Manuals / Brands / Computer Equipment / Switch / Brocade Communications Systems / Computer Equipment / Switch

Brocade Communications Systems 6650 Limiting the number of hops an IPv6 packet can traverse, IPv6 source routing security enhancements, Clearing global IPv6 information

1 330

Download 330 pages, 2.86 Mb

138 Brocade ICX 6650 Administration Guide

53-1002600-01

Limiting the number of hops an IPv6 packet can traverse

5

If you attempt to add an entry that already exists in the neighbor discovery cache, the software

changes the already existing entry to a static entry.

To remove a static IPv6 entry from the IPv6 neighbor discovery cache, use the no form of this

command.

Limiting the number of hops an IPv6 packet can traverse

By default, the maximum number of hops an IPv6 packet can traverse is 64. You can change this

value to between 0 – 255 hops. For example, to change the maximum number of hops to 70, enter

the following command.

Brocade(config)#ipv6 hop-limit 70

Syntax: [no] ipv6 hop-limit <number>

Use the no form of the command to restore the default value.

hop-limit 0 will transmit packets with default (64) hop limit.

<number> can be from 0 – 255.

IPv6 source routing security enhancements

The IPv6 specification (RFC 2460) specifies support for IPv6 source-routed packets using a type 0

Routing extension header, requiring device and host to process the type 0 routing extension

header. However, this requirement may leave a network open to a DoS attack.

A security enhancement disables sending IPv6 source-routed packets to IPv6 devices. (This

enhancement conforms to RFC 5095.)

By default, when the router drops a source-routed packet, it sends an ICMP Parameter Problem

(type 4), Header Error (code 0) message to the packet's source address, pointing to the

unrecognized routing type. To disable these ICMP error messages, enter the following command:

Brocade(config)# no ipv6 icmp source-route

Syntax: [no] ipv6 icmp source-route

Use the ipv6 icmp source-route form of the command to enable the ICMP error messages.

Clearing global IPv6 information

You can clear the following global IPv6 information:

•Entries from the IPv6 cache.

•Entries from the IPv6 neighbor table.

•IPv6 routes from the IPv6 route table.

•IPv6 traffic statistics.

