Main
Page
Contents
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
About This Guide
Supported Platforms
Unsupported Platforms
Who Should Read this Manual?
When Should I Read this Manual?
What is in this Manual?
What is Not in this Manual?
How is the Information Organized?
Documentation Roadmap
Stage 1: Using the Switch for the First Time
Stage 2: Gaining Familiarity with Basic Switch Functions
Stage 3: Integrating the Switch Into a Network
Anytime
Related Documentation
Page
User Manuals Web Site
Technical Support
Page
1 Configuring Ethernet Ports
Ethernet Specifications
Ethernet Port Defaults
Configuring Ethernet Ports Tutorial
For more information about available show commands, refer to the OmniSwitch CLI Reference Guide.
Ethernet Ports Overview Configuring Ethernet Ports
page 1-6 OmniSwitch 6600 Family Network Configuration Guide April 2006
Ethernet Ports Overview
10/100 Ethernet Ports 1 Optional Stacking or Gigabit Ethernet
Note. OmniSwitch 6602-24 and 6602-48 have two built-in MiniGBIC ports.
OmniSwitch 6648
CONSOLE
OmniSwitch 6624
25 26 27 28
100 Mbps Fiber SFP Ports 1 Optional Stacking or Gigabit Ethernet
CONSOLE
OmniSwitch 6600-U24
OmniSwitch 6600-P24
10/100 Ethernet Ports 1 Gigabit Ethernet Ports 25 and 26
OmniSwitch 6602-24
EXPANSION/STACKINGEXPANSION
OmniSwitch 6600-P24
OmniSwitch 6602-48
10/100 Ethernet Ports 1 Gigabit Ethernet Ports 49 and 50
10/100 Crossover Supported
Gigabit Copper SFPs Supported
Valid Port Settings
Page
Page
Setting Ethernet Port Parameters
Setting Trap Port Link Messages
Enabling Trap Port Link Messages
Disabling Trap Port Link Messages
Setting Flow Control
Enabling Flow Control
Disabling Flow Control
Setting Flow Control Wait Time
Configuring the Flow Control Wait Time
Restoring the Flow Control Wait Time
Setting Interface Line Speed
Configuring Duplex Mode
Enabling and Disabling Interfaces
Configuring Inter-frame Gap Values
Resetting Statistics Counters
Configuring Flood Rates
Enabling the Maximum Flood Rate
Enabling Maximum Flood Rate for Multicast Traffic
Configuring Flood Rate Values
Configuring a Port Alias
Configuring Auto Negotiation, Crossover, and Flow Control Settings
Enabling and Disabling Auto Negotiation
Configuring Crossover Settings
Enabling and Disabling Flow
Page
Verifying Ethernet Port Configuration
Page
2 Managing Source Learning
Source Learning Specifications
Source Learning Defaults Sample MAC Address Table Configuration
Page
MAC Address Table Overview
Using Static MAC Addresses
Configuring Static MAC Addresses
Static MAC Addresses on Link Aggregate Ports
Using Static Multicast MAC Addresses
Configuring Static Multicast MAC Addresses
Static Multicast MAC Addresses on Link Aggregate Ports
Configuring MAC Address Table Aging Time
Page
Displaying MAC Address Table Information
Page
3 Configuring Learned Port Security
Learned Port Security Specifications
Learned Port Security Defaults
Sample Learned Port Security Configuration
Learned Port Security Overview
How LPS Authorizes Source MAC Addresses
Dynamic Configuration of Authorized MAC Addresses
Static Configuration of Authorized MAC Addresses
Understanding the LPS Table
Enabling/Disabling Learned Port Security
Configuring a Source Learning Time Limit
Configuring the Number of MAC Addresses Allowed
Configuring Authorized MAC Addresses
Configuring an Authorized MAC Address Range
Selecting the Security Violation Mode
Restoring the Operational State of an LPS Port
Displaying Learned Port Security Information
Page
4 Configuring VLANs
VLAN Specifications
VLAN Defaults
Sample VLAN Configuration
To verify that ports 3/2-4 were assigned to VLAN 255, use the showvlan port command. For example:
VLAN Management Overview
Creating/Modifying VLANs
Adding/Removing a VLAN
Enabling/Disabling the VLAN Administrative Status
Modifying the VLAN Description
Defining VLAN Port Assignments
Changing the Default VLAN Assignment for a Port
Configuring Dynamic VLAN Port Assignment
Configuring VLAN Rule Classification
Enabling/Disabling VLAN Mobile Tag Classification
Enabling/Disabling Spanning Tree for a VLAN
Enabling/Disabling VLAN Authentication
Configuring VLAN Router Interfaces
What is Single MAC Router Mode?
