Example Address filters | Sunfire B1600 specs

SYN flag valid, use code 2 2

Both SYN and ACK valid, use code 18 18

SYN valid and ACK invalid, use code 2 18

Example – Address filters

This example allows all packets to pass through the filter by permitting any protocol type, and using a null address and network mask for both the source address and destination address.

Console(config)#ip filter permit any 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0

Console(config)#

This accepts any incoming packets if the source address is within subnet 10.7.1.x. For example, if the rule is matched; that is, the rule (10.7.1.1 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), the packet passes through.

Console(config)#ip filter permit any 10.7.1.1 255.255.255.0

0.0.0.00.0.0.0

Console(config)#

Example – Checking for fragments

This example blocks all fragments and logs the matching packets in the log.

Console(config)#ip filter deny any 0.0.0.0 0.0.0.0 0.0.0.0

0.0.0.0fragment log

Console(config)#

Example – Checking for code values

This blocks all TCP packets from class C addresses 192.168.1.0 with SYN set.

Console(config)#ip filter deny tcp 192.168.1.0 255.255.255.0

0.0.0.00.0.0.0 code syn Console(config)#

4-80Sun Fire B1600 Blade System Chassis Switch Administration Guide • June 2003

Image 278

Sunfire B1600 manual Example Address filters, Example Checking for fragments, Example Checking for code values