Contents

Main Brocade Communications Systems, Incorporated Document History Brocade ICX 6650 Administration Guide 53-1002600-01 New document September 2012 Title Publication number Summary of changes Date Contents About This Document Chapter 1 Management Applications Chapter 2 Basic Software Features Chapter 3 Operations, Administration, and Maintenance Chapter 4 Ports on Demand Licensing Chapter 5 IPv6 Configuration on Brocade ICX 6650 Switch Chapter 6 SNMP Access Chapter 7 Foundry Discovery Protocol (FDP) and Cisco Discovery Protocol (CDP) Packets Chapter 8 LLDP and LLDP-MED Chapter 9 Hardware Component Monitoring Chapter 10 Syslog Chapter 11 Network Monitoring Page Page About This Document Audience Supported hardware and software Brocade ICX 6650 slot and port numbering Document conventions Text formatting Command syntax conventions Notes, cautions, and warnings ATTENTION Notice to the reader Related publications Additional information Brocade resources Other industry resources Getting technical help Document feedback Page Management Applications Management port overview How the management port works CLI Commands for use with the management port Logging on through the CLI Online help Command completion Scroll control Line editing commands Using slot number, and port number with CLI commands TABLE 2 CLI nomenclature on Brocade ICX 6650 models Searching and filtering output from CLI commands Searching and filtering output from Show commands Searching and filtering output at the --More-- prompt Using special characters in regular expressions TABLE 3 Using slot number, and port number with CLI commands 1 TABLE 3 Character Operation Creating an alias for a CLI command Configuration notes for creating a command alias Page Page Basic Software Features TABLE 4 Feature Brocade ICX 6650 Basic System Parameters Basic Port Parameters Basic system parameter configuration TABLE 4 Entering system administration information SNMP parameter configuration Specifying an SNMP trap receiver Specifying a single trap source Setting the SNMP trap holddown time Disabling SNMP traps Displaying virtual routing interface statistics Disabling Syslog messages and traps for CLI access Cancelling an outbound Telnet session Specifying an SNTP server TABLE 5 Specifying an SNTP server To display detailed information about SNTP associations, enter the show sntp associations details TABLE 6 Configuring the device as an SNTP server TABLE 7 Page Displaying SNTP server information Enabling broadcast mode for an SNTP client TABLE 8 Setting the system clock New start and end dates for US daylight saving time Limiting broadcast, multicast, and unknown unicast traffic CLI banner configuration Setting a message of the day banner Requiring users to press the Enter key after the message of the day banner Setting a privileged EXEC CLI level banner Displaying a console message when an incoming Telnet session is detected Local MAC address for Layer 2 management traffic Basic port parameter configuration Assigning a port name Port speed and duplex mode modification Port speed and duplex mode configuration syntax Downgrading the Brocade ICX 6650 front panel ports from 10 GbE to 1 GbE port speed Enabling auto-negotiation maximum port speed advertisement and down-shift Maximum port speed application notes Modifying port duplex mode Port duplex mode configuration syntax Disabling or re-enabling a port Flow control configuration Flow control configuration notes Disabling or re-enabling flow control Negotiation and advertisement of flow control Displaying flow-control status Symmetric flow control on Brocade ICX 6650 devices About XON and XOFF thresholds Configuration notes and feature limitations for symmetric flow control - - - Interpacket Gap (IPG) on a Brocade ICX 6650 switch IPG configuration notes Changing the Gbps fiber negotiation mode Port priority (QoS) modification Port flap dampening configuration Port flap dampening configuration notes Configuring port flap dampening on an interface Configuring port flap dampening on a trunk Re-enabling a port disabled by port flap dampening Displaying ports configured with port flap dampening Basic port parameter configuration Syslog messages for port flap dampening The following Syslog messages are generated for port flap dampening. down to up has been exceeded, the following Syslog message is displayed. is displayed. TABLE 10 Port loop detection Types of loop detection Recovering disabled ports Port loopback detection configuration notes Enabling loop detection Configuring a global loop detection interval Configuring the device to automatically re-enable ports Specifying the recovery time interval Clearing loop-detection Displaying loop-detection information Displaying loop detection resource information TABLE 11 Basic port parameter configuration 2 Displaying loop detection configuration status on an interface The Errdisable function logs a message whenever it re-enables a port. Syslog message due to disabled port in loop detection TABLE 11 Page Operations, Administration, and Maintenance OAM Overview