Section |
Page |
Contents |
3 |
About This Document |
39 |
Introduction |
39 |
Device nomenclature |
39 |
Audience |
39 |
Document conventions |
40 |
Text formatting |
40 |
Command syntax conventions |
40 |
Notes, cautions, and danger notices |
40 |
Notice to the reader |
41 |
Related publications |
41 |
Getting technical help |
41 |
Contacting Dell |
41 |
Getting Familiar with Management Applications |
43 |
Using the management port |
43 |
How the management port works |
43 |
CLI Commands for use with the management port |
44 |
Logging on through the CLI |
45 |
On-line help |
46 |
Command completion |
46 |
Scroll control |
46 |
Line editing commands |
47 |
Using stack-unit, slot number, and port number with CLI commands |
47 |
CLI nomenclature on Stackable devices |
48 |
Searching and filtering output from CLI commands |
48 |
Using special characters in regular expressions |
50 |
Creating an alias for a CLI command |
52 |
Logging on through the Web Management Interface |
53 |
Navigating the Web Management Interface |
54 |
Logging on through Brocade Network Advisor |
58 |
Configuring Basic Software Features |
59 |
Configuring basic system parameters |
60 |
Entering system administration information |
60 |
Configuring Simple Network Management Protocol (SNMP) parameters |
61 |
Disabling Syslog messages and traps for CLI access |
64 |
Cancelling an outbound Telnet session |
65 |
Specifying a Simple Network Time Protocol (SNTP) server |
65 |
Setting the system clock |
67 |
Limiting broadcast, multicast, and unknown unicast traffic |
69 |
Configuring CLI banners |
71 |
Configuring a local MAC address for Layer 2 management traffic |
74 |
Configuring basic port parameters |
74 |
Assigning a port name |
74 |
Modifying port speed and duplex mode |
75 |
Enabling auto-negotiation maximum port speed advertisement and down-shift |
75 |
Modifying port duplex mode |
78 |
Configuring MDI/MDIX |
79 |
Disabling or re-enabling a port |
80 |
Configuring flow control |
80 |
Configuring symmetric flow control on PowerConnect B-Series FCX devices |
82 |
Configuring PHY FIFO Rx and Tx depth |
86 |
Configuring the IPG on PowerConnect Stackable devices |
86 |
Enabling and disabling support for 100BaseTX |
87 |
Enabling and disabling support for 100BaseFX |
87 |
Changing the Gbps fiber negotiation mode |
88 |
Modifying port priority (QoS) |
89 |
Dynamic configuration of Voice over IP (VoIP) phones |
89 |
Configuring port flap dampening |
90 |
Port loop detection |
94 |
Operations, Administration, and Maintenance |
99 |
Overview |
99 |
Determining the software versions installed and running on a device |
100 |
Determining the flash image version running on the device |
100 |
Determining the boot image version running on the device |
101 |
Determining the image versions installed in flash memory |
101 |
Flash image verification |
101 |
Image file types |
103 |
Viewing the contents of flash files |
103 |
Using SNMP to upgrade software |
104 |
Changing the block size for TFTP file transfers |
105 |
Rebooting |
106 |
Configuration notes |
106 |
Displaying the boot preference |
106 |
Loading and saving configuration files |
107 |
Replacing the startup configuration with the running configuration |
107 |
Replacing the running configuration with the startup configuration |
108 |
Logging changes to the startup-config file |
108 |
Copying a configuration file to or from a TFTP server |
108 |
Dynamic configuration loading |
109 |
Maximum file sizes for startup-config file and running-config |
111 |
Loading and saving configuration files with IPv6 |
111 |
Using the IPv6 copy command |
111 |
Copying a file from an IPv6 TFTP server |
112 |
Using the IPv6 ncopy command |
113 |
Uploading files from an IPv6 TFTP server |
114 |
Using SNMP to save and load configuration information |
115 |
Erasing image and configuration files |
116 |
Scheduling a system reload |
116 |
Reloading at a specific time |
116 |
Reloading after a specific amount of time |
117 |
Displaying the amount of time remaining before a scheduled reload |
117 |
Canceling a scheduled reload |
117 |
Diagnostic error codes and remedies for TFTP transfers |
117 |
Testing network connectivity |
118 |
Pinging an IPv4 address |
118 |
Tracing an IPv4 route |
120 |
Software-based Licensing |
121 |
Software license terminology |
121 |
Software-based licensing overview |
122 |
How software-based licensing works |
122 |
License types |
122 |
Non-licensed features |
122 |
Licensed features and part numbers |
123 |
Licensing rules |
123 |
Configuration tasks |
125 |
Obtaining a license |
125 |
Installing a license file |
130 |
Verifying the license file installation |
130 |
Deleting a license |
130 |
Other licensing options available from the Brocade Software Portal |
131 |
Viewing software license information |
131 |
Transferring a license |
132 |
Syslog messages and trap information |
132 |
Viewing information about software licenses |
133 |
Viewing the License ID (LID) |
133 |
Viewing the license database |
134 |
Viewing software packages installed in the device |
135 |
Stackable Devices |
137 |
IronStack overview |
137 |
IronStack technology features |
137 |
Stackable models |
138 |
IronStack terminology |
138 |
Building an IronStack |
140 |
IronStack topologies |
140 |
Software requirements |
142 |
IronStack construction methods |
142 |
Scenario 1 - Configuring a three-member IronStack in a ring topology using secure-setup |
143 |
Scenario 2 - Configuring a three-member IronStack in a ring topology using the automatic setup process |
147 |
Scenario 3 - Configuring a three-member IronStack in a ring topology using the manual configuration process |
150 |
Configuring an FCX IronStack |
151 |
Configuring PowerConnect B-Series FCX stacking ports |
151 |
Configuring a default stacking port to function as a data port |
157 |
Verifying an IronStack configuration |
158 |
Managing your IronStack |
160 |
Logging in through the CLI |
160 |
Logging in through Brocade Network Advisor |
160 |
Logging in through the console port |
160 |
IronStack management MAC address |
162 |
Removing MAC address entries |
164 |
CLI command syntax |
166 |
IronStack CLI commands |
166 |
Copying the flash image to a stack unit from the Active Controller |
168 |
Reloading a stack unit |
168 |
Controlling stack topology |
168 |
Managing IronStack partitioning |
169 |
MIB support for the IronStack |
170 |
Persistent MAC address |
170 |
Unconfiguring an IronStack |
172 |
Displaying IronStack information |
173 |
Adding, removing, or replacing units in an IronStack |
189 |
Renumbering stack units |
191 |
Syslog, SNMP, and traps |
193 |
Troubleshooting an IronStack |
193 |
Troubleshooting an unsuccessful stack build |
194 |
Troubleshooting image copy issues |
195 |
Stack mismatches |
196 |
Image mismatches |
196 |
Advanced feature privileges (PowerConnect B-Series FCX ) |
196 |
Configuration mismatch |
197 |
Memory allocation failure |
198 |
Recovering from a mismatch |
198 |
Troubleshooting secure-setup |
199 |
Troubleshooting unit replacement issues |
200 |
More about IronStack technology |
200 |
Configuration, startup configuration files and stacking flash |
200 |
IronStack topologies |
201 |
Port down and aging |
201 |
Device roles and elections |
201 |
PowerConnect B-Series FCX hitless stacking |
204 |
Supported events |
205 |
Non-supported events |
205 |
Supported protocols and services |
205 |
Configuration notes and feature limitations |
207 |
What happens during a hitless stacking switchover or failover |
208 |
Standby Controller role in hitless stacking |
210 |
Support during stack formation, stack merge, and stack split |
211 |
Hitless stacking default behavior |