Bridging VLANs Across Multiple Switches
Switch A
Switch B Switch C
Verifying the VLAN Configuration
VLAN 10
5 Configuring Spanning Tree Parameters
Spanning Tree Specifications
Spanning Tree Bridge Parameter Defaults
Spanning Tree Port Parameter Defaults
Multiple Spanning Tree (MST) Region Defaults
Spanning Tree Overview
How the Spanning Tree Topology is Calculated
Bridge Protocol Data Units (BPDU)
Page
Topology Examples
Switch C
Switch B Switch A
(Root Bridge)
(Designated Bridge)
Switch C
Switch B
Switch A
Spanning Tree Operating Modes
Using the Flat Spanning Tree Mode
Using 1x1 Spanning Tree Mode
Flat STP
Switch
Configuring Spanning Tree Bridge Parameters
Bridge Configuration Commands Overview
Page
Selecting Bridge Protocol
Configuring the Bridge Priority
Configuring the Bridge Hello Time
Configuring the Bridge Max Age Time
Configuring the Bridge Forward Delay Time
Enabling/Disabling the VLAN BPDU Switching Status
Configuring the Path Cost Mode
Configuring Spanning Tree Port Parameters
Bridge Configuration Commands Overview
Page
Enabling/Disabling Spanning Tree on a Port
Spanning Tree on Link Aggregate Ports
Configuring Port Priority
Port Priority on Link Aggregate Ports
Configuring Port Path Cost
Page
Path Cost for Link Aggregate Ports
Configuring Port Mode
Mode for Link Aggregate Ports
Configuring Port Connection Type
Connection Type on Link Aggregate Ports
Sample Spanning Tree Configuration
Example Network Overview
Switch B
Switch A
(Designated Bridge)
Example Network Configuration Steps
Page
Verifying the Spanning Tree Configuration
6 Using 802.1s Multiple Spanning Tree
MST Specifications
Spanning Tree Bridge Parameter Defaults
Spanning Tree Port Parameter Defaults
MST Region Defaults
MST General Overview
How MSTP Works
Page
Page
Comparing MSTP with STP and RSTP
What is a Multiple Spanning Tree Instance (MSTI)
What is a Multiple Spanning Tree Region
What is the Common Spanning Tree
What is the Internal Spanning Tree (IST) Instance
What is the Common and Internal Spanning Tree Instance
MST Configuration Overview
Using Spanning Tree Configuration Commands
Understanding Spanning Tree Modes
MST Interoperability and Migration
Migrating from Flat Mode STP/RSTP to Flat Mode MSTP
Migrating from 1x1 Mode to Flat Mode MSTP
Quick Steps for Configuring an MST Region
Page
Quick Steps for Configuring MSTIs
Switch A Switch B
Page
Verifying the MST Configuration
Page
7 Assigning Ports to VLANs
Port Assignment Specifications
Port Assignment Defaults
Sample VLAN Port Assignment
Statically Assigning Ports to VLANs
Dynamically Assigning Ports to VLANs
How Dynamic Port Assignment Works
VLAN Mobile Tag Classification
Page
Tagged Mobile Port Traffic Triggers Dynamic VLAN Assignment
VLAN 2 VLAN 1
VLAN 4
VLAN 3
Dynamic VPA Default VLAN
VLAN Rule Classification
Page
Configuring Dynamic VLAN Port Assignment
Enabling/Disabling Port Mobility
Ignoring Bridge Protocol Data Units (BPDU)
Page
Understanding Mobile Port Properties
What is a Configured Default VLAN?
What is a Secondary VLAN?
How Mobile Port Traffic that Does Not Match any VLAN Rules is Classified
If default VLAN is enabled....
Why disable default VLAN?
Why enable default VLAN?
If default VLAN is disabled....
How Mobile Port VLAN Assignments Age
vlan port default
Why enable restore default VLAN?
Why disable restore default VLAN?
