Manuals / Blade ICE / Computer Equipment / Computer Accessories

Blade ICE G8000 manual VLANs and Port VLAN ID Numbers, VLAN numbers, Viewing VLANs

Models: G8000

1 145

Download 145 pages 21.85 Kb

Page 49

Image 49

RackSwitch G8000 Application Guide

VLANs and Port VLAN ID Numbers

VLAN numbers

The G8000 supports up to 1024 VLANs per switch. Even though the maximum number of VLANs supported at any given time is 1024, each can be identified with any number between 1 and 4094. VLAN 1 is the default VLAN for all ports.

Viewing VLANs

VLAN information:

RS G8000 (config)# show vlan
VLAN	Name	Status	Ports
----	------------------------	------	-------------------------
1	VLAN 1	ena	1-48, XGE2-XGE4
2	VLAN 2	dis	po1-po104
2	VLAN 2	dis	empty

BMD00041, November 2008

Chapter 3: VLANs 49

Page 49

Image 49

Blade ICE G8000 manual VLANs and Port VLAN ID Numbers, VLAN numbers, Viewing VLANs

Contents

Application Guide RackSwitch G8000Version Part Number BMD00041, NovemberRackSwitch G8000 Application Guide Chapter 1 Accessing the Switch ContentsChapter 2 Port-based Network Access Control PrefaceChapter 5 Spanning Tree Chapter 4 Ports and TrunkingChapter 7 Remote Monitoring Chapter 6 Quality of ServiceChapter 8 Basic IP Routing Appendix A TroubleshootingChapter 9 IGMP Chapter 10 High AvailabilityFigures BMD00041, November RackSwitch G8000 Application GuideTables BMD00041, November RackSwitch G8000 Application GuideWho Should Use This Guide PrefaceWhat You’ll Find in This Guide RackSwitch G8000 Application Guide Typographic ConventionsSymbol Table 1 Typographic ConventionsHow to Get Help CHAPTER Accessing the Switch„ “Configuring an IP Interface” on page „ “Using Telnet” on page „ “Using the Browser-Based Interface” on page „ “Using SNMP” on page1. Log on to the switch 2. Enter IP interface mode Configuring an IP Interface4. Configure the default gateway. Enable the gateway Command ReferenceUsing Telnet Configuring BBI access via HTTP Using the Browser-Based InterfaceConfiguring BBI access via HTTPS The BBI is organized at a high level as follows Default configuration Using SNMPSNMP v1 SNMPUser configuration RS G8000 config# snmp-server group 5 user-name admin RackSwitch G8000 Application GuideRS G8000 config# snmp-server group 5 group-name admingrp 22 „ Chapter 1 Accessing the SwitchSNMPv2 trap host configuration Configuring SNMP Trap HostsSNMPv1 trap host 1. Configure an entry in the notify tableSNMPv3 trap host configuration „ “RADIUS Authentication and Authorization” on page Securing Access to the Switch„ “TACACS+ Authentication” on page „ “End User Access Control” on pageHow RADIUS authentication works RADIUS Authentication and Authorization2. Configure the RADIUS secret and enable the feature Configuring RADIUSRADIUS authentication features in Blade OS RADIUS Attributes for G8000 user privileges Switch User AccountsVendor-supplied Vendor-suppliedHow TACACS+ authentication works TACACS+ AuthenticationAuthorization TACACS+ authentication features in Blade OSRS G8000 config# tacacs-server privilege-mapping Accounting Command authorization and loggingRS G8000 config# tacacs-server command-authorization RS G8000 config# tacacs-server command-logging Configuring TACACS+ Authentication2. Configure the TACACS+ secret and second secret 4. Configure the number of retry attempts, and the timeout periodSecure Shell Configuring SSH features on the switchSSH encryption of management messages SSH Integration with RADIUS/TACACS+ Authentication Generating RSA Host and Server Keys for SSH accessRS G8000 config# ssh generate-host-key RS G8000 config# ssh generate-server-keyConsiderations for configuring End User Accounts End User Access ControlUser Access Control Setting up User IDsListing current Users Defining a User’s access levelLogging into an End User account Enabling or Disabling a User38 „ Chapter 1 Accessing the Switch RackSwitch G8000 Application GuideBMD00041, November „ “Extensible Authentication Protocol over LAN” on page Port-based Network Access Control„ “802.1X authentication process” on page „ “Configuration guidelines” on pageExtensible Authentication Protocol over LAN Port Unauthorized 802.1X authentication processPort Authorized EAPoL message exchange „ Unauthorized 802.1X port states„ Authorized „ Force UnauthorizedRackSwitch G8000 Application Guide Supported RADIUS attributes44 „ Chapter 2 Port-based Network Access Control Table 2 Support for RADIUS AttributesConfiguration guidelines 46 „ Chapter 2 Port-based Network Access Control RackSwitch G8000 Application GuideBMD00041, November CHAPTER VLANs„ “VLANs and Port VLAN ID Numbers” on page „ “VLAN Tagging” on page „ “VLAN Topologies and Design Considerations” on pageOverview VLAN numbers VLANs and Port VLAN ID NumbersViewing VLANs PVID numbers Viewing and Configuring PVIDsVLAN Tagging BS45010A Figure 3-1 Default VLAN settingsFigure 3-3 802.1Q tagging after port-based VLAN assignment Figure 3-2 Port-based VLAN assignmentBefore Figure 3-5 802.1Q tagging after 802.1Q tag assignment Figure 3-4 802.1Q tag assignmentuntagged packet 16 bitsVLAN Topologies and Design Considerations VLAN configuration rulesComponent Multiple VLANs with Tagging AdaptersDescription Description Component1. Enable VLAN tagging on server ports that support multiple VLANs VLAN configuration example2. Enable tagging on uplink ports that support multiple VLANs 3. Configure the VLANs and their member portsPrivate VLAN ports Private VLANsConfiguration guidelines Configuration example1. Select a VLAN and define the Private VLAN type as primary 3. Verify the configuration 2. Configure a secondary VLAN and map it to the primary VLANRackSwitch G8000 Application Guide enable62 „ Chapter 3 VLANs RackSwitch G8000 Application GuideBMD00041, November „ “Configurable Trunk Hash Algorithm” on page Ports and TrunkingCHAPTER „ ““Overview” on page 64” „ “Port Trunking Example” on pageStatistical load distribution Built-In fault toleranceOverview Static trunk group configuration rules Before you configure static trunks„ All trunk members must be in the same Spanning Tree Group STG and can belong to only one Spanning Tree Group STG. However if all ports are tagged, then all trunk ports can belong to multiple STGs Trunk 3 Ports 2, 23, and Port Trunking ExampleTrunk 1 Ports 1, 7, and 1. Follow these steps on the G80003. Connect the switch ports that will be members in the trunk group 2. Repeat the process on the other switch4. Examine the trunking information on each switch RS G8000 config# portchannel 1 member 1,7,32Configurable Trunk Hash Algorithm Admin key Link Aggregation Control ProtocolEach port on the switch can have one of the following LACP modes Configuring LACP LACP configuration guidelines3. Set the LACP mode CHAPTER Spanning Tree„ “Overview” on page „ “Rapid Spanning Tree Protocol” on page „ “Per VLAN Rapid Spanning Tree” on pageTable 5-1 Ports, Trunk Groups, and VLANs OverviewDetermining the Path for Forwarding BPDUs Bridge Protocol Data Units BPDUsBridge Priority Changing the Spanning Tree mode Spanning Tree Group configuration guidelinesPort Priority Port Path CostAssigning a VLAN to a Spanning Tree Group Rules for VLAN Tagged ports Creating a VLANAdding and removing ports from STGs BMD00041, November RackSwitch G8000 Application GuideChapter 5 Spanning Tree „ Port state changes Rapid Spanning Tree ProtocolPort Type and Link Type RSTP configuration guidelinesEdge Port Link TypeConfigure Rapid Spanning Tree RSTP configuration example1. Configure port and VLAN membership on the switch 2. Set the Spanning Tree mode to Rapid Spanning TreePer VLAN Rapid Spanning Tree Default Spanning Tree configurationFigure 5-1 Two VLANs on one Spanning Tree Group Why do we need multiple Spanning Trees?Figure 5-2 Two VLANs, each on a different Spanning Tree Group Configuring PVRST PVRST configuration guidelines1. Set the Spanning-tree mode to PVRST+ MSTP Region Multiple Spanning Tree ProtocolCommon Internal Spanning Tree MSTP configuration guidelines Blocking VLAN Passing VLANRackSwitch G8000 Application Guide Blocking VLAN2. Configure Multiple Spanning Tree Protocol Configuring Multiple Spanning Tree Groupsenable RackSwitch G8000 Application Guidemember memberConfiguring Fast Uplink Convergence Configuration GuidelinesFast Uplink Convergence 92 „ Chapter 5 Spanning Tree RackSwitch G8000 Application GuideBMD00041, November „ “Overview” on page „ “Using ACL Filters” on page Quality of Service„ “Using Storm Control Filters” on page „ “Using DSCP Values to Provide QoS” on pageFilter Permit/DenyCOS Queue