Brocade ServerIron ADX

Similar documents
Chapter 6 Configuring Basic Features

Chapter 8 Configuring Basic Software Features

Chapter 3 Command List

Chapter 8 Configuring Basic Features

Chapter 1 Getting Started

Index. B Boot software 5-2 Bridging architecture 7-6 Broadcast filter 8-55 limiting 8-22 Buffer port 7-9 Syslog 8-17, 8-20

Chapter 8 Configuring OSPF

Brocade FastIron SX, FCX, and ICX

Chapter 7 Interface Commands

Chapter 15 OSPF Commands

FastIron Ethernet Switch

TrafficWorks Software Release c for Brocade ServerIron ADX Series Application Delivery Switches Release Notes v1.3

Index. Numerics. Index 1

Chapter 6 Software Overview

Chapter 5 Software Overview

Chapter 8 Configuring Basic Features

ServerIron ADX. Security Guide. Supporting ServerIron ADX TrafficWorks version

Chapter 6 Global CONFIG Commands

Foundry IPv6 Configuration Guide

Chapter 13 Configuring BGP4

Chapter 16 OSPF Version 3 Commands

Chapter 2 Using the Command Line Interface

Configuring VRRP. Finding Feature Information. The Virtual Router Redundancy Protocol (VRRP) is an election protocol that dynamically assigns

Chapter 32 VSRP Commands

Chapter 2 Using the Command Line Interface

ProCurve Routing Switches

Configuring VRRP. Finding Feature Information. Contents

Release Notes for Version of the HP ProCurve Routing Switch 9304M, 9308M,

Brocade Vyatta Network OS Routing Policies Configuration Guide, 5.2R1

Appendix B Policies and Filters

Guide to Brocade 5600 vrouter Documentation

Management Software AT-S101. User s Guide. For use with the AT-GS950/8POE Gigabit Ethernet WebSmart Switch. Version Rev.

Appendix C Software Specifications

EX2500 Ethernet Switch 3.1 Release Notes

OSPFv3 Address Families

Brocade Vyatta Network OS RIP Configuration Guide, 5.2R1

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)

Organization of Product Documentation... xi

Avaya M-MLS Routing Manager User Guide

security guide hp procurve routing switches 9304m, 9308m, and 9315m (software release or greater)

Cisco Discovery Protocol Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 920 Series)

IPv6 Routing: OSPFv3

Chapter 13 RIP Commands

Brocade 5600 vrouter Routing Policies Configuration Guide

HP VPN Firewall Appliances

Index. Numerics. Index p priority (QoS) definition Q VLAN standard w as a region 5-54

Brocade 5600 vrouter RIP Configuration Guide

OSPFv3 Address Families

OSPFv3 Address Families

Managed Ethernet Switch User s Manual

Guide to Brocade 5600 vrouter Documentation

Operation Manual IPv4 Routing H3C S3610&S5510 Series Ethernet Switches. Table of Contents

January Network Advisor. Features Support Matrix. Supporting Brocade Network Advisor

Brocade 5600 vrouter MSDP

Brocade EFC Manager Software

Brocade 5600 vrouter MSDP Configuration Guide

Cisco IOS First Hop Redundancy Protocols Command Reference

Firmware Download. Best Practice Notes. Supporting Fabric OS v4.x and 5.x. Supporting SilkWorm 200E, 3250, 3850, 3900, 4100, 12000, 24000, and 48000

Chapter 4 Software-Based IP Access Control Lists (ACLs)

Brocade 5600 vrouter OSPFv3 Configuration Guide

OSPF Commands on Cisco ASR 9000 Series Router

Routing Protocol Type Primarily IGP or EGP RIP Distance-Vector IGP EIGRP OSPF IS-IS BGP

AT-GS950/8. AT-GS950/8 Web Interface User Guide AT-S113 Version [ ] Gigabit Ethernet Switch Rev A

Configuring NAT for High Availability

Configuring Spanning Tree Protocol

IP Routing: OSPF Configuration Guide, Cisco IOS XE Release 3E

Fixed Rack Mount Kit

OSPF Commands on Cisco IOS XR Software

2V] Chapter 2 Catalyst 3560 Switch Cisco IOS Commands shutdown. This command has no arguments or keywords.

PRIMERGY BX900 Blade Server Systems Fibre Channel Connection Blade BR5450

HP Load Balancing Module

CCNA Semester 2 labs. Labs for chapters 2 10

Finding Support Information for Platforms and Cisco IOS Software Images

Configuring OSPF with CLI

OSPF Commands. adjacency stagger, page 7. authentication-key (OSPF), page 14

Brocade 5600 vrouter OSPFv3

Configuring IPv4 Broadcast Packet Handling

Cisco Nexus 1000V for KVM Interface Configuration Guide, Release 5.x

Configuring Interface Characteristics

AT-GS950/10PS Switch Web Interface User s Guide AT-S110 [ ]

Cisco Certified Network Associate ( )

T PCT. Smart PoE Switch REV

Command Manual IPv4 Routing H3C S3610&S5510 Series Ethernet Switches. Table of Contents

For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Configuration Fundamentals Command Reference

SWP-0208G, 8+2SFP. 8-Port Gigabit Web Smart Switch. User s Manual

Layer 3 Routing (UI 2.0) User s Manual

HP 3600 v2 Switch Series

OSPF Commands. Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols IP2R-61

Gigabit Managed Ethernet Switch

SilkWorm QuickStart Guide. Supporting Fabric OS v5.0.4 * * Publication Number:

Brocade Vyatta Network OS Guide to Documentation, 5.2R1

Configuration IP Routing and Multicast Avaya Ethernet Routing Switch 4500 Series

Appendix B Command Line Interface Commands

OSPF. About OSPF. CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.4 1

Remote Access MPLS-VPNs

Configuring Networking Protocols

Configuring IP Unicast Routing

C H A P T E R Commands Cisco SFS Product Family Command Reference OL

Configuring Spanning Tree Protocol

Brocade Certified Layer 4-7 Professional Practice Questions w/answers For Exam

Transcription:

53-1001446-01 Brocade ServerIron ADX Switch and Router Guide Supporting ServerIon TrafficWorks version 12.0.00

Copyright 2006-2009 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, Fabric OS, File Lifecycle Manager, MyView, and StorageX are registered trademarks and the Brocade B-wing symbol, DCX, and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. All other brands, products, or service names are or may be trademarks or service marks of, and are used to identify, products or services of their respective owners. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government. The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that accompany it. The product described by this document may contain open source software covered by the GNU General Public License or other open source license agreements. To find-out which open source software is included in Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd. Brocade Communications Systems, Incorporated Corporate and Latin American Headquarters Brocade Communications Systems, Inc. 1745 Technology Drive San Jose, CA 95110 Tel: 1-408-333-8000 Fax: 1-408-333-8101 E-mail: info@brocade.com European Headquarters Brocade Communications Switzerland Sàrl Centre Swissair Tour B - 4ème étage 29, Route de l'aéroport Case Postale 105 CH-1215 Genève 15 Switzerland Tel: +41 22 799 5640 Fax: +41 22 799 5641 E-mail: emea-info@brocade.com Asia-Pacific Headquarters Brocade Communications Singapore Pte. Ltd. 30 Cecil Street #19-01 Prudential Tower Singapore 049712 Singapore Tel: +65-6538-4700 Fax: +65-6538-0302 E-mail: apac-info@brocade.com Document History Title Publication number Summary of changes Date Brocade ServerIron TrafficWorks Switching and Routing Guide 53-1001446-01 GA document June 2009 Brocade ServerIron TrafficWorks Switching and Routing Guide 53-1001446-01 Added NIAP-CCEVS Certification Appendix July 2009

