RackSwitch G8000
Application Guide
Version
Part Number BMD00041, November
RackSwitch G8000 Application Guide
Contents
Chapter 1 Accessing the Switch
Chapter 2 Port-based Network Access Control
Preface
Chapter 4 Ports and Trunking
Chapter 5 Spanning Tree
Chapter 6 Quality of Service
Chapter 7 Remote Monitoring
Appendix A Troubleshooting
Chapter 8 Basic IP Routing
Chapter 9 IGMP
Chapter 10 High Availability
Figures
RackSwitch G8000 Application Guide
BMD00041, November
Tables
RackSwitch G8000 Application Guide
BMD00041, November
Preface
Who Should Use This Guide
What You’ll Find in This Guide
Typographic Conventions
RackSwitch G8000 Application Guide
Symbol
Table 1 Typographic Conventions
How to Get Help
Accessing the Switch
CHAPTER
“Configuring an IP Interface” on page “Using Telnet” on page
“Using the Browser-Based Interface” on page “Using SNMP” on page
Configuring an IP Interface
1. Log on to the switch 2. Enter IP interface mode
4. Configure the default gateway. Enable the gateway
Command Reference
Using Telnet
Using the Browser-Based Interface
Configuring BBI access via HTTP
Configuring BBI access via HTTPS
The BBI is organized at a high level as follows
Using SNMP
Default configuration
SNMP v1
SNMP
User configuration
RackSwitch G8000 Application Guide
RS G8000 config# snmp-server group 5 user-name admin
RS G8000 config# snmp-server group 5 group-name admingrp
22 Chapter 1 Accessing the Switch
Configuring SNMP Trap Hosts
SNMPv2 trap host configuration
SNMPv1 trap host
1. Configure an entry in the notify table
SNMPv3 trap host configuration
Securing Access to the Switch
“RADIUS Authentication and Authorization” on page
“TACACS+ Authentication” on page
“End User Access Control” on page
RADIUS Authentication and Authorization
How RADIUS authentication works
Configuring RADIUS
2. Configure the RADIUS secret and enable the feature
RADIUS authentication features in Blade OS
Switch User Accounts
RADIUS Attributes for G8000 user privileges
Vendor-supplied
Vendor-supplied
TACACS+ Authentication
How TACACS+ authentication works
TACACS+ authentication features in Blade OS
Authorization
RS G8000 config# tacacs-server privilege-mapping
Command authorization and logging
Accounting
RS G8000 config# tacacs-server command-authorization
Configuring TACACS+ Authentication
RS G8000 config# tacacs-server command-logging
2. Configure the TACACS+ secret and second secret
4. Configure the number of retry attempts, and the timeout period
Configuring SSH features on the switch
Secure Shell
SSH encryption of management messages
Generating RSA Host and Server Keys for SSH access
SSH Integration with RADIUS/TACACS+ Authentication
RS G8000 config# ssh generate-host-key
RS G8000 config# ssh generate-server-key
End User Access Control
Considerations for configuring End User Accounts
User Access Control
Setting up User IDs
Defining a User’s access level
Listing current Users
Logging into an End User account
Enabling or Disabling a User
RackSwitch G8000 Application Guide
38 Chapter 1 Accessing the Switch
BMD00041, November
Port-based Network Access Control
“Extensible Authentication Protocol over LAN” on page
“802.1X authentication process” on page
“Configuration guidelines” on page
Extensible Authentication Protocol over LAN
802.1X authentication process
Port Unauthorized
Port Authorized
EAPoL message exchange
802.1X port states
Unauthorized
Authorized
Force Unauthorized
Supported RADIUS attributes
RackSwitch G8000 Application Guide
44 Chapter 2 Port-based Network Access Control
Table 2 Support for RADIUS Attributes
Configuration guidelines
RackSwitch G8000 Application Guide
46 Chapter 2 Port-based Network Access Control
BMD00041, November
VLANs
CHAPTER
“VLANs and Port VLAN ID Numbers” on page “VLAN Tagging” on page
“VLAN Topologies and Design Considerations” on page
Overview
VLANs and Port VLAN ID Numbers
VLAN numbers
Viewing VLANs
Viewing and Configuring PVIDs
PVID numbers
VLAN Tagging
Figure 3-1 Default VLAN settings
BS45010A
Figure 3-2 Port-based VLAN assignment
