Sunfire B1600 - page 276

4-78 Sun Fire B1600 Blade System Chassis Switch Administration Guide •June 2003

Syntax

ip filter [rule-number]action protocol {source source-bitmask}

{destination destination-bitmask}[fragments][log]

The port number is not checked. The fragments option is allowed.

ip filter [rule-number]action protocol {source source-bitmask}[source-port-range]

{destination destination-bitmask}[destination-port-range][log]

The port number is checked; that is, if either source-port-range or destination-

port-range is specified, the fragments option is not allowed.

ip filter [rule-number]action tcp {source source-bitmask}[source-port-range]

{destination destination-bitmask}[destination-port-range ]

[code {{code code-bitmask}|code-keyword-seq}] [log]

Checks for tcp keyword. If found, the code option is allowed.

no ip filter {all |rule-number}

Deletes the specified rule number from the filter table.

■rule-number – Inserts a filter rule at the specified position in the table, pushing

any existing patterns at or below that location down in the table. A rule-

number cannot exceed the next available number in the table. If the rule-

number is not specified, a new pattern is appended to the end of the rule table.

The maximum number of rules is 128.

■action –{deny |permit}

Blocks or allows packets moving between the down-link ports and the

management port (NETMGT).

■protocol –{any |tcp |udp | number}

Indicates any protocol, TCP,UDP, or a specific protocol number (0 to 255).

■source source-bitmask – The frame’s source address and netmask.

■source-port-range – [number | start_number-end_number]

TCP/UDP source port or port range. (Range: 0 to 65,535)

■destination destination-bitmask – The frame’s destination address and netmask.

■destination-port-range – [number | start_number-end_number]

TCP/UDP destination port or port range. (Range: 0-65535)

■code

code – A decimal number (representing a bit string) that specifies flag bits in

byte 14 of the TCP header. (Range: 0-63)

code-bitmask – A decimal number (representing a bit mask) that is applied to

the code. Typea decimal number, where the equivalent binary bit “1” means

to match a bit and “0” means to ignore a bit. The following bits may be

specified:

