Section |
Page |
BigIron RX |
1 |
Contents |
3 |
About This Document |
41 |
In this chapter |
41 |
Audience |
41 |
Supported hardware and software |
41 |
List of supported features |
42 |
Unsupported features |
44 |
What’s new in this document |
45 |
Enhancements and configuration notes in release 02.7.02 |
45 |
Enhancements and configuration notes in release 02.7.01 |
46 |
Enhancements and configuration notes in release 02.7.00 |
46 |
Enhancements and configuration notes in release 02.6.00 |
48 |
Enhancements and configuration notes in patch release 02.5.00c |
50 |
Enhancements and configuration notes in patch release 02.5.00b |
51 |
Summary of enhancements and configuration notes in release 02.5.00 |
51 |
Summary of enhancements and configuration notes in patch release 02.4.00c |
52 |
Summary of enhancements and configuration notes in release 02.4.00 |
53 |
Summary of enhancements in patch release 02.3.00a |
57 |
Summary of enhancements and configuration notes in release 02.3.00 |
58 |
Summary of enhancements and configuration notes in 02.2.01 |
63 |
Summary of enhancements in release 02.2.00g |
67 |
Summary of enhancements and configuration notes in 02.2.00 |
68 |
Document conventions |
69 |
Text formatting |
69 |
Command syntax conventions |
69 |
Notes, cautions, and danger notices |
69 |
Notice to the reader |
70 |
Related publications |
70 |
Getting technical help or reporting errors |
70 |
Web access |
71 |
E-mail access |
71 |
Telephone access |
71 |
Getting Started with the Command Line Interface |
73 |
In this chapter |
73 |
Logging on through the CLI |
73 |
On-line help |
74 |
Command completion |
74 |
Scroll control |
74 |
Line editing commands |
75 |
EXEC commands |
75 |
Global level |
76 |
CONFIG commands |
76 |
Accessing the CLI |
79 |
Navigating among command levels |
80 |
CLI command structure |
80 |
Searching and filtering output |
81 |
Allowable characters for LAG names |
86 |
Syntax shortcuts |
86 |
Saving configuration changes |
86 |
Getting Familiar With the BigIron RX Series Switch Management Applications |
89 |
In this chapter |
89 |
How to manage BigIron RX Series switch |
89 |
Logging on through the CLI |
89 |
On-line help |
90 |
Command completion |
90 |
Scroll control |
90 |
Line editing commands |
91 |
Searching and filtering output from CLI commands |
91 |
Allowable characters for LAG names |
95 |
Logging on through the Web Management Interface |
96 |
Web Management Interface |
97 |
Logging on through IronView Network Manager |
98 |
Using a Redundant Management Module |
99 |
In this chapter |
99 |
How management module redundancy works |
99 |
Management module redundancy overview |
99 |
Management module switchover |
100 |
Switchover implications |
101 |
Management module redundancy configuration |
103 |
Changing the default active Chassis slot |
103 |
Managing management module redundancy |
103 |
File synchronization between the active and standby management modules |
104 |
Manually switching over to the standby management module |
106 |
Rebooting the active and standby management modules |
106 |
Monitoring management module redundancy |
107 |
Determining management module status |
107 |
Displaying temperature information |
108 |
Displaying switchover information |
108 |
Flash memory and PCMCIA flash card file management commands |
110 |
Management focus |
111 |
Flash memory file system |
111 |
PCMCIA flash card file system |
112 |
Wildcards |
113 |
Formatting a flash card |
114 |
Determining the current management focus |
114 |
Switching the management focus |
115 |
Displaying a directory of the files |
115 |
Displaying the contents of a file |
117 |
Displaying the hexadecimal output of a file |
118 |
Creating a subdirectory |
118 |
Removing a subdirectory |
120 |
Renaming a file |
121 |
Changing the read-write attribute of a file |
121 |
Deleting a file |
122 |
Recovering (“undeleting”) a file |
123 |
Appending a file to another file |
124 |
Copying files using the copy command |
124 |
Copying files using the cp command |
129 |
Loading the software |
129 |
Saving configuration changes |
131 |
File management messages |
132 |
Securing Access to Management Functions |
133 |
In this chapter |
133 |
Securing access methods |
133 |
Restricting remote access to management functions |
135 |
Using ACLs to restrict remote access |
135 |
Restricting remote access to the device to specific IP addresses |
138 |
Specifying the maximum number of login attempts for Telnet access |
140 |
Restricting remote access to the device to specific VLAN IDs |
140 |
Disabling specific access methods |
141 |
Setting passwords |
143 |
Setting a Telnet password |
143 |
Setting passwords for management privilege levels |
144 |
Recovering from a lost password |
146 |
Displaying the SNMP community string |
146 |
Disabling password encryption |
146 |
Specifying a minimum password length |
147 |
Setting up local user accounts |
147 |
Configuring a local user account |
148 |
Configuring SSL security for the Web Management Interface |
150 |
Enabling the SSL server on the device |
150 |
Importing digital certificates and RSA private key files |
151 |
Generating an SSL certificate |
151 |
Configuring TACACS/TACACS+ security |
152 |
How TACACS+ differs from TACACS |
152 |
TACACS/TACACS+ authentication, authorization, and accounting |
152 |
TACACS/TACACS+ configuration considerations |
156 |
Enabling SNMP to configure TACACS/TACACS |
157 |
Identifying the TACACS/TACACS+ servers |
157 |
Specifying different servers for individual AAA functions |
158 |
Setting optional TACACS/TACACS+ parameters |
158 |
Configuring authentication-method lists for TACACS/TACACS+ |
160 |
Configuring TACACS+ authorization |
161 |
Configuring TACACS+ accounting |
164 |
Configuring an interface as the source for all TACACS/TACACS+ packets |
166 |
Displaying TACACS/TACACS+ statistics and configuration information |
167 |
Configuring RADIUS security |
168 |
RADIUS authentication, authorization, and accounting |
168 |
RADIUS configuration considerations |
171 |
RADIUS configuration procedure |
171 |
Configuring Brocade-specific attributes on the RADIUS server |
172 |
Enabling SNMP to configure RADIUS |
173 |
Identifying the RADIUS server to the BigIron RX |
173 |
Specifying different servers for individual AAA functions |
174 |
Setting RADIUS parameters |
174 |
Configuring authentication-method lists for RADIUS |
175 |
Configuring RADIUS authorization |
176 |
Configuring RADIUS accounting |
178 |
Configuring an interface as the source for all RADIUS packets |
179 |
Displaying RADIUS configuration information |
180 |
Configuring authentication-method lists |
181 |
Configuration considerations for authentication-method lists |
182 |
Examples of authentication-method lists |
183 |
Configuring Basic Parameters |
185 |
In this chapter |
185 |
Entering system administration information |
186 |
Configuring Simple Network Management Protocol(SNMP) traps |
186 |
Specifying an SNMP trap receiver |
187 |
Specifying a Single trap source |
187 |
Setting the SNMP Trap holddown time |
188 |
Disabling SNMP traps |
188 |
Disabling Syslog messages and traps for CLI access |
189 |
Configuring an interface as the source for all Telnet packets |
190 |
Cancelling an outbound Telnet session |
191 |
Configuring an interface as the source for all TFTP packets |
191 |
Configuring an interface as the source for Syslog packets |
192 |
Specifying a Simple Network Time Protocol (SNTP) server |
193 |
Setting the system clock |
194 |
New Daylight Saving Time (DST) |
196 |
Configuring CLI banners |
196 |
Setting a message of the day banner |
196 |
Setting a privileged EXEC CLI level banner |
197 |
Displaying a message on the console when an incoming Telnet session is detected |
