Part Number BMD00041, November
RackSwitch G8000
Application Guide
Version
RackSwitch G8000 Application Guide
Preface
Contents
Chapter 1 Accessing the Switch
Chapter 2 Port-based Network Access Control
Chapter 5 Spanning Tree
Chapter 4 Ports and Trunking
Chapter 7 Remote Monitoring
Chapter 6 Quality of Service
Chapter 10 High Availability
Appendix A Troubleshooting
Chapter 8 Basic IP Routing
Chapter 9 IGMP
Figures
BMD00041, November
RackSwitch G8000 Application Guide
Tables
BMD00041, November
RackSwitch G8000 Application Guide
Who Should Use This Guide
Preface
What You’ll Find in This Guide
Table 1 Typographic Conventions
Typographic Conventions
RackSwitch G8000 Application Guide
Symbol
How to Get Help
“Using the Browser-Based Interface” on page “Using SNMP” on page
Accessing the Switch
CHAPTER
“Configuring an IP Interface” on page “Using Telnet” on page
Command Reference
Configuring an IP Interface
1. Log on to the switch 2. Enter IP interface mode
4. Configure the default gateway. Enable the gateway
Using Telnet
Configuring BBI access via HTTPS
Using the Browser-Based Interface
Configuring BBI access via HTTP
The BBI is organized at a high level as follows
SNMP
Using SNMP
Default configuration
SNMP v1
User configuration
22 Chapter 1 Accessing the Switch
RackSwitch G8000 Application Guide
RS G8000 config# snmp-server group 5 user-name admin
RS G8000 config# snmp-server group 5 group-name admingrp
1. Configure an entry in the notify table
Configuring SNMP Trap Hosts
SNMPv2 trap host configuration
SNMPv1 trap host
SNMPv3 trap host configuration
“End User Access Control” on page
Securing Access to the Switch
“RADIUS Authentication and Authorization” on page
“TACACS+ Authentication” on page
How RADIUS authentication works
RADIUS Authentication and Authorization
2. Configure the RADIUS secret and enable the feature
Configuring RADIUS
RADIUS authentication features in Blade OS
Vendor-supplied
Switch User Accounts
RADIUS Attributes for G8000 user privileges
Vendor-supplied
How TACACS+ authentication works
TACACS+ Authentication
RS G8000 config# tacacs-server privilege-mapping
TACACS+ authentication features in Blade OS
Authorization
RS G8000 config# tacacs-server command-authorization
Command authorization and logging
Accounting
4. Configure the number of retry attempts, and the timeout period
Configuring TACACS+ Authentication
RS G8000 config# tacacs-server command-logging
2. Configure the TACACS+ secret and second secret
SSH encryption of management messages
Configuring SSH features on the switch
Secure Shell
RS G8000 config# ssh generate-server-key
Generating RSA Host and Server Keys for SSH access
SSH Integration with RADIUS/TACACS+ Authentication
RS G8000 config# ssh generate-host-key
Setting up User IDs
End User Access Control
Considerations for configuring End User Accounts
User Access Control
Enabling or Disabling a User
Defining a User’s access level
Listing current Users
Logging into an End User account
BMD00041, November
RackSwitch G8000 Application Guide
38 Chapter 1 Accessing the Switch
“Configuration guidelines” on page
Port-based Network Access Control
“Extensible Authentication Protocol over LAN” on page
“802.1X authentication process” on page
Extensible Authentication Protocol over LAN
Port Authorized
802.1X authentication process
Port Unauthorized
EAPoL message exchange
Force Unauthorized
802.1X port states
Unauthorized
Authorized
Table 2 Support for RADIUS Attributes
Supported RADIUS attributes
RackSwitch G8000 Application Guide
44 Chapter 2 Port-based Network Access Control
Configuration guidelines
BMD00041, November
RackSwitch G8000 Application Guide
46 Chapter 2 Port-based Network Access Control
“VLAN Topologies and Design Considerations” on page
VLANs
CHAPTER
“VLANs and Port VLAN ID Numbers” on page “VLAN Tagging” on page
Overview
Viewing VLANs
VLANs and Port VLAN ID Numbers
VLAN numbers
PVID numbers
Viewing and Configuring PVIDs
VLAN Tagging
BS45010A
Figure 3-1 Default VLAN settings
Before
Figure 3-2 Port-based VLAN assignment