Contents

Main Page Page Page Contents Page Page Page Page Page Page Page Page Page Page Page Page Page Preface Before You Read This Book How This Book Is Organized Page Typographic Conventions Related Documentation Accessing Sun Documentation Page Introduction 1.1 Overview 1.1.1 Switch Architecture 1.1.2 Ways of Accessing the Switch Management Application 1.2 Description of Hardware 1.2.1 Ethernet Ports 1.2.1.1 Up-link Ports Note Page 1.2.2 Status LEDs 1.3 Features of the Switch Page Page 1.4 Switch Default Settings Page Initial Configuration 2.1 Connecting to the Switch Interface 2.1.1 Configuration Options Note 2.1.1.1 Configuring the Switch Through the Built-in Switch Interfaces 2.2 Enabling SNMP Management Access 2.2.1 Community Strings Note 2.2.2 Trap Receivers Page Page General Management of the Switch 3.1 Using the Web Interface Note 3.1.1 Navigating the Web Browser Interface 3.1.1.1 Home Page 3.1.1.2 Configuration Options Note 3.1.2 Panel Display 3.1.3 Main Menu Page Page 3.2 Basic Configuration 3.2.1 Displaying System Information 3.2.1.1 Web Interface: Displaying and Specifying Identification Details Page 3.2.1.2 Command-line Interface: Displaying and Specifying Identification Details 3.2.1.3 MIB Variables: Identification Details Window 3.2.2 Setting the IP Address Note 3.2.2.1 Manual Configuration Web Interface: Specifying the Management VLAN and IP Details Page Command-line Interface: Specifying the Management VLAN and IP Details MIB Variables: Specifying the Management VLAN and IP Details 3.2.2.2 Using DHCP/BOOTP Web Interface: Using Dynamic IP Configuration Services Note Command-line Interface: Using Dynamic IP Configuration Services MIB variables: Using Dynamic IP Configuration Services 3.2.3 Displaying Switch Software Versions 3.2.3.1 Web Interface: Displaying Switch Software Version Information 3.2.3.2 Comand-line Interface: Displaying Switch Software Version Information Use the following command to display version information: 3.2.3.3 MIB Variables Associated With Software Version Information 3.2.4 Managing Firmware 3.2.4.1 Downloading Switch Firmware From a Server Web Interface: Downloading Switch Firmware Note Command-line Interface: Dowloading Switch Firmware MIB Variables Associated With Downloading Firmware To start new firmware,use the reload command to reboot the system. Page 3.2.5 Saving or Restoring Configuration Settings 3.2.5.1 Downloading Configuration Settings From a Server Web Interface: Downloading a File of Configuration Settings Command-line Interface: Downloading a File of Configuration Settings 4. Restart the switch. MIB Variables Associated With Downloading Configuration Settings 3.2.6 Configuring User Authentication Note 3.2.6.1 Web Interface: Configuring User Authentication Page 3.2.6.2 Command-line Interface: Configuring User Authentication 3.2.6.3 MIB variables Associated With User Authentication 3.2.7 Configuring SNMP 3.2.7.1 Configuring SNMP Access Web Interface: Adding and Removing Community Strings Page 3.2.7.2 Specifying Trap Managers and Trap Types Web Interface: Specifying Trap Management Stations Command-line Interface: Specifying Trap Management Stations MIB Variables Associated With Trap Management 3.3 Configuring Global Network Protocols 3.3.1 VLAN Configuration Page Note 3.3.1.1 Displaying Basic VLAN Information Web Interface: Displaying Basic VLAN Information Command-line Interface: Displaying Basic VLAN Information MIB Variables Associated With Basic VLAN Information Page 3.3.1.2 Enabling or Disabling GVRP (Global Setting) Web Interface: Enabling or Disabling GVRP (Global Setting) Command-line Interface: Enabling GVRP MIB Variables Associated With GVRP 3.3.1.3 Configuring VLANs Web Interface: Configuring VLANs Page 3-48 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Command-line Interface: VLAN Configuration The following sample commands create a new VLAN and display all VLAN information: MIB Variables Associated With VLAN Configuration 3.3.1.4 Adding Static Members to VLANs Web Interface: Adding Ports Manually to a VLAN Command-line Interface: Adding Ports Manually to a VLAN MIB Variables Associated With Adding Ports to a VLAN 3.3.2 Multicast Configuration 3.3.2.1 Configuring IGMP Snooping Parameters Note Web Interface: Configuring IGMP Snooping Parameters Page Command-line Interface: Configuring IGMP Snooping Parameters This example modifies the settings for multicast filtering, and then displays the current status. MIB Variables Associated With IGMP Parameters 3.3.2.2 Specifying Interfaces Connected to Multicast Routers Web Interface: Specifying Interfaces Connected to Multicast Routers Page Command-line Interface: Specifying Interfaces Connected to Multicast Routers MIB Variables Associated With Interfaces Connected