering |
864 |
| Filtering AS-paths |
865 |
| Filtering communities |
867 |
| Defining and applying IP prefix lists |
869 |
| Defining neighbor distribute lists |
870 |
| Defining route maps |
870 |
| Configuring cooperative BGP4 route filtering |
879 |
| Configuring route flap dampening |
881 |
| Generating traps for BGP |
886 |
| Updating route information and resetting a neighbor session |
886 |
| Clearing traffic counters |
892 |
| Clearing route flap dampening statistics |
893 |
| Removing route flap dampening |
893 |
| Clearing diagnostic buffers |
894 |
| Displaying BGP4 information |
894 |
| Displaying summary BGP4 information |
895 |
| Displaying the active BGP4 configuration |
897 |
| Displaying summary neighbor information |
898 |
| Displaying BGP4 neighbor information |
899 |
| Displaying peer group information |
910 |
| Displaying summary route information |
910 |
| Displaying the BGP4 route table |
911 |
| Displaying BGP4 route-attribute entries |
918 |
| Displaying the routes BGP4 has placed in the IP route table |
919 |
| Displaying route flap dampening statistics |
920 |
| Displaying the active route map configuration |
921 |
| Generalized TTL security mechanism support |
924 |
| Configuring MBGP |
927 |
| In this chapter |
927 |
| Configuration considerations |
928 |
| Configuring MBGP |
928 |
| Setting the maximum number of multicast routes supported |
928 |
| Enabling MBGP |
929 |
| Adding MBGP neighbors |
929 |
| Optional configuration tasks |
930 |
| Displaying MBGP information |
933 |
| Displaying summary MBGP information |
934 |
| Displaying the active MBGP configuration |
935 |
| Displaying MBGP neighbors |
935 |
| Displaying MBGP routes |
937 |
| Displaying the IP multicast route table |
937 |
| Configuring Secure Shell |
939 |
| In this chapter |
939 |
| Overview of Secure Shell (SSH) |
939 |
| SSH version 2 support |
939 |
| Supported features |
940 |
| Configuring SSH |
941 |
| Generating a host key pair |
941 |
| Configuring DSA challenge-response authentication |
942 |
| Disabling 3-DES |
947 |
| Displaying SSH connection information |
947 |
| Using secure copy |
948 |
| Configuring IS-IS (IPv4) |
951 |
| In this chapter |
951 |
| Relationship to IP route table |
952 |
| Intermediate systems and end systems |
952 |
| Domain and areas |
953 |
| Level-1 routing and Level-2 routing |
953 |
| Neighbors and adjacencies |
954 |
| Designated IS |
954 |
| IS-IS CLI levels |
956 |
| Global configuration level |
956 |
| Address family configuration level |
956 |
| Interface level |
957 |
| Configuring IPv4 IS-IS |
957 |
| Enabling IS-IS globally |
957 |
| Globally configuring IS-IS on a device |
958 |
| Setting the overload bit |
959 |
| Configuring authentication |
960 |
| Changing the IS-IS Level globally |
960 |
| Disabling or re-enabling display of hostname |
961 |
| Changing the sequence numbers PDU interval |
961 |
| Changing the maximum LSP lifetime |
962 |
| Changing the LSP refresh interval |
962 |
| Changing the LSP generation interval |
962 |
| Changing the LSP interval and retransmit interval |
963 |
| Changing the SPF timer |
963 |
| Globally disabling or re-enabling hello padding |
963 |
| Logging adjacency changes |
964 |
| Disabling partial SPF calculations |
964 |
| Configuring IPv4 address family route parameters |
964 |
| Changing the metric style |
965 |
| Changing the maximum number of load sharing paths |
965 |