215 |
Hitless stacking failover |
217 |
Hitless stacking switchover |
218 |
Displaying information about hitless stacking |
225 |
Syslog messages for hitless stacking failover and switchover |
225 |
Displaying hitless stacking diagnostic information |
226 |
Monitoring Hardware Components |
231 |
Virtual cable testing |
231 |
Configuration notes |
231 |
Command syntax |
231 |
Viewing the results of the cable analysis |
232 |
Supported Fiber Optic Transceivers |
233 |
Digital optical monitoring |
234 |
Configuration limitations |
234 |
Enabling digital optical monitoring |
234 |
Setting the alarm interval |
235 |
Displaying information about installed media |
235 |
Viewing optical monitoring information |
236 |
Syslog messages |
238 |
Configuring IPv6 Management on PowerConnect B-Series FCXSwitches |
239 |
IPv6 management overview |
240 |
IPv6 addressing |
240 |
Enabling and disabling IPv6 |
241 |
IPv6 management features |
241 |
IPv6 management ACLs |
241 |
IPv6 debug |
242 |
IPv6 Web management using HTTP and HTTPS |
242 |
IPv6 logging |
243 |
Name-to-IPv6 address resolution using IPv6 DNS server |
243 |
Defining an IPv6 DNS entry |
243 |
IPv6 ping |
244 |
SNTP over IPv6 |
245 |
SNMP3 over IPv6 |
245 |
Specifying an IPv6 SNMP trap receiver |
245 |
Secure Shell, SCP, and IPv6 |
246 |
IPv6 Telnet |
246 |
IPv6 traceroute |
247 |
IPv6 management commands |
247 |
Configuring Spanning Tree Protocol (STP) Related Features |
249 |
STP overview |
249 |
Configuring standard STP parameters |
250 |
STP parameters and defaults |
250 |
Enabling or disabling the Spanning Tree Protocol (STP) |
251 |
Changing STP bridge and port parameters |
252 |
STP protection enhancement |
254 |
Displaying STP information |
256 |
Configuring STP related features |
265 |
Fast port span |
265 |
Fast Uplink Span |
267 |
802.1W Rapid Spanning Tree (RSTP) |
269 |
802.1W Draft 3 |
307 |
Single Spanning Tree (SSTP) |
311 |
STP per VLAN group |
313 |
PVST/PVST+ compatibility |
317 |
Overview of PVST and PVST+ |
318 |
VLAN tags and dual mode |
319 |
Configuring PVST+ support |
320 |
Displaying PVST+ support information |
320 |
Configuration examples |
321 |
PVRST compatibility |
324 |
BPDU guard |
324 |
Enabling BPDU protection by port |
324 |
Re-enabling ports disabled by BPDU guard |
325 |
Displaying the BPDU guard status |
325 |
Example console messages |
326 |
Root guard |
326 |
Enabling STP root guard |
327 |
Displaying the STP root guard |
327 |
Displaying the root guard by VLAN |
327 |
Error disable recovery |
328 |
Enabling error disable recovery |
328 |
Setting the recovery interval |
328 |
Displaying the error disable recovery state by interface |
329 |
Displaying the recovery state for all conditions |
329 |
Displaying the recovery state by port number and cause |
329 |
Errdisable Syslog messages |
330 |
802.1s Multiple Spanning Tree Protocol |
330 |
Multiple spanning-tree regions |
330 |
Configuration notes |
332 |
Configuring MSTP mode and scope |
332 |
Reduced occurrences of MSTP reconvergence |
333 |
Configuring additional MSTP parameters |
335 |
Configuring Basic Layer 2 Features |
347 |
About port regions |
348 |
PowerConnect B-Series FCX device port regions |
348 |
Enabling or disabling the Spanning Tree Protocol (STP) |
348 |
Modifying STP bridge and port parameters |
349 |
MAC learning rate control |
349 |
Changing the MAC age time and disabling MAC address learning |
349 |
Disabling the automatic learning of MAC addresses |
350 |
Displaying the MAC address table |
350 |
Configuring static MAC entries |
350 |
Multi-port static MAC address |
351 |
Configuring VLAN-based static MAC entries |
352 |
Clearing MAC address entries |
352 |
Flow-based MAC address learning |
353 |
Feature overview |
353 |
The benefits of flow-based learning |
353 |
How flow-based learning works |
354 |
Configuration considerations |
354 |
Configuring flow-based MAC address learning |
355 |
Displaying information about flow-based MACs |
356 |
Clearing flow-based MAC address entries |
356 |
Enabling port-based VLANs |
356 |
Assigning IEEE 802.1Q tagging to a port |
357 |
Defining MAC address filters |
358 |
Configuration notes and limitations |
358 |
Command syntax |
358 |
Enabling logging of management traffic permitted by MAC address filters |
360 |
MAC address filter override for 802.1X-enabled ports |
361 |
Locking a port to restrict addresses |
362 |
Configuration notes |
362 |
Command syntax |
362 |
Displaying and modifying system parameter default settings |
363 |
Configuration considerations |
363 |
Displaying system parameter default values |
363 |
Modifying system parameter default values |
367 |
TDynamic Buffer Allocation for an IronStack |
368 |
Generic buffer profiles on PowerConnect Stackable devices |
371 |
Remote Fault Notification (RFN) on 1G fiber connections |
371 |
Enabling and disabling remote fault notification |
372 |
Link Fault Signaling (LFS) for 10G |
372 |
Jumbo frame support |
373 |
Configuring Metro Features |
375 |
Topology groups |
375 |
Master VLAN and member VLANs |
376 |
Control ports and free ports |
376 |
Configuration considerations |
376 |
Configuring a topology group |
377 |
Displaying topology group information |
378 |
Metro Ring Protocol (MRP) |
379 |
Configuration notes |
381 |
MRP rings without shared interfaces (MRP Phase 1) |
381 |
MRP rings with shared interfaces (MRP Phase 2) |
382 |
Ring initialization |
383 |
How ring breaks are detected and healed |
388 |
Master VLANs and customer VLANs |
390 |
Configuring MRP |
391 |
Using MRP diagnostics |
394 |
Displaying MRP information |
395 |
MRP CLI example |
397 |
Virtual Switch Redundancy Protocol (VSRP) |
399 |
Configuration notes and feature limitations |
400 |
Layer 2 and Layer 3 redundancy |
401 |
Master election and failover |
401 |
VSRP-Aware security features |
406 |
VSRP parameters |
406 |
Configuring basic VSRP parameters |
409 |
Configuring optional VSRP parameters |
410 |
Displaying VSRP information |
418 |
VSRP fast start |
421 |
VSRP and MRP signaling |
422 |
Configuring Uni-Directional Link Detection (UDLD) and Protected Link Groups |
425 |
UDLD overview |
425 |
UDLD for tagged ports |
426 |
Configuration notes and feature limitations |
426 |
Enabling UDLD |
427 |
Enabling UDLD for tagged ports |
427 |
Changing the Keepalive interval |
427 |
Changing the Keepalive retries |
428 |
Displaying UDLD information |
428 |
Clearing UDLD statistics |
430 |
Protected link groups |
430 |
About active ports |
431 |
Using UDLD with protected link groups |
431 |
Configuration notes |
431 |
Creating a protected link group and assigning an active port |
432 |
Configuring Trunk Groups and Dynamic Link Aggregation |
435 |
Trunk group overview |
435 |
Trunk group connectivity to a server |
436 |
Trunk group rules |
437 |
Trunk group configuration examples |
438 |
Support for flexible trunk group membership |
440 |
Trunk group load sharing |
440 |
Configuring a trunk group |
442 |
CLI syntax for configuring consecutive ports in a trunk group |
442 |
CLI syntax for configuring non-consecutive ports in a trunk group |
443 |
Example 1: Configuring the trunk groups shown in Figure 78 |
443 |
Example 2: Configuring a trunk group that spans two Gbps Ethernet modules in a chassis device |
444 |
Example 3: Configuring a multi-slot trunk group with one port per module |
445 |
Example 4: Configuring a trunk group of 10 Gbps Ethernet ports |
445 |
Additional trunking options |
446 |
Displaying trunk group configuration information |
450 |
Viewing the first and last ports in a trunk group |
451 |
Dynamic link aggregation |
452 |
IronStack LACP trunk group configuration example |
453 |