Contents CHAPTER 1 ABOUT THIS GUIDE... 1-1 AUDIENCE...1-1 CONVENTIONS...1-1 RELATED DOCUMENTATION...1-1 UPDATES TO MANUALS AND RELEASE NOTES...1-2 GETTING TECHNICAL HELP...1-2 WEB ACCESS... 1-3 EMAIL ACCESS... 1-3 TELEPHONE ACCESS... 1-3 WARRANTY COVERAGE... 1-3 DOCUMENT FEEDBACK... 1-3 CHAPTER 2 CONFIGURING BASIC FEATURES... 2-1 CONFIGURING BASIC SYSTEM PARAMETERS...2-1 ENTERING SYSTEM ADMINISTRATION INFORMATION...2-2 CONFIGURING SIMPLE NETWORK MANAGEMENT (SNMP) PARAMETERS...2-2 SPECIFYING AN SNMP TRAP RECEIVER... 2-3 SPECIFYING A SINGLE TRAP SOURCE... 2-3 SETTING THE SNMP TRAP HOLDDOWN TIME... 2-4 DISABLING SNMP TRAPS... 2-4 DISABLING SYSLOG MESSAGES AND TRAPS FOR CLI ACCESS... 2-5 CONFIGURING SNMP VERSION 3 TRAPS...2-6 DEFINING AN SNMP GROUP AND SPECIFYING WHICH VIEW IS NOTIFIED OF TRAPS... 2-7 DEFINING THE UDP PORT FOR SNMP V3 TRAPS... 2-7 CONFIGURING AN INTERFACE AS THE SOURCE FOR ALL TELNET PACKETS...2-8 CANCELLING AN OUTBOUND TELNET SESSION...2-8 CONFIGURING AN INTERFACE AS THE SOURCE FOR ALL TFTP PACKETS...2-8 SPECIFYING A SIMPLE NETWORK TIME PROTOCOL (SNTP) SERVER...2-9 SETTING THE SYSTEM CLOCK...2-10 July 2009 2009 Foundry Networks, Inc. iii

ServerIron ADX Switching and Routing Guide CONFIGURING CLI BANNERS...2-12 SETTING A MESSAGE OF THE DAY BANNER... 2-12 SETTING A PRIVILEGED EXEC CLI LEVEL BANNER... 2-12 DISPLAYING A MESSAGE ON THE CONSOLE WHEN AN INCOMING TELNET SESSION IS DETECTED... 2-12 CONFIGURING TERMINAL DISPLAY...2-12 CHECKING THE LENGTH OF TERMINAL DISPLAYS...2-13 CONFIGURING BASIC PORT PARAMETERS...2-13 ASSIGNING A PORT NAME...2-13 SPEED/DUPLEX NEGOTIATION...2-14 DISABLING OR RE-ENABLING A PORT...2-14 DISABLING OR RE-ENABLING FLOW CONTROL...2-15 CONFIGURING BASIC LAYER 2 PARAMETERS...2-15 ENABLING OR DISABLING THE SPANNING TREE PROTOCOL (STP)...2-15 MODIFYING STP BRIDGE AND PORT PARAMETERS... 2-15 CHANGING THE MAC AGE TIME...2-17 CONFIGURING STATIC MAC ENTRIES...2-17 CONFIGURING STATIC ARP ENTRIES... 2-18 ENABLING PORT-BASED VLANS...2-18 ASSIGNING IEEE 802.1Q TAGGING TO A PORT... 2-18 ENABLING OR DISABLING ROUTING PROTOCOLS...2-19 DISPLAYING AND MODIFYING SYSTEM PARAMETER DEFAULT SETTINGS...2-19 USING THE TEMPERATURE SENSOR...2-23 DISPLAYING THE TEMPERATURE...2-23 DISPLAYING TEMPERATURE MESSAGES...2-23 CHANGING TEMPERATURE WARNING AND SHUTDOWN LEVELS...2-24 CHANGING THE CHASSIS POLLING INTERVAL...2-24 ASSIGNING A MIRROR PORT AND MONITOR PORTS...2-24 SERVERIRON ADX MONITORING LIMITATIONS...2-25 MONITORING AN INDIVIDUAL TRUNK PORT...2-25 MONITORING 802.3AD AGGREGATE LINKS...2-25 CONFIGURATION NOTE... 2-26 CONFIGURING PORT MONITORING ON 802.3AD AGGREGATE LINKS... 2-26 CONFIGURING PORT MONITORING ON AN INDIVIDUAL PORT IN AN 802.3AD AGGREGATE LINK... 2-26 DISPLAYING THE CURRENT MIRROR AND MONITOR PORT CONFIGURATION...2-27 CHAPTER 3 CONFIGURING BASE LAYER 3... 3-1 ADDING A STATIC IP ROUTE...3-1 ADDING A STATIC ARP ENTRY...3-2 CONFIGURING RIP...3-2 ENABLING RIP...3-2 ENABLING REDISTRIBUTION OF IP STATIC ROUTES INTO RIP...3-3 ENABLING REDISTRIBUTION...3-4 ENABLING LEARNING OF DEFAULT ROUTES...3-4 CHANGING THE ROUTE LOOP PREVENTION METHOD...3-4 ADDITIONAL FEATURES...3-4 iv 2009 Foundry Networks, Inc. July 2009

CHAPTER 4 CONFIGURING TRUNK GROUPS AND DYNAMIC LINK AGGREGATION... 4-1 CONFIGURING TRUNK GROUPS...4-1 TRUNK GROUP CONNECTIVITY TO A SERVER...4-2 TRUNK GROUP RULES...4-3 ADDITIONAL TRUNK GROUP RULES FOR MULTI-SLOT TRUNK GROUPS... 4-3 TRUNK GROUP LOAD SHARING...4-4 CONFIGURING A TRUNK GROUP...4-4 EXAMPLE 1: CONFIGURING THE TRUNK GROUPS SHOWN IN FIGURE 4.1... 4-4 EXAMPLE 2: CONFIGURING A TRUNK GROUP THAT SPANS MULTIPLE GIGABIT ETHERNET MODULES IN A CHASSIS DEVICE... 4-5 ADDITIONAL TRUNKING OPTIONS...4-5 NAMING A TRUNK PORT... 4-6 DISABLING OR RE-ENABLING A TRUNK PORT... 4-6 DELETING A TRUNK GROUP... 4-7 DISPLAYING TRUNK GROUP CONFIGURATION INFORMATION...4-7 DYNAMIC LINK AGGREGATION...4-10 USAGE NOTES...4-11 CONFIGURATION RULES...4-11 ENABLING LINK AGGREGATION...4-11 LINK AGGREGATION PARAMETERS...4-12 SYSTEM PRIORITY... 4-12 PORT PRIORITY... 4-12 LINK TYPE... 4-12 KEY... 4-12 CONFIGURING LINK AGGREGATION PARAMETERS... 4-15 CONFIGURING KEYS FOR PORTS WITH LINK AGGREGATION ENABLED... 4-16 DISPLAYING AND DETERMINING THE STATUS OF AGGREGATE LINKS...4-16 ABOUT BLOCKED PORTS... 4-16 DISPLAYING LINK AGGREGATION AND PORT STATUS INFORMATION... 4-17 DISPLAYING TRUNK GROUP AND LACP STATUS INFORMATION... 4-20 CLEARING THE NEGOTIATED LINK AGGREGATIONS...4-20 CHAPTER 5 CONFIGURING VIRTUAL LANS (VLANS)... 5-1 OVERVIEW...5-1 TYPES OF VLANS SUPPORTED...5-1 LAYER 2 PORT-BASED VLANS... 5-1 INTEGRATED SWITCH ROUTING (ISR)... 5-2 IP SUBNET VLANS... 5-3 DEFAULT VLAN...5-3 802.1Q TAGGING...5-4 SPANNING TREE PROTOCOL (STP)...5-6 VIRTUAL ROUTING INTERFACES...5-7 VLAN AND VIRTUAL ROUTING INTERFACE GROUPS...5-7 DYNAMIC, STATIC, AND EXCLUDED PORT MEMBERSHIP...5-8 DYNAMIC PORTS... 5-8 July 2009 2009 Bricade Communications Systems, Inc. v

