Section |
Page |
Contents |
3 |
About This Document |
41 |
Audience |
41 |
Supported hardware and software |
41 |
List of supported features |
41 |
Unsupported features |
44 |
What’s new in this document |
45 |
Enhancements in release 02.8.00 |
46 |
Enhancements in release 02.7.03 |
47 |
Enhancements in release 02.7.02 |
48 |
Enhancements in release 02.7.00 |
50 |
Enhancements in release 02.6.00 |
51 |
Enhancements in patch release 02.5.00c |
54 |
Enhancements in patch release 02.5.00b |
55 |
Enhancements in release 02.5.00 |
55 |
Enhancements in patch release 02.4.00c |
57 |
Enhancements in release 02.4.00 |
58 |
Enhancements in patch release 02.3.00a |
62 |
Enhancements in release 02.3.00 |
63 |
Enhancements in release 02.2.01 |
69 |
Enhancements in release 02.2.00g |
73 |
Enhancements in release 02.2.00 |
73 |
Document conventions |
74 |
Text formatting |
74 |
Command syntax conventions |
74 |
Notes, cautions, and danger notices |
75 |
Notice to the reader |
75 |
Related publications |
75 |
Getting technical help or reporting errors |
76 |
E-mail and telephone access |
76 |
Getting Started with the Command Line Interface |
77 |
In this chapter |
77 |
Logging on through the CLI |
77 |
On-line help |
78 |
Command completion |
78 |
Scroll control |
78 |
Line editing commands |
79 |
EXEC commands |
79 |
Global level |
80 |
CONFIG commands |
80 |
Accessing the CLI |
83 |
Navigating among command levels |
84 |
CLI command structure |
84 |
Searching and filtering output |
85 |
Allowable characters for LAG names |
89 |
Syntax shortcuts |
90 |
Saving configuration changes |
90 |
Getting Familiar With the BigIron RX Series Switch Management Applications |
91 |
How to manage BigIron RX Series switch |
91 |
Logging on through the CLI |
91 |
On-line help |
92 |
Command completion |
92 |
Scroll control |
92 |
Line editing commands |
93 |
Searching and filtering output from CLI commands |
93 |
Allowable characters for LAG names |
97 |
Logging on through the Web Management Interface |
98 |
Web Management Interface |
99 |
Using a Redundant Management Module |
101 |
How management module redundancy works |
101 |
Management module redundancy overview |
101 |
Management module switchover |
102 |
Switchover implications |
103 |
Management module redundancy configuration |
105 |
Changing the default active slot |
105 |
Managing management module redundancy |
105 |
File synchronization between the active and standby management modules |
105 |
Manually switching over to the standby management module |
108 |
Rebooting the active and standby management modules |
108 |
Monitoring management module redundancy |
109 |
Determining management module status |
109 |
Displaying temperature information |
110 |
Displaying switchover information |
110 |
Flash memory and PCMCIA flash card file management commands |
112 |
Management focus |
113 |
Flash memory file system |
114 |
PCMCIA flash card file system |
115 |
Wildcards |
116 |
Formatting a flash card |
116 |
Determining the current management focus |
117 |
Switching the management focus |
117 |
Displaying a directory of the files |
118 |
Displaying the contents of a file |
120 |
Displaying the hexadecimal output of a file |
121 |
Creating a subdirectory |
121 |
Removing a subdirectory |
123 |
Renaming a file |
124 |
Changing the read-write attribute of a file |
124 |
Deleting a file |
125 |
Recovering (“undeleting”) a file |
126 |
Appending a file to another file |
127 |
Copying files using the copy command |
127 |
Copying files using the cp command |
132 |
Loading the software |
133 |
Saving configuration changes |
134 |
File management messages |
135 |
Securing Access to Management Functions |
137 |
Securing access methods |
137 |
Restricting remote access to management functions |
139 |
Using ACLs to restrict remote access |
139 |
Restricting remote access to the device to specific IP addresses |
142 |
Specifying the maximum number of login attempts for Telnet access |
143 |
Restricting remote access to the device to specific VLAN IDs |
144 |
Disabling specific access methods |
145 |
Setting passwords |
146 |
Setting a Telnet password |
147 |
Setting passwords for management privilege levels |
147 |
Recovering from a lost password |
149 |
Displaying the SNMP community string |
150 |
Disabling password encryption |
150 |
Specifying a minimum password length |
150 |
Setting up local user accounts |
150 |
Configuring a local user account |
151 |
Username, password and login rules |
153 |
Configuring the strict password feature |
154 |
Configuring SSL security for the Web Management Interface |
157 |
Enabling the SSL server on the device |
157 |
Importing digital certificates and RSA private key files |
157 |
Generating an SSL certificate |
158 |
Configuring TACACS and TACACS+ security |
158 |
How TACACS+ differs from TACACS |
159 |
TACACS and TACACS+ authentication, authorization, and accounting |
159 |
TACACS and TACACS+ configuration considerations |
162 |
Enabling SNMP to configure TACACS and TACACS |
163 |
Identifying the TACACS and TACACS+ servers |
164 |
Specifying different servers for individual AAA functions |
164 |
Setting optional TACACS and TACACS+ parameters |
165 |
Configuring authentication-method lists for TACACS and TACACS+ |
166 |
Configuring TACACS+ authorization |
168 |
Configuring TACACS+ accounting |
171 |
Configuring an interface as the source for all TACACS and TACACS+ packets |
172 |
Displaying TACACS and TACACS+ statistics and configuration information |
173 |
Configuring RADIUS security |
174 |
RADIUS authentication, authorization, and accounting |
174 |
RADIUS configuration considerations |
177 |
RADIUS configuration procedure |
178 |
Configuring Brocade-specific attributes on the RADIUS server |
178 |
Enabling SNMP to configure RADIUS |
179 |
Identifying the RADIUS server to the BigIron RX |
180 |
Specifying different servers for individual AAA functions |
180 |
Setting RADIUS parameters |
180 |
Configuring authentication-method lists for RADIUS |
181 |
Configuring RADIUS authorization |
183 |
Configuring RADIUS accounting |
185 |
Configuring an interface as the source for all RADIUS packets |
186 |
Displaying RADIUS configuration information |
186 |
Configuring authentication-method lists |
188 |
Configuration considerations for authentication- method lists |
189 |
Examples of authentication-method lists |
189 |
Configuring Basic Parameters |
193 |
Entering system administration information |
193 |
Configuring Simple Network Management Protocol traps |
194 |
Specifying an SNMP trap receiver |
194 |
Specifying a Single trap source |
195 |
Setting the SNMP Trap holddown time |
195 |
Disabling SNMP traps |
196 |
Disabling Syslog messages and traps for CLI access |
197 |
Configuring an interface as source for all Telnet packets |
198 |
Cancelling an outbound Telnet session |
199 |
Configuring an interface as the source for all TFTP packets |
199 |
Configuring an interface as the source for Syslog packets |
199 |
Specifying a Simple Network Time Protocol (SNTP) server |
200 |
Setting the system clock |
202 |
New Daylight Saving Time (DST) |
203 |
Configuring CLI banners |
203 |
Setting a message of the day banner |
204 |
Setting a privileged EXEC CLI level banner |
204 |
Displaying a message on the console when an incoming Telnet session is detected |
205 |
Configuring terminal display |
205 |
Checking the length of terminal displays |
205 |
Enabling or disabling routing protocols |
206 |
Displaying and modifying system parameter default settings |
206 |
Enabling or disabling Layer 2 switching |
209 |
CAM partitioning for the BigIron RX |
210 |
Re-distributing CAM allocations |
210 |
Nexthop table |
211 |
Changing the MAC age time |
212 |