Software versions installed and running on a device Determining the flash image version running on the device Brocade ICX 6650 devices Displaying the boot image version running on the device Displaying the image versions installed in flash memory Flash image verification Flash image CLI commands Image file types Software upgrades Viewing the contents of flash files TABLE 13 Using SNMP to upgrade software Using SNMP to upgrade software Page Software reboot Software boot configuration notes Displaying the boot preference Loading and saving configuration files saved in flash. To display this file, enter the show configuration command at any CLI prompt. Replacing the startup configuration with the running configuration Replacing the running configuration with the startup configuration Logging changes to the startup-config file Copying a configuration file to or from a TFTP server Dynamic configuration loading Dynamic configuration usage considerations Preparing the configuration file Page Loading the configuration information into the running-config Maximum file sizes for startup-config file and running-config Loading and saving configuration files with IPv6 Using the IPv6 copy command Copying a file to an IPv6 TFTP server Copying a file from flash memory Copying a file from the running or startup configuration Copying a file from an IPv6 TFTP server Copying a file to flash memory Copying a file to the running or startup configuration IPv6 ncopy command Copying a primary or secondary boot Image from flash memory to an IPv6 TFTP server Copying the running or startup configuration to an IPv6 TFTP server IPv6 TFTP server file upload Uploading a primary or secondary boot image from an IPv6 TFTP server Uploading a running or startup configuration from an IPv6 TFTP server Using SNMP to save and load configuration information Erasing image and configuration files System reload scheduling Reloading at a specific time Reloading after a specific amount of time Displaying the amount of time remaining before a scheduled reload Canceling a scheduled reload Diagnostic error codes and remedies for TFTP transfers Network connectivity testing Pinging an IPv4 address Page Tracing an IPv4 route Page Ports on Demand Licensing Ports on Demand Overview Ports on Demand terminology - PoD licensing rules PoD licensing configuration tasks Obtaining a PoD license TABLE 15 Page Page Page FIGURE 4 Viewing PoD licensing information from the Brocade software portal Page Transferring a PoD license Syslog message information Ports on Demand Licensing Front panel PoD Rear panel Flexible Ports on Demand FIGURE 8 PoD licenses Ports on Demand Licensing Enabling ports on the front panel TABLE 17 License SKU License Name Function Page Deleting a ICX6650-10G-LIC-POD license Enabling ports on the rear panel Page Disabling the FPoD ports on the rear panel Ports on Demand Licensing Syntax: show pod Deleting a 10 GbE or 40 GbE license Viewing information about PoD licenses Viewing the LID and the software packages installed in the device Viewing information about PoD licenses Displaying general license information for PoD ports Syntax: show license TABLE 18 Displaying the license configuration for PoD ports for the Brocade ICX 6650 TABLE 19 Viewing information about PoD licenses 4 TABLE 20 Configuration considerations when configuring PoD for Brocade ICX 6650 devices - - - Viewing information about PoD licenses 4 Page IPv6 Configuration on Brocade ICX 6650 Switch IPv6 Configuration on Brocade ICX 6650 Switch this guide: TABLE 21 Feature Brocade ICX 6650 Full Layer 3 IPv6 feature support IPv6 addressing overview IPv6 address types IPv6 addressing overview 5 TABLE 22 Address Description Address structure IPv6 CLI command support TABLE 23 IPv6 CLI command support 5 TABLE 23 IPv6 command Description Switch code Router code IPv6 host address on a Layer 2 switch TABLE 23 Configuring a global or site-local IPv6 address with a manually configured interface ID Configuring a link-local IPv6 address as a system-wide address for a switch Configuring the management port for an IPv6 automatic address configuration Configuring basic IPv6 connectivity on a Layer 3 switch Enabling IPv6 routing IPv6 configuration on each router interface Configuring a global or site-local IPv6 address on an interface Configuring a link-local IPv6 address on an interface Configuring an IPv6 anycast address on an interface Configuring IPv4 and IPv6 protocol stacks IPv6 management on Brocade ICX 6650 devices (IPv6 host support) Configuring IPv6 management ACLs Restricting SNMP access to an IPv6 node Specifying an IPv6 SNMP trap receiver Configuring SNMP V3 over IPv6 Configuring SNTP over IPv6 Secure Shell, SCP, and IPv6 IPv6 Telnet Establishing a Telnet session from an IPv6 host IPv6 traceroute Configuring name-to-IPv6 address resolution using IPv6 DNS resolver Defining an IPv6 DNS entry Pinging an IPv6 address Configuring an IPv6 Syslog server Viewing IPv6 SNMP server addresses Disabling router advertisement and solicitation messages Disabling IPv6 on a Layer 2 switch Static