Configuring Mobile Port Properties
Enable/Disable Default VLAN
Enable/Disable Default VLAN Restore
Enable/Disable Port Authentication
Enable/Disable 802.1X Port-Based Access Control
Verifying VLAN Port Associations and Mobile Port Properties
Understanding show vlan port Output
Understanding show vlan port mobile Output
8 Defining VLAN Rules
VLAN Rules Specifications
VLAN Rules Defaults
Sample VLAN Rule Configuration
VLAN Rules Overview
VLAN Rule Types
DHCP Rules
Binding Rules
MAC Address Rules
Network Address Rules
Protocol Rules
Custom (User Defined) Rules
Port Rules
Understanding VLAN Rule Precedence
Page
Page
Configuring VLAN Rule Definitions
Defining DHCP MAC Address Rules
Defining DHCP MAC Range Rules
Defining DHCP Port Rules
Defining DHCP Generic Rules
Defining Binding Rules
How to Define a MAC-Port-IP Address Binding Rule
How to Define a MAC-Port-Protocol Binding Rule
How to Define a MAC-Port Binding Rule
How to Define a MAC-IP Address Binding Rule
How to Define an IP-Port Binding Rule
How to Define a Port-Protocol Binding Rule
Defining MAC Address Rules
Defining MAC Range Rules
Defining IP Network Address Rules
Defining IPX Network Address Rules
Defining Protocol Rules
Defining Custom (User) Rules
Defining Port Rules
Application Example: DHCP Rules
The VLANs
DHCP Servers and Clients
Page
DHCP Port and MAC Rule Application Example
Branch VLAN
Production VLAN
Test VLA N
DHCP Servers
Page
Page
9 Configuring Port Mapping
Port Mapping Specifications Port Mapping Defaults
Quick Steps for Configuring Port Mapping
Creating/Deleting a Port Mapping Session
Creating a Port Mapping Session
Deleting a User/Network Port of a Session
Deleting a Port Mapping Session
Enabling/Disabling a Port Mapping Session
Enabling a Port Mapping Session
Disabling a Port Mapping Session
Configuring a Port Mapping Direction
Configuring Unidirectional Port Mapping
Sample Port Mapping Configuration
Example Port Mapping Overview
Example Port Mapping Configuration Steps
Verifying the Port Mapping Configuration
10 Using Interswitch Protocols
Page
AMAP Overview
AMAP Transmission States
Discovery Transmission State
Common Transmission State
Passive Reception State
Common Transmission and Remote Switches
Configuring AMAP
Enabling or Disabling AMAP
Configuring the AMAP Discovery Timeout Interval
Configuring the AMAP Common Timeout Interval
Displaying AMAP Information
A simplified visual illustration of these connections is shown here for example purposes only:
See the OmniSwitch CLI Reference Guide for information about the show amap command.
11 Configuring 802.1Q
802.1Q Specifications
802.1Q Defaults Table
802.1Q Overview
Page
Configuring an 802.1Q VLAN
Enabling Tagging on a Port
Enabling Tagging with Link Aggregation
Configuring the Frame Type
Show 802.1Q Information
Application Example
The following sections show how to create the network illustrated above.
Connecting Stack 1 and Stack 2 Using 802.1Q
1Create VLAN 2 by entering vlan 2 as shown below (VLAN 1 is the default VLAN for the switch):
2Set port 1/1 as a tagged port and assign it to VLAN 2 by entering the following:
Connecting Stack 2 and Stack 3 Using 802.1Q
Verifying 802.1Q Configuration
Page
12 Configuring Static Link Aggregation
Static Link Aggregation Specifications
Static Link Aggregation Default Values
Quick Steps for Configuring Static Link Aggregation
Page
Static Link Aggregation Overview
Static Link Aggregation Operation
Relationship to Other Features
Configuring Static Link Aggregation Groups
Configuring Mandatory Static Link Aggregate Parameters
Creating and Deleting a Static Link Aggregate Group
Creating a Static Aggregate Group
Deleting a Static Aggregate Group
Adding and Deleting Ports in a Static Aggregate Group
Adding Ports to a Static Aggregate Group
Configuring Static Link Aggregation Groups Configuring Static Link Aggregation
OmniSwitch 6624/6600-U24/6600-P24 Valid Port Assignment Locations
page 12-10 OmniSwitch 6600 Family Network Configuration Guide April 2006
Number of Links
OmniSwitch 6624/6600-U24/6600-P24 Maximum Valid Port Assignment
2528 (Gigabit)
OmniSwitch 6648 Valid Port Assignment Locations
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 12-11
Number of Links
OmniSwitch 6648 Maximum Valid Port Assignment
5152 (Gigabit)
Number of Links (Aggregate Size) OmniSwitch 6602-24 Maximum Valid
Configuring Static Link Aggregation Configuring Static Link Aggregation Groups
OmniSwitch 6602-48 Valid Port Configuration Locations
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 12-13
Number of Links
