Alcatel Carrier Internetworking Solutions Switch/Router Secure Switch Access

Secure Switch Access

Page 8-4

Secure Switch Access

Secure Switch Access is a filtering program that prevents unauthorized access to the switch by

allowing you to define a list of filters and filter points. For Secure Switch Access, filters are

lists of source traffic that are allowed onto the switch. Filter points operate on IP protocols

that include FTP, Telnet, SNMP, TFTP, HTTP, and a custom IP protocol. Whenever any of these

filter points is enabled, all filters configured for that protocol are applied to incoming traffic

using the filter point protocol.

All access violations are logged. If a filtering point is not enabled, it is accessible to all users.

Conﬁguring the Secure Switch Access Filter Database

Use the secdefine command to view and configure the database of secure access filters. This

database includes information on filter names, source IP addresses, source MAC addresses,

and the physical ports receiving data.

The following is a sample secdefine display:

Secure Access Filter Database

List (l) :

Create (c):

Delete (d):

Modify (m):

Find (f):

Help (h):

Quit (q):

Enter selection:

Select an option by entering the relevant letter at the selection prompt. To exit this menu,

enter q (quit). Descriptions and sample displays for each of the options are as follows:

List

This is a list of all defined filters. A filter determines what traffic is allowed on the switch. The

list includes information on the filter’s name, IP Address, MAC Address, and physical port

receiving the user’s data. The following is a sample display:

Source IP Source MAC Slot Port

Filter Name Address Address # #

---------------------------------------------------------------------------------------------------------

Engineering 198.34.56.10 0:23:da:67:97:e4 4 1

Test ANY ANY 7 3

Accounting 172.14.25.13 0:32:e4:a3:6f:e4 2 1

HR 198.34.56.15 ANY ANY ANY

The value ANY displays if a field is left blank when configuring filter information through the

Create (c) option. The ANY value signifies a “don’t care” condition. When an inbound packet is

checked against a Filter Name to establish authorized access, the ANY fields are not checked.