Examples of valid LACP trunk groups |
453 |
Configuration notes and limitations |
454 |
Adaptation to trunk disappearance |
455 |
Flexible trunk eligibility |
455 |
Enabling dynamic link aggregation |
456 |
How changing the VLAN membership of a port affects trunk groups and dynamic keys |
458 |
Additional trunking options for LACP trunk ports |
458 |
Link aggregation parameters |
458 |
Displaying and determining the status of aggregate links |
463 |
Events that affect the status of ports in an aggregate link |
464 |
Displaying link aggregation and port status information |
464 |
Displaying LACP status information |
466 |
Clearing the negotiated aggregate links table |
467 |
Configuring single link LACP |
467 |
Configuration notes |
467 |
CLI syntax |
467 |
Configuring Virtual LANs (VLANs) |
469 |
VLAN overview |
469 |
Types of VLANs |
469 |
Default VLAN |
475 |
802.1Q tagging |
476 |
Spanning Tree Protocol (STP) |
479 |
Virtual routing interfaces |
479 |
VLAN and virtual routing interface groups |
481 |
Dynamic, static, and excluded port membership |
481 |
Super aggregated VLANs |
483 |
Trunk group ports and VLAN membership |
483 |
Summary of VLAN configuration rules |
484 |
Routing between VLANs |
485 |
Virtual routing interfaces (Layer 3 Switches only) |
485 |
Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) |
485 |
Dynamic port assignment (Layer 2 Switches and Layer 3 Switches) |
486 |
Assigning a different VLAN ID to the default VLAN |
486 |
Assigning different VLAN IDs to reserved VLANs 4091 and 4092 |
487 |
Assigning trunk group ports |
488 |
Configuring port-based VLANs |
488 |
Modifying a port-based VLAN |
492 |
Enable spanning tree on a VLAN |
493 |
Configuring IP subnet, IPX network and protocol-based VLANs |
494 |
Configuration example |
494 |
Configuring IP subnet, IPX network, and protocol-based VLANs within port-based VLANs |
496 |
Configuring an IPv6 protocol VLAN |
500 |
Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) |
500 |
Configuring protocol VLANs with dynamic ports |
506 |
Aging of dynamic ports |
507 |
Configuration guidelines |
508 |
Configuring an IP, IPX, or AppleTalk Protocol VLAN with Dynamic Ports |
508 |
Configuring an IP subnet VLAN with dynamic ports |
508 |
Configuring an IPX network VLAN with dynamic ports |
509 |
Configuring uplink ports within a port-based VLAN |
510 |
Configuration considerations |
510 |
Configuration syntax |
510 |
Configuring the same IP subnet address on multiple port-based VLANs |
511 |
Configuring VLAN groups and virtual routing interface groups |
514 |
Configuring a VLAN group |
514 |
Configuring a virtual routing interface group |
516 |
Displaying the VLAN group and virtual routing interface group information |
517 |
Allocating memory for more VLANs or virtual routing interfaces |
518 |
Configuring super aggregated VLANs |
519 |
Configuration notes |
522 |
Configuring aggregated VLANs |
522 |
Verifying the configuration |
523 |
Complete CLI examples |
523 |
Configuring 802.1Q-in-Q tagging |
526 |
Configuration rules |
527 |
Enabling 802.1Q-in-Q tagging |
527 |
Example configuration |
529 |
Configuring 802.1Q-in-Q tag profiles |
530 |
Configuring private VLANs |
530 |
Configuration notes |
533 |
Enabling broadcast or unknown unicast traffic to the PVLAN |
537 |
CLI example for a general PVLAN network |
538 |
CLI example for a PVLAN network with switch-switch link ports |
538 |
Dual-mode VLAN ports |
539 |
Displaying VLAN information |
542 |
Displaying VLANs in alphanumeric order |
542 |
Displaying system-wide VLAN information |
543 |
Displaying global VLAN information |
544 |
Displaying VLAN information for specific ports |
544 |
Displaying a port VLAN membership |
545 |
Displaying a port dual-mode VLAN membership |
545 |
Displaying port default VLAN IDs (PVIDs) |
545 |
Displaying PVLAN information |
546 |
Configuring GARP VLAN Registration Protocol (GVRP) |
547 |
GVRP overview |
547 |
Application examples |
548 |
Dynamic core and fixed edge |
548 |
Dynamic core and dynamic edge |
549 |
Fixed core and dynamic edge |
550 |
Fixed core and fixed edge |
550 |
VLAN names |
550 |
Configuration notes |
550 |
Configuring GVRP |
552 |
Changing the GVRP base VLAN ID |
552 |
Increasing the maximum configurable value of the Leaveall timer |
552 |
Enabling GVRP |
553 |
Disabling VLAN advertising |
553 |
Disabling VLAN learning |
554 |
Changing the GVRP timers |
554 |
Converting a VLAN created by GVRP into a statically-configured VLAN |
556 |
Displaying GVRP information |
556 |
Displaying GVRP configuration information |
557 |
Displaying GVRP VLAN information |
559 |
Displaying GVRP statistics |
561 |
Displaying CPU utilization statistics |
562 |
Displaying GVRP diagnostic information |
564 |
Clearing GVRP statistics |
564 |
CLI examples |
564 |
Dynamic core and fixed edge |
565 |
Dynamic core and dynamic edge |
566 |
Fixed core and dynamic edge |
566 |
Fixed core and fixed edge |
567 |
Configuring MAC-based VLANs |
569 |
Overview |
569 |
Static and dynamic hosts |
569 |
MAC-based VLAN feature structure |
569 |
Dynamic MAC-based VLAN |
570 |
Configuration notes and feature limitations |
571 |
Configuration example |
572 |
Configuring MAC-based VLANs |
573 |
Using MAC-based VLANs and 802.1X security on the same port |
573 |
Configuring generic and Dell vendor-specific attributes on the RADIUS server |
574 |
Aging for MAC-based VLAN |
575 |
Disabling aging for MAC-based VLAN sessions |
576 |
Configuring the maximum MAC addresses per port |
577 |
Configuring a MAC-based VLAN for a static host |
577 |
Configuring MAC-based VLAN for a dynamic host |
578 |
Configuring dynamic MAC-based VLAN |
578 |
Configuring MAC-based VLANs using SNMP |
579 |
Displaying Information about MAC-based VLANs |
579 |
Displaying the MAC-VLAN table |
579 |
Displaying the MAC-VLAN table for a specific MAC address |
579 |
Displaying allowed MAC addresses |
580 |
Displaying denied MAC addresses |
580 |
Displaying detailed MAC-VLAN data |
581 |
Displaying MAC-VLAN information for a specific interface |
583 |
Displaying MAC addresses in a MAC-based VLAN |
584 |
Displaying MAC-based VLAN logging |
585 |
Clearing MAC-VLAN information |
585 |
Sample application |
585 |
Configuring Rule-Based IP Access Control Lists (ACLs) |
589 |
ACL overview |
590 |
Types of IP ACLs |
590 |
ACL IDs and entries |
590 |
Numbered and named ACLs |
591 |
Default ACL action |
591 |
How hardware-based ACLs work |
592 |
How fragmented packets are processed |
592 |
Hardware aging of Layer 4 CAM entries |
592 |
Configuration considerations |
592 |
Configuring standard numbered ACLs |
593 |
Standard numbered ACL syntax |
593 |
Configuration example for standard numbered ACLs |
595 |
Configuring standard named ACLs |
595 |
Standard named ACL syntax |
596 |
Configuration example for standard named ACLs |
597 |
Configuring extended numbered ACLs |
598 |
Extended numbered ACL syntax |
598 |
Configuration examples for extended numbered ACLs |
602 |
Configuring extended named ACLs |
604 |
Extended named ACL syntax |
604 |
Configuration example for extended named ACLs |
608 |
Preserving user input for ACL TCP/UDP port numbers |
608 |
Managing ACL comment text |
609 |
Adding a comment to an entry in a numbered ACL |
609 |
Adding a comment to an entry in a named ACL |
610 |
Deleting a comment from an ACL entry |
610 |
Viewing comments in an ACL |
610 |
Applying an ACL to a virtual interface in a protocol- or subnet-based VLAN |
611 |
Enabling ACL logging |
612 |
Enabling strict control of ACL filtering of fragmented packets |
614 |
Enabling ACL support for switched traffic in the router image |
615 |
Enabling ACL filtering based on VLAN membership or VE port membership |
