Home » Dell Manuals » Hubs & Switches » Dell PowerConnect FCS624S » Manual Viewer

Dell PowerConnect FCS624S Configuration Guide - Page 1265

Authenticating multiple hosts connected to the same port, EAP pass-through support

View all Dell PowerConnect FCS624S manuals

Add to My Manuals
Save this manual to your list of manuals

Page 1265 highlights

How 802.1X port security works 34 EAP pass-through support EAP pass-through is supported on PowerConnect devices that have 802.1X enabled. EAP pass-through support is fully compliant with RFC 3748, in which, by default, compliant pass-through authenticator implementations forward EAP challenge request packets of any type, including those listed in the previous section. Configuration notes • If the 802.1X supplicant or authentication server will be sending packets that are greater than 1500 MTU, you should configure the device to accommodate a bigger buffer size. Support for RADIUS user-name attribute in access-accept messages Dell 802.1X-enabled ports support the RADIUS User-name (type 1) attribute in the Access-Accept message returned during 802.1X authentication. This feature is useful when the client/supplicant does not provide its user-name in the EAP-response/identity frame, and the username is key to providing useful information. For example, when the User-name attribute is sent in the Access-Accept message, it is then available for display in sFlow sample messages sent to a collector, and in the output of some show dot1x CLI commands, such as show dot1x mac-sessions. To enable this feature, add the following attribute on the RADIUS server. Attribute name User-name Type Value 1 (string) Authenticating multiple hosts connected to the same port Dell PowerConnect devices support 802.1X authentication for ports with more than one host connected to them. Figure 157 illustrates a sample configuration where multiple hosts are connected to a single 802.1X port. PowerConnect B-Series FCX Configuration Guide 53-1002266-01 1223

Section	Page
Contents	3
About This Document	39
Introduction	39
Device nomenclature	39
Audience	39
Document conventions	40
Text formatting	40
Command syntax conventions	40
Notes, cautions, and danger notices	40
Notice to the reader	41
Related publications	41
Getting technical help	41
Contacting Dell	41
Getting Familiar with Management Applications	43
Using the management port	43
How the management port works	43
CLI Commands for use with the management port	44
Logging on through the CLI	45
On-line help	46
Command completion	46
Scroll control	46
Line editing commands	47
Using stack-unit, slot number, and port number with CLI commands	47
CLI nomenclature on Stackable devices	48
Searching and filtering output from CLI commands	48
Using special characters in regular expressions	50
Creating an alias for a CLI command	52
Logging on through the Web Management Interface	53
Navigating the Web Management Interface	54
Logging on through Brocade Network Advisor	58
Configuring Basic Software Features	59
Configuring basic system parameters	60
Entering system administration information	60
Configuring Simple Network Management Protocol (SNMP) parameters	61
Disabling Syslog messages and traps for CLI access	64
Cancelling an outbound Telnet session	65
Specifying a Simple Network Time Protocol (SNTP) server	65
Setting the system clock	67
Limiting broadcast, multicast, and unknown unicast traffic	69
Configuring CLI banners	71
Configuring a local MAC address for Layer 2 management traffic	74
Configuring basic port parameters	74
Assigning a port name	74
Modifying port speed and duplex mode	75
Enabling auto-negotiation maximum port speed advertisement and down-shift	75
Modifying port duplex mode	78
Configuring MDI/MDIX	79
Disabling or re-enabling a port	80
Configuring flow control	80
Configuring symmetric flow control on PowerConnect B-Series FCX devices	82
Configuring PHY FIFO Rx and Tx depth	86
Configuring the IPG on PowerConnect Stackable devices	86
Enabling and disabling support for 100BaseTX	87
Enabling and disabling support for 100BaseFX	87
Changing the Gbps fiber negotiation mode	88
Modifying port priority (QoS)	89
Dynamic configuration of Voice over IP (VoIP) phones	89
Configuring port flap dampening	90
Port loop detection	94
Operations, Administration, and Maintenance	99
Overview	99