Contents

Main Cautions Page Table of Contents 2 The Omni Switch/Router MPX 1 Omni Switch/Router Chassis and Power Supplies 3 Omni Switch/Router Switching Modules 4 The User Interface 5 Installing Switch Software 6 Conguring Management Processor Modules 7 Managing Files 8 Switch Security 9 Conguring Switch-Wide Parameters 10 Switch Logging 12 Network Time Protocol 11 Health Statistics Page 13 SNMP (Simple Network Management Protocol) 15 Managing Ethernet Modules 14 DNS Resolver and RMON 16 Managing 802.1Q Groups 17 Conguring Bridging Parameters 18 Conguring Frame Translations Page 19 Managing Groups and Ports 20 Conguring Group and VLAN Policies 21 Interswitch Protocols 22 Managing AutoTracker VLANs 23 Multicast VLANs 24 AutoTracker VLAN Application Examples 25 IP Routing 26 UDP Forwarding 27 IPX Routing 28 Managing WAN Switching Modules 29 Managing Frame Relay 30 Point-to-Point Protocol 31 WAN Links 32 Managing ISDN Ports 33 Managing T1 and E1 Ports 34 Backup Services 35 Troubleshooting 36 Running Hardware Diagnostics A The Boot Line Prompt Index B Custom Cables 1 Omni Switch/Router Chassis and Power Supplies Omni Switch/Router User Interface (UI) Software Omni Switch/Router Network Management Software (NMS) Omni Switch/Router Distributed Switching Fabric Omni Switch/Router Fabric Capacity Omni Switch/Router Applications and Congurations Omni Switch/Router as the Backbone Connecting Several Networks Omni Switch/Router as the Central Backbone Switch/Router and in the Wiring Closet Omni Switch/Router Chassis and Power Supplies OmniS/R-3 OmniS/R-3 Chassis Technical Specications OmniS/R-5 Page OmniS/R-5 Technical Specications OmniS/R-9 and OmniS/R-9P Page OmniS/R-9 Technical Specications OmniS/R-9P Technical Specications OmniS/R-9P-48V Technical Specications Omni Switch/Router Power Requirements Module Power Requirements without an HRE-X Module Power Requirements with an HRE-X Grounding a Chassis The Omni Switch/Router Hardware Routing Engine (HRE-X) Valid HRE-X Congurations HRE-X Router Registers versus Feature Limitations Connecting a DC Power Source to an OmniS/R-PS5-DC375 GND = Installing DC Power Source Wire Leads Page Page Connecting a DC Power Source to an OmniS/R-PS9-DC725 GND = Installation Requirements Installing DC Power Source Wire Leads Page Replacing Power Supplies (9-Slot Chassis) Replacing Power Supplies (9-Slot Chassis) 2 The Omni Switch/Router MPX Omni Switch/Router Management Processor Module (MPX) Features MPX Technical Specications Omni Switch/Router Management Processor Module (MPX) Features Omni Switch/Router Management Processor Module (MPX) Status LEDs Page 2-2 Omni Switch/Router Management Processor Module (MPX) Features MPX Management Connectors Page 2-3 MPX Serial and Ethernet Management Ports MPX Console Port Specications Ethernet Management Port MPX Modem Port Specications Conguring MPX Serial Ports Flash Memory and Omni Switch/Router Software Flash Memory and Omni Switch/Router Software Flash Memory Guidelines MPX Redundancy Change-Over Procedure MPX Redundancy Commands 3 Omni Switch/Router Switching Modules Page Required Image Files Required Image Files Installing a Switching Module Page Removing a Switching Module Hot Swapping a Switching Module Page Diagnostic Tests Handling Fiber and Fiber Optic Connectors Step 1. Use Premium Grade Jumper Cables with Duplex SC Connectors Step 2. Keep Your Fiber Optic Connectors Clean Step 3. Keep the Transceiver Interface Clean Step 4. Attenuate Properly Gigabit Ethernet Modules GSX-K-FM/FS/FH-2W Gigabit Ethernet Modules Special Note The single mode version of this module has been deemed: to IEC 825:1984/CENELEC HD 482 S1. GSX-K-FM/FS/FH-2W Technical Specications Gigabit Ethernet Modules 2-Port Advanced Gigabit Ethernet Switching Module Page 3-14 Auto-Sensing 10/100 Ethernet Modules Ethernet RJ-45 Pinouts ESX-K-100C-32W Ethernet RJ-45 Specications Page Auto-Sensing 10/100 Ethernet Modules ESX-K-100C-32W Technical Specications Auto-Sensing 10/100 Ethernet Modules 32-Port Advanced Auto-Sensing 10/100 Ethernet Switching Module Page 3-18 Fast (100 Mbps) Ethernet Modules ESX-K-100FM/FS-16W Fast (100 Mbps) Ethernet Modules ESX-K-100FM/FS-16W Technical Specications Fast (100 Mbps) Ethernet Modules 16-Port Advanced Fast Ethernet Switching Module Page 3-21 WAN Modules WAN Pinouts WAN BRI Port Specications (S/T Interface) WAN BRI Port Specications (U Interface) WAN Serial Port Numbering WAN T1/E1 Port Specications WAN Serial Port Specications WAN Serial Port Specications (cont.) WSX-S-2W WSX-S-2W Technical Specications 2-Port WAN Frame Relay Switching Module Page 3-28 WSX-SC WSX-SC Technical Specications WAN Modules 8-Port WAN Frame Relay Switching Module Page 3-31 WSX-FT1/E1-SC WSX-FT1/E1-SC Technical Specications WAN 2-Port Serial and 2-Port Fractional T1/E1 Switching Module Page 3-34 WSX-FE1-SC Cabling/Jumper Settings WSX-BRI-SC WSX-BRI-SC Technical Specications WAN 2-Port Serial and 2-Port BRI-ISDN Switching Module Page 3-38 WAN Modules Page 3-39 Jumper Configuration for the U Interface Part Number and Serial Number label (this is how the board is shipped) Page 4 The User Interface Overview of Command Interfaces Changing Between the CLI and UI Modes Exit the Command Interface UI to CLI Command Cross Reference Hardware Commands Basic Switch Management Commands Hardware Table Page 4-5 Basic Switch Management Table Page 4-6 Network Management Commands Basic Switch Management Table (continued) Network Management Table UI to CLI Command Cross Reference Page 4-7 Layer II Switching Commands bl hi i S Groups, VLANs, Policies Commands Groups, VLANs, Policies Table Page 4-9 Group, VLANs, Policies Table (continued) Page 4-10 Routing Commands Routing Table UI to CLI Command Cross Reference Page 4-11 WAN Access Commands WAN Access Table Page 4-12 WAN Access Table (continued) UI to CLI Command Cross Reference Page 4-13 