615 |
Configuration notes |
616 |
Applying an IPv4 ACL to specific VLAN members on a port (Layer 2 devices only) |
616 |
Applying an IPv4 ACL to a subset of ports on a virtual interface (Layer 3 devices only) |
617 |
Using ACLs to filter ARP packets |
618 |
Configuration considerations |
618 |
Configuring ACLs for ARP filtering |
618 |
Displaying ACL filters for ARP |
619 |
Clearing the filter count |
620 |
Filtering on IP precedence and ToS values |
620 |
TCP flags - edge port security |
620 |
QoS options for IP ACLs |
621 |
Configuration notes for PowerConnect B-Series FCX devices |
621 |
Using an IP ACL to mark DSCP values (DSCP marking) |
622 |
DSCP matching |
623 |
ACL-based rate limiting |
624 |
ACL statistics |
624 |
Using ACLs to control multicast features |
624 |
Enabling and viewing hardware usage statistics for an ACL |
624 |
Displaying ACL information |
625 |
Troubleshooting ACLs |
625 |
Policy-based routing (PBR) |
626 |
Configuring Quality of Service |
633 |
Classification |
633 |
Processing of classified traffic |
633 |
QoS for stackable devices |
637 |
QoS profile restrictions in an IronStack |
637 |
QoS behavior for trusting Layer 2 (802.1p) in an IronStack |
637 |
QoS behavior for trusting Layer 3 (DSCP) in an IronStack |
637 |
QoS behavior on port priority and VLAN priority in an IronStack |
638 |
QoS behavior for 802.1p marking in an IronStack |
638 |
QoS queues |
638 |
Assigning QoS priorities to traffic |
638 |
Changing a port priority |
639 |
Assigning static MAC entries to priority queues |
639 |
Buffer allocation/threshold for QoS queues |
640 |
802.1p priority override |
640 |
Configuration notes and feature limitations |
640 |
Enabling 802.1p priority override |
640 |
Marking |
641 |
Configuring DSCP-based QoS |
641 |
Application notes |
641 |
Using ACLs to honor DSCP-based QoS |
641 |
Configuring the QoS mappings |
642 |
Default DSCP to internal forwarding priority mappings |
642 |
Changing the DSCP to internal forwarding priority mappings |
643 |
Changing the VLAN priority 802.1p to hardware forwarding queue mappings |
644 |
8 to 4 queue mapping |
644 |
Scheduling |
645 |
QoS queuing methods |
645 |
Selecting the QoS queuing method |
647 |
Configuring the QoS queues |
647 |
Viewing QoS settings |
650 |
Viewing DSCP-based QoS settings |
650 |
Configuring Traffic Policies |
653 |
Traffic policies overview |
653 |
Configuration notes and feature limitations |
654 |
Maximum number of traffic policies supported on a device |
654 |
Setting the maximum number of traffic policies supported on a Layer 3 device |
655 |
ACL-based rate limiting using traffic policies |
655 |
Support for fixed rate limiting and adaptive rate limiting |
656 |
Configuring ACL-based fixed rate limiting |
656 |
Configuring ACL-based adaptive rate limiting |
657 |
Specifying the action to be taken for packets that are over the limit |
659 |
ACL statistics and rate limit counting |
661 |
Enabling ACL statistics |
661 |
Enabling ACL statistics with rate limiting traffic policies |
662 |
Viewing ACL and rate limit counters |
662 |
Clearing ACL and rate limit counters |
663 |
Viewing traffic policies |
664 |
Configuring Base Layer 3 and Enabling Routing Protocols |
665 |
Adding a static IP route |
665 |
Adding a static ARP entry |
666 |
Modifying and displaying layer 3 system parameter limits |
667 |
Configuration notes |
667 |
PowerConnect IPv6 models |
667 |
Displaying Layer 3 system parameter limits |
667 |
Configuring RIP |
668 |
Enabling RIP |
669 |
Enabling redistribution of IP static routes into RIP |
669 |
Enabling redistribution |
670 |
Enabling learning of default routes |
671 |
Changing the route loop prevention method |
671 |
Other layer 3 protocols |
671 |
Enabling or disabling routing protocols |
671 |
Enabling or disabling layer 2 switching |
672 |
Configuration Notes and Feature Limitations |
672 |
Command syntax |
672 |
Configuring Port Mirroring and Monitoring |
675 |
Overview |
675 |
Configuring port mirroring and monitoring |
675 |
Configuration notes |
676 |
Command syntax |
677 |
Configuring mirroring on an Ironstack |
679 |
Configuration notes |
679 |
ACL-based inbound mirroring |
680 |
Creating an ACL-based inbound mirror clause for PowerConnect B-Series FCX devices |
680 |
MAC address filter-based mirroring |
680 |
Configuring MAC address filter-based mirroring |
680 |
VLAN-based mirroring |
681 |
Configuring Rate Limiting and Rate Shaping on PowerConnect B-Series FCX Switches |
685 |
Rate limiting overview |
685 |
Rate limiting in hardware |
686 |
How Fixed rate limiting works |
686 |
Configuration notes |
687 |
Configuring a port-based rate limiting policy |
687 |
Configuring an ACL-based rate limiting policy |
687 |
Displaying the fixed rate limiting configuration |
687 |
Rate shaping overview |
688 |
Configuration notes |
688 |
Configuring outbound rate shaping for a port |
689 |
Configuring outbound rate shaping for a specific priority |
689 |
Configuring outbound rate shaping for a trunk port |
689 |
Displaying rate shaping configurations |
690 |
Configuring IP Multicast Traffic Reduction for PowerConnect B-Series FCX Switches |
691 |
IGMP snooping overview |
691 |
Configuration notes |
693 |
Configuring queriers and non-queriers |
694 |
VLAN specific configuration |
695 |
Using IGMPv2 with IGMPv3 |
695 |
PIM SM traffic snooping overview |
695 |
Application example |
695 |
Configuring IGMP snooping |
697 |
Displaying IGMP snooping information |
705 |
Displaying querier information |
710 |
Clear IGMP snooping commands |
713 |
Enabling the Foundry Discovery Protocol (FDP) and Reading Cisco Discovery Protocol (CDP) Packets |
715 |
Using FDP |
715 |
Configuring FDP |
715 |
Displaying FDP information |
717 |
Clearing FDP and CDP information |
719 |
Reading CDP packets |
720 |
Enabling interception of CDP packets globally |
720 |
Enabling interception of CDP packets on an interface |
721 |
Displaying CDP information |
721 |
Clearing CDP information |
723 |
Configuring LLDP and LLDP-MED |
725 |
Terms used in this chapter |
726 |
LLDP overview |
726 |
Benefits of LLDP |
727 |
LLDP-MED overview |
728 |
Benefits of LLDP-MED |
728 |
LLDP-MED class |
729 |
General operating principles |
729 |
Operating modes |
729 |
LLDP packets |
730 |
TLV support |
731 |
MIB support |
734 |
Syslog messages |
734 |
Configuring LLDP |
734 |
Configuration notes and considerations |
735 |
Enabling and disabling LLDP |
735 |
Enabling support for tagged LLDP packets |
736 |
Changing a port LLDP operating mode |
736 |
Specifying the maximum number of LLDP neighbors |
738 |
Enabling LLDP SNMP notifications and syslog messages |
739 |
Changing the minimum time between LLDP transmissions |
740 |
Changing the interval between regular LLDP transmissions |
740 |
Changing the holdtime multiplier for transmit TTL |
741 |
Changing the minimum time between port reinitializations |
741 |
LLDP TLVs advertised by the Dell PowerConnect device |
741 |
Configuring LLDP-MED |
749 |
Enabling LLDP-MED |
749 |
Enabling SNMP notifications and syslog messages for LLDP-MED topology changes |
750 |
Changing the fast start repeat count |
750 |
Defining a location id |
751 |
Defining an LLDP-MED network policy |
757 |
LLDP-MED attributes advertised by the Dell PowerConnect device |
759 |
Displaying LLDP statistics and configuration settings |
760 |
LLDP configuration summary |
760 |
LLDP statistics |
761 |
LLDP neighbors |
763 |
LLDP neighbors detail |
764 |
LLDP configuration details |
765 |
Resetting LLDP statistics |
767 |
Clearing cached LLDP neighbor information |
767 |
Configuring IP Multicast Protocols |
769 |
Overview of IP multicasting |
769 |
IPv4 multicast group addresses |
