Ibm Rackswitch g8000 User guide

RackSwitch

™

G8000

Application Guide

RackSwitch

™

G8000

Application Guide

Note: Before using this information and the product it supports, read the general information in the Safety information and

Environmental Notices and User Guide documents on the IBM Documentation CD and the Warranty Information document that comes

with the product.

First Edition (November 2011)

US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract

with IBM Corp.

Contents

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Who Should Use This Guide . . . . . . . . . . . . . . . . . . . . 15

What You’ll Find in This Guide . . . . . . . . . . . . . . . . . . . 15

Additional References. . . . . . . . . . . . . . . . . . . . . . . 17

Typographic Conventions . . . . . . . . . . . . . . . . . . . . . 18

How to Get Help . . . . . . . . . . . . . . . . . . . . . . . . . 19

Part 1: Getting Started . . . . . . . . . . . . . . . . . . . . . . 21

Chapter 1. Switch Administration . . . . . . . . . . . . . . . . . 23

Administration Interfaces . . . . . . . . . . . . . . . . . . . . . 23

Command Line Interface . . . . . . . . . . . . . . . . . . . . 23

Browser-Based Interface . . . . . . . . . . . . . . . . . . . . 24

Establishing a Connection . . . . . . . . . . . . . . . . . . . . . 24

Using Telnet . . . . . . . . . . . . . . . . . . . . . . . . . 25

Using Secure Shell . . . . . . . . . . . . . . . . . . . . . . 26

Using a Web Browser . . . . . . . . . . . . . . . . . . . . . 27

Using Simple Network Management Protocol . . . . . . . . . . . . 30

BOOTP/DHCP Client IP Address Services. . . . . . . . . . . . . . . 31

Global BOOTP Relay Agent Configuration . . . . . . . . . . . . . 31

Domain-Specific BOOTP Relay Agent Configuration . . . . . . . . . 32

Switch Login Levels . . . . . . . . . . . . . . . . . . . . . . . 33

Setup vs. the Command Line . . . . . . . . . . . . . . . . . . . . 34

Chapter 2. Initial Setup . . . . . . . . . . . . . . . . . . . . . . 35

Information Needed for Setup. . . . . . . . . . . . . . . . . . . . 35

Default Setup Options. . . . . . . . . . . . . . . . . . . . . . . 35

Stopping and Restarting Setup Manually . . . . . . . . . . . . . . . 36

Setup Part 1: Basic System Configuration . . . . . . . . . . . . . . . 36

Setup Part 2: Port Configuration. . . . . . . . . . . . . . . . . . . 37

Setup Part 3: VLANs . . . . . . . . . . . . . . . . . . . . . . . 39

Setup Part 4: IP Configuration . . . . . . . . . . . . . . . . . . . 39

IP Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 40

Loopback Interfaces . . . . . . . . . . . . . . . . . . . . . . 41

Default Gateways . . . . . . . . . . . . . . . . . . . . . . . 42

IP Routing. . . . . . . . . . . . . . . . . . . . . . . . . . 42

Setup Part 5: Final Steps . . . . . . . . . . . . . . . . . . . . . 43

Optional Setup for Telnet Support . . . . . . . . . . . . . . . . . . 44

Chapter 3. Switch Software Management . . . . . . . . . . . . . . 45

Loading New Software to Your Switch . . . . . . . . . . . . . . . . 45

Loading Software via the IBM N/OS CLI . . . . . . . . . . . . . . 46

Loading Software via the ISCLI . . . . . . . . . . . . . . . . . 47

Loading Software via BBI. . . . . . . . . . . . . . . . . . . . 47

The Boot Management Menu . . . . . . . . . . . . . . . . . . . . 48

6 RackSwitch G8000: Application Guide

Part 2: Securing the Switch . . . . . . . . . . . . . . . . . . . 53

Chapter 4. Securing Administration . . . . . . . . . . . . . . . . 55

Secure Shell and Secure Copy . . . . . . . . . . . . . . . . . . . 55

Configuring SSH/SCP Features on the Switch . . . . . . . . . . . 56

Configuring the SCP Administrator Password. . . . . . . . . . . . 56

Using SSH and SCP Client Commands . . . . . . . . . . . . . . 56

SSH and SCP Encryption of Management Messages . . . . . . . . 58

Generating RSA Host Key for SSH Access . . . . . . . . . . . . 58

SSH/SCP Integration with Radius Authentication . . . . . . . . . . 59

SSH/SCP Integration with TACACS+ Authentication . . . . . . . . . 59

SecurID Support . . . . . . . . . . . . . . . . . . . . . . . 59

End User Access Control . . . . . . . . . . . . . . . . . . . . . 60

Considerations for Configuring End User Accounts . . . . . . . . . 60

Strong Passwords . . . . . . . . . . . . . . . . . . . . . . 60

User Access Control . . . . . . . . . . . . . . . . . . . . . 61

Listing Current Users . . . . . . . . . . . . . . . . . . . . . 61

Logging into an End User Account . . . . . . . . . . . . . . . . 62

Chapter 5. Authentication & Authorization Protocols . . . . . . . . . 63

RADIUS Authentication and Authorization. . . . . . . . . . . . . . . 63

How RADIUS Authentication Works . . . . . . . . . . . . . . . 63

Configuring RADIUS on the Switch. . . . . . . . . . . . . . . . 64

RADIUS Authentication Features in IBM N/OS . . . . . . . . . . . 64

Switch User Accounts . . . . . . . . . . . . . . . . . . . . . 65

RADIUS Attributes for IBM N/OS User Privileges . . . . . . . . . . 65

TACACS+ Authentication . . . . . . . . . . . . . . . . . . . . . 66

How TACACS+ Authentication Works. . . . . . . . . . . . . . . 66

TACACS+ Authentication Features in IBM N/OS . . . . . . . . . . 67

Command Authorization and Logging . . . . . . . . . . . . . . . 68

Configuring TACACS+ Authentication on the Switch . . . . . . . . . 68

LDAP Authentication and Authorization. . . . . . . . . . . . . . . . 69

Chapter 6. 802.1X Port-Based Network Access Control . . . . . . . . 71

Extensible Authentication Protocol over LAN . . . . . . . . . . . . . 72

EAPoL Authentication Process . . . . . . . . . . . . . . . . . . . 73

EAPoL Message Exchange . . . . . . . . . . . . . . . . . . . . 73

EAPoL Port States. . . . . . . . . . . . . . . . . . . . . . . . 75

Guest VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Supported RADIUS Attributes . . . . . . . . . . . . . . . . . . . 76