Troubleshooting Diagnostics Commands Troubleshooting/Diagnostics Table User Interface Menu Main Menu Summary General User Interface Guidelines Entering Command Names Quitting a Command Scrolling The UI Conguration Menu Conguring the System Prompt Conguring More Mode for the User Interface Page Page Setting Verbose/Terse Mode for the User Interface Page Conguring the Auto Logout Time Viewing Commands Changing Passwords Command History and Re-Executing Commands Page Abbreviating IP Addresses Abbreviated IP Address Formats Page User Interface Display Options Setting Echo/NoEcho for User Entry Setting the Login Banner Creating a new Banner Permanent Banner Banners for Different Access Methods Login Accounts Multiple User Sessions Listing Other Users Communicating with Other Users Deleting Other Sessions Page Advanced Kill Command Options UI Table Filtering (Using Search and Filter Commands) The Search Command Renewing a Search The Filter Command Combining Search and Filter Commands UI Table Filtering (Using Search and Filter Commands) Page 4-43 1. Type ipr and press <Enter>. A table similar to the following will be displayed: Press <Enter>. A screen similar to the following is displayed: Using Wildcards with Search and Filter Commands Wildcard Command Options Page Page 5 Installing Switch Software Using FTP Server Using FTP Client Using ZMODEM Using ZMODEM with the load Command Using ZMODEM With the Boot Line Prompt Page Page Page 6 Conguring Management Processor Modules Changing Serial Port Communication Parameters Changing Port Speed When Communication With The Switch Lost Conguring the Modem Port Modem Port Mode Conguring SLIP Conguring the Ethernet Management Port Page Ethernet Management Ports and Redundant Management Processor Modules Page The MPM Command/Menu Displaying MPX Redundancy MPM Menu Commands Using MPM Commands with Software Release 3.2 and Later Listing the Secondary MPX Files Transferring a File to the Secondary MPX Replacing a File on the Secondary MPX Loading a File from the Secondary MPX Removing a File from the Secondary MPX Giving Up Control to the Secondary MPX Setting the Load Sufx Setting Automatic Cong Synchronization Enabling Automatic Cong Synchronization Disabling Automatic Cong Synchronization Synchronizing Conguration Data Synchronizing Image Files Loading a File From the Primary MPX Gaining Control from the Primary MPX Resetting a Secondary MPX Displaying and Setting the Swap State Displaying the Swap State Enabling the Swap Mode Disabling the Swap Mode Page 7 Managing Files File Menu Displaying the Current Directory Conguration and Log File Generation Changing Directories Listing Switch Files Deleting Switch Files Deleting Multiple Files Deleting All Image Files Copying System Files Displaying Text Files Editing Text Files Clearing the Text Buffer Loading an ASCII File into the Text Buffer Listing the Contents of the Text Buffer Adding Lines of Text to the Text Buffer Deleting a Line of Text from the Text Buffer Inserting a Line of Text into the Text Buffer Editing a Line Name of Text in the Text Buffer Creating a File Name for the Text Buffer Creating a Text File from the Text Buffer Real-World Examples Page 7-11 Real-World Examples Real-World Example 1 Real-World Examples Page 7-12 Real-World Example 2 System Menu Checking the Flash File System Creating a New File System Page 8 Switch Security Changing Passwords Rebooting the Switch Secure Switch Access Conguring the Secure Switch Access Filter Database Page Page Conguring Secure Access Filter Points Page Enabling/Disabling Security Parameters Adding Filters Deleting Filters Viewing Secure Access Violations Log Managing User Login Accounts Partition Management Requirements Default Accounts Adding a User Account Using the UI Command Mode Adding a User Account Using the CLI Command Mode Assigning Account Privileges Using the CLI Command Mode Page Page Managing User Login Accounts Page 8-16 Assigning Account Privileges Using the UI Command Mode Enter the login name of the user account you are modifying. The following screen will display. Page Command Family Table Global Family Table Modifying a User Account Deleting a User 9 Conguring Switch-Wide Parameters Summary Menu Displaying the MIB-II System Group Variables Displaying the Chassis Summary Displaying Current Router Interface Status System Menu Displaying Basic System Information Page Setting the System Date and Time Page Setting the System Date and Time Timezone and DST Parameters Setting the System Date and Time Page Page Viewing Slot Data Viewing System Statistics Clearing System Statistics Viewing Task Utilization Statistics Page Viewing Memory Utilization Viewing MPX Memory Statistics Checking the Flash File System Checking the SIMM Files Creating a New File System Creating a SIMM File System Conguring System Information Viewing CAM Information Conguring CAM Distribution Page Conguring the HRE-X Router Port Page Conguring and Displaying the HRE-X Hash Table Duplicate MAC Address Support Page Multicast Claiming Disabling Flood Limits Saving Congurations Page 10 Switch Logging Logging Overview Conguring the Syslog Parameters Syslog Facility Codes Syslog Priority Codes Page Conguring Switch Logging Page Page Displaying the Command History Entries in the MPM Log Displaying the Connection Entries in the MPM Log Displaying Screen (Console) Capture Entries in the MPM Log Page Displaying Debug Entries in the MPM Log Displaying Secure Access Entries in the MPM Log Page 11 Health Statistics The Health Statistics Management Menu Setting Resource Thresholds Setting Bandwidth Thresholds Setting Miscellaneous Thresholds Page Setting the Sampling Interval View Switch-Level Statistics View Module-Level Statistics View Port-Level Statistics Reset Health Statistics 12 Network Time Protocol Stratum Using NTP in a Network Page NTP and Authentication