to Multicast Routers Page 3.3.2.3 Configuring Multicast Services Web Interface: Configuring Multicast Services Page Command-line Interface: Configuring Multicast Services MIB Variables Associated With Configuring Multicast Servcies 3.3.3 Broadcast Storm Control (Global Setting) 3.3.3.1 Web Interface: Using Broadcast Storm Control Page Note MIB Variables Associated WithBroadcast Storm Control 3.3.4 Spanning Tree Algorithm Configuration 3.3.4.1 Configuring Basic STA Settings Page Web Interface: Configuring Basic STA Settings Page Command-line Interface: Configuring Basic STA Settings The following command displays global STA settings, followed by settings for each port. Note MIB Variables Associated With Basic STA Settings 32768 3.3.4.2 Configuring Advanced STA Settings Web Interface: Configuring Advanced STA Settings Note check that you have specified a transmission limit within the specified range. Command-line Interface: Configuring Advanced STA Settings This example sets the spanning tree path cost method and transmission limit. MIB variables Associated With Advanced STA Settings 3.3.5 Class of Service Configuration 3.3.5.1 Setting the Default Priority for Interfaces Web Interface: Configuring Class of Service Command-line Interface: Configuring Class of Service This example assigns a default priority of 5 to port NETP1. MIB Variables Associated With Class of Service 3.3.5.2 Mapping COS Values to Egress Queues Web Interface: Mapping COS Values to Traffic Classes Command-line Interface: Mapping COS Values to Traffic Classes MIB Variables Associated With Mapping COS Valuesto Traffic Queues 3.3.5.3 Setting the Service Weight for Traffic Classes Web Interace: Setting the Service Weight for Traffic Classes Command-line Interface: Setting the Service Weight for TrafficClasses MIB Variables: Setting the Service Weight for Traffic Classes 3.3.5.4 Mapping Layer 3/4 Priorities to COS Values Web Interface: Enabling Priority Services Command-line Interface: Enabling Priority Services MIB Variables Associated With Traffic Prioritisation 3.3.5.5 Mapping IP Precedence Web Interface: Mapping IP Precedence Command-line Interface: Mapping IP Precedence MIB Variables Associated With Mapping IP Precedence 3.3.5.6 Mapping DSCP Priority Web Interface: Mapping DSCP Priority Command-line Interface: Mapping DSCP Priority MIB Variables Associated With Mapping DSCP to CoS Values 3.3.6 Address Table Settings 3.3.6.1 Displaying the Address Table Web Interface: Viewing the Address Tables Command-line Interface: Viewing the Address Tables MIB Variables Associated With the Address Tables 3.3.6.2 Changing the Aging Time is discarded. The default is 300 seconds. Web Interface: Changing the Aging Time 1. Open Switch Config Address Tables. 2. Type the new aging time in the text field. 3. Click Save. Command-line Interface: Changing the Aging Time This example sets the aging time to 400 seconds. MIB Variables Associated With Aging Time 3.4 Port Configuration Note 3.4.1 Displaying Connection Status Web Interface: Displaying Connection Status for the Ports Page Command-line Interface: Displaying the Connection Status of a Port This example shows the connection status for Port NETP7. MIB Variables Associated With the Connection Status of Ports Page 3.4.2 Configuring Interface Connections Note 3.4.2.1 Web Interface: Configuring Interface Connections Page 3.4.2.2 Command-line Interface: Configuring Interface Connections Select the interface, and then enter the required settings. 3.4.2.3 MIB Variables Inspecting or Configuring Interface Connections Page 3.4.3 Configuring Aggregated Links 3.4.3.1 Dynamically Configuring an Aggregated Link with LACP Web Interface: Dynamic Aggregated Links (LACP) Note Command-line Interface: Dynamic Aggregated Links (LACP) The following example enables LACP for ports NETP0 and NETP1. These ports can be connected to two LACP-enabled ports on another switch to form an aggregated link. MIB Variables Associated With Dynamic Aggregated Links 3.4.3.2 Statically Configuring an Aggregated Link Web Interface: Statically Configuring an Aggregated Link Note Command-line Interface: Statically Configuring an Aggregated Link MIB Variables Associated With Static Aggregated Links 3.4.4 Configuring VLAN Behavior for Interfaces Note 3.4.4.1 Web Interface: Configuring VLAN Behavior for Interfaces Page 3.4.4.2 Command-line Interface: Configuring VLAN Behavior for Interfaces 3.4.4.3 MIB Variables Associated With VLAN Behavior of Interfaces Page Page 3.4.5 Configuring Static Addresses 3.4.5.1 Web Interface: Configuring Static Addresses 3.4.5.2 Command-line Interface: Configuring Static Addresses This example adds the same items to the static address table: 3.4.5.3 MIB Variables Associated With Static Addresses