Configuring static ARP entries |
212 |
Pinging an IPv4 address |
213 |
Configuring Interface Parameters |
215 |
Assigning a port name |
215 |
Assigning an IP address to a port |
215 |
Speed/Duplex negotiation |
216 |
Disabling or re-enabling a port |
217 |
Changing the default Gigabit negotiation mode |
217 |
Changing the negotiation mode |
218 |
Disabling or re-enabling flow control |
218 |
Specifying threshold values for flow control |
218 |
Locking a port to restrict addresses |
219 |
Wait for all cards feature |
219 |
Port transition hold timer |
220 |
Port flap dampening |
220 |
Modifying port priority (QoS) |
222 |
Assigning a mirror port and monitor ports |
222 |
Configuration guidelines for monitoring traffic |
222 |
Configuring port mirroring and monitoring |
222 |
Monitoring an individual trunk port |
224 |
Mirror ports for Policy-Based Routing (PBR) traffic |
225 |
About hardware-based PBR |
225 |
Configuring mirror ports for PBR traffic |
226 |
Displaying mirror and monitor port configuration |
226 |
Enabling WAN PHY mode support |
227 |
Configuring IP |
229 |
Overview of configuring IP |
229 |
The IP packet flow |
229 |
ARP cache table |
230 |
Static ARP table |
230 |
IP Route table |
231 |
IP forwarding cache |
232 |
Basic IP parameters and defaults |
232 |
When parameter changes take effect |
233 |
IP global parameters |
233 |
IP interface parameters |
236 |
Configuring IP parameters |
237 |
Configuring IP addresses |
237 |
Changing the network mask display to prefix format |
240 |
Configuring the default gateway |
240 |
GRE IP tunnel |
241 |
IPv6 over IPv4 tunnels in hardware |
246 |
Configuring Domain Name Server (DNS) resolver |
250 |
Adding host names to the DNS cache table |
251 |
Configuring packet parameters |
255 |
Changing the encapsulation type |
255 |
Setting maximum frame size per PPCR |
256 |
Changing the MTU |
257 |
Changing the router ID |
258 |
Specifying a single source interface for Telnet, TACACS, TACACS+, or RADIUS packets |
259 |
Configuring an interface as the source for Syslog packets |
261 |
IP fragmentation protection |
261 |
IP option attack protection |
262 |
IP receive access list |
262 |
Configuring ARP parameters |
263 |
How ARP works |
263 |
Rate limiting ARP packets |
264 |
Applying a rate limit to ARP packets on an interface |
264 |
Clearing the rate limit for ARP packets |
266 |
Changing the ARP aging period |
266 |
Creating a floating static ARP entry |
268 |
Static route ARP validation check |
268 |
Configuring forwarding parameters |
270 |
Disabling ICMP messages |
272 |
Disabling ICMP redirect messages |
274 |
Configuring static routes |
274 |
Static route tagging |
279 |
Configuring a default network route |
284 |
Configuring IP load sharing |
285 |
Default route ECMP |
288 |
IP receive access list |
289 |
Configuring IRDP |
290 |
Configuring UDP broadcast and IP helper parameters |
292 |
Configuring BootP/DHCP forwarding parameters |
294 |
Displaying IP information |
296 |
Displaying IP interface information |
299 |
Displaying interface name in Syslog |
300 |
Displaying ARP entries |
300 |
Displaying the forwarding cache |
302 |
Displaying the IP route table |
304 |
Clearing IP routes |
307 |
Displaying IP traffic statistics |
307 |
Displaying TCP traffic statistics |
310 |
Link Aggregation |
313 |
Link aggregation overview |
313 |
LAG formation rules |
313 |
LAG load sharing |
316 |
Configuration of a LAG |
317 |
Creating a Link Aggregation Group (LAG) |
317 |
Deploying a LAG |
320 |
Commands available under LAG once it is deployed |
320 |
Configuring ACL-based mirroring |
321 |
Disabling ports within a LAG |
321 |
Enabling ports within a LAG |
321 |
Monitoring an individual LAG port |
322 |
Assigning a name to a port within a LAG |
322 |
Enabling sFlow forwarding on a port within a LAG |
322 |
Setting the sFlow sampling rate for a port within a LAG |
323 |
Displaying LAG information |
323 |
Displaying LAG statistics |
327 |
Configuring LLDP |
329 |
Terms used in this chapter |
329 |
LLDP overview |
329 |
Benefits of LLDP |
330 |
General operating principles |
331 |
Operating modes |
331 |
LLDP packets |
331 |
TLV support |
332 |
MIB support |
335 |
Syslog messages |
335 |
Web Management |
335 |
Configuring LLDP |
335 |
Configuration notes and considerations |
336 |
Enabling and disabling LLDP |
337 |
Changing a port’s LLDP operating mode |
337 |
Specifying the maximum number of LLDP neighbors |
338 |
Enabling LLDP SNMP notifications and Syslog messages |
339 |
Specifying the minimum time between SNMP traps and Syslog messages |
340 |
Changing the minimum time between LLDP transmissions |
340 |
Changing the interval between regular LLDP transmissions |
341 |
Changing the holdtime multiplier for transmit TTL |
341 |
Changing the minimum time between port reinitializations |
342 |
LLDP TLVs advertised by the Brocade device |
342 |
Displaying LLDP statistics and configuration settings |
349 |
LLDP configuration summary |
350 |
LLDP statistics |
350 |
LLDP neighbors |
352 |
LLDP neighbors detail |
353 |
LLDP configuration details |
354 |
Resetting LLDP statistics |
355 |
Configuring Uni-Directional Link Detection (UDLD) |
357 |
Configuration considerations |
358 |
Configuring UDLD |
358 |
Changing the keepalive interval |
358 |
Changing the keepalive retries |
358 |
Displaying UDLD information |
359 |
Displaying information for all ports |
359 |
Displaying link-keepalive information |
359 |
Displaying information for a single port |
360 |
Clearing UDLD statistics |
362 |
VLANs |
363 |
Overview of Virtual Local Area Networks (VLANs) |
363 |
Tagged, untagged, and dual-mode ports |
363 |
Protocol-based VLANs |
365 |
VLAN configuration rules |
366 |
VLAN ID range |
366 |
Tagged VLANs |
366 |
VLAN hierarchy |
366 |
Multiple VLAN membership rules |
366 |
Layer 2 control protocols on VLANs |
367 |
Configuring port-based VLANs |
367 |
VLAN byte accounting |
368 |
Strictly or explicitly tagging a port |
370 |
Assigning or changing a VLAN priority |
370 |
Assigning a different ID to the default VLAN |
370 |
Configuring protocol-based VLANs |
371 |
Configuring an MSTP instance |
372 |
Configuring virtual routing interfaces |
372 |
Bridging and routing the same protocol simultaneously on the same device |
373 |
Integrated Switch Routing (ISR) |
374 |
VLAN groups |
375 |
Configuring a VLAN group |
375 |
Configuring super aggregated VLANs |
377 |
Configuring aggregated VLANs |
379 |
Complete CLI examples |
380 |
Configuring 802.1q-in-q tagging |
383 |
Configuration rules |
384 |
Enabling 802.1Q-in-Q tagging |
385 |
Example configuration |
385 |
Configuring 802.1q tag-type translation |
386 |
Configuration rules |
388 |
Enabling 802.1q tag-type translation |
389 |
Private VLANs |
390 |
Implementation notes |
391 |
Configuration notes |
391 |
Configuring a private VLAN |
392 |
Enabling broadcast, multicast or unknown unicast traffic to the private VLAN |
394 |
CLI example for Figure 30 |
394 |
Other VLAN features |
395 |
Allocating memory for more VLANs or virtual routing interfaces |
395 |
Hardware flooding for Layer 2 multicast and broadcast packets |
395 |
Unknown unicast flooding on VLAN ports |
396 |
Flow based MAC learning |
396 |
Configuring uplink ports within a port-based VLAN |
397 |
Configuring control protocols in VLANs |
397 |
Other configuration options |
397 |
Displaying VLAN information |
397 |
Displaying VLAN information |
398 |
Displaying VLAN information for specific ports |
398 |
Displaying VLAN status and port types |
399 |
Displaying VLAN group information |
400 |
Transparent firewall mode |
401 |
Enabling a transparent firewall |
401 |
Configuring Spanning Tree Protocol |
403 |
IEEE 802.1D Spanning Tree Protocol (STP) |
403 |
Enabling or disabling STP |