Network Time Protocol Management Menu NTP Conguration Menu Conguring an NTP Client Page Conguring an NTP Client/Server Conguring Client/Server Authentication Page Page Conguring a New Peer Association Conguring a New Server Conguring a Broadcast Time Service Uncongure Existing Peer Associations Set the Servers Advertised Precision NTP Information Menu Display List of Peers the Server Knows About Display Peer Summary Information Display Alternate Peer Summary Information Display Detailed Information for One or More Peers Page Print Version Number Display Local Server Information Page NTP Statistics Menu Display Local Server Statistics Display Server Statistics Associated with Particular Peer(s) Page Display Loop Filter Information Display Peer Memory Usage Statistics Display I/O Subsystem Statistics Display Event Timer Subsystem Statistics Reset Various Subsystem Statistics Counters Reset Stat Counters Associated With Particular Peer(s) Display Packet Count Statistics from the Control Module Display the Current Leap Second State Turn the Server's Monitoring Facility On or Off Display Data The Server's Monitor Routines Have Collected Page NTP Administration Menu Set the Primary Receive Timeout Set the Delay Added to Encryption Time Stamps Specify the Host Whose NTP Server We Talk To Specify a Password to Use for Authenticated Requests Set Key ID to Use for Authenticated Requests Set Key Type to Use for Authenticated Requests (DES|MD5) Set a System Flag (Auth, Bclient, Monitor, Stats) Clear a System Flag (Auth, Bclient, Monitor, Stats) NTP Access Control Menu Change the Request Message Authentication Key ID Change the Control Message Authentication Key ID Add One or More Key ID's to the Trusted List Display the Trusted Key ID List Remove One or More Key ID's from the Trusted List Display the State of the Authentication Code Create Restrict Entry/Add Flags to Entry View the Server's Restrict List Remove Flags from a Restrict Entry Delete a Restrict Entry Congure a Trap in the Server Display the Traps Set in the Server Remove a Trap (Congured or Otherwise) from the Server 13 SNMP (Simple Network Management Protocol) Conguring SNMP Parameters and Traps Page Conguring a New Network Management Station word 0 (4 bytes) 00 00 00 00 : 00 00 00 00 word 1 (4 bytes) Page Page Viewing SNMP Statistics Page Page Trap Tables Trap Tables Page Page Page SNMP Standard Traps Page Page Page Page Page Trap Tables existing VPC was modified. 12 1000 existing VCC was modified. 13 2000 Trap Tables station running 14 4000 station running 15 8000 Trap Tables 17 2 0000 Extended Traps cases, this trap may also be generated when a module is reset. Page 3 Page Page Trap Tables 7 80 100 Trap Tables 9 200 10 400 Trap Tables 13 2000 14 4000 Trap Tables changed. 15 8000 occur during a firmware download. Trap Tables 17 2 0000 Page Trap Tables 20 10 0000 21 20 0000 22 40 0000 Trap Tables tion, etc.) was created or deleted. 23 80 0000 26 400 0000 Trap Tables 27 800 0000 28 1000 0000 Trap Tables 29 2000 0000 default setting. 30 4000 0000 Trap Tables 31 8000 0000 4 Trap Tables ports. 3 Page Trap Tables 6 40 7 80 100 Page Page Trap Tables in its internal database. 11 800 occurred. 10 400 Trap Tables 23 80 0000 18 4 0000 Trap Tables 0 Page Page path. 19 8 0000 Page 21 20 0000 Trap Tables tication type conicts with this routers authentication key or type. 22 40 0000 Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page 13-88 Trap Text Variable Descrip- tions 14 DNS Resolver and RMON Conguring the DNS Resolver The Names Submenu Page Remote Network Monitoring (RMON) Probes and Events Ethernet Probes History Probes Alarm Probes Monitoring Probes Monitoring Events Conguring Router Port MAC Addresses Restoring Router Port Mac Addresses 15 Managing Ethernet Modules Overview of Omni Switch/Router Ethernet Modules Page Kodiak Ethernet Modules The Ethernet Management Menus Conguring 10/100 Auto-Sensing Ports Connecting Kodiak Modules to Non-Auto-Negotiating Links Conguring Kodiak Ethernet Ports Viewing Congurations for 10/100 Ethernet Modules OmniChannel Page 15-9 OmniChannel Up to Four 100 Mbps Links May Comprise an OmniChannel Backbone ESX Link 1 Link 2 Link 3 Link 4 The Server Channel Feature Server Channel Limitations Creating an OmniChannel Page Adding Ports to an OmniChannel Deleting an OmniChannel Deleting Ports from an OmniChannel Viewing OmniChannel Parameters Page Page 16 Managing 802.1Q Groups IEEE 802.1Q Sections Not Implemented Application Example Single vs. Multiple Spanning Tree Page Page Assigning an 802.1Q Group to a Port Conguring 802.1Q on 10/100 Ethernet Ports Page Page Conguring 802.1Q on Gigabit Ethernet Ports Modifying 802.1Q Groups Modifying 802.1Q Groups for 10/100 Ports Page Modifying 802.1Q Groups for Gigabit Ethernet Ports Page Viewing 802.1Q Groups in a Port Viewing 802.1Q Statistics for 10/100 Ports Deleting 802.1Q Groups from a Port 17 Conguring Bridging Parameters Page Conguration Overview Step 1. Select a group Step 2. Configure Bridging Parameters Step 3. Enable Spanning Tree (Optional) Step 4. Enable Fast Spanning Tree (Optional) Bridge Management Menu Page Page Selecting a Default Group Using the + or - to Change Groups Bridging Commands Displaying Bridge Forwarding Table Page Conguring a Static Bridge Address Modifying a Static Bridge Address Deleting a Static Bridge Address Displaying Static Bridge Addresses Displaying Bridge Port Statistics Page Displaying Media Access Control (MAC) Information for a Specic MAC address Displaying Media Access Control (MAC) Information for all MAC addresses Display Statistics of Bridge MAC Addresses Clear Statistics of Bridge MAC Addresses Display Remote Trunking Stations View the Domain Bridge Mapping Table Page Setting Flood Limits Setting Flood Limits for a Group Displaying Group Flood Limits Conguring Spanning Tree Page Conguring Spanning