OmniSwitch 6602-48 Maximum Valid Port Configuration
Removing Ports from a Static Aggregate Group
Modifying Static Aggregation Group Parameters
Modifying the Static Aggregate Group Name
Creating a Static Aggregate Group Name
Deleting a Static Aggregate Group Name
Modifying the Static Aggregate Group Administrative State
Application Example
Page
Displaying Static Link Aggregation Configuration and Statistics
13 Configuring Dynamic Link Aggregation
Dynamic Link Aggregation Specifications
Dynamic Link Aggregation Default Values
Quick Steps for Configuring Dynamic Link Aggregation
Page
Page
Dynamic Link Aggregation Overview
Dynamic Link Aggregation Operation
Page
Relationship to Other Features
Configuring Dynamic Link Aggregate Groups
Configuring Mandatory Dynamic Link Aggregate Parameters
Creating and Deleting a Dynamic Aggregate Group
Creating a Dynamic Aggregate Group
Deleting a Dynamic Aggregate Group
Configuring Ports to Join and Removing Ports in a Dynamic Aggregate Group
Configuring Ports To Join a Dynamic Aggregate Group
Configuring Dynamic Link Aggregation Configuring Dynamic Link Aggregate Groups
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 13-13
2528 (Gigabit)
Configuring Dynamic Link Aggregate Groups Configuring Dynamic Link Aggregation
OmniSwitch 6648 Valid Port Configuration Locations
page 13-14 OmniSwitch 6600 Family Network Configuration Guide April 2006
Number of Links
OmniSwitch 6648 Maximum Valid
5152 (Gigabit)
Number of Links (Aggregate Size) OmniSwitch 6602-24 Maximum Valid
Configuring Dynamic Link Aggregate Groups Configuring Dynamic Link Aggregation
OmniSwitch 6602-48 Valid Port Configuration Locations
page 13-16 OmniSwitch 6600 Family Network Configuration Guide April 2006
Number of Links
OmniSwitch 6602-48 Maximum Valid Port Configuration
Page
Removing Ports from a Dynamic Aggregate Group
Modifying Dynamic Link Aggregate Group Parameters
Modifying Dynamic Aggregate Group Parameters
Modifying the Dynamic Aggregate Group Name
Configuring a Dynamic Aggregate Group name
Deleting a Dynamic Aggregate Group Name
Modifying the Dynamic Aggregate Group Administrative State
Enabling a Dynamic Aggregate Group
Disabling a Dynamic Aggregate Group
Configuring and Deleting the Dynamic Aggregate Group Actor Administrative Key
Configuring a Dynamic Aggregate Actor Administrative Key
Modifying the Dynamic Aggregate Group Actor System Priority
Configuring a Dynamic Aggregate Group Actor System Priority
Restoring the Dynamic Aggregate Group Actor System Priority
Modifying the Dynamic Aggregate Group Actor System ID
Configuring a Dynamic Aggregate Group Actor System ID
Modifying the Dynamic Aggregate Group Partner Administrative Key
Configuring a Dynamic Aggregate Group Partner Administrative Key
Restoring the Dynamic Aggregate Group partner Administrative Key
Modifying the Dynamic Aggregate Group Partner System Priority
Configuring a Dynamic Aggregate Group Partner System Priority
Modifying Dynamic Link Aggregate Actor Port Parameters
Modifying the Actor Port System Administrative State
Configuring Actor Port Administrative State Values
Restoring Actor Port Administrative State Values
Modifying the Actor Port System ID
Configuring an Actor Port System ID
Restoring the Actor Port System ID
Modifying the Actor Port System Priority
Configuring an Actor Port System Priority
Restoring the Actor Port System Priority
Modifying the Actor Port Priority
Configuring the Actor Port Priority
Restoring the Actor Port Priority
Modifying Dynamic Aggregate Partner Port Parameters
Modifying the Partner Port System Administrative State
Configuring Partner Port System Administrative State Values
Restoring Partner Port System Administrative State Values
Modifying the Partner Port Administrative Key
Configuring the Partner Port Administrative Key
Restoring the Partner Port Administrative Key
Modifying the Partner Port System ID
Configuring the Partner Port System ID
Modifying the Partner Port System Priority
Configuring the Partner Port System Priority
Restoring the Partner Port System Priority
Modifying the Partner Port Administrative Status
Configuring the Partner Port Administrative Status
Restoring the Partner Port Administrative Status
Modifying the Partner Port Priority
Configuring the Partner Port Priority
Restoring the Partner Port Priority
Application Examples
Sample Network Overview
Link Aggregation and Spanning Tree Example
Link Aggregation and QoS Example
Page
Displaying Dynamic Link Aggregation Configuration and Statistics
A screen similar to the following would be displayed:
Page
14 Configuring IP
