Juniper Networks EX2500

EX2500 Ethernet Switch Configuration Guide

78 Monitoring UFD

Contents

Main Configuration Guide Release 3.0 ii Table of Contents Part 1 EX2500 Ethernet Switch Applications Page Page Part 2 Appendixes Part 3 Indexes List of Figures Page List of Tables Page About This Guide Objectives Audience Supported Platforms xii Documentation Conventions Table 1: Notice Icons Icon Meaning Description Table 2: EX2500 Text and Syntax Conventions Convention Usage Examples List of Technical Publications Documentation Feedback Requesting Technical Support Self-Help Online Tools and Resources Opening a Case with JTAC Part 1 EX2500 Ethernet Switch Applications Page Chapter 1 Accessing the Switch Configuring the Management Interface Dynamic Host Configuration Protocol Using Telnet Using the EX2500 Web Device Manager Configuring EX2500 Web Device Manager Access via HTTP Configuring EX2500 Web Device Manager Access via HTTPS Using SNMP SNMPv1, SNMPv2 SNMPv3 Default Configuration User Configuration Configuring SNMP Trap Hosts SNMPv1 Trap Host Configuration SNMPv2 Trap Host Configuration SNMPv3 Trap Host Configuration Securing Access to the Switch RADIUS Authentication and Authorization How RADIUS Authentication Works Configuring RADIUS on the Switch RADIUS Authentication Features in the EX2500 Switch Switch User Accounts RADIUS Attributes for EX2500 User Privileges TACACS+ Authentication How TACACS+ Authentication Works TACACS+ Authentication Features in the EX2500 Switch Page Command Authorization and Logging Configuring TACACS+ Authentication on the Switch Secure Shell Configuring SSH Features on the Switch SSH Encryption of Management Messages Generating RSA Host and Server Keys for SSH Access SSH Integration with RADIUS and TACACS+ Authentication End User Access Control Considerations for Configuring End User Accounts User Access Control Listing Current Users Logging In to an End User Account Chapter 2 VLANs VLAN Overview VLANs and Port VLAN ID Numbers VLAN Numbers PVID Numbers VLAN Tagging Page Figure 2: Port-Based VLAN Assignment r o f B VLAN Topologies and Design Considerations VLAN Configuration Rules Multiple VLANs Configuration Example Page Private VLANs Private VLAN Ports Private VLAN Configuration Guidelines Private VLAN Configuration Example Chapter 3 Spanning Tree Protocol Spanning Tree Overview Bridge Protocol Data Units (BPDUs) Determining the Path for Forwarding BPDUs Bridge Priority Port Priority Port Path Cost Spanning Tree Group Configuration Guidelines Changing the Spanning Tree Mode Assigning a VLAN to a Spanning Tree Group Creating a VLAN Rules for VLAN Tagged Ports Adding and Removing Ports from STGs Rapid Spanning Tree Protocol Port State Changes Port Type and Link Type Edge Port Link Type RSTP Configuration Guidelines RSTP Configuration Example Per VLAN Rapid Spanning Tree Default Spanning Tree Configuration Why Do We Need Multiple Spanning Trees? PVRST Configuration Guidelines Configuring PVRST Multiple Spanning Tree Protocol MSTP Region Common Internal Spanning Tree MSTP Configuration Guidelines Multiple Spanning Tree Groups Configuration Example Fast Uplink Convergence Configuration Guidelines Configuring Fast Uplink Convergence Chapter 4 Ports and Trunking Trunking Overview Statistical Load Distribution Built-In Fault Tolerance Before Configuring Static Trunks Trunk Group Configuration Rules Port Trunking Configuration Example Page Configurable Trunk Hash Algorithm Link Aggregation Control Protocol Page LACP Configuration Guidelines Configuring LACP Optionally Reducing LACP Timeout Page Chapter 5 Quality of Service QoS Overview Using ACL Filters Ports ACL Filter Permit/Deny Classify Packets Perform Actions MAC Extended ACLs IP Standard ACLs IP Extended ACLs Understanding ACL Priority Port 1 access group ACL IP Extended 128: Port number = 80 Action = permit ACL IP Extended 129: Port number = 23 Action = deny ACL IP Extended 130: Port number = less than 100 Action = permit Assigning ACLs to a Port Viewing ACL Statistics ACL Configuration Examples ACL Example 1Blocking Traffic to a Host ACL Example 2Blocking Traffic from a Source to a Destination ACL Example 3Blocking HTTP Traffic ACL Example 4Blocking All Except Certain Packets Using Storm Control Filters Broadcast Storms Configuring Storm Control Using DSCP Values to Provide QoS Differentiated Services Concepts 7 6 5 4 3 2 1 0 Per Hop Behavior EX2500 Ethernet Switch Configuration Guide 62 QoS Levels ex2500# qos dscp transmit-queue <DSCP value (0-63)> <COSq (0-7)> DSCP Mapping Use the following command to turn on DSCP re-marking globally: ex2500# qos dscp enable Using 802.1p Priority to Provide QoS 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 Queuing and Scheduling Chapter 6 Remote Monitoring RMON Overview RMON Group 1Statistics RMON Group 2History History MIB Object ID Configuring RMON History RMON Group 3Alarms Alarm MIB Objects Configuring RMON Alarms RMON Group 9Events Page Chapter 7 IGMP IGMP Snooping FastLeave IGMPv3 Snooping IGMP Snooping Configuration Example Static Multicast Router Chapter 8 High Availability Through Uplink Failure Detection High Availability Overview Failure Detection Pair Spanning Tree Protocol with UFD UFD Configuration Guidelines UFD Configuration Example Monitoring UFD Page Page Page Appendix A Monitoring Ports with Port Mirroring Port Mirroring Overview Configuring Port Mirroring Page Page Index Numerics A B C H I J L M Q R S T U V W