Figure 3-3 802.1Q tagging after port-based VLAN assignment
Before
Figure 3-4 802.1Q tag assignment
Figure 3-5 802.1Q tagging after 802.1Q tag assignment
untagged packet
16 bits
VLAN configuration rules
VLAN Topologies and Design Considerations
Multiple VLANs with Tagging Adapters
Component
Description
Component
Description
VLAN configuration example
1. Enable VLAN tagging on server ports that support multiple VLANs
2. Enable tagging on uplink ports that support multiple VLANs
3. Configure the VLANs and their member ports
Private VLANs
Private VLAN ports
Configuration example
Configuration guidelines
1. Select a VLAN and define the Private VLAN type as primary
2. Configure a secondary VLAN and map it to the primary VLAN
3. Verify the configuration
RackSwitch G8000 Application Guide
enable
RackSwitch G8000 Application Guide
62 Chapter 3 VLANs
BMD00041, November
Ports and Trunking
“Configurable Trunk Hash Algorithm” on page
CHAPTER
““Overview” on page 64” “Port Trunking Example” on page
Built-In fault tolerance
Statistical load distribution
Overview
Before you configure static trunks
Static trunk group configuration rules
All trunk members must be in the same Spanning Tree Group STG and can belong to only one Spanning Tree Group STG. However if all ports are tagged, then all trunk ports can belong to multiple STGs
Port Trunking Example
Trunk 3 Ports 2, 23, and
Trunk 1 Ports 1, 7, and
1. Follow these steps on the G8000
2. Repeat the process on the other switch
3. Connect the switch ports that will be members in the trunk group
4. Examine the trunking information on each switch
RS G8000 config# portchannel 1 member 1,7,32
Configurable Trunk Hash Algorithm
Link Aggregation Control Protocol
Admin key
Each port on the switch can have one of the following LACP modes
LACP configuration guidelines
Configuring LACP
3. Set the LACP mode
Spanning Tree
CHAPTER
“Overview” on page “Rapid Spanning Tree Protocol” on page
“Per VLAN Rapid Spanning Tree” on page
Overview
Table 5-1 Ports, Trunk Groups, and VLANs
Bridge Protocol Data Units BPDUs
Determining the Path for Forwarding BPDUs
Bridge Priority
Spanning Tree Group configuration guidelines
Changing the Spanning Tree mode
Port Priority
Port Path Cost
Assigning a VLAN to a Spanning Tree Group
Creating a VLAN
Rules for VLAN Tagged ports
Adding and removing ports from STGs
RackSwitch G8000 Application Guide
BMD00041, November
Chapter 5 Spanning Tree
Rapid Spanning Tree Protocol
Port state changes
RSTP configuration guidelines
Port Type and Link Type
Edge Port
Link Type
RSTP configuration example
Configure Rapid Spanning Tree
1. Configure port and VLAN membership on the switch
2. Set the Spanning Tree mode to Rapid Spanning Tree
Default Spanning Tree configuration
Per VLAN Rapid Spanning Tree
Why do we need multiple Spanning Trees?
Figure 5-1 Two VLANs on one Spanning Tree Group
Figure 5-2 Two VLANs, each on a different Spanning Tree Group
PVRST configuration guidelines
Configuring PVRST
1. Set the Spanning-tree mode to PVRST+
Multiple Spanning Tree Protocol
MSTP Region
Common Internal Spanning Tree
MSTP configuration guidelines
Passing VLAN
Blocking VLAN
RackSwitch G8000 Application Guide
Blocking VLAN
Configuring Multiple Spanning Tree Groups
2. Configure Multiple Spanning Tree Protocol
RackSwitch G8000 Application Guide
enable
member
member
Configuration Guidelines
Configuring Fast Uplink Convergence
Fast Uplink Convergence
RackSwitch G8000 Application Guide
92 Chapter 5 Spanning Tree
BMD00041, November
Quality of Service
“Overview” on page “Using ACL Filters” on page
“Using Storm Control Filters” on page
“Using DSCP Values to Provide QoS” on page
Permit/Deny
Filter
COS Queue
Overview
Using ACL Filters
MAC Extended ACLs
IP Standard ACLs
IP Extended ACLs
RackSwitch G8000 Application Guide
RS G8000 config# access-list ip extended
RS G8000 config# no access-list ip extended
Table 6-1 Well-known protocol types
Understanding ACL priority
Assigning ACLs to a port
Port 1 access group ACL IP Extended
