Part Number BMD00041, November
RackSwitch G8000
Application Guide
Version
RackSwitch G8000 Application Guide
Preface
Contents
Chapter 1 Accessing the Switch
Chapter 2 Port-based Network Access Control
Chapter 5 Spanning Tree
Chapter 4 Ports and Trunking
Chapter 7 Remote Monitoring
Chapter 6 Quality of Service
Chapter 10 High Availability
Appendix A Troubleshooting
Chapter 8 Basic IP Routing
Chapter 9 IGMP
Figures
BMD00041, November
RackSwitch G8000 Application Guide
Tables
BMD00041, November
RackSwitch G8000 Application Guide
Who Should Use This Guide
Preface
What You’ll Find in This Guide
Table 1 Typographic Conventions
Typographic Conventions
RackSwitch G8000 Application Guide
Symbol
How to Get Help
“Using the Browser-Based Interface” on page “Using SNMP” on page
Accessing the Switch
CHAPTER
“Configuring an IP Interface” on page “Using Telnet” on page
Command Reference
Configuring an IP Interface
1. Log on to the switch 2. Enter IP interface mode
4. Configure the default gateway. Enable the gateway
Using Telnet
Using the Browser-Based Interface
Configuring BBI access via HTTP
Configuring BBI access via HTTPS
The BBI is organized at a high level as follows
SNMP
Using SNMP
Default configuration
SNMP v1
User configuration
22 Chapter 1 Accessing the Switch
RackSwitch G8000 Application Guide
RS G8000 config# snmp-server group 5 user-name admin
RS G8000 config# snmp-server group 5 group-name admingrp
1. Configure an entry in the notify table
Configuring SNMP Trap Hosts
SNMPv2 trap host configuration
SNMPv1 trap host
SNMPv3 trap host configuration
“End User Access Control” on page
Securing Access to the Switch
“RADIUS Authentication and Authorization” on page
“TACACS+ Authentication” on page
How RADIUS authentication works
RADIUS Authentication and Authorization
2. Configure the RADIUS secret and enable the feature
Configuring RADIUS
RADIUS authentication features in Blade OS
Vendor-supplied
Switch User Accounts
RADIUS Attributes for G8000 user privileges
Vendor-supplied
How TACACS+ authentication works
TACACS+ Authentication
TACACS+ authentication features in Blade OS
Authorization
RS G8000 config# tacacs-server privilege-mapping
Command authorization and logging
Accounting
RS G8000 config# tacacs-server command-authorization
4. Configure the number of retry attempts, and the timeout period
Configuring TACACS+ Authentication
RS G8000 config# tacacs-server command-logging
2. Configure the TACACS+ secret and second secret
Configuring SSH features on the switch
Secure Shell
SSH encryption of management messages
RS G8000 config# ssh generate-server-key
Generating RSA Host and Server Keys for SSH access
SSH Integration with RADIUS/TACACS+ Authentication
RS G8000 config# ssh generate-host-key
Setting up User IDs
End User Access Control
Considerations for configuring End User Accounts
User Access Control
Enabling or Disabling a User
Defining a User’s access level
Listing current Users
Logging into an End User account
RackSwitch G8000 Application Guide
38 Chapter 1 Accessing the Switch
BMD00041, November
“Configuration guidelines” on page
Port-based Network Access Control
“Extensible Authentication Protocol over LAN” on page
“802.1X authentication process” on page
Extensible Authentication Protocol over LAN
802.1X authentication process
Port Unauthorized
Port Authorized
EAPoL message exchange
Force Unauthorized
802.1X port states
Unauthorized
Authorized
Table 2 Support for RADIUS Attributes
Supported RADIUS attributes
RackSwitch G8000 Application Guide
44 Chapter 2 Port-based Network Access Control
Configuration guidelines
RackSwitch G8000 Application Guide
46 Chapter 2 Port-based Network Access Control
BMD00041, November
“VLAN Topologies and Design Considerations” on page
VLANs
CHAPTER
“VLANs and Port VLAN ID Numbers” on page “VLAN Tagging” on page
Overview
VLANs and Port VLAN ID Numbers
VLAN numbers
Viewing VLANs
PVID numbers
Viewing and Configuring PVIDs
VLAN Tagging
BS45010A
Figure 3-1 Default VLAN settings
Figure 3-2 Port-based VLAN assignment