Tree Parameters Page Page Display Spanning Tree Bridge Parameters Page Conguring Spanning Tree Port Parameters Page Displaying Spanning Tree Port Parameters Page Conguring Fast Spanning Tree Truncating Tree Timing & Speedy Tree Protocol Truncating Tree Timing Speedy Tree Protocol Conguring Truncating Tree Timing & Speedy Tree Protocol Displaying Fast Spanning Tree Port Parameters Page Enabling Fast Spanning Tree Port Parameters Disabling Fast Spanning Tree Port Parameters Conguring Source Routing SAP Filtering Enabling SAP Filtering Disabling SAP ltering Conguring SAP Filtering Viewing SAP Filtering Conguring Source Route to Transparent Bridging Enabling SRTB for a Group Disabling SRTB for a Group Viewing the RIF Table Clearing the RIF Table Page 18 Conguring Frame Translations Any-to-Any Switching Page Translating the Frame The MAC Header Canonical versus Non-Canonical Abbreviated Addresses Functional Addresses and Multicasts The RIF Field Source Route Termination by Proxy Not Supported Encapsulation Protocols other than IP and IPX The SNAP Conversion Other Conversions Summary of Non-IPX Encapsulation Transformation Rules IPX Encapsulation Transformation Rules The Network Header Address Mapping Address Mapping in IP: ARP Address Mapping in IPX Frame Size Requirements Insertion of Frame Padding Stripping of Padding for all IEEE 802.3 Frames. No stripping of non-IPX Ethertype Frames IPX Specic Stripping MTU Handling IP Fragmentation ICMP Based MTU Discovery IPX Packet Size Negotiation Other Protocols Banyan Vines Conguring Encapsulation Options Forwarding versus Flooding Port Based Translation Options MAC Address Based Translation Options Native versus Non-Native on Ethernet Native versus Non-Native on FDDI and Token Ring No Translation on Trunk or PTOP ports The Proprietary Token Ring IPX Option The User Interface The addvp, modvp and crgp Commands The Default Translation Option Ethernet Factory Default Translations FDDI Factory Default Translations Ethernet Media - Default Mode FDDI Media - Default Mode Page The Ethertype Option Ethernet Media - Ethernet II Mode ATM LANE - Ethernet II Mode The SNAP Option Ethernet Media - SNAP Mode FDDI / Token Ring Media - SNAP Option ATM LANE - SNAP Mode The LLC Option Ethernet Media - LLC Mode FDDI / Token Ring Media - LLC Mode Interaction with the new interface The vi Command ATM LANE - LLC Mode The Switch Menu Proprietary IPX Token Ring Factory Defaults Default Ethernet Translations Default FDDI Translations Default Token Ring Translations Page Port Translations Conguring Additional Ports Displaying Ethernet Switch Statistics Page Page Page Displaying Token Ring Switch Statistics Page Page Page Any to Any MAC Translations Default Autoencapsulation Translational Bridging Learning Translations across Trunks Dissimilar LAN Switching Capabilities Switching Between Similar LANs Switching Between Ethernet LANs Across a Trunked Backbone Switching Between Similar LANs across a Native Backbone Page Page 19 Managing Groups and Ports How Ports Are Assigned to Groups Static Port Assignment Dynamic Port Assignment (Group Mobility) How Dynamic Port Assignment Works Page Mobile Groups Conguring Mobile Groups Turning Group Mobility On or Off Understanding Port Membership in Mobile Groups Page Page 19-9 How a Device Is Dropped from the Default Mobile Group (def_group) Why disable move_from_def? If def_group is enabled.... Why enable def_group? If def_group is disabled.... How a Ports Primary Mobile Group Changes (move_from_def) If move_from_def is enabled.... Helpful Hints: If move_from_def is disabled.... Why disable move_from_def? How a Port Ages Out of a Mobile Group (move_to_def) If move_to_def is enabled.... Why enable move_to_def? If move_to_def is disabled.... Why disable move_to_def? Conguring Switch-Wide Group Mobility Variables Page Viewing Ports in a Mobile Group Viewing a Ports Mobile Group Afliations Non-Mobile Groups and AutoTracker VLANs Routing in a Non-Mobile Group Spanning Tree and Non-Mobile Groups Group and Port Software Commands Creating a New Group Step 1. Entering Basic Group Information Page Step 2. Conguring the Virtual Router Port (Optional) Page Page Page Page Page Step 3. Set Up Group Mobility and User Authentication Step 4. Conguring Virtual Ports Page Page Page Page Page Step 5. Conguring AutoTracker Policies (Mobile Groups Only) Creating a WAN Routing Group Page Page Viewing Current Groups Page Modifying a Group or VLAN Viewing Your Changes Saving Your Changes Canceling Your Changes Changing the IP Address Changing the IP Subnet Mask Enabling IP or IPX Routing Deleting a Group Adding Virtual Ports Modifying a Virtual Port Deleting a Virtual Port Viewing Information on Ports in a Group Page Page Viewing Detailed Information on Ports Page Page Viewing Port Statistics Page Viewing Port Errors Page Port Mirroring How Port Mirroring Works What Happens to the Mirroring Port Using Port Mirroring With External RMON Probes Page Setting Up Port Mirroring Disabling Port Mirroring Port Monitoring Port Monitoring Menu RAM Disk System for Data Capture Files Conguring RAM Drive Resources (pmcfg) Changing the Default System Directory (cd) Starting a Port Monitoring Session (pmon) If You Chose Dump to Screen If You Did Not Choose Dump to Screen Ending a Port Monitoring Session Viewing Port Monitoring Statistics (pmstat) Port Mapping Groups/VLANs and Port Mapping The Details of Port Mapping Slot 2 Slot 3 Slot 4 Who Can Talk to Whom? Port Mapping Limitations Creating a Port Mapping Set Adding Ports to a Port Mapping Set Removing Ports from a Port Mapping Set Viewing a Port Mapping Set Deleting a Port Mapping Set Priority VLANs Mammoth vs. Kodiak Priority VLANs VLAN 1 (Priority 7) VLAN 2 Conguring VLAN Priority Viewing VLAN Priority 20 Conguring Group and VLAN Policies AutoTracker Policy Types Page Dening and Conguring AutoTracker