197 |
Configuring terminal display |
198 |
Checking the length of terminal displays |
198 |
Enabling or disabling routing protocols |
198 |
Displaying and modifying system parameter default settings |
199 |
Enabling or disabling Layer 2 switching |
201 |
CAM partitioning for the BigIron RX |
202 |
Re-distributing CAM allocations |
202 |
Nexthop table |
203 |
Changing the MAC age time |
204 |
Configuring static ARP entries |
204 |
Configuring Interface Parameters |
205 |
In this chapter |
205 |
Assigning a port name |
205 |
Assigning an IP address to a port |
206 |
Speed/Duplex negotiation |
206 |
Disabling or re-enabling a port |
207 |
Changing the default Gigabit negotiation mode |
208 |
Changing the negotiation mode |
208 |
Disabling or re-enabling flow control |
208 |
Specifying threshold values for flow control |
209 |
Locking a port to restrict addresses |
209 |
Wait for all cards feature |
210 |
Port transition hold timer |
210 |
Port flap dampening |
210 |
Modifying port priority (QoS) |
212 |
Assigning a mirror port and monitor ports |
212 |
Configuration guidelines for monitoring traffic |
213 |
Configuring port mirroring and monitoring |
213 |
Monitoring an individual trunk port |
214 |
Mirror ports for Policy-Based Routing (PBR) traffic |
215 |
About hardware-based PBR |
215 |
Configuring mirror ports for PBR traffic |
215 |
Displaying mirror and monitor port configuration |
216 |
Enabling WAN PHY mode support |
216 |
Configuring IP |
217 |
In this chapter |
217 |
Overview of configuring IP |
217 |
The IP packet flow |
218 |
ARP cache table |
219 |
Static ARP table |
219 |
IP Route table |
220 |
IP forwarding cache |
221 |
Basic IP parameters and defaults |
221 |
When parameter changes take effect |
221 |
IP global parameters |
222 |
IP interface parameters |
224 |
Configuring IP parameters |
225 |
Configuring IP addresses |
226 |
Changing the network mask display to prefix format |
228 |
Configuring the default gateway |
229 |
GRE IP tunnel |
229 |
IPv6 over IPv4 tunnels in hardware |
234 |
Configuring Domain Name Server (DNS) resolver |
238 |
Adding host names to the DNS cache table |
239 |
Configuring packet parameters |
243 |
Changing the encapsulation type |
243 |
Setting maximum frame size per PPCR |
244 |
Changing the MTU |
245 |
Changing the router ID |
246 |
Specifying a single source interface for Telnet, TACACS/TACACS+, or RADIUS packets |
247 |
Configuring an interface as the source for Syslog packets |
249 |
IP fragmentation protection |
250 |
IP option attack protection |
250 |
IP receive access list |
250 |
Configuring ARP parameters |
251 |
How ARP works |
251 |
Rate limiting ARP packets |
252 |
Applying a rate limit to ARP packets on an interface |
253 |
Clearing the rate limit for ARP packets |
254 |
Changing the ARP aging period |
254 |
Creating a floating static ARP entry |
256 |
Static route ARP validation check |
257 |
Configuring forwarding parameters |
258 |
Disabling ICMP messages |
260 |
Disabling ICMP redirect messages |
262 |
Configuring static routes |
263 |
Static route tagging |
268 |
Configuring a default network route |
272 |
Configuring IP load sharing |
273 |
Default route ECMP |
276 |
IP receive access list |
277 |
Configuring IRDP |
278 |
Configuring UDP broadcast and IP helper parameters |
280 |
Configuring BootP/DHCP forwarding parameters |
283 |
Displaying IP information |
285 |
Displaying IP interface information |
287 |
Displaying interface name in Syslog |
288 |
Displaying ARP entries |
289 |
Displaying the forwarding cache |
291 |
Displaying the IP route table |
292 |
Clearing IP routes |
295 |
Displaying IP traffic statistics |
295 |
Displaying TCP traffic statistics |
298 |
Link Aggregation |
301 |
In this chapter |
301 |
Link aggregation overview |
301 |
LAG formation rules |
302 |
LAG load sharing |
304 |
Hash based load sharing |
304 |
Migration from a pre-02.6.00 trunk or LACP configuration |
305 |
Configuration of a LAG |
306 |
Creating a Link Aggregation Group (LAG) |
307 |
Deploying a LAG |
309 |
Commands available under LAG once it is deployed |
310 |
Configuring ACL-based mirroring |
310 |
Disabling ports within a LAG |
311 |
Enabling ports within a LAG |
311 |
Monitoring an individual LAG port |
311 |
Assigning a name to a port within a LAG |
312 |
Enabling sFlow forwarding on a port within a LAG |
312 |
Setting the sFlow sampling rate for a port within a LAG |
312 |
Displaying LAG information |
313 |
Displaying LAG statistics |
317 |
Configuring LLDP |
319 |
In this chapter |
319 |
Terms used in this chapter |
319 |
LLDP overview |
320 |
Benefits of LLDP |
320 |
General operating principles |
321 |
Operating modes |
321 |
LLDP packets |
322 |
TLV support |
322 |
MIB support |
325 |
Syslog messages |
325 |
Configuring LLDP |
325 |
Configuration notes and considerations |
326 |
Enabling and disabling LLDP |
326 |
Changing a port’s LLDP operating mode |
327 |
Specifying the maximum number of LLDP neighbors |
328 |
Enabling LLDP SNMP notifications and Syslog messages |
329 |
Specifying the minimum time between SNMP traps and Syslog messages |
329 |
Changing the minimum time between LLDP transmissions |
330 |
Changing the interval between regular LLDP transmissions |
330 |
Changing the holdtime multiplier for transmit TTL |
331 |
Changing the minimum time between port reinitializations |
331 |
LLDP TLVs advertised by the Brocade device |
332 |
Displaying LLDP statistics and configuration settings |
338 |
LLDP configuration summary |
338 |
LLDP statistics |
339 |
LLDP neighbors |
340 |
LLDP neighbors detail |
341 |
LLDP configuration details |
343 |
Resetting LLDP statistics |
344 |
Configuring Uni-Directional Link Detection (UDLD) |
345 |
In this chapter |
345 |
Configuration considerations |
346 |
Configuring UDLD |
346 |
Changing the keepalive interval |
346 |
Changing the keepalive retries |
347 |
Displaying UDLD information |
347 |
Displaying information for all ports |
347 |
Displaying link-keepalive information |
347 |
Displaying information for a single port |
349 |
Clearing UDLD statistics |
350 |
VLANs |
351 |
In this chapter |
351 |
Overview of Virtual Local Area Networks (VLANs) |
351 |
Tagged, untagged, and dual-mode ports |
351 |
Protocol-based VLANs |
353 |
VLAN configuration rules |
354 |
VLAN ID range |
354 |
Tagged VLANs |
354 |
VLAN hierarchy |
354 |
Multiple VLAN membership rules |
355 |
Layer 2 control protocols on VLANs |
355 |
Configuring port-based VLANs |
355 |
VLAN byte accounting |
356 |
Strictly or explicitly tagging a port |
358 |
Assigning or changing a VLAN priority |
358 |
Assigning a different ID to the default VLAN |
359 |
Configuring protocol-based VLANs |
359 |
Configuring an MSTP instance |
360 |
Configuring virtual routing interfaces |
360 |
Bridging and routing the same protocol simultaneously on the same device |
361 |
Integrated Switch Routing (ISR) |
362 |
VLAN groups |
363 |
Configuring a VLAN group |
363 |
Configuring super aggregated VLANs |
365 |
Configuring aggregated VLANs |
367 |
Complete CLI examples |
368 |
Configuring 802.1q-in-q tagging |
371 |
Configuration rules |
372 |
Enabling 802.1Q-in-Q tagging |
372 |
Example configuration |
374 |
Configuring 802.1q tag-type translation |
374 |
Configuration rules |
376 |
Enabling 802.1q tag-type translation |
377 |
Private VLANs |
378 |
Implementation notes |
379 |
Configuration notes |
379 |
Configuring a private VLAN |
380 |
Enabling broadcast, multicast or unknown unicast traffic to the private VLAN |
382 |
CLI example for Figure 30 |
383 |
Other VLAN features |
383 |
Allocating memory for more VLANs or virtual routing interfaces |
383 |
Hardware flooding for Layer 2 multicast and broadcast packets |
383 |