OverviewMAC Extended ACLs Using ACL FiltersIP Extended ACLs IP Standard ACLsRS G8000 config# access-list ip extended RackSwitch G8000 Application GuideRS G8000 config# no access-list ip extended Table 6-1 Well-known protocol typesAssigning ACLs to a port Understanding ACL priorityPort 1 access group ACL IP Extended ACL IP ExtendedViewing ACL statistics Example ACL configuration examples1. Configure an Access Control List 3. Verify the configuration1. Configure an Access Control List Use this configuration to block traffic from a network destined for a specific host address. All traffic that ingresses port 10 with source IP from the class 100.10.1.0/24 and destination IP 200.20.2.2 is deniedExample 2. Assign the ACL to port1. Configure an Access Control List 1. Configure an Access Control ListRackSwitch G8000 Application Guide config# ip access-list ip extended4. Configure a MAC ACL to deny all other traffic 2. Configure IP ACLs to deny all other trafficExample RS G8000 config# interface port RackSwitch G8000 Application GuideRS G8000 config-if# ip access-group 1103 inConfiguring storm control Using Storm Control FiltersBroadcast storms Differentiated Services Concepts Using DSCP Values to Provide QoS7 6 5 4 The switch can perform the following actions to the DSCP Per Hop Behavior Default QoS Service Levels QoS LevelsRackSwitch G8000 Application Guide Service LevelDSCP-to-802.1p mapping Figure 6-3 Layer 2 802.1q/802.1p VLAN tagged packet Using 802.1p Priority to Provide QoSQueuing and Scheduling 802.1p configuration example1. Configure a port’s default 802.1p priority value to Overview Remote MonitoringCHAPTER RMON group 1-Statistics Configuring RMON statistics1. Enable RMON on a port 2. Configure the RMON statistics on a portHistory MIB Object ID RMON group 2-HistoryRS G8000# show rmon history Configuring RMON History RMON group 3-Alarms1. Enable RMON on a port 2. Configure the RMON History parameters for a portConfiguring RMON Alarms Alarm MIB objectsExample RMON group 9-Events Configure RMON events1. Configure the RMON Alarm parameters to track ICMP messages 1. Configure the RMON event parameters„ “Dynamic Host Configuration Protocol” on page Basic IP RoutingCHAPTER „ “IP Routing Benefits” on pageIP Routing Benefits Figure 8-1 The Router Legacy Network Routing Between IP Subnets„ Traffic to the router increases, increasing congestion Figure 8-2 Switch-Based Routing Topology Example of Subnet RoutingConfiguration example Using VLANs to segregate Broadcast Domains2. Assign an IP interface for each subnet attached to the switch Table 8-1 Subnet Routing Example IP Address AssignmentsRackSwitch G8000 Application Guide 4. Add the switch ports to their respective VLANsenable enable7. Enable IP routing 6. Configure the default gateway to the routers’ addresses8. Verify the configuration 5. Assign a VLAN to each IP interfaceDynamic Host Configuration Protocol 128 „ Chapter 8 Basic IP Routing RackSwitch G8000 Application GuideBMD00041, November CHAPTER IGMP„ “IGMP Snooping” on page „ “IGMPv3 Snooping” on page „ “Static Multicast Router” on pageRS G8000 config# no ip igmp flood IGMP SnoopingIGMPv3 Snooping FastLeaveRS G8000 config# ip igmp fastleave VLAN number Configure IGMP Snooping IGMP Snooping configuration exampleRS G8000 config# no ip igmp snoop igmpv3 exclude RS G8000 config# ip igmp snoop igmpv3 sources5. View dynamic IGMP information RackSwitch G8000 Application GuideRS G8000# show ip igmp groups RS G8000# show ip igmp mrouterStatic Multicast Router Configure a Static Multicast Router2. Verify the configuration CHAPTER High Availability„ “Uplink Failure Detection” on page BMD00041, NovemberFigure 10-1 Uplink Failure Detection example Uplink Failure DetectionSpanning Tree Protocol with UFD Failure Detection PairConfiguration guidelines „ Link to Monitor LtMMonitoring UFD Configuring UFD1. Configure Network Adapter Teaming on the servers 2. Assign the Link to Monitor LtM portsAPPENDIX A Troubleshooting„ “Monitoring Ports” on page BMD00041, NovemberFigure A-1 Monitoring Ports Monitoring PortsPort Mirroring behavior Configuring Port Mirroring2. Enable port mirroring 3. View the current configuration142 „ Appendix A Troubleshooting RackSwitch G8000 Application GuideBMD00041, November Index SymbolsNumerics