770 |
Mapping of IPv4 Multicast group addresses to Ethernet MAC addresses |
770 |
Supported Layer 3 multicast routing protocols |
770 |
Suppression of unregistered multicast packets |
771 |
Multicast terms |
771 |
Changing global IP multicast parameters |
771 |
Changing dynamic memory allocation for IP multicast groups |
771 |
Changing IGMP V1 and V2 parameters |
773 |
Adding an interface to a multicast group |
774 |
PIM Dense |
775 |
Initiating PIM multicasts on a network |
776 |
Pruning a multicast tree |
776 |
Grafts to a multicast Tree |
778 |
PIM DM versions |
778 |
Configuring PIM DM |
779 |
Failover time in a multi-path topology |
783 |
Modifying the TTL |
783 |
PIM Sparse |
784 |
PIM Sparse switch types |
785 |
RP paths and SPT paths |
786 |
Configuring PIM Sparse |
786 |
Displaying PIM Sparse configuration information and statistics |
792 |
PIM Passive |
804 |
Passive multicast route insertion |
805 |
Configuring an IP tunnel |
805 |
Using ACLs to control multicast features |
806 |
Using ACLs to limit static RP groups |
806 |
Using ACLs to limit PIM RP candidate advertisement |
808 |
Disabling CPU processing for select multicast groups |
809 |
CLI command syntax |
810 |
Viewing disabled multicast addresses |
810 |
Displaying the multicast configuration for another multicast router |
811 |
IGMP V3 |
812 |
Default IGMP version |
813 |
Compatibility with IGMP V1 and V2 |
813 |
Globally enabling the IGMP version |
813 |
Enabling the IGMP version per interface setting |
813 |
Enabling the IGMP version on a physical port within a virtual routing interface |
814 |
Enabling membership tracking and fast leave |
814 |
Setting the query interval |
815 |
Setting the group membership time |
815 |
Setting the maximum response time |
815 |
IGMP V3 and source specific multicast protocols |
816 |
Displaying IGMP V3 information on Layer 3 Switches |
816 |
Clearing IGMP statistics |
820 |
IGMP Proxy |
820 |
Configuration notes |
820 |
Configuring IGMP Proxy |
821 |
Displaying IGMP Proxy traffic |
821 |
IP multicast protocols and IGMP snooping on the same device |
821 |
Configuration example |
822 |
CLI commands |
823 |
Configuring IP |
825 |
Basic configuration |
826 |
Overview |
826 |
Full Layer 3 support |
826 |
IP interfaces |
827 |
IP packet flow through a Layer 3 Switch |
827 |
IP route exchange protocols |
832 |
IP multicast protocols |
832 |
IP interface redundancy protocols |
833 |
Access Control Lists and IP access policies |
833 |
Basic IP parameters and defaults – Layer 3 Switches |
833 |
When parameter changes take effect |
834 |
IP global parameters – Layer 3 Switches |
834 |
IP interface parameters – Layer 3 Switches |
838 |
Basic IP parameters and defaults – Layer 2 Switches |
839 |
IP global parameters – Layer 2 Switches |
839 |
Interface IP parameters – Layer 2 Switches |
841 |
Configuring IP parameters – Layer 3 Switches |
841 |
Configuring IP addresses |
841 |
Configuring Domain Name Server (DNS) resolver |
845 |
Configuring packet parameters |
848 |
Changing the router ID |
851 |
Configuring ARP parameters |
852 |
Configuring forwarding parameters |
857 |
Disabling ICMP messages |
859 |
Disabling ICMP Redirect Messages |
861 |
Configuring static routes |
861 |
Configuring a default network route |
870 |
Configuring IP load sharing |
871 |
Configuring IRDP |
874 |
Configuring RARP |
876 |
Configuring UDP broadcast and IP helper parameters |
878 |
Configuring BootP/DHCP relay parameters |
881 |
DHCP Server |
883 |
Displaying DHCP server information |
893 |
DHCP Client-Based Auto-Configuration and Flash image update |
896 |
Configuring IP parameters – Layer 2 Switches |
904 |
Configuring the management IP address and specifying the default gateway |
905 |
Configuring Domain Name Server (DNS) resolver |
905 |
Changing the TTL threshold |
907 |
Configuring DHCP Assist |
907 |
Displaying IP configuration information and statistics |
911 |
Changing the network mask display to prefix format |
911 |
Displaying IP information – Layer 3 Switches |
911 |
Displaying IP information – Layer 2 Switches |
925 |
Configuring Multicast Listening Discovery (MLD) Snooping on PowerConnect B-Series FCX Switches |
931 |
Overview |
931 |
Configuration notes |
933 |
Configuring queriers and non-queriers |
934 |
VLAN specific configuration |
934 |
Using MLDv1 with MLDv2 |
934 |
Configuring MLD snooping |
935 |
Configuring the hardware and software resource limits |
935 |
Disabling transmission and receipt of MLD packets on a port |
936 |
Configuring the global MLD mode |
936 |
Modifying the age interval |
936 |
Modifying the query interval (Active MLD snooping mode only) |
937 |
Configuring the global MLD version |
937 |
Configuring report control |
937 |
Modifying the wait time before stopping traffic when receiving a leave message |
938 |
Modifying the multicast cache (mcache) aging time |
938 |
Disabling error and warning messages |
938 |
Configuring the MLD mode for a VLAN |
938 |
Disabling MLD snooping for the VLAN |
939 |
Configuring the MLD version for the VLAN |
939 |
Configuring the MLD version for individual ports |
939 |
Configuring static groups to the entire VLAN or to individual ports |
939 |
Configuring static router ports |
940 |
Turning off static group proxy |
940 |
Enabling MLDv2 membership tracking and fast leave for the VLAN |
940 |
Configuring fast leave for MLDv1 |
941 |
Enabling fast convergence |
941 |
Displaying MLD snooping information |
942 |
Clear MLD snooping commands |
946 |
Configuring RIP (IPv4) |
949 |
RIP overview |
949 |
ICMP host unreachable message for undeliverable ARPs |
950 |
RIP parameters and defaults |
950 |
RIP global parameters |
950 |
RIP interface parameters |
951 |
Configuring RIP parameters |
952 |
Enabling RIP |
952 |
Configuring metric parameters |
952 |
Changing the administrative distance |
953 |
Configuring redistribution |
954 |
Configuring route learning and advertising parameters |
956 |
Changing the route loop prevention method |
957 |
Suppressing RIP route advertisement on a VRRP or VRRPE backup interface |
958 |
Configuring RIP route filters |
958 |
Displaying RIP filters |
959 |
Displaying CPU utilization statistics |
960 |
Configuring OSPF Version 2 (IPv4) |
963 |
Overview of OSPF |
964 |
OSPF point-to-point links |
965 |
Designated routers in multi-access networks |
966 |
Designated router election in multi-access networks |
966 |
OSPF RFC 1583 and 2178 compliance |
967 |
Reduction of equivalent AS External LSAs |
968 |
Support for OSPF RFC 2328 Appendix E |
970 |
Dynamic OSPF activation and configuration |
971 |
Dynamic OSPF memory |
972 |
OSPF graceful restart |
972 |
Configuring OSPF |
972 |
Configuration rules |
973 |
OSPF parameters |
973 |
Enabling OSPF on the router |
974 |
Assigning OSPF areas |
975 |
Assigning an area range (optional) |
979 |
Assigning interfaces to an area |
979 |
Modifying interface defaults |
979 |
Changing the timer for OSPF authentication changes |
982 |
Block flooding of outbound LSAs on specific OSPF interfaces |
983 |
Configuring an OSPF non-broadcast interface |
983 |
Assigning virtual links |
984 |
Modifying virtual link parameters |
986 |
Changing the reference bandwidth for the cost on OSPF interfaces |
988 |
Defining redistribution filters |
989 |
Preventing specific OSPF routes from being installed in the IP route table |
992 |
Modifying the default metric for redistribution |
995 |
Enabling route redistribution |
995 |
Disabling or re-enabling load sharing |
997 |
Configuring external route summarization |
998 |
Configuring default route origination |
999 |
Modifying SPF timers |
1000 |
Modifying the redistribution metric type |
1001 |