Contents

Page Page Page Page Contents General Management of the Switch Contents Page Contents Command-Line Reference Contents Page Contents Page Contents Management Information Base A-1 Glossary Glossary-1 Index Index-1 Page Before You Read This Book How This Book Is OrganizedPage Typographic Conventions Accessing Sun DocumentationEnable Related Documentation Contacting Sun Technical Support Sun Welcomes Your Comments Introduction Overview Switch ArchitectureWays of Accessing the Switch Management Application Up-link Ports Description of HardwareEthernet Ports Internal Ports Status LEDs SSC Exterior Panel Port LEDs Features of the Switch Introduction Page Switch Default Settings 2Switch Default Settings ARP Initial Configuration Sc console sscn/swt Connecting to the Switch InterfaceConfiguration Options Enabling Snmp Management Access Community Strings Trap Receivers Blade System Chassis Software Setup Guide Page General Management of the Switch Using the Web Interface Navigating the Web Browser Interface Home Panel Display Configuration Options1Web Page Configuration Buttons 2Summary of Tasks You Can Perform Using the Web Agent Main Menu 102 134 Basic Configuration Displaying System Information 3Switch Setup ⇒ System Identity Window Pass MIB Variables Identification Details Setting the IP Address Manual Configuration Web Interface Specifying the Management Vlan and IP Details 5Open Switch Setup ⇒ Network Identity Window MIB Variables Specifying the Management Vlan and IP Details Consoleconfig-if#ip address 10.1.0.2Consoleconfig#ip default-gateway Using DHCP/BOOTP Web Interface Using Dynamic IP Configuration Services Console#ip dhcp restart Console#show ip interface Console#ip dhcp restart Displaying Switch Software Versions MIB variables Using Dynamic IP Configuration Services Use the following command to display version information Console#show version MIB Variables Associated With Software Version Information 6MIB Versions Associated With Software Version Information Managing Firmware Downloading Switch Firmware From a ServerWeb Interface Downloading Switch Firmware Command-line Interface Dowloading Switch Firmware Console#copy tftp file Consoleconfig#boot system opcodeMIB Variables Associated With Downloading Firmware 7MIB Variables Associated With Downloading Firmware Supported Web Interface Downloading a File of Configuration Settings Saving or Restoring Configuration SettingsDownloading Configuration Settings From a Server Page Consoleconfig#boot system config startup-new Configuring User Authentication Applies only to Radius server authentication Web Interface Configuring User Authentication To configure authentication parameters for local access Command-line Interface Configuring User Authentication 9MIB Variables Associated With User Authentication Configuring SnmpMIB variables Associated With User Authentication Configuring Snmp Access Web Interface Adding and Removing Community Strings Consoleconfig#snmp-server community blueberry rw MIB Variables Associated With Community Strings Specifying Trap Managers and Trap Types Web Interface Specifying Trap Management Stations Command-line Interface Specifying Trap Management Stations MIB Variables Associated With Trap Management 10MIB Variables Associated With Trap Management Configuring Global Network Protocols Vlan ConfigurationPage Displaying Basic Vlan Information Web Interface Displaying Basic Vlan Information Command-line Interface Displaying Basic Vlan Information Console#show bridge-ext MIB Variables Associated With Basic Vlan Information 11MIB Variables Associated With Basic Vlan Information MIB-II Command-line Interface Enabling Gvrp Enabling or Disabling Gvrp Global SettingWeb Interface Enabling or Disabling Gvrp Global Setting MIB Variables Associated With Gvrp Configuring VLANsWeb Interface Configuring VLANs 12MIB Variables Associated With Gvrp See Adding Static Members to VLANs on Command-line Interface Vlan Configuration Vlan MIB Variables Associated With Vlan Configuration 13MIB Variables Associated With Vlan Configuration Adding Static Members to VLANs Port list Web Interface Adding Ports Manually to a Vlan Command-line Interface Adding Ports Manually to a Vlan 18The Switch Config ⇒ VLANs Window MIB Variables Associated With Adding Ports to a Vlan 14MIB Variables Associated With Adding Ports to a Vlan Multicast Configuration Configuring Igmp Snooping Parameters Web Interface Configuring Igmp Snooping Parameters 19The Switch Config ⇒ Broadcast & Multicast Window Command-line Interface Configuring Igmp Snooping Parameters Console#show ip igmp snooping 15MIB Variables Associated With Igmp Parameters Specifying Interfaces Connected to Multicast RoutersMIB Variables Associated With Igmp Parameters Page General Management of the Switch Consoleconfig#ip igmp snooping vlan 1 mrouter ethernet NETP0 Console#show ip igmp snooping mrouter vlan Read/create Octet string Multicast Router Configuring Multicast Services Web Interface Configuring Multicast Services General Management of the Switch Command-line Interface Configuring Multicast Services MIB Variables Associated With Configuring