Application Guide
Alteon OS Application Guide
Contents
Port-based Network Access Control
Rapid Spanning Tree Protocol/Multiple Spanning Tree Protocol
Part 2 IP Routing
Border Gateway Protocol
Part 3 High Availability Fundamentals
Part 4 Appendices
Alteon OS Application Guide
Figures
3Two trunks, one Failover Trigger
Tables
Alteon OS Application Guide
Preface
Who Should Use This Guide
Part 1 Basic Switching
What You’ll Find in This Guide
Part 3 High Availability Fundamentals
Typographic Conventions
AaBbCc123
How to Get Help
Alteon OS Application Guide 20 „ Preface
Part 1 Basic Switching
Alteon OS Application Guide
Accessing the Switch
Management module setup
Factory-Default vs. MM assigned IP Addresses
Default Gateway
Configuring management module for switch access
1Switch management on the BladeCenter management module
Alteon OS Application Guide
External management port setup
Configuring the external management interface
Enable port EXT7
Using Telnet
Connect to the Switch via SSH
Bootp Relay Agent
Telnet switch IP address -m-mgt-e-ext7-d-data
Configuring the Bootp Relay Agent
# /cfg/l3/bootp
# /cfg/l3/if interface number/relay ena
Dhcp Relay Agent Configuration
Dhcp Relay Agent
32 „ Accessing the Switch
Using the Browser-Based Interface
Configuring BBI Access via Http
Configuring BBI Access via Https
Cfg/sys/access/https/generate
† TACACS+ † Ldap † NTP
† FDB
Using Snmp
Snmp
Cfg/sys/ssnmp/rcomm Cfg/sys/ssnmp/wcomm
Cfg/sys/ssnmp/trsrc
Default configuration
User Configuration
View based Configurations
CLI User equivalent
Configuring Snmp Trap Hosts
Configure a user with no authentication and password
SNMPv1 trap host
Configure an entry in the notify table
Sys/ssnmp/snmpv3/tparam x/uname
SNMPv2 trap host configuration
SNMPv3 trap host configuration
42 „ Accessing the Switch
Securing Access to the Switch
Radius Authentication and Authorization
How Radius Authentication Works
Configuring Radius on the Switch
Configure the Radius secret
Main# /cfg/sys/radius
Prisrv
Secsrv
Radius Authentication Features in Alteon OS
Switch User Accounts
Radius Attributes for Alteon OS User Privileges
TACACS+ Authentication
How TACACS+ Authentication Works
TACACS+ Authentication Features in Alteon OS
Authorization
4Default TACACS+ Authorization Levels
Command Authorization and Logging
Accounting
Cfg/sys/tacacs/chpassp
Cfg/sys/tacacs/chpasss
Configuring TACACS+ Authentication on the Switch
Configure the TACACS+ secret and second secret
Apply and save the configuration
Main# /cfg/sys/tacacs+
Ldap Authentication and Authorization
Configuring the Ldap Server
Configuring Ldap Authentication on the Switch
Configure the domain name
Main# /cfg/sys/ldap
Secure Shell and Secure Copy
Configuring SSH/SCP features on the switch
# /cfg/sys/sshd/on
# /cfg/sys/sshd/off
# /cfg/sys/sshd/dis
Configuring the SCP Administrator Password
Using SSH and SCP Client Commands
Ssh 205.178.15.157 Login-name
# scp scpadmin@205.178.15.157getcfg ad4.cfg
To apply and save the configuration
# scp ad4.cfg scpadmin@205.178.15.157putcfg
SSH and SCP Encryption of Management Messages
Generating RSA Host and Server Keys for SSH Access