Determining the software versions installed and running on a device	100
Determining the flash image version running on the device	100
Determining the boot image version running on the device	101
Determining the image versions installed in flash memory	101
Flash image verification	101
Image file types	103
Viewing the contents of flash files	103
Using SNMP to upgrade software	104
Changing the block size for TFTP file transfers	105
Rebooting	106
Configuration notes	106
Displaying the boot preference	106
Loading and saving configuration files	107
Replacing the startup configuration with the running configuration	107
Replacing the running configuration with the startup configuration	108
Logging changes to the startup-config file	108
Copying a configuration file to or from a TFTP server	108
Dynamic configuration loading	109
Maximum file sizes for startup-config file and running-config	111
Loading and saving configuration files with IPv6	111
Using the IPv6 copy command	111
Copying a file from an IPv6 TFTP server	112
Using the IPv6 ncopy command	113
Uploading files from an IPv6 TFTP server	114
Using SNMP to save and load configuration information	115
Erasing image and configuration files	116
Scheduling a system reload	116
Reloading at a specific time	116
Reloading after a specific amount of time	117
Displaying the amount of time remaining before a scheduled reload	117
Canceling a scheduled reload	117
Diagnostic error codes and remedies for TFTP transfers	117
Testing network connectivity	118
Pinging an IPv4 address	118
Tracing an IPv4 route	120
Software-based Licensing	121
Software license terminology	121
Software-based licensing overview	122
How software-based licensing works	122
License types	122
Non-licensed features	122
Licensed features and part numbers	123
Licensing rules	123
Configuration tasks	125
Obtaining a license	125
Installing a license file	130
Verifying the license file installation	130
Deleting a license	130
Other licensing options available from the Brocade Software Portal	131
Viewing software license information	131
Transferring a license	132
Syslog messages and trap information	132
Viewing information about software licenses	133
Viewing the License ID (LID)	133
Viewing the license database	134
Viewing software packages installed in the device	135
Stackable Devices	137
IronStack overview	137
IronStack technology features	137
Stackable models	138
IronStack terminology	138
Building an IronStack	140
IronStack topologies	140
Software requirements	142
IronStack construction methods	142
Scenario 1 - Configuring a three-member IronStack in a ring topology using secure-setup	143
Scenario 2 - Configuring a three-member IronStack in a ring topology using the automatic setup process	147
Scenario 3 - Configuring a three-member IronStack in a ring topology using the manual configuration process	150
Configuring an FCX IronStack	151
Configuring PowerConnect B-Series FCX stacking ports	151
Configuring a default stacking port to function as a data port	157
Verifying an IronStack configuration	158
Managing your IronStack	160
Logging in through the CLI	160
Logging in through Brocade Network Advisor	160
Logging in through the console port	160
IronStack management MAC address	162
Removing MAC address entries	164
CLI command syntax	166
IronStack CLI commands	166
Copying the flash image to a stack unit from the Active Controller	168
Reloading a stack unit	168
Controlling stack topology	168
Managing IronStack partitioning	169
MIB support for the IronStack	170
Persistent MAC address	170
Unconfiguring an IronStack	172
Displaying IronStack information	173
Adding, removing, or replacing units in an IronStack	189
Renumbering stack units	191
Syslog, SNMP, and traps	193
Troubleshooting an IronStack	193
Troubleshooting an unsuccessful stack build	194
Troubleshooting image copy issues	195
Stack mismatches	196
Image mismatches	196
Advanced feature privileges (PowerConnect B-Series FCX )	196
Configuration mismatch	197
Memory allocation failure	198
Recovering from a mismatch	198
Troubleshooting secure-setup	199
Troubleshooting unit replacement issues	200
More about IronStack technology	200
Configuration, startup configuration files and stacking flash	200
IronStack topologies	201
Port down and aging	201
Device roles and elections	201