| Enabling advertisement of a default route |
965 |
| Changing the administrative distance for IPv4 IS-IS |
966 |
| Configuring summary addresses |
967 |
| Redistributing routes into IPv4 IS-IS |
967 |
| Changing the default redistribution metric |
968 |
| Redistributing static IPv4 routes into IPv4 IS-IS |
968 |
| Redistributing directly connected routes into IPv4 IS-IS |
969 |
| Redistributing RIP routes into IPv4 IS-IS |
969 |
| Redistributing OSPF routes into IPv4 IS-IS |
970 |
| Redistributing BGP4+ routes into IPv4 IS-IS |
970 |
| Redistributing IPv4 IS-IS routes within IPv4 IS-IS |
970 |
| Configuring ISIS properties on an interface |
971 |
| Disabling and enabling IS-IS on an interface |
971 |
| Disabling or re-enabling formation of adjacencies |
971 |
| Setting the priority for designated IS election |
972 |
| Limiting access to adjacencies with a neighbor |
972 |
| Changing the IS-IS level on an interface |
972 |
| Disabling and enabling hello padding on an interface |
973 |
| Changing the hello interval |
973 |
| Changing the hello multiplier |
973 |
| Changing the metric added to advertised routes |
974 |
| Displaying IPv4 IS-IS information |
974 |
| Displaying the IS-IS configuration in the running-config |
975 |
| Displaying the name mappings |
975 |
| Displaying neighbor information |
976 |
| Displaying IS-IS Syslog messages |
977 |
| Displaying interface information |
978 |
| Displaying route information |
980 |
| Displaying LSP database entries |
981 |
| Displaying traffic statistics |
984 |
| Displaying error statistics |
985 |
| Clearing IS-IS information |
986 |
| BiDirectional Forwarding Detection (BFD) |
989 |
| In this chapter |
989 |
| Configuring BFD parameters |
990 |
| Number of BFD sessions supported |
990 |
| Disabling BFD Syslog messages |
990 |
| Displaying Bidirectional Forwarding Detection information |
991 |
| Displaying BFD information on a router |
991 |
| Clearing BFD neighbor sessions |
995 |
| Configuring BFD for the specified protocol |
995 |
| Configuring BFD for OSPFv2 |
995 |
| Configuring BFD for OSPFv3 |
996 |
| Configuring BFD for IS-IS |
996 |
| Configuring Multi-Device Port Authentication |
999 |
| In this chapter |
999 |
| How multi-device port authentication works |
999 |
| RADIUS authentication |
999 |
| Authentication-failure actions |
1000 |
| Supported RADIUS attributes |
1000 |
| Dynamic VLAN and ACL assignments |
1000 |
| Support for authenticating multiple MAC addresses on an interface |
1001 |
| Support for multi-device port authentication and 802.1x on the same interface |
1001 |
| Configuring multi-device port authentication |
1001 |
| Enabling multi-device port authentication |
1002 |
| Configuring an authentication method list for 802.1x |
1002 |
| Setting RADIUS parameters |
1002 |
| Specifying the format of the MAC addresses sent to the RADIUS server |
1003 |
| Specifying the authentication-failure action |
1003 |
| Defining MAC address filters |
1004 |
| Configuring dynamic VLAN assignment |
1004 |
| Specifying to which VLAN a port is moved after its RADIUS-specified VLAN assignment expires |
1005 |
| Saving dynamic VLAN assignments to the running configuration file |
1006 |
| Clearing authenticated MAC addresses |
1006 |
| Disabling aging for authenticated MAC addresses |
1007 |
| Specifying the aging time for blocked MAC addresses |
1008 |
| Displaying multi-device port authentication information |