ServerIron ADX Switching and Routing Guide STATIC PORTS... 5-9 EXCLUDED PORTS... 5-9 BROADCAST LEAKS... 5-9 SUPER AGGREGATED VLANS...5-10 TRUNK GROUP PORTS AND VLAN MEMBERSHIP...5-10 SUMMARY OF VLAN CONFIGURATION RULES...5-10 MULTIPLE VLAN MEMBERSHIP RULES... 5-10 ROUTING BETWEEN VLANS (LAYER 3 SWITCHES ONLY)...5-10 VIRTUAL ROUTING INTERFACES (LAYER 3 SWITCHES ONLY)...5-10 BRIDGING AND ROUTING THE SAME PROTOCOL SIMULTANEOUSLY ON THE SAME DEVICE (LAYER 3 SWITCHES ONLY)...5-10 ROUTING BETWEEN VLANS USING VIRTUAL ROUTING INTERFACES (LAYER 3 SWITCHES ONLY)...5-11 DYNAMIC PORT ASSIGNMENT (LAYER 2 SWITCHES AND LAYER 3 SWITCHES)...5-11 ASSIGNING A DIFFERENT VLAN ID TO THE DEFAULT VLAN...5-11 ASSIGNING TRUNK GROUP PORTS...5-12 CONFIGURING PORT-BASED VLANS...5-12 CONFIGURING SERVERIRON ADX-A... 5-14 CONFIGURING SERVERIRON ADX-B... 5-15 CONFIGURING SERVERIRON ADX-C... 5-15 MODIFYING A PORT-BASED VLAN...5-15 REMOVING A PORT-BASED VLAN... 5-16 REMOVING A PORT FROM A VLAN... 5-16 ENABLE SPANNING TREE ON A VLAN... 5-17 CONFIGURING IP SUBNET VLANS...5-18 CONFIGURATION EXAMPLE...5-18 CONFIGURING AN IP SUBNET VLAN WITH DYNAMIC PORTS...5-19 CONFIGURING THE SAME IP SUBNET ADDRESS ON MULTIPLE PORT-BASED VLANS...5-19 USING SEPARATE ACLS ON IP FOLLOWER VIRTUAL ROUTING INTERFACES...5-22 CONFIGURING A VIRTUAL ROUTING INTERFACE AND ASSIGNING AN IP ADDRESS ON A PORT-BASED VLAN..5-23 CONFIGURING VLAN GROUPS AND VIRTUAL ROUTING INTERFACE GROUPS...5-24 CONFIGURING A VLAN GROUP...5-25 DISPLAYING INFORMATION ABOUT VLAN GROUPS... 5-25 CONFIGURING A VIRTUAL ROUTING INTERFACE GROUP...5-26 DISPLAYING THE VLAN GROUP AND VIRTUAL ROUTING INTERFACE GROUP INFORMATION...5-26 ALLOCATING MEMORY FOR MORE VLANS OR VIRTUAL ROUTING INTERFACES...5-27 INCREASING THE NUMBER OF VLANS YOU CAN CONFIGURE... 5-27 INCREASING THE NUMBER OF VIRTUAL ROUTING INTERFACES YOU CAN CONFIGURE... 5-27 CONFIGURING SUPER AGGREGATED VLANS...5-27 CONFIGURING AGGREGATED VLANS...5-29 CONFIGURING AGGREGATED VLANS ON AN EDGE DEVICE... 5-30 CONFIGURING AGGREGATED VLANS ON A CORE DEVICE... 5-30 COMPLETE CLI EXAMPLES...5-31 COMMANDS FOR DEVICE A... 5-31 COMMANDS FOR DEVICE B... 5-31 COMMANDS FOR DEVICE C... 5-32 COMMANDS FOR DEVICE D... 5-32 COMMANDS FOR DEVICE E... 5-32 COMMANDS FOR DEVICE F... 5-33 DUAL-MODE VLAN PORTS...5-33 vi 2009 Foundry Networks, Inc. July 2009

DISPLAYING VLAN INFORMATION...5-36 DISPLAYING SYSTEM-WIDE VLAN INFORMATION...5-36 DISPLAYING VLAN INFORMATION FOR SPECIFIC PORTS...5-36 USING SHOW RUN TO DISPLAY VLAN INFORMATION...5-37 CHAPTER 6 CONFIGURING SPANNING TREE PROTOCOL (STP) AND IRONSPAN FEATURES... 6-1 CONFIGURING STANDARD STP PARAMETERS...6-1 STP PARAMETERS AND DEFAULTS...6-2 ENABLING OR DISABLING THE SPANNING TREE PROTOCOL (STP)...6-3 ENABLING OR DISABLING STP GLOBALLY... 6-3 ENABLING OR DISABLING STP IN A PORT-BASED VLAN... 6-3 ENABLING OR DISABLING STP ON AN INDIVIDUAL PORT... 6-4 CHANGING STP BRIDGE AND PORT PARAMETERS...6-4 CHANGING STP BRIDGE PARAMETERS... 6-4 CHANGING STP PORT PARAMETERS... 6-5 DISPLAYING STP INFORMATION...6-5 DISPLAYING STP INFORMATION FOR AN ENTIRE DEVICE... 6-6 DISPLAYING CPU UTILIZATION STATISTICS... 6-8 DISPLAYING THE STP STATE OF A PORT-BASED VLAN... 6-10 DISPLAYING DETAILED STP INFORMATION FOR EACH INTERFACE... 6-10 DISPLAYING STP STATE INFORMATION FOR AN INDIVIDUAL INTERFACE... 6-13 CONFIGURING IRONSPAN FEATURES...6-14 FAST PORT SPAN...6-14 DISABLING AND RE-ENABLING FAST PORT SPAN... 6-15 EXCLUDING SPECIFIC PORTS FROM FAST PORT SPAN... 6-15 FAST UPLINK SPAN...6-16 FAST UPLINK SPAN RULES FOR TRUNK GROUPS... 6-16 CONFIGURING A FAST UPLINK PORT GROUP... 6-17 802.1W RAPID SPANNING TREE (RSTP)...6-17 BRIDGES AND BRIDGE PORT ROLES... 6-18 EDGE PORTS AND EDGE PORT ROLES... 6-20 POINT-TO-POINT PORTS... 6-21 BRIDGE PORT STATES... 6-22 EDGE PORT AND NON-EDGE PORT STATES... 6-22 CHANGES TO PORT ROLES AND STATES... 6-22 CONVERGENCE IN A SIMPLE TOPOLOGY... 6-34 CONVERGENCE AFTER A LINK FAILURE... 6-37 CONVERGENCE AT LINK RESTORATION... 6-37 CONVERGENCE IN A COMPLEX 802.1W TOPOLOGY... 6-38 PROPAGATION OF TOPOLOGY CHANGE... 6-40 COMPATIBILITY OF 802.1W WITH 802.1D... 6-43 CONFIGURING 802.1W PARAMETERS ON A BROCADE DEVICE... 6-44 DISPLAYING INFORMATION ABOUT 802-1W... 6-47 802.1W DRAFT 3...6-52 RECONVERGENCE TIME... 6-54 CONFIGURATION CONSIDERATIONS... 6-55 ENABLING 8021.W DRAFT 3... 6-55 SINGLE SPANNING TREE (SSTP)...6-56 July 2009 2009 Bricade Communications Systems, Inc. vii

ServerIron ADX Switching and Routing Guide SSTP DEFAULTS... 6-56 ENABLING SSTP... 6-56 DISPLAYING SSTP INFORMATION... 6-57 STP PER VLAN GROUP...6-57 STP LOAD BALANCING... 6-58 CONFIGURING STP PER VLAN GROUP... 6-58 CONFIGURATION EXAMPLE FOR STP LOAD SHARING... 6-60 CHAPTER 7 CONFIGURING VRRP AND VRRP-E... 7-1 OVERVIEW...7-1 OVERVIEW OF VRRP...7-1 VIRTUAL ROUTER ID (VRID)... 7-3 VIRTUAL ROUTER MAC ADDRESS... 7-3 VIRTUAL ROUTER IP ADDRESS... 7-4 MASTER NEGOTIATION... 7-4 HELLO MESSAGES... 7-4 TRACK PORTS AND TRACK PRIORITY... 7-5 SUPPRESSION OF RIP ADVERTISEMENTS FOR BACKED UP INTERFACES... 7-5 AUTHENTICATION... 7-5 INDEPENDENT OPERATION OF VRRP ALONGSIDE RIP, OSPF, AND BGP4... 7-5 DYNAMIC VRRP CONFIGURATION... 7-5 OVERVIEW OF VRRP-E...7-6 COMPARISON OF VRRP AND VRRP-E...7-7 VRRP...7-7 VRRP-E...7-8 ARCHITECTURAL DIFFERENCES...7-8 MANAGEMENT PROTOCOL... 7-8 VIRTUAL ROUTER IP ADDRESS (THE ADDRESS YOU ARE BACKING UP)... 7-8 MASTER AND BACKUPS... 7-8 VRRP AND VRRP-E PARAMETERS...7-9 CONFIGURING BASIC VRRP PARAMETERS...7-11 CONFIGURING THE OWNER...7-11 CONFIGURING A BACKUP...7-12 CONFIGURATION RULES FOR VRRP...7-12 CONFIGURING BASIC VRRP-E PARAMETERS...7-12 CONFIGURATION RULES FOR VRRP-E...7-12 NOTE REGARDING DISABLING VRRP OR VRRP-E...7-12 CONFIGURING ADDITIONAL VRRP AND VRRP-E PARAMETERS...7-13 AUTHENTICATION TYPE... 7-13 ROUTER TYPE... 7-14 SUPPRESSION OF RIP ADVERTISEMENTS ON BACKUP ROUTERS FOR THE BACKUP UP INTERFACE. 7-15 HELLO INTERVAL... 7-16 DEAD INTERVAL... 7-16 BACKUP HELLO MESSAGE STATE AND INTERVAL... 7-16 TRACK PORT... 7-17 TRACK PRIORITY... 7-17 BACKUP PREEMPT... 7-17 FORCING A MASTER ROUTER TO ABDICATE TO A STANDBY ROUTER...7-18 viii 2009 Foundry Networks, Inc. July 2009