403 |
Default STP bridge and port parameters |
404 |
Changing STP bridge parameters |
405 |
Changing STP port parameters |
406 |
STP root guard |
406 |
Spanning Tree Protocol (STP) BPDU guard |
407 |
Displaying STP information |
408 |
IEEE Single Spanning Tree (SSTP) |
416 |
SSTP defaults |
417 |
Enabling SSTP |
417 |
Displaying SSTP information |
418 |
PVST/PVST+ compatibility |
419 |
Overview of PVST and PVST+ |
419 |
VLAN tags and dual mode |
419 |
Enabling PVST+ support |
420 |
Displaying PVST+ support information |
420 |
Configuration examples |
421 |
SuperSpan™ |
423 |
Customer ID |
424 |
BPDU forwarding |
424 |
Configuring SuperSpan |
429 |
Configuring Rapid Spanning Tree Protocol |
433 |
Overview of Rapid Spanning Tree Protocol |
433 |
Bridges and bridge port roles |
433 |
Assignment of port roles |
434 |
Ports on Switch 1 |
435 |
Ports on Switch 2 |
435 |
Ports on Switch 3 |
435 |
Ports Switch 4 |
436 |
Edge ports and edge port roles |
436 |
Point-to-point ports |
437 |
Bridge port states |
437 |
Edge port and non-edge port states |
438 |
Changes to port roles and states |
438 |
State machines |
438 |
Handshake mechanisms |
439 |
Convergence in a simple topology |
449 |
Convergence at start up |
450 |
Convergence after a link failure |
452 |
Convergence at link restoration |
453 |
Convergence in a complex RSTP topology |
454 |
Propagation of topology change |
457 |
Compatibility of RSTP with 802.1D |
460 |
Configuring RSTP parameters |
461 |
Enabling or disabling RSTP in a port-based VLAN |
461 |
Enabling or disabling RSTP on a single spanning tree |
462 |
Disabling or enabling RSTP on a port |
462 |
Changing RSTP bridge parameters |
462 |
Changing port parameters |
463 |
Fast port span |
464 |
Fast uplink span |
466 |
Displaying RSTP information |
468 |
Metro Ring Protocol (MRP) Phase 1 and 2 |
477 |
Metro Ring Protocol (MRP) phase 1 |
477 |
MRP rings without shared interfaces |
478 |
Ring initialization |
479 |
How ring breaks are detected and healed |
482 |
Master VLANs and customer VLANs in a topology group |
484 |
Configuring MRP |
486 |
Adding an MRP ring to a VLAN |
487 |
Changing the hello and preforwarding times |
488 |
MRP phase 2 |
488 |
Ring initialization for shared interfaces |
490 |
How ring breaks are detected and healed between shared interfaces |
490 |
Selection of master node |
491 |
RHP processing in rings with shared interfaces |
491 |
Normal flow |
492 |
Flow when a link breaks |
493 |
Configuring MRP with shared interfaces |
493 |
Using MRP diagnostics |
494 |
Enabling MRP diagnostics |
494 |
Displaying MRP diagnostics |
495 |
Displaying MRP information |
495 |
Displaying topology group information |
495 |
Displaying ring information |
496 |
MRP CLI example |
497 |
Commands on switch A (master node) |
498 |
Commands on switch B |
498 |
Commands on switch C |
499 |
Commands on switch D |
499 |
Virtual Switch Redundancy Protocol (VSRP) |
501 |
Overview of Virtual Switch Redundancy Protocol (VSRP) |
501 |
Layer 2 and Layer 3 redundancy |
502 |
Master election and failover |
502 |
Configuring basic VSRP parameters |
507 |
Enabling Layer 3 VSRP |
508 |
Configuring optional VSRP parameters |
508 |
Disabling VSRP on a VRID |
508 |
Configuring authentication |
508 |
Configuring a VRID IP address |
509 |
VSRP fast start |
510 |
Changing the backup priority |
511 |
Saving the timer values received from the master |
511 |
VSRP slow start |
512 |
Changing the Time-To-Live (TTL) |
512 |
Changing the hello interval |
513 |
Changing the dead interval |
513 |
Changing the backup hello state and interval |
513 |
Changing the hold-down interval |
514 |
Changing the default track priority |
514 |
Specifying a track port |
515 |
Disabling or re-enabling backup pre-emption |
515 |
Port transition hold timer |
515 |
Clearing VSRP information |
516 |
VSRP and MRP signaling |
516 |
Displaying VSRP information |
518 |
Displaying VRID information |
518 |
Displaying a summary of VSRP information |
520 |
Displaying VSRP packet statistics for VSRP |
521 |
Displaying the active interfaces for a VRID |
522 |
Topology Groups |
523 |
Topology overview |
523 |
Master VLAN and member VLANs |
523 |
Master VLANs and customer VLANs in MRP |
524 |
Control ports and free ports |
524 |
Configuration considerations |
524 |
Configuring a topology group |
525 |
Displaying topology group information |
525 |
Displaying topology group information |
525 |
Configuring VRRP and VRRPE |
527 |
Overview of VRRP |
527 |
Standard VRRP |
527 |
Brocade enhancements of VRRP |
529 |
Overview of VRRPE |
531 |
VRRP and VRRPE parameters |
534 |
Configuring parameters specific to VRRP |
536 |
Configuring the owner |
536 |
Configuring basic VRRP parameters |
536 |
Configuring the owner |
537 |
Configuring a backup |
537 |
Configuration rules for VRRP |
537 |
Configuring parameters specific to VRRPE |
538 |
Configuration rules for VRRPE |
538 |
Configuring additional VRRP and VRRPE parameters |
538 |
Authentication type |
539 |
Suppression of RIP advertisements on backup routers for the backup up interface |
540 |
Hello interval |
540 |
Dead interval |
540 |
Backup hello message state and interval |
541 |
Track port |
541 |
Track priority |
541 |
Backup preempt |
542 |
Master router abdication and reinstatement |
542 |
Displaying VRRP and VRRPE information |
543 |
Displaying summary information |
543 |
Displaying detailed information |
545 |
Displaying statistics |
548 |
Clearing VRRP or VRRPE statistics |
549 |
Configuration examples |
549 |
VRRP example |
549 |
VRRPE example |
551 |
Configuring Quality of Service |
553 |
Overview of Quality of Service (QoS) |
553 |
Classification |
553 |
Processing of classified traffic |
553 |
Marking |
556 |
Configuring DSCP classification by interface |
556 |
Configuring port, MAC, and VLAN-based classification |
556 |
Configuring ToS-based QoS |
558 |
Enabling ToS-based QoS |
558 |
Specifying trust level |
558 |
Enabling marking |
558 |
Configuring the QoS mappings |
559 |
Changing the CoS –> DSCP mappings |
559 |
Changing the DSCP –> DSCP mappings |
559 |
Changing the DSCP –> internal forwarding priority mappings |
560 |
Changing the CoS –> internal forwarding priority mappings |
561 |
Displaying QoS configuration information |
561 |
Determining packet drop priority using WRED |
563 |
How WRED Operates |
564 |
Calculating avg-q-size |
564 |
Calculating packets that are dropped |
564 |
Using WRED with rate limiting |
565 |
Configuring packet drop priority using WRED |
565 |
Enabling WRED |
565 |
Setting the averaging-weight (Wq) parameter |
565 |
Displaying the WRED configuration |
569 |
Scheduling traffic for forwarding |
570 |
Configuring traffic scheduling |
570 |
Configuring multicast traffic engineering |
574 |
Displaying the multicast traffic engineering configuration |
575 |
Qos profiles |
576 |
Calculating the values for WFQ storage mode traffic scheduling |
577 |
Egress port shaping |
577 |
Mirroring ports |
578 |
Supported ACLs |
578 |
Configuring QoS for the 16 x 10G module |
578 |
Configuration steps |
578 |
Configuring Traffic Reduction |
581 |
In this chapter |
581 |
Traffic policing on the BigIron RX Series |
581 |
Traffic reduction parameters and algorithm |
582 |
Requested rate |
582 |
Maximum burst |
582 |
Actual rate |
582 |
Configuration considerations |
583 |
Configuring rate limiting policies |
584 |
Configuring a port-based rate limiting policy |
584 |
Configuring a port-and-priority-based rate limiting policy |
585 |
Configuring a port-and-VLAN-based rate limiting policy |
585 |
Configuring a VLAN-group-based rate limiting policy |
586 |
Configuring a port-and-IPv6 ACL-based traffic reduction |
588 |
NP based multicast, broadcast, and unknown-unicast rate limiting |
