3Com 2200 - Manual

8 A DMINISTERING FDDI R ESOURCES Administering FDDI Stations 8-1 Displaying Station Information 8-2Setting the Connection Policies 8-3Setting Neighbor Notification Timer 8-5Enabling and Disabling Status Reporting 8-5 Administering FDDI Paths 8-6 Displaying Path Information 8-6Setting tvxLowerBound 8...

Loading Packet Filters 12-22Assigning Packet Filters to Ports 12-22Unassigning Packet Filters from Ports 12-24 13 C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS Using Groups in Packet Filters 13-1Listing Groups 13-2Displaying Groups 13-3Creating New Groups 13-4Deleting Groups 13...

B T ECHNICAL S UPPORT Online Technical Services B-1 3Com Bulletin Board Service B-1 Access by Modem B-1Access by ISDN B-2 World Wide Web Site B-23ComForum on CompuServe® B-23ComFactsSM Automated Fax Service B-3 Support from Your Network Supplier B-3Support from 3Com B-4Returning Products for Repair ...

A BOUT T HIS G UIDE Introduction The SuperStack™ II Switch 2200 Administration Console User Guide provides all the information you need to configure and manage your Switch 2200 once it is installed and the system is attached to the network. Prior to using this guide, you should have already installe...

2 A BOUT T HIS G UIDE How to Use This Guide This guide is organized by types of tasks you may need to perform on the Switch 2200. The parts of the guide are described in Table 1. Table 1 Description of Guide Parts Part Contents I: Introduction Introducing Switch 2200 administration Learning about th...

Conventions 3 Conventions Table 2 and Table 3 list icon and text conventions that are used throughout this guide. IV: Bridging Configuring bridge and bridge port parameters Administering the Spanning Tree Protocol bridge and bridge port parameters Displaying and configuring bridge port addresses Cre...

4 A BOUT T HIS G UIDE Switch 2200 Documentation The following documents comprise the Switch 2200 documentation set. If you want to order a document that you do not have or order additional documents, contact your sales representative for assistance. ■ SuperStack™ II Switch 2200 Unpacking Instruction...

Documentation Comments 5 ■ SuperStack™ II Switch 2200 Getting Started Describes all the procedures necessary for planning your configuration and for installing, cabling, powering up, and troubleshooting your Switch 2200 system. (Shipped with system/Part No. 801-00309-000) ■ SuperStack™ II Switch 220...

I Chapter 1 Overview of SuperStack™ II Switch 2200 Administration Chapter 2 How to Use the Administration Console I NTRODUCTION

1 S UPER S TACK ™ II S WITCH 2200 A DMINISTRATION O VERVIEW This chapter introduces you to SuperStack™ II Switch 2200 administration and briefly describes the system parameters that you can configure. About Switch 2200 Administration The Switch 2200 software is installed at the factory in flash memo...

1-2 C HAPTER 1: S UPER S TACK ™ II S WITCH 2200 A DMINISTRATION O VERVIEW Table 1-1 General System Commands Task Quick Command For Details, See. . . Run a script of commands to set up a system Write a script of Console commands with the values you assign so that you can quickly configure one or more...

Configuration Tasks 1-3 Save, restore, or reset nonvolatile data in the system Provide a backup for nonvolatile data, restore nonvolatile data to the system, or reset nonvolatile data to defaults. system nvData page 6-2 Reboot the system Restart the system. Disconnects rlogin and telnet sessions. sy...

1-4 C HAPTER 1: S UPER S TACK ™ II S WITCH 2200 A DMINISTRATION O VERVIEW Configure SNMP management Display current SNMP configurations and specify the type of authorization for SNMP management. snmp displaysnmp community page 3-15 Configure SNMP trap reporting Display SNMP trap reporting informatio...

Configuration Tasks 1-5 Configure Spanning Tree Protocol (STP) parameters for a bridge Enable or disable STP and set the bridge priority, the maximum age of stored configuration message information, the period between the generation of messages by a root bridge, the amount of time a bridge spends in...

1-6 C HAPTER 1: S UPER S TACK ™ II S WITCH 2200 A DMINISTRATION O VERVIEW Table 1-4 Ethernet Commands Task Quick Command For Details, See. . . Display Ethernet port information Display label, status, and statistic information on Ethernet ports in a summarized or detailed format. ethernet summaryethe...