1008 |
| Displaying authenticated MAC address information |
1008 |
| Displaying multi-device port authentication configuration information |
1009 |
| Displaying multi-device port authentication information for a specific MAC address or port |
1012 |
| Displaying the authenticated MAC addresses |
1013 |
| Displaying the non-authenticated MAC addresses |
1013 |
| Using the MAC Port Security Feature |
1015 |
| In this chapter |
1015 |
| Overview of MAC port security |
1015 |
| Local and global resources |
1015 |
| Configuring the MAC port security feature |
1016 |
| Enabling the MAC port security feature |
1016 |
| Setting the maximum number of secure MAC addresses for an interface |
1016 |
| Setting the port security age timer |
1017 |
| Specifying secure MAC addresses |
1017 |
| Autosaving secure MAC addresses to the startup-config file |
1017 |
| Defining security violation actions |
1018 |
| Port security MAC violation limit |
1019 |
| Transparent port flooding |
1020 |
| Displaying MAC port security information |
1021 |
| Displaying port security settings |
1021 |
| Displaying the secure MAC addresses on the device |
1022 |
| Displaying port security statistics |
1022 |
| Displaying a list of MAC addresses |
1023 |
| Configuring 802.1x Port Security |
1025 |
| In this chapter |
1025 |
| Overview of 802.1x port security |
1025 |
| IETF RFC support |
1025 |
| How 802.1x port security works |
1025 |
| Device roles in an 802.1x configuration |
1025 |
| Communication between the devices |
1026 |
| Controlled and uncontrolled ports |
1028 |
| Message exchange during authentication |
1029 |
| Authenticating multiple clients connected to the same port |
1030 |
| 802.1x port security and sFlow |
1032 |
| Configuring 802.1x port security |
1032 |
| Configuring an authentication method list for 802.1x |
1033 |
| Setting RADIUS parameters |
1033 |
| Configuring dynamic VLAN assignment for 802.1x ports |
1034 |
| Disabling and enabling strict security mode for dynamic filter assignment |
1035 |
| Dynamically applying existing ACLs or MAC address filter |
1036 |
| Configuring per-user IP ACLs or MAC address filters |
1038 |
| Enabling 802.1x port security |
1038 |
| Setting the port control |
1039 |
| Configuring periodic re-authentication |
1040 |
| Re-authenticating a port manually |
1040 |
| Setting the quiet period |
1041 |
| Setting the interval for retransmission of EAP-request/identity frames |
1041 |
| Specifying the number of EAP-request/identity frame retransmissions |
1041 |
| Specifying a timeout for retransmission of messages to the authentication server |
1042 |
| Specifying a timeout for retransmission of EAP-request frames to the client |
1042 |
| Initializing 802.1x on a port |
1042 |
| Allowing multiple 802.1x clients to authenticate |
1042 |
| Displaying 802.1x information |
1044 |
| Displaying 802.1x configuration information |
1044 |
| Displaying 802.1x statistics |
1046 |
| Clearing 802.1x statistics |
1047 |
| Displaying dynamically assigned VLAN information |
1047 |
| Displaying information on MAC address filters and IP ACLs on an interface |
1048 |
| Displaying information about the dot1x-mac-sessions on each port |
1050 |
| Sample 802.1x configurations |
1051 |
| Point-to-point configuration |
1052 |
| Hub configuration |
1053 |
| Protecting Against Denial of Service Attacks |
1055 |
| In this chapter |
1055 |