589 |
Displaying traffic reduction |
590 |
Layer 2 ACLs |
593 |
Filtering based on ethertype |
593 |
Configuration rules and notes |
593 |
Configuring Layer 2 ACLs |
594 |
Creating a Layer 2 ACL table |
594 |
Example Layer 2 ACL clauses |
595 |
Inserting and deleting Layer 2 ACL clauses |
596 |
Binding a Layer 2 ACL table to an interface |
596 |
Increasing the maximum number of clauses per Layer 2 ACL table |
596 |
Viewing Layer 2 ACLs |
596 |
Example of Layer 2 ACL deny by MAC address |
597 |
Access Control List |
599 |
How the BigIron RX processes ACLs |
599 |
Disabling or re-enabling Access Control Lists (ACLs) |
600 |
Default ACL action |
600 |
Types of IP ACLs |
600 |
ACL IDs and entries |
601 |
Enabling support for additional ACL statements |
601 |
ACL-based inbound mirroring |
602 |
Considerations when configuring ACL-based inbound mirroring |
602 |
Configuring ACL-based inbound mirroring |
602 |
Creating an ACL with a mirroring clause |
602 |
Applying the ACL to an interface |
603 |
Specifying the destination mirror port |
603 |
Configuring ACL-based mirroring for ACLs bound to virtual interfaces |
605 |
Configuring numbered and named ACLs |
605 |
Configuring standard numbered ACLs |
605 |
Configuring extended numbered ACLs |
607 |
Configuring standard or extended named ACLs |
615 |
Configuring super ACLs |
618 |
Displaying ACL definitions |
620 |
Displaying of TCP/UDP numbers in ACLs |
621 |
ACL logging |
631 |
Enabling the new logging method |
632 |
Specifying the wait time |
632 |
Modifying ACLs |
632 |
Adding or deleting a comment |
634 |
Deleting ACL entries |
636 |
From numbered ACLs |
636 |
From named ACLs |
637 |
Applying ACLs to interfaces |
638 |
Reapplying modified ACLs |
638 |
ACL automatic rebind |
638 |
Manually setting the ACL rebind |
638 |
Applying ACLs to a virtual routing interface |
638 |
Configuring the Layer 4 session log timer |
639 |
Displaying ACL log entries |
639 |
QoS options for IP ACLs |
640 |
Enabling ACL duplication check |
641 |
ACL accounting |
641 |
Displaying accounting statistics for all ACLs |
641 |
Displaying statistics for an interface |
642 |
Clearing the ACL statistics |
643 |
Enabling ACL filtering of fragmented or non-fragmented packets |
644 |
ACL filtering for traffic switched within a virtual routing interface |
645 |
ICMP filtering for extended ACLs |
645 |
Troubleshooting ACLs |
647 |
Policy-Based Routing |
649 |
Policy-Based Routing (PBR) |
649 |
Configuration considerations |
649 |
Configuring a PBR policy |
650 |
Configure the ACLs |
650 |
Configure the route map |
651 |
Enabling PBR |
652 |
Configuration examples |
653 |
Basic example |
653 |
Setting the next hop |
654 |
Setting the output interface to the null interface |
655 |
Trunk formation |
655 |
Configuring IP Multicast Protocols |
657 |
Overview of IP multicasting |
657 |
Multicast terms |
657 |
Changing global IP multicast parameters |
658 |
Defining the maximum number of DVMRP cache entries |
658 |
Defining the maximum number of PIM cache entries |
658 |
IP multicast boundaries |
658 |
Configuring multicast boundaries |
659 |
Displaying multicast boundaries |
659 |
Passive Multicast Route Insertion (PMRI) |
660 |
Configuring PMRI |
660 |
Displaying hardware-drop |
660 |
Changing IGMP V1 and V2 parameters |
661 |
Modifying IGMP (V1 and V2) query interval period |
661 |
Modifying IGMP (V1 and V2) membership time |
661 |
Modifying IGMP (V1 and V2) maximum response time |
662 |
Adding an interface to a multicast group |
662 |
IGMP v3 |
663 |
Default IGMP version |
664 |
Compatibility with IGMP V1 and V2 |
664 |
Enabling the IGMP version per interface setting |
665 |
Enabling the IGMP version on a physical port within a virtual routing interface |
665 |
Setting the query interval |
667 |
Setting the group membership time |
667 |
Setting the maximum response time |
667 |
Displaying IGMPv3 information |
667 |
Clearing IGMP statistics |
671 |
IGMP V3 and source specific multicast protocols |
671 |
Configuring a static multicast route |
671 |
Next hop validation check |
673 |
PIM dense |
673 |
Initiating PIM multicasts on a network |
674 |
Pruning a multicast tree |
674 |
Grafts to a multicast tree |
676 |
PIM DM versions |
676 |
Configuring PIM DM |
677 |
Failover time in a multi-path topology |
681 |
Modifying the TTL |
681 |
PIM Sparse |
681 |
PIM Sparse router types |
682 |
RP paths and SPT paths |
683 |
Configuring PIM Sparse |
683 |
Route selection precedence for multicast |
688 |
Configuring the route precedence by specifying the route types |
688 |
Displaying the route selection |
689 |
Changing the Shortest Path Tree (SPT) threshold |
690 |
Changing the PIM join and prune message interval |
691 |
MLL optimization |
691 |
Displaying PIM Sparse configuration information and statistics |
691 |
Displaying basic PIM Sparse configuration information |
692 |
Displaying a list of multicast groups |
693 |
Displaying BSR information |
694 |
Displaying candidate RP information |
695 |
Displaying RP-to-group mappings |
696 |
Displaying RP information for a PIM Sparse group |
696 |
Displaying the RP set list |
697 |
Displaying multicast neighbor information |
697 |
Displaying information about an upstream neighbor device |
698 |
Displaying the PIM multicast cache |
699 |
Displaying PIM traffic statistics |
701 |
PIM-SSMv4 |
701 |
Enabling SSM |
702 |
Configuring Multicast Source Discovery Protocol (MSDP) |
702 |
Peer Reverse Path Forwarding (RPF) flooding |
704 |
Source active caching |
704 |
Configuring MSDP |
704 |
Enabling MSDP |
705 |
Configuring MSDP peers |
705 |
Designating an interface’s IP address as the RP’s IP address |
706 |
Filtering MSDP source-group pairs |
706 |
Filtering incoming source-active messages |
706 |
Filtering advertised source-active messages |
708 |
Displaying the differences before and after the source active filters are applied |
709 |
Configuring MSDP mesh groups |
711 |
Configuring MSDP mesh group |
712 |
Displaying summary information |
718 |
Displaying peer information |
719 |
Displaying source active cache information |
722 |
Clearing MSDP information |
722 |
Clearing peer information |
722 |
Clearing the source active cache |
723 |
Clearing MSDP statistics |
723 |
DVMRP overview |
723 |
Initiating DVMRP multicasts on a network |
724 |
Pruning a multicast tree |
724 |
Grafts to a multicast tree |
726 |
Configuring DVMRP |
727 |
Enabling DVMRP globally and on an interface |
727 |
Modifying DVMRP global parameters |
727 |
Modifying DVMRP interface parameters |
730 |
Displaying information about an upstream neighbor device |
731 |
Configuring a static multicast route |
731 |
Configuring IP multicast traffic reduction |
732 |
Enabling IP multicast traffic reduction |
733 |
Layer 2 multicast filters |
737 |
PIM SM traffic snooping |
738 |
Static IGMP membership |
742 |
Configuring RIP |
745 |
Overview of Routing Information Protocol (RIP) |
745 |
Configuring RIP parameters |
745 |
Enabling RIP |
745 |
Configuring metric parameters |
746 |
Changing the administrative distance |
746 |
Configuring redistribution |
747 |
Configuring route learning and advertising parameters |
748 |
Changing the route loop prevention method |
749 |
Suppressing RIP route advertisement on a VRRP or VRRPE backup interface |
750 |
Using prefix lists and route maps as route filters |
750 |
Setting RIP timers |
751 |
Displaying RIP filters |
752 |
Clearing the RIP routes from the routing table |
753 |
Configuring OSPF Version 2 (IPv4) |
755 |
Overview of OSPF (Open Shortest Path First) |
755 |
Designated routers in multi-access networks |
756 |
Designated router election in multi-access networks |
756 |
OSPF RFC 1583 and 2328 compliance |
758 |