Policies Where These Procedures Start Dening a Port Policy Dening a MAC Address Policy Dening a MAC Address Range Policy Dening a Protocol Policy Page Page Dening a Network Address Policy Page Dening Your Own Rules Page Dening a Port Binding Policy Page Page Page Page Dening a DHCP Port Policy Dening a DHCP MAC Address Policy Dening a DHCP MAC Address Range Policy Viewing Mobile Groups and AutoTracker VLANs Viewing Policy Congurations Viewing Virtual Ports Group/VLAN Membership View VLAN Membership of MAC Devices Application Example: DHCP Policies The VLANs DHCP Servers and Clients Application Example: DHCP Policies Page 20-29 DHCP Port and MAC Rules Branch VLAN Production VLAN Test VLAN DHCP Servers Page 21 Interswitch Protocols Interswitch Protocol Commands XMAP XMAP Transmission States Discovery Transmission State Common Transmission State Passive Reception State Common Transmission and Remote Switches Conguring XMAP Enabling or Disabling XMAP Viewing a List of Adjacent Switches Conguring the Discovery Transmission Time Conguring the Common Transmission Time VLAN Advertisement Protocol (VAP) VAP and Port Policies Conguring VAP GMAP GMAP Updating Rules Conguring GMAP Enabling and Disabling GMAP Conguring the Gap Time Conguring the Interpacket Update Time Conguring the Hold Time Displaying GMAP Statistics by MAC Address Page 22 Managing AutoTracker VLANs The AutoTracker Menu AutoTracker VLANs AutoTracker VLAN Policies The Default VLAN How Devices are Assigned to AutoTracker VLANs The defvl Command Devices that Generate a Secondary Trafc Type How De vices ar e Assigned to AutoT racker VLAN s Router Trafc in IP and IPX Network Address VLANs Page 22-8 VLAN 3 VLAN 2 How De vices ar e Assigned to AutoT racker VLAN s Port Policy Functionality Page 22-10 Original Port Policy Functionality (reg_port_rule = 1) AutoTracker VLANs Page 22-11 Current Port Policy Functionality (reg_port_rule = 0) Page Page Page 22-14 An Example of Current Port Policy Functionality (reg_port_rule = 0) Frame Flooding in AutoTracker VLANs Routing Between AutoTracker VLANs Creating AutoTracker VLANs Step A. Entering Basic VLAN Information Page Step B. Dening and Conguring VLAN Policies Step C. Conguring the Virtual Router Port (Optional) Page Page Page Page Modifying an AutoTracker VLAN Page Deleting an AutoTracker VLAN Viewing AutoTracker VLANs Viewing Policy Congurations Viewing Virtual Ports VLAN Membership View VLAN Membership of MAC Devices Creating a VLAN for Banyan Vines Trafc Page Page Page 23 Multicast VLANs How Devices are Assigned to Multicast VLANs Multicast VLANs and Multicast Claiming Page 23-3 Frame Flooding in Multicast Creating Multicast VLANs Step A. Entering Basic Information Step B. Dening the Multicast Address Step C. Dening the Recipients of Multicast Trafc Dening Recipients By Port Dening Recipients By MAC Address Modifying Multicast VLANs Page Deleting a Multicast VLAN Modifying a Multicast Address Policy Viewing Multicast VLANs Viewing Multicast VLAN Policies Viewing the Virtual Interface of Multicast VLANs Page 24 AutoTracker VLAN Application Examples Application Example 1 VLANs Based on Logical Policies Application Example 1 VLAN A Page 24-3 VLAN B Ports 1, 2, 3, and 4 Application Example 2 VLANs in IPX Networks Application Example 2 at Bootup IPX Client Workstations IPX Servers Page 24-5 Page Application Example 3 IPX Network Address VLANs and Translated Frames Application Example 4 Routing in IPX Networks Application Example 4 Page 24-9 VLAN #1. For this reason, do not enable routing for any Group in which an IPX server is a member of an IPX network address VLAN. VLAN 2 Application Example 5 Traversing a Backbone Application Example 5 Page 25 IP Routing IP Routing Overview Routing Protocols Transport Protocols Application-Layer Protocols Additional IP Protocols Setting Up IP Routing on the Switch Step 1. Configuring a Virtual Router Port Step 2. Configuring Optional IP Routing Parameters Step 3. Configuring Other IP Routing Features The Networking Menu The IP Submenu Viewing the Address Translation (ARP) Table Displaying All Entries in the ARP Table Adding Entries to the ARP Table Deleting Entries from the ARP Table Flushing Temporary Entries from the ARP Table Finding a Specic IP Address in the ARP Table Finding a Specic MAC Address in the ARP Table Viewing IP Statistics and Errors Page Page Viewing the IP Forwarding Table Page Adding an IP Static Route Page Removing an IP Static Route Viewing ICMP Statistics and Errors Page Using the PING Command Page Viewing UDP Statistics and Errors Viewing the UDP Listener Table Viewing RIP Statistics and Errors Viewing TCP Statistics Page Viewing the TCP Connection Table Using the TELNET Command Cancelling a Telnet request Tracing an IP Route Flushing the RIP Routing Tables Conguring IP RIP Filters Adding a Global IP RIP Filter Adding an IP RIP Filter For a Specic Group or VLAN IP RIP Filter Precedence Deleting IP RIP Filters Displaying IP RIP Filters Displaying a List of All IP RIP Filters Displaying a List of Global IP RIP Filters Displaying a List of Specic IP RIP Filters Viewing the IP-to-MAC Address Table Displaying All Entries in the IP-to-MAC Table Displaying Information for a Specic IP Address Flushing Entries from the Table Enabling/Disabling Directed Broadcasts Path MTU Discovery 26 UDP Forwarding UDP Relay and RIF Stripping UDP Relay Hardware/Software Support UDP Relay Conguration Screen BOOTP/DHCP Relay Overview of DHCP DHCP and the OmniS/R BOOTP/DHCP Relay and Source Routing BOOTP/DHCP Relay and Authentication External BOOTP Relay Internal BOOTP/DHCP Relay Example 1 Example 2 Enabling BOOTP/DHCP Relay Conguring BOOTP/DHCP Relay Parameters NetBIOS Relays Overview of NetBIOS NetBIOS Relay Application Conguring NBNS Relay Next-Hop Addresses for NBNS Forwarding VLANs for NBNS Relay Conguring NBDD Relay Next-Hop Addresses