Figure 3-3 802.1Q tagging after port-based VLAN assignment
Before
16 bits
Figure 3-4 802.1Q tag assignment
Figure 3-5 802.1Q tagging after 802.1Q tag assignment
untagged packet
VLAN Topologies and Design Considerations
VLAN configuration rules
Multiple VLANs with Tagging Adapters
Component
Description
Description
Component
3. Configure the VLANs and their member ports
VLAN configuration example
1. Enable VLAN tagging on server ports that support multiple VLANs
2. Enable tagging on uplink ports that support multiple VLANs
Private VLAN ports
Private VLANs
Configuration example
Configuration guidelines
1. Select a VLAN and define the Private VLAN type as primary
enable
2. Configure a secondary VLAN and map it to the primary VLAN
3. Verify the configuration
RackSwitch G8000 Application Guide
RackSwitch G8000 Application Guide
62 Chapter 3 VLANs
BMD00041, November
““Overview” on page 64” “Port Trunking Example” on page
Ports and Trunking
“Configurable Trunk Hash Algorithm” on page
CHAPTER
Built-In fault tolerance
Statistical load distribution
Overview
Static trunk group configuration rules
Before you configure static trunks
All trunk members must be in the same Spanning Tree Group STG and can belong to only one Spanning Tree Group STG. However if all ports are tagged, then all trunk ports can belong to multiple STGs
1. Follow these steps on the G8000
Port Trunking Example
Trunk 3 Ports 2, 23, and
Trunk 1 Ports 1, 7, and
RS G8000 config# portchannel 1 member 1,7,32
2. Repeat the process on the other switch
3. Connect the switch ports that will be members in the trunk group
4. Examine the trunking information on each switch
Configurable Trunk Hash Algorithm
Admin key
Link Aggregation Control Protocol
Each port on the switch can have one of the following LACP modes
LACP configuration guidelines
Configuring LACP
3. Set the LACP mode
“Per VLAN Rapid Spanning Tree” on page
Spanning Tree
CHAPTER
“Overview” on page “Rapid Spanning Tree Protocol” on page
Table 5-1 Ports, Trunk Groups, and VLANs
Overview
Bridge Protocol Data Units BPDUs
Determining the Path for Forwarding BPDUs
Bridge Priority
Port Path Cost
Spanning Tree Group configuration guidelines
Changing the Spanning Tree mode
Port Priority
Assigning a VLAN to a Spanning Tree Group
Creating a VLAN
Rules for VLAN Tagged ports
Adding and removing ports from STGs
RackSwitch G8000 Application Guide
BMD00041, November
Chapter 5 Spanning Tree
Port state changes
Rapid Spanning Tree Protocol
Link Type
RSTP configuration guidelines
Port Type and Link Type
Edge Port
2. Set the Spanning Tree mode to Rapid Spanning Tree
RSTP configuration example
Configure Rapid Spanning Tree
1. Configure port and VLAN membership on the switch
Per VLAN Rapid Spanning Tree
Default Spanning Tree configuration
Why do we need multiple Spanning Trees?
Figure 5-1 Two VLANs on one Spanning Tree Group
Figure 5-2 Two VLANs, each on a different Spanning Tree Group
PVRST configuration guidelines
Configuring PVRST
1. Set the Spanning-tree mode to PVRST+
Multiple Spanning Tree Protocol
MSTP Region
Common Internal Spanning Tree
MSTP configuration guidelines
Blocking VLAN
Passing VLAN
Blocking VLAN
RackSwitch G8000 Application Guide
2. Configure Multiple Spanning Tree Protocol
Configuring Multiple Spanning Tree Groups
member
RackSwitch G8000 Application Guide
enable
member
Configuration Guidelines
Configuring Fast Uplink Convergence
Fast Uplink Convergence
RackSwitch G8000 Application Guide
92 Chapter 5 Spanning Tree
BMD00041, November
“Using DSCP Values to Provide QoS” on page
Quality of Service
“Overview” on page “Using ACL Filters” on page
“Using Storm Control Filters” on page
Overview
Permit/Deny
Filter
COS Queue
MAC Extended ACLs
Using ACL Filters
IP Extended ACLs
IP Standard ACLs
Table 6-1 Well-known protocol types
RackSwitch G8000 Application Guide
RS G8000 config# access-list ip extended
RS G8000 config# no access-list ip extended
ACL IP Extended
Understanding ACL priority
Assigning ACLs to a port