Configuration Tasks 1-7 Table 1-5 FDDI Commands Task Quick Command For Details, See. . . Display FDDI information Display information about the system’s FDDI station, paths, MAC, and ports. MAC information is available in a summarized or detailed format. fddi station displayfddi path displayfddi mac...

2 H OW TO U SE THE A DMINISTRATION C ONSOLE This chapter familiarizes you with user access levels of the Superstack™ II Switch 2200 Administration Console and explains how to: ■ Move around within the menu hierarchy to perform tasks ■ Set up the interface parameters ■ Access online help ■ Use script...

2-2 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE Each time you access the Administration Console, the system prompts you for an access level and password, as shown here: Select access level (read, write, administer): Password: The passwords are stored in nonvolatile (NV ) memory. You must e...

Using Menus to Perform Tasks 2-3 Read Access Example If you have read access, the system menu contains only the display options shown here: Menu options: ------------------------------------------------------------------ display - Display the system configuration baseline - Administer statistics bas...

2-4 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE Administration Console Menu Structure The following sections show the menu paths for performing tasks from the top-level menu and provide a brief description of each top-level menu option. See “Selecting Menu Options” on page 2-8 for instruct...

Using Menus to Perform Tasks 2-5 FDDI Menu From the fddi menu, you can view information about and configure the FDDI station, paths, MAC, and ports. (See Figure 2-3.) For example, to enable the LLC service of the FDDI MAC, you enter fddi at the top-level menu, mac at the fddi menu, and then llcServi...

2-6 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE Figure 2-4 Bridging Menu Hierarchy for Administer Access IP Menu From the ip menu, you can view information about and configure Internet Protocol (IP) interfaces and routes. You can also administer the Address Resolution Protocol (ARP) and th...

Using Menus to Perform Tasks 2-7 SNMP Menu From the snmp menu, you can configure SNMP community strings and trap reporting. (See Figure 2-6.) For example, to flush all trap reporting destinations, you enter snmp at the top-level menu, trap at the snmp menu, and then flush at the trap menu. Figure 2-...

2-8 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE Selecting Menu Options You select a menu option at the selection prompt by entering its name (or enough of the name to uniquely identify it within the particular menu). For example, to access the system menu from the top-level menu, you enter...

Using Menus to Perform Tasks 2-9 If you enter a command incorrectly, you receive a prompt telling you that what you entered was not valid or was ambiguous. You must re-enter the command from the point at which it became incorrect. Entering Values When you reach the level at which you perform a speci...

2-10 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE Administration Console Interface Parameters You can change two Administration Console interface parameters: the screen height and the functioning of the reboot and abort control keys. Adjusting the Screen Height You can change the Administra...

Remote Access Parameters 2-11 Example: Do you want this to be the new default screen height? (y/n): y Disabling the Reboot and Abort Keys As shipped, the Administration Console allows you to use the [Ctrl + X] or [Ctrl + C] key combinations within the Administration Console. These key strokes allow ...

2-12 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE To ensure that your Administration Console session will not be pre-empted by remote access, you can lock the Administration Console. Remote access is prohibited only for that particular session. The Administration Console is always locked wh...

Running Scripts of Administration Console Tasks 2-13 Setting Timeout Interval for Remote Sessions You can set the timeout interval for remote sessions to any value from 30 minutes to 60 minutes. By default, the timeout interval is 30 minutes. To set the telnet timeout interval: 1 From the top level ...

2-16 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE Getting Help in the Administration Console If you need assistance when using the Administration Console, it has online Help and an outlining feature, both of which can be accessed from any menu level. These features are described in this sec...

Exiting the Administration Console 2-17 Exiting the Administration Console If you are using an rlogin session to access the system, exiting will terminate the session. If you are accessing the system through the Console serial port, exiting returns you to the password prompt. To exit from the Admini...

II Chapter 3 Configuring Management Access to the System Chapter 4 Administering Your System Environment Chapter 5 Baselining Statistics Chapter 6 Saving, Restoring, and Resetting Nonvolatile Data S YSTEM -L EVEL F UNCTIONS

3-2 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM In-band or Out-of-band? By default, the Switch 2200 system provides in-band management through its Ethernet and FDDI ports. In-band management, management using the same network that carries regular data traffic, is often the most conve...

