Application Guide
RackSwitch G8000
Version
Part Number BMD00041, November
RackSwitch G8000 Application Guide
Chapter 1 Accessing the Switch
Contents
Chapter 2 Port-based Network Access Control
Preface
Chapter 5 Spanning Tree
Chapter 4 Ports and Trunking
Chapter 7 Remote Monitoring
Chapter 6 Quality of Service
Chapter 8 Basic IP Routing
Appendix A Troubleshooting
Chapter 9 IGMP
Chapter 10 High Availability
Figures
BMD00041, November
RackSwitch G8000 Application Guide
Tables
BMD00041, November
RackSwitch G8000 Application Guide
Who Should Use This Guide
Preface
What You’ll Find in This Guide
RackSwitch G8000 Application Guide
Typographic Conventions
Symbol
Table 1 Typographic Conventions
How to Get Help
CHAPTER
Accessing the Switch
“Configuring an IP Interface” on page “Using Telnet” on page
“Using the Browser-Based Interface” on page “Using SNMP” on page
1. Log on to the switch 2. Enter IP interface mode
Configuring an IP Interface
4. Configure the default gateway. Enable the gateway
Command Reference
Using Telnet
Configuring BBI access via HTTP
Using the Browser-Based Interface
Configuring BBI access via HTTPS
The BBI is organized at a high level as follows
Default configuration
Using SNMP
SNMP v1
SNMP
User configuration
RS G8000 config# snmp-server group 5 user-name admin
RackSwitch G8000 Application Guide
RS G8000 config# snmp-server group 5 group-name admingrp
22 Chapter 1 Accessing the Switch
SNMPv2 trap host configuration
Configuring SNMP Trap Hosts
SNMPv1 trap host
1. Configure an entry in the notify table
SNMPv3 trap host configuration
“RADIUS Authentication and Authorization” on page
Securing Access to the Switch
“TACACS+ Authentication” on page
“End User Access Control” on page
How RADIUS authentication works
RADIUS Authentication and Authorization
2. Configure the RADIUS secret and enable the feature
Configuring RADIUS
RADIUS authentication features in Blade OS
RADIUS Attributes for G8000 user privileges
Switch User Accounts
Vendor-supplied
Vendor-supplied
How TACACS+ authentication works
TACACS+ Authentication
Authorization
TACACS+ authentication features in Blade OS
RS G8000 config# tacacs-server privilege-mapping
Accounting
Command authorization and logging
RS G8000 config# tacacs-server command-authorization
RS G8000 config# tacacs-server command-logging
Configuring TACACS+ Authentication
2. Configure the TACACS+ secret and second secret
4. Configure the number of retry attempts, and the timeout period
Secure Shell
Configuring SSH features on the switch
SSH encryption of management messages
SSH Integration with RADIUS/TACACS+ Authentication
Generating RSA Host and Server Keys for SSH access
RS G8000 config# ssh generate-host-key
RS G8000 config# ssh generate-server-key
Considerations for configuring End User Accounts
End User Access Control
User Access Control
Setting up User IDs
Listing current Users
Defining a User’s access level
Logging into an End User account
Enabling or Disabling a User
38 Chapter 1 Accessing the Switch
RackSwitch G8000 Application Guide
BMD00041, November
“Extensible Authentication Protocol over LAN” on page
Port-based Network Access Control
“802.1X authentication process” on page
“Configuration guidelines” on page
Extensible Authentication Protocol over LAN
Port Unauthorized
802.1X authentication process
Port Authorized
EAPoL message exchange
Unauthorized
802.1X port states
Authorized
Force Unauthorized
RackSwitch G8000 Application Guide
Supported RADIUS attributes
44 Chapter 2 Port-based Network Access Control
Table 2 Support for RADIUS Attributes
Configuration guidelines
46 Chapter 2 Port-based Network Access Control
RackSwitch G8000 Application Guide
BMD00041, November
CHAPTER
VLANs
“VLANs and Port VLAN ID Numbers” on page “VLAN Tagging” on page
“VLAN Topologies and Design Considerations” on page
Overview
VLAN numbers
VLANs and Port VLAN ID Numbers
Viewing VLANs
PVID numbers
Viewing and Configuring PVIDs
VLAN Tagging
BS45010A
Figure 3-1 Default VLAN settings
Figure 3-3 802.1Q tagging after port-based VLAN assignment