| Protecting against Smurf attacks |
1055 |
| Avoiding being an intermediary in a Smurf attack |
1056 |
| ACL-based DOS-attack prevention |
1056 |
| Protecting against TCP SYN attacks |
1057 |
| TCP security enhancement |
1058 |
| Displaying statistics due DoS attacks |
1060 |
| Clear DoS attack statistics |
1060 |
| Inspecting and Tracking DHCP Packets |
1061 |
| In this chapter |
1061 |
| Dynamic ARP inspection |
1061 |
| ARP attacks |
1061 |
| How DAI works |
1062 |
| Limits and restrictions |
1063 |
| Configuring DAI |
1063 |
| Displaying ARP inspection status and ports |
1065 |
| Displaying the ARP table |
1065 |
| DHCP snooping |
1066 |
| How DHCP snooping works |
1067 |
| System reboot and the binding database |
1067 |
| Configuring DHCP snooping |
1067 |
| DHCP relay agent information (DHCP option 82) |
1068 |
| Disabling option 82 processing |
1069 |
| Displaying DHCP snooping status and ports |
1070 |
| DHCP snooping configuration example |
1070 |
| IP source guard |
1071 |
| Limits and restrictions |
1071 |
| Enabling IP source guard |
1071 |
| Securing SNMP Access |
1073 |
| In this chapter |
1073 |
| Establishing SNMP community strings |
1073 |
| Encryption of SNMP community strings |
1073 |
| Adding an SNMP community string |
1074 |
| Displaying the SNMP community strings |
1075 |
| Using the user-based security model |
1075 |
| Configuring your NMS |
1075 |
| Configuring SNMP version 3 on the BigIron RX |
1076 |
| Defining the engine ID |
1076 |
| Defining an SNMP group |
1077 |
| Defining an SNMP user account |
1078 |
| Displaying the engine ID |
1079 |
| Displaying SNMP groups |
1080 |
| Displaying user information |
1080 |
| Interpreting varbinds in report packets |
1080 |
| Defining SNMP views |
1081 |
| SNMP v3 configuration examples |
1082 |
| Enabling the Foundry Discovery Protocol (FDP) and Reading Cisco Discovery Protocol (CDP) Packets |
1083 |
| In this chapter |
1083 |
| Using FDP |
1083 |
| Configuring FDP |
1083 |
| Displaying FDP information |
1084 |
| Clearing FDP and CDP information |
1087 |
| Reading CDP packets |
1087 |
| Enabling interception of CDP packets globally |
1088 |
| Enabling interception of CDP packets on an interface |
1088 |
| Displaying CDP information |
1088 |
| Clearing CDP information |
1090 |
| Remote Network Monitoring |
1091 |
| In this chapter |
1091 |
| Basic management |
1091 |
| Viewing system information |
1091 |
| Viewing configuration information |
1091 |
| Viewing port statistics |
1091 |
| Viewing STP statistics |
1092 |
| Clearing statistics |
1092 |
| RMON support |
1092 |
| Statistics (RMON group 1) |
1092 |
| History (RMON group 2) |
1095 |
| Alarm (RMON group 3) |
1095 |
| Event (RMON group 9) |
1096 |
| sFlow |
1097 |
| Configuration considerations |
1097 |
| Configuring and enabling sFlow |
1098 |
| ACL-based inbound sFlow |
1102 |
| Multiple Spanning Tree Protocol (MSTP) 802.1s |
1109 |
| In this chapter |
1109 |
| 802.1s Multiple Spanning Tree Protocol |
1109 |
| Multiple spanning-tree regions |
1109 |
| Configuring MSTP |
1111 |
| Setting the MSTP name |
1111 |
| Setting the MSTP revision number |
1111 |
| Configuring an MSTP instance |
1112 |
| Configuring port priority and port path cost |
1112 |
| Configuring bridge priority for an MSTP instance |
1112 |
| Setting the MSTP global parameters |
1113 |
| Setting ports to be operational edge ports |
1113 |
| Setting point-to-point link |
1114 |