Reduction of equivalent AS external LSAs |
758 |
Support for OSPF RFC 2328 appendix E |
760 |
Dynamic OSPF activation and configuration |
761 |
Configuring OSPF |
761 |
Configuration rules |
762 |
OSPF parameters |
762 |
Enable OSPF on the router |
763 |
Assign OSPF areas |
763 |
Assigning an area range (optional) |
767 |
Assigning interfaces to an area |
767 |
Modify interface defaults |
767 |
Change the timer for OSPF authentication changes |
770 |
Block flooding of outbound LSAs on specific OSPF interfaces |
771 |
Assign virtual links |
771 |
Modify virtual link parameters |
773 |
Configuring an OSPF non-broadcast interface |
774 |
OSPF point-to-point links |
775 |
Changing the reference bandwidth for the cost on OSPF interfaces |
778 |
Define redistribution filters |
779 |
Modify default metric for redistribution |
780 |
Enable route redistribution |
781 |
Disable or re-enable load sharing |
782 |
Configure external route summarization |
784 |
Configure default route origination |
785 |
Configuring a default network route |
786 |
Modify SPF timers |
787 |
Modify redistribution metric type |
787 |
Modify administrative distance |
788 |
Configure OSPF group Link State Advertisement pacing |
789 |
OSPF ABR type 3 LSA filtering |
789 |
Displaying the configured OSPF area prefix list |
792 |
Modifying OSPF traps generated |
792 |
Modify OSPF standard compliance setting |
794 |
Modify exit overflow interval |
795 |
Specify types of OSPF Syslog messages to log |
795 |
Displaying OSPF information |
796 |
Displaying general OSPF configuration information |
796 |
Displaying CPU utilization and other OSPF tasks |
797 |
Displaying OSPF area information |
799 |
Displaying OSPF neighbor information |
800 |
Displaying OSPF interface information |
801 |
Displaying OSPF route information |
803 |
Displaying OSPF external link state Information |
805 |
Displaying OSPF database link state information |
806 |
Displaying OSPF ABR and ASBR information |
807 |
Displaying OSPF trap status |
808 |
Displaying OSPF virtual neighbor and link information |
808 |
OSPF graceful restart |
810 |
Configuring BGP4 (IPv4 and IPv6) |
815 |
Overview of BGP4 |
815 |
Relationship between the BGP4 route table and the IP route table |
816 |
How BGP4 selects a path for a route |
816 |
BGP4 message types |
818 |
Brocade implementation of BGP4 |
820 |
Memory considerations |
820 |
Configuring BGP4 |
821 |
When parameter changes take effect |
825 |
Activating and disabling BGP4 |
826 |
Note regarding disabling BGP4 |
826 |
Entering and exiting the address family configuration level |
827 |
Filtering specific IP addresses |
827 |
Defining an AS-path filter |
829 |
Defining a community filter |
829 |
Configuring a switch to allow routes with its own AS number |
830 |
BGP Null0 routing |
831 |
Aggregating routes advertised to BGP4 neighbors |
835 |
Configuring the device to always compare MEDs |
835 |
Disabling or re-enabling comparison of the AS-path length |
836 |
Redistributing IBGP routes |
836 |
Disabling or re-enabling client-to-client route reflection |
837 |
Configuring a route reflector |
837 |
Enabling or disabling comparison of the router IDs |
837 |
Configuring confederations |
838 |
Configuring route flap dampening |
841 |
Originating the default route |
841 |
Changing the default local preference |
842 |
Changing the default metric used for redistribution |
842 |
Changing administrative distances |
843 |
Requiring the first AS to be the neighbor’s AS |
844 |
Neighbor local-AS |
844 |
Enabling fast external fallover |
844 |
Setting the local AS number |
845 |
Changing the maximum number of shared BGP4 paths |
845 |
Treating missing MEDs as the worst MEDs |
846 |
Customizing BGP4 load sharing |
846 |
Configuring BGP4 neighbors |
847 |
Removing route dampening from suppressed neighbor routes |
851 |
Encryption of BGP4 MD5 authentication keys |
852 |
Configuring a BGP4 peer group |
854 |
Peer group parameters |
854 |
Specifying a list of networks to advertise |
857 |
Using the IP default route as a valid next hop for a BGP4 route |
858 |
Enabling next-hop recursion |
859 |
Modifying redistribution parameters |
862 |
Using a table map to set the tag value |
865 |
Changing the keep alive time and hold time |
865 |
Changing the BGP4 next-hop update timer |
866 |
Changing the router ID |
866 |
Adding a loopback interface |
867 |
Changing the maximum number of paths for BGP4 load sharing |
867 |
Configuring route reflection parameters |
868 |
Filtering |
870 |
Filtering AS-paths |
871 |
Filtering communities |
874 |
Defining and applying IP prefix lists |
875 |
Defining neighbor distribute lists |
876 |
Defining route maps |
877 |
Configuring cooperative BGP4 route filtering |
885 |
Configuring route flap dampening |
887 |
Generating traps for BGP |
892 |
Updating route information and resetting a neighbor session |
892 |
Clearing traffic counters |
898 |
Clearing route flap dampening statistics |
899 |
Removing route flap dampening |
899 |
Clearing diagnostic buffers |
900 |
Displaying BGP4 information |
900 |
Displaying summary BGP4 information |
901 |
Displaying the active BGP4 configuration |
903 |
Displaying summary neighbor information |
903 |
Displaying BGP4 neighbor information |
905 |
Displaying peer group information |
916 |
Displaying summary route information |
916 |
Displaying the BGP4 route table |
917 |
Displaying BGP4 route-attribute entries |
923 |
Displaying the routes BGP4 has placed in the IP route table |
925 |
Displaying route flap dampening statistics |
925 |
Displaying the active route map configuration |
926 |
Generalized TTL security mechanism support |
930 |
Configuring MBGP |
933 |
Configuration considerations |
934 |
Configuring MBGP |
934 |
Setting the maximum number of multicast routes supported |
934 |
Enabling MBGP |
935 |
Adding MBGP neighbors |
935 |
Optional configuration tasks |
936 |
Displaying MBGP information |
939 |
Displaying summary MBGP information |
939 |
Displaying the active MBGP configuration |
940 |
Displaying MBGP neighbors |
941 |
Displaying MBGP routes |
942 |
Displaying the IP multicast route table |
942 |
Configuring IS-IS (IPv4) |
943 |
Relationship to IP route table |
943 |
Intermediate systems and end systems |
944 |
Domain and areas |
945 |
Level-1 routing and Level-2 routing |
945 |
Neighbors and adjacencies |
945 |
Designated IS |
945 |
IS-IS CLI levels |
947 |
Global configuration level |
947 |
Address family configuration level |
948 |
Interface level |
948 |
Configuring IPv4 IS-IS |
949 |
Enabling IS-IS globally |
949 |
Globally configuring IS-IS on a device |
950 |
Setting the overload bit |
950 |
Configuring authentication |
951 |
Changing the IS-IS Level globally |
952 |
Disabling or re-enabling display of hostname |
952 |
Changing the sequence numbers PDU interval |
952 |
Changing the maximum LSP lifetime |
953 |
Changing the LSP refresh interval |
953 |
Changing the LSP generation interval |
953 |
Changing the LSP interval and retransmit interval |
954 |
Changing the SPF timer |
954 |
Globally disabling or re-enabling hello padding |
954 |
Logging adjacency changes |
955 |
Disabling partial SPF calculations |
955 |
Configuring IPv4 address family route parameters |
956 |
Changing the metric style |
956 |
Changing the maximum number of load sharing paths |
956 |
Enabling advertisement of a default route |
956 |
Changing the administrative distance for IPv4 IS-IS |
957 |
Configuring summary addresses |
958 |
Redistributing routes into IPv4 IS-IS |
959 |
Changing the default redistribution metric |
959 |
Redistributing static IPv4 routes into IPv4 IS-IS |
960 |
Redistributing directly connected routes into IPv4 IS-IS |
960 |
Redistributing RIP routes into IPv4 IS-IS |
961 |