Figure 3-2 Port-based VLAN assignment
Before
Figure 3-5 802.1Q tagging after 802.1Q tag assignment
Figure 3-4 802.1Q tag assignment
untagged packet
16 bits
VLAN Topologies and Design Considerations
VLAN configuration rules
Component
Multiple VLANs with Tagging Adapters
Description
Description
Component
1. Enable VLAN tagging on server ports that support multiple VLANs
VLAN configuration example
2. Enable tagging on uplink ports that support multiple VLANs
3. Configure the VLANs and their member ports
Private VLAN ports
Private VLANs
Configuration guidelines
Configuration example
1. Select a VLAN and define the Private VLAN type as primary
3. Verify the configuration
2. Configure a secondary VLAN and map it to the primary VLAN
RackSwitch G8000 Application Guide
enable
62 Chapter 3 VLANs
RackSwitch G8000 Application Guide
BMD00041, November
“Configurable Trunk Hash Algorithm” on page
Ports and Trunking
CHAPTER
““Overview” on page 64” “Port Trunking Example” on page
Statistical load distribution
Built-In fault tolerance
Overview
Static trunk group configuration rules
Before you configure static trunks
All trunk members must be in the same Spanning Tree Group STG and can belong to only one Spanning Tree Group STG. However if all ports are tagged, then all trunk ports can belong to multiple STGs
Trunk 3 Ports 2, 23, and
Port Trunking Example
Trunk 1 Ports 1, 7, and
1. Follow these steps on the G8000
3. Connect the switch ports that will be members in the trunk group
2. Repeat the process on the other switch
4. Examine the trunking information on each switch
RS G8000 config# portchannel 1 member 1,7,32
Configurable Trunk Hash Algorithm
Admin key
Link Aggregation Control Protocol
Each port on the switch can have one of the following LACP modes
Configuring LACP
LACP configuration guidelines
3. Set the LACP mode
CHAPTER
Spanning Tree
“Overview” on page “Rapid Spanning Tree Protocol” on page
“Per VLAN Rapid Spanning Tree” on page
Table 5-1 Ports, Trunk Groups, and VLANs
Overview
Determining the Path for Forwarding BPDUs
Bridge Protocol Data Units BPDUs
Bridge Priority
Changing the Spanning Tree mode
Spanning Tree Group configuration guidelines
Port Priority
Port Path Cost
Assigning a VLAN to a Spanning Tree Group
Rules for VLAN Tagged ports
Creating a VLAN
Adding and removing ports from STGs
BMD00041, November
RackSwitch G8000 Application Guide
Chapter 5 Spanning Tree
Port state changes
Rapid Spanning Tree Protocol
Port Type and Link Type
RSTP configuration guidelines
Edge Port
Link Type
Configure Rapid Spanning Tree
RSTP configuration example
1. Configure port and VLAN membership on the switch
2. Set the Spanning Tree mode to Rapid Spanning Tree
Per VLAN Rapid Spanning Tree
Default Spanning Tree configuration
Figure 5-1 Two VLANs on one Spanning Tree Group
Why do we need multiple Spanning Trees?
Figure 5-2 Two VLANs, each on a different Spanning Tree Group
Configuring PVRST
PVRST configuration guidelines
1. Set the Spanning-tree mode to PVRST+
MSTP Region
Multiple Spanning Tree Protocol
Common Internal Spanning Tree
MSTP configuration guidelines
Blocking VLAN
Passing VLAN
RackSwitch G8000 Application Guide
Blocking VLAN
2. Configure Multiple Spanning Tree Protocol
Configuring Multiple Spanning Tree Groups
enable
RackSwitch G8000 Application Guide
member
member
Configuring Fast Uplink Convergence
Configuration Guidelines
Fast Uplink Convergence
92 Chapter 5 Spanning Tree
RackSwitch G8000 Application Guide
BMD00041, November
“Overview” on page “Using ACL Filters” on page
Quality of Service
“Using Storm Control Filters” on page
“Using DSCP Values to Provide QoS” on page
Filter
Permit/Deny
COS Queue
Overview
MAC Extended ACLs
Using ACL Filters
IP Extended ACLs
IP Standard ACLs
RS G8000 config# access-list ip extended
RackSwitch G8000 Application Guide
RS G8000 config# no access-list ip extended
Table 6-1 Well-known protocol types
Assigning ACLs to a port
Understanding ACL priority
Port 1 access group ACL IP Extended