Modifying the administrative distance |
1001 |
Configuring OSPF group Link State Advertisement (LSA) pacing |
1002 |
Modifying OSPF traps generated |
1003 |
Specifying the types of OSPF Syslog messages to log |
1004 |
Modifying the OSPF standard compliance setting |
1004 |
Modifying the exit overflow interval |
1004 |
Configuring an OSPF point-to-point link |
1005 |
Configuring OSPF graceful restart |
1005 |
Clearing OSPF information |
1006 |
Clearing OSPF neighbor information |
1007 |
Clearing OSPF topology information |
1007 |
Clearing redistributed routes from the OSPF routing table |
1007 |
Clearing information for OSPF areas |
1008 |
Displaying OSPF information |
1008 |
Displaying general OSPF configuration information |
1009 |
Displaying CPU utilization statistics |
1010 |
Displaying OSPF area information |
1011 |
Displaying OSPF neighbor information |
1011 |
Displaying OSPF interface information |
1013 |
Displaying OSPF route information |
1015 |
Displaying OSPF external link state information |
1017 |
Displaying OSPF link state information |
1018 |
Displaying the data in an LSA |
1018 |
Displaying OSPF virtual neighbor information |
1019 |
Displaying OSPF virtual link information |
1019 |
Displaying OSPF ABR and ASBR information |
1019 |
Displaying OSPF trap status |
1020 |
Displaying OSPF graceful restart information |
1020 |
Configuring BGP4 (IPv4) |
1023 |
Overview of BGP4 |
1024 |
Relationship between the BGP4 route table and the IP route table |
1024 |
How BGP4 selects a path for a route |
1025 |
BGP4 message types |
1027 |
BGP4 graceful restart |
1029 |
Basic configuration and activation for BGP4 |
1029 |
Note regarding disabling BGP4 |
1030 |
BGP4 parameters |
1030 |
When parameter changes take effect |
1031 |
Memory considerations |
1033 |
Memory configuration options obsoleted by dynamic memory |
1033 |
Basic configuration tasks |
1034 |
Enabling BGP4 on the router |
1034 |
Changing the router ID |
1034 |
Setting the local AS number |
1035 |
Adding a loopback interface |
1035 |
Adding BGP4 neighbors |
1035 |
Adding a BGP4 peer group |
1042 |
Optional configuration tasks |
1046 |
Changing the Keep Alive Time and Hold Time |
1046 |
Changing the BGP4 next-hop update timer |
1047 |
Enabling fast external fallover |
1047 |
Changing the maximum number of paths for BGP4 load sharing |
1048 |
Customizing BGP4 load sharing |
1049 |
Specifying a list of networks to advertise |
1050 |
Changing the default local preference |
1051 |
Using the IP default route as a valid next hop for a BGP4 route |
1052 |
Advertising the default route |
1052 |
Changing the default MED (Metric) used for route redistribution |
1052 |
Enabling next-hop recursion |
1053 |
Changing administrative distances |
1056 |
Requiring the first AS to be the neighbor AS |
1057 |
Disabling or re-enabling comparison of the AS-Path length |
1057 |
Enabling or disabling comparison of the router IDs |
1058 |
Configuring the Layer 3 Switch to always compare Multi-Exit Discriminators (MEDs) |
1058 |
Treating missing MEDs as the worst MEDs |
1059 |
Configuring route reflection parameters |
1059 |
Configuration notes |
1063 |
Aggregating routes advertised to BGP4 neighbors |
1066 |
Configuring BGP4 graceful restart |
1067 |
Configuring BGP4 graceful restart |
1067 |
Configuring timers for BGP4 graceful restart (optional) |
1067 |
BGP null0 routing |
1068 |
Configuration steps |
1069 |
Configuration examples |
1070 |
Show commands |
1071 |
Modifying redistribution parameters |
1072 |
Redistributing connected routes |
1073 |
Redistributing RIP routes |
1073 |
Redistributing OSPF external routes |
1073 |
Redistributing static routes |
1074 |
Disabling or re-enabling re-advertisement of all learned BGP4 routes to all BGP4 neighbors |
1074 |
Redistributing IBGP routes into RIP and OSPF |
1075 |
Filtering |
1075 |
Filtering specific IP addresses |
1075 |
Filtering AS-paths |
1077 |
Filtering communities |
1080 |
Defining IP prefix lists |
1083 |
Defining neighbor distribute lists |
1084 |
Defining route maps |
1084 |
Using a table map to set the rag value |
1092 |
Configuring cooperative BGP4 route filtering |
1093 |
Configuring route flap dampening |
1096 |
Globally configuring route flap dampening |
1097 |
Using a route map to configure route flap dampening for specific routes |
1097 |
Using a route map to configure route flap dampening for a specific neighbor |
1098 |
Removing route dampening from a route |
1099 |
Removing route dampening from a neighbor routes suppressed due to aggregation |
1099 |
Displaying and clearing route flap dampening statistics |
1101 |
Generating traps for BGP |
1102 |
Displaying BGP4 information |
1103 |
Displaying summary BGP4 information |
1103 |
Displaying the active BGP4 configuration |
1106 |
Displaying CPU utilization statistics |
1106 |
Displaying summary neighbor information |
1108 |
Displaying BGP4 neighbor information |
1109 |
Displaying peer group information |
1120 |
Displaying summary route information |
1121 |
Displaying the BGP4 route table |
1122 |
Displaying BGP4 route-attribute entries |
1128 |
Displaying the routes BGP4 has placed in the IP route table |
1129 |
Displaying route flap dampening statistics |
1130 |
Displaying the active route map configuration |
1131 |
Displaying BGP4 graceful restart neighbor information |
1132 |
Updating route information and resetting a neighbor session |
1132 |
Using soft reconfiguration |
1133 |
Dynamically requesting a route refresh from a BGP4 neighbor |
1135 |
Closing or resetting a neighbor session |
1138 |
Clearing and resetting BGP4 routes in the IP route table |
1139 |
Clearing traffic counters |
1139 |
Clearing route flap dampening statistics |
1140 |
Removing route flap dampening |
1140 |
Clearing diagnostic buffers |
1140 |
Configuring VRRP and VRRPE |
1143 |
Overview |
1143 |
Overview of VRRP |
1144 |
Overview of VRRPE |
1148 |
Configuration note |
1151 |
Comparison of VRRP and VRRPE |
1151 |
VRRP |
1151 |
VRRPE |
1151 |
Architectural differences |
1151 |
VRRP and VRRPE parameters |
1152 |
Configuring basic VRRP parameters |
1155 |
Configuring the Owner |
1155 |
Configuring a Backup |
1155 |
Configuration rules for VRRP |
1155 |
Configuring basic VRRPE parameters |
1155 |
Configuration rules for VRRPE |
1156 |
Note regarding disabling VRRP or VRRPE |
1156 |
Configuring additional VRRP and VRRPE parameters |
1156 |
Forcing a Master router to abdicate to a standby router |
1163 |
Displaying VRRP and VRRPE information |
1164 |
Displaying summary information |
1164 |
Displaying detailed information |
1165 |
Displaying statistics |
1170 |
Clearing VRRP or VRRPE statistics |
1172 |
Displaying CPU utilization statistics |
1172 |
Configuration examples |
1173 |
VRRP example |
1173 |
VRRPE example |
1174 |
Securing Access to Management Functions |
1177 |
Securing access methods |
1177 |
Restricting remote access to management functions |
1179 |
Using ACLs to restrict remote access |
1180 |
Defining the console idle time |
1182 |
Restricting remote access to the device to specific IP addresses |
1183 |
Restricting access to the device based on IP or MAC address |
1184 |
Defining the Telnet idle time |
1185 |
Changing the login timeout period for Telnet sessions |
1185 |
Specifying the maximum number of login attempts for Telnet access |
1186 |
Changing the login timeout period for Telnet sessions |
1186 |
Restricting remote access to the device to specific VLAN IDs |
1186 |
Designated VLAN for Telnet management sessions to a Layer 2 Switch |
1187 |
Device management security |
1188 |
Disabling specific access methods |
1190 |
Setting passwords |
1191 |
Setting a Telnet password |
1191 |