for NBDD Forwarding VLANs for NBDD Relay Generic Service UDP Relay Generic Services Menu Adding a Generic Service Page Modifying a Generic Service Deleting a Generic Service Viewing UDP Relay Statistics Page 27 IPX Routing IPX Routing Overview IPX Protocols Setting Up IPX Routing on the Switch Step 1. Configuring a Virtual Router Port Step 2. Configuring Optional IPX Routing Parameters The IPX Submenu Viewing the IPX Routing Table Displaying All Entries in the IPX Routing Table Using IPXR with Frame Relay or ISDN Boards Displaying a List of Specic IPX Routes Viewing IPX Statistics Page Viewing the IPX SAP Bindery Using IPXSAP with Frame Relay or ISDN Boards Displaying a List of Specic SAP Servers Adding an IPX Static Route Removing an IPX Static Route Turning the IPX Router Complex On and Off Flushing the IPX RIP/SAP Tables Using the IPXPING Command Page Conguring IPX RIP/SAP Filtering Adding a Global IPX RIP/SAP Filter Adding an IPX RIP/SAP Filter for a Specic Group or VLAN Page Deleting an IPX RIP/SAP Filter Displaying IPX RIP/SAP Filters Displaying a List of All IPX Filters Displaying a List of Global IPX Filters Displaying a List of Specic IPX Filters IPX RIP/SAP Filter Precedence Conguring IPX Serialization Packet Filtering Enabling IPX Serialization Filtering Disabling IPX Serialization Filtering Conguring IPX Watchdog Spoong Enabling IPX Watchdog Spoong Disabling IPX Watchdog Spoong Conguring SPX Keepalive Spoong Enabling SPX Keepalive Spoong Disabling SPX Keepalive Spoong Controlling IPX Type 20 Packet Forwarding Conguring NetWare to Minimize WAN Connections Page Conguring RIP and SAP Timers Adding a RIP and SAP Timer Viewing RIP and SAP Timers Conguring Extended RIP and SAP Packets Enabling or Disabling Extended RIP and SAP Packets Viewing the Current Status of Extended Packets Conguring an IPX Default Route Adding an IPX Default Route Viewing the Status of an IPX Default Route Disabling an IPX Default Route 28 Managing WAN Switching Modules Type of Service (ToS) Page ToS and QoS Interaction DTR Dial Backup Supported Physical Interfaces Universal Serial Port ISDN Basic Rate Interface Port Fractional T1 Port Fractional E1 Port Supported Protocols Application Examples Frame Relay WSX Using Serial Ports Frame Relay Network Back-to-Back WSX Using T1 Ports Combined Frame Relay with ISDN Backup Frame Relay ISDN Omni Switch/Router WAN Modules Cable Interfaces for Universal Serial Ports DTE/DCE Type and Transmit/Receive Pins Data Compression Loopback Detection The WAN Port Software Menu Setting Conguration Parameters Modifying a Port The WAN Port Software Menu Page 28-15 Serial Port Example A screen similar to following displays: Page Page Page Page Page ISDN-BRI Port Example Page Page Fractional T1 Port Example Page Page Viewing Conguration Parameters for the WSX Viewing Parameters for all Submodules in the Chassis Viewing Parameters for all Ports in a Single Submodule Viewing Port Parameters Page Page Page Page Page Page Page Deleting Ports Obtaining Status and Statistical Information Obtaining Information on All Boards in a Switch Page Obtaining Information on the Ports for a Single WSX Board Page Viewing Information on a Single Port The WAN Port Software Menu Page 28-43 A screen similar to the following will be displayed: Page 28-44 A screen similar to the following will display: Conguring 31 Timeslots on a WAN E1 Port Page Page 29-1 29 Managing Frame Relay rr eerr ttee uutt Page Page 29-3 Back-to-Back Frame Relay Congurations Back-to-Back Frame Relay Configuration Using Serial Ports Universal Serial Port Cable Interfaces Physical and Logical Devices Compression Virtual Circuits and DLCIs WSX Self-Conguration and Virtual Circuits Congestion Control Regulation Parameters Discard Eligibility (DE) Flag Interaction Among Congestion Parameters Page Notication By BECN Notication By FECN Frame Formats Supported Bridging Services Frame Relay IP Routing WSX The Frame Relay Subnet and Split Horizon Page Frame Relay IPX Routing R Trunking Frame Relay Fragmentation Interleaving Before Transmission After Transmission The Frame Relay Software Menu Setting Conguration Parameters Modifying a Port Setting Configuration Parameters Page 29-23 A screen similar to the following displays: Page Page Page Page Page Modifying a Virtual Circuit Page Page Adding a Virtual Circuit Viewing Conguration Parameters for the WSX Viewing Parameters for all WSXs in the Chassis Viewing Port Parameters Viewing Virtual Circuit Parameters Deleting Ports and Virtual Circuits Deleting a Virtual Circuit Deleting a Port and Its Virtual Circuits Obtaining Status and Statistical Information Information on All Boards in a Switch Page Page Page Information on the Ports for One WSX Board Information on One Port Obtaining Status and Statistical Information Page 29-44 Page Page Page Page Page Page Information on One Virtual Circuit Page Page Resetting Statistics Counters Resetting Statistics for a WSX Board Resetting Statistics for a WSX Port Resetting Statistics for a Virtual Circuit (DLCI) Managing Frame Relay Services Page Conguring a Bridging Service Page Conguring a WAN Routing Service Step 1. Set Up a Frame Relay Routing Group Step 2. Set Up a Frame Relay Routing Service Page Conguring a Trunking Service Page Viewing Frame Relay Services Modifying a Frame Relay Service Deleting a Frame Relay Service 30 Point-to-Point Protocol PPP Connection Phases Data Compression Multi-Link PPP Multilink Modes of Operation PPP Fragmentation Interleaving Overview of PPP Conguration Procedures Step 1. Configure the Physical Interface to be Used for PPP Before Transmission After Transmission Step 2. Configure the Operation of PPP Itself Step 3. Configure a Link Between the Physical Interface and PPP The PPP Submenu PPP Conguration Overview Setting Global PPP Parameters Page Adding a PPP Entity Page Page Page Page Page