PowerConnect B-Series FCX hitless stacking	204
Supported events	205
Non-supported events	205
Supported protocols and services	205
Configuration notes and feature limitations	207
What happens during a hitless stacking switchover or failover	208
Standby Controller role in hitless stacking	210
Support during stack formation, stack merge, and stack split	211
Hitless stacking default behavior	215
Hitless stacking failover	217
Hitless stacking switchover	218
Displaying information about hitless stacking	225
Syslog messages for hitless stacking failover and switchover	225
Displaying hitless stacking diagnostic information	226
Monitoring Hardware Components	231
Virtual cable testing	231
Configuration notes	231
Command syntax	231
Viewing the results of the cable analysis	232
Supported Fiber Optic Transceivers	233
Digital optical monitoring	234
Configuration limitations	234
Enabling digital optical monitoring	234
Setting the alarm interval	235
Displaying information about installed media	235
Viewing optical monitoring information	236
Syslog messages	238
Configuring IPv6 Management on PowerConnect B-Series FCXSwitches	239
IPv6 management overview	240
IPv6 addressing	240
Enabling and disabling IPv6	241
IPv6 management features	241
IPv6 management ACLs	241
IPv6 debug	242
IPv6 Web management using HTTP and HTTPS	242
IPv6 logging	243
Name-to-IPv6 address resolution using IPv6 DNS server	243
Defining an IPv6 DNS entry	243
IPv6 ping	244
SNTP over IPv6	245
SNMP3 over IPv6	245
Specifying an IPv6 SNMP trap receiver	245
Secure Shell, SCP, and IPv6	246
IPv6 Telnet	246
IPv6 traceroute	247
IPv6 management commands	247
Configuring Spanning Tree Protocol (STP) Related Features	249
STP overview	249
Configuring standard STP parameters	250
STP parameters and defaults	250
Enabling or disabling the Spanning Tree Protocol (STP)	251
Changing STP bridge and port parameters	252
STP protection enhancement	254
Displaying STP information	256
Configuring STP related features	265
Fast port span	265
Fast Uplink Span	267
802.1W Rapid Spanning Tree (RSTP)	269
802.1W Draft 3	307
Single Spanning Tree (SSTP)	311
STP per VLAN group	313
PVST/PVST+ compatibility	317
Overview of PVST and PVST+	318
VLAN tags and dual mode	319
Configuring PVST+ support	320
Displaying PVST+ support information	320
Configuration examples	321
PVRST compatibility	324
BPDU guard	324
Enabling BPDU protection by port	324
Re-enabling ports disabled by BPDU guard	325
Displaying the BPDU guard status	325
Example console messages	326
Root guard	326
Enabling STP root guard	327
Displaying the STP root guard	327
Displaying the root guard by VLAN	327
Error disable recovery	328
Enabling error disable recovery	328
Setting the recovery interval	328
Displaying the error disable recovery state by interface	329
Displaying the recovery state for all conditions	329
Displaying the recovery state by port number and cause	329
Errdisable Syslog messages	330
802.1s Multiple Spanning Tree Protocol	330
Multiple spanning-tree regions	330
Configuration notes	332
Configuring MSTP mode and scope	332
Reduced occurrences of MSTP reconvergence	333
Configuring additional MSTP parameters	335
Configuring Basic Layer 2 Features	347
About port regions	348
PowerConnect B-Series FCX device port regions	348
Enabling or disabling the Spanning Tree Protocol (STP)	348
Modifying STP bridge and port parameters	349
MAC learning rate control	349
Changing the MAC age time and disabling MAC address learning	349
Disabling the automatic learning of MAC addresses	350
Displaying the MAC address table	350
Configuring static MAC entries	350
Multi-port static MAC address	351
Configuring VLAN-based static MAC entries	352
Clearing MAC address entries	352
Flow-based MAC address learning	353
Feature overview	353
The benefits of flow-based learning	353
How flow-based learning works	354
Configuration considerations	354
Configuring flow-based MAC address learning	355
Displaying information about flow-based MACs	356
Clearing flow-based MAC address entries	356
Enabling port-based VLANs	356
Assigning IEEE 802.1Q tagging to a port	357
Defining MAC address filters	358
Configuration notes and limitations	358
Command syntax	358
Enabling logging of management traffic permitted by MAC address filters	360
MAC address filter override for 802.1X-enabled ports	361
Locking a port to restrict addresses	362