Setting Up an IP Interface for Management 3-3 Setting Up an IP Interface for Management IP is a standard networking protocol used for communications among various networking devices. To access the system using TCP/IP or to manage the system using SNMP, you must set up IP for your system as described...

3-4 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM ■ Broadcast Address The system uses the IP address when it broadcasts packets to other stations on the same subnet. In particular, the system uses this address for sending RIP updates. By default, the system uses a directed broadcast (a...

Setting Up an IP Interface for Management 3-5 IP forwarding is enabled, RIP is active, ICMP router discovery is disabled. Index IP address Subnet mask Cost Ports 1 158.101.1.1 255.255.255.0 1 1 2 158.101.4.1 255.255.255.0 1 2 3 158.101.6.1 255.255.255.0 1 5 4 158.101.8.1 255.255.255.0 1 8 Defining a...

3-6 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM 3 Enter the subnet mask of the network to which the interface is to be connected. 4 Enter the broadcast address to be used on the interface. 5 Enter the cost value of the interface. 6 Enter the port(s) that you want to include in the in...

Setting Up an IP Interface for Management 3-7 Removing an Interface You might want to remove an interface if you no longer need to communicate with IP on the ports associated with that interface. To remove an IP interface definition: 1 From the top level of the Administration Console, enter: ip inte...

3-8 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM ■ Gateway IP Address This address tells the router how to forward packets whose destination address matches the route’s IP address and subnet mask. The system forwards such packets to the indicated gateway. ■ Status The status of the ro...

Setting Up an IP Interface for Management 3-9 Defining a Static Route You might want to define a static route to transmit system traffic, such as system pings or SNMP response, through a consistent route. Before you define static routes, you must define at least one IP interface. (See “Defining an I...

3-10 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM Flushing a Route Flushing deletes all learned routes from the routing table. To flush all learned routes, enter the following from the top level of the Administration Console: ip route flush All learned routes are immediately deleted f...

Setting Up an IP Interface for Management 3-11 Administering the ARP Cache The Switch 2200 uses the Address Resolution Protocol (ARP) to find the MAC addresses corresponding to the IP addresses of hosts and routers on the same subnets. An ARP cache is a table of known IP addresses and their correspo...

3-12 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM Flushing ARP Cache Entries You might want to delete all entries from the ARP cache if the MAC address has changed. To remove all entries from the ARP cache, enter the following command from the top level of the Administration Console: ...

Setting Up an IP Interface for Management 3-13 Pinging uses the Internet Control Message Protocol (ICMP) echo facility to send an ICMP echo request packet to the IP station you specify. It then waits for an ICMP echo reply packet. Possible responses from pinging are: ■ Alive ■ No answer ■ Network is...

3-14 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM Displaying IP Statistics The IP statistics you can view are described in Table 3-3. To display IP statistics, enter the following from the top level of the Administration Console: ip statistics Statistics are displayed, as shown in thi...

Setting Up SNMP on Your System 3-15 Setting Up SNMP on Your System To manage the Switch 2200 from an external management application, you must configure SNMP community strings and set up trap reporting as described in this section. You can manage the Switch 2200 using an SNMP-based external manageme...

3-16 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM in the request matches the agent’s read-write community. Only the SNMP get and get-next requests are valid if the community string in the request matches the read-only community. Community string length When you set a community string,...

Setting Up SNMP on Your System 3-17 Here is an example display of the SNMP trap reporting information: Trap Descriptions: Trap #Description 1 MIB II: Coldstart 2 MIB II: Authentication Failure 3 Bridge MIB: New Root 4 Bridge MIB: Topology Change 5 LANplex Systems MIB: System Overtemperature 10 LANpl...

3-18 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM 3 Enter the trap number(s). Separate a series of more than two trap numbers with a hyphen (-) and nonsequential trap numbers by commas. Enter all if you want to enable all the traps for the destination. The trap numbers you enter allow...

Setting Up SNMP on Your System 3-19 Flushing Trap Destinations When flushing the SNMP trap reporting destinations, you remove all trap destination address information for the SNMP agent. To flush all SNMP trap reporting destinations: 1 From the top level of the Administration Console, enter: snmp tr...

