Manuals / Blade ICE / Computer Equipment / Computer Accessories

Blade ICE manual RackSwitch G8000 Application Guide, 128 „ Basic IP Routing, BMD00041, November

Models: G8000

1 145

Download 145 pages 21.85 Kb

Page 128

Image 128

RackSwitch G8000 Application Guide

128 Chapter 8: Basic IP Routing

BMD00041, November 2008

Page 128

Image 128

Blade ICE manual RackSwitch G8000 Application Guide, 128 „ Basic IP Routing, BMD00041, November

Contents

RackSwitch G8000 Application GuideVersion Part Number BMD00041, NovemberRackSwitch G8000 Application Guide Contents Chapter 1 Accessing the SwitchChapter 2 Port-based Network Access Control PrefaceChapter 4 Ports and Trunking Chapter 5 Spanning TreeChapter 6 Quality of Service Chapter 7 Remote MonitoringAppendix A Troubleshooting Chapter 8 Basic IP RoutingChapter 9 IGMP Chapter 10 High AvailabilityFigures RackSwitch G8000 Application Guide BMD00041, NovemberTables RackSwitch G8000 Application Guide BMD00041, NovemberPreface Who Should Use This GuideWhat You’ll Find in This Guide Typographic Conventions RackSwitch G8000 Application GuideSymbol Table 1 Typographic ConventionsHow to Get Help Accessing the Switch CHAPTER„ “Configuring an IP Interface” on page „ “Using Telnet” on page „ “Using the Browser-Based Interface” on page „ “Using SNMP” on pageConfiguring an IP Interface 1. Log on to the switch 2. Enter IP interface mode4. Configure the default gateway. Enable the gateway Command ReferenceUsing Telnet Configuring BBI access via HTTPS Using the Browser-Based InterfaceConfiguring BBI access via HTTP The BBI is organized at a high level as follows Using SNMP Default configurationSNMP v1 SNMPUser configuration RackSwitch G8000 Application Guide RS G8000 config# snmp-server group 5 user-name adminRS G8000 config# snmp-server group 5 group-name admingrp 22 „ Chapter 1 Accessing the SwitchConfiguring SNMP Trap Hosts SNMPv2 trap host configurationSNMPv1 trap host 1. Configure an entry in the notify tableSNMPv3 trap host configuration Securing Access to the Switch „ “RADIUS Authentication and Authorization” on page„ “TACACS+ Authentication” on page „ “End User Access Control” on pageRADIUS Authentication and Authorization How RADIUS authentication worksConfiguring RADIUS 2. Configure the RADIUS secret and enable the featureRADIUS authentication features in Blade OS Switch User Accounts RADIUS Attributes for G8000 user privilegesVendor-supplied Vendor-suppliedTACACS+ Authentication How TACACS+ authentication worksRS G8000 config# tacacs-server privilege-mapping TACACS+ authentication features in Blade OSAuthorization RS G8000 config# tacacs-server command-authorization Command authorization and loggingAccounting Configuring TACACS+ Authentication RS G8000 config# tacacs-server command-logging2. Configure the TACACS+ secret and second secret 4. Configure the number of retry attempts, and the timeout periodSSH encryption of management messages Configuring SSH features on the switchSecure Shell Generating RSA Host and Server Keys for SSH access SSH Integration with RADIUS/TACACS+ AuthenticationRS G8000 config# ssh generate-host-key RS G8000 config# ssh generate-server-keyEnd User Access Control Considerations for configuring End User AccountsUser Access Control Setting up User IDsDefining a User’s access level Listing current UsersLogging into an End User account Enabling or Disabling a UserBMD00041, November RackSwitch G8000 Application Guide38 „ Chapter 1 Accessing the Switch Port-based Network Access Control „ “Extensible Authentication Protocol over LAN” on page„ “802.1X authentication process” on page „ “Configuration guidelines” on pageExtensible Authentication Protocol over LAN Port Authorized 802.1X authentication processPort Unauthorized EAPoL message exchange 802.1X port states „ Unauthorized„ Authorized „ Force UnauthorizedSupported RADIUS attributes RackSwitch G8000 Application Guide44 „ Chapter 2 Port-based Network Access Control Table 2 Support for RADIUS AttributesConfiguration guidelines BMD00041, November RackSwitch G8000 Application Guide46 „ Chapter 2 Port-based Network Access Control VLANs CHAPTER„ “VLANs and Port