Configuration notes	362
Command syntax	362
Displaying and modifying system parameter default settings	363
Configuration considerations	363
Displaying system parameter default values	363
Modifying system parameter default values	367
TDynamic Buffer Allocation for an IronStack	368
Generic buffer profiles on PowerConnect Stackable devices	371
Remote Fault Notification (RFN) on 1G fiber connections	371
Enabling and disabling remote fault notification	372
Link Fault Signaling (LFS) for 10G	372
Jumbo frame support	373
Configuring Metro Features	375
Topology groups	375
Master VLAN and member VLANs	376
Control ports and free ports	376
Configuration considerations	376
Configuring a topology group	377
Displaying topology group information	378
Metro Ring Protocol (MRP)	379
Configuration notes	381
MRP rings without shared interfaces (MRP Phase 1)	381
MRP rings with shared interfaces (MRP Phase 2)	382
Ring initialization	383
How ring breaks are detected and healed	388
Master VLANs and customer VLANs	390
Configuring MRP	391
Using MRP diagnostics	394
Displaying MRP information	395
MRP CLI example	397
Virtual Switch Redundancy Protocol (VSRP)	399
Configuration notes and feature limitations	400
Layer 2 and Layer 3 redundancy	401
Master election and failover	401
VSRP-Aware security features	406
VSRP parameters	406
Configuring basic VSRP parameters	409
Configuring optional VSRP parameters	410
Displaying VSRP information	418
VSRP fast start	421
VSRP and MRP signaling	422
Configuring Uni-Directional Link Detection (UDLD) and Protected Link Groups	425
UDLD overview	425
UDLD for tagged ports	426
Configuration notes and feature limitations	426
Enabling UDLD	427
Enabling UDLD for tagged ports	427
Changing the Keepalive interval	427
Changing the Keepalive retries	428
Displaying UDLD information	428
Clearing UDLD statistics	430
Protected link groups	430
About active ports	431
Using UDLD with protected link groups	431
Configuration notes	431
Creating a protected link group and assigning an active port	432
Configuring Trunk Groups and Dynamic Link Aggregation	435
Trunk group overview	435
Trunk group connectivity to a server	436
Trunk group rules	437
Trunk group configuration examples	438
Support for flexible trunk group membership	440
Trunk group load sharing	440
Configuring a trunk group	442
CLI syntax for configuring consecutive ports in a trunk group	442
CLI syntax for configuring non-consecutive ports in a trunk group	443
Example 1: Configuring the trunk groups shown in Figure 78	443
Example 2: Configuring a trunk group that spans two Gbps Ethernet modules in a chassis device	444
Example 3: Configuring a multi-slot trunk group with one port per module	445
Example 4: Configuring a trunk group of 10 Gbps Ethernet ports	445
Additional trunking options	446
Displaying trunk group configuration information	450
Viewing the first and last ports in a trunk group	451
Dynamic link aggregation	452
IronStack LACP trunk group configuration example	453
Examples of valid LACP trunk groups	453
Configuration notes and limitations	454
Adaptation to trunk disappearance	455
Flexible trunk eligibility	455
Enabling dynamic link aggregation	456
How changing the VLAN membership of a port affects trunk groups and dynamic keys	458
Additional trunking options for LACP trunk ports	458
Link aggregation parameters	458
Displaying and determining the status of aggregate links	463
Events that affect the status of ports in an aggregate link	464
Displaying link aggregation and port status information	464
Displaying LACP status information	466
Clearing the negotiated aggregate links table	467
Configuring single link LACP	467
Configuration notes	467
CLI syntax	467
Configuring Virtual LANs (VLANs)	469
VLAN overview	469
Types of VLANs	469
Default VLAN	475
802.1Q tagging	476
Spanning Tree Protocol (STP)	479
Virtual routing interfaces	479
VLAN and virtual routing interface groups	481
Dynamic, static, and excluded port membership	481
Super aggregated VLANs	483
Trunk group ports and VLAN membership	483
Summary of VLAN configuration rules	484
Routing between VLANs	485
Virtual routing interfaces (Layer 3 Switches only)	485
Routing between VLANs using virtual routing interfaces (Layer 3 Switches only)	485
Dynamic port assignment (Layer 2 Switches and Layer 3 Switches)	486