| Disabling MSTP on a port |
1114 |
| Forcing ports to transmit an MSTP BPDU |
1114 |
| Enabling MSTP on a switch |
1114 |
| Displaying MSTP statistics |
1117 |
| Displaying MSTP information for a specified instance |
1119 |
| Displaying MSTP information for CIST instance 0 |
1119 |
| Configuring IP Multicast Traffic Reduction |
1121 |
| In this chapter |
1121 |
| Enabling IP multicast traffic reduction |
1122 |
| Changing the IGMP mode |
1123 |
| Modifying the query interval |
1124 |
| Modifying the age interval |
1124 |
| Filtering multicast groups |
1124 |
| Static IGMP membership |
1125 |
| PIM SM traffic snooping |
1127 |
| Application examples |
1128 |
| Configuration requirements |
1130 |
| Enabling PIM SM traffic snooping |
1130 |
| Multicast traffic reduction per VLAN |
1131 |
| Displaying IP multicast information |
1132 |
| Displaying multicast information |
1132 |
| Displaying IP multicast statistics |
1133 |
| Clearing IP multicast statistics |
1133 |
| Clearing IGMP group flows |
1133 |
| IPv6 Addressing |
1135 |
| In this chapter |
1135 |
| IPv6 addressing |
1135 |
| IPv6 address types |
1136 |
| IPv6 stateless autoconfiguration |
1138 |
| Configuring Basic IPv6 Connectivity |
1139 |
| In this chapter |
1139 |
| Enabling IPv6 routing |
1140 |
| Configuring IPv6 on each router interface |
1140 |
| Configuring a global or site-local IPv6 address |
1140 |
| Configuring a link-local IPv6 address |
1141 |
| Configuring IPv6 anycast addresses |
1142 |
| Configuring the management port for an IPv6 automatic address configuration |
1143 |
| IPv6 host support |
1143 |
| IPv6 host supported features |
1143 |
| IPv6 unsupported features |
1143 |
| IPv6 CLI command support |
1144 |
| Restricting SNMP access to an IPv6 node |
1145 |
| Specifying an IPv6 SNMP trap receiver |
1145 |
| Restricting web management access to an IPv6 host by specifying an IPv6 ACL |
1146 |
| Restricting web management access to an IPv6 host |
1146 |
| Configuring an IPv6 Syslog server |
1146 |
| Viewing IPv6 SNMP server addresses |
1147 |
| Disabling router advertisement and solicitation messages |
1147 |
| Disabling IPv6 on a Layer 2 switch |
1148 |
| Configuring an IPv6 host address for a BigIron RX running a switch image |
1148 |
| Configuring a global or site-local IPv6 address with a manually configured interface ID as the switch’s system-wide address |
1149 |
| Configuring a global or site-local IPv6 address with an automatically computed EUI-64 interface ID as the switch’s system-wide address |
1149 |
| Configuring a link-local IPv6 address as the switch’s system-wide address |
1149 |
| Configuring IPv4 and IPv6 protocol stacks |
1150 |
| Configuring IPv6 Domain Name Server (DNS) resolver |
1151 |
| Defining a DNS entry |
1151 |
| ECMP load sharing for IPv6 |
1152 |
| Disabling or re-enabling ECMP load sharing for IPv6 |
1153 |
| Changing the maximum number of load sharing paths for IPv6 |
1153 |
| Changing the ECMP load-sharing method for IPv6 |
1153 |
| DHCP relay agent for IPv6 |
1154 |
| Configuring DHCP for IPv6 relay agent |
1154 |
| Enabling support for network-based ECMP load sharing for IPv6 |
1154 |
| Displaying ECMP load-sharing information for IPv6 |
1154 |
| Configuring IPv6 ICMP |
1155 |
| Configuring ICMP rate limiting |
1155 |
| Disabling or reenabling ICMP redirect messages |
1156 |
| Configuring IPv6 neighbor discovery |
1156 |