IP Specifications
IP Defaults
Quick Steps for Configuring IP Forwarding
IP Overview
IP Protocols
Transport Protocols
Application-Layer Protocols
Additional IP Protocols
IP Forwarding
Configuring an IP Router Interface
Modifying an IP Router Interface
Removing an IP Router Interface
Creating a Static Route
Creating a Default Route
Configuring Address Resolution Protocol (ARP)
Adding a Permanent ARP Entry
Deleting a Permanent Entry from the ARP Table
Clearing Dynamic ARP Entries
Local Proxy ARP
ARP Filtering
Page
IP Configuration
Configuring the Router Primary Address
Configuring the Router ID
Configuring the Route Preference of a Router
Configuring the Time-to-Live (TTL) Value
IP-Directed Broadcasts
Denial of Service (DoS) Filtering
Page
Setting Penalty Values
Setting the Port Scan Penalty Value Threshold
Setting the Decay Value
Enabling DoS Traps
Enabling/Disabling IP Services
Page
Managing IP
Internet Control Message Protocol (ICMP)
Activating ICMP Control Messages
Enabling All ICMP Types
Setting the Minimum Packet Gap
ICMP Control Table
ICMP Statistics Table
Using the Ping Command
Tracing an IP Route
Displaying TCP Information
Displaying UDP Information
Verifying the IP Configuration
15 Configuring IPv6
IPv6 Specifications
IPv6 Defaults
Quick Steps for Configuring IPv6 Routing
IPv6 Overview
IPv6 Addressing
IPv6 Address Notation
IPv6 Address Prefix Notation
Autoconfiguration of IPv6 Addresses
Tunneling IPv6 over IPv4
6to4 Tunnels
6to4 Site to 6to4 Site over IPv4 Domain
6to4 Site to IPv6 Site over IPv4/IPv6 Domains
Configured Tunnels
Configuring an IPv6 Interface
Modifying an IPv6 Interface
Removing an IPv6 Interface
Assigning IPv6 Addresses
Page
Configuring IPv6 Tunnel Interfaces
Verifying the IPv6 Configuration
Page
16 Configuring RIP
RIP Specifications RIP Defaults
Quick Steps for Configuring RIP Routing
RIP Overview
RIP Version 2
RIP Routing
Loading RIP
Enabling RIP
Creating a RIP Interface
Enabling a RIP Interface
Configuring the RIP Interface Send Option
Configuring the RIP Interface Receive Option
Configuring the RIP Interface Metric
Configuring the RIP Interface Route Tag
RIP Options
Configuring the RIP Forced Hold-down Interval
Enabling a RIP Host Route
RIP Redistribution
Enabling RIP Redistribution
Configuring a RIP Redistribution Policy
Configuring a Redistribution Metric
Configuring a RIP Redistribution Filter
Creating a Redistribution Filter
Configuring a Redistribution Filter Action
Configuring a Redistribution Filter Metric
Configuring the Redistribution Filter Route Control Action
Configuring a Redistribution Filter Route Tag
RIP Security
Configuring Authentication Type
Configuring Passwords
Verifying the RIP Configuration
Page
17 Configuring RDP
RDP Specifications
RDP Defaults
Quick Steps for Configuring RDP
Page
RDP Overview
RS-2
RS-1
RDP Interfaces
Security Concerns
Enabling/Disabling RDP
Creating an RDP Interface
Specifying an Advertisement Destination Address
Defining the Advertisement Interval
Setting the Maximum Advertisement Interval
Setting the Minimum Advertisement Interval
Setting the Advertisement Lifetime
Setting the Preference Levels for Router IP Addresses
Verifying the RDP Configuration
Page
18 Configuring DHCP Relay
DHCP Relay Specifications
DHCP Relay Defaults
Quick Steps for Setting Up DHCP Relay
DHCP Relay Overview
DHCP
DHCP and the OmniSwitch
DHCP Relay and Authentication
External DHCP Relay Application
Internal DHCP Relay
DHCP Relay Implementation
Global DHCP
Setting the IP Address
Per-VLAN DHCP
Identifying the VLAN
Configuring BOOTP/DHCP Relay Parameters
Setting the Forward Delay
Setting Maximum Hops
Setting the Relay Forwarding Option
Using Automatic IP Configuration
Enabling Automatic IP Configuration
Configuring UDP Port Relay
Enabling/Disabling UDP Port Relay
Specifying a Forwarding VLAN
Configuring DHCP Security Features
Using the Relay Agent Information Option (Option-82)
How the Relay Agent Processes DHCP Packets from the Client
How the Relay Agent Processes DHCP Packets from the Server
Enabling the Relay Agent Information Option-82
Configuring a Relay Agent Information Option-82 Policy
Using DHCP Snooping
DHCP Snooping Configuration Guidelines
Enabling DHCP Snooping
Switch-level DHCP Snooping
VLAN-Level DHCP Snooping
Configuring the Port Trust Mode
Configuring the DHCP Snooping Binding Table
Configuring the Binding Table Timeout
Synchronizing the Binding Table
Verifying the DHCP Relay Configuration
Page
19 Configuring VRRP
VRRP Specifications
VRRP Defaults
Quick Steps for Creating a Virtual Router
VRRP Overview
Why Use VRRP?