3-20 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM occurring locally on the one Switch 2200 and to those reported by other stations on the FDDI ring (including other Switch 2200s). ■ Enable local SNMP traps and disable the proxying of remote SMT events on every Switch 2200 in your netw...

4 A DMINISTERING Y OUR S YSTEM E NVIRONMENT This chapter focuses on the administration of your SuperStack™ II Switch 2200 system environment, which involves: ■ Displaying the current system configuration ■ Setting system passwords ■ Setting the system name ■ Changing the system date and time ■ Reboo...

4-2 C HAPTER 4: A DMINISTERING Y OUR S YSTEM E NVIRONMENT ■ System temperature has exceeded the maximum level for normal operation ■ Fan failure ■ Power supply failure Setting Passwords The Administration Console supports three levels of password: one for browsing or viewing only (read), one for con...

Setting the System Name 4-3 The administration console password has been successfully changed. 6 Repeat steps 1 through 5 for each level of password you want to configure. Setting the System Name You should give the Switch 2200 an easily recognizable and unique name to help you manage the system. Fo...

4-4 C HAPTER 4: A DMINISTERING Y OUR S YSTEM E NVIRONMENT 4 Press [Return] when you want the system to start keeping the time that you entered. Example: Enter the new system time (mm/dd/yy hh:mm:ss xM): 09/30/96 10:00:00 AM Press RETURN at the exact time: Rebooting the System If your system is conne...

5 B ASELINING S TATISTICS This chapter describes how baselining statistics work in the SuperStack™ II Switch 2200, and how to set, display, enable, or disable a baseline statistic. About Setting Baselines Normally, statistics for MACs and ports start compiling at system power-up. Baselining allows y...

5-2 C HAPTER 5: B ASELINING S TATISTICS Setting Baselines Setting a baseline resets the counters to zero. The accumulated totals since power up are maintained by the system. The baseline is time-stamped. To set a baseline, enter the following commands from the top level of the Administration Console...

6-2 C HAPTER 6: S AVING , R ESTORING , AND R ESETTING N ONVOLATILE D ATA Saving NV Data When NV data is saved, it is written to a disk file on a host computer. The information can then be retrieved from the disk file when you use the restore command. To save NV data: 1 From the top level of the Admi...

Restoring NV Data 6-3 The failure message varies depending on the problem encountered while saving the NV data. At the end of the save, you are returned to the previous menu. Restoring NV Data When you restore system NV data, the software presents you with a proposal for how to restore the data. Thi...

6-4 C HAPTER 6: S AVING , R ESTORING , AND R ESETTING N ONVOLATILE D ATA To restore the NV data: 1 From the top level of the Administration Console, enter: system nvData restore You are prompted for information for restoring the NV data saved to a file. Press [Return] at a prompt to use the value sp...

Examining a Saved NV Data File 6-5 Examining a Saved NV Data File After saving NV data to a file, you can examine the header information of that file. To examine the file: 1 From the top level of the Administration Console, enter: system nvData examine You are prompted for information for examining ...

6-6 C HAPTER 6: S AVING , R ESTORING , AND R ESETTING N ONVOLATILE D ATA Resetting NV Data to Defaults At times you may not want to restore the system NV data. Instead, you may want to reset the values to the factory defaults so that you can start configuring the system from the original settings. C...

III Chapter 7 Administering Ethernet Ports Chapter 8 Administering FDDI Resources Chapter 9 Setting Up the System for Roving Analysis E THERNET AND FDDI P ARAMETERS

7 A DMINISTERING E THERNET P ORTS This chapter describes how to: ■ View Ethernet port information ■ Configure Ethernet port labels ■ Enable or disable an Ethernet port Displaying Ethernet Port Information You can display either a summary of Ethernet port information or a detailed report. When you di...

Displaying Ethernet Port Information 7-3 An example of a summary display for Ethernet ports is shown here: Table 7-1 describes the information provided about an Ethernet port. port portLabel portState 1 Office113_SPARCstation5 on-line 12 Office322_Quadra900 on-line port rxFrames txFrames rxBytes txB...