Multicast Servcies Broadcast Storm Control Global Setting Web Interface Using Broadcast Storm Control Command-line Interface Using Broadcast Storm Control MIB Variables Associated With Broadcast Storm Control 18MIB Variables Associated With Broadcast Storm Control Spanning Tree Algorithm Configuration Configuring Basic STA Settings General Management of the Switch Web Interface Configuring Basic STA Settings General Management of the Switch Command-line Interface Configuring Basic STA Settings Consoleconfig#spanning-tree mode rst MIB Variables Associated With Basic STA Settings 19MIB Variables Associated With Basic STA Settings Configuring Advanced STA Settings Web Interface Configuring Advanced STA Settings 20MIB Variables Associated With Advanced STA Settings Command-line Interface Configuring Advanced STA SettingsMIB variables Associated With Advanced STA Settings Web Interface Configuring Class of Service Class of Service ConfigurationSetting the Default Priority for Interfaces Command-line Interface Configuring Class of Service 25The Switch Config ⇒ Class of Service 22IEEE 802.1p Default Priority Recommendations MIB Variables Associated With Class of Service21MIB Variables Associated With Class of Service Mapping COS Values to Egress Queues Web Interface Mapping COS Values to Traffic Classes 23IEEE 802.1p Traffic Types Command-line Interface Mapping COS Values to Traffic Classes Console#show queue cos-map ethernet NETP0 Traffic Class Setting the Service Weight for Traffic Classes Web Interace Setting the Service Weight for Traffic Classes Mapping Layer 3/4 Priorities to COS Values Console#show queue bandwidth Queue ID Weight25Setting the Service Weight for Traffic Classes Consoleconfig#map ip precedence Web Interface Enabling Priority ServicesCommand-line Interface Enabling Priority Services MIB Variables Associated With Traffic Prioritisation Consoleconfig#no map ip precedenceMapping IP Precedence 26MIB Variables Associated With Traffic Prioritization Web Interface Mapping IP Precedence Console#show map ip precedence ethernet SNP5 Command-line Interface Mapping IP PrecedenceMIB Variables Associated With Mapping IP Precedence 28MIB Variables Associated With Mapping IP Precedence Web Interface Mapping Dscp Priority 29Default Dscp to COS MappingMapping Dscp Priority Console#show map ip dscp ethernet SNP5 Command-line Interface Mapping Dscp PriorityConsoleconfig#interface ethernet SNP5 MIB Variables Associated With Mapping Dscp to CoS Values Address Table SettingsDisplaying the Address Table Mac-address-table Interface ethernet NETP1 Command-line Interface Viewing the Address TablesWeb Interface Viewing the Address Tables Web Interface Changing the Aging Time Changing the Aging TimeMIB Variables Associated With the Address Tables 30MIB Variables Associated With the Address Tables MIB Variables Associated With Aging Time Command-line Interface Changing the Aging TimeConsoleconfig#mac-address-table aging-time 31MIB Variables Associated With Aging Time Port Configuration Displaying Connection Status See Configuring Interface Connections on Web Interface Displaying Connection Status for the Ports 33The Up Links ⇒ Connections Status Window This example shows the connection status for Port NETP7 Console#show interfaces status ethernet NETP7 MIB Variables Associated With the Connection Status of Ports Read only Error1 Duplex Status Configuring Interface Connections Web Interface Configuring Interface Connections 34The Up Links ⇒ Status Window showing attribues of NETP0 Command-line Interface Configuring Interface Connections 33MIB Variables for Interface Connections Read/write Bits Capabilities Configuring Aggregated Links Dynamically Configuring an Aggregated Link with Lacp Web Interface Dynamic Aggregated Links Lacp Consoleconfig#interface ethernet NETP1 Command-line Interface Dynamic Aggregated Links LacpConsoleconfig#interface ethernet NETP0 Console#show interfaces status port-channel MIB Variables Associated With Dynamic Aggregated Links 34MIB Variables Associated With Dynamic Aggregated Links Statically Configuring an Aggregated Link Web Interface Statically Configuring an Aggregated Link Consoleconfig#interface port-channel Consoleconfig#interface ethernet NETP3 MIB Variables Associated With Static Aggregated Links 35MIB Variables Associated With Static Aggregated Links Configuring Vlan Behavior for Interfaces Web Interface Configuring Vlan Behavior for Interfaces Modify the required settings for each interface Click Save 38The Up Links ⇒ VLANs Window cont’d MIB Variables Associated With Vlan Behavior of Interfaces 36MIB Variables Associated With Vlan Behavior of Interfaces Port Gvrp Read Octet string Name Configuring Static Addresses Web Interface Configuring Static Addresses 39The Up Links ⇒ Static Addresses Window Console#show mac-address-table ethernet NETP4 Command-line Interface Configuring Static AddressesMIB Variables Associated With Static Addresses 37MIB Variables Associated With Static Addresses Vlan Index Displaying the Current Interface Settings for STA Managing Interfaces for Spanning Tree Algorithm CLI displays this term 40The Up Links ⇒ Spanning Tree Window Console#show spanning-tree ethernet NETP4 MIB Variables Associated With a Port’s STA Settings 38MIB Variables Associated With a Port’s STA Settings Configuring Interface Settings for STA Web Interface Configuring STA Settings for a Port Command-line Interface Configuring STA Settings for a Port 41The Up Links ⇒ Spanning Tree Window for NETP4 Checking the STA Protocol Status for Interfaces MIB Variables for Configuring a Port’s STA Settings39MIB Variables for Configuring a Port’s STA Settings MIB Variables Associated With a Port’s STA Status 40MIB Variables Associated With a Port’s STA StatusPage Web Interface Filtering Traffic to the Management Port 43The Management Ports ⇒ Packet Filtering Window Consoleconfig#ip filter permit any 0.0.0.0 0.0.0.0 0.0.0.0 Action Read/create Integer IP Port Monitoring Port and Management Traffic Configuring Port MirroringWeb Interface Configuring Port Mirroring Command-line Interface Configuring Port Mirroring 44The Monitoring ⇒ Port Mirroring Window 42MIB Variables Associated With Port Mirroring Showing Port StatisticsMIB Variables Associated With Port Mirroring 43Traffic Statistics 43Traffic Statistics 43Traffic Statistics Web Interface Viewing Port Statistics 45The Monitoring ⇒ Port Statistics window Scroll down the page to view Rmon statistics Command-line Interface Viewing Port Statistics This example shows statistics for port SNP13 MIB Variables Associated With Port Statistics 44MIB Variables Associated With Port Statistics Out Discards Deferred CRC/Alignment Showing Snmp Statistics 45SNMP Traffic Statistics Web Interface Viewing Snmp Statistics Open Monitoring ⇒ Snmp Statistics 47The Monitoring Snmp Statistics Window Command-line Interface Viewing Snmp Statistics Console#show snmp 46MIB Variables Associated With Snmp Statistics Configuring Message LogsMIB Variables Associated With Snmp Statistics Web Interface Configuring Message Logs 47Error Levels Command-line Interface Configuring Message Logs 48The Monitoring ⇒ Logs Window MIB Variables Associated With Message Logs 48MIB Variables Associated With Message LogsPage Command-Line Reference Console Connection Using the Command-Line InterfaceAccessing the CLI Consoleconfig-if#ip address 10.1.0.1 Telnet Connection Consoleconfig#username admin password 0 smith Entering CommandsConsole#show startup-config Keywords and Arguments Minimum Abbreviation Command CompletionGetting Help on Commands Showing Commands Consoleshow interfaces ? Understanding Command Modes Negating the Effect of CommandsUsing Command History Partial Keyword Lookup Exec Commands 1Command Modes Configuration Commands Console#configure 3CLI Editing Keystrokes Command-Line Processing2Configuration Modes Command Groups 4Command Groups 166 Enable Detailed Command DescriptionGeneral Commands Syntax Disable Configure Show history Reload 1.6 end Exit Quit Flash/File Commands Copy Syntax Delete Console#copy file tftp 2.3 dir Console#delete test2.cfg 5File Information Whichboot Following example shows how to display all file information Boot system Console#whichboot 6System Management Commands System Management CommandsConsoleconfig#boot system config startup Hostname Username Consoleconfig#hostname ServerChassis357Default User Names and Passwords Enable password Consoleconfig#enable password level 15 0 admin Ip http port Ip http server Jumbo frame Logging on 8Error Levels Logging history Console#clear logging Consoleconfig#logging history ramClear logging Show logging Show startup-config Console#show startup-config Show running-config Console#show running-config Show system None Console#show users Show usersShow version Authentication Commands Example Authentication login 9Authentication Commands Consoleconfig#authentication login radius Radius-server host Radius-server port Consoleconfig#radius-server key green Radius-server key Radius-server retransmit Radius-server timeoutDefault Setting Command Mode Show radius-server Console#show radius-server Tacacs-server host Tacacs-server port Tacacs-server key Show tacacs-server Snmp Commands10SNMP Commands Console#show tacacs-server Snmp-server community Snmp-server contact Consoleconfig#snmp-server community alpha rwConsoleconfig#snmp-server contact Paul Snmp-server host Consoleconfig#snmp-server location WC-19Snmp-server location Consoleconfig#snmp-server host 10.1.19.23 batman version Snmp-server enable traps Show snmp Console#show snmp Line Line Commands11Line Commands Login Password No password is specified Exec-timeout Password-thresh Silent-time Show line IP Commands Console#show line Ip address Ip dhcp restart Ip dhcp client-identifier Syntax Ip default-gateway Show ip interface Show ip redirects Ping Console#show ip redirects Ip filter Port number is not checked. The fragments option is allowed General Configuration Example Checking for code values Example Address filtersExample Checking for fragments Example Checking for port numbers Consoleconfig#ip filter permit tcp 192.168.1.0 0.0 0.0.0.0Show ip filter Console#show ip filter Interface Interface Commands13Interface Commands Description Speed-duplex Negotiation Consoleconfig#interface