Redistributing OSPF routes into IPv4 IS-IS |
961 |
Redistributing BGP4+ routes into IPv4 IS-IS |
961 |
Redistributing IPv4 IS-IS routes within IPv4 IS-IS |
962 |
Configuring ISIS properties on an interface |
962 |
Disabling and enabling IS-IS on an interface |
962 |
Disabling or re-enabling formation of adjacencies |
962 |
Setting the priority for designated IS election |
963 |
Limiting access to adjacencies with a neighbor |
963 |
Changing the IS-IS level on an interface |
964 |
Disabling and enabling hello padding on an interface |
964 |
Changing the hello interval |
964 |
Changing the hello multiplier |
965 |
Changing the metric added to advertised routes |
965 |
Displaying IPv4 IS-IS information |
966 |
Displaying the IS-IS configuration in the running-config |
966 |
Displaying the name mappings |
966 |
Displaying neighbor information |
967 |
Displaying IS-IS Syslog messages |
968 |
Displaying interface information |
969 |
Displaying route information |
972 |
Displaying LSP database entries |
973 |
Displaying traffic statistics |
976 |
Displaying error statistics |
977 |
Clearing IS-IS information |
978 |
BiDirectional Forwarding Detection (BFD) |
981 |
Configuring BFD parameters |
981 |
Number of BFD sessions supported |
982 |
Disabling BFD Syslog messages |
982 |
Displaying Bidirectional Forwarding Detection information |
982 |
Displaying BFD information on a router |
982 |
Clearing BFD neighbor sessions |
986 |
Configuring BFD for the specified protocol |
987 |
Configuring BFD for OSPFv2 |
987 |
Configuring BFD for OSPFv3 |
987 |
Configuring BFD for IS-IS |
988 |
Configuring Secure Shell |
989 |
In this chapter |
989 |
Overview of Secure Shell (SSH) |
989 |
SSH version 2 support |
989 |
Supported features |
990 |
Configuring SSH |
990 |
Generating a host key pair |
991 |
Configuring DSA challenge-response authentication |
992 |
Disabling 3-DES |
997 |
Displaying SSH connection information |
997 |
Using secure copy |
998 |
Configuring Multi-Device Port Authentication |
1001 |
How multi-device port authentication works |
1001 |
RADIUS authentication |
1001 |
Authentication-failure actions |
1002 |
Supported RADIUS attributes |
1002 |
Dynamic VLAN and ACL assignments |
1002 |
Support for authenticating multiple MAC addresses on an interface |
1003 |
Support for multi-device port authentication and 802.1x on the same interface |
1003 |
Configuring multi-device port authentication |
1003 |
Enabling multi-device port authentication |
1003 |
Configuring an authentication method list for 802.1x |
1004 |
Setting RADIUS parameters |
1004 |
Specifying the format of the MAC addresses sent to the RADIUS server |
1005 |
Specifying the authentication-failure action |
1005 |
Defining MAC address filters |
1006 |
Configuring dynamic VLAN assignment |
1006 |
Specifying to which VLAN a port is moved after its RADIUS-specified VLAN assignment expires |
1009 |
Saving dynamic VLAN assignments to the running configuration file |
1010 |
Clearing authenticated MAC addresses |
1010 |
Disabling aging for authenticated MAC addresses |
1011 |
Specifying the aging time for blocked MAC addresses |
1011 |
Displaying multi-device port authentication information |
1012 |
Displaying authenticated MAC address information |
1012 |
Displaying multi-device port authentication configuration information |
1012 |
Displaying multi-device port authentication information for a specific MAC address or port |
1015 |
Displaying the authenticated MAC addresses |
1016 |
Displaying the non-authenticated MAC addresses |
1016 |
Example configurations |
1016 |
Multi-device port authentication with dynamic VLAN assignment |
1017 |
Examples of multi-device port authentication and 802.1X authentication configuration on the same port |
1019 |
Using the MAC Port Security Feature and Transparent Port Flooding |
1023 |
MAC Port Security |
1023 |
Violation actions |
1023 |
Local and global resources |
1024 |
Configuring the MAC Port Security feature |
1024 |
Enabling the MAC Port Security feature |
1024 |
Setting the maximum number of secure MAC addresses for an interface |
1025 |
Specifying static secure MAC addresses |
1026 |
Enabling dynamic MAC address learning |
1026 |
Denying specific MAC addresses |
1026 |
Autosaving secure MAC addresses to the startup-config |
1026 |
Setting the MAC Port Security age timer |
1027 |
Defining security violation actions |
1027 |
Shutdown the interface |
1028 |
Restricting interface access |
1028 |
Denying a MAC address |
1030 |
Understanding the rules for violation action configuration |
1030 |
Interaction between global and interface level violation actions |
1030 |
Changing the global violation action |
1031 |
Changing the violation action for an interface |
1031 |
Re-enabling an interface |
1032 |
Interface shutdown time |
1032 |
Manually re-enabling a interface |
1032 |
Displaying MAC Port Security information |
1032 |
Displaying MAC Port Security settings |
1032 |
Displaying the secure MAC addresses list on the device |
1033 |
Displaying MAC Port Security statistics |
1034 |
Displaying a list of MAC addresses |
1035 |
Displaying a list of secure and denied MAC addresses |
1035 |
Displaying information when violation action is restrict |
1036 |
Displaying information when violation action is deny |
1036 |
Transparent port flooding |
1037 |
Configuring 802.1x Port Security |
1039 |
Overview of 802.1x port security |
1039 |
IETF RFC support |
1039 |
How 802.1x port security works |
1039 |
Device roles in an 802.1x configuration |
1039 |
Communication between the devices |
1040 |
Controlled and uncontrolled ports |
1041 |
Message exchange during authentication |
1042 |
Authenticating multiple clients connected to the same port |
1044 |
802.1x port security and sFlow |
1046 |
Configuring 802.1x port security |
1046 |
Configuring an authentication method list for 802.1x |
1047 |
Setting RADIUS parameters |
1047 |
Configuring dynamic VLAN assignment for 802.1x ports |
1048 |
Disabling and enabling strict security mode for dynamic filter assignment |
1049 |
Dynamically applying existing ACLs or MAC address filter |
1051 |
Configuring per-user IP ACLs or MAC address filters |
1052 |
Enabling 802.1x port security |
1052 |
Setting the port control |
1053 |
Configuring periodic re-authentication |
1054 |
Re-authenticating a port manually |
1054 |
Setting the quiet period |
1055 |
Setting the interval for retransmission of EAP-request/ identity frames |
1055 |
Specifying the number of EAP-request/identity frame retransmissions |
1055 |
Specifying a timeout for retransmission of messages to the authentication server |
1056 |
Specifying a timeout for retransmission of EAP-request frames to the client |
1056 |
Initializing 802.1x on a port |
1056 |
Allowing multiple 802.1x clients to authenticate |
1056 |
Displaying 802.1x information |
1058 |
Displaying 802.1x configuration information |
1058 |
Displaying 802.1x statistics |
1060 |
Clearing 802.1x statistics |
1062 |
Displaying dynamically assigned VLAN information |
1062 |
Displaying information on MAC address filters and IP ACLs on an interface |
1063 |
Displaying information about the dot1x-mac-sessions on each port |
1064 |
Sample 802.1x configurations |
1065 |
Point-to-point configuration |
1066 |
Hub configuration |
1067 |
802.1X Authentication with dynamic VLAN assignment |
1068 |
Using multi-device port authentication and 802.1X security on the same port |
1069 |
Protecting Against Denial of Service Attacks |
1071 |
Protecting against Smurf attacks |
1071 |
Avoiding being an intermediary in a Smurf attack |
1072 |
ACL-based DOS-attack prevention |
1072 |
Protecting against TCP SYN attacks |
1073 |
TCP security enhancement |
1074 |
Displaying statistics due DoS attacks |
1075 |