7-6 C HAPTER 7: A DMINISTERING E THERNET P ORTS Frame Processing and Ethernet Statistics All frames on the Ethernet network are received promiscuously by an Ethernet port. However, frames may be discarded for the following reasons: ■ There is no buffer space available. ■ The frame is in error. Figur...

Displaying Ethernet Port Information 7-7 Frames are delivered to an Ethernet port by bridge and management applications. However, a frame may be discarded for the following reasons: ■ The Ethernet port is disabled. ■ There is no room on the transmit queue. ■ An error occurred during frame transmissi...

7-8 C HAPTER 7: A DMINISTERING E THERNET P ORTS Labeling a Port Port labels serve as useful reference points and as an accurate means of identifying your ports for management. You may want to label your Ethernet ports so that you can easily identify the device specifically attached to each port (for...

8 A DMINISTERING FDDI R ESOURCES This chapter describes how to display information about and configure the SuperStack™ II Switch 2200 system and its: ■ FDDI station ■ FDDI paths ■ Media Access Control (MAC) ■ FDDI ports This chapter, which covers advanced FDDI topics, is intended for users familiar ...

8-2 C HAPTER 8: A DMINISTERING FDDI R ESOURCES Displaying Station Information When you display FDDI station information, you receive information about the station, including its configuration, status reporting, and the most pertinent statistics about general station activity and errors. 1 Enter the ...

Administering FDDI Stations 8-3 Setting the Connection Policies The connectPolicy attribute is a bit string representing the connection policies in effect on a station. A connection’s type is defined by the types of the two ports involved (A, B, M, or S) in the connection. You can set the correspond...

8-4 C HAPTER 8: A DMINISTERING FDDI R ESOURCES To set the connection policies of an FDDI station: 1 From the top level of the Administration Console, enter: fddi station connectPolicy You are prompted for a station. The Switch 2200 has one station, which appears in brackets. 2 Press Return. 3 Enter ...

Administering FDDI Stations 8-5 Setting Neighbor Notification Timer The T-notify attribute is a timer used in the Neighbor Notification protocol to indicate the interval of time between the generation of Neighbor Information Frames (NIF). NIF frames allow stations to discover their upstream and down...

8-6 C HAPTER 8: A DMINISTERING FDDI R ESOURCES 2 Press [Return]. 3 Enter the new statusReporting value ( enabled or disabled ). See the following example: Select station [1]: Station 1 - Enter new value (disabled,enabled) [enabled]: disabled Administering FDDI Paths FDDI’s dual, counter-rotating rin...

Administering FDDI Paths 8-7 3 Enter the path ( p = primary, s = secondary). See the following example of path information: Table 8-3 describes these statistics. Setting tvxLowerBound The tvxLowerBound attribute specifies the minimum time value of fddiMAC TvxValue that will be used by any MAC that i...

8-8 C HAPTER 8: A DMINISTERING FDDI R ESOURCES To set tvxLowerBound: 1 From the top level of the Administration Console, enter: fddi path tvxLowerBound You are prompted for a station, path, and value. The Switch 2200 has one station, which appears in brackets. 2 Press [Return]. 3 Enter the path ( p ...

Administering FDDI MACs 8-9 Setting maxT-Req The maxT-Req attribute specifies the maximum time value of fddiMACT-Req that will be used by any MAC that is configured onto this path. T-Req is the value that a MAC bids during the claim process to determine a ring’s operational token rotation time, T_Op...

8-10 C HAPTER 8: A DMINISTERING FDDI R ESOURCES Displaying MAC Information FDDI MAC information can be viewed in a summary or in detail. When you display a summary of various FDDI MAC statistics, you receive information about the MAC, including received and transmitted frames and received and transm...

8-12 C HAPTER 8: A DMINISTERING FDDI R ESOURCES Table 8-4 describes the information provided for the FDDI MAC. Table 8-4 Description of Fields for FDDI MAC Attributes Field Description currentPath Path on which this MAC is currently located (primary or secondary) downstream MAC address of this MAC’s...

Administering FDDI MACs 8-15 ■ LLC service is disabled. ■ This is an NSA Frame and the A-bit is set. Figure 8-1 shows the order in which these discard tests are made. Figure 8-1 How Frame Processing Affects FDDI MAC Receive Frame Statistics Frames are delivered to an FDDI MAC by bridges and manageme...