Unknown unicast flooding on VLAN ports |
384 |
Flow based MAC learning |
385 |
Configuring uplink ports within a port-based VLAN |
385 |
Configuring control protocols in VLANs |
386 |
Other configuration options |
386 |
Displaying VLAN information |
386 |
Displaying VLAN information |
386 |
Displaying VLAN information for specific ports |
387 |
Displaying VLAN status and port types |
388 |
Displaying VLAN group information |
389 |
Transparent firewall mode |
389 |
Enabling a transparent firewall |
389 |
Configuring Spanning Tree Protocol |
391 |
In this chapter |
391 |
IEEE 802.1D Spanning Tree Protocol (STP) |
391 |
Enabling or disabling STP |
391 |
Default STP bridge and port parameters |
393 |
Changing STP bridge parameters |
394 |
Changing STP port parameters |
394 |
STP root guard |
394 |
Spanning Tree Protocol (STP) BPDU guard |
396 |
Displaying STP information |
396 |
IEEE Single Spanning Tree (SSTP) |
402 |
SSTP defaults |
402 |
Enabling SSTP |
403 |
Displaying SSTP information |
404 |
PVST/PVST+ compatibility |
404 |
Overview of PVST and PVST+ |
405 |
VLAN tags and dual mode |
405 |
Enabling PVST+ support |
406 |
Displaying PVST+ support information |
406 |
Configuration examples |
407 |
SuperSpan™ |
409 |
Customer ID |
410 |
BPDU forwarding |
410 |
Configuring SuperSpan |
415 |
Configuring Rapid Spanning Tree Protocol |
419 |
In this chapter |
419 |
Overview of Rapid Spanning Tree Protocol |
419 |
Bridges and bridge port roles |
419 |
Assignment of port roles |
420 |
Ports on Switch 1 |
421 |
Ports on Switch 2 |
421 |
Ports on Switch 3 |
421 |
Ports Switch 4 |
422 |
Edge ports and edge port roles |
422 |
Point-to-point ports |
423 |
Bridge port states |
423 |
Edge port and non-edge port states |
424 |
Changes to port roles and states |
424 |
State machines |
424 |
Handshake mechanisms |
425 |
Convergence in a simple topology |
435 |
Convergence at start up |
436 |
Convergence after a link failure |
438 |
Convergence at link restoration |
439 |
Convergence in a complex RSTP topology |
441 |
Propagation of topology change |
443 |
Compatibility of RSTP with 802.1D |
446 |
Configuring RSTP parameters |
447 |
Enabling or disabling RSTP in a port-based VLAN |
447 |
Enabling or disabling RSTP on a single spanning tree |
448 |
Disabling or enabling RSTP on a port |
448 |
Changing RSTP bridge parameters |
448 |
Changing port parameters |
449 |
Fast port span |
450 |
Fast uplink span |
453 |
Displaying RSTP information |
455 |
Metro Ring Protocol (MRP) Phase 1 and 2 |
459 |
In this chapter |
459 |
Metro Ring Protocol (MRP) phase 1 |
459 |
MRP rings without shared interfaces |
461 |
Ring initialization |
462 |
How ring breaks are detected and healed |
465 |
Master VLANs and customer VLANs in a topology group |
466 |
Configuring MRP |
467 |
Adding an MRP ring to a VLAN |
468 |
Changing the hello and preforwarding times |
469 |
MRP phase 2 |
469 |
Ring initialization for shared interfaces |
471 |
How ring breaks Are detected and healed between shared interfaces |
472 |
Selection of master node |
472 |
RHP processing in rings with shared interfaces |
473 |
Normal flow |
473 |
Flow when a link breaks |
474 |
Configuring MRP with shared interfaces |
475 |
Using MRP diagnostics |
476 |
Enabling MRP diagnostics |
476 |
Displaying MRP diagnostics |
476 |
Displaying MRP information |
477 |
Displaying topology group information |
477 |
Displaying ring information |
478 |
MRP CLI example |
479 |
Commands on switch A (master node) |
480 |
Commands on switch B |
480 |
Commands on switch C |
481 |
Commands on switch D |
481 |
Virtual Switch Redundancy Protocol (VSRP) |
483 |
In this chapter |
483 |
Overview of Virtual Switch Redundancy Protocol (VSRP) |
483 |
Layer 2 and Layer 3 redundancy |
485 |
Master election and failover |
485 |
Configuring basic VSRP parameters |
490 |
Enabling Layer 3 VSRP |
491 |
Configuring optional VSRP parameters |
491 |
Disabling VSRP on a VRID |
491 |
Configuring authentication |
491 |
Configuring a VRID IP address |
492 |
VSRP fast start |
493 |
Changing the backup priority |
494 |
Saving the timer values received from the master |
494 |
VSRP slow start |
495 |
Changing the Time-To-Live (TTL) |
495 |
Changing the hello interval |
496 |
Changing the dead interval |
496 |
Changing the backup hello state and interval |
496 |
Changing the hold-down interval |
497 |
Changing the default track priority |
497 |
Specifying a track port |
498 |
Disabling or re-enabling backup pre-emption |
498 |
Port transition hold timer |
498 |
Clearing VSRP information |
499 |
VSRP and MRP signaling |
499 |
Displaying VSRP information |
501 |
Displaying VRID information |
501 |
Displaying a summary of VSRP information |
503 |
Displaying VSRP packet statistics for VSRP |
504 |
Displaying the active interfaces for a VRID |
505 |
Topology Groups |
507 |
In this chapter |
507 |
Topology overview |
507 |
Master VLAN and member VLANs |
507 |
Master VLANs and customer VLANs in MRP |
508 |
Control ports and free ports |
508 |
Configuration considerations |
508 |
Configuring a topology group |
509 |
Displaying topology group information |
510 |
Displaying topology group information |
510 |
Configuring VRRP and VRRPE |
511 |
In this chapter |
511 |
Overview of VRRP |
511 |
Standard VRRP |
512 |
Brocade enhancements of VRRP |
514 |
Overview of VRRPE |
516 |
VRRP and VRRPE parameters |
518 |
Configuring parameters specific to VRRP |
520 |
Configuring the owner |
520 |
Configuring basic VRRP parameters |
521 |
Configuring the owner |
521 |
Configuring a backup |
521 |
Configuration rules for VRRP |
521 |
Configuring parameters specific to VRRPE |
522 |
Configuration rules for VRRPE |
522 |
Configuring additional VRRP and VRRPE parameters |
523 |
Authentication type |
523 |
Suppression of RIP advertisements on backup routers for the backup up interface |
524 |
Hello interval |
524 |
Dead interval |
525 |
Backup hello message state and interval |
525 |
Track port |
525 |
Track priority |
526 |
Backup preempt |
526 |
Master router abdication and reinstatement |
527 |
Displaying VRRP and VRRPE information |
528 |
Displaying summary information |
528 |
Displaying detailed information |
529 |
Displaying statistics |
532 |
Clearing VRRP or VRRPE statistics |
533 |
Configuration examples |
533 |
VRRP example |
534 |
VRRPE example |
535 |
Configuring Quality of Service |
537 |
In this chapter |
537 |
Overview of Quality of Service (QoS) |
537 |
Classification |
537 |
Processing of classified traffic |
538 |
Marking |
540 |
Configuring DSCP classification by interface |
540 |
Configuring port, MAC, and VLAN-based classification |
541 |
Configuring ToS-based QoS |
542 |
Enabling ToS-based QoS |
542 |
Specifying trust level |
542 |
Enabling marking |
543 |
Configuring the QoS mappings |
543 |
Changing the CoS –> DSCP mappings |
543 |
Changing the DSCP –> DSCP mappings |
544 |
Changing the DSCP –> internal forwarding priority mappings |
544 |
Changing the CoS –> internal forwarding priority mappings |
545 |
Displaying QoS configuration information |
546 |
Determining packet drop priority using WRED |
547 |
How WRED Operates |
548 |
Calculating avg-q-size |
548 |
Calculating packets that are dropped |
549 |
Using WRED with rate limiting |
549 |
Configuring packet drop priority using WRED |
549 |
Enabling WRED |
549 |
Setting the averaging-weight (Wq) parameter |
550 |
Displaying the WRED configuration |
553 |
Scheduling traffic for forwarding |
554 |
Configuring traffic scheduling |
554 |
Configuring multicast traffic engineering |
558 |
Displaying the multicast traffic engineering configuration |
559 |
QoS for the oversubscribed 16 x 10GE modules |
560 |
Aggregation NP QOS modes |
560 |
Port group assignments |
560 |
Setting the server and storage modes |