Figure 3-3 802.1Q tagging after port-based VLAN assignment
16 bits
Figure 3-4 802.1Q tag assignment
Figure 3-5 802.1Q tagging after 802.1Q tag assignment
untagged packet
VLAN Topologies and Design Considerations
VLAN configuration rules
Description
Multiple VLANs with Tagging Adapters
Component
Description
Component
3. Configure the VLANs and their member ports
VLAN configuration example
1. Enable VLAN tagging on server ports that support multiple VLANs
2. Enable tagging on uplink ports that support multiple VLANs
Private VLAN ports
Private VLANs
1. Select a VLAN and define the Private VLAN type as primary
Configuration example
Configuration guidelines
enable
2. Configure a secondary VLAN and map it to the primary VLAN
3. Verify the configuration
RackSwitch G8000 Application Guide
BMD00041, November
RackSwitch G8000 Application Guide
62 Chapter 3 VLANs
““Overview” on page 64” “Port Trunking Example” on page
Ports and Trunking
“Configurable Trunk Hash Algorithm” on page
CHAPTER
Overview
Built-In fault tolerance
Statistical load distribution
Static trunk group configuration rules
Before you configure static trunks
All trunk members must be in the same Spanning Tree Group STG and can belong to only one Spanning Tree Group STG. However if all ports are tagged, then all trunk ports can belong to multiple STGs
1. Follow these steps on the G8000
Port Trunking Example
Trunk 3 Ports 2, 23, and
Trunk 1 Ports 1, 7, and
RS G8000 config# portchannel 1 member 1,7,32
2. Repeat the process on the other switch
3. Connect the switch ports that will be members in the trunk group
4. Examine the trunking information on each switch
Configurable Trunk Hash Algorithm
Admin key
Link Aggregation Control Protocol
Each port on the switch can have one of the following LACP modes
3. Set the LACP mode
LACP configuration guidelines
Configuring LACP
“Per VLAN Rapid Spanning Tree” on page
Spanning Tree
CHAPTER
“Overview” on page “Rapid Spanning Tree Protocol” on page
Table 5-1 Ports, Trunk Groups, and VLANs
Overview
Bridge Priority
Bridge Protocol Data Units BPDUs
Determining the Path for Forwarding BPDUs
Port Path Cost
Spanning Tree Group configuration guidelines
Changing the Spanning Tree mode
Port Priority
Assigning a VLAN to a Spanning Tree Group
Adding and removing ports from STGs
Creating a VLAN
Rules for VLAN Tagged ports
Chapter 5 Spanning Tree
RackSwitch G8000 Application Guide
BMD00041, November
Port state changes
Rapid Spanning Tree Protocol
Link Type
RSTP configuration guidelines
Port Type and Link Type
Edge Port
2. Set the Spanning Tree mode to Rapid Spanning Tree
RSTP configuration example
Configure Rapid Spanning Tree
1. Configure port and VLAN membership on the switch
Per VLAN Rapid Spanning Tree
Default Spanning Tree configuration
Figure 5-2 Two VLANs, each on a different Spanning Tree Group
Why do we need multiple Spanning Trees?
Figure 5-1 Two VLANs on one Spanning Tree Group
1. Set the Spanning-tree mode to PVRST+
PVRST configuration guidelines
Configuring PVRST
Common Internal Spanning Tree
Multiple Spanning Tree Protocol
MSTP Region
MSTP configuration guidelines
Blocking VLAN
Passing VLAN
Blocking VLAN
RackSwitch G8000 Application Guide
2. Configure Multiple Spanning Tree Protocol
Configuring Multiple Spanning Tree Groups
member
RackSwitch G8000 Application Guide
enable
member
Fast Uplink Convergence
Configuration Guidelines
Configuring Fast Uplink Convergence
BMD00041, November
RackSwitch G8000 Application Guide
92 Chapter 5 Spanning Tree
“Using DSCP Values to Provide QoS” on page
Quality of Service
“Overview” on page “Using ACL Filters” on page
“Using Storm Control Filters” on page
Overview
Permit/Deny
Filter
COS Queue
MAC Extended ACLs
Using ACL Filters
IP Extended ACLs
IP Standard ACLs
Table 6-1 Well-known protocol types
RackSwitch G8000 Application Guide
RS G8000 config# access-list ip extended
RS G8000 config# no access-list ip extended
ACL IP Extended
Understanding ACL priority
Assigning ACLs to a port