ACL IP Extended
Viewing ACL statistics
ACL configuration examples
Example
1. Configure an Access Control List
3. Verify the configuration
Use this configuration to block traffic from a network destined for a specific host address. All traffic that ingresses port 10 with source IP from the class 100.10.1.0/24 and destination IP 200.20.2.2 is denied
1. Configure an Access Control List
Example
2. Assign the ACL to port
1. Configure an Access Control List
1. Configure an Access Control List
RackSwitch G8000 Application Guide
config# ip access-list ip extended
2. Configure IP ACLs to deny all other traffic
4. Configure a MAC ACL to deny all other traffic
Example
RackSwitch G8000 Application Guide
RS G8000 config# interface port
RS G8000 config-if#
ip access-group 1103 in
Using Storm Control Filters
Configuring storm control
Broadcast storms
Using DSCP Values to Provide QoS
Differentiated Services Concepts
7 6 5 4
The switch can perform the following actions to the DSCP
Per Hop Behavior
QoS Levels
Default QoS Service Levels
RackSwitch G8000 Application Guide
Service Level
DSCP-to-802.1p mapping
Using 802.1p Priority to Provide QoS
Figure 6-3 Layer 2 802.1q/802.1p VLAN tagged packet
802.1p configuration example
Queuing and Scheduling
1. Configure a port’s default 802.1p priority value to
Remote Monitoring
Overview
CHAPTER
Configuring RMON statistics
RMON group 1-Statistics
1. Enable RMON on a port
2. Configure the RMON statistics on a port
RMON group 2-History
History MIB Object ID
RS G8000# show rmon history
RMON group 3-Alarms
Configuring RMON History
1. Enable RMON on a port
2. Configure the RMON History parameters for a port
Alarm MIB objects
Configuring RMON Alarms
Example
Configure RMON events
RMON group 9-Events
1. Configure the RMON Alarm parameters to track ICMP messages
1. Configure the RMON event parameters
Basic IP Routing
“Dynamic Host Configuration Protocol” on page
CHAPTER
“IP Routing Benefits” on page
IP Routing Benefits
Routing Between IP Subnets
Figure 8-1 The Router Legacy Network
Traffic to the router increases, increasing congestion
Example of Subnet Routing
Figure 8-2 Switch-Based Routing Topology
Using VLANs to segregate Broadcast Domains
Configuration example
2. Assign an IP interface for each subnet attached to the switch
Table 8-1 Subnet Routing Example IP Address Assignments
4. Add the switch ports to their respective VLANs
RackSwitch G8000 Application Guide
enable
enable
6. Configure the default gateway to the routers’ addresses
7. Enable IP routing
8. Verify the configuration
5. Assign a VLAN to each IP interface
Dynamic Host Configuration Protocol
RackSwitch G8000 Application Guide
128 Chapter 8 Basic IP Routing
BMD00041, November
IGMP
CHAPTER
“IGMP Snooping” on page “IGMPv3 Snooping” on page
“Static Multicast Router” on page
IGMP Snooping
RS G8000 config# no ip igmp flood
FastLeave
IGMPv3 Snooping
RS G8000 config# ip igmp fastleave VLAN number
IGMP Snooping configuration example
Configure IGMP Snooping
RS G8000 config# no ip igmp snoop igmpv3 exclude
RS G8000 config# ip igmp snoop igmpv3 sources
RackSwitch G8000 Application Guide
5. View dynamic IGMP information
RS G8000# show ip igmp groups
RS G8000# show ip igmp mrouter
Configure a Static Multicast Router
Static Multicast Router
2. Verify the configuration
High Availability
CHAPTER
“Uplink Failure Detection” on page
BMD00041, November
Uplink Failure Detection
Figure 10-1 Uplink Failure Detection example
Failure Detection Pair
Spanning Tree Protocol with UFD
Configuration guidelines
Link to Monitor LtM
Configuring UFD
Monitoring UFD
1. Configure Network Adapter Teaming on the servers
2. Assign the Link to Monitor LtM ports
Troubleshooting
APPENDIX A
“Monitoring Ports” on page
BMD00041, November
Monitoring Ports
Figure A-1 Monitoring Ports
Configuring Port Mirroring
Port Mirroring behavior
2. Enable port mirroring
3. View the current configuration
RackSwitch G8000 Application Guide
142 Appendix A Troubleshooting
BMD00041, November
Symbols
Index
Numerics