Page 3.4.6 Managing Interfaces for Spanning Tree Algorithm 3.4.6.1 Displaying the Current Interface Settings for STA Web Interface: Displaying the Current Interface Settings for STA Command-line Interface: Displaying the Current Interface Settings for STA This example shows the STA attributes for port NETP4: MIB Variables Associated With a PortsSTA Settings 3.4.6.2 Configuring Interface Settings for STA Note Web Interface: Configuring STA Settings for a Port Command-line Interface: Configuring STA Settings for a Port This example sets STP attributes for port NETP5. MIB Variables for Configuring a PortsSTA Settings 3.4.6.3 Checking the STA Protocol Status for Interfaces Web Interface: Checking the STA Protocol Status for Interfaces Command-line Interface: Checking the STA Protocol Status for an Interface MIB Variables Associated With a PortsSTA Status 3.4.7 Filtering Traffic From the Down Link Ports to the Management Port Note 3.4.7.1 Web Interface: Filtering Traffic to the Management Port Page 3.4.7.3 MIB Variables Associated With Filtering Traffic to the Management Port Port Port (Continued) 3.5 Monitoring Port and Management Traffic 3.5.1 Configuring Port Mirroring 3.5.1.1 Web Interface: Configuring Port Mirroring 3.5.1.2 Command-line Interface: Configuring Port Mirroring 3.5.1.3 MIB Variables Associated With Port Mirroring 3.5.2 Showing Port Statistics Note Page Page Page Page Chapter 3 General Management of the Switch 3-147 3.5.2.2 Command-line Interface: Viewing Port Statistics This example shows statistics for port SNP13. 3.5.2.3 MIB Variables Associated With Port Statistics Page Page Page 3.5.3 Showing SNMP Statistics 3.5.3.1 Web Interface: Viewing SNMP Statistics You can also use the Refreshbutton at the bottom of the page to update the screen. Page 3.5.3.2 Command-line Interface: Viewing SNMP Statistics This example shows SNMP statistics for the switch. 3.5.3.3 MIB Variables Associated With SNMP Statistics 3.5.4 Configuring Message Logs You can limit system log messages saved to switch memory based on severity 3.5.4.1 Web Interface: Configuring Message Logs 3.5.4.2 Command-line Interface: Configuring Message Logs 3.5.4.3 MIB Variables Associated With Message Logs Page Command-Line Reference 4.1 Using the Command-Line Interface 4.1.1 Accessing the CLI 4.1.1.1 Console Connection 4.1.1.2 Telnet Connection Note 4.1.2 Entering Commands 4.1.2.1 Keywords and Arguments Page 4.1.2.5 Showing Commands The command show interfaces ? displays the following information: 4.1.2.6 Partial Keyword Lookup 4.1.2.7 Negating the Effect of Commands 4.1.2.8 Using Command History 4.1.2.9 Understanding Command Modes 4.1.2.10 Exec Commands 4.1.2.11 Configuration Commands 4.1.2.12 Command-Line Processing 4.2 Command Groups The system commands can be broken down into the functional groups shown below. Page 4.3 Detailed Command Description 4.3.1 General Commands 4.3.1.1 enable 4.3.1.2 disable 4.3.1.3 configure 4.3.1.4 show history 4.3.1.5 reload Note 4.3.1.6 end 4.3.1.7 exit 4.3.1.8 quit 4.3.2 Flash/File Commands 4.3.2.1 copy Page The following example shows how to upload the configuration settings to a file on the TFTP server: The following example shows how to copy the running configuration to a file. Use this command to delete a file or image. The following example shows how to download a configuration file: 4.3.2.2 delete 4.3.2.3 dir Page 4.3.2.4 whichboot 4.3.2.5 boot system dir (4-23) whichboot (4-25) 4.3.3 System Management Commands Console(config)#boot system config: startup 4.3.3.1 hostname 4.3.3.2 username 4.3.3.3 enable password 4.3.3.4 ip http port 4.3.3.5 ip http server 4.3.3.6 jumbo frame 4.3.3.7 logging on 4.3.3.8 logging history 4.3.3.9 clear logging 4.3.3.10 show logging 4.3.3.11 show startup-config Page show running-config (4-40) 4.3.3.12 show running-config Use this command to display the configuration information currently in use. Page show startup-config (4-38) 4.3.3.13 show system Use this command to display system information. Normal Exec, Privileged Exec System Information on page 3-8. contact your distributor for assistance. 