Port 1 access group ACL IP Extended
Viewing ACL statistics
3. Verify the configuration
ACL configuration examples
Example
1. Configure an Access Control List
2. Assign the ACL to port
Use this configuration to block traffic from a network destined for a specific host address. All traffic that ingresses port 10 with source IP from the class 100.10.1.0/24 and destination IP 200.20.2.2 is denied
1. Configure an Access Control List
Example
config# ip access-list ip extended
1. Configure an Access Control List
1. Configure an Access Control List
RackSwitch G8000 Application Guide
Example
2. Configure IP ACLs to deny all other traffic
4. Configure a MAC ACL to deny all other traffic
ip access-group 1103 in
RackSwitch G8000 Application Guide
RS G8000 config# interface port
RS G8000 config-if#
Broadcast storms
Using Storm Control Filters
Configuring storm control
7 6 5 4
Using DSCP Values to Provide QoS
Differentiated Services Concepts
The switch can perform the following actions to the DSCP
Per Hop Behavior
Service Level
QoS Levels
Default QoS Service Levels
RackSwitch G8000 Application Guide
DSCP-to-802.1p mapping
Figure 6-3 Layer 2 802.1q/802.1p VLAN tagged packet
Using 802.1p Priority to Provide QoS
1. Configure a port’s default 802.1p priority value to
802.1p configuration example
Queuing and Scheduling
CHAPTER
Remote Monitoring
Overview
2. Configure the RMON statistics on a port
Configuring RMON statistics
RMON group 1-Statistics
1. Enable RMON on a port
RS G8000# show rmon history
RMON group 2-History
History MIB Object ID
2. Configure the RMON History parameters for a port
RMON group 3-Alarms
Configuring RMON History
1. Enable RMON on a port
Example
Alarm MIB objects
Configuring RMON Alarms
1. Configure the RMON event parameters
Configure RMON events
RMON group 9-Events
1. Configure the RMON Alarm parameters to track ICMP messages
“IP Routing Benefits” on page
Basic IP Routing
“Dynamic Host Configuration Protocol” on page
CHAPTER
IP Routing Benefits
Figure 8-1 The Router Legacy Network
Routing Between IP Subnets
Traffic to the router increases, increasing congestion
Figure 8-2 Switch-Based Routing Topology
Example of Subnet Routing
Table 8-1 Subnet Routing Example IP Address Assignments
Using VLANs to segregate Broadcast Domains
Configuration example
2. Assign an IP interface for each subnet attached to the switch
enable
4. Add the switch ports to their respective VLANs
RackSwitch G8000 Application Guide
enable
5. Assign a VLAN to each IP interface
6. Configure the default gateway to the routers’ addresses
7. Enable IP routing
8. Verify the configuration
Dynamic Host Configuration Protocol
BMD00041, November
RackSwitch G8000 Application Guide
128 Chapter 8 Basic IP Routing
“Static Multicast Router” on page
IGMP
CHAPTER
“IGMP Snooping” on page “IGMPv3 Snooping” on page
RS G8000 config# no ip igmp flood
IGMP Snooping
RS G8000 config# ip igmp fastleave VLAN number
FastLeave
IGMPv3 Snooping
RS G8000 config# ip igmp snoop igmpv3 sources
IGMP Snooping configuration example
Configure IGMP Snooping
RS G8000 config# no ip igmp snoop igmpv3 exclude
RS G8000# show ip igmp mrouter
RackSwitch G8000 Application Guide
5. View dynamic IGMP information
RS G8000# show ip igmp groups
2. Verify the configuration
Configure a Static Multicast Router
Static Multicast Router
BMD00041, November
High Availability
CHAPTER
“Uplink Failure Detection” on page
Figure 10-1 Uplink Failure Detection example
Uplink Failure Detection
Link to Monitor LtM
Failure Detection Pair
Spanning Tree Protocol with UFD
Configuration guidelines
2. Assign the Link to Monitor LtM ports
Configuring UFD
Monitoring UFD
1. Configure Network Adapter Teaming on the servers
BMD00041, November
Troubleshooting
APPENDIX A
“Monitoring Ports” on page
Figure A-1 Monitoring Ports
Monitoring Ports
3. View the current configuration
Configuring Port Mirroring
Port Mirroring behavior
2. Enable port mirroring
BMD00041, November
RackSwitch G8000 Application Guide
142 Appendix A Troubleshooting
Numerics
Symbols
Index