DISPLAYING VRRP AND VRRP-E INFORMATION...7-19 DISPLAYING SUMMARY INFORMATION...7-19 DISPLAYING DETAILED INFORMATION...7-20 DISPLAYING DETAILED INFORMATION FOR AN INDIVIDUAL VRID... 7-24 DISPLAYING STATISTICS...7-26 CLEARING VRRP OR VRRPE STATISTICS...7-27 DISPLAYING CPU UTILIZATION STATISTICS...7-27 CONFIGURATION EXAMPLES...7-29 VRRP EXAMPLE...7-29 CONFIGURING ROUTER1... 7-29 CONFIGURING ROUTER2... 7-29 VRRP-E EXAMPLE...7-30 CONFIGURING ROUTER1... 7-30 CONFIGURING ROUTER2... 7-30 CHAPTER 8 CONFIGURING UNI-DIRECTIONAL LINK DETECTION (UDLD)... 8-1 CONFIGURATION CONSIDERATIONS...8-2 CONFIGURING UDLD...8-2 CHANGING THE KEEPALIVE INTERVAL...8-2 CHANGING THE KEEPALIVE RETRIES...8-2 UDLD FOR TAGGED PORTS...8-2 DISPLAYING UDLD INFORMATION...8-3 DISPLAYING INFORMATION FOR ALL PORTS...8-3 DISPLAYING INFORMATION FOR A SINGLE PORT...8-4 CLEARING UDLD STATISTICS...8-5 CHAPTER 9 CONFIGURING IP... 9-1 BASIC CONFIGURATION...9-1 OVERVIEW...9-1 IP INTERFACES...9-2 SERVERIRON ADX WITH ROUTER CODE INSTALLED... 9-2 SERVERIRON ADX WITH SWITCH CODE INSTALLED... 9-2 ARP CACHE AND STATIC ARP TABLE... 9-3 IP ROUTE TABLE... 9-3 IP FORWARDING CACHE... 9-4 IP ROUTE EXCHANGE PROTOCOLS...9-5 IP INTERFACE REDUNDANCY PROTOCOLS...9-5 ACCESS CONTROL LISTS AND IP ACCESS POLICIES...9-5 BASIC IP PARAMETERS AND DEFAULTS LAYER 3 SWITCHES...9-6 WHEN PARAMETER CHANGES TAKE EFFECT...9-6 IP GLOBAL PARAMETERS LAYER 3 SWITCHES...9-7 IP INTERFACE PARAMETERS LAYER 3 SWITCHES...9-10 BASIC IP PARAMETERS AND DEFAULTS LAYER 2 SWITCHES...9-12 IP GLOBAL PARAMETERS LAYER 2 SWITCHES...9-12 July 2009 2009 Bricade Communications Systems, Inc. ix

ServerIron ADX Switching and Routing Guide INTERFACE IP PARAMETERS LAYER 2 SWITCHES...9-13 CONFIGURING IP PARAMETERS LAYER 3 SWITCHES...9-14 CONFIGURING IP ADDRESSES...9-14 ASSIGNING AN IP ADDRESS TO AN ETHERNET PORT... 9-14 ASSIGNING AN IP ADDRESS TO A LOOPBACK INTERFACE... 9-15 ASSIGNING AN IP ADDRESS TO A VIRTUAL INTERFACE... 9-15 DELETING AN IP ADDRESS... 9-16 CONFIGURING DOMAIN NAME SERVER (DNS) RESOLVER...9-16 DEFINING A DNS ENTRY... 9-19 USING A DNS NAME TO INITIATE A TRACE ROUTE... 9-19 DEFINING A DOMAIN NAME... 9-20 DEFINING DNS SERVERS... 9-20 CONFIGURING PACKET PARAMETERS...9-20 CHANGING THE ENCAPSULATION TYPE... 9-21 CHANGING THE MAXIMUM TRANSMISSION UNIT (MTU)... 9-21 CHANGING THE ROUTER ID...9-22 SPECIFYING A SINGLE SOURCE INTERFACE FOR TELNET, TACACS/TACACS+, OR RADIUS PACKETS...9-23 CONFIGURING ARP PARAMETERS...9-25 HOW ARP WORKS... 9-25 CONFIGURING FORWARDING PARAMETERS...9-26 CHANGING THE TTL THRESHOLD... 9-26 ENABLING FORWARDING OF DIRECTED BROADCASTS... 9-27 DISABLING FORWARDING OF IP SOURCE-ROUTED PACKETS... 9-27 ENABLING SUPPORT FOR ZERO-BASED IP SUBNET BROADCASTS... 9-28 DISABLING ICMP MESSAGES...9-28 DISABLING ICMP REDIRECT MESSAGES...9-30 CONFIGURING STATIC ROUTES...9-30 STATIC ROUTE TYPES... 9-30 STATIC IP ROUTE PARAMETERS... 9-30 MULTIPLE STATIC ROUTES TO THE SAME DESTINATION PROVIDE LOAD SHARING AND REDUNDANCY... 9-31 STATIC ROUTE STATES FOLLOW PORT STATES... 9-31 CONFIGURING A STATIC IP ROUTE... 9-32 CONFIGURING A NULL ROUTE... 9-33 CONFIGURING LOAD BALANCING AND REDUNDANCY USING MULTIPLE STATIC ROUTES TO THE SAME DESTINATION... 9-34 CONFIGURING STANDARD STATIC IP ROUTES AND INTERFACE OR NULL STATIC ROUTES TO THE SAME DESTINATION... 9-34 CONFIGURING A DEFAULT NETWORK ROUTE...9-36 CONFIGURING A DEFAULT NETWORK ROUTE... 9-37 CONFIGURING IP LOAD SHARING...9-38 HOW MULTIPLE EQUAL-COST PATHS ENTER THE IP ROUTE TABLE... 9-38 HOW IP LOAD SHARING WORKS... 9-40 DISABLING OR RE-ENABLING LOAD SHARING... 9-41 CHANGING THE MAXIMUM NUMBER OF LOAD SHARING PATHS... 9-41 OPTIMIZING THE IP FORWARDING CACHE...9-42 CONFIGURING IRDP...9-42 ENABLING IRDP GLOBALLY... 9-43 ENABLING IRDP ON AN INDIVIDUAL PORT... 9-43 CONFIGURING RARP...9-44 x 2009 Foundry Networks, Inc. July 2009