Cfg/sys/sshd/hkeygen
Cfg/sys/sshd/skeygen
SSH/SCP Integration with Radius Authentication
SSH/SCP Integration with TACACS+ Authentication
End User Access Control
Considerations for Configuring End User Accounts
Strong Passwords
User Access Control Menu
# /cfg/sys/access/user
# /cfg/sys/access/user/uid
Name user1
Passwd
# cur
# /cfg/sys/access/user/cur
Listing Current Users
Logging into an End User Account
Alteon OS Application Guide 42C4911, January
Alteon OS Application Guide 66 „ Accessing the Switch
Port-based Network Access Control
Extensible Authentication Protocol over LAN
802.1x Authentication Process
Port Unauthorized
EAPoL Message Exchange
802.1x Port States
„ Unauthorized
„ Authorized
„ Force Unauthorized
Supported Radius Attributes
Support for Radius Attributes
Configuration Guidelines
42C4911, January
VLANs
Overview
VLANs and Port Vlan ID Numbers
Vlan Numbers
Pvid Numbers
Viewing VLANs
Viewing and Configuring PVIDs
Cfg/port INT7/pvid
Alteon OS Application Guide
Vlan Tagging
1Default Vlan settings
2Port-based Vlan assignment
4802.1Q tag assignment
Vlan configuration rules
Vlan Topologies and Design Considerations
Example 1 Multiple VLANs with Tagging Adapters
Component Description
86 „ VLANs
Protocol-based VLANs
Port-based vs. Protocol-based VLANs
Pvlan Priority Levels
Pvlan Tagging
Pvlan Configuration Guidelines
Configuring Pvlan
Configure the priority value for the protocol
Cfg/l2/vlan
Configure Vlan tagging for ports
Enable the Pvlan
Add member ports for this Pvlan
Verify Pvlan operation
Info/l2/vlan
Alteon OS Application Guide 92 „ VLANs
Ports and Trunking
1Port Trunk Group
Built-In Fault Tolerance
Before you configure static trunks
Statistical Load Distribution
Trunk group configuration rules
Example below, three ports are trunked between two switches
Port Trunking Example
Repeat the process on the other switch
Examine the trunking information on each switch
Info/l2/trunk
Configurable Trunk Hash Algorithm
Admin key
Link Aggregation Control Protocol
102 „ Ports and Trunking
Configuring Lacp
Alteon OS Application Guide 104 „ Ports and Trunking
Spanning Tree Group
1Ports, Trunk Groups, and VLANs
Bridge Protocol Data Units BPDUs
Determining the Path for Forwarding BPDUs
Bridge Priority
Port Priority
Spanning Tree Group configuration guidelines
Port Path Cost
Adding a Vlan to a Spanning Tree Group
Creating a Vlan
Rules for Vlan Tagged ports
Adding and removing ports from STGs
Default Spanning Tree configuration
Multiple Spanning Trees
Why Do We Need Multiple Spanning Trees?
Switch-Centric Spanning Tree Group
Vlan Participation in Spanning Tree Groups
2Implementing Multiple Spanning Tree Groups
Configuring Multiple Spanning Tree Groups
Configure the following on application switch a
Configure the following on GbE Switch Module B
# /cfg/l2/vlan2
Configure the following on application switch C
# /cfg/l2/vlan3
Configuring Port Fast Forwarding
Port Fast Forwarding
# /cfg/port ext1
Fastfwd ena
Configuring Fast Uplink Convergence
Fast Uplink Convergence
# /cfg/l2/upfast ena
# apply
Rapid Spanning Tree Protocol/Multiple Spanning Tree Protocol