Clear DoS attack statistics |
1076 |
Inspecting and Tracking DHCP Packets |
1077 |
Dynamic ARP inspection |
1077 |
ARP attacks |
1077 |
How DAI works |
1078 |
Limits and restrictions |
1079 |
Configuring DAI |
1079 |
Displaying ARP inspection status and ports |
1080 |
Displaying the ARP table |
1081 |
DHCP snooping |
1082 |
How DHCP snooping works |
1082 |
System reboot and the binding database |
1083 |
Configuring DHCP snooping |
1083 |
DHCP relay agent information (DHCP option 82) |
1084 |
Disabling option 82 processing |
1085 |
Displaying DHCP snooping status and ports |
1086 |
DHCP snooping configuration example |
1086 |
IP source guard |
1086 |
Limits and restrictions |
1087 |
Enabling IP source guard |
1087 |
Securing SNMP Access |
1089 |
Establishing SNMP community strings |
1089 |
Encryption of SNMP community strings |
1089 |
Adding an SNMP community string |
1089 |
Displaying the SNMP community strings |
1090 |
Using the user-based security model |
1091 |
Configuring your NMS |
1091 |
Configuring SNMP version 3 on the BigIron RX |
1091 |
Defining the engine ID |
1092 |
Defining an SNMP group |
1092 |
Defining an SNMP user account |
1093 |
Displaying the engine ID |
1095 |
Displaying SNMP groups |
1095 |
Displaying user information |
1096 |
Interpreting varbinds in report packets |
1096 |
Defining SNMP views |
1096 |
SNMP v3 configuration examples |
1097 |
Enabling the Foundry Discovery Protocol (FDP) and Reading Cisco Discovery Protocol (CDP) Packets |
1099 |
Using FDP |
1099 |
Configuring FDP |
1099 |
Displaying FDP information |
1100 |
Clearing FDP and CDP information |
1103 |
Reading CDP packets |
1104 |
Enabling interception of CDP packets globally |
1104 |
Enabling interception of CDP packets on an interface |
1104 |
Displaying CDP information |
1104 |
Clearing CDP information |
1106 |
Remote Network Monitoring |
1109 |
Basic management |
1109 |
Viewing system information |
1109 |
Viewing configuration information |
1109 |
Viewing port statistics |
1109 |
Viewing STP statistics |
1109 |
Clearing statistics |
1110 |
RMON support |
1110 |
Statistics (RMON group 1) |
1110 |
History (RMON group 2) |
1113 |
Alarm (RMON group 3) |
1113 |
Event (RMON group 9) |
1113 |
Configuring sFlow |
1115 |
Configuration considerations |
1115 |
Configuring and enabling sFlow |
1116 |
ACL-based inbound sFlow |
1120 |
Displaying sFlow information |
1123 |
Display sFlow configuration and statistics |
1123 |
Displaying sFlow counters |
1124 |
Clearing sFlow statistics |
1124 |
Multiple Spanning Tree Protocol (MSTP) 802.1s |
1127 |
802.1s Multiple Spanning Tree Protocol |
1127 |
Multiple spanning-tree regions |
1127 |
Configuring MSTP |
1129 |
Setting the MSTP name |
1129 |
Setting the MSTP revision number |
1129 |
Configuring an MSTP instance |
1130 |
Configuring port priority and port path cost |
1130 |
Configuring bridge priority for an MSTP instance |
1130 |
Setting the MSTP global parameters |
1131 |
Setting ports to be operational edge ports |
1131 |
Setting point-to-point link |
1131 |
Disabling MSTP on a port |
1132 |
Forcing ports to transmit an MSTP BPDU |
1132 |
Enabling MSTP on a switch |
1132 |
Displaying MSTP statistics |
1135 |
Displaying MSTP information for a specified instance |
1136 |
Displaying MSTP information for CIST instance 0 |
1137 |
Configuring IP Multicast Traffic Reduction |
1141 |
Enabling IP multicast traffic reduction |
1142 |
Changing the IGMP mode |
1143 |
Modifying the query interval |
1144 |
Modifying the age interval |
1144 |
Filtering multicast groups |
1144 |
Static IGMP membership |
1145 |
PIM SM traffic snooping |
1147 |
Application examples |
1148 |
Configuration requirements |
1149 |
Enabling PIM SM traffic snooping |
1150 |
Multicast traffic reduction per VLAN |
1151 |
Displaying IP multicast information |
1151 |
Displaying multicast information |
1151 |
Displaying IP multicast statistics |
1152 |
Clearing IP multicast statistics |
1153 |
Clearing IGMP group flows |
1153 |
IPv6 Addressing |
1155 |
IPv6 addressing |
1155 |
IPv6 address types |
1156 |
IPv6 stateless autoconfiguration |
1158 |
Configuring Basic IPv6 Connectivity |
1159 |
Enabling IPv6 routing |
1159 |
Configuring IPv6 on each router interface |
1159 |
Configuring a global or site-local IPv6 address |
1160 |
Configuring a link-local IPv6 address |
1161 |
Configuring IPv6 anycast addresses |
1162 |
Configuring the management port for an IPv6 automatic address configuration |
1162 |
IPv6 host support |
1162 |
Restricting SNMP access to an IPv6 node |
1162 |
Specifying an IPv6 SNMP trap receiver |
1163 |
Restricting web management access to an IPv6 host by specifying an IPv6 ACL |
1163 |
Restricting web management access to an IPv6 host |
1163 |
Configuring an IPv6 Syslog server |
1163 |
Configuring an IPv6 host address for a BigIron RX running a switch image |
1164 |
Configuring a global or site-local IPv6 address with a manually configured interface ID as the switch’s system-wide address |
1164 |
Configuring a global or site-local IPv6 address with an automatically computed EUI-64 interface ID as the switch’s system-wide address |
1165 |
Configuring a link-local IPv6 address as the switch’s system-wide address |
1165 |
Configuring IPv4 and IPv6 protocol stacks |
1166 |
Configuring IPv6 Domain Name Server (DNS) resolver |
1167 |
Defining a DNS entry |
1167 |
ECMP load sharing for IPv6 |
1168 |
Disabling or re-enabling ECMP load sharing for IPv6 |
1168 |
Changing the maximum number of load sharing paths for IPv6 |
1169 |
Changing the ECMP load-sharing method for IPv6 |
1169 |
DHCP relay agent for IPv6 |
1169 |
Configuring DHCP for IPv6 relay agent |
1170 |
Displaying DHCP relay information |
1170 |
Enabling support for network-based ECMP load sharing for IPv6 |
1170 |
Displaying ECMP load-sharing information for IPv6 |
1170 |
Configuring IPv6 ICMP |
1171 |
Configuring ICMP rate limiting |
1171 |
Disabling or reenabling ICMP redirect messages |
1172 |
Configuring IPv6 neighbor discovery |
1172 |
Neighbor solicitation and advertisement messages |
1173 |
Router advertisement and solicitation messages |
1174 |
Neighbor redirect messages |
1174 |
Setting neighbor solicitation parameters for duplicate address detection |
1174 |
Setting IPv6 router advertisement parameters |
1175 |
Controlling prefixes advertised in IPv6 router advertisement messages |
1176 |
Setting flags in IPv6 router advertisement messages |
1177 |
Enabling and disabling IPv6 router advertisements |
1177 |
Configuring reachable time for remote IPv6 nodes |
1178 |
Changing the IPv6 MTU |
1178 |
Configuring static neighbor entries |
1179 |
Limiting the number of hops an IPv6 packet can traverse |
1179 |
QoS for IPv6 traffic |
1180 |
Clearing global IPv6 information |
1180 |
Clearing the IPv6 cache |
1180 |
Clearing IPv6 neighbor information |
1181 |
Clearing IPv6 routes from the IPv6 route table |
1181 |
Clearing IPv6 traffic statistics |
1182 |
Deleting IPv6 session flows |
1182 |
Displaying global IPv6 information |
1182 |
Displaying IPv6 cache information |
1182 |
Displaying IPv6 interface information |
1183 |
Displaying IPv6 neighbor information |
1185 |
Displaying the IPv6 route table |
1187 |
Displaying local IPv6 routers |
1188 |
Displaying IPv6 TCP information |
1189 |
Displaying IPv6 traffic statistics |
1192 |
Configuring RIPng |
1197 |
Configuring RIPng |
1197 |
Enabling RIPng |
1197 |
Configuring RIPng timers |
1198 |
Configuring route learning and advertising parameters |
1199 |
Redistributing routes into RIPng |
1201 |
Controlling distribution of routes through RIPng |
1201 |
Configuring poison reverse parameters |
1202 |
Clearing RIPng routes from IPv6 route table |
1202 |
Displaying RIPng information |
1202 |