Assigning a different VLAN ID to the default VLAN	486
Assigning different VLAN IDs to reserved VLANs 4091 and 4092	487
Assigning trunk group ports	488
Configuring port-based VLANs	488
Modifying a port-based VLAN	492
Enable spanning tree on a VLAN	493
Configuring IP subnet, IPX network and protocol-based VLANs	494
Configuration example	494
Configuring IP subnet, IPX network, and protocol-based VLANs within port-based VLANs	496
Configuring an IPv6 protocol VLAN	500
Routing between VLANs using virtual routing interfaces (Layer 3 Switches only)	500
Configuring protocol VLANs with dynamic ports	506
Aging of dynamic ports	507
Configuration guidelines	508
Configuring an IP, IPX, or AppleTalk Protocol VLAN with Dynamic Ports	508
Configuring an IP subnet VLAN with dynamic ports	508
Configuring an IPX network VLAN with dynamic ports	509
Configuring uplink ports within a port-based VLAN	510
Configuration considerations	510
Configuration syntax	510
Configuring the same IP subnet address on multiple port-based VLANs	511
Configuring VLAN groups and virtual routing interface groups	514
Configuring a VLAN group	514
Configuring a virtual routing interface group	516
Displaying the VLAN group and virtual routing interface group information	517
Allocating memory for more VLANs or virtual routing interfaces	518
Configuring super aggregated VLANs	519
Configuration notes	522
Configuring aggregated VLANs	522
Verifying the configuration	523
Complete CLI examples	523
Configuring 802.1Q-in-Q tagging	526
Configuration rules	527
Enabling 802.1Q-in-Q tagging	527
Example configuration	529
Configuring 802.1Q-in-Q tag profiles	530
Configuring private VLANs	530
Configuration notes	533
Enabling broadcast or unknown unicast traffic to the PVLAN	537
CLI example for a general PVLAN network	538
CLI example for a PVLAN network with switch-switch link ports	538
Dual-mode VLAN ports	539
Displaying VLAN information	542
Displaying VLANs in alphanumeric order	542
Displaying system-wide VLAN information	543
Displaying global VLAN information	544
Displaying VLAN information for specific ports	544
Displaying a port VLAN membership	545
Displaying a port dual-mode VLAN membership	545
Displaying port default VLAN IDs (PVIDs)	545
Displaying PVLAN information	546
Configuring GARP VLAN Registration Protocol (GVRP)	547
GVRP overview	547
Application examples	548
Dynamic core and fixed edge	548
Dynamic core and dynamic edge	549
Fixed core and dynamic edge	550
Fixed core and fixed edge	550
VLAN names	550
Configuration notes	550
Configuring GVRP	552
Changing the GVRP base VLAN ID	552
Increasing the maximum configurable value of the Leaveall timer	552
Enabling GVRP	553
Disabling VLAN advertising	553
Disabling VLAN learning	554
Changing the GVRP timers	554
Converting a VLAN created by GVRP into a statically-configured VLAN	556
Displaying GVRP information	556
Displaying GVRP configuration information	557
Displaying GVRP VLAN information	559
Displaying GVRP statistics	561
Displaying CPU utilization statistics	562
Displaying GVRP diagnostic information	564
Clearing GVRP statistics	564
CLI examples	564
Dynamic core and fixed edge	565
Dynamic core and dynamic edge	566
Fixed core and dynamic edge	566
Fixed core and fixed edge	567
Configuring MAC-based VLANs	569
Overview	569
Static and dynamic hosts	569
MAC-based VLAN feature structure	569
Dynamic MAC-based VLAN	570
Configuration notes and feature limitations	571
Configuration example	572
Configuring MAC-based VLANs	573
Using MAC-based VLANs and 802.1X security on the same port	573
Configuring generic and Dell vendor-specific attributes on the RADIUS server	574
Aging for MAC-based VLAN	575
Disabling aging for MAC-based VLAN sessions	576
Configuring the maximum MAC addresses per port	577
Configuring a MAC-based VLAN for a static host	577
Configuring MAC-based VLAN for a dynamic host	578
Configuring dynamic MAC-based VLAN	578
Configuring MAC-based VLANs using SNMP	579
Displaying Information about MAC-based VLANs	579
Displaying the MAC-VLAN table	579
Displaying the MAC-VLAN table for a specific MAC address	579
Displaying allowed MAC addresses	580
Displaying denied MAC addresses	580
Displaying detailed MAC-VLAN data	581
Displaying MAC-VLAN information for a specific interface	583
Displaying MAC addresses in a MAC-based VLAN	584
Displaying MAC-based VLAN logging	585