| Neighbor solicitation and advertisement messages |
1157 |
| Router advertisement and solicitation messages |
1157 |
| Neighbor redirect messages |
1158 |
| Setting neighbor solicitation parameters for duplicate address detection |
1158 |
| Setting IPv6 router advertisement parameters |
1159 |
| Controlling prefixes advertised in IPv6 router advertisement messages |
1160 |
| Setting flags in IPv6 router advertisement messages |
1160 |
| Enabling and disabling IPv6 router advertisements |
1161 |
| Configuring reachable time for remote IPv6 nodes |
1161 |
| Changing the IPv6 MTU |
1162 |
| Configuring static neighbor entries |
1163 |
| Limiting the number of hops an IPv6 packet can traverse |
1163 |
| QoS for IPv6 traffic |
1163 |
| Clearing global IPv6 information |
1164 |
| Clearing the IPv6 cache |
1164 |
| Clearing IPv6 neighbor information |
1165 |
| Clearing IPv6 routes from the IPv6 route table |
1165 |
| Clearing IPv6 traffic statistics |
1166 |
| Deleting IPv6 session flows |
1166 |
| Displaying global IPv6 information |
1166 |
| Displaying IPv6 cache information |
1166 |
| Displaying IPv6 interface information |
1167 |
| Displaying IPv6 neighbor information |
1169 |
| Displaying the IPv6 route table |
1170 |
| Displaying local IPv6 routers |
1171 |
| Displaying IPv6 TCP information |
1172 |
| Displaying IPv6 traffic statistics |
1176 |
| Displaying IPv6 session flows |
1179 |
| Configuring RIPng |
1181 |
| In this chapter |
1181 |
| Configuring RIPng |
1181 |
| Enabling RIPng |
1182 |
| Configuring RIPng timers |
1182 |
| Configuring route learning and advertising parameters |
1183 |
| Redistributing routes into RIPng |
1185 |
| Controlling distribution of routes through RIPng |
1185 |
| Configuring poison reverse parameters |
1186 |
| Clearing RIPng routes from IPv6 route table |
1187 |
| Displaying RIPng information |
1187 |
| Displaying RIPng configuration |
1187 |
| Displaying RIPng routing table |
1188 |
| Configuring BGP4+ |
1191 |
| In this chapter |
1191 |
| Address family configuration level |
1191 |
| Configuring BGP4+ |
1192 |
| Enabling BGP4+ |
1193 |
| Configuring BGP4+ neighbors using global or site-local IPv6 addresses |
1193 |
| Adding BGP4+ neighbors using link-local addresses |
1194 |
| Configuring a BGP4+ peer group |
1196 |
| Advertising the default BGP4+ route |
1197 |
| Importing routes into BGP4+ |
1198 |
| Redistributing prefixes into BGP4+ |
1198 |
| Aggregating routes advertised to BGP4 neighbors |
1199 |
| Using route maps |
1200 |
| Clearing BGP4+ information |
1200 |
| Removing route flap dampening |
1200 |
| Clearing route flap dampening statistics |
1201 |
| Clearing BGP4+ local route information |
1201 |
| Clearing BGP4+ neighbor information |
1201 |
| Clearing and resetting BGP4+ routes in the IPv6 route table |
1204 |
| Clearing traffic counters for all BGP4+ neighbors |
1205 |
| Displaying BGP4+ information |
1205 |
| Displaying the BGP4+ route table |
1205 |
| Displaying BGP4+ route information |
1211 |
| Displaying BGP4+ route-attribute entries |
1212 |
| Displaying the BGP4+ running configuration |
1214 |
| Displaying dampened BGP4+ paths |
1214 |
| Displaying filtered-out BGP4+ routes |
1215 |
| Displaying route flap dampening statistics |
1220 |
| Displaying BGP4+ neighbor information |
1221 |
| Displaying BGP4+ peer group configuration information |
1243 |
| Displaying BGP4+ summary |
1244 |
| Configuring IPv6 MBGP |
1247 |