Modifying a PPP Entity Page 30-15 Modifying a PPP Entity A screen similar to the following displays: Viewing PPP Entity Congurations Displaying the Conguration of All PPP Entities Displaying the Conguration of a Specic PPP Entity Displaying PPP Entity Status Displaying the Status of All PPP Entities Displaying the Status of a Specic PPP Entity Page Deleting a PPP Entity Page 31 WAN Links Conguring WAN Interfaces The Link Submenu Adding a WAN Link Adding WSX Port Links Adding ISDN Call Links Page Page Page Page Modifying a WAN Link Modifying ISDN Links Modifying WSX Links Deleting WAN Links Viewing WAN Links Displaying All Existing WAN Links Displaying Information for a Specic WAN Link Page Displaying Link Status Displaying Status for All WAN Links Displaying Status for a Specic WAN Link Page Page 32 Managing ISDN Ports Overview of ISDN Basic Rate Interface (BRI) Versus Primary Rate Interface (PRI) U, S/T , and R Interfaces The B, D, and H Channels The ISDN Submenu Switch Conguration Modifying an ISDN Conguration Entry Deleting an ISDN Conguration Entry Viewing an ISDN Conguration Entry Displaying ISDN Conguration Entry Status Displaying Status of All ISDN Ports Displaying Status of a Specic ISDN Slot Displaying Status of a Specic ISDN Port Page 33 Managing T1 and E1 Ports T1 and E1 Overview The T1/E1 Menu Conguring a T1 Port Page Page Page Conguring an E1 Port Page Page Viewing T1/E1 Conguration and Alarm Information Viewing Information for all T1/E1 Ports in the Switch Viewing Information for T1/E1 Ports on One Module Viewing Information For a T1 Port Page Viewing Information For an E1 Port Page Viewing T1/E1 Local Statistics Viewing Total Local Statistics Viewing Current Local Statistics Viewing Local Historical Statistics Viewing T1 Remote Statistics Viewing Total Remote Statistics Viewing Current Remote Statistics Viewing Remote Historical Statistics Clearing the Framer Statistics for a T1/E1 Port 34 Backup Services Frame Relay ISDN Backup Services Commands Accessing the Backup Services Menu Adding a Backup Service Adding a backup for a Physical Port Page Page Backing Up a Frame Relay PVC Backup Services Commands Page 34-7 Backup Services Commands Page 34-8 Once you are satisfied with the values, enter the save command, followed by <return>: A screen similar to that shown below will display: Modifying a Backup Service Modifying a backup for a Physical Port Modifying a Frame Relay PVC Backup Service Viewing Backup Service(s) Congurations Viewing the Congurations of All Backup Services Viewing the Conguration of a Single Backup Service (bsview Command) Deleting a Backup Service Viewing Backup Service Statistics Clearing Backup Service Statistics Page 35 Troubleshooting Detecting Problems Page Reporting Problems Report Hardware Details Report Software Details Understanding Problems Software Installation Problems Operational Problems Deadlocked VLAN Problems with IP Applications Protocol Problems Hardware Problems LEDs Do Not Light on All Modules Amber Color in LEDs Non-Blinking OK2 LED TEMP LED is Amber STA LED Is Off Switch Does Not Boot When Flash File System Is Full and Trying To Create the mpm.cnf File Error Messages Understanding Error Messages Correcting Errors Module Startup/Shutdown Error Messages Serial Port Conguration Errors Module Connection Errors Error Messages Chassis Error Messages Chassis Error Messages Table Chassis Error Messages Table (Cont.) 36 Running Hardware Diagnostics Running Diagnostics Login to Run Diagnostics Resetting a Switching Module Disabling a Switching Module Temperature Masking Running Hardware Diagnostics Page Page Sample Command Lines Halting Diagnostic Tests in Progress Port Tests The table below provides specific cable/plug information for Omni Switch/Router switching modules. Omni Switch/Router Port Test Wrap Cable/Plug Requirements Module Type Cable Type Omni Switch/Router Port Test Wrap Cable/Plug Requirements (cont.) Module Type Cable Type Sample Test Session: Ethernet Module Running Hardware Diagnostics Page 36-13 The module is reset, and then the rest of the tests will run. Page Displaying Available Diagnostic Tests Conguring the Diagnostic Test Environment Conguring Tests for Ethernet Modules Running Frame Fabric Tests on Omni Switch/Routers Page Running Diagnostics on an Entire Chassis Page Diagnostic Test Cable Schematics Page 36-22 Diagnostic Test Cable Schematics ESX Wrap Plug RJ-45 Connector The figures below and on the following pages provide information on port test cables and plugs. Ethernet Crossover Wrap Cable Category 5 UTP Copper Cable with RJ-45 Connectors T1/E1 Crossover Wrap Cable Category 5 UTP Copper Cable with RJ-45 Connectors Diagnostic Test Cable Schematics Page 36-23 BRI S/T Crossover Wrap Cable Category 5 UTP Copper Cable with RJ-48 (RJ-45) Connectors Page A The Boot Line Prompt Entering the Boot Prompt Boot Prompt Basics Resuming Switch Boot (@) Displaying Current Conguration (p) Loading the Last Congured Boot File (l) Listing Available Files in the Flash Memory (L) Deleting All Files in the Flash Memory (P) Deleting Specic Files in the Flash Memory (R) Saving Conguration Changes (S) Viewing Version Number (V) Conguring a Switch with an MPX Page Page Page Page V.35 DTE Cable (For WSX-to-DCE Device Connection) V.35 DCE Cable (For WSX-to-DTE Device Connection) RS232 DTE Cable (For WSX-to-DCE Device Connection) RS232 DCE Cable (For WSX-to-DTE Device Connection) RS530 DTE Cable (For WSX-to-DCE Device Connection) RS530 DCE Cable (For WSX-to-DTE Device Connection) X.21 DTE Cable (For WSX-to-DCE Device Connection) X.21 DCE Cable (For WSX-to-DTE Device Connection) RS449 DTE Cable (For WSX-to-DCE Device Connection) RS-449 DCE Cable Assembly (For WSX-to-DTE Device 75 Connection) RJ-45 to DB15F Cable Assembly (For T1/E1 Port 120 Connections) Page Page Index A B C D E F G H I K L M N O P Q R S T U V W X Z