VLAN ID Numbers” on page „ “VLAN Tagging” on page „ “VLAN Topologies and Design Considerations” on pageOverview Viewing VLANs VLANs and Port VLAN ID NumbersVLAN numbers Viewing and Configuring PVIDs PVID numbersVLAN Tagging Figure 3-1 Default VLAN settings BS45010ABefore Figure 3-2 Port-based VLAN assignmentFigure 3-3 802.1Q tagging after port-based VLAN assignment Figure 3-4 802.1Q tag assignment Figure 3-5 802.1Q tagging after 802.1Q tag assignmentuntagged packet 16 bitsVLAN configuration rules VLAN Topologies and Design ConsiderationsDescription Multiple VLANs with Tagging AdaptersComponent Component DescriptionVLAN configuration example 1. Enable VLAN tagging on server ports that support multiple VLANs2. Enable tagging on uplink ports that support multiple VLANs 3. Configure the VLANs and their member portsPrivate VLANs Private VLAN ports1. Select a VLAN and define the Private VLAN type as primary Configuration exampleConfiguration guidelines 2. Configure a secondary VLAN and map it to the primary VLAN 3. Verify the configurationRackSwitch G8000 Application Guide enableBMD00041, November RackSwitch G8000 Application Guide62 „ Chapter 3 VLANs Ports and Trunking „ “Configurable Trunk Hash Algorithm” on pageCHAPTER „ ““Overview” on page 64” „ “Port Trunking Example” on pageOverview Built-In fault toleranceStatistical load distribution Before you configure static trunks Static trunk group configuration rules„ All trunk members must be in the same Spanning Tree Group STG and can belong to only one Spanning Tree Group STG. However if all ports are tagged, then all trunk ports can belong to multiple STGs Port Trunking Example Trunk 3 Ports 2, 23, andTrunk 1 Ports 1, 7, and 1. Follow these steps on the G80002. Repeat the process on the other switch 3. Connect the switch ports that will be members in the trunk group4. Examine the trunking information on each switch RS G8000 config# portchannel 1 member 1,7,32Configurable Trunk Hash Algorithm Link Aggregation Control Protocol Admin keyEach port on the switch can have one of the following LACP modes 3. Set the LACP mode LACP configuration guidelinesConfiguring LACP Spanning Tree CHAPTER„ “Overview” on page „ “Rapid Spanning Tree Protocol” on page „ “Per VLAN Rapid Spanning Tree” on pageOverview Table 5-1 Ports, Trunk Groups, and VLANsBridge Priority Bridge Protocol Data Units BPDUsDetermining the Path for Forwarding BPDUs Spanning Tree Group configuration guidelines Changing the Spanning Tree modePort Priority Port Path CostAssigning a VLAN to a Spanning Tree Group Adding and removing ports from STGs Creating a VLANRules for VLAN Tagged ports Chapter 5 Spanning Tree „ RackSwitch G8000 Application GuideBMD00041, November Rapid Spanning Tree Protocol Port state changesRSTP configuration guidelines Port Type and Link TypeEdge Port Link TypeRSTP configuration example Configure Rapid Spanning Tree1. Configure port and VLAN membership on the switch 2. Set the Spanning Tree mode to Rapid Spanning TreeDefault Spanning Tree configuration Per VLAN Rapid Spanning TreeFigure 5-2 Two VLANs, each on a different Spanning Tree Group Why do we need multiple Spanning Trees?Figure 5-1 Two VLANs on one Spanning Tree Group 1. Set the Spanning-tree mode to PVRST+ PVRST configuration guidelinesConfiguring PVRST Common Internal Spanning Tree Multiple Spanning Tree ProtocolMSTP Region MSTP configuration guidelines Passing VLAN Blocking VLANRackSwitch G8000 Application Guide Blocking VLANConfiguring Multiple Spanning Tree Groups 2. Configure Multiple Spanning Tree ProtocolRackSwitch G8000 Application Guide enablemember memberFast Uplink Convergence Configuration GuidelinesConfiguring Fast Uplink Convergence BMD00041, November RackSwitch G8000 Application Guide92 „ Chapter 5 Spanning Tree Quality of Service „ “Overview” on page „ “Using ACL Filters” on page„ “Using Storm Control Filters” on page „ “Using DSCP Values to Provide QoS” on pagePermit/Deny FilterCOS Queue OverviewUsing ACL Filters MAC Extended ACLsIP Standard ACLs IP Extended ACLsRackSwitch G8000 Application Guide RS G8000 config# access-list ip extendedRS G8000 config# no access-list ip extended