| In this chapter |
1247 |
| Configuration considerations |
1247 |
| Configuring IPv6 MBGP |
1247 |
| Setting the maximum number of multicast routes supported |
1248 |
| Enabling IPv6 MBGP |
1248 |
| Adding IPv6 MBGP neighbors |
1249 |
| Optional configuration tasks |
1249 |
| Aggregating routes advertised to IPv6 BGP neighbors |
1252 |
| Displaying IPv6 MBGP information |
1252 |
| Displaying summary MBGP information |
1253 |
| Displaying the Active MBGP Configuration |
1254 |
| Displaying MBGP neighbors |
1254 |
| Displaying MBGP routes |
1256 |
| Displaying the IPv6 multicast route table |
1256 |
| IPv6 Access Control Lists (ACLs) |
1257 |
| In this chapter |
1257 |
| IPv6 ACLs |
1257 |
| Using IPv6 ACLs as input to other features |
1258 |
| Configuring an IPv6 ACL |
1258 |
| Example configurations |
1259 |
| Default and implicit IPv6 ACL action |
1260 |
| ACL syntax |
1261 |
| Applying an IPv6 ACL to an interface |
1267 |
| Adding TCP flags to an IPv6 ACL entry |
1267 |
| Adding a comment to an IPv6 ACL entry |
1267 |
| Displaying ACLs |
1269 |
| Configuring OSPF Version 3 |
1271 |
| In this chapter |
1271 |
| OSPF version 3 |
1271 |
| Link state advertisement types for OSPFv3 |
1272 |
| Configuring OSPFv3 |
1272 |
| Enabling OSPFv3 |
1273 |
| Assigning OSPFv3 areas |
1273 |
| Configuring virtual links |
1275 |
| Changing the reference bandwidth for the cost on OSPFv3 interfaces |
1277 |
| Redistributing routes into OSPFv3 |
1278 |
| Filtering OSPFv3 routes |
1282 |
| Configuring default route origination |
1285 |
| Modifying shortest path first timers |
1286 |
| Modifying administrative distance |
1287 |
| Configuring the OSPFv3 LSA pacing interval |
1288 |
| Modifying exit overflow interval |
1288 |
| Modifying external link state database limit |
1288 |
| Modifying OSPFv3 interface defaults |
1289 |
| Disabling or reenabling event logging |
1290 |
| Displaying OSPFv3 information |
1290 |
| Displaying OSPFv3 area information |
1290 |
| Displaying OSPFv3 database Information |
1291 |
| Displaying OSPFv3 interface information |
1296 |
| Displaying OSPFv3 memory usage |
1299 |
| Displaying OSPFv3 neighbor information |
1300 |
| Displaying routes redistributed into OSPFv3 |
1302 |
| Displaying OSPFv3 route information |
1303 |
| Displaying OSPFv3 SPF information |
1305 |
| Displaying IPv6 OSPF virtual link information |
1308 |
| Displaying OSPFv3 virtual neighbor information |
1308 |
| Configuring IPv6 Multicast Features |
1311 |
| In this chapter |
1311 |
| IPv6 PIM sparse |
1311 |
| PIM sparse router types |
1312 |
| RP paths and SPT paths |
1312 |
| Configuring PIM sparse |
1312 |
| IPv6 PIM-sparse mode |
1313 |
| Configuring IPv6 PIM-SM on a virtual routing interface |
1313 |
| Passive Multicast Route Insertion (PMRI) |
1320 |
| Displaying PIM sparse configuration information and statistics |
1321 |
| Multicast Listener Discovery and source specific multicast protocols(MLDv2) |
1330 |
| MLD version distinctions |
1330 |
| Enabling MLDv2 |
1331 |
| Enabling source specific multicast |
1331 |
| Setting the query interval |
1332 |
| Setting the maximum response time |
1332 |
| Setting the last listener query count |
1332 |
| Setting the last listener query interval |
1332 |
| Setting the robustness |
1333 |
| Setting the version |
1333 |
| Specifying a port version |
1333 |
| Specifying a static group |
1333 |
| Setting the interface MLD version |