EAPoL Configuration Guidelines . . . . . . . . . . . . . . . . . . 78

Chapter 7. Access Control Lists . . . . . . . . . . . . . . . . . . 79

Summary of Packet Classifiers . . . . . . . . . . . . . . . . . . . 79

Summary of ACL Actions . . . . . . . . . . . . . . . . . . . . . 81

Assigning Individual ACLs to a Port . . . . . . . . . . . . . . . . . 82

ACL Order of Precedence . . . . . . . . . . . . . . . . . . . . . 82

ACL Groups . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Assigning ACL Groups to a Port. . . . . . . . . . . . . . . . . . . 84

ACL Metering and Re-Marking . . . . . . . . . . . . . . . . . . . 84

ACL Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . 85

Viewing ACL Statistics . . . . . . . . . . . . . . . . . . . . . . 85

ACL Configuration Examples . . . . . . . . . . . . . . . . . . . . 86

VLAN Maps. . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Using Storm Control Filters. . . . . . . . . . . . . . . . . . . . . 89

Part 3: Switch Basics . . . . . . . . . . . . . . . . . . . . . . 91

Chapter 8. VLANs . . . . . . . . . . . . . . . . . . . . . . . . 93

VLANs Overview. . . . . . . . . . . . . . . . . . . . . . . . . 93

VLANs and Port VLAN ID Numbers . . . . . . . . . . . . . . . . . 94

VLAN Numbers . . . . . . . . . . . . . . . . . . . . . . . 94

PVID Numbers . . . . . . . . . . . . . . . . . . . . . . . . 94

VLAN Tagging . . . . . . . . . . . . . . . . . . . . . . . . . 95

VLAN Topologies and Design Considerations . . . . . . . . . . . . . 99

Multiple VLANs with Tagging Adapters . . . . . . . . . . . . . . 99

VLAN Configuration Example . . . . . . . . . . . . . . . . . . 101

Protocol-Based VLANs . . . . . . . . . . . . . . . . . . . . . . 102

Port-Based vs. Protocol-Based VLANs . . . . . . . . . . . . . .103

PVLAN Priority Levels . . . . . . . . . . . . . . . . . . . . .103

PVLAN Tagging . . . . . . . . . . . . . . . . . . . . . . .103

PVLAN Configuration Guidelines . . . . . . . . . . . . . . . . . 103

Configuring PVLAN . . . . . . . . . . . . . . . . . . . . . .104

Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . 105

Private VLAN Ports . . . . . . . . . . . . . . . . . . . . . .105

Configuration Guidelines . . . . . . . . . . . . . . . . . . . . 105

Configuration Example . . . . . . . . . . . . . . . . . . . . . 106

Chapter 9. Ports and Trunking . . . . . . . . . . . . . . . . . . 107

Trunking Overview . . . . . . . . . . . . . . . . . . . . . . . .107

Static Trunks . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Static Trunk Requirements . . . . . . . . . . . . . . . . . . . 108

Static Trunk Group Configuration Rules . . . . . . . . . . . . . .108

Configuring a Static Port Trunk . . . . . . . . . . . . . . . . . 109

Link Aggregation Control Protocol . . . . . . . . . . . . . . . . . .111

LACP Overview . . . . . . . . . . . . . . . . . . . . . . . 111

LACP Minimum Links Option . . . . . . . . . . . . . . . . . . 113

LACP Configuration Guidelines . . . . . . . . . . . . . . . . . 113

Configuring LACP. . . . . . . . . . . . . . . . . . . . . . . 113

Configurable Trunk Hash Algorithm . . . . . . . . . . . . . . . . .114

8 RackSwitch G8000: Application Guide

Chapter 10. Spanning Tree Protocols . . . . . . . . . . . . . . . 115

Spanning Tree Protocol Modes . . . . . . . . . . . . . . . . . . . 115

Global STP Control . . . . . . . . . . . . . . . . . . . . . . . 116

PVRST Mode . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Port States . . . . . . . . . . . . . . . . . . . . . . . . . 117

Bridge Protocol Data Units . . . . . . . . . . . . . . . . . . . 117

Bridge Protocol Data Units Overview . . . . . . . . . . . . . 117

Determining the Path for Forwarding BPDUs . . . . . . . . . . 117

Simple STP Configuration . . . . . . . . . . . . . . . . . . . 119

Per-VLAN Spanning Tree Groups . . . . . . . . . . . . . . . . 121

Using Multiple STGs to Eliminate False Loops. . . . . . . . . . 121

VLANs and STG Assignment . . . . . . . . . . . . . . . . 121

Manually Assigning STGs. . . . . . . . . . . . . . . . . . 122

Guidelines for Creating VLANs . . . . . . . . . . . . . . . . 123

Rules for VLAN Tagged Ports . . . . . . . . . . . . . . . . 123

Adding and Removing Ports from STGs . . . . . . . . . . . . 123

The Switch-Centric Model. . . . . . . . . . . . . . . . . . 124

Configuring Multiple STGs . . . . . . . . . . . . . . . . . . . 125

Rapid Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . 126

Port States . . . . . . . . . . . . . . . . . . . . . . . . . 126

RSTP Configuration Guidelines . . . . . . . . . . . . . . . . . 126

RSTP Configuration Example . . . . . . . . . . . . . . . . . . 126

Multiple Spanning Tree Protocol . . . . . . . . . . . . . . . . . . 127

MSTP Region . . . . . . . . . . . . . . . . . . . . . . . . 127

Common Internal Spanning Tree . . . . . . . . . . . . . . . . 127

MSTP Configuration Guidelines . . . . . . . . . . . . . . . . . 127

MSTP Configuration Examples . . . . . . . . . . . . . . . . . 128

Port Type and Link Type . . . . . . . . . . . . . . . . . . . . . 129

Edge Port . . . . . . . . . . . . . . . . . . . . . . . . . 129

Link Type. . . . . . . . . . . . . . . . . . . . . . . . . . 130

Chapter 11. Quality of Service . . . . . . . . . . . . . . . . . . 131

QoS Overview . . . . . . . . . . . . . . . . . . . . . . . . . 131

Using ACL Filters . . . . . . . . . . . . . . . . . . . . . . . . 133

Summary of ACL Actions . . . . . . . . . . . . . . . . . . . 133

ACL Metering and Re-Marking . . . . . . . . . . . . . . . . . 134

Using DSCP Values to Provide QoS . . . . . . . . . . . . . . . . . 134

Differentiated Services Concepts . . . . . . . . . . . . . . . . 135

Per Hop Behavior . . . . . . . . . . . . . . . . . . . . . . 135

QoS Levels . . . . . . . . . . . . . . . . . . . . . . . . . 136

DSCP Re-Marking and Mapping . . . . . . . . . . . . . . . . . 137

DSCP Re-Marking Configuration Examples . . . . . . . . . . . . 138

Using 802.1p Priority to Provide QoS . . . . . . . . . . . . . . . . 140

Queuing and Scheduling . . . . . . . . . . . . . . . . . . . . . 141

Part 4: Advanced Switching Features . . . . . . . . . . . . . . . 143

Chapter 12. Virtualization . . . . . . . . . . . . . . . . . . . . 145

Chapter 13. Stacking . . . . . . . . . . . . . . . . . . . . . . 147

Stacking Overview . . . . . . . . . . . . . . . . . . . . . . . . 148

Stacking Requirements . . . . . . . . . . . . . . . . . . . . 148

Stacking Limitations . . . . . . . . . . . . . . . . . . . . . 149

Stack Membership . . . . . . . . . . . . . . . . . . . . . . . . 149

The Master Switch . . . . . . . . . . . . . . . . . . . . . . 150

Splitting and Merging One Stack . . . . . . . . . . . . . . .150

Merging Independent Stacks . . . . . . . . . . . . . . . . . 151

Backup Switch Selection . . . . . . . . . . . . . . . . . . . .151

Master Failover . . . . . . . . . . . . . . . . . . . . . .151

Secondary Backup. . . . . . . . . . . . . . . . . . . . .151

Master Recovery . . . . . . . . . . . . . . . . . . . . .152

No Backup . . . . . . . . . . . . . . . . . . . . . . . .152

Stack Member Identification . . . . . . . . . . . . . . . . . . . 152

Configuring a Stack . . . . . . . . . . . . . . . . . . . . . . .153

Configuration Overview . . . . . . . . . . . . . . . . . . . .153

Best Configuration Practices . . . . . . . . . . . . . . . . . .153

Configuring Each Switch in a Stack . . . . . . . . . . . . . . . . 153

Additional Master Configuration . . . . . . . . . . . . . . . . .155

Configuring an External IPv4 Address for the Stack . . . . . . . .155

Locating an External Stack Interface . . . . . . . . . . . . . .155

Viewing Stack Connections . . . . . . . . . . . . . . . . .156

Binding Members to the Stack . . . . . . . . . . . . . . . .156

Assigning a Stack Backup Switch . . . . . . . . . . . . . . . 156

Managing a Stack . . . . . . . . . . . . . . . . . . . . . . . . 157

Upgrading Software in an Existing Stack . . . . . . . . . . . . . . .159

Replacing or Removing Stacked Switches . . . . . . . . . . . . . . . 161

Removing a Switch from the Stack . . . . . . . . . . . . . . . . 161

Installing the New Switch or Healing the Topology . . . . . . . . . . 161

Binding the New Switch to the Stack . . . . . . . . . . . . . . .162

ISCLI Stacking Commands. . . . . . . . . . . . . . . . . . . . . 164

Chapter 14. VMready . . . . . . . . . . . . . . . . . . . . . . 165

VE Capacity . . . . . . . . . . . . . . . . . . . . . . . . . .165

Defining Server Ports . . . . . . . . . . . . . . . . . . . . . . . 166

VM Group Types. . . . . . . . . . . . . . . . . . . . . . . . . 166

Local VM Groups . . . . . . . . . . . . . . . . . . . . . . . .166

Distributed VM Groups . . . . . . . . . . . . . . . . . . . . . . 168

VM Profiles . . . . . . . . . . . . . . . . . . . . . . . . .168

Initializing a Distributed VM Group . . . . . . . . . . . . . . . . 168

Assigning Members . . . . . . . . . . . . . . . . . . . . . . 169

Synchronizing the Configuration . . . . . . . . . . . . . . . . .169

Removing Member VEs . . . . . . . . . . . . . . . . . . . .169

Virtualization Management Servers . . . . . . . . . . . . . . . . . 170

Assigning a vCenter . . . . . . . . . . . . . . . . . . . . . . 170

vCenter Scans . . . . . . . . . . . . . . . . . . . . . . . . 170

Deleting the vCenter. . . . . . . . . . . . . . . . . . . . . . 171

Exporting Profiles . . . . . . . . . . . . . . . . . . . . . . .171

VMware Operational Commands . . . . . . . . . . . . . . . . .171

Pre-Provisioning VEs . . . . . . . . . . . . . . . . . . . . . . . 172

VLAN Maps. . . . . . . . . . . . . . . . . . . . . . . . . . . 173

VM Policy Bandwidth Control . . . . . . . . . . . . . . . . . . . . 174

VM Policy Bandwidth Control Commands . . . . . . . . . . . . .174

Bandwidth Policies vs. Bandwidth Shaping . . . . . . . . . . . . .174

VMready Information Displays . . . . . . . . . . . . . . . . . . . 175

VMready Configuration Example . . . . . . . . . . . . . . . . . .178

10 RackSwitch G8000: Application Guide

Part 5: IP Routing. . . . . . . . . . . . . . . . . . . . . . . . 181

Chapter 15. Basic IP Routing . . . . . . . . . . . . . . . . . . . 183

IP Routing Benefits . . . . . . . . . . . . . . . . . . . . . . . 183

Routing Between IP Subnets. . . . . . . . . . . . . . . . . . . . 183

Example of Subnet Routing . . . . . . . . . . . . . . . . . . . . 184

Using VLANs to Segregate Broadcast Domains . . . . . . . . . . . 185

Configuration Example . . . . . . . . . . . . . . . . . . . . 185

ECMP Static Routes . . . . . . . . . . . . . . . . . . . . . . . 187

OSPF Integration. . . . . . . . . . . . . . . . . . . . . . . 187

ECMP Route Hashing . . . . . . . . . . . . . . . . . . . . . 187

Configuring ECMP Static Routes . . . . . . . . . . . . . . . . 188

Dynamic Host Configuration Protocol . . . . . . . . . . . . . . . . 189

Chapter 16. Internet Protocol Version 6 . . . . . . . . . . . . . . 191

IPv6 Limitations . . . . . . . . . . . . . . . . . . . . . . . . . 192

IPv6 Address Format . . . . . . . . . . . . . . . . . . . . . . . 193

IPv6 Address Types . . . . . . . . . . . . . . . . . . . . . . . 194

IPv6 Address Autoconfiguration. . . . . . . . . . . . . . . . . . . 195

IPv6 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 196

Neighbor Discovery . . . . . . . . . . . . . . . . . . . . . . . 197

Supported Applications . . . . . . . . . . . . . . . . . . . . . . 199

Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . 201

IPv6 Configuration Examples. . . . . . . . . . . . . . . . . . . . 202

Chapter 17. IPsec with IPv6 . . . . . . . . . . . . . . . . . . . 203

IPsec Protocols . . . . . . . . . . . . . . . . . . . . . . . . . 203

Using IPsec with the RackSwitch G8000 . . . . . . . . . . . . . . . 204

Setting up Authentication . . . . . . . . . . . . . . . . . . . 204

Creating an IKEv2 Proposal . . . . . . . . . . . . . . . . . 205

Importing an IKEv2 Digital Certificate . . . . . . . . . . . . . 205

Generating an IKEv2 Digital Certificate . . . . . . . . . . . . 206

Enabling IKEv2 Preshared Key Authentication. . . . . . . . . . 206

Setting Up a Key Policy . . . . . . . . . . . . . . . . . . . . 207

Using a Manual Key Policy . . . . . . . . . . . . . . . . . . . 208

Using a Dynamic Key Policy . . . . . . . . . . . . . . . . . . 209

Chapter 18. Routing Information Protocol . . . . . . . . . . . . . 211

Distance Vector Protocol . . . . . . . . . . . . . . . . . . . . . 211

Stability . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Routing Updates . . . . . . . . . . . . . . . . . . . . . . . . 211

RIPv1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

RIPv2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

RIPv2 in RIPv1 Compatibility Mode . . . . . . . . . . . . . . . . . 212

RIP Features . . . . . . . . . . . . . . . . . . . . . . . . . . 212

RIP Configuration Example . . . . . . . . . . . . . . . . . . . . 214

Chapter 19. Internet Group Management Protocol . . . . . . . . . . 215

IGMP Terms . . . . . . . . . . . . . . . . . . . . . . . . . . 215

How IGMP Works . . . . . . . . . . . . . . . . . . . . . . . . 216

IGMP Capacity and Default Values . . . . . . . . . . . . . . . . .217

IGMP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . 218

IGMP Groups . . . . . . . . . . . . . . . . . . . . . . . . 218

IGMPv3 Snooping . . . . . . . . . . . . . . . . . . . . . . 218

IGMP Snooping Configuration Guidelines . . . . . . . . . . . . . 219

IGMP Snooping Configuration Example . . . . . . . . . . . . . .220

Advanced Configuration Example: IGMP Snooping. . . . . . . . . .221

Prerequisites . . . . . . . . . . . . . . . . . . . . . . . 222

Configuration . . . . . . . . . . . . . . . . . . . . . . . 222

Troubleshooting . . . . . . . . . . . . . . . . . . . . . . .226

IGMP Relay . . . . . . . . . . . . . . . . . . . . . . . . . . 228

Configuration Guidelines . . . . . . . . . . . . . . . . . . . . 229

Configure IGMP Relay . . . . . . . . . . . . . . . . . . . . .229

Advanced Configuration Example: IGMP Relay . . . . . . . . . . . 230

Prerequisites . . . . . . . . . . . . . . . . . . . . . . . 231

Configuration . . . . . . . . . . . . . . . . . . . . . . . 231

Troubleshooting . . . . . . . . . . . . . . . . . . . . . . .234

Additional IGMP Features . . . . . . . . . . . . . . . . . . . . . 236

FastLeave. . . . . . . . . . . . . . . . . . . . . . . . . . 236

IGMP Filtering . . . . . . . . . . . . . . . . . . . . . . . .236

Static Multicast Router . . . . . . . . . . . . . . . . . . . . .238

Chapter 20. Multicast Listener Discovery . . . . . . . . . . . . . . 239

MLD Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

How MLD Works. . . . . . . . . . . . . . . . . . . . . . . . . 241

Flooding . . . . . . . . . . . . . . . . . . . . . . . . . .242

MLD Querier. . . . . . . . . . . . . . . . . . . . . . . . .242

Dynamic Mrouters . . . . . . . . . . . . . . . . . . . . . . 243

MLD Capacity and Default Values . . . . . . . . . . . . . . . . . .243

Configuring MLD. . . . . . . . . . . . . . . . . . . . . . . . . 244

Chapter 21. Border Gateway Protocol . . . . . . . . . . . . . . . 245

Internal Routing Versus External Routing . . . . . . . . . . . . . . .245

Forming BGP Peer Routers . . . . . . . . . . . . . . . . . . . . 246

Loopback Interfaces . . . . . . . . . . . . . . . . . . . . . . .247

What is a Route Map? . . . . . . . . . . . . . . . . . . . . . . 247

Incoming and Outgoing Route Maps . . . . . . . . . . . . . . .248

Precedence . . . . . . . . . . . . . . . . . . . . . . . . . 248

Configuration Overview . . . . . . . . . . . . . . . . . . . .249

Aggregating Routes . . . . . . . . . . . . . . . . . . . . . . . 251

Redistributing Routes . . . . . . . . . . . . . . . . . . . . . . . 251

BGP Attributes . . . . . . . . . . . . . . . . . . . . . . . . . 251

Selecting Route Paths in BGP . . . . . . . . . . . . . . . . . . . 252

BGP Failover Configuration . . . . . . . . . . . . . . . . . . . .253

Default Redistribution and Route Aggregation Example . . . . . . . . . 254

12 RackSwitch G8000: Application Guide

Chapter 22. OSPF. . . . . . . . . . . . . . . . . . . . . . . . 257

OSPFv2 Overview . . . . . . . . . . . . . . . . . . . . . . . . 257

Types of OSPF Areas . . . . . . . . . . . . . . . . . . . . . 257

Types of OSPF Routing Devices. . . . . . . . . . . . . . . . . 258

Neighbors and Adjacencies. . . . . . . . . . . . . . . . . . . 259

The Link-State Database. . . . . . . . . . . . . . . . . . . . 259

The Shortest Path First Tree . . . . . . . . . . . . . . . . . . 260

Internal Versus External Routing. . . . . . . . . . . . . . . . . 260

OSPFv2 Implementation in IBM N/OS . . . . . . . . . . . . . . . . 261

Configurable Parameters . . . . . . . . . . . . . . . . . . . 261

Defining Areas. . . . . . . . . . . . . . . . . . . . . . . . 262

Assigning the Area Index . . . . . . . . . . . . . . . . . . 262

Using the Area ID to Assign the OSPF Area Number . . . . . . . 263

Attaching an Area to a Network . . . . . . . . . . . . . . . 263

Interface Cost . . . . . . . . . . . . . . . . . . . . . . . . 264

Electing the Designated Router and Backup . . . . . . . . . . . . 264

Summarizing Routes . . . . . . . . . . . . . . . . . . . . . 264

Default Routes. . . . . . . . . . . . . . . . . . . . . . . . 265

Virtual Links. . . . . . . . . . . . . . . . . . . . . . . . . 266

Router ID . . . . . . . . . . . . . . . . . . . . . . . . . . 266

Authentication . . . . . . . . . . . . . . . . . . . . . . . . 267

Configuring Plain Text OSPF Passwords . . . . . . . . . . . . 267

Configuring MD5 Authentication . . . . . . . . . . . . . . . 268

Host Routes for Load Balancing . . . . . . . . . . . . . . . . . 269

Loopback Interfaces in OSPF . . . . . . . . . . . . . . . . . . 269

OSPF Features Not Supported in This Release . . . . . . . . . . . 270

OSPFv2 Configuration Examples . . . . . . . . . . . . . . . . . . 270

Example 1: Simple OSPF Domain . . . . . . . . . . . . . . . . 271

Example 2: Virtual Links . . . . . . . . . . . . . . . . . . . . 273

Example 3: Summarizing Routes . . . . . . . . . . . . . . . . 277

Verifying OSPF Configuration . . . . . . . . . . . . . . . . . . 278

OSPFv3 Implementation in IBM N/OS . . . . . . . . . . . . . . . . 279

OSPFv3 Differences from OSPFv2. . . . . . . . . . . . . . . . 279

OSPFv3 Requires IPv6 Interfaces . . . . . . . . . . . . . . 279

OSPFv3 Uses Independent Command Paths . . . . . . . . . . 279

OSPFv3 Identifies Neighbors by Router ID . . . . . . . . . . . 280

Other Internal Improvements . . . . . . . . . . . . . . . . 280

OSPFv3 Limitations. . . . . . . . . . . . . . . . . . . . . . 280

OSPFv3 Configuration Example . . . . . . . . . . . . . . . . . 280

Part 6: High Availability Fundamentals . . . . . . . . . . . . . . . 283

Chapter 23. Basic Redundancy . . . . . . . . . . . . . . . . . . 285

Trunking for Link Redundancy . . . . . . . . . . . . . . . . . . . 285

Virtual Link Aggregation. . . . . . . . . . . . . . . . . . . . . . 285

Hot Links . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

Forward Delay . . . . . . . . . . . . . . . . . . . . . . . . 286

Preemption . . . . . . . . . . . . . . . . . . . . . . . . . 286

FDB Update. . . . . . . . . . . . . . . . . . . . . . . . . 286

Configuration Guidelines . . . . . . . . . . . . . . . . . . . . 286

Configuring Hot Links . . . . . . . . . . . . . . . . . . . . . 287

Active MultiPath Protocol . . . . . . . . . . . . . . . . . . . . .288

Health Checks . . . . . . . . . . . . . . . . . . . . . . . .289

FDB Flush . . . . . . . . . . . . . . . . . . . . . . . . .289

Configuration Guidelines . . . . . . . . . . . . . . . . . . . . 289

Configuration Example . . . . . . . . . . . . . . . . . . . . . 290

Stacking for High Availability Topologies . . . . . . . . . . . . . . .291

Chapter 24. Layer 2 Failover . . . . . . . . . . . . . . . . . . . 293

Monitoring Trunk Links . . . . . . . . . . . . . . . . . . . . . . 293

Setting the Failover Limit . . . . . . . . . . . . . . . . . . . . . 293

Manually Monitoring Port Links . . . . . . . . . . . . . . . . . . . 294

L2 Failover with Other Features . . . . . . . . . . . . . . . . . . . 294

LACP . . . . . . . . . . . . . . . . . . . . . . . . . . .294

Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . .295

Configuration Guidelines . . . . . . . . . . . . . . . . . . . . .295

Configuring Layer 2 Failover . . . . . . . . . . . . . . . . . . . .295

Chapter 25. Virtual Router Redundancy Protocol . . . . . . . . . . . 297

VRRP Overview . . . . . . . . . . . . . . . . . . . . . . . . .298

VRRP Components . . . . . . . . . . . . . . . . . . . . . . 298

VRRP Operation . . . . . . . . . . . . . . . . . . . . . . . 299

Selecting the Master VRRP Router . . . . . . . . . . . . . . . . 300

Failover Methods . . . . . . . . . . . . . . . . . . . . . . . .300

Active-Active Redundancy . . . . . . . . . . . . . . . . . . .301

Virtual Router Group . . . . . . . . . . . . . . . . . . . . .301

IBM N/OS Extensions to VRRP . . . . . . . . . . . . . . . . . . . 302

Virtual Router Deployment Considerations. . . . . . . . . . . . . . .303

High Availability Configurations . . . . . . . . . . . . . . . . . . . 304

VRRP High-Availability Using Multiple VIRs . . . . . . . . . . . . 304

VRRP High-Availability Using VLAGs . . . . . . . . . . . . . . .307

Part 7: Network Management . . . . . . . . . . . . . . . . . . . 309

Chapter 26. Link Layer Discovery Protocol . . . . . . . . . . . . . 311

LLDP Overview . . . . . . . . . . . . . . . . . . . . . . . . . 311

Enabling or Disabling LLDP . . . . . . . . . . . . . . . . . . . . 311

Global LLDP Setting. . . . . . . . . . . . . . . . . . . . . . 311

Transmit and Receive Control . . . . . . . . . . . . . . . . . .312

LLDP Transmit Features. . . . . . . . . . . . . . . . . . . . . .312

Scheduled Interval . . . . . . . . . . . . . . . . . . . . . . 312

Minimum Interval . . . . . . . . . . . . . . . . . . . . . . . 312

Time-to-Live for Transmitted Information . . . . . . . . . . . . . .313

Trap Notifications . . . . . . . . . . . . . . . . . . . . . . . 313

Changing the LLDP Transmit State . . . . . . . . . . . . . . . .314

Types of Information Transmitted. . . . . . . . . . . . . . . . . 314

LLDP Receive Features . . . . . . . . . . . . . . . . . . . . . .315

Types of Information Received. . . . . . . . . . . . . . . . . . 315

Viewing Remote Device Information . . . . . . . . . . . . . . . 315

Time-to-Live for Received Information . . . . . . . . . . . . . . . 317

LLDP Example Configuration . . . . . . . . . . . . . . . . . . . . 317

14 RackSwitch G8000: Application Guide

Chapter 27. Simple Network Management Protocol. . . . . . . . . . 319

SNMP Version 1 & Version 2. . . . . . . . . . . . . . . . . . . . 319

SNMP Version 3 . . . . . . . . . . . . . . . . . . . . . . . . 319

Configuring SNMP Trap Hosts . . . . . . . . . . . . . . . . . . . 322

SNMP MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . 324

Switch Images and Configuration Files . . . . . . . . . . . . . . . . 327

Loading a New Switch Image . . . . . . . . . . . . . . . . . . 328

Loading a Saved Switch Configuration . . . . . . . . . . . . . . 328

Saving the Switch Configuration . . . . . . . . . . . . . . . . . 328

Saving a Switch Dump . . . . . . . . . . . . . . . . . . . . 329

Part 8: Monitoring . . . . . . . . . . . . . . . . . . . . . . . 331

Chapter 28. Remote Monitoring . . . . . . . . . . . . . . . . . . 333

RMON Overview . . . . . . . . . . . . . . . . . . . . . . . . 333

RMON Group 1—Statistics . . . . . . . . . . . . . . . . . . . . 333

RMON Group 2—History . . . . . . . . . . . . . . . . . . . . . 334

History MIB Object ID . . . . . . . . . . . . . . . . . . . . . 334

Configuring RMON History . . . . . . . . . . . . . . . . . . . 335

RMON Group 3—Alarms . . . . . . . . . . . . . . . . . . . . . 336

Alarm MIB objects . . . . . . . . . . . . . . . . . . . . . . 336

Configuring RMON Alarms . . . . . . . . . . . . . . . . . . . 336

RMON Group 9—Events . . . . . . . . . . . . . . . . . . . . . 338

Chapter 29. sFlow . . . . . . . . . . . . . . . . . . . . . . . 339

sFlow Statistical Counters . . . . . . . . . . . . . . . . . . . . . 339

sFlow Network Sampling . . . . . . . . . . . . . . . . . . . . . 339

sFlow Example Configuration . . . . . . . . . . . . . . . . . . . 340

Chapter 30. Port Mirroring . . . . . . . . . . . . . . . . . . . . 341

Part 9: Appendices . . . . . . . . . . . . . . . . . . . . . . . 343

Appendix A. Glossary . . . . . . . . . . . . . . . . . . . . . . 345

Appendix B. Getting help and technical assistance . . . . . . . . . . 347

Before you call . . . . . . . . . . . . . . . . . . . . . . . . . 347

Using the documentation . . . . . . . . . . . . . . . . . . . . . 347

Getting help and information on the World Wide Web . . . . . . . . . .347

Software service and support . . . . . . . . . . . . . . . . . . . . 348

Hardware service and support . . . . . . . . . . . . . . . . . . .348

IBM Taiwan product service . . . . . . . . . . . . . . . . . . . . 348

Appendix C. Notices . . . . . . . . . . . . . . . . . . . . . . . 349

Trademarks. . . . . . . . . . . . . . . . . . . . . . . . . . . 349

Important Notes . . . . . . . . . . . . . . . . . . . . . . . . . 350

Particulate contamination . . . . . . . . . . . . . . . . . . . . . 351

Documentation format . . . . . . . . . . . . . . . . . . . . . . 351

Electronic emission notices . . . . . . . . . . . . . . . . . . . . 352

Federal Communications Commission (FCC) statement . . . . . . . .352

Industry Canada Class A emission compliance statement . . . . . . . 352

Avis de conformité à la réglementation d'Industrie Canada . . . . . . . 352

Australia and New Zealand Class A statement . . . . . . . . . . . 352

European Union EMC Directive conformance statement. . . . . . . . 352

Germany Class A statement . . . . . . . . . . . . . . . . . .353

Japan VCCI Class A statement . . . . . . . . . . . . . . . . . 354

Korea Communications Commission (KCC) statement . . . . . . . .354

Russia Electromagnetic Interference (EMI) Class A statement . . . . .354

People’s Republic of China Class A electronic emission statement . . . 354

Taiwan Class A compliance statement . . . . . . . . . . . . . .355

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357

16 RackSwitch G8000: Application Guide

Preface

The IBM N/OS 6.8 Application Guide describes how to configure and use the IBM

Networking OS 6.8 software on the RackSwitch G8000 (referred to as G8000

throughout this document). For documentation on installing the switch physically,

see the Installation Guide for your G8000.

Who Should Use This Guide

This guide is intended for network installers and system administrators engaged in

configuring and maintaining a network. The administrator should be familiar with

Ethernet concepts, IP addressing, Spanning Tree Protocol, and SNMP

configuration parameters.

What You’ll Find in This Guide

This guide will help you plan, implement, and administer IBM N/OS software. Where

possible, each section provides feature overviews, usage examples, and

configuration instructions. The following material is included:

Part 1: Getting Started

This material is intended to help those new to N/OS products with the basics of

switch management. This part includes the following chapters:

•

Chapter 1, “Switch Administration,” describes how to access the G8000 to

configure the switch and view switch information and statistics. This chapter

discusses a variety of manual administration interfaces, including local

management via the switch console, and remote administration via Telnet, a web

browser, or via SNMP.

•

Chapter 2, “Initial Setup,” describes how to use the built-in Setup utility to

perform first-time configuration of the switch.

•

Chapter 3, “Switch Software Management,” describes how to update the N/OS

software operating on the switch.

Part 2: Securing the Switch

•

Chapter 4, “Securing Administration,” describes methods for using Secure Shell

for administration connections, and configuring end-user access control.

•

Chapter 5, “Authentication & Authorization Protocols,” describes different secure

administration for remote administrators. This includes using Remote

Authentication Dial-in User Service (RADIUS), as well as TACACS+ and LDAP.

•

Chapter 6, “802.1X Port-Based Network Access Control,” describes how to

authenticate devices attached to a LAN port that has point-to-point connection

characteristics. This feature prevents access to ports that fail authentication and

authorization and provides security to ports of the G8000 that connect to blade

servers.

•

Chapter 7, “Access Control Lists,” describes how to use filters to permit or deny

specific types of traffic, based on a variety of source, destination, and packet

attributes.

16 RackSwitch G8000: Application Guide

Part 3: Switch Basics

•

Chapter 8, “VLANs,” describes how to configure Virtual Local Area Networks

(VLANs) for creating separate network segments, including how to use VLAN

tagging for devices that use multiple VLANs. This chapter also describes

Protocol-based VLANs, and Private VLANs.

•

Chapter 9, “Ports and Trunking,” describes how to group multiple physical ports

together to aggregate the bandwidth between large-scale network devices.

•

Chapter 10, “Spanning Tree Protocols,” discusses how Spanning Tree Protocol

(STP) configures the network so that the switch selects the most efficient path

when multiple paths exist. Covers Rapid Spanning Tree Protocol (RSTP),

Per-VLAN Rapid Spanning Tree (PVRST), and Multiple Spanning Tree Protocol

(MSTP).

•

Chapter 11, “Quality of Service,” discusses Quality of Service (QoS) features,

including IP filtering using Access Control Lists (ACLs), Differentiated Services,

and IEEE 802.1p priority values.

Part 4: Advanced Switching Features

•

Chapter 12, “Virtualization,” provides an overview of allocating resources based

on the logical needs of the data center, rather than on the strict, physical nature

of components.

•

Chapter 13, “Stacking,” describes how to combine multiple switches into a single,

aggregate switch entity.

•

Chapter 14, “VMready,” discusses virtual machine (VM) support on the G8000.

Part 5: IP Routing

•

Chapter 15, “Basic IP Routing,” describes how to configure the G8000 for IP

routing using IP subnets, BOOTP, and DHCP Relay.

•

Chapter 16, “Internet Protocol Version 6,” describes how to configure the G8000

for IPv6 host management.

•

Chapter 17, “IPsec with IPv6,” describes how to configure Internet Protocol

Security (IPsec) for securing IP communications by authenticating and

encrypting IP packets, with emphasis on Internet Key Exchange version 2, and

authentication/confidentiality for OSPFv3.

•

Chapter 18, “Routing Information Protocol,” describes how the N/OS software

implements standard Routing Information Protocol (RIP) for exchanging TCP/IP

route information with other routers.

•

Chapter 19, “Internet Group Management Protocol,” describes how the N/OS

software implements IGMP Snooping or IGMP Relay to conserve bandwidth in a

multicast-switching environment.

•

Chapter 20, “Multicast Listener Discovery,” describes how Multicast Listener

Discovery (MLD) is used with IPv6 to support host users requests for multicast

data for a multicast group.

•

Chapter 21, “Border Gateway Protocol,” describes Border Gateway Protocol

(BGP) concepts and features supported in N/OS.

•

Chapter 22, “OSPF,” describes key Open Shortest Path First (OSPF) concepts

and their implemented in N/OS, and provides examples of how to configure your

switch for OSPF support.

Part 6: High Availability Fundamentals

•

Chapter 23, “Basic Redundancy,” describes how the G8000 supports

redundancy through stacking, trunking, Active Multipass Protocol (AMP), and

hotlinks.

•

Chapter 24, “Layer 2 Failover,” describes how the G8000 supports

high-availability network topologies using Layer 2 Failover.

•

Chapter 25, “Virtual Router Redundancy Protocol,” describes how the G8000

supports high-availability network topologies using Virtual Router Redundancy

Protocol (VRRP).

Part 7: Network Management

•

Chapter 26, “Link Layer Discovery Protocol,” describes how Link Layer

Discovery Protocol helps neighboring network devices learn about each others’

ports and capabilities.

•

Chapter 27, “Simple Network Management Protocol,” describes how to configure

the switch for management through an SNMP client.

Part 8: Monitoring

•

Chapter 28, “Remote Monitoring,” describes how to configure the RMON agent

on the switch, so that the switch can exchange network monitoring data.

•

Chapter 29, “sFlow, described how to use the embedded sFlow agent for

sampling network traffic and providing continuous monitoring information to a

central sFlow analyzer.

•

Chapter 30, “Port Mirroring,” discusses tools how copy selected port traffic to a

monitor port for network analysis.

Part 9: Appendices

•

Appendix A, “Glossary,” describes common terms and concepts used throughout

this guide.

Additional References

Additional information about installing and configuring the G8000 is available in the

following guides:

•

RackSwitch G8000 Installation Guide

•

IBM Networking OS 6.8 Command Reference

•

IBM Networking OS 6.8 ISCLI Reference Guide

•

IBM Networking OS 6.8 BBI Quick Guide

18 RackSwitch G8000: Application Guide

Typographic Conventions

The following table describes the typographic styles used in this book.

Table 1. Typographic Conventions

Typeface or

Symbol

Meaning Example

ABC123

This type is used for names of

commands, files, and directories

used within the text.

View the

readme.txt

file.

It also depicts on-screen computer

output and prompts.

Main#

ABC123

This bold type appears in

command examples. It shows text

that must be typed in exactly as

shown.

Main# sys

This italicized type appears in

command examples as a

parameter placeholder. Replace

the indicated text with the

appropriate real name or value

when using the command. Do not

type the brackets.

To establish a Telnet session,

enter:

host# telnet

This also shows book titles,

special terms, or words to be

emphasized.

Read your User’s Guide

thoroughly.

[ ] Command items shown inside

brackets are optional and can be

used or excluded as the situation

demands. Do not type the

brackets.

host# ls

[

-a

]

The vertical bar (

) is used in

command examples to separate

choices where multiple options

exist. Select only one of the listed

options. Do not type the vertical

bar.

host# set left|right

AaBbCc123

This block type depicts menus,

buttons, and other controls that

appear in Web browsers and other

graphical interfaces.

Click the

Save

button.

Other manuals for RackSwitch G8000

Table of contents

Popular Network Router manuals by other brands

Asante

Asante IntraStack 6014DSB Information sheet

D-Link

D-Link DSL-G225 Setup guide

B&B Electronics

B&B Electronics Elinx ESW500 Series quick start guide

Linksys

Linksys X6200 user guide

AudioCodes

AudioCodes MP-202C Series quick guide

Shenzhen Hongdian Technologies

Shenzhen Hongdian Technologies H8951 user manual

Advantech

Advantech ICR-4434 user manual

D-Link

D-Link DRO-250i user guide

Niveo

Niveo NWAR33P user manual

D-Link

D-Link DSL-3580L Series user manual

Asus

Asus FX-D1161 quick start guide

Asus

Asus RT-AC750 user guide

metrotek

metrotek ETS-1000L operating manual

ANTAIRA

ANTAIRA LNX-802AG-S10-T user manual

Atlantis Land

Atlantis Land A02-F5P user manual

Draytek

Draytek Vigor2620 Series user guide

TECOM

TECOM WL5041 user manual

Cisco

Cisco IR809 Product overview

IBM RackSwitch G8000 User guide

Popular Network Router manuals by other brands