4.3.3.14 show users 4.3.3.15 show version 4.3.4 Authentication Commands 4.3.4.1 authentication login Page 4.3.4.2 radius-server host 4.3.4.3 radius-server port 4.3.4.4 radius-server key 4.3.4.5 radius-server retransmit 4.3.4.6 radius-server timeout 4.3.4.7 show radius-server 4.3.4.8 tacacs-server host 4.3.4.9 tacacs-server port 4.3.4.10 tacacs-server key 4.3.4.11 show tacacs-server Use this command to display the current settings for the TACACS server. Privileged Exec 4.3.5 SNMP Commands 4.3.5.1 snmp-server community 4.3.5.2 snmp-server contact 4.3.5.3 snmp-server location 4.3.5.4 snmp-server host Page 4.3.5.5 snmp-server enable traps 4.3.5.6 show snmp Page 4.3.6 Line Commands Note 4.3.6.1 line 4.3.6.2 login 4.3.6.3 password Page 4.3.6.4 exec-timeout 4.3.6.5 password-thresh 4.3.6.6 silent-time 4.3.6.7 show line 4.3.7 IP Commands 4.3.7.1 ip address Note 4.3.7.2 ip dhcp restart 4.3.7.3 ip dhcp client-identifier Note Page 4.3.7.4 ip default-gateway 4.3.7.5 show ip interface 4.3.7.6 show ip redirects 4.3.7.7 ping 4.3.7.8 ip filter Page Page Example Address filters Example Checking for fragments Example Checking for code values Example Checking for port numbers 4.3.7.9 show ip filter Page 4.3.8 Interface Commands 4.3.8.1 interface Use this command to configure an interface type and enter interface configuration mode. interface interface no interface port-channel channel-id interface 4.3.8.2 description 4.3.8.3 speed-duplex Note 4.3.8.4 negotiation 4.3.8.5 capabilities Page 4.3.8.6 flowcontrol Note Page 4.3.8.7 shutdown 4.3.8.8 switchport broadcast packet-rate Page 4.3.8.9 clear counters 4.3.8.10 show interfaces status Page 4.3.8.11 show interfaces counters 4.3.8.12 show interfaces switchport Use this command to display advanced interface configuration settings. Page This example shows the configuration setting for Ethernet port NETP7. 4.3.9 Address Table Commands 4.3.9.1 mac-address-table static 4.3.9.2 clear mac-address-table dynamic 4.3.9.3 show mac-address-table 4.3.9.4 mac-address-table aging-time 4.3.9.5 show mac-address-table aging-time 4.3.10 Port Security Commands 4.3.10.1 port security Page 4.3.11 Spanning Tree Commands 4.3.11.1 spanning-tree 4.3.11.2 spanning-tree mode 4.3.11.3 spanning-tree forward-time 4.3.11.4 spanning-tree hello-time 4.3.11.5 spanning-tree max-age 4.3.11.6 spanning-tree priority 4.3.11.7 spanning-tree pathcost method 4.3.11.8 spanning-tree transmission-limit 4.3.11.9 spanning-tree cost Page 4.3.11.10 spanning-tree port-priority 4.3.11.11 spanning-tree edge-port 4.3.11.12 spanning-tree protocol-migration 4.3.11.13 spanning-tree link-type 4.3.11.14 show spanning-tree Page 4.3.12 VLAN Commands 4.3.12.1 vlan database 4.3.12.2 vlan Page 4.3.12.3 interface vlan 4.3.12.4 switchport mode 4.3.12.5 switchport acceptable-frame-types 4.3.12.6 switchport ingress-filtering 4.3.12.7 switchport native vlan 4.3.12.8 switchport allowed vlan Note Page 4.3.12.9 switchport forbidden vlan 4.3.12.10 show vlan The following example shows how to display information for VLAN 1: 4.3.13 GVRP and Bridge Extension Commands 4.3.13.1 switchport gvrp 4.3.13.2 show gvrp configuration 4.3.13.3 garp timer Note 4.3.13.4 show garp timer 4.3.13.5 bridge-ext gvrp 4.3.13.6 show bridge-ext Page 4.3.14 IGMP Snooping Commands 4.3.14.1 ip igmp snooping Use this command to enable IGMP snooping on this switch. Use the no form to disable it. Global Configuration ip igmp snooping no ip igmp snooping Disabled 4.3.14.2 ip igmp snooping vlan static 4.3.14.3 ip igmp snooping version 4.3.14.4 show ip igmp snooping 4.3.14.5 show mac-address-table multicast 4.3.14.6 ip igmp snooping querier 4.3.14.7 ip igmp snooping query-count 4.3.14.8 ip igmp snooping query-interval 4.3.14.9 ip igmp snooping query-max-response-time 4.3.14.10 ip igmp snooping router-port-expire-time 4.3.14.11 ip igmp snooping vlan mrouter 4.3.14.12 show ip igmp snooping mrouter 4.3.15 Priority Commands 4.3.15.1 switchport priority default 4.3.15.2 queue bandwidth 4.3.15.3 queue cos-map Page 4.3.15.4 show queue bandwidth 4.3.15.5 show queue cos-map 4.3.15.6 map ip precedence (Global Configuration) 4.3.15.7 map ip precedence (Interface Configuration) 4.3.15.8 map ip dscp (Global Configuration) 4.3.15.9 map ip dscp (Interface Configuration) 4.3.15.10 show map ip precedence 4.3.15.11 show map ip dscp Privileged Exec map ip dscp (Global Configuration) (4-159) map ip dscp (Interface Configuration) (4-160) 4.3.16 Mirror Port Commands 4.3.16.1 port monitor 4.3.16.2 show port monitor 4.3.17 Link Aggregation Commands Guidelines for Creating Aggregated Links 4.3.17.1 channel-group 4.3.17.2 lacp Page Page Management Information Base A.1 Supported MIBs The standard MIBs are listed in the following table. The Sun private enterprise MIB is listed below. A.2 Supported Traps Sun private enterprise traps supported include the following item: SNMP traps supported include the following items: Page Troubleshooting B.1 Diagnosing Switch Indicators B.2 Diagnosing Port Connections B.3 Accessing the Management Interface Page B.4 Using System Logs B.4.1 Log Messages B.5 Error Messages B.5.1 Command-Line Error Detection B.5.2 System Errors B.5.3 Command Line Errors Page Page B.5.4 Web Interface Errors Page Page Page Page Page Specifications C.1 Switch Architecture C.2 Management Features C.3 Physical C.4 Power C.5 Environmental C.6 Standards Page Page Glossary Page Page Page Page Page Index A B C D I J L M P T U V W