Setting passwords for management privilege levels |
1192 |
Recovering from a lost password |
1194 |
Displaying the SNMP community string |
1195 |
Disabling password encryption |
1195 |
Specifying a minimum password length |
1195 |
Setting up local user accounts |
1196 |
Enhancements to username and password |
1196 |
Configuring a local user account |
1200 |
Create password option |
1202 |
Changing a local user password |
1203 |
Configuring SSL security for the Web Management Interface |
1203 |
Enabling the SSL server on the Dell PowerConnect device |
1203 |
Changing the SSL server certificate key size |
1204 |
Support for SSL digital certificates larger than 2048 bytes |
1204 |
Importing digital certificates and RSA private key files |
1204 |
Generating an SSL certificate |
1205 |
Configuring TACACS/TACACS+ security |
1205 |
How TACACS+ differs from TACACS |
1206 |
TACACS/TACACS+ authentication, authorization, and accounting |
1206 |
TACACS authentication |
1208 |
TACACS/TACACS+ configuration considerations |
1211 |
Enabling TACACS |
1212 |
Identifying the TACACS/TACACS+ servers |
1212 |
Specifying different servers for individual AAA functions |
1213 |
Setting optional TACACS/TACACS+ parameters |
1214 |
Configuring authentication-method lists for TACACS/TACACS+ |
1215 |
Configuring TACACS+ authorization |
1217 |
Configuring TACACS+ accounting |
1220 |
Configuring an interface as the source for all TACACS/TACACS+ packets |
1221 |
Displaying TACACS/TACACS+ statistics and configuration information |
1222 |
Configuring RADIUS security |
1223 |
RADIUS authentication, authorization, and accounting |
1223 |
RADIUS configuration considerations |
1226 |
RADIUS configuration procedure |
1227 |
Configuring Dell-specific attributes on the RADIUS server |
1227 |
Enabling SNMP to configure RADIUS |
1229 |
Identifying the RADIUS server to the Dell PowerConnect device |
1230 |
Specifying different servers for individual AAA functions |
1230 |
Configuring a RADIUS server per port |
1231 |
Mapping a RADIUS server to individual ports |
1232 |
Setting RADIUS parameters |
1232 |
Configuring authentication-method lists for RADIUS |
1234 |
Configuring RADIUS authorization |
1236 |
Configuring RADIUS accounting |
1237 |
Configuring an interface as the source for all RADIUS packets |
1238 |
Displaying RADIUS configuration information |
1238 |
Configuring authentication-method lists |
1240 |
Configuration considerations for authentication- method lists |
1241 |
Examples of authentication-method lists |
1241 |
TCP Flags - edge port security |
1243 |
Using TCP Flags in combination with other ACL features |
1244 |
Configuring SSH2 and SCP |
1245 |
SSH version 2 support |
1245 |
Tested SSH2 clients |
1246 |
Supported features |
1246 |
Unsupported features |
1246 |
AES encryption for SSH2 |
1247 |
Configuring SSH2 |
1247 |
Recreating SSH keys |
1248 |
Generating a host key pair |
1248 |
Configuring DSA challenge-response authentication |
1249 |
Setting optional parameters |
1251 |
Setting the number of SSH authentication retries |
1252 |
Deactivating user authentication |
1252 |
Enabling empty password logins |
1252 |
Setting the SSH port number |
1253 |
Setting the SSH login timeout value |
1253 |
Designating an interface as the source for all SSH packets |
1253 |
Configuring the maximum idle time for SSH sessions |
1253 |
Filtering SSH access using ACLs |
1254 |
Terminating an active SSH connection |
1254 |
Displaying SSH connection information |
1254 |
Using Secure copy with SSH2 |
1255 |
Enabling and disabling SCP |
1255 |
Configuration notes |
1256 |
Example file transfers using SCP |
1256 |
Configuring 802.1X Port Security |
1259 |
IETF RFC support |
1259 |
How 802.1X port security works |
1260 |
Device roles in an 802.1X configuration |
1260 |
Communication between the devices |
1261 |
Controlled and uncontrolled ports |
1261 |
Message exchange during authentication |
1262 |
Authenticating multiple hosts connected to the same port |
1265 |
802.1X port security and sFlow |
1268 |
802.1X accounting |
1268 |
Configuring 802.1X port security |
1269 |
Configuring an authentication method list for 802.1X |
1269 |
Setting RADIUS parameters |
1270 |
Configuring dynamic VLAN assignment for 802.1X ports |
1272 |
Dynamically applying IP ACLs and MAC address filters to 802.1X ports |
1276 |
Enabling 802.1X port security |
1279 |
Setting the port control |
1280 |
Configuring periodic re-authentication |
1281 |
Re-authenticating a port manually |
1281 |
Setting the quiet period |
1282 |
Specifying the wait interval and number of EAP-request/ identity frame retransmissions from the Dell PowerConnect device |
1282 |
Specifying the wait interval and number of EAP-request/ identity frame retransmissions from the RADIUS server |
1283 |
Specifying a timeout for retransmission of messages to the authentication server |
1284 |
Initializing 802.1X on a port |
1284 |
Allowing access to multiple hosts |
1284 |
Defining MAC address filters for EAP frames |
1287 |
Configuring VLAN access for non-EAP-capable clients |
1287 |
Configuring 802.1X accounting |
1288 |
802.1X Accounting attributes for RADIUS |
1288 |
Enabling 802.1X accounting |
1289 |
Displaying 802.1X information |
1289 |
Displaying 802.1X configuration information |
1289 |
Displaying 802.1X statistics |
1292 |
Clearing 802.1X statistics |
1293 |
Displaying dynamically assigned VLAN information |
1293 |
Displaying information about dynamically applied MAC address filters and IP ACLs |
1294 |
Displaying 802.1X multiple-host authentication information |
1297 |
Sample 802.1X configurations |
1300 |
Point-to-point configuration |
1301 |
Hub configuration |
1302 |
802.1X Authentication with dynamic VLAN assignment |
1303 |
Using multi-device port authentication and 802.1X security on the same port |
1304 |
Using the MAC Port Security Feature |
1305 |
Overview |
1305 |
Local and global resources |
1306 |
Configuration notes and feature limitations |
1306 |
Configuring the MAC port security feature |
1306 |
Enabling the MAC port security feature |
1307 |
Setting the maximum number of secure MAC addresses for an interface |
1307 |
Setting the port security age timer |
1307 |
Specifying secure MAC addresses |
1308 |
Autosaving secure MAC addresses to the startup-config file |
1308 |
Specifying the action taken when a security violation occurs |
1309 |
Clearing port security statistics |
1310 |
Clearing restricted MAC addresses |
1310 |
Clearing violation statistics |
1310 |
Displaying port security information |
1310 |
Displaying port security settings |
1311 |
Displaying the secure MAC addresses |
1311 |
Displaying port security statistics |
1312 |
Displaying restricted MAC addresses on a port |
1313 |
Configuring Multi-Device Port Authentication |
1315 |
How multi-device port authentication works |
1316 |
RADIUS authentication |
1316 |
Authentication-failure actions |
1316 |
Supported RADIUS attributes |
1317 |
Support for dynamic VLAN assignment |
1317 |
Support for dynamic ACLs |
1317 |
Support for authenticating multiple MAC addresses on an interface |
1317 |
Support for source guard protection |
1318 |
Using multi-device port authentication and 802.1X security on the same port |
1318 |
Configuring Dell-specific attributes on the RADIUS server |
1319 |
Configuring multi-device port authentication |
1320 |
Enabling multi-device port authentication |
1320 |
Specifying the format of the MAC addresses sent to the RADIUS server |
1321 |
Specifying the authentication-failure action |
1321 |
Generating traps for multi-device port authentication |
1322 |
Defining MAC address filters |
1322 |
Configuring dynamic VLAN assignment |
1322 |
