Blade ICE G8000 specs

RackSwitch G8000 Application Guide

128 Chapter 8: Basic IP Routing

BMD00041, November 2008

Image 128

Blade ICE manual RackSwitch G8000 Application Guide 128 „ Basic IP Routing

Contents

Application Guide RackSwitch G8000 Application Guide Contents Ports and Trunking Quality of Service Appendix a Troubleshooting Figures RackSwitch G8000 Application Guide Tables RackSwitch G8000 Application Guide Preface Who Should Use This Guide What You’ll Find in This Guide Typographic Conventions Typographic Conventions How to Get Help Accessing the Switch Configure the default gateway. Enable the gateway Configuring an IP InterfaceLog on to the switch Enter IP interface mode Using Telnet Configuring BBI access via Https Using the Browser-Based InterfaceConfiguring BBI access via Http RS G8000 config# access https import-certificate Using Snmp Default configurationSnmp v1 Snmp User configuration Privacy-password 22 „ Accessing the Switch Configuring Snmp Trap Hosts SNMPv2 trap host configurationConfigure an entry in the notify table SNMPv1 trap host SNMPv3 trap host configuration Securing Access to the Switch Radius Authentication and Authorization How Radius authentication works Configuring Radius Configure the Radius secret and enable the feature Radius authentication features in Blade OS Switch User Accounts Radius Attributes for G8000 user privileges TACACS+ Authentication How TACACS+ authentication works TACACS+ authentication features in Blade OS Authorization Command authorization and logging Accounting Configuring TACACS+ Authentication Configure the TACACS+ secret and second secret SSH encryption of management messages Configuring SSH features on the switchSecure Shell Generating RSA Host and Server Keys for SSH access SSH Integration with RADIUS/TACACS+ Authentication User Access Control End User Access ControlConsiderations for configuring End User Accounts Listing current Users Logging into an End User account RackSwitch G8000 Application Guide 38 „ Accessing the Switch Port-based Network Access Control Extensible Authentication Protocol over LAN 802.1X authentication process Port Unauthorized EAPoL message exchange 802.1X port states „ Unauthorized„ Authorized „ Force Unauthorized Supported Radius attributes Support for Radius Attributes Configuration guidelines BMD00041, November VLANs Overview Viewing VLANs VLANs and Port Vlan ID NumbersVlan numbers Viewing and Configuring PVIDs Pvid numbers Vlan Tagging 1Default Vlan settings 2Port-based Vlan assignment 4802.1Q tag assignment Vlan configuration rules Vlan Topologies and Design Considerations Multiple VLANs with Tagging Adapters Component Description Vlan Configure the VLANs and their member ports Vlan configuration exampleEnable tagging on uplink ports that support multiple VLANs Private VLANs Private Vlan ports Configuration example Select a Vlan and define the Private Vlan type as primary Configure a secondary Vlan and map it to the primary Vlan Verify the configuration RackSwitch G8000 Application Guide 62 „ VLANs Ports and Trunking Built-In fault tolerance Statistical load distribution Before you configure static trunks Static trunk group configuration rules 66 „ Ports and Trunking Port Trunking Example Follow these steps on the G8000 Repeat the process on the other switch Examine the trunking information on each switch Configurable Trunk Hash Algorithm „ Source IP SIP + Destination IP DIP Admin key Link Aggregation Control Protocol RS G8000 # show lacp information Set the Lacp mode Lacp configuration guidelinesConfiguring Lacp Spanning Tree 1Ports, Trunk Groups, and VLANs Bridge Protocol Data Units BPDUs Determining the Path for Forwarding BPDUs Spanning Tree Group configuration guidelines Changing the Spanning Tree mode Assigning a Vlan to a Spanning Tree Group Adding and removing ports from STGs Creating a VlanRules for Vlan Tagged ports RackSwitch G8000 Application Guide Rapid Spanning Tree Protocol Port state changes Rstp configuration guidelines Port Type and Link TypeEdge Port Link Type Rstp configuration example Configure Rapid Spanning Tree Default Spanning Tree configuration Per Vlan Rapid Spanning Tree Why do we need multiple Spanning Trees? 1Two VLANs on one Spanning Tree Group Set the Spanning-tree mode to PVRST+ Pvrst configuration guidelinesConfiguring Pvrst Common Internal Spanning Tree Multiple Spanning Tree ProtocolMstp Region Mstp configuration guidelines Passing Vlan Blocking Vlan Configuring Multiple Spanning Tree Groups Configure Multiple Spanning Tree Protocol 90 „ Spanning Tree Configuring Fast Uplink Convergence Fast Uplink Convergence RackSwitch G8000 Application Guide 92 „ Spanning Tree Quality of Service COS Using ACL Filters MAC Extended ACLs IP Standard ACLs IP Extended ACLs 1Well-known protocol types Understanding ACL priority Assigning ACLs to a port Use the following command to view ACL statistics Viewing ACL statistics ACL configuration examples Configure an Access Control ListExample Assign the ACL to port 100.10.1.0 Add the ACL to port Add the ACL to a port Configure IP ACLs to deny all other traffic Configure a MAC ACL to deny all other traffic Assign the ACLs to a port Broadcast storms Using Storm Control FiltersConfiguring storm control Using Dscp Values to Provide QoS Differentiated Services Concepts RackSwitch G8000 Application Guide Per Hop Behavior Drop Class Precedence Default QoS Service Levels QoS Levels Use the following command to perform DSCP-to-802.1p mapping DSCP-to-802.1p mapping Using 802.1p Priority to Provide QoS 3Layer 2 802.1q/802.1p Vlan tagged packet Queuing and Scheduling 802.1p configuration exampleConfigure a port’s default 802.1p priority value to Remote Monitoring Overview Configuring Rmon statistics Enable Rmon on a portConfigure the Rmon statistics on a port Rmon group 1-Statistics Rmon group 2-History History MIB Object ID Rmon group 3-Alarms Configuring Rmon HistoryConfigure the Rmon History parameters for a port View Rmon History for the port Alarm MIB objects Configuring Rmon Alarms Configure Rmon events Configure the Rmon Alarm parameters to track Icmp messagesConfigure the Rmon event parameters Rmon group 9-Events Basic IP Routing IP Routing Benefits Routing Between IP Subnets 1The Router Legacy Network 122 „ Basic IP Routing 2Switch-Based Routing Topology Example of Subnet Routing Using VLANs to segregate Broadcast Domains 1Subnet Routing Example IP Address Assignments Add the switch ports to their respective VLANs 3Subnet Routing Example Optional Vlan Ports Assign a Vlan to each IP interface Configure the default gateway to the routers’ addressesEnable IP routing Dynamic Host Configuration Protocol RackSwitch G8000 Application Guide 128 „ Basic IP Routing Igmp Igmp Snooping FastLeave IGMPv3 Snooping Igmp Snooping configuration example Configure Igmp SnoopingEnable IGMPv3 Snooping optional Add VLANs to Igmp Snooping View dynamic Igmp information RS G8000# show ip igmp groups Configure a Static Multicast Router Static Multicast Router High Availability Uplink Failure Detection 1Uplink Failure Detection example Spanning Tree Protocol with UFD Configuration guidelines Failure Detection Pair Turn on Uplink Failure Detection UFD Configuring UFDMonitoring UFD Troubleshooting Monitoring Ports Figure A-1Monitoring Ports Configuring Port Mirroring Enable port mirroringView the current configuration Port Mirroring behavior BMD00041, November Index Numerics Igmp TACACS+