Definition of a Virtual Router
VRRP MAC Addresses
ARP Requests
ICMP Redirects
VRRP Startup Delay
VRRP Tracking
Interaction With Other Features
Configuration Overview
Basic Virtual Router Configuration
Creating a Virtual Router
Specifying an IP Address for a Virtual Router
Configuring the Advertisement Interval
Configuring Virtual Router Priority
Setting Preemption for Virtual Routers
Enabling/Disabling a Virtual Router
Setting VRRP Traps
Setting VRRP Startup Delay
Creating Tracking Policies
Associating a Tracking Policy With a Virtual Router
Verifying the VRRP Configuration
VRRP Application Example
Page
VRRP Tracking Example
Page
20 Managing Authentication Servers
Authentication Server Specifications
Server Defaults
RADIUS Authentication Servers
LDAP Authentication Servers
Quick Steps For Configuring Authentication Servers
Server Overview
Backup Authentication Servers
Authenticated Switch Access
Authenticated VLANs
Port-Based Network Access Control (802.1X)
ACE/Server
Clearing an ACE/Server Secret
RADIUS Servers
RADIUS Server Attributes
Standard Attributes
Page
Vendor-Specific Attributes for RADIUS
Configuring Functional Privileges on the Server
RADIUS Accounting Server Attributes
Configuring the RADIUS Client
LDAP Servers
Setting Up the LDAP Authentication Server
LDAP Server Details
LDIF File Structure
Common Entries
Directory Entries
Directory Searches
Retrieving Directory Search Results
Directory Modifications
Directory Compare and Sort
The LDAP URL
Password Policies and Directory Servers
Directory Server Schema for LDAP Authentication
Vendor-Specific Attributes for LDAP Servers
Configuring Functional Privileges on the Server
Configuring Authentication Key Attributes
LDAP Accounting Attributes
AccountStartTime
AccountStopTime
AccountFailTime
Dynamic Logging
Configuring the LDAP Authentication Client
Creating an LDAP Authentication Server
Modifying an LDAP Authentication Server
Setting Up SSL for an LDAP Authentication Server
Removing an LDAP Authentication Server
Page
Page
21 Configuring Authenticated VLANs
Authenticated Network Overview
Page
AVLAN Configuration Overview
Sample AVLAN Configuration
Page
Setting Up Authentication Clients
Telnet Authentication Client
Web Browser Authentication Client
Configuring the Web Browser Client Language File
Required Files for Web Browser Clients
Installing Files for Mac OS 9.x Clients
Installing Files for Mac OSX.1 Clients
Page
SSL for Web Browser Clients
Windows, Linux, and Mac OS 9 Clients
Mac OSX.1 Clients
DNS Name and Web Browser Clients
Installing the AV-Client
Loading the Microsoft DLC Protocol Stack
Windows 2000 and Windows NT
Windows 98
Windows 95
Loading the AV-Client Software
Windows 2000 and Windows NT
Page
Page
Page
Page
Setting the AV-Client as Primary Network Login
Windows 95 and Windows 98
Configuring the AV-Client Utility
Selecting a Dialog Mode
Enabling/disabling the AV-Client at Startup
Automatic Client or NOS Logoff
Page
Logging Into the Network Through an AV-Client
Logging Off the AV-Client
Configuring the AV-Client for DHCP
Delay for IP Address Request
Releasing the IP Address
Page
Page
Configuring Authenticated VLANs
Removing a User From an Authenticated Network
Configuring Authentication IP Addresses
Setting Up the Default VLAN for Authentication Clients
Port Binding and Authenticated VLANs
Configuring Authenticated Ports
Setting Up a DNS Path
Setting Up the DHCP Server
Before Authentication
After Authentication
Enabling DHCP Relay for Authentication Clients
Configuring a DHCP Gateway for the Relay
Configuring the Server Authority Mode
Configuring Single Mode
Page
Configuring Multiple Mode
Specifying Accounting Servers
Verifying the AVLAN Configuration
22 Configuring 802.1X
802.1X Specifications
802.1X Defaults
Quick Steps for Configuring 802.1X
Optional. To display the number of 802.1x users on the switch, use the show 802.1x users command:
See the OmniSwitch CLI Reference Guide for information about the fields in this display.
802.1X Overview
Supplicant Classification
802.1X Ports and DHCP
Re-authentication
802.1X Accounting
Compared to Authenticated VLANs
Using Access Guardian Policies
Policy Types
Page
Setting Up Port-Based Network Access Control
Setting 802.1X Switch Parameters
Enabling MAC Authentication for Non-Supplicants
Enabling 802.1X on Ports
Configuring 802.1X Port Parameters
Configuring the Port Control Direction
Configuring the Port Authorization
Configuring 802.1X Port Timeouts
Configuring the Maximum Number of Requests
Re-authenticating an 802.1X Port
Initializing an 802.1X Port
Configuring the Supplicant Polling Retry Count
Configuring Accounting for 802.1X
Configuring Access Guardian Policies
Configuring Supplicant Policies
Supplicant Policy Examples
Configuring Non-supplicant Policies
Non-supplicant Policy Examples
Page
Verifying the 802.1X Port Configuration
Page
23 Managing Policy Servers
Policy Server Specifications
Policy Server Defaults
Policy Server Overview
Installing the LDAP Policy Server
Modifying Policy Servers
Modifying LDAP Policy Server Parameters
Disabling the Policy Server From Downloading Policies
Modifying the Port Number
Modifying the Policy Server Username and Password
Modifying the Searchbase
Configuring a Secure Socket Layer for a Policy Server
Loading Policies From an LDAP Server
Removing LDAP Policies From the Switch
Interaction With CLI Policies
Verifying the Policy Server Configuration
Page
24 Configuring QoS
QoS Specifications
QoS General Overview
QoS Policy Overview
How Policies Are Used
Valid Policies
Interaction With Other Features
Condition Combinations
Policy Condition Combinations
Condition/Action Combinations
Policy Condition/Action Combinations
Policy Condition/Action Combinations (continued)
Conditions Actions Supported When?