IPv6 route configuration Configuring a static IPv6 route Static IPv6 route configuration TABLE 24 Parameter Configuration details Status IPv6 over IPv4 tunnels FIGURE 10 IPv6 over IPv4 tunnel configuration notes Clearing IPv6 tunnel statistics Displaying IPv6 tunnel information Displaying a summary of tunnel information Displaying tunnel interface information TABLE 25 IPv6 over IPv4 tunnels Displaying interface level IPv6 settings TABLE 26 IPv6 over IPv4 tunnels 5 ECMP load sharing for IPv6 Disabling or re-enabling ECMP load sharing for IPv6 Changing the maximum load sharing paths for IPv6 Enabling support for network-based ECMP load sharing for IPv6 Displaying ECMP load-sharing information for IPv6 IPv6 ICMP feature configuration Configuring ICMP rate limiting Enabling IPv6 ICMP redirect messages IPv6 neighbor discovery configuration IPv6 neighbor discovery configuration notes Neighbor solicitation and advertisement messages Router advertisement and solicitation messages Neighbor redirect messages Setting neighbor solicitation parameters for duplicate address detection Setting IPv6 router advertisement parameters Page Prefixes advertised in IPv6 router advertisement messages Setting flags in IPv6 router advertisement messages Enabling and disabling IPv6 router advertisements Configuring reachable time for remote IPv6 nodes IPv6 MTU Configuration notes and feature limitations for IPv6 MTU Changing the IPv6 MTU Static neighbor entries configuration Limiting the number of hops an IPv6 packet can traverse IPv6 source routing security enhancements Clearing global IPv6 information Clearing the IPv6 cache Clearing IPv6 neighbor information Clearing IPv6 routes from the IPv6 route table Displaying global IPv6 information Displaying IPv6 cache information Displaying IPv6 interface information TABLE 28 TABLE 29 TABLE 30 Displaying IPv6 neighbor information TABLE 31 Displaying the IPv6 route table TABLE 31 Displaying local IPv6 routers TABLE 32 TABLE 33 Displaying IPv6 TCP information TABLE 34 Syntax: show ipv6 tcp connections TABLE 35 TABLE 35 TABLE 36 Displaying IPv6 traffic statistics To display IPv6 traffic statistics, enter the following command at any CLI level. Syntax: show ipv6 traffic This show ipv6 traffic command displays the following information. IPv6 statistics Page Page Page SNMP Access SNMP overview SNMP community strings Encryption of SNMP community strings Adding an SNMP community string Page Displaying the SNMP community strings User-based security model Configuring your NMS Configuring SNMP version 3 on Brocade ICX 6650 devices Defining the engine id Defining an SNMP group Defining an SNMP user account Page Defining SNMP views SNMP version 3 traps Defining an SNMP group and specifying which view is notified of traps Defining the UDP port for SNMP v3 traps Trap MIB changes Backward compatibility with SMIv1 trap format Specifying an IPv6 host as an SNMP trap receiver SNMP v3 over IPv6 Restricting SNMP Access to an IPv6 Node Specifying an IPv6 host as an SNMP trap receiver Viewing IPv6 SNMP server addresses Displaying SNMP Information Displaying the Engine ID Displaying SNMP groups Displaying user information Interpreting varbinds in report packets SNMP v3 configuration examples 6 SNMP v3 configuration examples The following sections present examples of how to configure SNMP v3. Simple SNMP v3 configuration More detailed SNMP v3 configuration Varbind object Identifier Description Page Foundry Discovery Protocol (FDP) and Cisco Discovery Protocol (CDP) Packets FDP Overview TABLE 38 FDP configuration Enabling FDP globally Enabling FDP at the interface level Specifying the IP management address to advertise Changing the FDP update timer Displaying FDP information Displaying neighbor information FDP Overview To display detailed information, enter the show fdp neighbor detail command. TABLE 39 This line... Displays... FDP Overview 7 The show fdp neighbor detail command displays the following information. Displaying FDP entries TABLE 40 Displaying FDP information for an interface Displaying FDP and CDP statistics Clearing FDP and CDP information Clearing FDP and CDP neighbor information Clearing FDP and CDP statistics CDP packets Enabling interception of CDP packets globally Enabling interception of CDP packets on an interface Displaying CDP information Displaying neighbors CDP packets 7 Syntax: show fdp entry * | <device-id> Displaying CDP entries To display CDP entries for all neighbors, enter the show fdp entry command. Displaying CDP statistics Clearing CDP information LLDP and LLDP-MED LLDP terms used in this chapter TABLE 41 LLDP overview FIGURE 11 Benefits of LLDP LLDP-MED overview FIGURE 12 Benefits of LLDP-MED LLDP-MED class General LLDP operating principles LLDP operating modes LLDP transmit mode LLDP receive mode LLDP packets FIGURE 13 TLV support LLDP TLVs LLDP-MED TLVs Mandatory TLVs TABLE 42 FIGURE 14 TABLE 43 FIGURE 15 MIB support Syslog messages LLDP configuration LLDP configuration notes and considerations TABLE 44 Enabling and disabling LLDP Enabling support for tagged LLDP