Table 6-1 Well-known protocol typesUnderstanding ACL priority Assigning ACLs to a portPort 1 access group ACL IP Extended ACL IP ExtendedViewing ACL statistics ACL configuration examples Example1. Configure an Access Control List 3. Verify the configurationUse this configuration to block traffic from a network destined for a specific host address. All traffic that ingresses port 10 with source IP from the class 100.10.1.0/24 and destination IP 200.20.2.2 is denied 1. Configure an Access Control ListExample 2. Assign the ACL to port1. Configure an Access Control List 1. Configure an Access Control ListRackSwitch G8000 Application Guide config# ip access-list ip extendedExample 2. Configure IP ACLs to deny all other traffic4. Configure a MAC ACL to deny all other traffic RackSwitch G8000 Application Guide RS G8000 config# interface portRS G8000 config-if# ip access-group 1103 inBroadcast storms Using Storm Control FiltersConfiguring storm control 7 6 5 4 Using DSCP Values to Provide QoSDifferentiated Services Concepts The switch can perform the following actions to the DSCP Per Hop Behavior QoS Levels Default QoS Service LevelsRackSwitch G8000 Application Guide Service LevelDSCP-to-802.1p mapping Using 802.1p Priority to Provide QoS Figure 6-3 Layer 2 802.1q/802.1p VLAN tagged packet1. Configure a port’s default 802.1p priority value to 802.1p configuration exampleQueuing and Scheduling CHAPTER Remote MonitoringOverview Configuring RMON statistics RMON group 1-Statistics1. Enable RMON on a port 2. Configure the RMON statistics on a portRS G8000# show rmon history RMON group 2-HistoryHistory MIB Object ID RMON group 3-Alarms Configuring RMON History1. Enable RMON on a port 2. Configure the RMON History parameters for a portExample Alarm MIB objectsConfiguring RMON Alarms Configure RMON events RMON group 9-Events1. Configure the RMON Alarm parameters to track ICMP messages 1. Configure the RMON event parametersBasic IP Routing „ “Dynamic Host Configuration Protocol” on pageCHAPTER „ “IP Routing Benefits” on pageIP Routing Benefits Routing Between IP Subnets Figure 8-1 The Router Legacy Network„ Traffic to the router increases, increasing congestion Example of Subnet Routing Figure 8-2 Switch-Based Routing TopologyUsing VLANs to segregate Broadcast Domains Configuration example2. Assign an IP interface for each subnet attached to the switch Table 8-1 Subnet Routing Example IP Address Assignments4. Add the switch ports to their respective VLANs RackSwitch G8000 Application Guideenable enable6. Configure the default gateway to the routers’ addresses 7. Enable IP routing8. Verify the configuration 5. Assign a VLAN to each IP interfaceDynamic Host Configuration Protocol BMD00041, November RackSwitch G8000 Application Guide128 „ Chapter 8 Basic IP Routing IGMP CHAPTER„ “IGMP Snooping” on page „ “IGMPv3 Snooping” on page „ “Static Multicast Router” on pageIGMP Snooping RS G8000 config# no ip igmp floodRS G8000 config# ip igmp fastleave VLAN number FastLeaveIGMPv3 Snooping IGMP Snooping configuration example Configure IGMP SnoopingRS G8000 config# no ip igmp snoop igmpv3 exclude RS G8000 config# ip igmp snoop igmpv3 sourcesRackSwitch G8000 Application Guide 5. View dynamic IGMP informationRS G8000# show ip igmp groups RS G8000# show ip igmp mrouter2. Verify the configuration Configure a Static Multicast RouterStatic Multicast Router High Availability CHAPTER„ “Uplink Failure Detection” on page BMD00041, NovemberUplink Failure Detection Figure 10-1 Uplink Failure Detection exampleFailure Detection Pair Spanning Tree Protocol with UFDConfiguration guidelines „ Link to Monitor LtMConfiguring UFD Monitoring UFD1. Configure Network Adapter Teaming on the servers 2. Assign the Link to Monitor LtM portsTroubleshooting APPENDIX A„ “Monitoring Ports” on page BMD00041, NovemberMonitoring Ports Figure A-1 Monitoring PortsConfiguring Port Mirroring Port Mirroring behavior2. Enable port mirroring 3. View the current configurationBMD00041, November RackSwitch G8000 Application Guide142 „ Appendix A Troubleshooting Numerics SymbolsIndex

128  Chapter 8: Basic IP Routing

128 Chapter 8: Basic IP Routing