8-16 C HAPTER 8: A DMINISTERING FDDI R ESOURCES Figure 8-2 shows the order in which the discard tests are made. Figure 8-2 How Frame Processing Affects FDDI MAC Transmit Frame Statistics Setting the Frame Error Threshold The FrameErrorThreshold attribute determines when a MAC condition report is gen...

Administering FDDI MACs 8-17 See the following example: Select MAC [1]: MAC 1 - Enter new value [655]: Setting the Not Copied Threshold The NotCopiedThreshold attribute determines when a MAC condition report is generated because too many frames could not be copied. Not-copied frames occur when there...

8-18 C HAPTER 8: A DMINISTERING FDDI R ESOURCES Enabling and Disabling LLC Service The Logical Link Control (LLC) service allows LLC frames to be sent and received on the MAC. LLC frames are all data frames transmitted on the network. If there is something wrong on your network, you may want to turn...

Administering FDDI Ports 8-19 Administering FDDI Ports Within an FDDI station, the PHY and PMD entities make up a port. A port (consisting of the PHY/PMD pair that connects to the fiber media) is located at both ends of a physical connection and determines the characteristics of that connection. Eac...

8-20 C HAPTER 8: A DMINISTERING FDDI R ESOURCES Table 8-5 describes the type of information provided for an FDDI port. Setting lerAlarm The lerAlarm attribute is the link error rate (LER) value at which a link connection generates an alarm. If the LER value is greater than the alarm setting, then SM...

Administering FDDI Ports 8-21 values so that you are only receiving alarms if your network is in poor health. The SMT Standard recommended value is 8. The lerAlarm value must be higher than the lerCutoff value so that the network manager will be alerted to a problem before the PHY (port) is actually...

8-22 C HAPTER 8: A DMINISTERING FDDI R ESOURCES To set the lerCutoff : 1 From the top level of the Administration Console, enter: fddi port lerCutoff You are prompted for a port number and an estimated link error rate value at which the link connection will be broken. 2 Enter the port number. 3 Ente...

Administering FDDI Ports 8-23 Setting the Port Paths In the Switch 2200 you can assign the A and B ports to either the primary or the secondary path. To assign ports to paths: 1 From the top level of the Administration Console, enter: fddi port path You are prompted for a port. 2 Enter the port(s) y...

9-2 C HAPTER 9: S ETTING U P THE S YSTEM FOR R OVING A NALYSIS the remote port is located. The remote system must be located on the same FDDI ring as the system to which the analyzer is attached. Figure 9-1 shows the process for establishing local and remote monitoring of ports. Figure 9-1 Roving An...

Adding an Analyzer Port 9-3 To display the roving analysis configurations, enter the following from the top level of the Administration Console: analyzer display The configurations are displayed as shown in the following example: Ethernet ports configured as analyzer ports: Ethernet Port Address 9 0...

9-4 C HAPTER 9: S ETTING U P THE S YSTEM FOR R OVING A NALYSIS Once the analyzer port is set, it is disabled from receiving or transmitting any other data. Instead, it transmits the data it receives from the monitored port to the network analyzer. If you have enabled Spanning Tree on this port, it i...

Starting Port Monitoring 9-5 Starting Port Monitoring After you have a local or remote port configured for the network analyzer, you can start monitoring port activity. 3Com recommends that you ALWAYS configure the analyzer port before configuring the monitored ports. To start monitoring a new port:...

9-6 C HAPTER 9: S ETTING U P THE S YSTEM FOR R OVING A NALYSIS You are then prompted for an FDDI port through which the data should be forwarded, as shown below: Select FDDI port (1-2): 2 Once you successfully configure a port to monitor, all the data received and transmitted on the port is forwarde...

IV Chapter 10 Administering the Bridge Chapter 11 Administering Bridge Ports Chapter 12 Creating and Using Packet Filters Chapter 13 Configuring Address and Port Groups to Use in Packet Filters B RIDGING P ARAMETERS

10 A DMINISTERING THE B RIDGE This chapter describes how to view the bridge setup and how to configure the following bridge-level parameters: ■ IP fragmentation ■ IPX snap translation ■ Address threshold ■ Address aging time ■ Spanning Tree Protocol (STP) parameters For information about configuring...