QoS Defaults
Global QoS Defaults
QoS Port Defaults
Policy Rule Defaults
Policy Action Defaults
Default (Built-in) Policies
QoS Configuration Overview
Configuring Global QoS Parameters
Enabling/Disabling QoS
Setting the Global Default Dispositions
Using the QoS Log
What Kind of Information Is Logged
Number of Lines in the QoS Log
Log Detail Level
Forwarding Log Events to PolicyView
Forwarding Log Events to the Console
Displaying the QoS Log
Clearing the QoS Log
Flow Timeout
Fragment Classification
Enabling/Disabling Fragment Classification
Setting the Fragment Timeout
Classifying Bridged Traffic as Layer 3
Setting the Statistics Interval
Returning the Global Configuration to Defaults
Page
QoS Ports and Queues
Shared Queues
Trusted and Untrusted Ports
Configuring Trusted Ports
Using Trusted Ports With Policies
Verifying the QoS Port and Queue Configuration
Creating Policies
Quick Steps for Creating Policies
ASCII-File-Only Syntax
Creating Policy Conditions
Removing Condition Parameters
Deleting Policy Conditions
Creating Policy Actions
Removing Action Parameters
Deleting a Policy Action
Creating Policy Rules
Disabling Rules
Rule Precedence
How Precedence is Determined
Specifying Precedence for a Particular Rule
Layer 3 Rules With Compatible Actions
Layer 3 Rules With Conflicting Actions
Saving Rules
Logging Rules
Deleting Rules
Verifying Policy Configuration
Page
Testing Conditions
Page
Using Condition Groups in Policies
ACLs
Sample Group Configuration
Creating Network Groups
Creating Services
Creating Service Groups
Creating MAC Groups
Creating Port Groups
Port Groups and Maximum Bandwidth
Source Port Group Example
Destination Port Group Examples
Important Notes on Maximum Bandwidth
Verifying Condition Group Configuration
Using Map Groups
Sample Map Group Configuration
How Map Groups Work
Creating Map Groups
Verifying Map Group Configuration
Applying the Configuration
Deleting the Pending Configuration
Flushing the Configuration
Interaction With LDAP Policies
Verifying the Applied Policy Configuration
Policy Applications
Basic QoS Policies
Basic Commands
Traffic Prioritization Example
priority
Bandwidth Shaping Example
ICMP Policy Example
802.1p and ToS/DSCP Marking and Mapping
Page
25 Configuring ACLs
ACL Specifications
ACL Defaults
Quick Steps for Creating ACLs
ACL Overview
Rule Precedence
Example: Rule Type
Example: Rule Order
Example: Layer 3 Rules With Compatible Actions
Example: Layer 3 Rules With Conflicting Actions
Interaction With Other Features
Valid Combinations
ACL Configuration Overview
Setting the Global Disposition
Page
Creating Condition Groups For ACLs
Configuring ACLs
Creating Policy Conditions For ACLs
Creating Policy Actions For ACLs
Creating Policy Rules for ACLs
Layer 2 ACLs
Layer 2 ACL: Example 1
Layer 2 ACL: Example 2
Layer 3 ACLs
Layer 3 ACL: Example 1
Layer 3 ACL: Example 2
Multicast Filtering ACLs
Page
Using ACL Security Features
Configuring a UserPorts Group
Configuring a DisablePorts ACL
Configuring a DropServices Group ACL
Page
Configuring ICMP Drop Rules
Configuring a BPDUShutdownPorts Group
Verifying the ACL Configuration
Page
ACL Application Example
26 Configuring IP Multicast Switching
IPMS Specifications
IPMS Default Values
IPMS Overview
IPMS Example
Reserved Multicast Addresses
IPMS and Link Aggregation
Configuring IPMS on a Switch
Enabling and Disabling IPMS on a Switch
Enabling IPMS
Disabling IPMS
Configuring and Removing a Static Neighbor
Configuring and Removing a Static Querier
Configuring a Static Querier
Removing a Static Querier
Configuring and Removing a Static Member
Configuring a Static Member
Removing a Static Member
Modifying IPMS Parameters
Modifying the Leave Timeout
Configuring the Leave Timeout
Restoring the Leave Timeout
Modifying the Query Interval
Modifying the Neighbor Timeout
Configuring the Neighbor Timeout
Restoring the Neighbor Timeout
Modifying the Querier Timeout
Configuring the Querier Timeout
Modifying the Flow Timeout
Configuring the Flow Timeout
Restoring the Flow Timeout
Modifying the Querier Aging and Election Timeout
Configuring the Querier Aging and Election Timeout
IPMS Application Example
5Modify the leave timeout from its default value of 10 seconds to 120 seconds by entering:
An example of what these commands look like entered sequentially on the command line:
Displaying IPMS Configurations and Statistics
Page
27 Diagnosing Switch Problems
Page
Port Mirroring Overview
Port Mirroring Specifications
Port Mirroring Defaults
Quick Steps for Configuring Port Mirroring
Port Monitoring Overview
Port Monitoring Specifications
Port Monitoring Defaults
Quick Steps for Configuring Port Monitoring
Remote Monitoring (RMON) Overview
RMON Specifications
RMON Probe Defaults
Quick Steps for Enabling/Disabling RMON Probes
Switch Health Overview
Switch Health Specifications
Switch Health Defaults
Quick Steps for Configuring Switch Health
Port Mirroring
What Ports Can Be Mirrored?