ethernet NETP5Consoleconfig-if#speed-duplex 100half Consoleconfig#interface ethernet SNP11 Capabilities SNP0-15 1000full Flowcontrol Following example enables flow control on port NETP7 Consoleconfig#interface ethernet NETP7 Switchport broadcast packet-rate Shutdown Enabled for all ports Packets per second Console#clear counters ethernet SNP5 Clear countersShow interfaces status Vlan vlan-idRange Show interfaces counters Console#show interfaces status ethernet SNP11 Show interfaces switchport Console#show interfaces counters ethernet NETP7 Shows all interfaces 14Address Table Commands Address Table CommandsConsole#show interfaces switchport ethernet NETP7 Mac-address-table static Action Console#clear mac-address-table dynamic Clear mac-address-table dynamicShow mac-address-table Mac-address-table aging-time Console#show mac-address-table Show mac-address-table aging-time Port security Port Security Commands15Port Security Commands Console#show mac-address-table aging-time Following example enables port security of port SNP5 Spanning-tree Spanning Tree Commands16Spanning Tree Commands Spanning-tree mode Consoleconfig#spanning-tree mode rstp Spanning-tree forward-time Spanning-tree hello-time Spanning-tree max-age Spanning-tree priority Consoleconfig#spanning-tree priority Spanning-tree pathcost method Spanning-tree cost Consoleconfig#spanning-tree pathcost method longSpanning-tree transmission-limit Spanning-tree cost cost No spanning-tree cost Spanning-tree port-priority Spanning-tree edge-port Spanning-tree protocol-migration Spanning-tree link-type Show spanning-tree Rstp Vlan Commands 17VLAN Commands Vlan database Vlan Consoleconfig-vlan#vlan 105 name RD5 media ethernet Interface vlan Switchport modeConsoleconfig-if#ip address 192.168.1.254 Switchport acceptable-frame-types Switchport ingress-filtering Switchport native vlan Switchport allowed vlan Default Setting Switchport forbidden vlan Show vlan Vlan id Gvrp and Bridge Extension Commands18GVRP and Bridge Extension Commands Consoleconfig#interface ethernet SNP1 Switchport gvrpShow gvrp configuration Garp timer Console#show gvrp configuration Show garp timer Bridge-ext gvrp Show garp timerConsole#show garp timer ethernet SNP1 Show bridge-ext Command Usage Igmp Snooping Commands 19IGMP Snooping Commands Ip igmp snooping Ip igmp snooping vlan static Ip igmp snooping version Consoleconfig#ip igmp snooping version Show ip igmp snooping Show mac-address-table multicast Ip igmp snooping query-count Consoleconfig#ip igmp snooping querierIp igmp snooping querier Consoleconfig#ip igmp snooping query-count Ip igmp snooping query-interval Consoleconfig#ip igmp snooping query-interval Ip igmp snooping query-max-response-time Consoleconfig#ip igmp snooping query-max-response-time Ip igmp snooping router-port-expire-time Consoleconfig#ip igmp snooping router-port-expire-time Ip igmp snooping vlan mrouter Show ip igmp snooping mrouter Console#show ip igmp snooping mrouter Priority Commands20Priority Commands Switchport priority default Queue bandwidth weight1...weight4 Queue bandwidth Consoleconfig#queue bandwidth 1 3 5 Queue cos-map 21IEEE 802.1p Default Priority Recommendations Show queue bandwidth Show queue cos-map Map ip precedence Global Configuration Console#show queue cos-map ethernet SNP11 Map ip precedence Interface Configuration Map ip precedence ip-precedence-value cos cos-value Map ip dscp Global Configuration Map ip dscp Interface Configuration 22Default Dscp to COS Mapping Show map ip precedence Show map ip dscp Map ip dscp ethernet SNP1 Port monitor Mirror Port Commands23Mirror Port Commands Show port monitor Link Aggregation Commands Guidelines for Creating Aggregated Links 24Link Aggregation CommandsChannel-group Lacp Lacp No lacp Consoleconfig#interface ethernet NETP0 Management Information Base Supported MIBs Table A-1Supported MIBs Table A-4Sun Private Enterprise Traps Supported TrapsTable A-2Sun Private Enterprise MIB Page Troubleshooting Diagnosing Port Connections Diagnosing Switch IndicatorsAccessing the Management Interface Appendix B Troubleshooting B-3 Table B-1Log Messages Using System LogsLog Messages Console#show interfaces statuss e 1/1 Error MessagesCommand-Line Error Detection Table B-2System Error Messages System ErrorsCommand Line Errors Table B-3Command Line Error Messages Appendix B Troubleshooting B-7 Line mode vty can not use console parameter Web Interface Errors Table B-4Web Interface Error Messages Illegal Snmp trap IP address Appendix B Troubleshooting B-11 Table B-4Web Interface Error Messages Appendix B Troubleshooting B-13 Table B-4Web Interface Error Messages Specifications Switch Architecture Table C-1Switch Architecture Management Features Table C-2Management Features Standards PowerEnvironmental Appendix C Specifications C-5 Page Glossary Bandwidth Garp Vlan 1000BASE-T Fast Ethernet Access method and physical layer specificationsConvergence for topology changes Defines frame extensions for Vlan tagging Link Aggregation Control Protocol Blocks and error-corrected Management servicesAccess to this switch Efficiency of the networkPage Index Page Index-3