Rapid Spanning Tree Protocol
Port State Changes
Rstp Configuration Guidelines
Port Type and Link Type
Edge Port
Link Type
Rstp Configuration Example
Configure Rapid Spanning Tree
Set the Spanning Tree mode to Rapid Spanning Tree
Configure STP Group 1 parameters
Multiple Spanning Tree Protocol
Mstp Region
Common Internal Spanning Tree
Mstp Configuration Guidelines
Mstp Configuration Example
Configure Multiple Spanning Tree Protocol
Assign VLANs to Spanning Tree Groups
Quality of Service
ACL
Quality of Service „
Using ACL Filters
Summary of packet classifiers
2Well-Known Application Ports
Summary of ACL Actions
Understanding ACL Precedence
Using ACL Groups
„ Access Control Lists
„ Access Control Groups
ACL Metering and Re-marking
Viewing ACL Statistics
Metering
Re-Marking
ACL Configuration Examples
Configure an Access Control List
Example
Add ACL 1 to port EXT1
Add ACL 3 to port EXT1
ACL 3# ipv4/sip 100.10.1.0
ACL 3# action deny
Using Dscp Values to Provide QoS
Differentiated Services Concepts
Per Hop Behavior
Dscp
Default QoS Service Levels
QoS Levels
Dscp Re-marking and Mapping
Dscp Re-marking Configuration Example
Enable Dscp re-marking on a port
Main# cfg/qos/dscp/on
Main# cfg/port EXT1
Using 802.1p Priorities to Provide QoS
3Layer 2 802.1q/802.1p Vlan tagged packet
802.1p Configuration Example
Configure a port’s default 802.1p priority
Queuing and Scheduling
Port EXT1# 8021ppri
Part 2 IP Routing
142 42C4911, January
Basic IP Routing
IP Routing Benefits
Routing Between IP Subnets
1The Router Legacy Network
2Switch-Based Routing Topology
Alteon OS Application Guide
Example of Subnet Routing
1Subnet Routing Example IP Address Assignments
# /cfg/l3/if
# addr
# ../if
Using VLANs to Segregate Broadcast Domains
Add the switch ports to their respective VLANs
Add each IP interface to the appropriate Vlan
Vlan 3# /cfg/l3/if
Vlan
# /info/vlan
Dynamic Host Configuration Protocol
Dhcp Relay Agent
Dhcp Relay Agent Configuration
Routing Information Protocol
Distance Vector Protocol
Stability
Routing Updates
RIPv1
RIPv2
RIPv2 in RIPv1 compatibility mode
RIP Features
Triggered updates
Poison
RIP Configuration Example
Default
Authentication
Metric
Turn on RIP globally and enable RIP for each interface
Add VLANs for routing interfaces
Add IP interfaces to VLANs
42C4911, January
Igmp
Igmp Snooping
Igmp Snooping Configuration Example
Configure Igmp Snooping
Add VLANs to Igmp Snooping and enable the feature
View dynamic Igmp information
Configure a Static Multicast Router
Apply, verify, and save the configuration
Static Multicast Router
Cfg/l3/igmp/mrouter
Igmp Relay
Configure Igmp Relay
Configure an IP interface and assign VLANs
Enable Igmp Relay and add VLANs to the downstream network
Configure the upstream Mrouters
Multicast Router Apply
Additional Igmp Features
Configuring the Range
FastLeave
Igmp Filtering
Configuring the Action
Configure Igmp Filtering
Enable Igmp Filtering on the switch
Define an Igmp filter
Assign the Igmp filter to a port
Filt ena
Border Gateway Protocol
Internal Routing Versus External Routing
1iBGP and eBGP
Forming BGP Peer Routers
What is a Route Map?