Dynamically applying IP ACLs to authenticated MAC addresses |
1325 |
Enabling source guard protection |
1328 |
Clearing authenticated MAC addresses |
1329 |
Disabling aging for authenticated MAC addresses |
1330 |
Changing the hardware aging period for blocked MAC addresses |
1330 |
Specifying the aging time for blocked MAC addresses |
1331 |
Specifying the RADIUS timeout action |
1331 |
Multi-device port authentication password override |
1333 |
Limiting the number of authenticated MAC addresses |
1333 |
Displaying multi-device port authentication information |
1333 |
Displaying authenticated MAC address information |
1334 |
Displaying multi-device port authentication configuration information |
1334 |
Displaying multi-device port authentication information for a specific MAC address or port |
1335 |
Displaying the authenticated MAC addresses |
1336 |
Displaying the non-authenticated MAC addresses |
1336 |
Displaying multi-device port authentication information for a port |
1337 |
Displaying multi-device port authentication settings and authenticated MAC addresses |
1337 |
Displaying the MAC authentication table for PowerConnect B-Series FCX devices |
1340 |
Example configurations |
1341 |
Multi-device port authentication with dynamic VLAN assignment |
1342 |
Examples of multi-device port authentication and 802.1X authentication configuration on the same port |
1344 |
Configuring Web Authentication |
1349 |
Overview |
1349 |
Configuration considerations |
1350 |
Configuration tasks |
1351 |
Enabling and disabling web authentication |
1353 |
Configuring the web authentication mode |
1353 |
Using local user databases |
1354 |
Using passcodes |
1357 |
Using automatic authentication |
1362 |
Configuring web authentication options |
1362 |
Enabling RADIUS accounting for web authentication |
1362 |
Changing the login mode (HTTPS or HTTP) |
1363 |
Specifying trusted ports |
1363 |
Specifying hosts that are permanently authenticated |
1363 |
Configuring the re-authentication period |
1364 |
Defining the web authentication cycle |
1364 |
Limiting the number of web authentication attempts |
1364 |
Clearing authenticated hosts from the web authentication table |
1365 |
Setting and clearing the block duration for web authentication attempts |
1365 |
Manually blocking and unblocking a specific host |
1365 |
Limiting the number of authenticated hosts |
1366 |
Filtering DNS queries |
1366 |
Forcing re-authentication when ports are down |
1366 |
Forcing re-authentication after an inactive period |
1367 |
Defining the web authorization redirect address |
1367 |
Deleting a web authentication VLAN |
1368 |
Web authentication pages |
1368 |
Displaying web authentication information |
1375 |
Displaying the web authentication configuration |
1375 |
Displaying a list of authenticated hosts |
1377 |
Displaying a list of hosts attempting to authenticate |
1378 |
Displaying a list of blocked hosts |
1378 |
Displaying a list of local user databases |
1379 |
Displaying a list of users in a local user database |
1379 |
Displaying passcodes |
1380 |
Protecting Against Denial of Service Attacks |
1381 |
Protecting against Smurf attacks |
1381 |
Avoiding being an intermediary in a Smurf attack |
1382 |
Avoiding being a victim in a Smurf attack |
1382 |
Protecting against TCP SYN attacks |
1383 |
TCP security enhancement |
1384 |
Displaying statistics about packets dropped because of DoS attacks |
1385 |
Inspecting and Tracking DHCP Packets |
1387 |
Dynamic ARP inspection |
1387 |
ARP poisoning |
1387 |
How DAI works |
1388 |
Configuration notes and feature limitations |
1389 |
Configuring DAI |
1389 |
Displaying ARP inspection status and ports |
1391 |
Displaying the ARP table |
1391 |
DHCP snooping |
1391 |
How DHCP snooping works |
1392 |
System reboot and the binding database |
1393 |
Configuration notes and feature limitations |
1393 |
Configuring DHCP snooping |
1393 |
Clearing the DHCP binding database |
1394 |
Displaying DHCP snooping status and ports |
1395 |
Displaying the DHCP snooping binding database |
1395 |
Displaying DHCP binding entry and status |
1395 |
DHCP snooping configuration example |
1395 |
DHCP relay agent information (DHCP Option 82) |
1396 |
Configuration notes |
1397 |
DHCP Option 82 sub-options |
1397 |
Configuring DHCP option 82 |
1399 |
Viewing information about DHCP option 82 processing |
1401 |
IP source guard |
1402 |
Configuration notes and feature limitations |
1403 |
Enabling IP source guard on a port |
1404 |
Defining static IP source bindings |
1404 |
Enabling IP source guard per-port-per-VLAN |
1405 |
Enabling IP source guard on a VE |
1405 |
Displaying learned IP addresses |
1405 |
Securing SNMP Access |
1407 |
SNMP overview |
1407 |
Establishing SNMP community strings |
1408 |
Encryption of SNMP community strings |
1408 |
Adding an SNMP community string |
1408 |
Displaying the SNMP community strings |
1410 |
Using the user-based security model |
1411 |
Configuring your NMS |
1411 |
Configuring SNMP version 3 on Dell PowerConnect devices |
1411 |
Defining the engine id |
1412 |
Defining an SNMP group |
1412 |
Defining an SNMP user account |
1413 |
Defining SNMP views |
1415 |
SNMP version 3 traps |
1416 |
Defining an SNMP group and specifying which view is notified of traps |
1416 |
Defining the UDP port for SNMP v3 traps |
1417 |
Trap MIB changes |
1417 |
Specifying an IPv6 host as an SNMP trap receiver |
1418 |
SNMP v3 over IPv6 |
1418 |
Specifying an IPv6 host as an SNMP trap receiver |
1418 |
Viewing IPv6 SNMP server addresses |
1418 |
Displaying SNMP Information |
1419 |
Displaying the Engine ID |
1419 |
Displaying SNMP groups |
1419 |
Displaying user information |
1420 |
Interpreting varbinds in report packets |
1420 |
SNMP v3 Configuration examples |
1421 |
Simple SNMP v3 configuration |
1421 |
More detailed SNMP v3 configuration |
1421 |
Using Syslog |
1423 |
Overview |
1423 |
Displaying Syslog messages |
1424 |
Enabling real-time display of Syslog messages |
1425 |
Enabling real-time display for a Telnet or SSH session |
1425 |
Show log on all terminals |
1425 |
Configuring the Syslog service |
1425 |
Displaying the Syslog configuration |
1426 |
Disabling or re-enabling Syslog |
1429 |
Specifying a Syslog server |
1430 |
Specifying an additional Syslog server |
1430 |
Disabling logging of a message level |
1430 |
Changing the number of entries the local buffer can hold |
1431 |
Changing the log facility |
1431 |
Displaying Interface names in Syslog messages |
1432 |
Displaying TCP or UDP port numbers in Syslog messages |
1432 |
Retaining Syslog messages after a soft reboot |
1433 |
Clearing the Syslog messages from the local buffer |
1433 |
Syslog messages |
1433 |
Network Monitoring |
1459 |
Basic management |
1459 |
Viewing system information |
1459 |
Viewing configuration information |
1460 |
Viewing port statistics |
1461 |
Viewing STP statistics |
1463 |
Clearing statistics |
1463 |
Viewing egress queue counters on PowerConnect B-Series FCX devices |
1464 |
RMON support |
1465 |
Maximum number of entries allowed in the RMON control table |
1465 |
Statistics (RMON group 1) |
1466 |
History (RMON group 2) |
1468 |
Alarm (RMON group 3) |
1468 |
Event (RMON group 9) |
1468 |
sFlow |
1469 |
sFlow version 5 |
1469 |
sFlow support for IPv6 packets |
1470 |
Configuration considerations |
1471 |
Configuring and enabling sFlow |
1472 |
Configuring sFlow version 5 features |
1478 |
Displaying sFlow information |
1481 |
Configuring a utilization list for an uplink port |
1484 |
Command syntax |
1485 |
Displaying utilization percentages for an uplink |
1485 |
Software Specifications |
1487 |
IEEE compliance |
1487 |
RFC support |
1487 |