1334 |
| Displaying MLD information |
1334 |
| Displaying MLD group information |
1334 |
| Displaying MLD definitions for an interface |
1335 |
| Displaying MLD traffic |
1336 |
| Clearing IPv6 MLD traffic |
1336 |
| Embedded Rendezvous Point (RP) |
1337 |
| Configuring IPv6 Routes |
1339 |
| In this chapter |
1339 |
| Configuring a static IPv6 route |
1339 |
| Configuring a IPv6 multicast route |
1341 |
| Using Syslog |
1343 |
| Displaying Syslog messages |
1344 |
| Configuring the Syslog service |
1345 |
| Displaying the Syslog configuration |
1345 |
| Disabling or re-enabling Syslog |
1349 |
| Specifying a Syslog server |
1349 |
| Specifying an additional Syslog server |
1350 |
| Disabling logging of a message level |
1350 |
| Logging all CLI commands to Syslog |
1350 |
| Changing the number of entries the local buffer can hold |
1351 |
| Changing the log facility |
1351 |
| Displaying the interface name in Syslog messages |
1352 |
| Clearing the Syslog messages from the local buffer |
1353 |
| Displaying TCP/UDP port numbers in Syslog messages |
1353 |
| Syslog messages |
1353 |
| Software Specifications |
1373 |
| IEEE compliance |
1373 |
| RFC compliance |
1373 |
| RFC compliance - BGPv4 |
1373 |
| RFC compliance - OSPF |
1374 |
| RFC compliance - IS-IS |
1374 |
| RFC compliance - RIP |
1374 |
| RFC compliance - IP Multicast |
1374 |
| RFC compliance - general protocols |
1375 |
| RFC compliance - management |
1376 |
| RFC compliance - IPv6 core |
1376 |
| RFC compliance - IPv6 routing |
1377 |
| RFC compliance - IPv6 multicast |
1377 |
| RFC compliance - IPv6 transitioning |
1377 |
| RFC compliance - IPv6 management |
1377 |
| Internet drafts |
1378 |
| NIAP-CCEVS Certification |
1379 |
| NIAP-CCEVS certified Brocade equipment and Ironware releases |
1379 |
| Web management access to NIAP-CCEVS certified Security Guide equipment |
1379 |
| Local user password changes |
1380 |
| Commands That Require a Reload |
1381 |
| Index to the CLI Commands |
1383 |
| ACLs (IP) |
1383 |
| Numbered ACL |
1383 |
| Named ACL |
1384 |
| Other ACL commands |
1384 |
| ACLs (L2) |
1385 |
| BGP4 |
1385 |
| FDP/CDP |
1391 |
| IP |
1391 |
| Metro Ring protocol |
1394 |
| IPv6 BGP4+ |
1395 |
| IPv6 ACL |
1397 |
| IPv6 basic connectivity |
1398 |
| IPv6 multicast |
1401 |
| IPv6 RIPng |
1401 |
| IPv6 OSPFv3 |
1402 |
| IS-IS |
1404 |
| Metro ring |
1406 |
| MSTP |
1406 |
| Multicast (IP) |
1407 |
| Multicast (L2) |
1409 |
| OSPF version 4 |
1410 |
| Port parameters |
1411 |
| Port-based routing |
1412 |
| Quality of Service (QoS) |
1413 |
| Rate limiting |
1414 |
| RIP |
1415 |
| RMON |
1416 |
| RSTP |
1416 |
| Security/management |
1417 |
| 802.1x port security |
1417 |
| Access |
1418 |
| Authentication method list |
1418 |
| Passwords |
1418 |
| Privilege level |
1419 |
| RADIUS |
1419 |
| SNMP access |
1420 |
| SSH access |
1420 |
| SSL |
1420 |
| TACACS/TACACS+ |
1420 |
| Telnet access |
1421 |
| TFTP access |
1421 |
| User account |
1422 |
| Web management access |
1422 |
| DoS protection |
1422 |
| MAC authentication |
1422 |
| MAC port security |
1424 |
| Redundant management module |
1424 |
| SNMP |
1426 |
| SSH |
1427 |
| sFlow |
1428 |
| STP |
1428 |
| SysLog messages |
1429 |
| System parameters |
1429 |
| Topology |
1431 |
| LAG |
1431 |
| UDLD |
1432 |
| VLAN |
1432 |
| VRRP/VRRPE |
1433 |
1
1,388
1,389
1,390
1,391
1,392
1,393
1,394
1,395
1,396
1,397
1,398