HOW RARP DIFFERS FROM BOOTP/DHCP... 9-44 DISABLING RARP... 9-44 CREATING STATIC RARP ENTRIES... 9-45 CHANGING THE MAXIMUM NUMBER OF STATIC RARP ENTRIES SUPPORTED... 9-45 CONFIGURING UDP BROADCAST AND IP HELPER PARAMETERS...9-45 ENABLING FORWARDING FOR A UDP APPLICATION... 9-46 CONFIGURING AN IP HELPER ADDRESS... 9-47 CONFIGURING BOOTP/DHCP FORWARDING PARAMETERS...9-47 BOOTP/DHCP FORWARDING PARAMETERS... 9-47 CONFIGURING AN IP HELPER ADDRESS... 9-48 CHANGING THE IP ADDRESS USED FOR STAMPING BOOTP/DHCP REQUESTS... 9-48 CHANGING THE MAXIMUM NUMBER OF HOPS TO A BOOTP RELAY SERVER... 9-48 CONFIGURING IP PARAMETERS LAYER 2 SWITCHES...9-49 CONFIGURING THE MANAGEMENT IP ADDRESS AND SPECIFYING THE DEFAULT GATEWAY...9-49 CONFIGURING DOMAIN NAME SERVER (DNS) RESOLVER...9-50 DEFINING A DNS ENTRY... 9-50 USING A DNS NAME TO INITIATE A TRACE ROUTE... 9-50 CHANGING THE TTL THRESHOLD...9-51 CONFIGURING DHCP ASSIST...9-51 HOW DHCP ASSIST WORKS... 9-52 CONFIGURING DHCP ASSIST... 9-54 DISPLAYING IP CONFIGURATION INFORMATION AND STATISTICS...9-55 CHANGING THE NETWORK MASK DISPLAY TO PREFIX FORMAT...9-55 DISPLAYING INFORMATION FOR JUMBO PACKETS... 9-55 DISPLAYING IP INFORMATION SERVERIRON ADX RUNNING ROUTER CODE...9-56 DISPLAYING GLOBAL IP CONFIGURATION INFORMATION... 9-56 DISPLAYING CPU UTILIZATION STATISTICS... 9-58 DISPLAYING IP INTERFACE INFORMATION... 9-60 DISPLAYING INTERFACE NAME IN SYSLOG... 9-62 DISPLAYING ARP ENTRIES... 9-62 DISPLAYING THE FORWARDING CACHE... 9-65 DISPLAYING THE IP ROUTE TABLE... 9-66 CLEARING IP ROUTES... 9-69 DISPLAYING IP TRAFFIC STATISTICS... 9-69 DISPLAYING IP INFORMATION SERVERIRON ADX RUNNING SWITCH CODE...9-72 DISPLAYING GLOBAL IP CONFIGURATION INFORMATION... 9-73 DISPLAYING ARP ENTRIES... 9-73 DISPLAYING IP TRAFFIC STATISTICS... 9-74 CHAPTER 10 CONFIGURING RIP... 10-1 ICMP HOST UNREACHABLE MESSAGE FOR UNDELIVERABLE ARPS...10-1 RIP PARAMETERS AND DEFAULTS...10-2 RIP GLOBAL PARAMETERS...10-2 RIP INTERFACE PARAMETERS...10-3 CONFIGURING RIP PARAMETERS...10-3 ENABLING RIP...10-3 CONFIGURING METRIC PARAMETERS...10-4 CHANGING THE COST OF ROUTES LEARNED ON A PORT... 10-4 July 2009 2009 Bricade Communications Systems, Inc. xi

ServerIron ADX Switching and Routing Guide CONFIGURING A RIP OFFSET LIST... 10-4 CHANGING THE ADMINISTRATIVE DISTANCE...10-5 CONFIGURING REDISTRIBUTION...10-5 CONFIGURING REDISTRIBUTION FILTERS... 10-5 CHANGING THE REDISTRIBUTION METRIC... 10-6 ENABLING REDISTRIBUTION... 10-6 CONFIGURING ROUTE LEARNING AND ADVERTISING PARAMETERS...10-7 CHANGING THE UPDATE INTERVAL FOR ROUTE ADVERTISEMENTS... 10-7 ENABLING LEARNING OF RIP DEFAULT ROUTES... 10-7 CONFIGURING A RIP NEIGHBOR FILTER... 10-7 CHANGING THE ROUTE LOOP PREVENTION METHOD...10-8 SUPPRESSING RIP ROUTE ADVERTISEMENT ON A VRRP OR VRRPE BACKUP INTERFACE...10-8 CONFIGURING RIP ROUTE FILTERS...10-8 APPLYING A RIP ROUTE FILTER TO AN INTERFACE... 10-9 SETTING RIP TIMERS...10-9 DISPLAYING RIP FILTERS...10-10 DISPLAYING CPU UTILIZATION STATISTICS...10-11 CHAPTER 11 CONFIGURING OSPF... 11-1 OVERVIEW OF OSPF...11-1 DESIGNATED ROUTERS IN MULTI-ACCESS NETWORKS...11-2 DESIGNATED ROUTER ELECTION IN MULTI-ACCESS NETWORKS...11-3 OSPF RFC 1583 AND 2178 COMPLIANCE...11-4 REDUCTION OF EQUIVALENT AS EXTERNAL LSAS...11-4 ALGORITHM FOR AS EXTERNAL LSA REDUCTION... 11-5 SUPPORT FOR OSPF RFC 2328 APPENDIX E...11-6 DYNAMIC OSPF ACTIVATION AND CONFIGURATION...11-7 DYNAMIC OSPF MEMORY...11-7 CONFIGURING OSPF...11-7 CONFIGURATION RULES...11-7 OSPF PARAMETERS...11-8 GLOBAL PARAMETERS... 11-8 INTERFACE PARAMETERS... 11-8 ENABLE OSPF ON THE ROUTER...11-9 NOTE REGARDING DISABLING OSPF... 11-9 ASSIGN OSPF AREAS...11-9 ASSIGN A TOTALLY STUBBY AREA... 11-10 ASSIGN A NOT-SO-STUBBY AREA (NSSA)... 11-10 ASSIGNING AN AREA RANGE (OPTIONAL)...11-12 ASSIGNING INTERFACES TO AN AREA...11-13 MODIFY INTERFACE DEFAULTS...11-13 OSPF INTERFACE PARAMETERS... 11-13 CHANGE THE TIMER FOR OSPF AUTHENTICATION CHANGES...11-15 BLOCK FLOODING OF OUTBOUND LSAS ON SPECIFIC OSPF INTERFACES...11-15 ASSIGN VIRTUAL LINKS...11-16 MODIFY VIRTUAL LINK PARAMETERS...11-18 VIRTUAL LINK PARAMETER DESCRIPTIONS... 11-18 xii 2009 Foundry Networks, Inc. July 2009

CHANGING THE REFERENCE BANDWIDTH FOR THE COST ON OSPF INTERFACES...11-19 INTERFACE TYPES TO WHICH THE REFERENCE BANDWIDTH DOES NOT APPLY... 11-20 CHANGING THE REFERENCE BANDWIDTH... 11-20 DEFINE REDISTRIBUTION FILTERS...11-20 PREVENT SPECIFIC OSPF ROUTES FROM BEING INSTALLED IN THE IP ROUTE TABLE...11-22 MODIFY DEFAULT METRIC FOR REDISTRIBUTION...11-25 ENABLE ROUTE REDISTRIBUTION...11-25 EXAMPLE USING A ROUTE MAP... 11-26 DISABLE OR RE-ENABLE LOAD SHARING...11-27 CONFIGURE EXTERNAL ROUTE SUMMARIZATION...11-28 CONFIGURE DEFAULT ROUTE ORIGINATION...11-29 MODIFY SPF TIMERS...11-30 MODIFY REDISTRIBUTION METRIC TYPE...11-30 MODIFY ADMINISTRATIVE DISTANCE...11-30 CONFIGURING ADMINISTRATIVE DISTANCE BASED ON ROUTE TYPE... 11-31 CONFIGURE OSPF GROUP LINK STATE ADVERTISEMENT (LSA) PACING...11-31 USAGE GUIDELINES... 11-31 CHANGING THE LSA PACING INTERVAL... 11-31 MODIFY OSPF TRAPS GENERATED...11-32 MODIFY OSPF STANDARD COMPLIANCE SETTING...11-33 MODIFY EXIT OVERFLOW INTERVAL...11-33 SPECIFYING TYPES OF OSPF SYSLOG MESSAGES TO LOG...11-33 DISPLAYING OSPF INFORMATION...11-33 DISPLAYING GENERAL OSPF CONFIGURATION INFORMATION...11-35 DISPLAYING CPU UTILIZATION STATISTICS...11-35 DISPLAYING OSPF AREA INFORMATION...11-37 DISPLAYING OSPF NEIGHBOR INFORMATION...11-37 DISPLAYING OSPF INTERFACE INFORMATION...11-40 DISPLAYING OSPF ROUTE INFORMATION...11-41 DISPLAYING THE ROUTES THAT HAVE BEEN REDISTRIBUTED INTO OSPF... 11-43 DISPLAYING OSPF EXTERNAL LINK STATE INFORMATION...11-43 DISPLAYING OSPF LINK STATE INFORMATION...11-44 DISPLAYING THE DATA IN AN LSA...11-45 DISPLAYING OSPF VIRTUAL NEIGHBOR INFORMATION...11-45 DISPLAYING OSPF VIRTUAL LINK INFORMATION...11-45 DISPLAYING OSPF ABR AND ASBR INFORMATION...11-46 DISPLAYING OSPF TRAP STATUS...11-46 APPENDIX A NIAP-CCEVS CERTIFICATION... 1-1 NIAP-CCEVS CERTIFIED BROCADE EQUIPMENT AND IRONWARE RELEASES...1-1 WEB MANAGEMENT ACCESS TO NIAP-CCEVS CERTIFIED BROCADE EQUIPMENT...1-2 WARNING: LOCAL USER PASSWORD CHANGES...1-3 July 2009 2009 Bricade Communications Systems, Inc. xiii