How Port Mirroring Works
What Happens to the Mirroring Port
Using Port Mirroring with External RMON Probes
Creating a Mirroring Session
Unblocking Ports (Protection from Spanning Tree)
Enabling or Disabling Mirroring Status
Creating a Mirroring Session and Enabling Mirroring Status
Disabling a Mirroring Session (Disabling Mirroring Status)
Configuring Port Mirroring Direction
Enabling or Disabling a Port Mirroring Session (Shorthand)
Displaying Port Mirroring Status
Deleting A Mirroring Session
Port Monitoring
Configuring a Port Monitoring Session
Enabling a Port Monitoring Session
Disabling a Port Monitoring Session
Deleting a Port Monitoring Session
Pausing a Port Monitoring Session
Configuring Port Monitoring Session Persistence
Configuring a Port Monitoring Data File
Suppressing Port Monitoring File Creation
Configuring Port Monitoring Direction
Displaying Port Monitoring Status and Data
Remote Monitoring (RMON)
Ethernet Statistics
History (Control & Statistics)
Alarm
Event
Enabling or Disabling RMON Probes
Displaying RMON Tables
Displaying a List of RMON Probes
Displaying Statistics for a Particular RMON Probe
Sample Display for Ethernet Statistics Probe
Sample Display for History Probe
Sample Display for Alarm Probe
Displaying a List of RMON Events
Displaying a Specific RMON Event
Monitoring Switch Health
Page
Configuring Resource and Temperature Thresholds
Displaying Health Threshold Limits
Configuring Sampling Intervals
Viewing Sampling Intervals
Viewing Health Statistics for the Switch
Viewing Health Statistics for a Specific Interface
Resetting Health Statistics for the Switch
28 Using Switch Logging
Switch Logging Specifications
Switch Logging Defaults
Quick Steps for Configuring Switch Logging
Switch Logging Overview
Switch Logging Commands Overview
Enabling Switch Logging
Setting the Switch Logging Severity Level
Page
Specifying the Severity Level
Removing the Severity Level
Specifying the Switch Logging Output Device
Enabling/Disabling Switch Logging Output to the Console
Enabling/Disabling Switch Logging Output to Flash Memory
Specifying an IP Address for Switch Logging Output
Disabling an IP Address from Receiving Switch Logging Output
Displaying Switch Logging Status
Configuring the Switch Logging File Size
Clearing the Switch Logging Files
Displaying Switch Logging Records
29 Monitoring Memory
Memory Monitoring Specifications
Memory Monitoring Defaults
Quick Steps for Configuring Memory Monitoring
Debug Memory Commands Overview
Configuring Debug Memory Commands
Enabling/Disabling Memory Monitoring Functions
Displaying the Memory Monitor Log
Displaying the Memory Monitor Global Statistics
Displaying the Memory Monitor Task Statistics
--Output continues on the following page--
Page
Displaying the Memory Monitor Size Statistics
Page
A Software License and Copyright Statements
Alcatel License Agreement
ALCATEL INTERNETWORKING, INC. (AII) SOFTWARE LICENSE AGREEMENT
Page
Page
Third Party Licenses and Notices
A.Booting and Debugging Non-Proprietary Software
B. The OpenLDAP Public License: Version 2.4, 8 December 2000
C. Linux
D. GNU GENERAL PUBLIC LICENSE: Version 2, June 1991
Preamble
GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
Page
Page
Page
Appendix: How to Apply These Terms to Your New Programs
E. University of California
F. Carnegie-Mellon University
G.Random.c
H.Apptitude, Inc.
I. Agranat
J. RSA Security Inc.
K. Sun Microsystems, Inc.
L. Wind River Systems, Inc.
M.Network Time Protocol Version 4
Index
Numerics
A
B
C
D
E
F
H
I
L
M
N
O
P
Q
R
S
Page
T
U
V
W