# /cfg/l3/rmap
2Distributing Network Filters in Access Lists and Route Maps
Incoming and Outgoing Route Maps
Configuration Overview
Precedence
Define network filter
Optional Configure the attributes in the AS filter menu
Set up the BGP attributes
Enable the route map
Assign the route map to a peer router
Aggregating Routes
Redistributing Routes
BGP Attributes
Local Preference Attribute
Metric Multi-Exit Discriminator Attribute
Selecting Route Paths in BGP
BGP Failover Configuration
3BGP Failover Configuration Example
Enable IP forwarding
Define the VLANs
Define the IP interfaces
Configure BGP peer router 1
On the switch, apply and save your configuration changes
Default Redistribution and Route Aggregation Example
# /cfg/l3/bgp
Configure internal peer router 1 and external peer router
Configure redistribution for Peer
Configure aggregation policy control
Ospf
Ospf Overview
Types of Ospf Areas
Nssa
Types of Ospf Routing Devices
2OSPF Domain and an Autonomous System
Neighbors and Adjacencies
Link-State Database
Shortest Path First Tree
Internal Versus External Routing
Configurable Parameters
Ospf Implementation in Alteon OS
Defining Areas
Assigning the Area Index
Using the Area ID to Assign the Ospf Area Number
Attaching an Area to a Network
Electing the Designated Router and Backup
Interface Cost
Summarizing Routes
Default Routes
# /cfg/l3/ospf/default metric value metric type 1 or
Virtual Links
# /cfg/l3/ospf/aindex area index/type transit
Authentication
Router ID
Enable Ospf authentication for Area 0 on switches 1, 2,
# /cfg/l3/ospf/if
Enable Ospf authentication for Area 2 on switch
Enable Ospf MD5 authentication for Area 0 on switches 1, 2,
Configure MD5 key ID for Area 0 on switches 1, 2,
Assign MD5 key ID to Ospf interfaces on switches 1, 2,
Assign MD5 key ID to Ospf virtual link on switches 2
Host Routes for Load Balancing
Ospf Features Not Supported in This Release
Ospf Configuration Examples
Configure IP interfaces
Optional Configure the router ID
Enable Ospf
# enable
Example 1 Simple Ospf Domain
# /cfg/l3/if # addr
Apply and save the configuration changes
Define the backbone
Define the stub area
Attach the network interface to the backbone
Configuring Ospf for a Virtual Link on Switch #1
Configure the router ID
Example 2 Virtual Links
IP # /cfg/l3/ospf/on
Configure the virtual link
Define the transit area
Attach the network interface to the transit area
Configuring Ospf for a Virtual Link on Switch #2
# ../aindex
Other Virtual Link Options
Example 3 Summarizing Routes
7Summarizing Routes
# ena
Verifying Ospf Configuration
36.128.192.0
36.128.200.0
Alteon OS Application Guide 214 „ Ospf
Part 3 High Availability Fundamentals
216 42C4911, January
High Availability
Layer 2 Failover
Vlan Monitor
Setting the Failover Limit
L2 Failover with Other Features
Spanning Tree Protocol
L2 Failover Configurations
InternetI t t
2Two trunks, each in a different Failover Trigger
3Two trunks, one Failover Trigger
Configuring Trunk Failover
Configure Failover parameters
# /cfg/failovr/on
Vrrp Overview
Vrrp Components
Virtual Router
Virtual Router MAC Address
Master and Backup Virtual Router
Virtual Interface Router
Vrrp Operation
Selecting the Master Vrrp Router
4A Non-VRRP, Hot-Standby Configuration
Failover Methods
Active-Active Redundancy
5Active-Active Redundancy
Hot-Standby Redundancy
Virtual Router Group
Alteon OS extensions to Vrrp
Tracking Vrrp Router Priority
Configuring the Switch for Tracking
Virtual Router Deployment Considerations
Assigning Vrrp Virtual Router ID
232 „ High Availability
High Availability Configurations
Active-Active Configuration
Task 1 Configure GbESM
Configure client and server interfaces
Turn on Vrrp and configure two Virtual Interface Routers
Configure ports
Turn off Spanning Tree Protocol globally
Task 2 Configure GbESM
Cfg/l3/vrrp/vr
Hot-Standby Configuration
8Hot-Standby Configuration
Configure Virtual Interface Routers
Enable Vrrp Hot Standby
Router Group# track/ports enaEnable tracking on ports
242 „ High Availability
Part 4 Appendices
244 42C4911, January
Troubleshooting
Monitoring Ports
Figure A-1Monitoring Ports
Port Mirroring behavior
Layer 2 Port Mirroring
248 „ Appendix a Troubleshooting
Layer 3 Port Mirroring Both Ports in Different GEAs
/info/geaport command
Configuring Port Mirroring
Enable port mirroring
Specify the monitoring port
Select the ports that you want to mirror
View the current configuration
PortMirroring # cur
Radius Server Configuration Notes
„ @alteon.dct
Glossary
Translation
Vrid Virtual Router
Index
Numerics
Icmp
188
Snmp