ServerIron ADX Switching and Routing Guide xiv 2009 Foundry Networks, Inc. July 2009

Chapter 1 About this Guide This guide describes the switching and routing features of the Brocade ServerIron ADX devices. NOTE: Features or options not documented in this guide are not supported. Audience This guide is intended for network engineers with a basic knowledge of switching, routing, and application traffic management. Conventions This guide uses the following typographical conventions to describe information: Italic Bold code Bold Highlights the title of another publication or emphasizes a word or phrase. Indicates code that is entered exactly as shown. Indicates a command or keyword that can be entered exactly as is. NOTE: A note emphasizes an important fact or calls your attention to a dependency. WARNING: A warning calls your attention to a possible hazard that can cause injury or death. CAUTION: A caution calls your attention to a possible hazard that can damage equipment. Related Documentation For more information, refer to the following Brocade Communications Systems, Inc. ServerIron documentation: Release Notes for ServerIron ADX Switch and Router Software TrafficWorks 12.0.00 provides a list of new July, 2009 Brocade Communications Systems, Inc. 1-1

ServerIron ADX Switching and Routing Guide features and enhancements, upgrade procedures, and bug fixes. ServerIron ADX Graphical User Interface provides details on the graphical user interface for the ServerIron family of application delivery controllers. ServerIron TrafficWorks Server Load Balancing Guide describes basic Server Load Balancing configurations for the ServerIron product family. It covers the following features: Server Load Balancing, Stateless Server Load Balancing, Health Checks, Layer 7 Content Switching, and High Availability ServerIron ADX Advanced Server Load Balancing Guide discusses Advanced Server Load Balancing concepts for the ServerIron product family. It covers the following features: are SIP Server Load Balancing, Transparent Cache Switching, IDS Server Load Balancing, HTTP Compression, and Total Content Analysis ServerIron ADX Global Server Load Balancing Guide explains how one can achieve site level redundancy and data center site failure protection using Global Server Load Balancing feature of ServerIron ServerIron ADX Security Guide describes Security features of ServerIron product family. It covers the following features: are Secure Socket Layer (SSL) Acceleration, Web Application Firewall, Deep Packet Scan, Access Control List, and Network Address Translation ServerIron ADX Administration Guide discusses different administrative configurations for the ServerIron product family. ServerIron ADX Switching and Routing Guide describes switching and routing configurations on the ServerIron product family ServerIron ADX Firewall Load Balancing Guide provides detailed feature descriptions, procedures, and application examples for Firewall Load Balancing. ServerIron Hardware Installation Guide provides the physical characteristics, power consumption, and performance capabilities of the ServerIron chassis switch families, and explains how to set up and install the switches and their modules. Brocade Management Information Base Reference presents the Simple Network Management Protocol (SNMP) Management Information Base (MIB) objects that are supported on Brocade devices. Updates to Manuals and Release Notes For the latest edition of manuals, check the Brocade Knowledge Portal at kp.foundrynet.com. To get up-to-the-minute information, join Brocade Connect. Go to http://www.brocadeconnect.com to register at no cost for a user ID and password. Getting Technical Help Contact your switch support supplier for hardware, firmware, and software support, including product repairs and part ordering. To expedite your call, have the following information available: 1. General Information Switch model Switch operating system version Software name and software version, if applicable Error numbers and messages received Detailed description of the problem, including the switch or fabric behavior immediately following the problem, and specific questions Description of any troubleshooting steps already performed and the results Serial console and Telnet session logs 1-2 Brocade Communications Systems, Inc July, 2009

About this Guide syslog message logs 2. Switch Serial Number The switch serial number and corresponding bar code are provided on the serial number labelhow to get help or report errors Brocade is committed to ensuring that your investment in our products remains cost-effective. If you need assistance, or find errors in the manuals, contact Brocade Technical Support using one of the following options: Web access If you find errors in this document, please report the error by going to kp.foundrynet.com. After you login in, click Cases > Create a New Ticket. Make sure you specify the document title in the ticket description. Email access Send an email to support@foundrynet.com. Telephone access North America Toll Free 1.800.752.8961 Europe, Middle East and Africa Not Toll Free 1 800 28 34 27 33 Asia Pacific Not Toll Free 1 800 28 34 27 33 For areas unable to access 800 numbers 1 408.333.6061 Warranty coverage Contact Brocade Communications Systems using any of the methods listed above for information about the standard and extended warranties. Document feedback Quality is our first concern at Brocade and we have made every effort to ensure the accuracy and completeness of this document. However, if you find an error or an omission, or you think that a topic needs further development, we want to hear from you. Forward your feedback to: documentation@brocade.com Provide the title and version number of the document and as much detail as possible about your comment, including the topic heading and page number and your suggestions for improvement. July, 2009 Brocade Communications Systems, Inc. 1-3

ServerIron ADX Switching and Routing Guide 1-4 Brocade Communications Systems, Inc July, 2009

Chapter 2 Configuring Basic Features This chapter describes how to configure basic, non-protocol features on Brocade devices using the CLI. This chapter contains procedures for configuring the following parameters: Basic system parameters see Configuring Basic System Parameters on page 2-1 Basic port parameters see Configuring Basic Port Parameters on page 2-13 Basic Layer 2 parameters see Configuring Basic Layer 2 Parameters on page 2-15 Basic Layer 3 parameters see Enabling or Disabling Routing Protocols on page 2-19 System defaults and table sizes see Displaying and Modifying System Parameter Default Settings on page 2-19 Temperature sensor parameters see Using the Temperature Sensor on page 2-23 Mirror ports (for traffic diagnosis and troubleshooting) see Assigning a Mirror Port and Monitor Ports on page 2-24 Brocade devices are configured at the factory with default parameters that allow you to begin using the basic features of the system immediately. However, many of the advanced features such as VLANs or routing protocols for the router must first be enabled at the system (global) level before they can be configured. If you use the Command Line Interface (CLI) to configure system parameters, you can find these system level parameters at the Global CONFIG level of the CLI. NOTE: Before assigning or modifying any router parameters, you must assign the IP subnet (interface) addresses for each port. NOTE: For information about configuring IP addresses, DNS resolver, DHCP assist, and other IP-related parameters, see Configuring IP. Configuring Basic System Parameters The procedures in this section describe how to configure the following basic system parameters: System name, contact, and location see Entering System Administration Information on page 2-2 SNMP trap receiver, trap source address, and other parameters see Configuring Simple Network Management (SNMP) Parameters on page 2-2 July, 2009 2009 Brocade Communications Systems, Inc. 2-1