ACL IP Extended
Viewing ACL statistics
Example
ACL configuration examples
1. Configure an Access Control List
3. Verify the configuration
1. Configure an Access Control List
Use this configuration to block traffic from a network destined for a specific host address. All traffic that ingresses port 10 with source IP from the class 100.10.1.0/24 and destination IP 200.20.2.2 is denied
Example
2. Assign the ACL to port
1. Configure an Access Control List
1. Configure an Access Control List
RackSwitch G8000 Application Guide
config# ip access-list ip extended
4. Configure a MAC ACL to deny all other traffic
2. Configure IP ACLs to deny all other traffic
Example
RS G8000 config# interface port
RackSwitch G8000 Application Guide
RS G8000 config-if#
ip access-group 1103 in
Configuring storm control
Using Storm Control Filters
Broadcast storms
Differentiated Services Concepts
Using DSCP Values to Provide QoS
7 6 5 4
The switch can perform the following actions to the DSCP
Per Hop Behavior
Default QoS Service Levels
QoS Levels
RackSwitch G8000 Application Guide
Service Level
DSCP-to-802.1p mapping
Figure 6-3 Layer 2 802.1q/802.1p VLAN tagged packet
Using 802.1p Priority to Provide QoS
Queuing and Scheduling
802.1p configuration example
1. Configure a port’s default 802.1p priority value to
Overview
Remote Monitoring
CHAPTER
RMON group 1-Statistics
Configuring RMON statistics
1. Enable RMON on a port
2. Configure the RMON statistics on a port
History MIB Object ID
RMON group 2-History
RS G8000# show rmon history
Configuring RMON History
RMON group 3-Alarms
1. Enable RMON on a port
2. Configure the RMON History parameters for a port
Configuring RMON Alarms
Alarm MIB objects
Example
RMON group 9-Events
Configure RMON events
1. Configure the RMON Alarm parameters to track ICMP messages
1. Configure the RMON event parameters
“Dynamic Host Configuration Protocol” on page
Basic IP Routing
CHAPTER
“IP Routing Benefits” on page
IP Routing Benefits
Figure 8-1 The Router Legacy Network
Routing Between IP Subnets
Traffic to the router increases, increasing congestion
Figure 8-2 Switch-Based Routing Topology
Example of Subnet Routing
Configuration example
Using VLANs to segregate Broadcast Domains
2. Assign an IP interface for each subnet attached to the switch
Table 8-1 Subnet Routing Example IP Address Assignments
RackSwitch G8000 Application Guide
4. Add the switch ports to their respective VLANs
enable
enable
7. Enable IP routing
6. Configure the default gateway to the routers’ addresses
8. Verify the configuration
5. Assign a VLAN to each IP interface
Dynamic Host Configuration Protocol
128 Chapter 8 Basic IP Routing
RackSwitch G8000 Application Guide
BMD00041, November
CHAPTER
IGMP
“IGMP Snooping” on page “IGMPv3 Snooping” on page
“Static Multicast Router” on page
RS G8000 config# no ip igmp flood
IGMP Snooping
IGMPv3 Snooping
FastLeave
RS G8000 config# ip igmp fastleave VLAN number
Configure IGMP Snooping
IGMP Snooping configuration example
RS G8000 config# no ip igmp snoop igmpv3 exclude
RS G8000 config# ip igmp snoop igmpv3 sources
5. View dynamic IGMP information
RackSwitch G8000 Application Guide
RS G8000# show ip igmp groups
RS G8000# show ip igmp mrouter
Static Multicast Router
Configure a Static Multicast Router
2. Verify the configuration
CHAPTER
High Availability
“Uplink Failure Detection” on page
BMD00041, November
Figure 10-1 Uplink Failure Detection example
Uplink Failure Detection
Spanning Tree Protocol with UFD
Failure Detection Pair
Configuration guidelines
Link to Monitor LtM
Monitoring UFD
Configuring UFD
1. Configure Network Adapter Teaming on the servers
2. Assign the Link to Monitor LtM ports
APPENDIX A
Troubleshooting
“Monitoring Ports” on page
BMD00041, November
Figure A-1 Monitoring Ports
Monitoring Ports
Port Mirroring behavior
Configuring Port Mirroring
2. Enable port mirroring
3. View the current configuration
142 Appendix A Troubleshooting
RackSwitch G8000 Application Guide
BMD00041, November
Index
Symbols
Numerics