561 |
Switching between server and storage modes |
561 |
Qos profiles |
561 |
Setting the group port weights |
562 |
Calculating the values for WFQ storage mode traffic scheduling |
562 |
Egress port shaping |
563 |
Mirroring ports |
563 |
Supported ACLs |
564 |
Configuring QoS for the 16 x 10G module |
564 |
Configuring Traffic Reduction |
567 |
In this chapter |
567 |
Traffic policing on the BigIron RX Series |
567 |
Traffic reduction parameters and algorithm |
568 |
Requested rate |
568 |
Maximum burst |
568 |
Actual rate |
568 |
Configuration considerations |
569 |
Configuring rate limiting policies |
570 |
Configuring a port-based rate limiting policy |
570 |
Configuring a port-and-priority-based rate limiting policy |
571 |
Configuring a port-and-VLAN-based rate limiting policy |
571 |
Configuring a VLAN-group-based rate limiting policy |
572 |
Configuring a port-and-IPv6 ACL-based traffic reduction |
574 |
NP based multicast, broadcast, and unknown-unicast rate limiting |
575 |
Displaying traffic reduction |
576 |
Layer 2 ACLs |
577 |
In this chapter |
577 |
Filtering based on ethertype |
577 |
Configuration rules and notes |
577 |
Configuring Layer 2 ACLs |
578 |
Creating a Layer 2 ACL table |
578 |
Example Layer 2 ACL clauses |
579 |
Inserting and deleting Layer 2 ACL clauses |
580 |
Binding a Layer 2 ACL table to an interface |
580 |
Increasing the maximum number of clauses per Layer 2 ACL table |
580 |
Viewing Layer 2 ACLs |
580 |
Example of Layer 2 ACL deny by MAC address |
581 |
Access Control List |
583 |
In this chapter |
583 |
How the device processes ACLs |
584 |
Disabling or re-enabling Access Control Lists (ACLs) |
585 |
Default ACL action |
585 |
Types of IP ACLs |
585 |
ACL IDs and entries |
585 |
Enabling support for additional ACL statements |
586 |
ACL-based inbound mirroring |
586 |
Considerations when configuring ACL-based inbound mirroring |
586 |
Configuring ACL-based inbound mirroring |
587 |
Creating an ACL with a mirroring clause |
587 |
Applying the ACL to an interface |
587 |
Specifying the destination mirror port |
587 |
Configuring ACL-based mirroring for ACLs bound to virtual interfaces |
589 |
Configuring numbered and named ACLs |
590 |
Configuring standard numbered ACLs |
590 |
Configuring extended numbered ACLs |
592 |
Configuring standard or extended named ACLs |
601 |
Configuring super ACLs |
603 |
Displaying ACL definitions |
605 |
Displaying of TCP/UDP numbers in ACLs |
606 |
ACL logging |
616 |
Enabling the new logging method |
617 |
Specifying the wait time |
617 |
Modifying ACLs |
617 |
Adding or deleting a comment |
619 |
Deleting ACL entries |
621 |
From numbered ACLs |
621 |
From named ACLs |
622 |
Applying ACLs to interfaces |
623 |
Reapplying modified ACLs |
623 |
ACL automatic rebind |
623 |
Manually setting the ACL rebind |
623 |
Applying ACLs to a virtual routing interface |
623 |
Configuring the Layer 4 session log timer |
624 |
Displaying ACL log entries |
624 |
QoS options for IP ACLs |
625 |
Enabling ACL duplication check |
626 |
ACL accounting |
626 |
Displaying accounting statistics for all ACLs |
627 |
Displaying statistics for an interface |
627 |
Clearing the ACL statistics |
628 |
Enabling ACL filtering of fragmented or non-fragmented packets |
629 |
ACL filtering for traffic switched within a virtual routing interface |
630 |
ICMP filtering for extended ACLs |
630 |
Troubleshooting ACLs |
632 |
Policy-Based Routing |
635 |
In this chapter |
635 |
Policy-Based Routing (PBR) |
635 |
Configuration considerations |
635 |
Configuring a PBR policy |
636 |
Configure the ACLs |
636 |
Configure the route map |
638 |
Enabling PBR |
638 |
Configuration examples |
639 |
Basic example |
639 |
Setting the next hop |
640 |
Setting the output interface to the null interface |
641 |
Trunk formation |
641 |
Configuring IP Multicast Protocols |
643 |
In this chapter |
643 |
Overview of IP multicasting |
643 |
Multicast terms |
644 |
Changing global IP multicast parameters |
644 |
Defining the maximum number of DVMRP cache entries |
645 |
Defining the maximum number of PIM cache entries |
645 |
IP multicast boundaries |
645 |
Configuring multicast boundaries |
646 |
Displaying multicast boundaries |
646 |
Passive Multicast Route Insertion (PMRI) |
646 |
Configuring PMRI |
647 |
Displaying hardware-drop |
647 |
Changing IGMP V1 and V2 parameters |
647 |
Modifying IGMP (V1 and V2) query interval period |
648 |
Modifying IGMP (V1 and V2) membership time |
648 |
Modifying IGMP (V1 and V2) maximum response time |
648 |
Adding an interface to a multicast group |
649 |
IGMP v3 |
649 |
Default IGMP version |
651 |
Compatibility with IGMP V1 and V2 |
651 |
Enabling the IGMP version per interface setting |
651 |
Enabling the IGMP version on a physical port within a virtual routing interface |
652 |
Setting the query interval |
653 |
Setting the group membership time |
654 |
Setting the maximum response time |
654 |
Displaying IGMPv3 information |
654 |
Clearing IGMP statistics |
658 |
IGMP V3 and source specific multicast protocols |
658 |
Configuring a static multicast route |
658 |
Next hop validation check |
660 |
PIM dense |
660 |
Initiating PIM multicasts on a network |
661 |
Pruning a multicast tree |
661 |
Grafts to a multicast tree |
663 |
PIM DM versions |
663 |
Configuring PIM DM |
664 |
Failover time in a multi-path topology |
668 |
Modifying the TTL |
668 |
PIM Sparse |
668 |
PIM Sparse router types |
669 |
RP paths and SPT paths |
670 |
Configuring PIM Sparse |
670 |
Anycast RP |
675 |
Route selection precedence for multicast |
679 |
Changing the Shortest Path Tree (SPT) threshold |
681 |
Displaying PIM Sparse configuration information and statistics |
682 |
PIM-SSMv4 |
692 |
Enabling SSM |
693 |
Configuring Multicast Source Discovery Protocol (MSDP) |
693 |
Peer Reverse Path Forwarding (RPF) flooding |
695 |
Source active caching |
695 |
Configuring MSDP |
696 |
Enabling MSDP |
696 |
Configuring MSDP peers |
696 |
Designating an interface’s IP address as the RP’s IP address |
697 |
Filtering MSDP source-group pairs |
697 |
Filtering incoming source-active messages |
697 |
Filtering advertised source-active messages |
699 |
Displaying the differences before and after the source active filters are applied |
700 |
Configuring MSDP mesh groups |
702 |
Configuring MSDP mesh group |
703 |
Displaying summary information |
710 |
Displaying peer information |
711 |
Displaying source active cache information |
714 |
Clearing MSDP information |
714 |
Clearing peer information |
715 |
Clearing the source active cache |
715 |
Clearing MSDP statistics |
715 |
DVMRP overview |
715 |
Initiating DVMRP multicasts on a network |
716 |
Pruning a multicast tree |
716 |
Grafts to a multicast tree |
718 |
Configuring DVMRP |
719 |
Enabling DVMRP globally and on an interface |
719 |
Modifying DVMRP global parameters |
719 |
Modifying DVMRP interface parameters |
722 |
Displaying information about an upstream neighbor device |
723 |
Configuring a static multicast route |
723 |
Configuring IP multicast traffic reduction |
724 |
Enabling IP multicast traffic reduction |
725 |
Layer 2 multicast filters |
729 |
PIM SM traffic snooping |
730 |
Static IGMP membership |
734 |
Configuring RIP |
737 |
In this chapter |
737 |
Overview of Routing Information Protocol (RIP) |
737 |
Configuring RIP parameters |
737 |
Enabling RIP |
738 |
Configuring metric parameters |
738 |
Changing the administrative distance |
738 |
Configuring redistribution |
739 |
Configuring route learning and advertising parameters |
740 |
Changing the route loop prevention method |
741 |
Suppressing RIP route advertisement on a VRRP or VRRPE backup interface |
742 |
Using prefix lists and route maps as route filters |
743 |
Setting RIP timers |
744 |
Displaying RIP filters |
744 |
Clearing the RIP routes from the routing table |
745 |
Configuring OSPF Version 2 (IPv4) |
747 |
In this chapter |
747 |
Overview of OSPF (Open Shortest Path First) |
747 |
Designated routers in multi-access networks |
748 |
Designated router election in multi-access networks |
749 |
OSPF RFC 1583 and 2328 compliance |
750 |
Reduction of equivalent AS external LSAs |
750 |
Support for OSPF RFC 2328 appendix E |
752 |
Dynamic OSPF activation and configuration |
753 |
Configuring OSPF |
753 |
Configuration rules |
754 |
OSPF parameters |
754 |
Enable OSPF on the router |
755 |
Assign OSPF areas |
755 |
Assigning an area range (optional) |
759 |
Assigning interfaces to an area |
760 |
Modify interface defaults |
760 |
Change the timer for OSPF authentication changes |
763 |
Block flooding of outbound LSAs on specific OSPF interfaces |
763 |
Assign virtual links |
764 |
Modify virtual link parameters |
766 |
Configuring an OSPF non-broadcast interface |
767 |
OSPF point-to-point links |
769 |
Changing the reference bandwidth for the cost on OSPF interfaces |
771 |
Define redistribution filters |
772 |
Modify default metric for redistribution |
774 |
Enable route redistribution |
774 |
Disable or re-enable load sharing |
776 |
Configure external route summarization |
777 |
Configure default route origination |
778 |
Configuring a default network route |
779 |
Modify SPF timers |
780 |
Modify redistribution metric type |
780 |
Modify administrative distance |
781 |
Configure OSPF group Link State Advertisement (LSA) pacing |
782 |
OSPF ABR type 3 LSA filtering |
782 |
Displaying the configured OSPF area prefix list |
785 |
Modifing OSPF traps generated |
786 |
Modify OSPF standard compliance setting |
788 |
Modify exit overflow interval |
788 |
Specify types of OSPF Syslog messages to log |
788 |
Displaying OSPF information |
789 |
Displaying general OSPF configuration information |
790 |
Displaying CPU utilization and other OSPF tasks |
791 |
Displaying OSPF area information |
792 |
Displaying OSPF neighbor information |
793 |
Displaying OSPF interface information |
795 |
Displaying OSPF route information |
797 |
Displaying OSPF external link state Information |
799 |
Displaying OSPF database link state information |
800 |
Displaying OSPF ABR and ASBR information |
801 |
Displaying OSPF trap status |
802 |
Displaying OSPF virtual neighbor and link information |
802 |
OSPF graceful restart |
804 |
Configuring BGP4 (IPv4 and IPv6) |
809 |
In this chapter |
809 |
Overview of BGP4 |
810 |
Relationship between the BGP4 route table and the IP route table |
811 |
How BGP4 selects a path for a route |
812 |
BGP4 message types |
813 |
Brocade implementation of BGP4 |
815 |
Memory considerations |
816 |
Configuring BGP4 |
816 |
When parameter changes take effect |
818 |
Activating and disabling BGP4 |
820 |
Note regarding disabling BGP4 |
820 |
Entering and exiting the address family configuration level |
821 |
Filtering specific IP addresses |
821 |
Defining an AS-path filter |
823 |
Defining a community filter |
823 |
Configuring a switch to allow routes with its own AS number |
824 |
BGP Null0 routing |
825 |
Aggregating routes advertised to BGP4 neighbors |
829 |
Configuring the BigIron RX to always compare Multi-Exit Discriminators (MEDs) |
829 |
Disabling or re-enabling comparison of the AS-path length |
830 |
Redistributing IBGP routes |
830 |
Disabling or re-enabling client-to-client route reflection |
831 |
Configuring a route reflector |
831 |
Enabling or disabling comparison of the router IDs |
831 |
Configuring confederations |
832 |
Configuring route flap dampening |
835 |
Originating the default route |
836 |
Changing the default local preference |
836 |
Changing the default metric used for redistribution |
837 |
Changing administrative distances |
837 |
Requiring the first AS to be the neighbor’s AS |
838 |
Neighbor local-AS |
838 |
Enabling fast external fallover |
839 |
Setting the local AS number |
839 |
Changing the maximum number of shared BGP4 paths |
840 |
Treating missing MEDs as the worst MEDs |
840 |
Customizing BGP4 load sharing |
841 |
Configuring BGP4 neighbors |
841 |
Removing route dampening from suppressed neighbor’s routes |
845 |
Encryption of BGP4 MD5 authentication keys |
846 |
Configuring a BGP4 peer group |
848 |
Peer group parameters |
849 |
Specifying a list of networks to advertise |
851 |
Using the IP default route as a valid next hop for a BGP4 route |
853 |
Enabling next-hop recursion |
853 |
Modifying redistribution parameters |
856 |
Using a table map to set the tag value |
859 |
Changing the keep alive time and hold time |
859 |
Changing the BGP4 next-hop update timer |
860 |
Changing the router ID |
860 |
Adding a loopback interface |
861 |
Changing the maximum number of paths for BGP4 load sharing |
861 |
Configuring route reflection parameters |
862 |
Filtering |
864 |
Filtering AS-paths |
865 |
Filtering communities |
867 |
Defining and applying IP prefix lists |
869 |
Defining neighbor distribute lists |
870 |
Defining route maps |
870 |
Configuring cooperative BGP4 route filtering |
879 |
Configuring route flap dampening |
881 |
Generating traps for BGP |
886 |
Updating route information and resetting a neighbor session |
886 |
Clearing traffic counters |
892 |
Clearing route flap dampening statistics |
893 |
Removing route flap dampening |
893 |
Clearing diagnostic buffers |
894 |
Displaying BGP4 information |
894 |
Displaying summary BGP4 information |
895 |
Displaying the active BGP4 configuration |
897 |
Displaying summary neighbor information |
898 |
Displaying BGP4 neighbor information |
899 |
Displaying peer group information |
910 |
Displaying summary route information |
910 |
Displaying the BGP4 route table |
911 |
Displaying BGP4 route-attribute entries |
918 |
Displaying the routes BGP4 has placed in the IP route table |
919 |
Displaying route flap dampening statistics |
920 |
Displaying the active route map configuration |
921 |
Generalized TTL security mechanism support |
924 |
Configuring MBGP |
927 |
In this chapter |
927 |
Configuration considerations |
928 |
Configuring MBGP |
928 |
Setting the maximum number of multicast routes supported |
928 |
Enabling MBGP |
929 |
Adding MBGP neighbors |
929 |
Optional configuration tasks |
930 |
Displaying MBGP information |
933 |
Displaying summary MBGP information |
934 |
Displaying the active MBGP configuration |
935 |
Displaying MBGP neighbors |
935 |
Displaying MBGP routes |
937 |
Displaying the IP multicast route table |
937 |
Configuring Secure Shell |
939 |
In this chapter |
939 |
Overview of Secure Shell (SSH) |
939 |
SSH version 2 support |
939 |
Supported features |
940 |
Configuring SSH |
941 |
Generating a host key pair |
941 |
Configuring DSA challenge-response authentication |
942 |
Disabling 3-DES |
947 |
Displaying SSH connection information |
947 |
Using secure copy |
948 |
Configuring IS-IS (IPv4) |
951 |
In this chapter |
951 |
Relationship to IP route table |
952 |
Intermediate systems and end systems |
952 |
Domain and areas |
953 |
Level-1 routing and Level-2 routing |
953 |
Neighbors and adjacencies |
954 |
Designated IS |
954 |
IS-IS CLI levels |
956 |
Global configuration level |
956 |
Address family configuration level |
956 |
Interface level |
957 |
Configuring IPv4 IS-IS |
957 |
Enabling IS-IS globally |
957 |
Globally configuring IS-IS on a device |
958 |
Setting the overload bit |
959 |
Configuring authentication |
960 |
Changing the IS-IS Level globally |
960 |
Disabling or re-enabling display of hostname |
961 |
Changing the sequence numbers PDU interval |
961 |
Changing the maximum LSP lifetime |
962 |
Changing the LSP refresh interval |
962 |
Changing the LSP generation interval |
962 |
Changing the LSP interval and retransmit interval |
963 |
Changing the SPF timer |
963 |
Globally disabling or re-enabling hello padding |
963 |
Logging adjacency changes |
964 |
Disabling partial SPF calculations |
964 |
Configuring IPv4 address family route parameters |
964 |
Changing the metric style |
965 |
Changing the maximum number of load sharing paths |
965 |
Enabling advertisement of a default route |
965 |
Changing the administrative distance for IPv4 IS-IS |
966 |
Configuring summary addresses |
967 |
Redistributing routes into IPv4 IS-IS |
967 |
Changing the default redistribution metric |
968 |
Redistributing static IPv4 routes into IPv4 IS-IS |
968 |
Redistributing directly connected routes into IPv4 IS-IS |
969 |
Redistributing RIP routes into IPv4 IS-IS |
969 |
Redistributing OSPF routes into IPv4 IS-IS |
970 |
Redistributing BGP4+ routes into IPv4 IS-IS |
970 |
Redistributing IPv4 IS-IS routes within IPv4 IS-IS |
970 |
Configuring ISIS properties on an interface |
971 |
Disabling and enabling IS-IS on an interface |
971 |
Disabling or re-enabling formation of adjacencies |
971 |
Setting the priority for designated IS election |
972 |
Limiting access to adjacencies with a neighbor |
972 |
Changing the IS-IS level on an interface |
972 |
Disabling and enabling hello padding on an interface |
973 |
Changing the hello interval |
973 |
Changing the hello multiplier |
973 |
Changing the metric added to advertised routes |
974 |
Displaying IPv4 IS-IS information |
974 |
Displaying the IS-IS configuration in the running-config |
975 |
Displaying the name mappings |
975 |
Displaying neighbor information |
976 |
Displaying IS-IS Syslog messages |
977 |
Displaying interface information |
978 |
Displaying route information |
980 |
Displaying LSP database entries |
981 |
Displaying traffic statistics |
984 |
Displaying error statistics |
985 |
Clearing IS-IS information |
986 |
BiDirectional Forwarding Detection (BFD) |
989 |
In this chapter |
989 |
Configuring BFD parameters |
990 |
Number of BFD sessions supported |
990 |
Disabling BFD Syslog messages |
990 |
Displaying Bidirectional Forwarding Detection information |
991 |
Displaying BFD information on a router |
991 |
Clearing BFD neighbor sessions |
995 |
Configuring BFD for the specified protocol |
995 |
Configuring BFD for OSPFv2 |
995 |
Configuring BFD for OSPFv3 |
996 |
Configuring BFD for IS-IS |
996 |
Configuring Multi-Device Port Authentication |
999 |
In this chapter |
999 |
How multi-device port authentication works |
999 |
RADIUS authentication |
999 |
Authentication-failure actions |
1000 |
Supported RADIUS attributes |
1000 |
Dynamic VLAN and ACL assignments |
1000 |
Support for authenticating multiple MAC addresses on an interface |
1001 |
Support for multi-device port authentication and 802.1x on the same interface |
1001 |
Configuring multi-device port authentication |
1001 |
Enabling multi-device port authentication |
1002 |
Configuring an authentication method list for 802.1x |
1002 |
Setting RADIUS parameters |
1002 |
Specifying the format of the MAC addresses sent to the RADIUS server |
1003 |
Specifying the authentication-failure action |
1003 |
Defining MAC address filters |
1004 |
Configuring dynamic VLAN assignment |
1004 |
Specifying to which VLAN a port is moved after its RADIUS-specified VLAN assignment expires |
1005 |
Saving dynamic VLAN assignments to the running configuration file |
1006 |
Clearing authenticated MAC addresses |
1006 |
Disabling aging for authenticated MAC addresses |
1007 |
Specifying the aging time for blocked MAC addresses |
1008 |
Displaying multi-device port authentication information |
1008 |
Displaying authenticated MAC address information |
1008 |
Displaying multi-device port authentication configuration information |
1009 |
Displaying multi-device port authentication information for a specific MAC address or port |
1012 |
Displaying the authenticated MAC addresses |
1013 |
Displaying the non-authenticated MAC addresses |
1013 |
Using the MAC Port Security Feature |
1015 |
In this chapter |
1015 |
Overview of MAC port security |
1015 |
Local and global resources |
1015 |
Configuring the MAC port security feature |
1016 |
Enabling the MAC port security feature |
1016 |
Setting the maximum number of secure MAC addresses for an interface |
1016 |
Setting the port security age timer |
1017 |
Specifying secure MAC addresses |
1017 |
Autosaving secure MAC addresses to the startup-config file |
1017 |
Defining security violation actions |
1018 |
Port security MAC violation limit |
1019 |
Transparent port flooding |
1020 |
Displaying MAC port security information |
1021 |
Displaying port security settings |
1021 |
Displaying the secure MAC addresses on the device |
1022 |
Displaying port security statistics |
1022 |
Displaying a list of MAC addresses |
1023 |
Configuring 802.1x Port Security |
1025 |
In this chapter |
1025 |
Overview of 802.1x port security |
1025 |
IETF RFC support |
1025 |
How 802.1x port security works |
1025 |
Device roles in an 802.1x configuration |
1025 |
Communication between the devices |
1026 |
Controlled and uncontrolled ports |
1028 |
Message exchange during authentication |
1029 |
Authenticating multiple clients connected to the same port |
1030 |
802.1x port security and sFlow |
1032 |
Configuring 802.1x port security |
1032 |
Configuring an authentication method list for 802.1x |
1033 |
Setting RADIUS parameters |
1033 |
Configuring dynamic VLAN assignment for 802.1x ports |
1034 |
Disabling and enabling strict security mode for dynamic filter assignment |
1035 |
Dynamically applying existing ACLs or MAC address filter |
1036 |
Configuring per-user IP ACLs or MAC address filters |
1038 |
Enabling 802.1x port security |
1038 |
Setting the port control |
1039 |
Configuring periodic re-authentication |
1040 |
Re-authenticating a port manually |
1040 |
Setting the quiet period |
1041 |
Setting the interval for retransmission of EAP-request/identity frames |
1041 |
Specifying the number of EAP-request/identity frame retransmissions |
1041 |
Specifying a timeout for retransmission of messages to the authentication server |
1042 |
Specifying a timeout for retransmission of EAP-request frames to the client |
1042 |
Initializing 802.1x on a port |
1042 |
Allowing multiple 802.1x clients to authenticate |
1042 |
Displaying 802.1x information |
1044 |
Displaying 802.1x configuration information |
1044 |
Displaying 802.1x statistics |
1046 |
Clearing 802.1x statistics |
1047 |
Displaying dynamically assigned VLAN information |
1047 |
Displaying information on MAC address filters and IP ACLs on an interface |
1048 |
Displaying information about the dot1x-mac-sessions on each port |
1050 |
Sample 802.1x configurations |
1051 |
Point-to-point configuration |
1052 |
Hub configuration |
1053 |
Protecting Against Denial of Service Attacks |
1055 |
In this chapter |
1055 |
Protecting against Smurf attacks |
1055 |
Avoiding being an intermediary in a Smurf attack |
1056 |
ACL-based DOS-attack prevention |
1056 |
Protecting against TCP SYN attacks |
1057 |
TCP security enhancement |
1058 |
Displaying statistics due DoS attacks |
1060 |
Clear DoS attack statistics |
1060 |
Inspecting and Tracking DHCP Packets |
1061 |
In this chapter |
1061 |
Dynamic ARP inspection |
1061 |
ARP attacks |
1061 |
How DAI works |
1062 |
Limits and restrictions |
1063 |
Configuring DAI |
1063 |
Displaying ARP inspection status and ports |
1065 |
Displaying the ARP table |
1065 |
DHCP snooping |
1066 |
How DHCP snooping works |
1067 |
System reboot and the binding database |
1067 |