ServerIron ADX Switching and Routing Guide Single source address for all Telnet packets Configuring an Interface as the Source for All Telnet Packets on page 2-8 Single source address for all TFTP packets Configuring an Interface as the Source for All TFTP Packets on page 2-8 System time using a Simple Network Time Protocol (SNTP) server or local system counter see Specifying a Simple Network Time Protocol (SNTP) Server on page 2-9 and Setting the System Clock on page 2-10 Banners that are displayed on users terminals when they enter the Privileged EXEC CLI level or access the device through Telnet see Configuring CLI Banners on page 2-12. Terminal display length see Configuring Terminal Display on page 2-12. Entering System Administration Information You can configure a system name, contact, and location for a Brocade Layer 2 Switch or Layer 3 Switch and save the information locally in the configuration file for future reference. This information is not required for system operation but is suggested. When you configure a system name, the name replaces the default system name in the CLI command prompt. For example, if the system is a ServerIron ADX, the system name you configure replaces ServerIronADX in the command prompt. The name, contact, and location each can be up to 32 alphanumeric characters. NOTE: If you install Layer 2 Switch code on a Layer 3 Switch, the CLI command prompt begins with SW- to indicate the software change. This is true even if you change the system name. Here is an example of how to configure a Layer 2 Switch or Layer 3 Switch name, system contact, and location: ServerIron(config)# hostname home home(config)# snmp-server contact Suzy Sanchez home(config)# snmp-server location Centerville home(config)# end home# write memory Syntax: hostname <string> Syntax: snmp-server contact <string> Syntax: snmp-server location <string> The text strings can contain blanks. The SNMP text strings do not require quotation marks when they contain blanks but the host name does. NOTE: The chassis name command does not change the CLI prompt. Instead, the command assigns an administrative ID to the device. Configuring Simple Network Management (SNMP) Parameters Use the procedures in this section to perform the following configuration tasks: Specify an SNMP trap receiver. Specify a source address and community string for all traps sent by the device. Change the holddown time for SNMP traps Disable individual SNMP traps. (All traps are enabled by default.) Disable traps for CLI access that is authenticated by a local user account, a RADIUS server, or a TACACS/ TACACS+ server. NOTE: Guide. To add and modify get (read-only) and set (read-write) community strings, see the Foundry Security 2-2 2009 Brocade Communications Systems, Inc. July, 2009

Configuring Basic Features Specifying an SNMP Trap Receiver You can specify a trap receiver to ensure that all SNMP traps sent by the Brocade device go to the same SNMP trap receiver or set of receivers, typically one or more host devices on the network. When you specify the host, you also specify a community string. The Brocade device sends all the SNMP traps to the specified host(s) and includes the specified community string. Administrators can therefore filter for traps from a Brocade device based on IP address or community string. When you add a trap receiver, the software automatically encrypts the community string you associate with the receiver when the string is displayed by the CLI or Web management interface. If you want the software to show the community string in the clear, you must explicitly specify this when you add a trap receiver. In either case, the software does not encrypt the string in the SNMP traps sent to the receiver. To specify the host to which the device sends all SNMP traps, use the following method. To add a trap receiver and encrypt the display of the community string, enter commands such as the following: To specify an SNMP trap receiver and change the UDP port that will be used to receive traps, enter a command such as the following: ServerIron(config)# # snmp-server host 2.2.2.2 0 mypublic port 200 ServerIron(config)# write memory Syntax: snmp-server host <ip-addr> [0 1] <string> [port <value>] The <ip-addr> parameter specifies the IP address of the trap receiver. The 0 1 parameter specifies whether you want the software to encrypt the string (1) or show the string in the clear (0). The default is 0. The <string> parameter specifies an SNMP community string configured on the Brocade device. The string can be a read-only string or a read-write string. The string is not used to authenticate access to the trap host but is instead a useful method for filtering traps on the host. For example, if you configure each of your Brocade devices that use the trap host to send a different community string, you can easily distinguish among the traps from different Brocade devices based on the community strings. The command in the example above adds trap receiver 2.2.2.2 and configures the software to encrypt display of the community string. When you save the new community string to the startup-config file (using the write memory command), the software adds the following command to the file: snmp-server host 2.2.2.2 1 <encrypted-string> To add a trap receiver and configure the software to encrypt display of the community string in the CLI and Web management interface, enter commands such as the following: ServerIron(config)# snmp-server host 2.2.2.2 0 BigIron-12 ServerIron(config)# write memory The port <value> parameter allows you to specify which UDP port will be used by the trap receiver. This parameter allows you to configure several trap receivers in a system. With this parameter, IronView Network Manager Network Manager and another network management application can coexist in the same system. Brocade devices can be configured to send copies of traps to more than one network management application. Specifying a Single Trap Source You can specify a single trap source to ensure that all SNMP traps sent by the Brocade device use the same source IP address. When you configure the SNMP source address, you specify the Ethernet port, POS port, loopback interface, or virtual routing interface that is the source for the traps. The Brocade device then uses the lowest-numbered IP address configured on the port or interface as the source IP address in the SNMP traps sent by the device. Identifying a single source IP address for SNMP traps provides the following benefits: If your trap receiver is configured to accept traps only from specific links or IP addresses, you can use this feature to simplify configuration of the trap receiver by configuring the Brocade device to always send the traps from the same link or source address. If you specify a loopback interface as the single source for SNMP traps, SNMP trap receivers can receive July, 2009 2009 Brocade Communications Systems, Inc. 2-3

ServerIron ADX Switching and Routing Guide traps regardless of the states of individual links. Thus, if a link to the trap receiver becomes unavailable but the receiver can be reached through another link, the receiver still receives the trap, and the trap still has the source IP address of the loopback interface. To specify a port, loopback interface, or virtual routing interface whose lowest-numbered IP address the Brocade device must use as the source for all SNMP traps sent by the device, use the following CLI method. To configure the device to send all SNMP traps from the first configured IP address on port 4/11, enter the following commands: ServerIron(config)# snmp-server trap-source ethernet 4/11 ServerIron(config)# write memory Syntax: snmp-server trap-source loopback <num> ethernet <portnum> pos <portnum> ve <num> The <num> parameter is a loopback interface or virtual routing interface number. If you specify an Ethernet or POS port, the <portnum> is the port s number (including the slot number, if you are configuring a Chassis device). To specify a loopback interface as the device s SNMP trap source, enter commands such as the following: ServerIron(config)# int loopback 1 ServerIron(config-lbif-1)# ip address 10.0.0.1/24 ServerIron(config-lbif-1)# exit ServerIron(config)# snmp-server trap-source loopback 1 The commands in this example configure loopback interface 1, assign IP address 10.0.0.1/24 to the loopback interface, then designate the interface as the SNMP trap source for this Layer 3 Switch. Regardless of the port the Brocade device uses to send traps to the receiver, the traps always arrive from the same source IP address. Setting the SNMP Trap Holddown Time When a Brocade device starts up, the software waits for Layer 2 convergence (STP) and Layer 3 convergence (OSPF) before beginning to send SNMP traps to external SNMP servers. Until convergence occurs, the device might not be able to reach the servers, in which case the messages are lost. By default, a Brocade device uses a one-minute holddown time to wait for the convergence to occur before starting to send SNMP traps. After the holddown time expires, the device sends the traps, including traps such as cold start or warm start that occur before the holddown time expires. You can change the holddown time to a value from one second to ten minutes. To change the holddown time for SNMP traps, enter a command such as the following at the global CONFIG level of the CLI: ServerIron(config)# snmp-server enable traps holddown-time 30 The command in this example changes the holddown time for SNMP traps to 30 seconds. The device waits 30 seconds to allow convergence in STP and OSPF before sending traps to the SNMP trap receiver. Syntax: [no] snmp-server enable traps holddown-time <secs> The <secs> parameter specifies the number of seconds and can be from 1 600 (ten minutes). The default is 60 seconds. Disabling SNMP Traps Brocade Layer 2 Switches and Layer 3 Switches come with SNMP trap generation enabled by default for all traps. You can selectively disable one or more of the following traps. NOTE: By default, all SNMP traps are enabled at system startup. Layer 2 Switch Traps The following traps are generated on the Layer 2 Switches: SNMP authentication keys Power supply failure 2-4 2009 Brocade Communications Systems, Inc. July, 2009

Configuring Basic Features Fan failure Cold start Link up Link down Bridge new root Bridge topology change Locked address violation Module insert (applies only to Chassis devices) Module remove (applies only to Chassis devices) Layer 3 Switch Traps The following traps are generated on the Layer 3 Switches: SNMP authentication key Power supply failure Fan failure Cold start Link up Link down Bridge new root Bridge topology change Locked address violation Module insert Module remove OSPF VRRP VRRPE ServerIron Traps See the Foundry ServerIron Installation and Configuration Guide. To stop link down occurrences from being reported, enter the following: ServerIron(config)# no snmp-server enable traps link-down Syntax: [no] snmp-server enable traps <trap-type> Disabling Syslog Messages and Traps for CLI Access Brocade devices send Syslog messages and SNMP traps when a user logs into or out of the User EXEC or Privileged EXEC level of the CLI. The feature applies to users whose access is authenticated by an authentication-method list based on a local user account, RADIUS server, or TACACS/TACACS+ server. NOTE: The Privileged EXEC level is sometimes called the Enable level, because the command for accessing this level is enable. The feature is enabled by default. July, 2009 2009 Brocade Communications Systems, Inc. 2-5