Displaying RIPng configuration |
1203 |
Displaying RIPng routing table |
1203 |
Configuring BGP4+ |
1205 |
Address family configuration level |
1205 |
Configuring BGP4+ |
1206 |
Enabling BGP4+ |
1207 |
Configuring BGP4+ neighbors using global or site-local IPv6 addresses |
1207 |
Adding BGP4+ neighbors using link-local addresses |
1208 |
Configuring a BGP4+ peer group |
1210 |
Advertising the default BGP4+ route |
1211 |
Importing routes into BGP4+ |
1212 |
Redistributing prefixes into BGP4+ |
1212 |
Aggregating routes advertised to BGP4 neighbors |
1213 |
Using route maps |
1214 |
Clearing BGP4+ information |
1214 |
Removing route flap dampening |
1214 |
Clearing route flap dampening statistics |
1215 |
Clearing BGP4+ local route information |
1215 |
Clearing BGP4+ neighbor information |
1215 |
Clearing and resetting BGP4+ routes in the IPv6 route table |
1218 |
Clearing traffic counters for all BGP4+ neighbors |
1219 |
Displaying BGP4+ information |
1219 |
Displaying the BGP4+ route table |
1219 |
Displaying BGP4+ route information |
1226 |
Displaying BGP4+ route-attribute entries |
1227 |
Displaying the BGP4+ running configuration |
1229 |
Displaying dampened BGP4+ paths |
1229 |
Displaying filtered-out BGP4+ routes |
1230 |
Displaying route flap dampening statistics |
1234 |
Displaying BGP4+ neighbor information |
1236 |
Displaying BGP4+ peer group configuration information |
1259 |
Displaying BGP4+ summary |
1260 |
Configuring IPv6 MBGP |
1263 |
Configuration considerations |
1263 |
Configuring IPv6 MBGP |
1263 |
Setting the maximum number of multicast routes supported |
1264 |
Enabling IPv6 MBGP |
1264 |
Adding IPv6 MBGP neighbors |
1264 |
Optional configuration tasks |
1265 |
Aggregating routes advertised to IPv6 BGP neighbors |
1268 |
Displaying IPv6 MBGP information |
1268 |
Displaying summary MBGP information |
1269 |
Displaying the Active MBGP Configuration |
1269 |
Displaying MBGP neighbors |
1270 |
Displaying MBGP routes |
1271 |
Displaying the IPv6 multicast route table |
1272 |
IPv6 Access Control Lists (ACLs) |
1273 |
IPv6 ACLs |
1273 |
Using IPv6 ACLs as input to other features |
1274 |
Configuring an IPv6 ACL |
1274 |
Example configurations |
1274 |
Default and implicit IPv6 ACL action |
1276 |
ACL syntax |
1277 |
Applying an IPv6 ACL to an interface |
1282 |
Adding TCP flags to an IPv6 ACL entry |
1282 |
Adding a comment to an IPv6 ACL entry |
1283 |
Displaying ACLs |
1284 |
Configuring OSPF Version 3 |
1285 |
OSPF version 3 |
1285 |
Link state advertisement types for OSPFv3 |
1285 |
Configuring OSPFv3 |
1286 |
Enabling OSPFv3 |
1286 |
Assigning OSPFv3 areas |
1287 |
Configuring virtual links |
1289 |
Changing the reference bandwidth for the cost on OSPFv3 interfaces |
1291 |
Redistributing routes into OSPFv3 |
1292 |
Filtering OSPFv3 routes |
1296 |
Configuring default route origination |
1298 |
Modifying shortest path first timers |
1299 |
Modifying administrative distance |
1300 |
Configuring the OSPFv3 LSA pacing interval |
1301 |
Modifying exit overflow interval |
1301 |
Modifying external link state database limit |
1301 |
Modifying OSPFv3 interface defaults |
1302 |
Disabling or reenabling event logging |
1303 |
Displaying OSPFv3 information |
1303 |
Displaying OSPFv3 area information |
1303 |
Displaying OSPFv3 database Information |
1304 |
Displaying OSPFv3 interface information |
1310 |
Displaying OSPFv3 memory usage |
1313 |
Displaying OSPFv3 neighbor information |
1314 |
Displaying routes redistributed into OSPFv3 |
1316 |
Displaying OSPFv3 route information |
1317 |
Displaying OSPFv3 SPF information |
1319 |
Displaying IPv6 OSPF virtual link information |
1322 |
Displaying OSPFv3 virtual neighbor information |
1322 |
Configuring IPv6 Multicast Features |
1325 |
IPv6 PIM sparse |
1325 |
PIM sparse router types |
1325 |
RP paths and SPT paths |
1326 |
Configuring PIM sparse |
1326 |
IPv6 PIM-sparse mode |
1327 |
Configuring IPv6 PIM-SM on a virtual routing interface |
1327 |
Passive Multicast Route Insertion (PMRI) |
1334 |
Displaying PIM sparse configuration information and statistics |
1335 |
Multicast Listener Discovery and source specific multicast protocols (MLDv2) |
1343 |
MLD version distinctions |
1344 |
Enabling MLDv2 |
1345 |
Enabling source specific multicast |
1345 |
Setting the query interval |
1345 |
Setting the maximum response time |
1346 |
Setting the last listener query count |
1346 |
Setting the last listener query interval |
1346 |
Setting the robustness |
1346 |
Setting the version |
1346 |
Specifying a port version |
1347 |
Specifying a static group |
1347 |
Setting the interface MLD version |
1347 |
Displaying MLD information |
1347 |
Displaying MLD group information |
1347 |
Displaying MLD definitions for an interface |
1348 |
Displaying MLD traffic |
1349 |
Clearing IPv6 MLD traffic |
1350 |
Embedded Rendezvous Point (RP) |
1350 |
Configuring IPv6 Routes |
1353 |
Configuring a static IPv6 route |
1353 |
Configuring a IPv6 multicast route |
1355 |
Continuous System Monitor |
1357 |
Event Type |
1358 |
Display Commands |
1361 |
Using Syslog |
1365 |
Displaying Syslog messages |
1365 |
Configuring the Syslog service |
1367 |
Displaying the Syslog configuration |
1367 |
Disabling or re-enabling Syslog |
1371 |
Specifying a Syslog server |
1371 |
Specifying an additional Syslog server |
1371 |
Disabling logging of a message level |
1372 |
Logging all CLI commands to Syslog |
1372 |
Changing the number of entries the local buffer can hold |
1373 |
Changing the log facility |
1373 |
Displaying the interface name in Syslog messages |
1374 |
Displaying TCP/UDP port numbers in Syslog messages |
1374 |
Syslog messages |
1375 |
Software Specifications |
1395 |
IEEE compliance |
1395 |
RFC compliance |
1395 |
RFC compliance - BGPv4 |
1395 |
RFC compliance - OSPF |
1396 |
RFC compliance - IS-IS |
1396 |
RFC compliance - RIP |
1396 |
RFC compliance - IP Multicast |
1396 |
RFC compliance - general protocols |
1397 |
RFC compliance - management |
1398 |
RFC compliance - IPv6 core |
1398 |
RFC compliance - IPv6 routing |
1399 |
RFC compliance - IPv6 multicast |
1399 |
RFC compliance - IPv6 transitioning |
1399 |
RFC compliance - IPv6 management |
1399 |
Internet drafts |
1399 |
NIAP-CCEVS Certification |
1401 |
NIAP-CCEVS certified Brocade equipment and Ironware releases |
1401 |
Web management access to NIAP-CCEVS certified equipment |
1401 |
Local user password changes |
1402 |
Commands That Require a Reload |
1403 |
Index to the CLI Commands |
1405 |
ACLs (IP) |
1405 |
Numbered ACL |
1405 |
Named ACL |
1406 |
Other ACL commands |
1406 |
ACLs (L2) |
1407 |
BGP4 |
1407 |
FDP/CDP |
1414 |
IP |
1414 |
Metro Ring protocol |
1417 |
IPv6 BGP4+ |
1418 |
IPv6 ACL |
1420 |
IPv6 basic connectivity |
1421 |
IPv6 multicast |
1423 |
IPv6 RIPng |
1424 |
IPv6 OSPFv3 |
1425 |
IS-IS |
1426 |
Metro Ring |
1429 |
MSTP |
1429 |
Multicast (IP) |
1430 |
Multicast (L2) |
1432 |
OSPF version 4 |
1432 |
Port parameters |
1434 |
Port-based routing |
1435 |
Quality of Service (QoS) |
1435 |
Rate limiting |
1437 |
RIP |
1437 |
RMON |
1438 |
RSTP |
1439 |
Security/Management |
1439 |
802.1x Port Security |
1439 |
Access |
1441 |
Authentication method list |
1441 |
Passwords |
1441 |
Privilege level |
1441 |
RADIUS |
1442 |
SNMP access |
1442 |
SSH access |
1443 |
SSL |
1443 |
TACACS and TACACS+ |
1443 |
Telnet access |
1444 |
TFTP access |
1444 |
User account |
1444 |
Web management access |
1444 |
DoS Protection |
1445 |
MAC authentication |
1445 |
MAC port security |
1446 |
Redundant management module |
1447 |
SNMP |
1449 |
SSH |
1450 |
sFlow |
1450 |
STP |
1451 |
SysLog messages |
1451 |
System parameters |
1452 |
Topology |
1453 |
LAG |
1454 |
UDLD |
1455 |
VLAN |
1455 |
VRRP/VRRPE |
1456 |