Configuring DHCP snooping |
1067 |
DHCP relay agent information (DHCP option 82) |
1068 |
Disabling option 82 processing |
1069 |
Displaying DHCP snooping status and ports |
1070 |
DHCP snooping configuration example |
1070 |
IP source guard |
1071 |
Limits and restrictions |
1071 |
Enabling IP source guard |
1071 |
Securing SNMP Access |
1073 |
In this chapter |
1073 |
Establishing SNMP community strings |
1073 |
Encryption of SNMP community strings |
1073 |
Adding an SNMP community string |
1074 |
Displaying the SNMP community strings |
1075 |
Using the user-based security model |
1075 |
Configuring your NMS |
1075 |
Configuring SNMP version 3 on the BigIron RX |
1076 |
Defining the engine ID |
1076 |
Defining an SNMP group |
1077 |
Defining an SNMP user account |
1078 |
Displaying the engine ID |
1079 |
Displaying SNMP groups |
1080 |
Displaying user information |
1080 |
Interpreting varbinds in report packets |
1080 |
Defining SNMP views |
1081 |
SNMP v3 configuration examples |
1082 |
Enabling the Foundry Discovery Protocol (FDP) and Reading Cisco Discovery Protocol (CDP) Packets |
1083 |
In this chapter |
1083 |
Using FDP |
1083 |
Configuring FDP |
1083 |
Displaying FDP information |
1084 |
Clearing FDP and CDP information |
1087 |
Reading CDP packets |
1087 |
Enabling interception of CDP packets globally |
1088 |
Enabling interception of CDP packets on an interface |
1088 |
Displaying CDP information |
1088 |
Clearing CDP information |
1090 |
Remote Network Monitoring |
1091 |
In this chapter |
1091 |
Basic management |
1091 |
Viewing system information |
1091 |
Viewing configuration information |
1091 |
Viewing port statistics |
1091 |
Viewing STP statistics |
1092 |
Clearing statistics |
1092 |
RMON support |
1092 |
Statistics (RMON group 1) |
1092 |
History (RMON group 2) |
1095 |
Alarm (RMON group 3) |
1095 |
Event (RMON group 9) |
1096 |
sFlow |
1097 |
Configuration considerations |
1097 |
Configuring and enabling sFlow |
1098 |
ACL-based inbound sFlow |
1102 |
Multiple Spanning Tree Protocol (MSTP) 802.1s |
1109 |
In this chapter |
1109 |
802.1s Multiple Spanning Tree Protocol |
1109 |
Multiple spanning-tree regions |
1109 |
Configuring MSTP |
1111 |
Setting the MSTP name |
1111 |
Setting the MSTP revision number |
1111 |
Configuring an MSTP instance |
1112 |
Configuring port priority and port path cost |
1112 |
Configuring bridge priority for an MSTP instance |
1112 |
Setting the MSTP global parameters |
1113 |
Setting ports to be operational edge ports |
1113 |
Setting point-to-point link |
1114 |
Disabling MSTP on a port |
1114 |
Forcing ports to transmit an MSTP BPDU |
1114 |
Enabling MSTP on a switch |
1114 |
Displaying MSTP statistics |
1117 |
Displaying MSTP information for a specified instance |
1119 |
Displaying MSTP information for CIST instance 0 |
1119 |
Configuring IP Multicast Traffic Reduction |
1121 |
In this chapter |
1121 |
Enabling IP multicast traffic reduction |
1122 |
Changing the IGMP mode |
1123 |
Modifying the query interval |
1124 |
Modifying the age interval |
1124 |
Filtering multicast groups |
1124 |
Static IGMP membership |
1125 |
PIM SM traffic snooping |
1127 |
Application examples |
1128 |
Configuration requirements |
1130 |
Enabling PIM SM traffic snooping |
1130 |
Multicast traffic reduction per VLAN |
1131 |
Displaying IP multicast information |
1132 |
Displaying multicast information |
1132 |
Displaying IP multicast statistics |
1133 |
Clearing IP multicast statistics |
1133 |
Clearing IGMP group flows |
1133 |
IPv6 Addressing |
1135 |
In this chapter |
1135 |
IPv6 addressing |
1135 |
IPv6 address types |
1136 |
IPv6 stateless autoconfiguration |
1138 |
Configuring Basic IPv6 Connectivity |
1139 |
In this chapter |
1139 |
Enabling IPv6 routing |
1140 |
Configuring IPv6 on each router interface |
1140 |
Configuring a global or site-local IPv6 address |
1140 |
Configuring a link-local IPv6 address |
1141 |
Configuring IPv6 anycast addresses |
1142 |
Configuring the management port for an IPv6 automatic address configuration |
1143 |
IPv6 host support |
1143 |
IPv6 host supported features |
1143 |
IPv6 unsupported features |
1143 |
IPv6 CLI command support |
1144 |
Restricting SNMP access to an IPv6 node |
1145 |
Specifying an IPv6 SNMP trap receiver |
1145 |
Restricting web management access to an IPv6 host by specifying an IPv6 ACL |
1146 |
Restricting web management access to an IPv6 host |
1146 |
Configuring an IPv6 Syslog server |
1146 |
Viewing IPv6 SNMP server addresses |
1147 |
Disabling router advertisement and solicitation messages |
1147 |
Disabling IPv6 on a Layer 2 switch |
1148 |
Configuring an IPv6 host address for a BigIron RX running a switch image |
1148 |
Configuring a global or site-local IPv6 address with a manually configured interface ID as the switch’s system-wide address |
1149 |
Configuring a global or site-local IPv6 address with an automatically computed EUI-64 interface ID as the switch’s system-wide address |
1149 |
Configuring a link-local IPv6 address as the switch’s system-wide address |
1149 |
Configuring IPv4 and IPv6 protocol stacks |
1150 |
Configuring IPv6 Domain Name Server (DNS) resolver |
1151 |
Defining a DNS entry |
1151 |
ECMP load sharing for IPv6 |
1152 |
Disabling or re-enabling ECMP load sharing for IPv6 |
1153 |
Changing the maximum number of load sharing paths for IPv6 |
1153 |
Changing the ECMP load-sharing method for IPv6 |
1153 |
DHCP relay agent for IPv6 |
1154 |
Configuring DHCP for IPv6 relay agent |
1154 |
Enabling support for network-based ECMP load sharing for IPv6 |
1154 |
Displaying ECMP load-sharing information for IPv6 |
1154 |
Configuring IPv6 ICMP |
1155 |
Configuring ICMP rate limiting |
1155 |
Disabling or reenabling ICMP redirect messages |
1156 |
Configuring IPv6 neighbor discovery |
1156 |
Neighbor solicitation and advertisement messages |
1157 |
Router advertisement and solicitation messages |
1157 |
Neighbor redirect messages |
1158 |
Setting neighbor solicitation parameters for duplicate address detection |
1158 |
Setting IPv6 router advertisement parameters |
1159 |
Controlling prefixes advertised in IPv6 router advertisement messages |
1160 |
Setting flags in IPv6 router advertisement messages |
1160 |
Enabling and disabling IPv6 router advertisements |
1161 |
Configuring reachable time for remote IPv6 nodes |
1161 |
Changing the IPv6 MTU |
1162 |
Configuring static neighbor entries |
1163 |
Limiting the number of hops an IPv6 packet can traverse |
1163 |
QoS for IPv6 traffic |
1163 |
Clearing global IPv6 information |
1164 |
Clearing the IPv6 cache |
1164 |
Clearing IPv6 neighbor information |
1165 |
Clearing IPv6 routes from the IPv6 route table |
1165 |
Clearing IPv6 traffic statistics |
1166 |
Deleting IPv6 session flows |
1166 |
Displaying global IPv6 information |
1166 |
Displaying IPv6 cache information |
1166 |
Displaying IPv6 interface information |
1167 |
Displaying IPv6 neighbor information |
1169 |
Displaying the IPv6 route table |
1170 |
Displaying local IPv6 routers |
1171 |
Displaying IPv6 TCP information |
1172 |
Displaying IPv6 traffic statistics |
1176 |
Displaying IPv6 session flows |
1179 |
Configuring RIPng |
1181 |
In this chapter |
1181 |
Configuring RIPng |
1181 |
Enabling RIPng |
1182 |
Configuring RIPng timers |
1182 |
Configuring route learning and advertising parameters |
1183 |
Redistributing routes into RIPng |
1185 |
Controlling distribution of routes through RIPng |
1185 |
Configuring poison reverse parameters |
1186 |
Clearing RIPng routes from IPv6 route table |
1187 |
Displaying RIPng information |
1187 |
Displaying RIPng configuration |
1187 |
Displaying RIPng routing table |
1188 |
Configuring BGP4+ |
1191 |
In this chapter |
1191 |