ServerIron ADX Switching and Routing Guide Examples of Syslog Messages for CLI Access When a user whose access is authenticated by a local user account, a RADIUS server, or a TACACS/TACACS+ server logs into or out of the CLI s User EXEC or Privileged EXEC mode, the software generates a Syslog message and trap containing the following information: The time stamp The user name Whether the user logged in or out The CLI level the user logged into or out of (User EXEC or Privileged EXEC level) NOTE: Messages for accessing the User EXEC level apply only to access through Telnet. The device does not authenticate initial access through serial connections but does authenticate serial access to the Privileged EXEC level. Messages for accessing the Privileged EXEC level apply to access through the serial connection or Telnet. The following examples show login and logout messages for the User EXEC and Privileged EXEC levels of the CLI: ServerIron(config)# show logging Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Buffer logging: level ACDMEINW, 12 messages logged level code: A=alert C=critical D=debugging M=emergency E=error I=informational N=notification W=warning Static Log Buffer: Dec 15 19:04:14:A:Fan 1, fan on right connector, failed Dynamic Log Buffer (50 entries): Oct 15 18:01:11:info:dg logout from USER EXEC mode Oct 15 17:59:22:info:dg logout from PRIVILEGE EXEC mode Oct 15 17:38:07:info:dg login to PRIVILEGE EXEC mode Oct 15 17:38:03:info:dg login to USER EXEC mode Syntax: show logging The first message (the one on the bottom) indicates that user dg logged in to the CLI s User EXEC level on October 15 at 5:38 PM and 3 seconds (Oct 15 17:38:03). The same user logged into the Privileged EXEC level four seconds later. The user remained in the Privileged EXEC mode until 5:59 PM and 22 seconds. (The user could have used the CONFIG modes as well. Once you access the Privileged EXEC level, no further authentication is required to access the CONFIG levels.) At 6:01 PM and 11 seconds, the user ended the CLI session. Disabling the Syslog Messages and Traps Logging of CLI access is enabled by default. If you want to disable the logging, use the following method. To disable logging of CLI access, enter the following commands: ServerIron(config)# no logging enable user-login ServerIron(config)# write memory ServerIron(config)# end ServerIron# reload Syntax: [no] logging enable user-login Configuring SNMP Version 3 Traps ServerIron ADX supports SNMP notifications in SMIv2 format. This allows notifications to be encrypted and sent to the target hosts in a secure manner. 2-6 2009 Brocade Communications Systems, Inc. July, 2009

Configuring Basic Features Defining an SNMP Group and Specifying Which View is Notified of Traps In software Enterprise release 07.8.02, the SNMP group command allows configuration of a viewname for notification purpose, similar to the read and write view. The default viewname is "all", which allows access to the entire MIB. To configure an SNMP user group, first configure SNMP v3 views using the snmp-server view command. Then enter a command such as the following: ServerIron(config)# snmp-server group admin v3 auth read all write all notify all Syntax: [no] snmp-server group <groupname> v1 v2 v3 auth noauth priv [access <standard-acl-id>] [read <viewstring> write <viewstring> notify <viewstring>] The group <groupname> parameter defines the name of the SNMP group to be created. The v1, v2, or v3 parameter indicates which version of SNMP to use. In most cases, you will use v3, since groups are automatically created in SNMP versions 1 and 2 from community strings. The auth noauth parameter determines whether or not authentication will be required to access the supported views. If auth is selected, then only authenticated packets are allowed to access the view specified for the user group. Selecting noauth means that no authentication is required to access the specified view. Selecting priv means that an authentication password will be required from the users. The access <standard-acl-id> parameter is optional. It allows incoming SNMP packets to be filtered based on the standard ACL attached to the group. The read <viewstring> write <viewstring> parameter is optional. It indicates that users who belong to this group have either read or write access to the MIB. The notify view allows administrators to restrict the scope of varbind objects that will be part of the notification. All of the varbinds need to be in the included view for the notification to be created. The <viewstring> variable is the name of the view to which the SNMP group members have access. If no view is specified, then the group has no access to the MIB. Defining the UDP Port for SNMP v3 Traps Notifications can be configured in SMIv2 format, with or without encryption, in addition to the SMIv1 trap format. You can define a port that receives the SNMP v3 traps by entering a command such as the following: ServerIron(config)# snmp-server host 192.168.4.11 version v3 auth security-name port 165 Syntax: [no] snmp-server host <ip-address> version [ v1 v2c <community-string> v3 auth noauth priv <security-name>] [port <trap-udp-port-number>] The <ip-address> parameter specifies the IP address of the host that will receive the trap. For version, indicate one of the following: For SNMP version 1, enter v1 and the name of the community string (<community-string>). This string is encrypted within the system. For SNMP version 2c, enter v2 and the name of the community string. This string is encrypted within the system. For SNMP version 3, enter one of the following depending on the authorization required for the host: v3 auth <security-name>: Allow only authenticated packets. v3 no auth <security-name>: Allow all packets. v3 priv <security-name>: A password is required For port <trap-udp-port-number>, specify the number of the UDP port number on the host that will receive the trap. July, 2009 2009 Brocade Communications Systems, Inc. 2-7

ServerIron ADX Switching and Routing Guide Configuring an Interface as the Source for All Telnet Packets You can designate the lowest-numbered IP address configured an interface as the source IP address for all Telnet packets from the Layer 3 Switch. Identifying a single source IP address for Telnet packets provides the following benefits: If your Telnet server is configured to accept packets only from specific links or IP addresses, you can use this feature to simplify configuration of the Telnet server by configuring the Brocade device to always send the Telnet packets from the same link or source address. If you specify a loopback interface as the single source for Telnet packets, Telnet servers can receive the packets regardless of the states of individual links. Thus, if a link to the Telnet server becomes unavailable but the client or server can be reached through another link, the client or server still receives the packets, and the packets still have the source IP address of the loopback interface. The software contains separate CLI commands for specifying the source interface for Telnet, TACACS/TACACS+, and RADIUS packets. You can configure a source interface for one or more of these types of packets. To specify an interface as the source for all Telnet packets from the device, use the following CLI method. The software uses the lowest-numbered IP address configured on the interface as the source IP address for Telnet packets originated by the device. To specify the lowest-numbered IP address configured on a virtual routing interface as the device s source for all Telnet packets, enter commands such as the following: ServerIron(config)# int loopback 2 ServerIron(config-lbif-2)# ip address 10.0.0.2/24 ServerIron(config-lbif-2)# exit ServerIron(config)# ip telnet source-interface loopback 2 The commands in this example configure loopback interface 2, assign IP address 10.0.0.2/24 to the interface, then designate the interface as the source for all Telnet packets from the Layer 3 Switch. Syntax: ip telnet source-interface atm <portnum>.<subif> ethernet <portnum> loopback <num> ve <num> The following commands configure an IP interface on an Ethernet port and designate the address port as the source for all Telnet packets from the Layer 3 Switch. ServerIron(config)# interface ethernet 1/4 ServerIron(config-if-1/4)# ip address 209.157.22.110/24 ServerIron(config-if-1/4)# exit ServerIron(config)# ip telnet source-interface ethernet 1/4 Cancelling an Outbound Telnet Session If you want to cancel a Telnet session from the console to a remote Telnet server (for example, if the connection is frozen), you can terminate the Telnet session by doing the following: 1. At the console, press Ctrl-^ (Ctrl-Shift-6). 2. Press the X key to terminate the Telnet session. Pressing Ctrl-^ twice in a row causes a single Ctrl-^ character to be sent to the Telnet server. After you press Ctrl-^, pressing any key other than X or Ctrl-^ returns you to the Telnet session. Configuring an Interface as the Source for All TFTP Packets You can configure the device to use the lowest-numbered IP address configured on a loopback interface, virtual routing interface, Ethernet port as the source for all TFTP packets from the device. The software uses the lowestnumbered IP address configured on the interface as the source IP address for the packets. For example, to specify the lowest-numbered IP address configured on a virtual routing interface as the device s source for all TFTP packets, enter commands such as the following: ServerIron(config)# int ve 1 ServerIron(config-vif-1)# ip address 10.0.0.3/24 2-8 2009 Brocade Communications Systems, Inc. July, 2009

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback