DL manuals
3Com
Transceiver
CoreBuilder 3500
Implementation Manual

3Com CoreBuilder 3500 Implementation Manual

Other manuals for CoreBuilder 3500: Command Reference Manual, Installation Manual, Quick Start Manual

Manual is about: 3Com Switch Command Reference Guide

Page of 592

Download

Print this page

Bookmark us

http://www.3com.com/

CoreBuilder

3500

Implementation Guide

Release 3.0

Part No. 10013506

Published November 1999

1 2 3 4 5 6 7 Next › »

Summary of CoreBuilder 3500

Page 1
® http://www.3com.Com/ corebuilder ® 3500 implementation guide release 3.0 part no. 10013506 published november 1999.
Page 2
3com corporation 5400 bayfront plaza santa clara, california 95052-8145 copyright © 1999, 3com corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) withou...
Page 3: Ontents
C ontents a bout t his g uide conventions 22 corebuilder 3500 documentation 24 paper documents 24 software and documents on cd-rom 26 documentation comments 26 year 2000 compliance 26 1 c onfiguration o verview system configuration procedure 27 procedure summary 27 configuration procedure 28 2 m ana...
Page 4
3 s ystem p arameters system parameters overview 46 features 46 benefits 47 key concepts 47 key guidelines for implementation 48 file transfer 48 implementing ftp 48 implementing tftp 49 security 49 security options 50 important considerations 51 software update 52 important considerations 52 nvdata...
Page 5
Effects of replacing modules 68 replacing modules of the same type or same number of ports 68 replacing modules of different types 68 5 e thernet ethernet overview 72 features 72 benefits 73 key concepts 74 ethernet frame processing 76 key guidelines for implementation 78 link bandwidths 78 trunks 7...
Page 6: (Fddi)
6 f iber d istributed d ata i nterface (fddi) fddi overview 88 features 88 benefits 88 key concepts 89 related standards 89 fddi network topologies 91 nodes and attachments 93 dual homing 97 fddi stations 97 primary and secondary paths 99 media access control 99 ports 100 key guidelines for implemen...
Page 7
7 b ridge -w ide and b ridge p ort p arameters bridging overview 114 benefits 114 features 115 key bridging concepts 116 learning addresses 116 aging addresses 116 forwarding, filtering, and flooding packets 116 spanning tree protocol 117 how the spanning tree protocol works 119 cbpdus at work 119 h...
Page 8: Lan
8 t runking trunking overview 144 features 144 benefits 144 key concepts 145 port numbering in a trunk 145 trunk control message protocol (tcmp) 146 key guidelines for implementation 147 general guidelines 147 trunk capacity guidelines 148 defining trunks 150 important considerations 150 modifying t...
Page 9
Ignore stp mode 172 important considerations 172 vlan aware mode 174 port-based vlans 175 the default vlan 175 static port-based vlans 178 dynamic port-based vlans using gvrp 182 protocol-based vlans 186 important considerations 186 selecting a protocol suite 187 establishing routing between vlans 1...
Page 10
Downloading custom packet filters 221 download with filter builder 221 download an ascii file 222 the packet filtering language 224 principles for writing a custom filter 224 how the packet filter language works 224 procedure for writing a custom filter 225 packet filter opcodes 228 implementing seq...
Page 11: (Ip)
11 i nternet p rotocol (ip) routing overview 258 routing in a subnetted environment 259 integrating bridging and routing 260 ip routing overview 261 features and benefits 262 key concepts 263 multiple ip interfaces per vlan 263 media access control (mac) address 263 network-layer address 264 ip addr...
Page 12: (Vrrp)
Directed broadcast 295 important considerations 295 routing information protocol (rip) 296 basic rip parameters 296 rip mode 297 compatibility mode 297 cost 297 poison reverse 298 advertisement address 298 route aggregation 299 rip-1 versus rip-2 299 important considerations 300 routing policies 300...
Page 13: Ip M
Implementing vrrp 323 create vlans 324 configure ip interfaces 324 configure the router protocol 325 enable routing 325 configure vrrp 325 enable vrrp 326 vrrp and other networking operations 326 spanning tree protocol (stp) 327 dynamic routing protocols (rip, rip-2, ospf) 327 igmp queries 328 icmp ...
Page 14: (Ospf)
How dvmrp supports ip multicast 343 spanning tree delivery 343 managing the spanning tree 344 dvmrp interface characteristics 346 key guidelines for implementation 347 configuration procedure 347 impact of multicast limits 348 impact of ieee 802.1q on multicasts 348 protocol interoperability 348 con...
Page 15
Areas 372 types of areas 373 area border routers 375 routing databases 375 configuring route summarization in abrs 376 important considerations 376 default route metric 379 ospf interfaces 380 mode 380 priority 380 area id 381 cost 381 delay 382 hello interval 383 retransmit interval 383 dead interv...
Page 16: Ipx R
Virtual links 401 important considerations 402 ospf routing policies 403 important considerations 404 implementing import policies 405 implementing export policies 408 ospf statistics 416 standards, protocols, and related reading 417 15 ipx r outing ipx routing overview 419 features 420 benefits 420...
Page 17
Ipx rip mode 438 important considerations 438 rip policies 439 ipx sap mode 441 important considerations 441 sap policies 441 ipx statistics 443 standards, protocols, and related reading 444 16 a pple t alk appletalk overview 445 features 446 benefits 447 key concepts 448 appletalk protocols 448 app...
Page 18: Rsvp
Zone information protocol 472 name binding protocol 473 standards, protocols, and related reading 474 17 q o s and rsvp qos overview 476 features 476 benefits 476 methods of using qos 477 key concepts 478 related standards and protocols 478 terminology 479 key guidelines for implementation 482 proce...
Page 19
Qos excess tagging 511 example of qos excess tagging 511 transmit queues and qos bandwidth 513 ldap 514 important considerations 514 operation 515 rsvp 516 rsvp terminology 517 example of rsvp 518 setting rsvp parameters 520 18 d evice m onitoring device monitoring overview 522 key concepts and tool...
Page 20
Traceroute 532 using traceroute 532 traceroute operation 532 snmp 533 snmp overview 533 setting up snmp on your system 538 remote monitoring (rmon) 541 overview of rmon 542 rmon benefits 543 rmon in your system 544 3com transcend rmon agents 545 important considerations 546 rmon-1 groups 547 rmon-2 ...
Page 21: Bout
A bout t his g uide this guide describes information that you need to use features of the corebuilder ® 3500 system after you install it and attach the system to your network. Before you use this guide: ■ verify that your system is installed and set up using the corebuilder 3500 getting started guid...
Page 22
22 a bout t his g uide conventions table 1 and table 2 list conventions that are used throughout this guide. Table 1 notice icons icon notice type description information note information that describes important features or instructions caution information that alerts you to potential loss of data ...
Page 23
Conventions 23 words in italics italics are used to: ■ emphasize a point ■ denote a new term at the place where it is defined in the text ■ identify menu names, menu commands, and software button names. Examples: from the help menu, select contents. Click ok. Table 2 text conventions (continued) con...
Page 24
24 a bout t his g uide corebuilder 3500 documentation the following documents comprise the corebuilder 3500 documentation set. Documents are available in one of two forms: ■ paper documents the paper documents that are shipped with your system and components are listed in the next section. ■ softwar...
Page 25
Corebuilder 3500 documentation 25 in addition, each module and field-replaceable component contains a guide: ■ corebuilder 3500 system processor removal and replacement guide provides overview information and removal and replacement instructions for the corebuilder system processor. ■ module install...
Page 26
26 a bout t his g uide software and documents on cd-rom the compact disc that comes with your system contains: ■ system software ■ online versions of the paper guides that are shipped with your system, modules, and field-replaceable components ■ corebuilder 3500 implementation guide (this guide) ■ m...
Page 27: Onfiguration
1 c onfiguration o verview this chapter provides the configuration procedure for the first time that you install a corebuilder ® 3500 layer 3 high-function switch. To upgrade the software on an existing switch, see the software installation and release notes for configuration information. System con...
Page 28
28 c hapter 1: c onfiguration o verview configuration procedure follow the steps that apply to your network needs and ignore the steps that do not apply. 1 establish management access. To perform configuration or management tasks, you must initially: a connect to the system through its terminal seri...
Page 29
System configuration procedure 29 3 choose a subsequent management interface. After you configure an ip address, you have additional management interface options: ■ administration console — you can now access this interface from a remote telnet connection. ■ web management software — from your web b...
Page 30
30 c hapter 1: c onfiguration o verview 5 define all vlans. To create logical workgroups, which are generally equivalent to layer 2 broadcast domains or layer 3 networks, you can define port-based, protocol-based, and network-based vlans, and set related modes in the system. You must define vlans af...
Page 31: Anagement
2 m anagement a ccess this chapter explains the different methods used to configure management access to the system. It describes the different types of applications and the underlying communication protocols that are used to deliver data between your end-station device and the system. It also conta...
Page 32
32 c hapter 2: m anagement a ccess administration console overview the administration console is an internal character-oriented, menu-driven, user interface for performing system administration such as displaying statistics or changing option settings. You can view the administration console from a ...
Page 33
Web management overview 33 web management overview the web management software consists of embedded web management applications and installable tools: ■ embedded web management applications — use the embedded web management applications for most of your device configuration and management tasks. You...
Page 34
34 c hapter 2: m anagement a ccess snmp-based network management overview for more complete network management, you can use an external snmp-based application such as 3com’s transcend network control services or another network management application. You access external applications through an ethe...
Page 35
Key concepts 35 figure 3 shows how the different management access methods fit into the osi model. Figure 3 osi protocols for the corebuilder 3500 protocols the system supports the following protocols: ■ virtual terminal protocols, such as telnet ■ simple network management protocol (snmp) ■ fddi st...
Page 36
36 c hapter 2: m anagement a ccess virtual terminal protocols a virtual terminal protocol is a software program, such as telnet, that allow you to establish a management session from a macintosh, a pc, or a unix workstation. Because telnet runs over tcp/ip, you must have at least one ip address conf...
Page 37
Key concepts 37 simple network management protocol simple network management protocol (snmp) is the standard management protocol for multi-vendor ip networks. Snmp supports transaction-based queries that allow the protocol to format messages and to transmit information between reporting devices and ...
Page 38
38 c hapter 2: m anagement a ccess key guidelines for implementation this section describes guidelines for the different ways to access your system. Access methods there are several ways you can access your management application on the system; locally through a terminal connection, or remotely usin...
Page 39
Key guidelines for implementation 39 setting up the modem port use the administration console to match your external modem speed. Then configure the external modem by establishing a connection between your current administration console session and the modem port. You must establish a connection to ...
Page 40
40 c hapter 2: m anagement a ccess ■ in-band management — if you are managing your network in-band, you need to set up an ip routing interface and at least one vlan. See chapter 9 for information about defining a vlan, and chapter 11 for information about setting up an ip routing interface. See “in-...
Page 41
Administration console access 41 when you access the administration console, the top-level menu appears. You manage and monitor your system by selecting options from this menu and from others below it. Each menu option is accompanied by a brief description. For additional information about using the...
Page 42
42 c hapter 2: m anagement a ccess web management access web management applications are an embedded part of the corebuilder 3500 enterprise switch. They include webconsole, deviceview, and performance monitoring tools. Additional installable applications include help. After you have set up your ip ...
Page 43
Snmp access 43 snmp access you can use an external snmp-based application such as 3com transcend network control services to access your system through an ethernet port using an ip interface. Smartagent ® intelligent agents are the foundation of the transcend architecture. Smartagent software and rm...
Page 44
44 c hapter 2: m anagement a ccess.
Page 45: Ystem
3 s ystem p arameters this chapter guidelines and other information about the system parameters that you can configure. This chapter covers these topics: ■ system parameters overview ■ key concepts ■ key guidelines for implementation ■ file transfer ■ security ■ software update ■ nvdata operations ■...
Page 46
46 c hapter 3: s ystem p arameters system parameters overview on the administration console, you use the system menu to set or modify values for system parameters or functions. For many of these parameters, you can also use the configuration forms in the system folder of the web management suite of ...
Page 47
Key concepts 47 benefits using the options on the system menu: ■ provides an easy method for setting and modifying system parameters. ■ provides added security by limiting ip and web management access to your system. ■ decreases the time and cost of modifying your system configuration. You do not ne...
Page 48
48 c hapter 3: s ystem p arameters key guidelines for implementation this section briefly explains how to set and modify the values for system parameters that you can set. The system sets most of the parameter values during power-on. To set parameters that are not defined by the system or to modify ...
Page 49
Security 49 implementing tftp the trivial file transfer protocol (tftp) is simpler to use than ftp but has less functionality. Tftp uses udp as its transport protocol, with a simple stop-and-wait acknowledgment system. Because tftp has an effective window of only one 512-octet segment, its performan...
Page 50
50 c hapter 3: s ystem p arameters security options to configure trusted ip clients from the administration console, use the following options: ■ display — shows the ip address and subnet mask of each trusted ip client. ■ define — allows you to supply the ip address and subnet mask of a trusted ip c...
Page 51
Security 51 important considerations consider the following guidelines before you configure trusted ip clients on your system. Procedures configure trusted ip clients in this order: 1 define the trusted ip clients. 2 display the list of configured trusted ip clients to verify that you have configure...
Page 52
52 c hapter 3: s ystem p arameters software update you can load a new or updated version of the system software into your system’s flash memory or to a pcmcia flash memory card, with softwareupdate option on the system menu through the administration console. Depending on your network load, loading ...
Page 53
Nvdata operations 53 nvdata operations all of the system’s configurable parameters are saved in nonvolatile memory. When you work with nonvolatile data (nvdata), you can: ■ save and restore your system configuration for backup. ■ examine a saved nvdata file header. ■ reset system data to its factory...
Page 54
54 c hapter 3: s ystem p arameters restoring nvdata use the nvdata restore option on the system nvdata menu to restore a previous configuration that you have saved to an external file. Effects and consequences consider the following guidelines before you restore nvdata: ■ do not confuse nvdata resto...
Page 55
Nvdata operations 55 resetting nvdata to reset the system settings back to their factory default values, use the nvdata reset option. Important considerations consider these points before you reset nvdata on your system: ■ resetting nvdata erases all user-configured data, including all passwords, ex...
Page 56
56 c hapter 3: s ystem p arameters simple network time protocol (sntp) this section covers: ■ sntp overview ■ implementing sntp sntp overview sntp is an adaptation of the network time protocol (ntp), which is used to synchronize computer clocks in the global internet. Ntp provides comprehensive mech...
Page 57
Standards, protocols, and related reading 57 implementing sntp the system software provides an sntp client, which works with distributed sntp time servers to synchronize the system clock to international time standards. The sntp client operates in unicast mode, which means that the client and server...
Page 58
58 c hapter 3: s ystem p arameters.
Page 59: Hysical
4 p hysical p ort n umbering the corebuilder ® 3500 follows a specific set of rules for assigning physical port numbers. This chapter describes the physical port numbering on the system. It covers the following information: ■ port numbering overview ■ key guidelines for implementation ■ examples of ...
Page 60
60 c hapter 4: p hysical p ort n umbering see figure 6 later in this chapter for an example. Additional rules: ■ port numbering is consecutive, regardless of module type. ■ numbering skips over an empty slot and continues with the ports associated with the next occupied slot. ■ numbering includes un...
Page 61
Key guidelines for implementation 61 key guidelines for implementation to ensure that you understand the port numbering that the system reports for certain aspects of your configuration (bridging information, trunks, fddi ports, and vlans), observe these guidelines when you configure your system: ■ ...
Page 62
62 c hapter 4: p hysical p ort n umbering the configuration of trunks or das pairs does not change the port numbering scheme shown in displays such as ethernet statistics displays or bridge port displays. If you have created trunks or fddi das pairs, however, be aware that a group of ports is associ...
Page 63
Examples of port numbering 63 example 2: empty slot in the system when you have an empty slot, the port numbering includes no ports for that slot. With three fast ethernet modules, for example, you have 18 ports, which are numbered according to their position in the system. For example, if the top-r...
Page 64
64 c hapter 4: p hysical p ort n umbering example 3: gigabit ethernet module with other modules when you have a system with one gigabit ethernet module and three fast ethernet modules, port numbering accounts for the single port on the gigabit ethernet module, as shown in figure 8. Figure 8 port num...
Page 65
Examples of port numbering 65 example 4: fddi module with other modules an fddi module has six fddi ports (two rows of three ports). Figure 9 shows an fddi module in slot 1. The top row’s ports are numbered 1 through 3 and the bottom row’s ports are numbered 4 through 6. Slots 2 and 3 have 10/100 fa...
Page 66
66 c hapter 4: p hysical p ort n umbering effects of removing a module when you remove a module and leave the slot empty, a number of changes occur. Port-numbering changes the ports are sequentially renumbered when you remove a module from slot 1, 2, or 3. Removing a module in slot 4 does not cause ...
Page 67
Effects of removing a module 67 trunk changes when you remove a module, trunk changes occur as follows: ■ if you have a trunk that includes ports associated with the removed module, the trunk display shows that the trunk has missing ports. Example if you had a trunk on ports 17 through 20 before you...
Page 68
68 c hapter 4: p hysical p ort n umbering effects of replacing modules when you remove a module, a number of changes occur, depending on the replacement module. Replacing modules of the same type or same number of ports if you remove a module that does not have any trunks or das ports and replace it...
Page 69
Effects of replacing modules 69 vlan changes ■ if you replace a six-port module with a gigabit ethernet module, the ports are renumbered, and any preexisting vlans now include the gigabit ethernet port only if the vlans previously included the first port of the six-port module. Example if a vlan con...
Page 70
70 c hapter 4: p hysical p ort n umbering trunk changes ■ if you remove a module of a specific type that has trunks and replace it with a module of another type, the new ports do not become part of the trunk. When you define a trunk, the trunk is associated with a specific media type (100 mb, gigabi...
Page 71: Thernet
5 e thernet this chapter provides guidelines and other key information about how to implement ethernet ports. The chapter covers these topics: ■ ethernet overview ■ key concepts ■ key guidelines for implementation ■ port enable and disable (port state) ■ port labels ■ autonegotiation ■ port mode ■ f...
Page 72
72 c hapter 5: e thernet ethernet overview ethernet is a standardized, packet-based network that supports an exponential hierarchy of three line speeds: ■ 10 mbps — ethernet ■ 100 mbps — fast ethernet ■ 1000 mbps — gigabit ethernet all speeds of ethernet are based on the ieee 802.3 standard protocol...
Page 73
Ethernet overview 73 benefits ethernet, fast ethernet, and gigabit ethernet technologies allow you to configure and optimize: ■ link bandwidths ■ link availability link bandwidths as your network needs to support more users and increasingly bandwidth-intensive applications, you can configure etherne...
Page 74
74 c hapter 5: e thernet key concepts these concepts are important to implementing ethernet: ■ carrier sense multiple access with collision detection (csma/cd) — the standardized ethernet protocol that controls device access to the network ■ collision — when two or more stations attempt to transmit ...
Page 75
Key concepts 75 ■ pace ® interactive access — an algorithm that controls traffic flow on a point-to-point link with an end station. In a typical half-duplex ethernet connection, you can never achieve high rates of utilization because of the randomness of collisions. If a switch and end station both ...
Page 76
76 c hapter 5: e thernet ethernet frame processing all frames on an ethernet network are received promiscuously by an ethernet port. A port can discard frames for either of the following reasons: ■ there is no buffer space available. ■ the frame is in error. Figure 10 shows the order in which frame ...
Page 77
Key concepts 77 frames also may be delivered directly to an ethernet port by bridge, router, or management applications. A transmitted frame can be discarded for any of the following reasons: ■ the ethernet port is disabled. ■ there is no room on the transmit queue. ■ an error occurred during frame ...
Page 78
78 c hapter 5: e thernet key guidelines for implementation consider these important factors when you implement and configure ethernet networks. Link bandwidths recommended link capacities in a network normally depend on the speed requirements of end-user workstations, as shown in table 5. In areas t...
Page 79
Port enable and disable (port state) 79 port enable and disable (port state) you can enable ethernet ports (place them online) or disable them (place them off-line). Important considerations ■ you can use this command to configure the same setting on multiple ports simultaneously. When you specify m...
Page 80
80 c hapter 5: e thernet autonegotiation this feature enables some ports to identify and negotiate speed and duplex mode with a remote device. Important considerations ■ you can use this command to configure the same setting on multiple ports simultaneously. When you specify multiple port numbers, t...
Page 81
Autonegotiation 81 ■ 10/100base-tx ports — enabling autonegotiation causes both the port speed and duplex mode attributes to be autonegotiated. ■ 100base-fx ports — no autonegotiation of duplex mode occurs. The port speed is fixed at 100 mbps. The default duplex mode is half-duplex. ■ 1000base-sx po...
Page 82
82 c hapter 5: e thernet port mode you can change the port speed and duplex mode for the 10/100base-tx ports and the duplex mode for 100base-fx ports. You cannot change the port speed or duplex mode for gigabit ethernet ports. Important considerations ■ you can use this command to configure the same...
Page 83
Flow control 83 flow control the flow control mode allows a fast ethernet or gigabit ethernet port to: ■ decrease the frequency with which it sends packets to a receiving device, if packets are being sent too rapidly. ■ send flow control packets to a sending device, to request that the device slow i...
Page 84
84 c hapter 5: e thernet pace interactive access pace interactive access prevents excessive network jitter (variation in the timing of packet delivery that can cause garbled sound, jerky images, and delays). Pace technology also improves timing and optimizes lan bandwidth utilization. Important cons...
Page 85
Standards, protocols, and related reading 85 media specifications table 9 summarizes the system’s ethernet media options. Gigabit ethernet interface converter (gbic) ports are hot-swappable, that is, you can replace one gbic connector while the other connectors continue to carry traffic. To ensure o...
Page 86
86 c hapter 5: e thernet.
Page 87: Iber
6 f iber d istributed d ata i nterface (fddi) this chapter provides an overview, key concepts, guidelines, and other key information about how to configure fiber distributed data interface (fddi) in your system. This chapter covers these topics: ■ fddi overview ■ key concepts ■ key guidelines for im...
Page 88
88 c hapter 6: f iber d istributed d ata i nterface (fddi) fddi overview fiber distributed data interface (fddi) is a standards-based solution that provides fast and reliable data transfer on a local area network (lan). Fddi technology, which supports data transfer of 100 million bits per second (10...
Page 89
Key concepts 89 key concepts before you implement fddi in your system, review the following fddi standards, key concepts, and key terms. Related standards the industry guideline for fddi technology is divided into four major standards: ■ physical medium dependent (pmd) —specifies the characteristics...
Page 90
90 c hapter 6: f iber d istributed d ata i nterface (fddi) figure 12 illustrates the relationship of fddi entities to the osi reference model. Network attachments communicate with each other using predetermined protocols. The model divides these communication protocols into seven layers, which are d...
Page 91
Key concepts 91 fddi network topologies the term network topology refers to the ways that stations are interconnected within a network. An fddi network topology may be viewed at two distinct levels: ■ physical topology — a network’s physical topology is defined by the arrangement and interconnection...
Page 92
92 c hapter 6: f iber d istributed d ata i nterface (fddi) physical topology: a ring of trees the fddi ring consists of dual-attach stations (dass) and dual-attach connectors (dacs). The dacs on the ring allow you to attach trees. The trees consist of branches of single-attach stations (sass) and da...
Page 93
Key concepts 93 all physical connections in an fddi topology are duplex links (a pair of insulated fiber-optic conductors). Both the fddi ring and the ring of trees that are created through concentrators are made up of duplex links. Interconnect the nodes in an fddi network to form at most one ring....
Page 94
94 c hapter 6: f iber d istributed d ata i nterface (fddi) nodes an fddi network is made up of logically connected nodes. This generic term is used to refer to any active station or concentrator in an fddi network. ■ station — any addressable node on an fddi network that can transmit, repeat, and re...
Page 95
Key concepts 95 node types six station and concentrator types are used to describe station configurations and topologies. Table 10 lists these node types and their abbreviations. . Figure 16 shows how these six node types may connect to an fddi dual ring. Table 10 node types and abbreviations node t...
Page 96
96 c hapter 6: f iber d istributed d ata i nterface (fddi) figure 16 examples of fddi node types sas duplex fiber cable fddi dual ding m dac a b m m a b s s sas s dac dac sac = a port = b port = master port = slave port a b m s sm-das b m m a m m sas s s sas nac dm-das m m m a m b m m m b a.
Page 97
Key concepts 97 dual homing when the operation of a dual attachment node is crucial to your network, a configuration called dual homing can provide added reliability. Using dual homing you can determine a station’s operation by setting the appropriate configuration policy. You can configure the dual...
Page 98
98 c hapter 6: f iber d istributed d ata i nterface (fddi) smt operation the operation of smt falls into three broad categories: ■ physical connection management (pcm) — establishes and maintains point-to-point physical links between neighboring ports. It provides all the signaling necessary to init...
Page 99
Key concepts 99 smt has six key frame-based protocols: ■ neighbor notification — allows smt to learn the addresses of the logical neighbors of each mac in a station. This information is useful in detecting and isolating network faults. ■ parameter management — performs the remote management of stati...
Page 100
100 c hapter 6: f iber d istributed d ata i nterface (fddi) mac services some of the services that the mac performs include: ■ frame repetition and reception ■ frame removal ■ frame validity criteria checking ■ token capture ■ token rotation ■ ring initialization ■ beacon process mac services are pr...
Page 101
Key guidelines for implementation 101 ports at both ends of a physical connection determine the characteristics of that physical connection. The protocols that are executed at each port determine whether the connection is accepted or rejected. A connection is accepted if at least one station’s polic...
Page 102
102 c hapter 6: f iber d istributed d ata i nterface (fddi) ■ before the new fddi stationmode takes effect, you must reboot your system. ■ you cannot modify fddi-stationmode port-pairs when any of the ports in the pair are members of a trunk. ■ in a das configuration, the activity led from the secon...
Page 103
Fddi stations 103 table 11 bit to set for rejecting a station connection this connection is rejected (system port - remote port) if this bit is set connection rules a-a 0 undesirable peer connection that creates twisted primary and secondary rings; notify station management (smt). A-b 1 normal trunk...
Page 104
104 c hapter 6: f iber d istributed d ata i nterface (fddi) setting neighbor notification timer the t-notify attribute is a timer that the neighbor notification protocol uses to indicate the interval of time between the generation of neighbor information frames (nif). Nif frames allow stations to di...
Page 105
Fddi paths 105 effects and consequences when you set the tvxlowerbound attribute, consider the following: ■ by adjusting the tvxlowerbound value, you specify how quickly the ring recovers from an error. The lower that you set this value, the faster the network reacts to problems, but the ring may re...
Page 106
106 c hapter 6: f iber d istributed d ata i nterface (fddi) fddi macs you can display mac statistics and configure the following parameters: ■ mac frameerrorthreshold ■ notcopiedthreshold ■ logical link control (llc) service setting the frame error threshold the frameerrorthreshold attribute determi...
Page 107
Fddi ports 107 enabling and disabling llc service the logical link control (llc) service allows llc frames to be sent and received on the mac. Llc frames are all data frames that are transmitted on the network. If there is something wrong on your network, turn off data (user) traffic for a mac by di...
Page 108
108 c hapter 6: f iber d istributed d ata i nterface (fddi) setting lercutoff thelercutoff attribute is the link error rate estimate at which a link connection is disabled. When the lercutoff value is reached, the phy that detected a problem is disabled. Effects and consequences when you set the ler...
Page 109
Station mode (das and sas) 109 station mode (das and sas) you can modify the fddi station mode that is assigned to a specific port number to either das (dual attachment station) or sas (single attachment station) s port or m port. For the new station mode to take effect, you must reboot your system....
Page 110
110 c hapter 6: f iber d istributed d ata i nterface (fddi) figure 18 sample fddi configuration a b a b a b b a a b a b b a b a b a b a sas server sas server (fddi link) das server corebuilder® 3500 system fddi dual ring duplex fiber cable corebuilder 3500 system (das) corebuilder® 6000 or 2500 syst...
Page 111
Standards, protocols, and related reading 111 standards, protocols, and related reading this section describes how to obtain more technical information about fddi. Requests for comments (rfcs) documents called requests for comments (rfcs) contain information about fddi. Some of the rfcs that pertain...
Page 112
112 c hapter 6: f iber d istributed d ata i nterface (fddi).
Page 113: Ridge
7 b ridge -w ide and b ridge p ort p arameters this chapter provides an overview of bridging concepts and the spanning tree protocol and describes the bridging options and guidelines for your system. The chapter covers these topics: ■ bridging overview ■ key bridging concepts ■ how the spanning tree...
Page 114
114 c hapter 7: b ridge -w ide and b ridge p ort p arameters bridging overview a bridge interconnects two or more lans and allows them to communicate as if they were one lan. Bridges make forwarding decisions based on the information that the frames contain, and forward the frames toward the destina...
Page 115
Bridging overview 115 features your system supports several features that are closely related to the bridging process and are therefore categorized under bridge on the system interface. The following bridging topics are covered in this chapter: ■ spanning tree protocol (stp) — you can configure brid...
Page 116
116 c hapter 7: b ridge -w ide and b ridge p ort p arameters key bridging concepts before you configure bridge-wide or bridge port parameters, review the following key concepts. Learning addresses bridges learn addresses so that they can determine which packets to forward from one bridge port to ano...
Page 117
Key bridging concepts 117 the bridge compares the destination address to the addresses in the address table and does one of the following: ■ if the destination address is known to the bridge, the bridge identifies the port on which the destination address is located. ■ if the destination bridge port...
Page 118
118 c hapter 7: b ridge -w ide and b ridge p ort p arameters for more detailed information about spanning tree, see “how the spanning tree protocol works” later in this chapter. Figure 19 stp blocks redundant links transmitting station bridge c bridge b lan 1 lan 2 bridge a blocked blocked l2/3 l2/3...
Page 119
How the spanning tree protocol works 119 how the spanning tree protocol works using the spanning tree protocol (stp), bridges transmit messages to each other that allow them to calculate the spanning tree topology. These messages are special packets called configuration bridge protocol data units (c...
Page 120
120 c hapter 7: b ridge -w ide and b ridge p ort p arameters figure 20 hierarchy of the root bridge and the designated bridge actions that result from cbpdu information from the information that the cbpdus provide: ■ bridges elect a single bridge to be the rootbridge. The root bridge has the lowest ...
Page 121
How the spanning tree protocol works 121 figure 21 shows a bridged network with its stp elements. Figure 21 stp root and designated bridges and ports (r) lan 1 lan 2 root bridge (d) (d) (r) = root port (d) = designated port (b) = backup port lan 3 bridge lan 4 (r) (b) bridge (d) (d) designated bridg...
Page 122
122 c hapter 7: b ridge -w ide and b ridge p ort p arameters contents of cbpdus bridges use information in cbpdu to calculate a stp topology. The content of a cbpdu includes: ■ root id — the identification number of the root bridge. ■ cost — the cost of the least-cost path to the root from the trans...
Page 123
How the spanning tree protocol works 123 example 2. Root id is the same for message 1 and message 2, but cost is lower in message 1. The bridge saves message 1. Example 3. Root id and cost are the same for message 1 and message 2, but the transmitting bridge id is lower in message 1. The bridge save...
Page 124
124 c hapter 7: b ridge -w ide and b ridge p ort p arameters 3 from the messages that are received, the bridge identifies the root bridge. For example, if the bridge receives a cpbdu with the contents 52.0.52, then it assumes that the bridge with id 52 is the root (because 52 is smaller than 85). 4 ...
Page 125
How the spanning tree protocol works 125 figure 22 starting the spanning tree calculation lan 5 bridge a bridge b bridge c bridge d bridge e bridge f lan 1 lan 2 lan 3 lan 6 lan 4 12.0.12 10.0.10 20.0.20 81.0.81 29.0.29 35.0.35 xx.X.Xx = cbpdu (root id.Cost.Transmitter id) l2/3 l2/3 l2/3 l2/3 l2/3 l...
Page 126
126 c hapter 7: b ridge -w ide and b ridge p ort p arameters figure 23 spanning tree topology calculated lan 5 bridge a bridge b bridge c bridge d bridge e bridge f lan 1 lan 2 lan 3 lan 6 lan 4 10.11.12 10.0.10 10.11.20 10.12.81 10.11.29 10.11.35 root bridge (r) (b) (d) (r) (b) (r) (d) (r) (d) (d) ...
Page 127
How the spanning tree protocol works 127 determining the root bridge the root id portion of the cbpdu determines which bridge actually becomes the root bridge. In figure 22, notice how each bridge assumes itself to be the root and transmits a cbpdu that contains its own bridge id as both the root id...
Page 128
128 c hapter 7: b ridge -w ide and b ridge p ort p arameters for example, bridge b, the root bridge in figure 23, is also the designated bridge for lans 1, 2, and 5. A designated bridge must be determined for lans 3, 4, and 6: ■ because bridges c, d, and f are all attached to lan 3, one of them must...
Page 129
How the spanning tree protocol works 129 spanning tree port states because stp determines the network configuration or adjusts it, depending on events that occur, it places bridge ports in one of the following states at all times: listening, learning, forwarding, blocking, or disabled. Table 12 desc...
Page 130
130 c hapter 7: b ridge -w ide and b ridge p ort p arameters figure 24 illustrates the factors that cause a port to change from one state to another. The arrows indicate the direction of movement between states. The numbers correspond to the factors that affect the transition. Figure 24 factors in s...
Page 131
How the spanning tree protocol works 131 reconfiguring the bridged network topology stp reconfigures the bridged network topology when any of the following events occur: ■ bridges are added or removed. ■ the root bridge fails. ■ you change any of the bridging parameters that influence the topology d...
Page 132
132 c hapter 7: b ridge -w ide and b ridge p ort p arameters key guidelines for implementation consider the following guidelines when you configure bridge-wide and bridge port parameters on your system: ■ when you disable bridge-wide stp, the bridge cannot participate in the algorithms for loop dete...
Page 133
Key guidelines for implementation 133 ■ if you want to specify a multicast limit for a trunk, be sure to apply it to the trunk’s anchor port (lowest-numbered port) only. However, be aware that the multicast limit applies to each link in the trunk (that is, it is not an aggregate). ■ you can enable s...
Page 134
134 c hapter 7: b ridge -w ide and b ridge p ort p arameters stp bridge and port parameters on a bridge-wide basis, you can enable or disable the spanning tree protocol (stp) and set stp bridge parameters. On a bridge-port basis, you can enable, disable, or remove stp and set stp bridge port paramet...
Page 135
Stp bridge and port parameters 135 ■ bridge forward delay — the forward delay value specifies the amount of time that a bridge spends in each of the listening and the learning states. This value temporarily prevents a bridge from starting to forward data packets to and from a link until news of a to...
Page 136
136 c hapter 7: b ridge -w ide and b ridge p ort p arameters administering stp parameters on bridge ports you can enable, disable, or remove the spanning tree protocol for one or more ports on the system. This setting affects the operation of a port only if the stp is enabled for the bridge. You can...
Page 137
Frame processing 137 frame processing all frames that are received on a physical interface and not explicitly directed to the system or discarded are delivered to the corresponding bridge port. The bridge port either forwards each frame to another bridge port or discards it. The system can discard a...
Page 138
138 c hapter 7: b ridge -w ide and b ridge p ort p arameters mac address table the system includes several options for managing mac addresses on bridge ports. The system recognizes two different kinds of addresses: ■ static mac addresses — addresses that you manually add to the bridge address table ...
Page 139
Ip fragmentation 139 ■ a statically configured address is never aged and it cannot be learned dynamically on a different port until it is removed from the port on which it is configured. ■ the number of static mac addresses that you can configure depends on the availability of system resources. ■ if...
Page 140
140 c hapter 7: b ridge -w ide and b ridge p ort p arameters broadcast and multicast limit for bridge ports you can assign a rate limit to any bridge port in the system to control the per-second forwarding rate of incoming multicast and broadcast packets. If the limit is reached, all remaining multi...
Page 141
Garp vlan registration protocol (gvrp) 141 garp vlan registration protocol (gvrp) to activate gvrp on the system, you enable the garp vlan registration protocol (gvrp) first on the bridge and then on individual bridge ports. On a port-by-port basis, gvrp allows the system to automatically learn the ...
Page 142
142 c hapter 7: b ridge -w ide and b ridge p ort p arameters ■ gvrp manages the active topology, not nontopological data such as vlan protocols. If a local bridge needs to classify and analyze packets by vlan protocols, you must manually configure protocol-based vlans and simply rely on gvrp to send...
Page 143: Runking
8 t runking this chapter provides guidelines, limitations, and other important information about how to implement the trunking function for corebuilder ® 3500 systems. This chapter covers the following topics: ■ trunking overview ■ key concepts ■ key guidelines for implementation ■ defining trunks ■...
Page 144
144 c hapter 8: t runking trunking overview a trunk (also known as an aggregated link) works at layer 2 and allows you to combine multiple fast ethernet, gigabit ethernet, or fddi ports into a single high-speed link between two switches (see figure 25). Figure 25 example of a trunk the system treats...
Page 145
Key concepts 145 trunks also enhance network availability, because the trunk control message protocol (tcmp) detects and handles physical configuration errors in the point-to-point configuration. The system automatically distributes traffic across the ports that are associated with the trunk. If any...
Page 146
146 c hapter 8: t runking it is important to understand the relationships between ethernet, bridge, and vlan port-related information: ■ ethernet port information — each physical port is always listed individually, regardless of whether it is part of a trunk. ■ bridge port information — this informa...
Page 147
Key guidelines for implementation 147 tcmp uses three trunk port states to control port activation and deactivation: ■ notinuse — a trunk port in this state has not been selected to participate in the trunk. ■ selected — tcmp has selected the trunk port to participate in the trunk, but the port has ...
Page 148
148 c hapter 8: t runking ■ 3com recommends that you use trunks to increase network availability in the following scenarios: ■ switch-to-switch connections in the data center and campus interconnect areas ■ switch-to-server connections in the data center and campus interconnect areas ■ downlinks fro...
Page 149
Key guidelines for implementation 149 ■ a trunked fast ethernet pipeline may seem to offer comparable bandwidth to a single gigabit ethernet link, and trunked fast ethernet may seem like a good way to buy some time before you upgrade connections to gigabit ethernet. Table 14 shows that given a choic...
Page 150
150 c hapter 8: t runking defining trunks to define a trunk, you specify the ports that you want to be in the trunk. Important considerations ■ if you have already defined other trunks on your system, you cannot select ports that are part of an existing trunk. ■ devices that you use in a trunking co...
Page 151
Defining trunks 151 ■ when you create a vlan that includes ports that are part of a trunk, specify the anchor port (lowest-numbered port) that is associated with the trunk. For example, if ports 1 through 3 are associated with a trunk, specifying port 1 defines the vlan to include all of the physica...
Page 152
152 c hapter 8: t runking modifying trunks you can modify a trunk in two ways: ■ you can modify a trunk’s characteristics (for example, the operating mode or the tcmp state). ■ you can add or remove a port from the trunk. Important considerations ■ you must keep at least one port that you defined in...
Page 153
Removing trunks 153 ■ you cannot change some port characteristics within a trunk. For example, in an fddi trunk, you cannot change a trunked das port to a sas port. Here is an example of how to change the fddi station mode of a trunk: a remove the desired trunk. B reboot and then change the station ...
Page 154
154 c hapter 8: t runking standards, protocols, and related reading the system supports these ethernet standards: ■ ieee 802.3 — 10base-t ethernet over unshielded twisted pair (utp) ■ ieee 802.3u — 100base-t fast ethernet over utp or fiber ■ ieee 802.3z — 1000base-sx gigabit ethernet over multimode ...
Page 155: Irtual
9 v irtual lan s this chapter provides guidelines and other key information about how to use virtual lans (vlans) on your system. This chapter covers the following topics: ■ vlan overview ■ key concepts ■ key guidelines for implementation ■ vlan allopen or allclosed mode ■ ignore stp mode ■ port-bas...
Page 156
156 c hapter 9: v irtual lan s vlan overview a virtual lan (vlan) is a logical grouping that allows end users to communicate as if they were physically connected to a single lan, independent of the physical configuration of the network. A vlan is generally considered equivalent to a layer 2 broadcas...
Page 157
Vlan overview 157 vlans provide a high-performance and easy-to-implement alternative to routers for broadcast containment. Using switches with vlans: ■ each network segment can contain as few as one user (approaching private port lan switching), while broadcast domains can be as large as 1,000 users...
Page 158
158 c hapter 9: v irtual lan s features your system supports the following vlan features: ■ settable modes —for the entire system, you can establish a less-restrictive vlan environment with allopen mode or a more secure vlan environment with allclosed mode. Using allclosed mode also enables you to u...
Page 159
Key concepts 159 you can either configure network-based ip vlans (ip vlans with unique layer 3 ip addresses) or you can define a single vlan with the protocol type ip and then define multiple ip routing interfaces for that single ip vlan. See chapter 11 for more information about defining vlan-based...
Page 160
160 c hapter 9: v irtual lan s vlan ids each vlan is identified by its vlan id (vid). For vlans that you create, the system keeps track of its used vlan id numbers to help you select the next available vlan id. Outgoing data frames are tagged per ieee 802.1q (which specifies the vid) if tagging is e...
Page 161
Key concepts 161 terminology the following terms apply to vlans: ■ default vlan — the predefined port-based vlan interface on your system that always uses vid 1, the protocol type unspecified, and the name default. The default vlan also initially includes all of the bridge ports without any tagging,...
Page 162
162 c hapter 9: v irtual lan s ■ protocol suite — the protocol family that is associated with a protocol-based vlan. Protocol-based vlans can be associated with one or more protocol suites. The protocol suite is unspecified for the default vlan and all port-based vlans. ■ layer 3 address — the netwo...
Page 163
Key guidelines for implementation 163 key guidelines for implementation this section provides a series of guidelines to consider when you use vlans. The guidelines are organized as follows: ■ network-based vlans vs. Multiple interfaces per vlan ■ vlans created by router port ip interfaces ■ number o...
Page 164
164 c hapter 9: v irtual lan s vlans created by router port ip interfaces by default, your system uses a routing over bridging model, in which any frame is bridged before it is potentially routed. If you want to define ip routing interfaces that use a routing versus bridging model, however, you can ...
Page 165
Key guidelines for implementation 165 number of vlans your system supports a maximum of 64 vlans based on a physical limit of 125 vlan table entries. To determine the number of vlans of any type that you can have on the system, use the following equation: number of vlans supported = (125 divided by ...
Page 166
166 c hapter 9: v irtual lan s vlan equation examples example 1 you have 7 protocol suites on the system (ip, appletalk, unspecified for the default vlan, and generic ipx, which counts as 4 protocol suites): (125 / 7) – 3 = 14 in this configuration, the system supports a minimum of 14 vlans. Per tab...
Page 167
Key guidelines for implementation 167 general guidelines ■ the vlan mode of allopen or allclosed applies to all vlans associated with the system (static, dynamic, or router port). Configure the vlan mode before you define any static vlans. (as part of the configuration procedures for a router port i...
Page 168
168 c hapter 9: v irtual lan s ■ to establish routing between static vlans and configure a vlan interface to support one or more routing protocols, configure the vlan for the protocols before you configure a routing interface. For protocols other than ip, the system does not define the routing inter...
Page 169
Vlan allopen or allclosed mode 169 vlan allopen or allclosed mode you can select allopen or allclosed as the vlan mode for your entire system. The default is allopen. 3com’s use of the term “allopen” is equivalent to the ieee standard 802.1q term “shared vlan learning” (svl). The term “allclosed” is...
Page 170
170 c hapter 9: v irtual lan s ■ if you are using allclosed mode and stp on the system (with multiple routes to a destination), you can also specify a mode called ignore stp mode to disable stp blocking for a specified static vlan. (although each vlan has its own address table, there can be only one...
Page 171
Vlan allopen or allclosed mode 171 mode requirements table 16 shows the requirements for defining static vlans in allopen and allclosed mode. Table 16 mode requirements for static vlans type of static vlan requirements port-based for nonoverlapped port-based vlans: ■ protocol type: unspecified ■ sep...
Page 172
172 c hapter 9: v irtual lan s ignore stp mode when you use allclosed vlan mode on your system, you can enable the system to ignore the spanning tree protocol (stp) mode on a per-vlan basis, that is, to ignore stp blocked ports for static protocol-based vlans associated with routing interfaces. (whe...
Page 173
Ignore stp mode 173 example of ignore stp mode figure 27 shows two paths available if a workstation associated with ip vlan e wants to communicate with a server associated with ip vlan d. Stp blocks the routed as well as bridged traffic for the one path unless you enable ignore stp mode for the rout...
Page 174
174 c hapter 9: v irtual lan s vlan aware mode vlan aware mode accommodates the difference in vlan resource usage as well as tagged-frame ingress rules between release 1.2 and release 3.0 of the system software. For more information on ingress rules, see “rules of vlan operation” later in this chapt...
Page 175
Port-based vlans 175 in this situation, the system removes all bridge ports from the vlan that it could not restore from nonvolatile (nv) data, although it does maintain the previously stored nv data. To restore your vlans after you see the resource error message, use the bridge vlan vlanawaremode o...
Page 176
176 c hapter 9: v irtual lan s the default vlan is the flood domain in either of these cases: ■ the system receives data for a protocol that is not supported by any vlan in the system. ■ the system receives data for a protocol that is supported by defined vlans, but these vlans do not contain the po...
Page 177
Port-based vlans 177 trunking and the default vlan another benefit of maintaining the default vlan (with any number of ports) involves trunking. 3com strongly recommends that you define your trunks before you define your vlans. Trunking with the default vlan intact trunking actions affect the defaul...
Page 178
178 c hapter 9: v irtual lan s trunking with the default vlan removed if you remove the default vlan, the system has nowhere to return ports altered by trunking, as discussed in these examples: ■ if you have vlans (but no default vlan) and you then define a trunk for ports in one of the vlans, those...
Page 179
Port-based vlans 179 ■ if you define fddi das ports, select the lowest-numbered port in the das pair when you define the ports in the vlan. The higher-numbered port in the das pair is not selectable. See chapter 6. ■ decide whether you want the ports that you are specifying for the vlan interface to...
Page 180
180 c hapter 9: v irtual lan s this situation causes different behavior for allopen versus allclosed vlans. For example, for allclosed vlans, if a frame is received on a port in unspeca with a destination address that is known in the address table of unspecb, the frame is flooded throughout unspeca ...
Page 181
Port-based vlans 181 table 17 shows the information that can be used to configure these vlans without overlapped ports on device 1 (the device on the left): example 2: overlapped vlans figure 29 shows port-based vlans that overlap on bridge port 3. Figure 29 port-based vlans with overlapped ports ta...
Page 182
182 c hapter 9: v irtual lan s table 18 shows the information that you use to configure these vlans withoverlapped ports on device 1: if you plan for your vlan to include trunk ports, specify the anchor port (lowest-numbered port) associated with the trunk. For example, if ports 5 through 8 in unspe...
Page 183
Port-based vlans 183 gvrp enables your system to advertise its manually configured ieee 802.1q vlans to other devices supporting gvrp. Because the vlans are advertised, gvrp-aware devices in the core of the network need no manual configuration to pass ieee 802.1q frames to the proper destination. Th...
Page 184
184 c hapter 9: v irtual lan s ■ the vlan topologies that gvrp learns are treated differently from vlans that are statically configured. Gvrp’s dynamic updates are not saved in nvram, while static updates are saved in nvram. When gvrp is disabled, the system deletes all vlan interfaces that were lea...
Page 185
Port-based vlans 185 example: gvrp figure 30 shows how a gvrp update (with the vid) sent from one end station is propagated throughout the network. Figure 30 sample configuration using gvrp lan 1 r r d lan 2 r d d station sending update with vid d = declaration of attribute r = registration of attri...
Page 186
186 c hapter 9: v irtual lan s protocol-based vlans protocol-based vlans enable you to use protocol type and bridge ports as the distinguishing characteristics for your vlans. When you select a protocol such as ip, you do so based on the guidelines in this section. Important considerations before yo...
Page 187
Protocol-based vlans 187 selecting a protocol suite the protocol suite describes which protocol entities can comprise a protocol-based vlan. For example, the system’s vlans support the ip protocol suite, which has three protocol entities (ip, arp, and rarp). Table 19 lists the protocol suites that t...
Page 188
188 c hapter 9: v irtual lan s the system imposes two important limits regarding the number of vlans and the number of protocols: ■ number of vlans supported on the system — to determine the minimum number of vlans that the system can support, use the equation described in “number of vlans” earlier ...
Page 189
Protocol-based vlans 189 table 20 shows the information that can be used to configure these vlans on device 1 (the device on the left): establishing routing between vlans your system supports routing using ip, ipx, and appletalk vlans. If vlans are configured for other routable network layer protoco...
Page 190
190 c hapter 9: v irtual lan s important considerations to create an ip interface that can route through a static vlan, you must: 1 create a protocol-based ip vlan for a group of bridge ports. If the vlan overlaps with another vlan at all, define it in accordance with the requirements of your vlan m...
Page 191
Protocol-based vlans 191 example: protocol-based vlans for routing figure 32 shows a vlan configuration that contains three ip vlans without overlapped ports. Figure 32 sample vlan routing configuration . Table 21 shows the information that is used to configure these routing vlans: table 21 sample p...
Page 192
192 c hapter 9: v irtual lan s network-based ip vlans for ip vlans only, you can configure network-layer subnet addresses. With this additional layer 3 information, you can create multiple independent ip vlans with the same bridge ports. Untagged frames are assigned to a network-based vlan according...
Page 193
Network-based ip vlans 193 ■ you can define only one ip routing interface for a network-based vlan. When you define an ip routing interface with the interface type vlan, the system does not allow you to select a network-based ip vlan that already has a routing interface defined for it. For more info...
Page 194
194 c hapter 9: v irtual lan s figure 33 network-based vlans with overlapped ports table 22 shows the information that can be used to configure the two overlapped ip vlans on device 1: table 22 network-based ip vlan definitions with overlapped ports ip vlan2 ip vlan3 vlan index 2 vlan index 3 vid 22...
Page 195
Rules of vlan operation 195 rules of vlan operation after you select a vlan mode for the system and create vlan interfaces with vlan characteristics such as ieee 802.1q or no tagging, port membership, protocol type, and layer-3 (network) address information, the system determines the details of vlan...
Page 196
196 c hapter 9: v irtual lan s the flow chart in figure 34 shows the vlan ingress rules for the system at release 3.0. Figure 34 flow chart for 3.0 ingress rules incoming frame receive port is untagged in a vlan that matches theframe’s protocol type? Receive port is in avlan that matches both the fr...
Page 197
Rules of vlan operation 197 the ingress rules for tagged frames vary for the various system releases. Table 23 summarizes the differences. Table 23 ingress rules for ieee 802.1q tagged frames based on vlan mode and software release number vlan mode release 1.2 release 2.0 release 3.0 action without ...
Page 198
198 c hapter 9: v irtual lan s egress rules these rules determine whether the outgoing frame is forwarded, filtered (dropped), or flooded; they also determine the frame’s tag status. Although the same standard bridging rules apply to both open and closed vlans, they result in different behavior depe...
Page 199
Rules of vlan operation 199 tag status rules after the vlan and the transmit ports are determined for the frame, the tag status rules determine whether the frame is transmitted with an ieee 802.1q tag. Priority tagged frames for qos use the same frame format as ieee 802.1q tagging but with a vid of ...
Page 200
200 c hapter 9: v irtual lan s examples of flooding and forwarding decisions this section provides several examples of flooding and forwarding decisions. Example 1: flooding decisions for protocol-based vlans table 24 shows how flooding decisions are made according to three vlans that are set up by ...
Page 201
Rules of vlan operation 201 example 2: vlan exception flooding if an untagged frame arrives on an untagged bridge port that belongs to a vlan that matches the protocol type of the incoming frame, the frame is assigned to the matching vlan. The default vlan (if it exists) provides the match and defin...
Page 202
202 c hapter 9: v irtual lan s rules for network-based (layer 3) vlans whenever an ip vlan is defined with layer 3 information, another vlan, called the all ip subnets vlan, is defined over the same ports. Information about this vlan is not available to the network administrator. Also, this vlan has...
Page 203
Rules of vlan operation 203 example 3: decisions for one network-based vlan table 26 shows the information for one network-based ip vlan and how forwarding and flooding decisions are made for this vlan. Table 26 one network-based vlan and forwarding and flooding decisions index vid vlan name ports i...
Page 204
204 c hapter 9: v irtual lan s example 4: forwarding and flooding for network-based vlans table 27 shows the information for network-based ip vlans and how forwarding and flooding decisions are made according to these vlans. In the following example, the system is in allopen mode and the incoming fr...
Page 205
Rules of vlan operation 205 untagged frame received on port 1 frame is ■ frame (protocol 0x0800) ■ ip destination address (da) 158.101.100.1 ■ mac da is known on port 6 ■ assigned to the ip_100 vlan ■ transmitted on port 6 untagged ■ ip frame (protocol 0x0800) ■ ip da = 158.101.101.1 ■ mac da is kno...
Page 206
206 c hapter 9: v irtual lan s modifying and removing vlans you can modify or remove any vlans on your system. Review the following guidelines before you modify or remove vlans: ■ when you modify vlan information for a vlan interface other than the default vlan on your system, you have the option to...
Page 207
Monitoring vlan statistics 207 monitoring vlan statistics when you display vlan statistics, the system-generated statistics are valid only under these conditions: ■ when the vlans are defined for the same protocol type (or the type unspecified) and do not have any overlapping ports (for example, an ...
Page 208
208 c hapter 9: v irtual lan s.
Page 209: Acket
10 p acket f iltering this chapter describes what packet filters are, how to create them, and how to use system utilities to apply them to ports of your corebuilder ® 3500 system. The chapter covers these topics: ■ packet filtering overview ■ key concepts ■ important considerations ■ managing packet...
Page 210
210 c hapter 10: p acket f iltering packet filtering overview the packet filtering feature allows a switch to make a permit-or-deny decision for each packet based on the packet contents. Use packet filters to control traffic on your network segments to: ■ improve lan performance. ■ implement lan sec...
Page 211
Packet filtering overview 211 you must filter on the input packet type. For example, if you write a filter that you intend to assign to the transmit path of an ethernet port, it will not be sufficient to compose a filter that only filters ethernet traffic. This is because the filtering function is a...
Page 212
212 c hapter 10: p acket f iltering path assignment after you create a packet filter, you can assign it to any combination of the transmit all , transmit multicast , receive all , receive multicast , and receive internal paths of each port. The filter executes a series of operations on the packet’s ...
Page 213
Key concepts 213 key concepts before you use packet filters, review the following key concepts and terms: ■ standard filters — packet filters that are supplied with the corebuilder 3500 that the hardware executes at wire speed. You can load them from the administration console, or select them from t...
Page 214
214 c hapter 10: p acket f iltering placing a filter on the receive path confines the packet to the segment that it originated from if it does not meet the forwarding criteria. Placing a filter on the transmit path prohibits a packet from accessing certain segments unless it meets the forwarding cri...
Page 215
Important considerations 215 important considerations ■ after you create a packet filter, you must: ■ assign the filter to the applicable ports ■ assign the filter to the applicable transmit and receive paths ■ define port groups, if needed ■ if you assign standard (hardware) filters on the receive ...
Page 216
216 c hapter 10: p acket f iltering ■ deleting packet filters — deleting a packet filter removes the filter from the system. A filter cannot be deleted if it is assigned. You must unassign the filter from any ports before you can delete the filter. Use the bridge packetfilter delete command. ■ editi...
Page 217
Tools for writing filters 217 tools for writing filters the following tools can be used to create packet filters. ■ ascii text editor ■ built-in line editor ■ web management filter builder tool ascii text editor you can create a new custom packet filter using an ascii-based text editor (such as emac...
Page 218
218 c hapter 10: p acket f iltering table 29 commands for the built-in packet filter editor command keys description list buffer ctrl+l displays each of the lines in the editing buffer, and then redisplays the line currently being edited. Next line ctrl+n moves cursor to start of next line. Previous...
Page 219
Tools for writing filters 219 web management filter builder tool filter builder is part of the web management tool suite. You can use filter builder to: ■ download one of the predefined standard hardware or custom software filters to your switch. ■ create your own custom filters and then download th...
Page 220
220 c hapter 10: p acket f iltering filter builder includes 10 predefined filters, which are displayed on the filter screen. Table 30 lists the filters by name, what each does, and whether the filter operates in the software or the hardware. You can distinguish predefined filters from the custom fil...
Page 221
Downloading custom packet filters 221 downloading custom packet filters you download a packet filter from the system on which it was created to the corebuilder 3500 in one of two ways: ■ if you are using the filter builder web management applications, you can download filter through the filter build...
Page 222
222 c hapter 10: p acket f iltering 4 when the downloaded filter is displayed, press assign. 5 always leave slot as 1. 6 check the type of port that you want to filter. 7 type the number of the port(s) that you want to filter. 8 check the path(s) that you want to filter. Download an ascii file to do...
Page 223
Downloading custom packet filters 223 4 you are prompted in turn to supply: ■ the ip address of the remote system where the file is. ■ the full pathname to the file. At this point, tftp simply transfers the file. Ftp prompts for the: ■ remote system username. ■ remote system password. Example (ftp):...
Page 224
224 c hapter 10: p acket f iltering the packet filtering language you define packet filters using a stack-oriented language, which uses a lifo (last in, first out) queue when the packet filter is running. The program places values (called operands) on the stack and tests them with various logical ex...
Page 225
The packet filtering language 225 procedure for writing a custom filter this section describes the process of writing a packet filter. Detailed examples are provided in “long custom filter example” later in this chapter. You write the instructions for the packet filter using the following syntax: [....
Page 226
226 c hapter 10: p acket f iltering table 31 describes the instructions and stacks of a packet filter. Table 31 packet filter instructions and stacks — descriptions and guidelines element descriptions and guidelines instructions each instruction in a packet filter definition must be on a separate li...
Page 227
The packet filtering language 227 the ethernet and fddi packet fields in figure 35 are used as operands in the packet filter. The two simplest operands are described in table 32. Table 32 two packet filter operands operand description opcode packet field a field in the packet that can reside at any ...
Page 228
228 c hapter 10: p acket f iltering packet filter opcodes opcodes are instructions used in packet filter definitions. The available opcodes are described in table 33. Table 33 packet filtering opcodes opcode memory requirements description name “” 2 + n bytes, where n is the length of the assigns a ...
Page 229
The packet filtering language 229 pushtop 1 byte pushes the current top of the stack onto the stack (that is, it reads the top of the stack and pushes the value onto the stack, which effectively duplicates the item currently on top of the stack). The size of the contents of the stack determines the ...
Page 230
230 c hapter 10: p acket f iltering pushspgm 1 byte pushes the source port group mask (spgm) onto the top of the stack. The spgm is a bitmap representing the groups to which the source port of a packet belongs. This instruction pushes 4 bytes on to the stack. Each port group mask is represented by a...
Page 231
The packet filtering language 231 le (less than or equal to) 1 byte pops two values from the stack and performs an unsigned comparison. If the first is less than or equal to the second, a byte containing the non-zero value is pushed onto the stack; otherwise, a byte containing 0 is pushed. The conte...
Page 232
232 c hapter 10: p acket f iltering accept 1 byte conditionally accepts the packet that is being examined. Pops a byte from the stack. If its value is non-zero, the packet is accepted and evaluation of the filter ends immediately; otherwise, filter evaluation continues with the next instruction. Use...
Page 233
The packet filtering language 233 implementing sequential tests in a packet filter filter language expressions are normally evaluated to completion — a packet is accepted if the value remaining on the top of the stack is nonzero. Frequently, however, a single test is insufficient to filter packets e...
Page 234
234 c hapter 10: p acket f iltering figure 37 accept and reject instructions the following example shows the use of both accept and reject in a packet filter. This packet filter was created for a network that is running both phase i and phase ii appletalk software. The goal of the filter is to elimi...
Page 235
Common syntax errors 235 common syntax errors when you press the escape key to exit from the administration console’s built-in editor or when you load a packet filter definition from across the network, the software examines the definition for syntax errors. Table 34 lists syntax errors and their ca...
Page 236
236 c hapter 10: p acket f iltering invalid characters in number the number specified as an offset or literal is improperly formatted. Possible causes are 1) lack of white space setting off the number, and 2) invalid characters in the number. Note: the radix of the number is determined by the first ...
Page 237
Custom packet filter examples 237 custom packet filter examples the following examples of packet filters, which were built using the packet filter language, start with basic concepts. Destination address filter this filter operates on the destination address field of a frame. It allows packets to be...
Page 238
238 c hapter 10: p acket f iltering type filter this filter operates on the type field of a frame. It allows packets to be forwarded that are ip frames. To customize this filter to another type value, change the literal value loaded in the pushliteral.W instruction. Ethernet type ipx and multicast f...
Page 239
Custom packet filter examples 239 source address and type filter this filter operates on the source address and type fields of a frame. It allows xns packets to be forwarded that are from stations with an oui of 08-00-02. To customize this filter to another oui value, change the literal value loaded...
Page 240
240 c hapter 10: p acket f iltering xns routing filter this filter operates on the type and data fields of a frame. It discards all xns routing packets. Port group filter see “using port groups in custom packet filters” for a port group filter example. Name “drop xns routing” pushfield.W 12 # get ty...
Page 241
Limits to filter size 241 limits to filter size a packet filter program is stored in a preprocessed format to minimize the space that is required by the packet filter definition. Comments are stripped. When assigned to a port, the packet filter is converted from the stored format to a run-time forma...
Page 242
242 c hapter 10: p acket f iltering using port groups in custom packet filters you can use a port group (a list of system ports) as filtering criteria in a packet filter. A packet filter uses the group to make filtering decisions by accessing the group’s source port group mask and destination port g...
Page 243
Using port groups in custom packet filters 243 if mac address 00-80-3e-12-34-56 is learned on port 3 and port 3 belongs to port group 1, it has a port group bit mask for port group 1 inserted into the port group mask table that is associated with the mac address in the bridge address table. The mask...
Page 244
244 c hapter 10: p acket f iltering for example, port 1 has a packet filter using the dpgm assigned to the rxall path of port 1 and a broadcast frame is received on port 1. The bridge determines that the frame will be flooded to the vlan ports 2-5. The filter is processed 4 times: 1 once for the rx ...
Page 245
Port group management and control functions 245 port group management and control functions management and control functions to define port groups are provided in the system. Defining port groups you can configure port groups from the bridge packetfilter portgroup menu of the administration console,...
Page 246
246 c hapter 10: p acket f iltering ■ removing ports from a group — at least one group must exist before you can remove a port. ■ loading groups — the administration console has no explicit menu item for loading port groups that are defined in a file on a remote host. However, you can load groups by...
Page 247
Long custom filter example 247 long custom filter example the following solution shows a complex packet filter built from three simple packet filters. Each of the shorter, simpler packet filters can be used on its own to accomplish its own task. Combined, these filters create a solution for a larger...
Page 248
248 c hapter 10: p acket f iltering you can use this information to create pseudocode that simplifies the process of writing the actual filter. It helps to first write the pseudocode in outline form, as shown here: 1 determine if the packet has a broadcast address. 2 determine if the packet is an xn...
Page 249
Long custom filter example 249 name “ip xns ticker bcast filter” # assign this filter in the multicast path # of a port only--this is very important. # # xns filtering section # pushfield.A 0 # apply pushliteral.A 0xffffffffffff# filter ne # only on broadcast traffic accept # pushfield.W 12 # get th...
Page 250
250 c hapter 10: p acket f iltering the rest of this section concentrates on the parts of the complex filter, showing you how to translate the pseudocode’s requirements into filter language. The large filter is broken down into subsets to show how you can create small filters that perform one or two...
Page 251
Long custom filter example 251 4 enter executable instruction #3: ne # not 0xffffffffffff 5 enter executable instruction #4: accept # accept packet and go no further this accepts all non-broadcast packets. 6 enter executable instruction #5: pushfield.W 12 # get the type field of the packet and # pla...
Page 252
252 c hapter 10: p acket f iltering 4 enter executable instruction #3: ge # compare if the value of the socket is greater than # or equal to the lower bound. 5 enter executable instruction #4: pushliteral.W 0x0898 # put the highest socket value on # top of the stack. 6 enter executable instruction #...
Page 253
Long custom filter example 253 4 add an and statement to compare the results of step 2 with the results of step 3: and # compare if ip and in range. This combination looks like this: name “only ip pkts w/in socket range” pushfield.W 12 # get the type field of the packet and # place it on top of the ...
Page 254
254 c hapter 10: p acket f iltering combining all the filters together, the packet filters work to perform the solution to the problem: filtering the broadcast packets from the market data servers. These steps show how to create this filter: 1 name the filter: name “discard xns & ip broadcast pkts w...
Page 255
Long custom filter example 255 name “optimized ip xns ticker bcast filter” # assign this filter in the multicast path # of a port only--this is very important. # # xns filtering section (assuming more xns traffic) pushfield.A 0 # pushliteral.A 0xffffffffffff# ne # accept # pushfield.W 12 # get the t...
Page 256
256 c hapter 10: p acket f iltering.
Page 257: Nternet
11 i nternet p rotocol (ip) this chapter provides guidelines and other key information about how to configure your system to route packets using the internet protocol (ip). Chapter contents include: ■ routing overview ■ key concepts ■ routing models: port-based and vlan-based ■ key guidelines for im...
Page 258
258 c hapter 11: i nternet p rotocol (ip) routing overview the term routing refers to the action of sending information, in the form of packets, from one network to another. A router is the device that accomplishes this task. Your system, as a layer 3 device, can act as a router. Routers typically: ...
Page 259
Routing overview 259 routing in a subnetted environment use your system to fit ethernet switching capability into subnetworked (subnetted) environments. When you put your system into such a network, the system streamlines your network architecture by routing traffic between subnets and switching wit...
Page 260
260 c hapter 11: i nternet p rotocol (ip) integrating bridging and routing your system integrates bridging and routing. You can assign multiple ports to each subnet. See figure 40. Figure 40 multiple ethernet ports per subnet bridging switches traffic between ports that are assigned to the same subn...
Page 261
Routing overview 261 ip routing overview an ip router, unlike a bridge, operates at the network layer of the open systems interconnection (osi) reference model. The network layer is also referred to as layer 3. An ip router routes packets by examining the network layer address (ip address). Bridges ...
Page 262
262 c hapter 11: i nternet p rotocol (ip) features and benefits ip routing provides the following features and benefits: ■ economy — because you can connect several segments to the same subnet with routing, you can increase the level of segmentation in your network without creating new subnets or as...
Page 263
Key concepts 263 key concepts ip routers use the following elements to transmit packets: ■ multiple ip interfaces per vlan ■ media access control (mac) addresses ■ network addresses ■ ip addresses ■ router interfaces ■ routing tables ■ address resolution protocol (arp) ■ internet control message pro...
Page 264
264 c hapter 11: i nternet p rotocol (ip) network-layer address the network-layer address refers to a logical address that applies to a specific protocol. A network-layer address exists at layer 3 of the osi reference model. Ip addresses ip addresses are 32-bit addresses that consist of a network pa...
Page 265
Key concepts 265 network portion the location of the boundary between the network part and the host part depends on the class that the central agency assigns to your network. The three primary classes of ip addresses are a, b, and c: ■ class a address — uses 8 bits for the network part and 24 bits f...
Page 266
266 c hapter 11: i nternet p rotocol (ip) figure 44 subnet masking figure 45 shows an example of an ip address that includes network, subnet, and host parts. Suppose the ip address is 158.101.230.52 with a subnet mask of 255.255.255.0. Since this is a class b address, this address is divided as foll...
Page 267
Key concepts 267 figure 45 extending the network prefix using the class b ip address from our example (158.101.230.52), the subnet mask is 255.255.255.240. The number that includes both the class b natural network mask (255.255) and the subnet mask (255.240) is sometimes called the extended network ...
Page 268
268 c hapter 11: i nternet p rotocol (ip) variable length subnet masks (vlsms) with variable length subnet masks (vlsms), each subnet under a network can use its own subnet mask. Therefore, with vlsm, you can get more subnet space out of your assigned ip address space. How vlsms work vlsms get beyon...
Page 269
Key concepts 269 figure 46 example of route aggregation if you plan your subnet addresses carefully, you can improve your utilization of ip addresses and your routing tables will be easier to maintain. Router abc 78.1.0.0/16 78.2.0.0/16 78.3.0.0/16 . . . 78.254.0.0/16 78.0.0.0/8 78.1.1.0/24 78.1.2.0...
Page 270
270 c hapter 11: i nternet p rotocol (ip) also, with route aggregation, you can forward rip-2 updates to rip-1 routers by “rolling up” or aggregating the subnet addresses into a single advertisement. See the rip-1 versus rip-2 discussion later in this chapter. Go to http://www.3com.Com/technology/te...
Page 271
Key concepts 271 router interfaces a router interface connects the router to a subnet. If you use your system for ip routing, more than one port can connect to the same subnet. Each router interface has an ip address and a subnet mask. This router interface address defines both the number of the net...
Page 272
272 c hapter 11: i nternet p rotocol (ip) routing table with a routing table, a router or host determines how to send a packet toward its ultimate destination. The routing table contains an entry for every learned and locally defined network. The size of the routing table on your system is dynamic a...
Page 273
Key concepts 273 routing table data is updated statically or dynamically: ■ statically — you manually enter static routes in the routing table. Static routes are useful in environments where no routing protocol is used or where you want to override some of the routes that are generated with a routin...
Page 274
274 c hapter 11: i nternet p rotocol (ip) routing models: port-based and vlan-based there are two basic routing models for implementing how a bridge and a router interact within the same 3com switch. They are: ■ port-based routing (routing versus bridging) — the system first tries to route packets t...
Page 275
Routing models: port-based and vlan-based 275 role of vlans in ip routing it is important to keep in mind that, except for the out-of-band management port, there is a vlan index associated with every ip interface, whether the interface is port-based or vlan-based: ■ port-based router interface — the...
Page 276
276 c hapter 11: i nternet p rotocol (ip) port-based routing in the communications industry, layer 3 devices have traditionally employed port-based routing: routed packets over interfaces that are associated with a single physical port. Figure 49 illustrates traditional routing: 1 the packet enters ...
Page 277
Routing models: port-based and vlan-based 277 port-based routing examples in figure 50, four layer 3 switches act as the campus backbone. Because very little bridging takes place within the backbone, port-based routing actually makes operations more efficient. Figure 50 port-based routing (backbone ...
Page 278
278 c hapter 11: i nternet p rotocol (ip) in figure 51, a layer 2 switch is acting as a port aggregator for the corporate or campus vlan. Because the traffic going from the layer 2 switch to the layer2/layer 3 switch is only going to be routed, port-based routing between these two devices is more ef...
Page 279
Routing models: port-based and vlan-based 279 important considerations be aware of the following points when you use port-based routing: ■ your system can be in only allopen or allclosed vlan mode. You cannot create mixed vlan modes on the same device. ■ you can establish up to 32 ip interfaces on a...
Page 280
280 c hapter 11: i nternet p rotocol (ip) ■ you can only remove a vlan associated with a router port interface using ip interface remove . If you try to remove the vlan using bridge vlan remove , an error is returned. This protects the router port vlan from inadvertent deletion. ■ the ip interface s...
Page 281
Routing models: port-based and vlan-based 281 5 the bridging layer then selects a segment (port) based on the destination mac address and forwards the packet to that segment. Figure 52 3com vlan-based routing model benefits of vlan-based routing if your network traffic is apt to be more mixed betwee...
Page 282
282 c hapter 11: i nternet p rotocol (ip) key guidelines for implementing ip routing to route network traffic using ip, you must perform these tasks in the following order: 1 configure trunks (optional). 2 configure ip vlans (vlan-based routing). 3 establish your ip interface. 4 enable ip routing. C...
Page 283
Key guidelines for implementing ip routing 283 establish your ip interfaces to establish an ip interface, follow these steps: 1 determine your interface parameters. 2 define the ip interfaces. Interface parameters each ip routing interface has these standard characteristics: ■ ip address — an addres...
Page 284
284 c hapter 11: i nternet p rotocol (ip) ■ you must define a router interface if your system is in allclosed mode and want to forward traffic between vlans. ■ in allclosed mode, the system does not forward unicast traffic. The ip interface define (in-band) and management ip interface define (out-of...
Page 285
Key guidelines for implementing ip routing 285 enable ip routing to enable ip routing, use the ip routing command on the administration console or use the ip configuration form in the web management software. By default, ip routing is disabled on the system. You can use the routing information proto...
Page 286
286 c hapter 11: i nternet p rotocol (ip) address resolution protocol (arp) arp is a low-level protocol that locates the mac address that corresponds to a given ip address. This protocol allows a host or router to use ip addresses to make routing decisions while it uses mac addresses to forward pack...
Page 287
Address resolution protocol (arp) 287 figure 54 example of an arp request packet when devices on the network receive this packet, they examine it. If their address is not the target protocol address, they discard the packet. When a device receives the packet and confirms that its ip address matches ...
Page 288
288 c hapter 11: i nternet p rotocol (ip) important considerations keep the following things in mind about this protocol: ■ enter a static arp entry when the arp resolution does not result in an arp entry in the cache. For example, some applications do not respond to arp requests and, consequently, ...
Page 289
Arp proxy 289 however, if the router has arp proxy enabled, the router answers the request of server a with its own mac address — thus, all traffic sent to server b from server a is addressed to the corresponding ip interface on the router and forwarded appropriately. Figure 56 proxy arp with arp pr...
Page 290
290 c hapter 11: i nternet p rotocol (ip) internet control message protocol (icmp) because a router knows only about the next network hop, it is not aware of problems that may be closer to the destination. Destinations may be unreachable if: ■ hardware is temporarily out of service. ■ you specified ...
Page 291
Internet control message protocol (icmp) 291 ■ uses the router with the highest preference level as the default gateway (icmp router discovery) icmp router discovery is useful if you have multiple gateways that connect a particular subnet to outside networks. By using the preference setting, you can...
Page 292
292 c hapter 11: i nternet p rotocol (ip) icmp redirect icmp redirect adds another layer of intelligence to routing. Icmp redirect: ■ informs the sending device of the frame that there is a more efficient route to the destination. ■ routes the frame via the more efficient route. Use the administrati...
Page 293
Icmp redirect 293 ■ disable icmp redirect if you have overlapped ip interfaces on ports that are not configured to use 802.1q vlan tagging. Doing so provides better routing performance between the overlapped subnets. ■ if you have two interfaces that belong to different vlans that share a given port...
Page 294
294 c hapter 11: i nternet p rotocol (ip) icmp router discovery icmp router discovery directs a host to use the router with the highest preference level as the default gateway. Icmp does this by enabling hosts that are attached to multicast or broadcast networks to discover the ip addresses of their...
Page 295
Broadcast address 295 see the documentation for your workstation to determine whether you can configure your workstation to use this protocol. See rfc 1256 for detailed information about icmp router discovery. Broadcast address you can set a broadcast address for each defined ip interface. Your syst...
Page 296
296 c hapter 11: i nternet p rotocol (ip) routing information protocol (rip) rip is the protocol that implements routing. Rip does this by using distance vector algorithms (dvas) to calculate the route with the fewest number of hops to the destination of a route request. Each device keeps its own se...
Page 297
Routing information protocol (rip) 297 rip mode the four available settings for rip mode are as follows: ■ disabled — the system ignores all incoming rip packets and does not generate any rip packets of its own. ■ learn — the system processes all incoming rip packets, but it does not transmit rip up...
Page 298
298 c hapter 11: i nternet p rotocol (ip) poison reverse poison reverse is a rip feature that you use specifically with a scheme called split horizon. Your system enables poison reverse by default. Split horizon avoids the problems that reverse-route updates can cause. Reverse-route updates are sent...
Page 299
Routing information protocol (rip) 299 route aggregation route aggregation mode determines which route table entries are sent during a rip-2 update: ■ if route aggregation mode is enabled, rip-2 can function like rip-1 and “collapse” route table entries for all subnets of a directly connected networ...
Page 300
300 c hapter 11: i nternet p rotocol (ip) important considerations consider the following issues when you implement rip on your system: ■ use rip-2 rather than rip-1 if possible, because rip-2 uses subnet masking and the next hop field. Subnet mask advertising allows you to use vlsm. (see “variable ...
Page 301
Routing policies 301 routing policies can control the entire flow of routing information among the network, the protocols, and the routing table manager. Routing policies are often referred to as route filters because defining policies for accepting and forwarding routes is very much like defining f...
Page 302
302 c hapter 11: i nternet p rotocol (ip) figure 60 ip routing policies figure 60 shows the first level of decision-making in routing policies. Routing policies also contain two parameters that help further refine this system: metrics and administrative weight. ■ metric (cost) adjustment— specifies ...
Page 303
Routing policies 303 important considerations even though routing policies are not true routing protocols and are considered optional, they can increase network efficiency. ■ you can increase speed and security simply by limiting the number of devices from which the router receives data. ■ you can e...
Page 304
304 c hapter 11: i nternet p rotocol (ip) rip import policy conditions for specified interfaces table 42 lists the policy conditions for rip import policies. Table 42 rip import policy conditions source router route (address/mask) action description specified router specified route/mask accept accep...
Page 305
Routing policies 305 rip export policy conditions for specified interfaces table 43 lists the policy conditions for the rip export policies. Multiple matched routing policies because you can use a wildcard parameter ( all ) to specify a source or target route, there are times when several policies c...
Page 306
306 c hapter 11: i nternet p rotocol (ip) setting up rip routing policies to configure a routing policy, follow these general steps: 1 establish an export policy that controls the advertisement of routes through rip, regardless of the source from which the route is learned. 2 establish an import pol...
Page 307
Routing policies 307 creating rip routing policies to set a routing policy, you need to know the following parameters: ■ policy type — the determination whether to accept a route into the routing table (import) or advertise a route from the routing table (export) ■ source address — the routing devic...
Page 308
308 c hapter 11: i nternet p rotocol (ip) example figure 61 and table 44 show an example of how to set a rip import routing policy. Figure 61 rip routing policies example router a 130.1.0.0 rip packets from router 1 router b routes in packets: 130.1.0.0 131.1.0.0 132.1.0.0 133.1.0.0 131.1.0.0 133.1....
Page 309
Routing policies 309 table 44 lists the import policies for router b from figure 61. In this example, only routes 130.1.0.0 and 133.1.0.0 are accepted into the routing table of router b. Table 44 router b routing policies policy type source address route address route subnet mask ip interface policy...
Page 310
310 c hapter 11: i nternet p rotocol (ip) domain name system (dns) the domain name system (dns) client allows you to specify a hostname rather than an ip address when you perform various operations (for example, when you use ping or traceroute to contact an ip station). With dns, you can specify one...
Page 311
User datagram protocol (udp) helper 311 user datagram protocol (udp) helper user datagram protocol (udp) helper allows ip applications to route broadcast packets from one subnet to another part of the network. Two common uses of the udp helper feature are: ■ bootstrap protocol (bootp) bootp allows d...
Page 312
312 c hapter 11: i nternet p rotocol (ip) you have to set the following udp helper parameters: ■ udp port number — a logical address, not a port (interface) on your system. Bootp (including dhcp) uses udp port 67. ■ ip forwarding address — the ip address to which the packets are forwarded. You can h...
Page 313
Standards, protocols, and related reading 313 important considerations consider the following points when you use udp helper: ■ the maximum bootp hop count (how many steps the system uses to forward a packet through the router) is 16; the default hop count limit is 4 . Keep the hop count as low as p...
Page 314
314 c hapter 11: i nternet p rotocol (ip) you can obtain copies of rfcs from the web site of the internet engineering task force (ietf): http://www.Ietf.Org standards organizations standards organizations ensure interoperability, create reports, and recommend solutions for communications technology....
Page 315: Irtual
12 v irtual r outer r edundancy p rotocol (vrrp) the virtual routing redundancy protocol (vrrp) can prevent a loss of network operations for end hosts due to the failure of the static default ip gateway. Vrrp accomplishes this by allowing you to designate a number of other routers as backup routers ...
Page 316
316 c hapter 12: v irtual r outer r edundancy p rotocol (vrrp) vrrp overview a critical component of ip networking is the way in which hosts and routing devices find the next-hop address in a connectionless environment. There are several different ways of determining the next-hop address, but they a...
Page 317
Vrrp overview 317 static route a static route is an ip address that is user-configured and fixed. Static routes are useful if the host only needs to access a few networks; in this case, static routes actually require less overhead than dynamic routing protocols. However, in today’s networking enviro...
Page 318
318 c hapter 12: v irtual r outer r edundancy p rotocol (vrrp) figure 62 simple vrrp configuration in the example shown in figure 62, router a is the default gateway for the workstation named pc, which provides access to the wide area network (wan) and to the device named server. Assume that no rout...
Page 319
Key concepts 319 ■ virtual router master — the vrrp router that forwards packets sent to the ip addresses associated with the virtual router. Also called the master router. A virtual router is the master when: ■ you configure it (using the administration console, the web management console, or snmp)...
Page 320
320 c hapter 12: v irtual r outer r edundancy p rotocol (vrrp) after the original master again become operational, it begins again to broadcast advertisements to the other virtual routers if preempt mode is enabled. Packet forwarding responsibility then shifts back to the original master router. For...
Page 321
Key concepts 321 the parallel design in figure 63 takes advantage of the capabilities of vrrp. This design can be extended to include more routers and more subnetworks. In a more complex virtual router scheme with many backup routers, this method ensure that all routers have adequate backup in the e...
Page 322
322 c hapter 12: v irtual r outer r edundancy p rotocol (vrrp) important considerations this section provides information to be aware of when you implement vrrp: ■ the master router forwards the ip addresses that you have associated with the primary virtual router, and: ■ responds to arp requests fo...
Page 323
Implementing vrrp 323 ■ vrrp supports proxy arp; the virtual router uses the virtual router mac address in proxy arp replies. ■ vrrp supports fiber distributed data interface (fddi) and ethernet ■ consider using vrrp in conjunction with port-based routing to provide router redundancy on your campus ...
Page 324
324 c hapter 12: v irtual r outer r edundancy p rotocol (vrrp) create vlans this section identifies the vlan parameters that you must configure for both router 1 and router 2. Use bridge vlan define in the administration console or use the bridge vlan define form in the web management console to con...
Page 325
Implementing vrrp 325 configure the router protocol configure a dynamic routing protocol (rip-2 or ospf) for both router 1 and router 2. In this case, the sample configuration uses rip-2. Use the ip rip menu in the administration console or use the ip rip web management forms to configure rip on bot...
Page 326
326 c hapter 12: v irtual r outer r edundancy p rotocol (vrrp) vrrp parameters for router 2 enable vrrp you must explicitly turn virtual routing on for each virtual router in order to enable your virtual router to become an active component of vrrp on your network. Use ip vrrp mode in the administra...
Page 327
Vrrp and other networking operations 327 spanning tree protocol (stp) figure 63, earlier in this chapter, shows how you can set up vrrp parallel routers to provide total redundancy in your inter-lan operations. However, because vrrp uses mac addresses in its advertisements, this topology can represe...
Page 328
328 c hapter 12: v irtual r outer r edundancy p rotocol (vrrp) figure 65 proper use of dynamic routing protocols with vrrp igmp queries ip multicast routers use igmp to query subnetworks in order to detect host members of multicast groups. Igmp specifies a querier election process in which one route...
Page 329
Standards, protocols, and related reading 329 icmp redirect using icmp redirect in conjunction with vrrp might cause gateway access problems due to potential conflicts between actual mac addresses and the virtual mac addresses that vrrp uses. Disable icmp redirect if you are using vrrp. Quality of s...
Page 330
330 c hapter 12: v irtual r outer r edundancy p rotocol (vrrp).
Page 331: Ip M
13 ip m ulticast r outing this chapter provides conceptual information, configuration options, and implementation guidelines for ip multicast routing on your system. This chapter covers the following topics: ■ ip multicast overview ■ how a network supports ip multicast ■ key concepts ■ how igmp supp...
Page 332
332 c hapter 13: ip m ulticast r outing ip multicast overview the easiest way to begin to understand multicasting is to compare it against two other address types and their communication models. Unicast model a unicast address is designed to transmit a packet from a source to a single destination. U...
Page 333
Ip multicast overview 333 benefits of ip multicast new applications that are designed to increase productivity within and across organizations are driving the need for network infrastructures to support ip multicast. When the application content is time-sensitive or requires significant bandwidth (f...
Page 334
334 c hapter 13: ip m ulticast r outing how a network supports ip multicast to support ip multicast, the sending and receiving nodes, as well as the network infrastructure between them, must be multicast-enabled. Specifically, there must be cohesive support for ip multicast in the following componen...
Page 335
How a network supports ip multicast 335 supporting protocols in your system to communicate with other routers, your system supports the distance-vector multicast routing protocol (dvmrp) version 3.6. Dvmrp functions and configuration options are explained later in this chapter. To communicate with g...
Page 336
336 c hapter 13: ip m ulticast r outing a multicast router is required at each end of the tunnel. At each tunnel entrance, the router encapsulates the ip multicast packets in standard ip unicast packets — that is, it puts them in a format that the unicast routers can understand. When these packets r...
Page 337
How a network supports ip multicast 337 internet support for ip multicast the mbone is the internet’s experimental multicast backbone network. It is an interconnected set of internet routers, subnetworks, and tunnels that support the delivery of ip multicast traffic. The mbone was first configured i...
Page 338
338 c hapter 13: ip m ulticast r outing key concepts this section describes several terms and concepts related to ip multicast routing. Traffic movement application sources generate the majority of ip multicast packets, but group members and routers that are communicating (dvmrp and igmp messages) t...
Page 339
Key concepts 339 multicast addresses a multicast packet differs from a unicast packet by the presence of a multicast group address in the destination address field of the ip header. Ip multicast uses a class d destination address format, which has the high-order four bits set to 1-1-1-0 followed by ...
Page 340
340 c hapter 13: ip m ulticast r outing reserved mac addresses iana also controls a reserved portion of the ieee-802 mac-layer multicast address space. All addresses in this block use hexadecimal format and begin with 01-00-5e. A simple procedure maps class d addresses to this block, so that ip mult...
Page 341
How igmp supports ip multicast 341 how igmp supports ip multicast igmp provides a way for routers and switches to learn where group members exist on a network, and thus provides a critical function in the ip multicast packet delivery process. Electing the querier on each subnetwork or broadcast doma...
Page 342
342 c hapter 13: ip m ulticast r outing join message rather than wait for a query, a host can also send an igmp report on its own initiative to inform the querier that it wants to begin receiving a transmission for a specific group (perhaps by clicking a go or start button on the client interface). ...
Page 343
How dvmrp supports ip multicast 343 how dvmrp supports ip multicast dvmrp is a distance-vector routing protocol that allows routers to establish shortest-path, source-rooted, ip multicast delivery trees. While it is similar to the routing information protocol (rip), one important difference is that ...
Page 344
344 c hapter 13: ip m ulticast r outing the term spanning tree applies to any loopless graph that spans intelligent nodes. The dvmrp spanning tree structure provides only one active path to connect any two multicast routers in the network. This approach provides a logical, efficient path to reach gr...
Page 345
How dvmrp supports ip multicast 345 interface relationships the interface on which a router receives source-origin traffic for a given source-group pair is called the incoming or parent interface. Each interface over which the router forwards source-group traffic is called an outgoing or child inter...
Page 346
346 c hapter 13: ip m ulticast r outing inside the prune message is a prune lifetime, or prune timer, which is a period of time for which the prune message is valid. When the prune lifetime expires, the interface is added back into the multicast delivery tree — that is, until it generates another pr...
Page 347
Key guidelines for implementation 347 key guidelines for implementation you need to enable ip multicast routing features only if network users require access to ip multicast application traffic from local or remote sources. Configuration procedure to activate ip multicast routing and filtering capab...
Page 348
348 c hapter 13: ip m ulticast r outing 6 view the various displays, routing table and cache to see how the system is processing ip multicast traffic. See “viewing the dvmrp routing table” and “viewing the dvmrp cache” later in this chapter. 7 use the traceroute option for troubleshooting or to dete...
Page 349
Configuring igmp options 349 configuring igmp options you can enable or disable igmp snooping and querying functions, set the interface time-to-live (ttl) threshold, and obtain summary and detail displays of igmp-related information. Querying and snooping modes your system divides igmp functions int...
Page 350
350 c hapter 13: ip m ulticast r outing table 46 lists conventional numeric values and network objectives. Configuring dvmrp tunnels a dvmrp tunnel allows ip multicast packets to traverse a portion of your network infrastructure that is not multicast-aware. In your system, you can define tunnels, mo...
Page 351
Configuring dvmrp tunnels 351 ■ you must define the tunnel on both end points — that is, on both the local system and the remote system — even though you specify the address of the remote router interface in the local system. ■ dvmrp interfaces and tunnels have similar characteristics (metric and tt...
Page 352
352 c hapter 13: ip m ulticast r outing configuring dvmrp default routes you can configure a default route for ip multicast traffic on any dvmrp routing interface in the system. How default routes work if an interface is configured as a default route, it advertises source 0.0.0.0 to neighboring dvmr...
Page 353
Viewing the dvmrp routing table 353 viewing the dvmrp routing table your system records dvmrp route information in a table that you can access from the management interface. Your system learns source-based route information from neighboring dvmrp routers and also advertises routes that it learns to ...
Page 354
354 c hapter 13: ip m ulticast r outing using ip multicast traceroute you can perform an ip multicast traceroute from the system management interface. The ability to trace the path of a ip multicast group packet from a source to a particular destination is desirable for troubleshooting purposes. Unl...
Page 355
Standards, protocols, and related reading 355 important considerations ■ when using ip multicast traceroute, the system assumes that it is the destination for the source-group traffic. You cannot enter a different destination address. ■ a response packet may be returned to your system before reachin...
Page 356
356 c hapter 13: ip m ulticast r outing.
Page 357: Pen
14 o pen s hortest p ath f irst (ospf) this chapter provides guidelines and other key information about how to configure open shortest path first (ospf) on your system. This information includes: ■ ospf overview ■ key concepts ■ key guidelines for implementing ospf ■ autonomous system boundary route...
Page 358
358 c hapter 14: o pen s hortest p ath f irst (ospf) ospf overview the ospf link-state protocol dynamically responds to changes in network topology that occur within a group of networks and routers known as an autonomous system. Ospf tracks the states of links and routers in each autonomous system, ...
Page 359
Ospf overview 359 ■ ospf interfaces —an ospf interface is an ip interface that you configure to send and receive ospf traffic. When you configure an ospf interface, you define the behavior and role of the interface within the ospf routing domain. For example, router priority determines designated ro...
Page 360
360 c hapter 14: o pen s hortest p ath f irst (ospf) ■ virtual links — all areas of an ospf routing domain must connect to the backbone area. In cases where an area does not have direct, physical access to the backbone, you can configure a logical connection to the backbone, called a virtual link. V...
Page 361
Ospf overview 361 ■ ability to partition the network into more manageable areas — many autonomous systems in the internet are large and complicated to manage. Ospf allows them to be subdivided into smaller, more manageable networks or sets of contiguous networks called areas. You can think of an are...
Page 362
362 c hapter 14: o pen s hortest p ath f irst (ospf) ■ support for virtual links to noncontiguous areas — as discussed earlier, ospf can partition large autonomous systems into smaller, more manageable subdivisions, called areas. An ospf backbone is responsible for distributing routing information b...
Page 363
Key concepts 363 key concepts before you configure ospf on your system, review the following key concepts and terms discussed in these sections: ■ autonomous systems ■ areas ■ neighbors and adjacency ■ router types ■ protocol packets ■ how ospf routing works autonomous systems an autonomous system c...
Page 364
364 c hapter 14: o pen s hortest p ath f irst (ospf) router types ospf routers serve several different, often overlapping, functions: ■ internal routers — internal routers connect only to networks that belong to the same area. An internal router runs one copy of the ospf algorithm and maintains rout...
Page 365
Key concepts 365 router ids the ospf router id identifies a router to other routers within an autonomous system. Ospf uses three types of router identifiers, which take the form of an ip address: ■ default — an arbitrary id that the system generates and uses as the default router id ■ interface — th...
Page 366
366 c hapter 14: o pen s hortest p ath f irst (ospf) how ospf routing works this section summarizes how the ospf algorithm works for a router that meets these characteristics: ■ lies within an autonomous system area (an interior router) ■ is attached to a multiaccess network ■ is configured to be th...
Page 367
Key concepts 367 electing the designated router ospf selects a designated router, which originates lsas on behalf of the network segment. These advertisements list all routers (including the designated router) that are attached to the segment. The designated router also floods lsa packets throughout...
Page 368
368 c hapter 14: o pen s hortest p ath f irst (ospf) routing packets a packet’s source and destination determine the routers that move it: ■ intraarea — when a packet’s source and destination are in the same area, the packet is routed using internal router databases. No routers are used outside the ...
Page 369
Key guidelines for implementing ospf 369 key guidelines for implementing ospf consider the following guidelines when you design a scalable and dependable ospf internetwork: these parameters must be consistent across all routers the following ospf interface parameters must be consistent across all ro...
Page 370
370 c hapter 14: o pen s hortest p ath f irst (ospf) autonomous system boundary routers autonomous system boundary routers (asbrs) are the links between the ospf autonomous system and the outside network. They exchange their autonomous system topology data with boundary routers in other autonomous s...
Page 371
Autonomous system boundary routers 371 a router never becomes an asbr if: ■ all of the router’s interfaces reside in a stub area. This last rule overrides all other cases where a router can become an asbr. ■ you create ip interfaces with the ip interface option. ■ you configure rip on ip interfaces ...
Page 372
372 c hapter 14: o pen s hortest p ath f irst (ospf) areas to reduce the amount of routing information that travels through a network, and the corresponding size of the ospf routers’ topology databases, subdivide ospf autonomous systems into areas. Each area has the following configurable parameters...
Page 373
Areas 373 types of areas all routers within the same area maintain and use identical link state advertisement (lsa) databases. The network shown in figure 70 later in this chapter contains four ospf areas within autonomous system a. There are three types of ospf areas: ■ transit area — an area throu...
Page 374
374 c hapter 14: o pen s hortest p ath f irst (ospf) figure 70 sample ospf routing application segment 9 router 4 router 3 router 2 router 1 router 6 autonomous system boundary router 1 router 5 area 0 (backbone) area 1 autonomous system a area border router 2 area 2 (stub) area 3 area border router...
Page 375
Areas 375 area border routers each area (including the backbone area) includes all border routers that are connected to the area. In figure 70, for example, you define: ■ area border routers 1, 2, and 3 as being in backbone area 0 ■ area border routers 2 and 4 as being in area 1 ■ area border router...
Page 376
376 c hapter 14: o pen s hortest p ath f irst (ospf) configuring route summarization in abrs the concept of route summarization is key in implementing a stable and scalable ospf internetwork. Route summarization is the consolidating of advertised addresses by area border routers (abrs). Instead of a...
Page 377
Areas 377 ■ whenever there is a change in network topology (such as when a link is lost or comes online), routers in all affected areas must converge on the new topology. If your internetwork consists of unstable links, you can partition the as into smaller areas to minimize the number of areas that...
Page 378
378 c hapter 14: o pen s hortest p ath f irst (ospf) ■ because all routers connected to the backbone (abrs) must recompute routes whenever the topology changes for any link in the as, keeping the size of the backbone to a minimum is especially important in an autonomous system that may contain unsta...
Page 379
Default route metric 379 default route metric an ospf router always forwards an ip packet to the network that is the best match for the packet’s destination; best match means the longest or most specific match. A router that fails to find a specific match for a packet’s destination forwards the pack...
Page 380
380 c hapter 14: o pen s hortest p ath f irst (ospf) ospf interfaces you configure ospf router interfaces by adding ospf characteristics to existing ip vlan interfaces. The ospf interface has the following characteristics and statistics, which are discussed in the next sections: ■ mode ■ priority ■ ...
Page 381
Ospf interfaces 381 to configure a router to be chosen as a designated router, you must understand how the designated router is elected: ■ the routing interface that has the highest routing priority within an area is elected as the designated router using the hello protocol. ■ in case of a tie — two...
Page 382
382 c hapter 14: o pen s hortest p ath f irst (ospf) specifying cost metrics for preferred paths in ospf, the best path is the one that offers the least-cost metric. A cost is associated with each router output interface and each route as follows: ■ each output interface is assigned a default cost b...
Page 383
Ospf interfaces 383 the delay value that you specify for an interface also increases the age of all lsas that are transmitted over the interface by the same value. This setting may also affect how soon the lsa is flushed from an area router’s database. Reasons that an lsa is flushed from a router’s ...
Page 384
384 c hapter 14: o pen s hortest p ath f irst (ospf) dead interval the dead interval determines how long neighbor routers wait for a hello packet before they determine that a neighbor is inactive. Each time that a router receives a hello packet from a neighbor, the router resets the dead interval ti...
Page 385
Ospf interfaces 385 important considerations consider the following guidelines when you configure router interfaces: ■ to set the ospf interface mode to active, enable ip routing. Designated routers ■ because designated routers and backup designated routers have the most ospf work to do within an ar...
Page 386
386 c hapter 14: o pen s hortest p ath f irst (ospf) dead interval ■ the default value for the dead interval is 40 seconds. ■ set the dead interval to 4 times the value specified for the hello timer. ■ set the dead interval to the same value for all routers on the same network segment. Retransmit in...
Page 387
Link state databases 387 link state databases ospf routers use the information that is contained in the link state advertisements (lsas) to build and maintain link state databases. Each link state database contains the link state advertisements from throughout the areas to which the router is attach...
Page 388
388 c hapter 14: o pen s hortest p ath f irst (ospf) ■ link id — identifies the object to which this router link connects for each link type. Possible values: ■ if link type is ptp, then this is the neighboring router’s router id. ■ if link type is transit, then this is the address of the designated...
Page 389
Link state databases 389 summary link state advertisements area border routers can generate two types of summary link state advertisements: ■ summary link state advertisements that report the cost to a single subnetwork number outside the area. These advertisements are identified as type 3 in the li...
Page 390
390 c hapter 14: o pen s hortest p ath f irst (ospf) in addition, ospf also considers the following routes to be external routes. They are advertised using external link state advertisements: ■ the default route ■ static routes ■ routes derived from other routing protocols, such as rip ■ directly co...
Page 391
Link state databases 391 ■ network mask — the ip address mask for the advertised destination. ■ fwd address (forwarding address) — if the as boundary router is advertising a destination that can be more optimally reached by a different router on the same lan, then the advertising boundary router spe...
Page 392
392 c hapter 14: o pen s hortest p ath f irst (ospf) neighbors neighbor routers are those that are physically attached to the same network segment. The ospf hello protocol establishes adjacencies among neighboring routers to facilitate the exchange of routing information. An adjacency describes the ...
Page 393
Neighbors 393 ■ state — the state of the adjacency. You can also think of this as the state of the conversation that is held with the neighboring router. Possible neighbor state values: ■ down — the initial state of a neighbor conversation. It indicates that no recent information has been received f...
Page 394
394 c hapter 14: o pen s hortest p ath f irst (ospf) ■ rxq (retransmit queue) — the number of lsas in the local retransmit queue to the neighbor. These lsas have been flooded but not acknowledged on this adjacency. The lsas in the queue are flooded until they are acknowledged by the neighbor or unti...
Page 395
Neighbors 395 static neighbors on broadcast networks such as ethernet, the ospf hello protocol uses the broadcast capability to dynamically discover neighbors. On nonbroadcast networks, such as x.25 public data network, however, you may need to assist in neighbor discovery by statically defining nei...
Page 396
396 c hapter 14: o pen s hortest p ath f irst (ospf) router ids each router that is configured for ospf has an ospf router id. The ospf router id uniquely identifies the router to other routers within an autonomous system. The router id determines the designated router in a broadcast network if the ...
Page 397
Ospf memory partition 397 ospf memory partition there are three choices for ospf memory allocation: ■ have the system intelligently determine the maximum ospfmemory partition size (partition size = 1 ). This is the default. ■ have ospf be part of system memory, growing as needed and without limit (p...
Page 398
398 c hapter 14: o pen s hortest p ath f irst (ospf) the estimate (maxroutingtablesize) of the maximum number of routing table entries the system can hold for a given memory size is a hardcoded value. On extended memory systems this value is 51200. On systems without extended memory this value is on...
Page 399
Ospf memory partition 399 manual memory allocation you can manually control the ospf current partition maximum size. You can enter any value between 4096 and the maximum memory available on your system, as shown in the ip ospf partition modify command prompt. You can also use manual memory allocatio...
Page 400
400 c hapter 14: o pen s hortest p ath f irst (ospf) stub default metrics generally, a stub area is a network that is connected to an ospf routing domain by a single area border router (abr). External link state advertisements are not advertised into stub areas. Instead, the abr injects a type 3 sum...
Page 401
Virtual links 401 virtual links the backbone area (0.0.0.0) must link to all areas. If any areas are disconnected from the backbone, some areas of the autonomous system (as) become unreachable. In the rare case that it is impossible to physically connect an area to the backbone, you can use a virtua...
Page 402
402 c hapter 14: o pen s hortest p ath f irst (ospf) in figure 71, area 0.0.0.1 cannot be physically connected to the backbone area. Instead, connectivity to the backbone is achieved using a virtual link, configured between router a and router b. Area 0.0.0.2 is the transit area, and router b is the...
Page 403
Ospf routing policies 403 ospf routing policies routing policies are rules that define criteria to control the flow of routes to and from the routing table. Your system supports two types of ospf routing policies: import policies that dictate which routes are added to the routing table and export po...
Page 404
404 c hapter 14: o pen s hortest p ath f irst (ospf) important considerations consider the following guidelines when you work with ospf routing policies: ■ you can only apply ospf policies against external routes. External routes refer to routes that are advertised over the network using external li...
Page 405
Ospf routing policies 405 ■ you can set up an ip rip or ospf import or export policy to accept or advertise the default route, as long as the default route exists in the routing table. When you define a policy, you are always prompted for the route subnet mask after the route address, even though yo...
Page 406
406 c hapter 14: o pen s hortest p ath f irst (ospf) figure 72 illustrates the import policy process. Figure 72 import policy process information that you define for an import policy includes: ■ the route or routes to which you want the policy to apply, specified by a network address and subnet mask...
Page 407
Ospf routing policies 407 ■ for routes that are accepted into the routing table as defined by the policy, you can define a new cost metric value for the route, or you can adjust the existing cost metric using one of these operators: ■ + adds the specified number to the existing cost metric ■ - subtr...
Page 408
408 c hapter 14: o pen s hortest p ath f irst (ospf) import example 1: accept route the policy defined in table 48 imports route 243.140.28.0 into the routing table and assigns a cost of 10 to the route. Import example 2: reject route the policy defined in table 49 prohibits the router from adding r...
Page 409
Ospf routing policies 409 when you define an export policy, you can configure the router to accept or reject routes. An accept export policy configures the router to place the specified route in external link state advertisements for propagation over the network. The routes are advertised with the c...
Page 410
410 c hapter 14: o pen s hortest p ath f irst (ospf) ■ when you specify rip or static as the origin protocol, you can specify the source address of the router that originated the rip or static route. For example, you can define an export policy to reject (that is, not advertise) all statically defin...
Page 411
Ospf routing policies 411 export policies for rip and static routes table 50 shows the export policies that can be applied to rip and statically defined routes. Table 50 ospf export policies for rip and static routes origin protocol source router route policy action metric adjustment external metric...
Page 412
412 c hapter 14: o pen s hortest p ath f irst (ospf) export policies for direct interfaces table 51 shows the possible export policies that can be applied to directly connected router interfaces. Export example 1: prohibit advertisement of non-ospf interfaces the policy defined in table 52 prohibits...
Page 413
Ospf routing policies 413 export example 2: prohibit advertisement of static address the policy defined in table 53 prohibits a router from advertising any static route originating from router 131.141.127.7. Although the router can learn all static routes that originate from router 131.141.127.7, th...
Page 414
414 c hapter 14: o pen s hortest p ath f irst (ospf) export example 4: advertisement of direct interfaces the policy defined in table 55 configures a router to advertise direct interface 8 as a type 2 external metric with a cost increase of 2. Suppose a routing table entry exists for interface 8 tha...
Page 415
Ospf routing policies 415 export example 6: advertisement of rip routes the policy defined in table 57 configures an autonomous system boundary router to advertise all routes that are imported from a rip network as type 2 external metrics with associated costs of 10. Table 57 export policy to accept...
Page 416
416 c hapter 14: o pen s hortest p ath f irst (ospf) ospf statistics from the administration console and the web management interface, you can display general statistics for specific ospf interfaces. These statistics provide valuable information useful in troubleshooting network and system issues. F...
Page 417
Standards, protocols, and related reading 417 standards, protocols, and related reading ospf as implemented on this system is described in the following internet engineering task force (ietf) request for comment (rfc) documents: ■ rfc 1583, moy, j., ospf version 2, march 1994. ■ rfc 1850, baker, f.,...
Page 418
418 c hapter 14: o pen s hortest p ath f irst (ospf).
Page 419: Ipx R
15 ipx r outing this chapter provides an overview, key concepts, guidelines, and other key information about using the internet packet exchange (ipx) protocol to route packets to and from your system. ■ ipx routing overview ■ key concepts ■ key guidelines for implementation ■ ipx interfaces ■ ipx ro...
Page 420
420 c hapter 15: ipx r outing figure 74 shows the relationship of the ipx protocol to the open system interconnection (osi) reference model. Figure 74 ipx protocol in the osi reference model features using the ipx protocol to route packets, you can create and support: ■ ipx interfaces. ■ ipx routes ...
Page 421
Key concepts 421 key concepts this section explains how ipx routing works and provides a glossary of ipx routing terms. How ipx routing works to route packets using the ipx protocol, take these general steps: 1 define an ipx routing interface. 2 decide which ipx routing and server options you want t...
Page 422
422 c hapter 15: ipx r outing ipx packet format an ipx packet consists of a 30-byte header followed by packet data. The packet header contains network, node, and socket addresses for both the destination and the source. Figure 75 shows the ipx packet format. Figure 75 ipx packet format the ipx packe...
Page 423
Key concepts 423 ■ destination node — a 6-byte field that contains the physical address of the destination node. ■ destination socket — a 2-byte field that contains the socket address of the packet’s destination process. ■ source network — a 4-byte field that contains the source node network number....
Page 424
424 c hapter 15: ipx r outing ipx packet delivery successful packet delivery depends both on proper addressing and on the network configuration. The packet’s media access control (mac) protocol header and ipx header address handle packet addressing. The sending node must have the destination’s compl...
Page 425
Key concepts 425 sending node’s responsibility when sending and destination nodes have the same network number, the sending node addresses and sends packets directly to the destination node. If sending and destination nodes have different network numbers, as in figure 76, the sending node must find ...
Page 426
426 c hapter 15: ipx r outing ■ places its own node address in the source address field of the packet’s mac header ■ increments the transport control field in the ipx header and sends the packet to the next router terminology review the following ipx routing terms that are used extensively throughou...
Page 427
Key guidelines for implementation 427 key guidelines for implementation consider the guidelines in this section when you configure your system for ipx routing. Procedural guidelines complete the following steps to set up ipx routing on your system: 1 set up your vlan interfaces. 2 define the ipx int...
Page 428
428 c hapter 15: ipx r outing ipx interfaces an ipx interface has the following information associated with it: ■ ipx network address — you must set this 4-byte address. Make each address unique within the network. ■ cost — a number between 1 and 65534 that the system uses to calculate route tiks. A...
Page 429
Ipx interfaces 429 ■ before you define the ipx (routing) interface, you must define a vlan and select ipx, ipx-ii, ipx-802.2, ipx-802.2 llc, or ipx-802.3-snap as the protocol to be supported by the vlan. See chapter 9. ■ unless your network has special requirements, such as the need for redundant pa...
Page 430
430 c hapter 15: ipx r outing ipx routes your system maintains a table of routes to other ipx networks. You can: ■ use rip mode to exchange routing information dynamically. ■ use the administration console to make static entries in the table. Important considerations consider the following guideline...
Page 431
Ipx routes 431 ■ if an interface goes down, routes are temporarily removed from the routing table until the interface comes back up. ■ static routes take precedence over dynamically learned routes to the same destination. You can have a maximum of 32 static routes. ■ when you use the ipx route remov...
Page 432
432 c hapter 15: ipx r outing rip operates with active and passive network devices: ■ active devices — usually routers, they broadcast their rip messages to all devices in a network; they update their own routing tables when they receive a rip message. ■ passive devices — usually hosts, they listen ...
Page 433
Ipx routes 433 figure 77 shows an example of a typical routing information table. Figure 77 sample routing table the routing information table is updated statically or dynamically. Selecting the best route large networks contain many possible routes to each destination. A router performs the followi...
Page 434
434 c hapter 15: ipx r outing ipx servers your system creates and maintains a server information table that lists all the servers that reside on other ipx networks. You can: ■ use sap to exchange server information dynamically. ■ make static entries in the server table. Important considerations cons...
Page 435
Ipx servers 435 primary and secondary servers you can set up both primary and secondary servers in the server table. You can set up secondary servers to serve as a backup to the primary server set up on the same ipx server. To set up secondary servers on your system, see the ipx chapter in the comma...
Page 436
436 c hapter 15: ipx r outing sap aging router sap agents use a special aging mechanism to deal with a sap agent that goes down suddenly without sending a down broadcast. A hardware failure, power interruption, or power surge can cause this situation. Each sap agent maintains a timer for each entry ...
Page 437
Ipx forwarding 437 this table contains the following data: ■ interface — the interface from which server information is received ■ server name — the name of the server ■ server type — the type of service the server provides ■ network address — the address of the network that contains the server ■ no...
Page 438
438 c hapter 15: ipx r outing ipx rip mode you can exchange routing information on a netware network using the ipx rip mode option. This option selects the ipx rip mode that is appropriate for your network and selects the routers that use rip mode to create and maintain their dynamic routing tables....
Page 439
Ipx rip mode 439 rip policies each router maintains a table of current routing information (the routing table). The routing protocols receive or advertise routes from the network. Rip policies control the flow of routing information among the network, the protocols, and the routing table manager. Ro...
Page 440
440 c hapter 15: ipx r outing rip policy parameters these parameters define sap policies: ■ policy type — import (apply the policy to received services) or export (apply the policy to advertised services). ■ route origin — the origin of the route for this policy if it is an export policy: static, ri...
Page 441
Ipx sap mode 441 ipx sap mode ipx sap provides routers and servers that contain sap mode agents with a means of exchanging network service information. Through sap, servers advertise their services and addresses. Routers gather this information and share it with other routers. With this process, rou...
Page 442
442 c hapter 15: ipx r outing sap import polices each time that the router receives an advertised service, it compares the service to the import polices to decide whether to add the service to the service table or drop it. If the router accepts the service, the router adds it to the service table. T...
Page 443
Ipx statistics 443 ■ node address — the 6-byte mac address of the router that can forward packets to the network. ■ interfaces — one or more ip interface index numbers associated with this policy. ■ action — whether this router accepts or rejects a service that matches the policy. ■ weight — the met...
Page 444
444 c hapter 15: ipx r outing standards, protocols, and related reading the following standards and protocols apply when you use ipx to route packets on your system: ■ ieee 802.2 ■ ieee 802.2 llc ■ ieee 802.3 ■ ieee 802.3-raw ■ ieee 802.3-snap ■ internet packet exchange (ipx) — rfc 1234, rfc 1552 ■ ...
Page 445: Pple
16 a pple t alk this chapter provides guidelines, limitations, and other key information about routing with appletalk technology. This information includes: ■ appletalk overview ■ key concepts ■ key implementation guidelines ■ appletalk interfaces ■ appletalk routes ■ appletalk address resolution pr...
Page 446
446 c hapter 16: a pple t alk appletalk transport and application services operate over a best-effort delivery datagram protocol (ddp). The appletalk data steam protocol (adsp) ensures reliable transmission of appletalk information. Your system supports appletalk version 2, which runs the appletalk ...
Page 447
Appletalk overview 447 ■ checksum error detection — appletalk uses checksums to detect errors in data transmissions. Your system allows you to enable or disable checksum generation and verification. See “checksum error detection” later in this chapter for more information. ■ appletalk echo protocol ...
Page 448
448 c hapter 16: a pple t alk key concepts before configuring appletalk, review the following key concepts and terms discussed in these sections: ■ appletalk protocols ■ appletalk network elements ■ terminology appletalk protocols appletalk protocols ensure the flow of information through appletalk ...
Page 449
Key concepts 449 the appletalk six-layer protocol suite does not fully comply with the osi seven-layer model. However, appletalk provides many of the functions and services of osi. Appletalk has no specific protocols for the application layer because the lower levels provide printer and file service...
Page 450
450 c hapter 16: a pple t alk transport layer protocols the transport layer and the session layer provide end-to-end services in the appletalk network. These services ensure that routers transmit data accurately between one another. Each layer includes four protocols that work together to support th...
Page 451
Key concepts 451 a router uses these items to determine the best path along which to forward a data packet to its destination. The routing table contains an entry for each network that a router’s datagram can reach within 15 hops. The table is aged at set intervals as follows: 1 after a specified pe...
Page 452
452 c hapter 16: a pple t alk table 58 routing table for router 24 in figure 80 you view the appletalk routing tables in your network through the administration console. Appletalk echo protocol (aep) appletalk nodes use the aep to send datagrams to other nodes in the network. The aep datagram transm...
Page 453
Key concepts 453 appletalk data stream protocol (adsp) the adsp works with the atp to ensure reliable data transmission. Unlike atp, however, adsp provides full-duplex byte-stream delivery. Therefore, two nodes can communicate simultaneously. Asdp also includes flow control, so that a fast sender do...
Page 454
454 c hapter 16: a pple t alk appletalk network elements an appletalk network consists of different nodes and groups of networks. Nodes can include workstations, routers, printers, and servers that provide services for other computers, called clients. This section describes the elements of an applet...
Page 455
Key concepts 455 named entities when a device on the network provides a service for other users, you can give the device a name. The name appears on the chooser menu of the macintosh with an associated icon. For example, the chooser of the macintosh can include a printer icon. When the user selects ...
Page 456
456 c hapter 16: a pple t alk ■ phase 1 network — also known as a nonextended network, appletalk networks that contain a single network number (such as network 2). Phase 1 networks do not allow two nodes on a single network segment to belong to different zones. ■ phase 2 network — also known as an e...
Page 457
Key implementation guidelines 457 key implementation guidelines consider the following guidelines when designing a dependable and scalable appletalk network: ■ all appletalk routers on the same network segment must have the same configuration. This means all seed routers must be configured with matc...
Page 458
458 c hapter 16: a pple t alk appletalk interfaces on the corebuilder 3500, an appletalk interface defines the relationship between a virtual lan (vlan) and an appletalk network. An appletalk interface has these elements associated with it: ■ seed interface — you can configure the interface to be a ...
Page 459
Appletalk interfaces 459 important considerations before configuring appletalk interfaces, review the following guidelines and considerations: ■ your system can support up to 32 appletalk interfaces. ■ each seed interface supports up to 16 zones. ■ your system supports a maximum of 1 appletalk inter...
Page 460
460 c hapter 16: a pple t alk appletalk routes your system maintains a table of local and remote routes to all reachable appletalk networks. The routing table maintenance protocol (rtmp) automatically generates the routing table. Rtmp defines rules for: ■ information contained within each routing ta...
Page 461
Appletalk routes 461 ■ when a router receives an rtmp packet that contains a routing entry currently not in it’s table, the router adds the entry to its routing table, and increments the route’s distance (hop count) by 1. ■ when a network is removed from the rtmp table (whether manually, or though t...
Page 462
462 c hapter 16: a pple t alk appletalk address resolution protocol (aarp) cache the appletalk address resolution protocol (aarp) maps the hardware address of an appletalk node to an appletalk protocol address. Aarp maps for both extended and nonextended networks. Your system uses appletalk address ...
Page 463
Appletalk address resolution protocol (aarp) cache 463 aarp also registers a node’s dynamically assigned address on the network, as follows: ■ aarp randomly assigns an address. ■ to determine whether another node is already using the address, the system broadcasts aarp probe packets containing the a...
Page 464
464 c hapter 16: a pple t alk appletalk zones an appletalk zone is a logical collection of nodes on an appletalk intranet. A zone can include all nodes in a single network or a collection of nodes in different networks. You assign a unique name to each zone to identify it in the intranet. Figure 81 ...
Page 465
Appletalk zones 465 appletalk routers use the zone information protocol (zip) to map network numbers to zones. Each appletalk router maintains a zone information table (zit), which lists the zone-to-network mapping information. Creating zones within a network reduces the amount of searching that a r...
Page 466
466 c hapter 16: a pple t alk changing zone names when you change the zone information for a network, all routers on the segment must update their zone information tables with the new information. Although no appletalk mechanism forces routers to update zone lists, you can successfully change the zo...
Page 467
Appletalk zones 467 to change the associated zones for a network segment without changing the segment’s network range: 1 for any seed interfaces on the segment, use the appletalk interface modify command to enter the new zone list for the existing network range. When prompted, enter the number of mi...
Page 468
468 c hapter 16: a pple t alk forwarding appletalk traffic you can choose to enable or disable appletalk forwarding on your system. Enabling forwarding when you enable appletalk forwarding, you enable the forwarding of datagram delivery protocol (ddp) packets. Because appletalk uses this network lay...
Page 469
Checksum error detection 469 checksum error detection you can enable or disable checksum generation and verification. The appletalk protocol uses checksums to detect errors in data transmissions. A checksum totals all data bytes and adds the sum to the checksum field of the data packet. The receivin...
Page 470
470 c hapter 16: a pple t alk appletalk statistics you can view statistics for the following appletalk protocols: ■ datagram delivery protocol ■ routing table maintenance protocol ■ zone information protocol ■ name binding protocol datagram delivery protocol appletalk extends the normal node-to-node...
Page 471
Appletalk statistics 471 ■ inshortddps — number of input ddp datagrams that were dropped because the system was not their final destination and their type was short ddp ■ intoofars — number of input datagrams that were dropped because the system was not their final destination and their hop count wo...
Page 472
472 c hapter 16: a pple t alk ■ routeeqchgs — number of times that rtmp changed the next internet router in a routing entry because the hop count advertised in a routing table was equal to the current hop count for a particular network ■ routelesschgs — number of times that rtmp changed the next int...
Page 473
Appletalk statistics 473 ■ outaddrinvs — number of times that this system had to broadcast a zip getnetinfo reply because the getnetinfo request had an invalid address ■ outexreplies — number of zip extended replies sent ■ outgnireplies — number of zip getnetinfo reply packets sent out of this port ...
Page 474
474 c hapter 16: a pple t alk standards, protocols, and related reading for more information about appletalk technology, see the following publications: ■ gursharan s. Sidhu, richard f. Andrews, and alan b. Oppenheimer, inside appletalk, second addition (addison-wesley publishing company, 1990). ■ r...
Page 475: and
17 q o s and rsvp this chapter provides guidelines and other key information about how to use quality of service (qos) and the resource reservation protocol (rsvp) on your system. ■ qos overview ■ key concepts ■ key guidelines for implementation ■ qos classifiers ■ qos controls ■ examples of classif...
Page 476
476 c hapter 17: q o s and rsvp qos overview quality of service (qos) is an advanced feature that allows you to establish control over network traffic. Qos provides policy-based services, which establish various grades of network service to accommodate different types of traffic, such as multimedia,...
Page 477
Qos overview 477 ■ improve performance for specific types of traffic and preserve performance as the volume of traffic grows. ■ reduce the need to constantly add bandwidth to the network. ■ manage network congestion. Methods of using qos your system’s implementation of qos focuses on traffic classif...
Page 478
478 c hapter 17: q o s and rsvp key concepts before configuring qos, review the following standards and terms. Related standards and protocols the system supports ieee 802.1q, ieee 802.1p, and the rsvp protocol. Ieee 802.1p this standard, which is part of the ieee 802.1d mac bridges base standard, f...
Page 479
Key concepts 479 the resource reservation protocol (rsvp) this connection-oriented ip protocol handles bandwidth reservation. The request for comments document rfc 2205 describes the details of rsvp. Rsvp aims to meet the demands of real-time voice and video applications by using a qos flow specific...
Page 480
480 c hapter 17: q o s and rsvp ■ controls — define the following parameters to assign rate limits and priorities to the packets that are associated with one or more classifiers: ■ rate limit — limits the amount of input bandwidth used by incoming classified traffic (optionally, on a per-port basis)...
Page 481
Key concepts 481 ■ timer option — the qos timer option lets you configure a qos session to take effect during a predefined time period by setting the start and end times for the specific control. ■ ieee 802.1q priority tag — when you define a control for a classifier, you can select an ieee 802.1p p...
Page 482
482 c hapter 17: q o s and rsvp key guidelines for implementation consider the following guidelines when you configure qos on your system. Procedural guidelines configure classifiers and controls in the following order: 1 define a classifier, or choose a predefined classifier. Identify a particular ...
Page 483
Qos classifiers 483 qos classifiers you define classifiers to distinguish certain types of traffic from other types of traffic. A classifier tells the system how to identify a certain type of traffic; after defining a classifier, you must apply a control to the classifier. Important considerations r...
Page 484
484 c hapter 17: q o s and rsvp figure 82 predefined classifiers and associated controls assigning flow and nonflow classifier numbers each classifier requires a unique number in the range 1 to 498. When you define a classifier, the first information you supply is the classifier number. The number y...
Page 485
Qos classifiers 485 the classifier number indicates precedence. The classifier with the lowest number takes precedence if a packet meets the criteria for more than one classifier. For example, you might use two classifiers as follows: ■ you define a flow classifier with classifier number 6 that reco...
Page 486
486 c hapter 17: q o s and rsvp flow classifier information you supply the following information when defining a flow classifier: ■ a classifier number in the range 1 to 399 (20 and 23 are predefined) ■ a classifier name (a unique name of up to 32 characters long) ■ a cast type (unicast, multicast, ...
Page 487
Qos classifiers 487 for the source or destination ip address mask, you specify how many parts of the ip address you want to match. Place a 255 in each portion of the mask that you want the software to recognize; place a 0 in any portion of the mask that you want the software to ignore. The following...
Page 488
488 c hapter 17: q o s and rsvp defining nonflow classifiers nonflow classifiers enable you to classify bridged or routed frames according to protocol, cast type, and/or ieee 802.1p priority tag values. You can define up to 16 nonflow classifiers per system. The system predefines 16 nonflow classifi...
Page 489
Qos controls 489 qos controls after you define a classifier, you assign it a control to apply one or more of the following: ■ a rate limit (to limit the amount of input bandwidth the classifier uses) ■ a service level for conforming packets (a transmit priority that maps to a particular transmit que...
Page 490
490 c hapter 17: q o s and rsvp assigning control numbers each control must have a unique control number. When you define a control, the system provides the next-available control number, but you can specify any unreserved control number. The system supports control numbers in the range 1 to 50 and ...
Page 491
Qos controls 491 ■ for the rate limit type receiveport or aggregate, the following: ■ service level for nonconforming excess (packets exceeding the rate limit) ■ whether nonconforming excess are loss eligible. The default is yes. ■ how the rate limit is expressed (percentage of port bandwidth or kby...
Page 492
492 c hapter 17: q o s and rsvp specifying rate limits a rate limit restricts the amount of input bandwidth used by incoming classified traffic (optionally, on a per-port basis). When you define a control, you can specify one of three rate limits: ■ none — no rate limit ■ receiveport — imposes a sep...
Page 493
Qos controls 493 after specifying how the rate limit is expressed, you can specify a burst size. The burst size is the maximum amount of data that you can transmit at the line rate before the transmission is policed. This value accommodates variations in speeds and allows you to occasionally exceed ...
Page 494
494 c hapter 17: q o s and rsvp specifying tcp drop control the tcp drop control option lets you create a control for packets used to establish tcp connections. This control affects qos flow classifiers that have tcp traffic going from “source” ip addresses to “destination” ip addresses. Tcp drop co...
Page 495
Qos controls 495 this next example illustrates how tcp one-way-filtering can be effective. Figure 85 shows the same situation, but with tcp drop control enabled to filter only those packets with the syn=1 and ack=0 signature. Figure 85 qos control action (drop control enabled) in this example, any a...
Page 496
496 c hapter 17: q o s and rsvp ■ days of the week use the following syntax: 1-7 (monday=1, tuesday=2, wednesday=3, thursday=4, friday=5, saturday=6, sunday=7). For example, to enter monday as the day of the week, you would type: 1 ■ you can check the timer control options using the “qos control det...
Page 497
Examples of classifiers and controls 497 examples of classifiers and controls the following six examples show different ways to implement flow and nonflow classifiers and their associated controls. Example 1: traffic to and from a specific server in the first example, a flow classifier is defined wi...
Page 498
498 c hapter 17: q o s and rsvp udp source port range (end) 65535 udp destination port range (start) 2020 udp destination port range (end) 2020 add another filter (address/port pattern)? Y source ip address 168.101.0.0 source ip address mask 255.255.0.0 destination ip address 168.101.162.151 destina...
Page 499
Examples of classifiers and controls 499 the control definition for the to/from classifier: example 2: filtering traffic to a destination in the following example, a classifier is defined to block access to the accounting network 192.1.0.0 (which includes subnets 192.1.1.0 and 192.1.2.0) from the re...
Page 500
500 c hapter 17: q o s and rsvp classifier definition for filtering traffic to a specific destination: the control definition for this filtering classifier: classifier field classifier definition classifier number 26 classifier name ipfilter1 cast type all ip protocol type all source ip address 168....
Page 501
Examples of classifiers and controls 501 example 3: using two classifiers to filter traffic in the following example, two flow classifiers (1 and 3) are defined with controls to filter ip traffic. Classifier 1 permits ip traffic between two hosts (192.20.3.3. And 193.20.3.3), while classifier 3 drop...
Page 502
502 c hapter 17: q o s and rsvp first classifier definition for filtering traffic to/from a specific destination: the control definition for the first filtering classifier: classifier field classifier definition classifier number 1 classifier name 192.20.3.3_to_193.20.3.3 cast type all ip protocol t...
Page 503
Examples of classifiers and controls 503 second classifier definition for filtering traffic to/from a specific destination: the control definition for the second filtering classifier: classifier field classifier definition classifier number 3 classifier name 192.20.3.3_to_all cast type all ip protoc...
Page 504
504 c hapter 17: q o s and rsvp example 4: assigning high priority to specific traffic in the following example, a classifier is defined to give high priority to web server (http) traffic. In this configuration, all web servers have addresses that end in .222 . This example could apply to any type o...
Page 505
Examples of classifiers and controls 505 add another filter (address/port pattern)? Y source ip address 0.0.0.0 source ip address mask 0.0.0.0 destination ip address 0.0.0.222 destination ip address mask 0.0.0.255 udp source port range (start) 80 udp source port range (end) 80 udp destination port r...
Page 506
506 c hapter 17: q o s and rsvp the control definition for this classifier is as follows: example 5: nonflow multimedia tagged traffic in this example, a nonflow classifier is defined to classify bridged multimedia traffic with an ieee 802.1p priority tag of 5 and control this traffic with a high pr...
Page 507
Examples of classifiers and controls 507 nonflow classifier definition for multimedia traffic with priority tagging: the control definition for this classifier is as follows: classifier field classifier definition classifier number 405 classifier name interactive multimedia cast type all (unicast, m...
Page 508
508 c hapter 17: q o s and rsvp example 6: bridged nonflow ip unicast traffic in this example, a nonflow classifier is defined to classify ip unicast traffic between clients and the server on the 168.101.0.0 network. The applied control handles this bridged traffic with a high priority transmit serv...
Page 509
Examples of classifiers and controls 509 nonflow classifier definition for bridged ip unicast traffic: the control definition for this classifier is as follows: classifier field classifier definition classifier number 430 classifier name ip_unicast cast type unicast (u) protocol type ip ieee 802.1q ...
Page 510
510 c hapter 17: q o s and rsvp modifying and removing classifiers and controls you can modify or remove a previously defined classifier or control. When modifying or removing a classifier, you specify the classifier number; when modifying removing a control, you specify the control number. You may ...
Page 511
Qos excess tagging 511 qos excess tagging your system enables you to tag nonconforming excess (packets that exceed the rate-limit criteria) with a special ieee 802.1p tag value. This refers to any packets marked as excess that you want to tag. By default, excess tagging is disabled. You can use your...
Page 512
512 c hapter 17: q o s and rsvp figure 92 qos excess tagging classifier definition for qos excess tagging: server downstream system 169.10.20.30 upstream system conforming (1 mbyte) excess (500 kbytes) conforming excess with tag of 2 classifier field classifier definition classifier number 25 classi...
Page 513
Transmit queues and qos bandwidth 513 the accompanying control definition: transmit queues and qos bandwidth qos uses four transmit queues: ■ control queue — the transmit queue for reserved network control traffic, such as rip or ospf updates, as well as rsvp data flows. This queue is always service...
Page 514
514 c hapter 17: q o s and rsvp when you modify the qos bandwidth, you specify the percentage of bandwidth used for the high priority transmit queue on the output link. You can specify a value in the range 0 to 100. The value you specify determines the ratio of high priority to best effort traffic, ...
Page 515
Ldap 515 operation when an ldap client connects to the ldap server and polls it for information, the server responds with an answer and downloads any changes if necessary. Ldap directory services can save you a tremendous amount of time by making it easy to update qos parameters from a single source...
Page 516
516 c hapter 17: q o s and rsvp figure 93 updating qos parameters from the ldap server rsvp the resource reservation protocol (rsvp) is an ip service that prevents real-time traffic such as voice or video from overwhelming bandwidth resources. In general, rsvp supports qos ip flow specifications by ...
Page 517
Rsvp 517 to use rsvp, you must be routing. (rsvp operates at layer 3 for ip-based data flows.) endstations in the configuration must support rsvp in order to request the reservation of bandwidth through the network. By default, rsvp is disabled on the system. If you decide to use rsvp, it is recomme...
Page 518
518 c hapter 17: q o s and rsvp ■ policing options — ensure that an rsvp session uses only as much bandwidth as it requested. The policing options mandate when to drop nonconforming excess packets. You configure the system to observe one of three policing options: ■ edge — causes nonconforming exces...
Page 519
Rsvp 519 figure 94 sample rsvp configuration source station end stations routers.
Page 520
520 c hapter 17: q o s and rsvp setting rsvp parameters if you enable rsvp, you specify the following information: ■ the maximum total reservable bandwidth ■ the maximum per-reservation bandwidth ■ the policing option (edge, always, or never, with edge as the default) ■ the service level for excess/...
Page 521: Evice
18 d evice m onitoring this chapter provides descriptions and key operational information about device monitoring features and tools of your corebuilder ® 3500 system. The chapter covers these topics. ■ device monitoring overview ■ key concepts and tools ■ event logging ■ baselining ■ roving analysi...
Page 522
522 c hapter 18: d evice m onitoring device monitoring overview you can use the device monitoring features and tools described in this chapter to analyze your network periodically and to identify potential network problems before they become serious. To identify potential problems in your network, u...
Page 523
Key concepts and tools 523 network management platform the network management platform allows you to view the health of your overall network. With the platform, you can understand the logical configuration of your network and configure views of your network to understand how devices work together an...
Page 524
524 c hapter 18: d evice m onitoring event logging the event log messages display real-time information about the state of the system, a specific service, or both, and can help you diagnose site-specific problems. The event log captures several types of log messages from various services (applicatio...
Page 525
Baselining 525 baselining normally, statistics for macs and ports start to compile when you turn the system on. Baselining allows you to view statistics compiled over the period of time since a baseline was set. By viewing statistics relative to a baseline, you can more easily evaluate recent activi...
Page 526
526 c hapter 18: d evice m onitoring roving analysis roving analysis is the mirroring of fast ethernet, gigabit ethernet, or fiber distributed data interface (fddi) port traffic to another port of the same media type. This second port has an external rmon-1/rmon-2 probe or analyzer attached such as ...
Page 527
Roving analysis 527 key guidelines for implementation to enable the monitoring of ports on a system, follow these general steps: 1 add the port on which you want to attach the network analyzer. 2 start roving analysis. A select the port that you want to monitor. B enter the analyzer port’s mac addre...
Page 528
528 c hapter 18: d evice m onitoring ■ if the physical port configuration changes in the system (that is, if you remove or rearrange modules), the mac address of the analyzer port remains fixed. If the module with the analyzer port is replaced with a different media type module, the rap configuratio...
Page 529
Roving analysis 529 the rmon groups that require samples of traffic from the asics will not work because they do not receive any traffic data when a port is defined as a monitor port. The system is capable of doing either roving analysis or traffic sampling, but not both at the same time. ■ the moni...
Page 530
530 c hapter 18: d evice m onitoring ping the ping feature is a useful tool for network testing, performance measurement, and management. It uses the internet control message protocol (icmp) echo facility to send icmp echo request packets to the ip destination that you specify. See chapter 11 for mo...
Page 531
Ping 531 strategies for using ping follow these strategies for using ping: ■ ping devices when your network is operating normally so that you have a performance baseline for comparison. ■ ping by ip address when: ■ you want to test devices on different subnetworks. This method allows you to ping you...
Page 532
532 c hapter 18: d evice m onitoring traceroute use the traceroute feature to track the route of an ip packet through the network. Traceroute information includes all of the nodes in the network through which a packet passes to get from its origin to its destination. The traceroute feature uses the ...
Page 533
Snmp 533 snmp simple network management protocol (snmp), one of the most widely used management protocols, allows management communication between network devices and your management workstation across tcp/ip internets. See chapter 2 to review where snmp fits in the open system interconnection (osi)...
Page 534
534 c hapter 18: d evice m onitoring ip address assignment for the manager and agent to be able to communicate with one another you need to assign ip addresses as follows: ■ assign an ip address to either the system processor out-of-band ethernet port or an in-band ethernet port, depending on where ...
Page 535
Snmp 535 trap reporting traps are events that devices generate to indicate status changes. Every agent supports some trap reporting. You must configure trap reporting at the devices so that these events are reported to your management station to be used by the network management platforms (such as h...
Page 536
536 c hapter 18: d evice m onitoring 15 smt hold condition 3c fddi mib fddi smt state either in holding-prm or holding-sec. 16 smp peer wrap condition 3c fddi mib fddi smt connection does not connect to an m-port under das mode. 17 mac duplicate address condition 3c fddi mib a status that there are ...
Page 537
Snmp 537 to minimize snmp traffic on your network, you can implement trap-based polling. Trap-based polling allows the management station to start polling only when it receives certain traps. Your management applications must support trap-based polling for you to take advantage of this feature. 33 v...
Page 538
538 c hapter 18: d evice m onitoring security snmp uses community strings as a form of management security. To enable management communication, the manager must use the same community strings that are configured on the agent. You can define both read and read/write community strings. Because communi...
Page 539
Snmp 539 displaying community strings you can display the current snmp community strings that are assigned. Configuring community strings a community string is an octet string, included in each snmp message, that controls access to system information. The system snmp agents internally maintain two c...
Page 540
540 c hapter 18: d evice m onitoring ■ removing trap destinations — when you remove a destination, no snmp traps are reported to that destination. ■ flushing all snmp trap destinations — when you flush the snmp trap reporting destinations, you remove all trap destination address information for the ...
Page 541
Remote monitoring (rmon) 541 remote monitoring (rmon) this section provides information about remote monitoring (rmon) and the rmon-1 and rmon-2 management information base (mib) groups implemented in your system. The following topics are included. ■ overview of rmon ■ rmon benefits ■ 3com transcend...
Page 542
542 c hapter 18: d evice m onitoring overview of rmon rmon provides a way to monitor and analyze a local area network (lan) from a remote location. The internet engineering task force (ietf) defines rmon-1 (rmon version 1) in documents rfc 1271 and rfc 1757; rfc 2021 defines the extension of rmon-1,...
Page 543
Remote monitoring (rmon) 543 rmon benefits from a network management console, traditional network management applications poll network devices such as switches, bridges, and routers at regular intervals. The console gathers statistics, identifies trends, and highlights network events. The console po...
Page 544
544 c hapter 18: d evice m onitoring rmon in your system your system supports rmon as follows: ■ rmon-1 support — the system software offers full-time embedded rmon support using snmp for seven rmon-1 groups. (rmon-1 defines 10 groups.) ■ fddi extensions — the system software offers full support for...
Page 545
Remote monitoring (rmon) 545 3com transcend rmon agents rmon requires one probe per lan segment. Because a segment is a portion of the lan that is separated by a bridge or router, the cost of implementing many probes in a large network can be high. To solve this problem, 3com has built an inexpensiv...
Page 546
546 c hapter 18: d evice m onitoring important considerations ■ to manage rmon, you must assign an ip address to the system. See chapter 11 for information about managing ip interfaces. ■ the system will always keep rmon statistics (group 1) data on all ports. ■ the system will keep rmon-1 history (...
Page 547
Remote monitoring (rmon) 547 rmon-1 groups the system supports seven of the rmon-1 groups that the ietf defines. Table 64 briefly describes these groups. The system also supports the rmon/fddi extension groups that the axon enterprise-specific mib specifies. See table 65. Statistics and axfddistatis...
Page 548
548 c hapter 18: d evice m onitoring ■ number of received broadcast packets ■ number of received multicast packets ■ number of received packets with crc or alignment errors ■ number of received packets that are undersized but otherwise well-formed ■ number of received packets that are oversized but ...
Page 549
Remote monitoring (rmon) 549 ■ number of received packets that are undersized but otherwise well-formed ■ number of received packets that are oversized but otherwise well-formed ■ number of received undersized packets with either a crc or an alignment error ■ number of detected transmit collisions ■...
Page 550
550 c hapter 18: d evice m onitoring an alarm calculates the difference in counter values over a set time interval and remembers the high and low values. When the value of a counter exceeds a preset threshold, the alarm reports this occurrence. Using transcend network control services or any other s...
Page 551
Remote monitoring (rmon) 551 rmon hysteresis mechanism the rmon hysteresis mechanism prevents small fluctuations in counter values from causing alarms. Alarms occur only when either: ■ the counter value exceeds the high threshold after previously falling below the low threshold. (an alarm does not o...
Page 552
552 c hapter 18: d evice m onitoring matrix group the matrix group records the following statistics about conversations between sets of addresses: ■ number of packets transmitted from the source address to the destination address ■ number of octets, excluding errors, transmitted from the source addr...
Page 553
Remote monitoring (rmon) 553 protocol directory group the protocoldir group provides information about the protocols that a particular rmon probe has or can interpret. It provides a common method of storing information about the protocols and makes it easier for a manager to monitor traffic above th...
Page 554
554 c hapter 18: d evice m onitoring protocol distribution group the protocoldist group tracks how many octets and packets the supported protocols have sent. It features two tables, a protocol distribution control table that manages the collection of the statistics for the supported protocols, and a...
Page 555
Remote monitoring (rmon) 555 network-layer matrix group the nlmatrix group gathers statistics about pairs of hosts based on network-layer address. (the rmon-1 matrix group gathers statistics based on mac address.) this group features two control tables and three data tables. One control table and it...
Page 556
556 c hapter 18: d evice m onitoring management information base (mib) this section provides information on the management information base (mib). A mib is a structured set of data that describes the way that the network is functioning. The management software, known as the agent, gains access to th...
Page 557
Management information base (mib) 557 ■ if-mib-v1smi.Mib — interface mib, smi version 1, rfc 1573 unsupported tables in this mib: ■ iftesttable ■ ifrcvaddresstable ■ ifhc 64-bit counters ■ mib2-mib.Mib — mib-ii mib, rfc 1213 unsupported groups and tables in this mib: ■ egp group ■ ospf-mib.Mib — osp...
Page 558
558 c hapter 18: d evice m onitoring ■ rmon2-mib-v1smi.Mib — rmon v2, smi version 1 mib, rfc 2021 ■ protocoldir (rmonv2) ■ protocoldist (rmonv2) ■ addressmap (rmonv2) ■ nlhost (rmonv2) ■ nlmatrix (rmonv2) ■ alhost (rmonv2) ■ almatrix (rmonv2) ■ probecapabilities object of probeconfig group (rmonv2) ...
Page 559
Management information base (mib) 559 mib objects the data in the mib consists of objects that represent features of the equipment that an agent can control and manage. Examples of objects in the mib include a port that you can enable or disable and a counter that you can read. A counter is a common...
Page 560
560 c hapter 18: d evice m onitoring mib tree the mib tree is a structure that groups mib objects in a hierarchy and uses an abstract syntax notation (asn.1) to define manageable objects. Each item on the tree is assigned a number (shown in parentheses after each item), which creates the path to obj...
Page 561
Management information base (mib) 561 figure 99 mib tree showing key mibs root iso(1) ccit(0) joint(2) standard(0) reg-authority(1) member-body(2) indent-org(3) dod(6) internet(1) directory(1) mgmt(2) experimental(3) private(4) mib(1) system(1) interfaces(2) at(3) ip(4) icmp(5) tcp(6) udp(7) egp(8) ...
Page 562
562 c hapter 18: d evice m onitoring mib-ii mib-ii defines various groups of manageable objects that contain device statistics as well as information about the device, device status, and the number and status of interfaces. The mib-ii data is collected from network devices using snmp. As collected, ...
Page 563
Management information base (mib) 563 rmon-1 mib rmon-1 is a mib that enables the collection of data about the network itself, rather than about devices on the network. The ietf definition for the rmon-1 mib specifies several groups of information. These groups are described in table 69. Table 69 rm...
Page 564
564 c hapter 18: d evice m onitoring rmon-2 mib rmon-1 and rmon-2 are complementary mibs. The rmon-2 mib extends the capability of the original rmon-1 mib to include protocols above the mac level. Because network-layer protocols (such as ip) are included, a probe can monitor traffic through routers ...
Page 565
Management information base (mib) 565 3com enterprise mibs 3com enterprise mibs allow you to manage unique and advanced functionality of 3com devices. These mibs are shipped with your system on the software and documentation cd-rom. Figure 99 shows some of the 3com enterprise mib names and numbers. ...
Page 566
566 c hapter 18: d evice m onitoring.
Page 567: Echnical
A t echnical s upport 3com provides easy access to technical support information through a variety of services. This appendix describes these services. Information contained in this appendix is correct at time of publication. For the most recent information, 3com recommends that you access the 3com ...
Page 568
568 a ppendix a: t echnical s upport 3com ftp site download drivers, patches, software, and mibs across the internet from the 3com public ftp site. This service is available 24 hours a day, 7 days a week. To connect to the 3com ftp site, enter the following information into your ftp client: ■ hostna...
Page 569
Support from your network supplier 569 access by digital modem isdn users can dial in to the 3com bbs using a digital modem for fast access up to 64 kbps. To access the 3com bbs using isdn, call the following number: 1 847 262 6000 3com facts automated fax service the 3com facts automated fax servic...
Page 570
570 a ppendix a: t echnical s upport when you contact 3com for assistance, have the following information ready: ■ product model name, part number, and serial number ■ a list of system hardware and software, including revision levels ■ diagnostic error messages ■ details about recent configuration c...
Page 571
Returning products for repair 571 returning products for repair before you send a product directly to 3com for repair, you must first obtain an authorization number. Products sent to 3com without authorization numbers will be returned to the sender unopened, at the sender’s expense. To obtain an aut...
Page 572
572 a ppendix a: t echnical s upport.
Page 573: Ndex
I ndex numbers 3com bulletin board service (3com bbs) 568 3com enterprise mibs 565 3com facts 569 3com knowledgebase web services 567 499 (default classifier) 484 802.1p standard 478 priority tags 478 802.1q tagging 159, 348 a aarp (appletalk address resolution protocol) 456, 462 accept opcode 232, ...
Page 574
574 i ndex hop count 456 interface address 458 interface states 458 interfaces 459, 460 elements of 458 key guidelines for configuring 457 management information base ii 474 name binding (nbp) 452 network devices 459 network layer 449 network ranges 458, 460 networks 454 node number assignment 459 n...
Page 575
I ndex 575 spanning tree bridge priority, setting 134 forward delay, setting 135 hello time, setting 134 maximum age, setting 134 bridge ports associating with vlans 176 in port-based vlans 178 in protocol-based vlans 186, 192 stp enabling 136 path cost, setting 136 port priority, setting 136 bridgi...
Page 576
576 i ndex convergence, ospf 377 cost spanning tree settings 136 cost, ospf 381 creating vlans via gvrp 182 csma/cd (carrier sense multiple access with collision detection) 84 custom packet filters 214 d das pairs and port numbering 61, 65 das (dual attached station) 109 data centers 78 data link la...
Page 577
I ndex 577 ethernet 85 aggregated links 73 collision 84 configurations 73 csma/cd 84 definition 72 fast ethernet 72 frames, processing 76 gigabit ethernet 72 gigabit interface converter (gbic) 85 guidelines 73 link aggregation 73 media specifications 85 modules and port numbering 60 network capacity...
Page 578
578 i ndex filtering for vlans 198 ip multicast 331, 336 qos 501 fixed filter style, rsvp 517 flooding 198 exception 200 samples of 200 flow classifiers defining 485 definition of 479 ip and vlan requirements 485 range of numbers 484 routing requirements 485, 488 specifying addresses and masks 487 s...
Page 579
I ndex 579 igmp default setting 349 host membership reports 341 query mode 349 snooping mode 349 ignore stp mode 161, 167, 170, 173 sample configuration 173 implementing sntp 56 import policies 300 in-band ip management interface 271 in-band management 37, 40 independent vlan learning (ivl) 169 inde...
Page 580
580 i ndex ip routing address classes 265 administering 285 defining static routes 285 features and benefits 262 osi reference model 261 router interface 271 routing table 272, 273 transmission process 261 types of routes 285 ipx rip policies 439 sap policies 441 ipx protocols for vlans 187 ipx rout...
Page 581
I ndex 581 metrics, ospf 388 external type 1 390 external type 2 390 mib (management information base) fddi 98 rmon 542, 556 mib browser viewing the tree 560 mib-ii objects 562 mibs 568 enterprise 565 example of oid 560 in snmp management 534 mib-ii 562 rmon 563 rmon-2 564 tree representation 561 tr...
Page 582
582 i ndex nodes appletalk 454 fddi 94 types 95 nonconforming excess packets definition 480 nonextended network numbers 454 nonflow classifiers defining 488 definition of 479 range of numbers 484 setting priorities 488 nonoverlapped vlans port-based 178, 181 protocol-based 186, 189, 192 nonseed rout...
Page 583
I ndex 583 mode 380 neighbors 359, 365, 366, 367, 369, 383, 384, 392 and adjacencies 363 static 395 viewing information 392 network link advertisements 388 packets database description 365 hello 365 hello 366, 395 password 369, 384, 386 path trees, shortest 367 priority 380, 385 protocol packets 365...
Page 584
584 i ndex pap (printer access protocols) 453 password, ospf 369, 384, 386 passwords community strings 538 path cost defined 136 pcmcia flash memory card 52 phase 1 networks, appletalk 456 connecting to 457 phase 2 networks, appletalk 456 phy standard defined 89 physical layer, appletalk 449 physica...
Page 585
I ndex 585 priority, ospf 385 probe, rmon 542 probeconfig group, rmon v2 555 procedures for establishing routing between vlans 190 qos 482 protocol packets, ospf 365 protocol suites for vlans 162, 186, 187 unspecified 176, 178 protocol types flow classifier 486 nonflow classifier 488 protocol-based ...
Page 586
586 i ndex restore 47 restoring nvdata 54 restrictions qos 482 qos control 489 retransmit interval, ospf 386 returning products for repair 571 reverse path multicasting (rpm) broadcasting 345 grafting 346 pruning 346 ring of trees 92 rip (routing information protocol) 358 advertisement address 298 c...
Page 587
I ndex 587 overview 258 sample vlan configuration 191 system 281 to different autonomous systems 368 to stub area, ospf 368 routing information protocol (rip) 358 routing policies adding routes to the routing table 301 advertising routes to other routers 301 defined 300 routing policies, ospf 360, 4...
Page 588
588 i ndex smt (station management) 89 leralarm value 107 lercutoff value 108 smtproxytraps (snmp) 540 snapshot 46 snmp 37 access 43 accessing external applications 34 agent defined 533, 538 working with snmp manager 538 community strings defined 538 values 539 defined 533 displaying configurations ...
Page 589
I ndex 589 subnetworking defined 265 ethernet switching 259 subnet mask 265 summary link state advertisements, ospf 389 swapping modules 68 switched traffic and nonflow classifiers 479 switches, bandwidth to 73, 78 system access methods 38 access overview 31 system console security 49 system id mism...
Page 590
590 i ndex trunks anchor port 145 and default vlan 177 and port numbering 61 benefits of 144 capacity 148 configuring before establishing ip interfaces 282 configuring before vlans 168 defining 150 effects of module removals 66 effects of module replacements 68, 70 ethernet 73 explained 144 fast eth...
Page 591
I ndex 591 origin 160, 182 overview 156 port-based 175 protocol-based 186 removing 206 routing between 168, 189 selecting modes 169 statistics 207 supported protocol suites 187 terms 161 trunks and 168 vids 160, 182 vlsms (variable length subnet masks) 268 vrrp (virtual router redundancy protocol) 3...
Page 592
592 i ndex.