Address family configuration level |
1191 |
Configuring BGP4+ |
1192 |
Enabling BGP4+ |
1193 |
Configuring BGP4+ neighbors using global or site-local IPv6 addresses |
1193 |
Adding BGP4+ neighbors using link-local addresses |
1194 |
Configuring a BGP4+ peer group |
1196 |
Advertising the default BGP4+ route |
1197 |
Importing routes into BGP4+ |
1198 |
Redistributing prefixes into BGP4+ |
1198 |
Aggregating routes advertised to BGP4 neighbors |
1199 |
Using route maps |
1200 |
Clearing BGP4+ information |
1200 |
Removing route flap dampening |
1200 |
Clearing route flap dampening statistics |
1201 |
Clearing BGP4+ local route information |
1201 |
Clearing BGP4+ neighbor information |
1201 |
Clearing and resetting BGP4+ routes in the IPv6 route table |
1204 |
Clearing traffic counters for all BGP4+ neighbors |
1205 |
Displaying BGP4+ information |
1205 |
Displaying the BGP4+ route table |
1205 |
Displaying BGP4+ route information |
1211 |
Displaying BGP4+ route-attribute entries |
1212 |
Displaying the BGP4+ running configuration |
1214 |
Displaying dampened BGP4+ paths |
1214 |
Displaying filtered-out BGP4+ routes |
1215 |
Displaying route flap dampening statistics |
1220 |
Displaying BGP4+ neighbor information |
1221 |
Displaying BGP4+ peer group configuration information |
1243 |
Displaying BGP4+ summary |
1244 |
Configuring IPv6 MBGP |
1247 |
In this chapter |
1247 |
Configuration considerations |
1247 |
Configuring IPv6 MBGP |
1247 |
Setting the maximum number of multicast routes supported |
1248 |
Enabling IPv6 MBGP |
1248 |
Adding IPv6 MBGP neighbors |
1249 |
Optional configuration tasks |
1249 |
Aggregating routes advertised to IPv6 BGP neighbors |
1252 |
Displaying IPv6 MBGP information |
1252 |
Displaying summary MBGP information |
1253 |
Displaying the Active MBGP Configuration |
1254 |
Displaying MBGP neighbors |
1254 |
Displaying MBGP routes |
1256 |
Displaying the IPv6 multicast route table |
1256 |
IPv6 Access Control Lists (ACLs) |
1257 |
In this chapter |
1257 |
IPv6 ACLs |
1257 |
Using IPv6 ACLs as input to other features |
1258 |
Configuring an IPv6 ACL |
1258 |
Example configurations |
1259 |
Default and implicit IPv6 ACL action |
1260 |
ACL syntax |
1261 |
Applying an IPv6 ACL to an interface |
1267 |
Adding TCP flags to an IPv6 ACL entry |
1267 |
Adding a comment to an IPv6 ACL entry |
1267 |
Displaying ACLs |
1269 |
Configuring OSPF Version 3 |
1271 |
In this chapter |
1271 |
OSPF version 3 |
1271 |
Link state advertisement types for OSPFv3 |
1272 |
Configuring OSPFv3 |
1272 |
Enabling OSPFv3 |
1273 |
Assigning OSPFv3 areas |
1273 |
Configuring virtual links |
1275 |
Changing the reference bandwidth for the cost on OSPFv3 interfaces |
1277 |
Redistributing routes into OSPFv3 |
1278 |
Filtering OSPFv3 routes |
1282 |
Configuring default route origination |
1285 |
Modifying shortest path first timers |
1286 |
Modifying administrative distance |
1287 |
Configuring the OSPFv3 LSA pacing interval |
1288 |
Modifying exit overflow interval |
1288 |
Modifying external link state database limit |
1288 |
Modifying OSPFv3 interface defaults |
1289 |
Disabling or reenabling event logging |
1290 |
Displaying OSPFv3 information |
1290 |
Displaying OSPFv3 area information |
1290 |
Displaying OSPFv3 database Information |
1291 |
Displaying OSPFv3 interface information |
1296 |
Displaying OSPFv3 memory usage |
1299 |
Displaying OSPFv3 neighbor information |
1300 |
Displaying routes redistributed into OSPFv3 |
1302 |
Displaying OSPFv3 route information |
1303 |
Displaying OSPFv3 SPF information |
1305 |
Displaying IPv6 OSPF virtual link information |
1308 |
Displaying OSPFv3 virtual neighbor information |
1308 |
Configuring IPv6 Multicast Features |
1311 |
In this chapter |
1311 |
IPv6 PIM sparse |
1311 |
PIM sparse router types |
1312 |
RP paths and SPT paths |
1312 |
Configuring PIM sparse |
1312 |
IPv6 PIM-sparse mode |
1313 |
Configuring IPv6 PIM-SM on a virtual routing interface |
1313 |
Passive Multicast Route Insertion (PMRI) |
1320 |
Displaying PIM sparse configuration information and statistics |
1321 |
Multicast Listener Discovery and source specific multicast protocols(MLDv2) |
1330 |
MLD version distinctions |
1330 |
Enabling MLDv2 |
1331 |
Enabling source specific multicast |
1331 |
Setting the query interval |
1332 |
Setting the maximum response time |
1332 |
Setting the last listener query count |
1332 |
Setting the last listener query interval |
1332 |
Setting the robustness |
1333 |
Setting the version |
1333 |
Specifying a port version |
1333 |
Specifying a static group |
1333 |
Setting the interface MLD version |
1334 |
Displaying MLD information |
1334 |
Displaying MLD group information |
1334 |
Displaying MLD definitions for an interface |
1335 |
Displaying MLD traffic |
1336 |
Clearing IPv6 MLD traffic |
1336 |
Embedded Rendezvous Point (RP) |
1337 |
Configuring IPv6 Routes |
1339 |
In this chapter |
1339 |
Configuring a static IPv6 route |
1339 |
Configuring a IPv6 multicast route |
1341 |
Using Syslog |
1343 |
Displaying Syslog messages |
1344 |
Configuring the Syslog service |
1345 |
Displaying the Syslog configuration |
1345 |
Disabling or re-enabling Syslog |
1349 |
Specifying a Syslog server |
1349 |
Specifying an additional Syslog server |
1350 |
Disabling logging of a message level |
1350 |
Logging all CLI commands to Syslog |
1350 |
Changing the number of entries the local buffer can hold |
1351 |
Changing the log facility |
1351 |
Displaying the interface name in Syslog messages |
1352 |
Clearing the Syslog messages from the local buffer |
1353 |
Displaying TCP/UDP port numbers in Syslog messages |
1353 |
Syslog messages |
1353 |
Software Specifications |
1373 |
IEEE compliance |
1373 |
RFC compliance |
1373 |
RFC compliance - BGPv4 |
1373 |
RFC compliance - OSPF |
1374 |
RFC compliance - IS-IS |
1374 |
RFC compliance - RIP |
1374 |
RFC compliance - IP Multicast |
1374 |
RFC compliance - general protocols |
1375 |
RFC compliance - management |
1376 |
RFC compliance - IPv6 core |
1376 |
RFC compliance - IPv6 routing |
1377 |
RFC compliance - IPv6 multicast |
1377 |
RFC compliance - IPv6 transitioning |
1377 |
RFC compliance - IPv6 management |
1377 |
Internet drafts |
1378 |
NIAP-CCEVS Certification |
1379 |
NIAP-CCEVS certified Brocade equipment and Ironware releases |
1379 |
Web management access to NIAP-CCEVS certified Security Guide equipment |
1379 |
Local user password changes |
1380 |
Commands That Require a Reload |
1381 |
Index to the CLI Commands |
1383 |
ACLs (IP) |
1383 |
Numbered ACL |
1383 |
Named ACL |
1384 |
Other ACL commands |
1384 |
ACLs (L2) |
1385 |
BGP4 |
1385 |
FDP/CDP |
1391 |
IP |
1391 |
Metro Ring protocol |
1394 |
IPv6 BGP4+ |
1395 |
IPv6 ACL |
1397 |
IPv6 basic connectivity |
1398 |
IPv6 multicast |
1401 |
IPv6 RIPng |
1401 |
IPv6 OSPFv3 |
1402 |
IS-IS |
1404 |
Metro ring |
1406 |
MSTP |
1406 |
Multicast (IP) |
1407 |
Multicast (L2) |
1409 |
OSPF version 4 |
1410 |
Port parameters |
1411 |
Port-based routing |
1412 |
Quality of Service (QoS) |
1413 |
Rate limiting |
1414 |
RIP |
1415 |
RMON |
1416 |
RSTP |
1416 |
Security/management |
1417 |
802.1x port security |
1417 |
Access |
1418 |
Authentication method list |
1418 |
Passwords |
1418 |
Privilege level |
1419 |
RADIUS |
1419 |
SNMP access |
1420 |
SSH access |
1420 |
SSL |
1420 |
TACACS/TACACS+ |
1420 |
Telnet access |
1421 |
TFTP access |
1421 |
User account |
1422 |
Web management access |
1422 |
DoS protection |
1422 |
MAC authentication |
1422 |
MAC port security |
1424 |
Redundant management module |
1424 |
SNMP |
1426 |
SSH |
1427 |
sFlow |
1428 |
STP |
1428 |
SysLog messages |
1429 |
System parameters |
1429 |
Topology |
1431 |
LAG |
1431 |
UDLD |
1432 |
VLAN |
1432 |
VRRP/VRRPE |
1433 |