packets Changing a port LLDP operating mode Page Maximum number of LLDP neighbors Specifying the maximum number of LLDP neighbors per device Specifying the maximum number of LLDP neighbors per port Enabling LLDP SNMP notifications and Syslog messages Specifying the minimum time between SNMP traps and Syslog messages Changing the minimum time between LLDP transmissions Changing the interval between regular LLDP transmissions Changing the holdtime multiplier for transmit TTL Changing the minimum time between port reinitializations LLDP TLVs advertised by the Brocade device General system information for LLDP Page Page 802.1 capabilities 802.3 capabilities Page LLDP-MED configuration Enabling LLDP-MED Enabling SNMP notifications and Syslog messages for LLDP-MED topology changes TABLE 45 Changing the fast start repeat count Defining a location id Coordinate-based location Configuring civic address location LLDP-MED configuration TABLE 46 Civic Address (CA) Description Acceptable values / examples LLDP-MED configuration 8 TABLE 46 Description Acceptable values / examples Civic Address (CA) Configuring emergency call service TABLE 46 Defining an LLDP-MED network policy LLDP-MED network policy configuration syntax Page LLDP-MED attributes advertised by the Brocade device LLDP-MED capabilities Displaying LLDP statistics and configuration settings LLDP configuration summary Displaying LLDP statistics LLDP-MED attributes advertised by the Brocade device Syntax: show lldp statistics LLDP-MED attributes advertised by the Brocade device 8 Displaying LLDP neighbors Displaying LLDP neighbors detail Displaying LLDP configuration details Resetting LLDP statistics Clearing cached LLDP neighbor information Hardware Component Monitoring Digital optical monitoring Digital optical monitoring configuration limitations Enabling digital optical monitoring TABLE 47 Setting the alarm interval Displaying information about installed media Digital optical monitoring 9 Use the show media slot command to obtain information about the media device installed in a slot. Viewing optical monitoring information Viewing optical transceiver thresholds TABLE 48 TABLE 49 Syslog messages for optical transceivers Syslog TABLE 50 About Syslog messages Displaying Syslog messages Enabling real-time display of Syslog messages Enabling real-time display for a Telnet or SSH session Displaying real-time Syslog messages Syslog service configuration Displaying the Syslog configuration Static and dynamic buffers TABLE 51 Clearing log entries Time stamps Disabling or re-enabling Syslog Specifying a Syslog server Specifying an additional Syslog server Disabling logging of a message level Changing the number of entries the local buffer can hold Local buffer configuration notes Changing the log facility Displaying interface names in Syslog messages Displaying TCP or UDP port numbers in Syslog messages Retaining Syslog messages after a soft reboot Syslog reboot configuration considerations Clearing the Syslog messages from the local buffer Network Monitoring Basic system management Viewing system information TABLE 52 Viewing configuration information Viewing port statistics TABLE 53 Basic system management Statistics TABLE 53 Parameter Description Basic system management 11 Viewing STP statistics TABLE 53 Parameter Description Clearing statistics Basic system management 11 Viewing egress queue counters Clearing the egress queue counters RMON support Maximum number of entries allowed in the RMON control table TABLE 54 Statistics (RMON group 1) TABLE 55 RMON support History (RMON group 2) Alarm (RMON group 3) Event (RMON group 9) sFlow sFlow version 5 sFlow support for IPv6 packets Extended router information Extended gateway information sFlow configuration considerations sFlow and hardware support sFlow and CPU utilization sFlow and source address sFlow and source port Configuring and enabling sFlow Specifying the collector Changing the polling interval Changing the sampling rate Page Page Page Changing the sFlow source port Enabling sFlow forwarding Command syntax for enabling sFlow forwarding sFlow version 5 feature configuration Egress interface ID for sampled broadcast and multicast packets Specifying the sFlow version format Specifying the sFlow agent IP address Specifying the version used for exporting sFlow data Specifying the maximum flow sample size Exporting CPU and memory usage information to the sFlow collector Exporting CPU-directed data (management traffic) to the sFlow collector Displaying sFlow information sFlow Syntax: show sflow The show sflow command displays the following information. TABLE 56 Clearing sFlow statistics TABLE 56 Utilization list for an uplink port Utilization list for an uplink port command syntax Displaying utilization percentages for an uplink Page Appendix A Syslog messages TABLE 57 Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Appendix B NIAP-CCEVS Certification NIAP-CCEVS certified Brocade equipment and Ironware releases Local user password changes TABLE 58 Page Index B C Page Page D E F I L M N O P R S Page T V