Port 1 access group ACL IP Extended
Viewing ACL statistics
3. Verify the configuration
ACL configuration examples
Example
1. Configure an Access Control List
2. Assign the ACL to port
Use this configuration to block traffic from a network destined for a specific host address. All traffic that ingresses port 10 with source IP from the class 100.10.1.0/24 and destination IP 200.20.2.2 is denied
1. Configure an Access Control List
Example
config# ip access-list ip extended
1. Configure an Access Control List
1. Configure an Access Control List
RackSwitch G8000 Application Guide
2. Configure IP ACLs to deny all other traffic
4. Configure a MAC ACL to deny all other traffic
Example
ip access-group 1103 in
RackSwitch G8000 Application Guide
RS G8000 config# interface port
RS G8000 config-if#
Using Storm Control Filters
Configuring storm control
Broadcast storms
Using DSCP Values to Provide QoS
Differentiated Services Concepts
7 6 5 4
The switch can perform the following actions to the DSCP
Per Hop Behavior
Service Level
QoS Levels
Default QoS Service Levels
RackSwitch G8000 Application Guide
DSCP-to-802.1p mapping
Figure 6-3 Layer 2 802.1q/802.1p VLAN tagged packet
Using 802.1p Priority to Provide QoS
802.1p configuration example
Queuing and Scheduling
1. Configure a port’s default 802.1p priority value to
Remote Monitoring
Overview
CHAPTER
2. Configure the RMON statistics on a port
Configuring RMON statistics
RMON group 1-Statistics
1. Enable RMON on a port
RMON group 2-History
History MIB Object ID
RS G8000# show rmon history
2. Configure the RMON History parameters for a port
RMON group 3-Alarms
Configuring RMON History
1. Enable RMON on a port
Alarm MIB objects
Configuring RMON Alarms
Example
1. Configure the RMON event parameters
Configure RMON events
RMON group 9-Events
1. Configure the RMON Alarm parameters to track ICMP messages
“IP Routing Benefits” on page
Basic IP Routing
“Dynamic Host Configuration Protocol” on page
CHAPTER
IP Routing Benefits
Figure 8-1 The Router Legacy Network
Routing Between IP Subnets
Traffic to the router increases, increasing congestion
Figure 8-2 Switch-Based Routing Topology
Example of Subnet Routing
Table 8-1 Subnet Routing Example IP Address Assignments
Using VLANs to segregate Broadcast Domains
Configuration example
2. Assign an IP interface for each subnet attached to the switch
enable
4. Add the switch ports to their respective VLANs
RackSwitch G8000 Application Guide
enable
5. Assign a VLAN to each IP interface
6. Configure the default gateway to the routers’ addresses
7. Enable IP routing
8. Verify the configuration
Dynamic Host Configuration Protocol
RackSwitch G8000 Application Guide
128 Chapter 8 Basic IP Routing
BMD00041, November
“Static Multicast Router” on page
IGMP
CHAPTER
“IGMP Snooping” on page “IGMPv3 Snooping” on page
RS G8000 config# no ip igmp flood
IGMP Snooping
FastLeave
IGMPv3 Snooping
RS G8000 config# ip igmp fastleave VLAN number
RS G8000 config# ip igmp snoop igmpv3 sources
IGMP Snooping configuration example
Configure IGMP Snooping
RS G8000 config# no ip igmp snoop igmpv3 exclude
RS G8000# show ip igmp mrouter
RackSwitch G8000 Application Guide
5. View dynamic IGMP information
RS G8000# show ip igmp groups
Configure a Static Multicast Router
Static Multicast Router
2. Verify the configuration
BMD00041, November
High Availability
CHAPTER
“Uplink Failure Detection” on page
Figure 10-1 Uplink Failure Detection example
Uplink Failure Detection
Link to Monitor LtM
Failure Detection Pair
Spanning Tree Protocol with UFD
Configuration guidelines
2. Assign the Link to Monitor LtM ports
Configuring UFD
Monitoring UFD
1. Configure Network Adapter Teaming on the servers
BMD00041, November
Troubleshooting
APPENDIX A
“Monitoring Ports” on page
Figure A-1 Monitoring Ports
Monitoring Ports
3. View the current configuration
Configuring Port Mirroring
Port Mirroring behavior
2. Enable port mirroring
RackSwitch G8000 Application Guide
142 Appendix A Troubleshooting
BMD00041, November
Symbols
Index
Numerics