10-2 C HAPTER 10: A DMINISTERING THE B RIDGE The following example shows a display of bridge information. Each item in the bridge parameter list is described in Table 10-1. stpState timeSinceLastTopologyChange enabled 1 hr 28 mins 31 secs topologyChangeCount 2 topologyChangeFlag BridgeIdentifier fal...

Displaying Bridge Information 10-3 Table 10-1 Bridge Attributes Parameter Description addressCount Number of addresses in the bridge address table addrTableSize Maximum number of addresses that will fit in the bridge address table addrThreshold Reporting threshold for the total number of addresses k...

Enabling and Disabling IP Fragmentation 10-5 Enabling and Disabling IP Fragmentation When IP fragmentation is enabled, large FDDI packets are “fragmented” into smaller packets. IP fragmentation allows FDDI and Ethernet stations connected to the Switch 2200 to communicate using IP even if the FDDI st...

10-6 C HAPTER 10: A DMINISTERING THE B RIDGE Setting the Address Threshold The address threshold for a bridge is the reporting threshold for the total number of Ethernet addresses known to the system. When this threshold is reached, the SNMP trap addressThresholdEvent is generated. Address threshold...

Administering STP Bridge Parameters 10-7 Administering STP Bridge Parameters You can enable or disable Spanning Tree Protocol in the system and set the following STP bridge parameters: priority, maximum age, hello time, and forward delay. For more information about how the Spanning Tree parameters i...

10-8 C HAPTER 10: A DMINISTERING THE B RIDGE To configure the STP bridge priority: 1 From the top level of the Administration Console, enter: bridge stpPriority 2 Enter the priority value at the prompt. If your configuration was successful, you return to the previous menu. If the configuration was n...

Administering STP Bridge Parameters 10-9 Setting the Bridge Hello Time Hello time is the period between the generation of configuration messages by a root bridge. If the probability of losing configuration messages is high, shortening the time makes the protocol more robust. However, lengthening the...

10-10 C HAPTER 10: A DMINISTERING THE B RIDGE Setting the STP Group Address The STP group address is a single address that bridges listen to when receiving STP information. Each bridge on the network sends STP packets to the group address. Every bridge on the network receives STP packets sent to the...

11 A DMINISTERING B RIDGE P ORTS This chapter describes how to view bridge port information and configure the following: ■ Multicast packet threshold ■ Spanning Tree Protocol (STP) parameters ■ Bridge port addresses Displaying Bridge Port Information Bridge port information includes the STP configur...

11-2 C HAPTER 11: A DMINISTERING B RIDGE P ORTS The following example shows a bridge port summary display. port rxFrames rxDiscards txFrames Ethernet 1 411180 0 1353766 Ethernet 12 243559 0 1184225 port portId stp state fwdTransitions Ethernet 1 0x8003 enabled forwarding 1 Ethernet 12 0x800e enabled...

Displaying Bridge Port Information 11-3 Table 11-1 describes the type of information provided for the bridge port. Table 11-1 Bridge Port Attributes Parameter Description designatedBridge Identification of the designated bridge of the LAN to which the port is attached designatedCost Cost through thi...

11-6 C HAPTER 11: A DMINISTERING B RIDGE P ORTS Frame Processing and Bridge Port Statistics All frames received on a physical (Ethernet or FDDI) interface and not explicitly directed to the Switch 2200 are delivered to the corresponding bridge port. A frame is then either forwarded to another bridge...

Setting the Multicast Limit 11-7 Figure 11-2 shows the order in which the discard decisions are made. Figure 11-2 How Frame Processing Affects Transmit Bridge Port Statistics Setting the Multicast Limit You can assign a multicast packet firewall threshold to a bridge port on the Switch 2200 to limit...

11-8 C HAPTER 11: A DMINISTERING B RIDGE P ORTS 4 Enter the new multicast threshold value for the port(s). See the example below: Ethernet port 4 - Enter new value [0]: 400 Ethernet port 5 - Enter new value [0]: 400 Administering STP Bridge Port Parameters You can enable or disable the Spanning Tree...

Administering STP Bridge Port Parameters 11-9 The following example shows values being set for more than one port: Ethernet port 4 - Enter new value (disabled,enabled) [enabled]: disabled Ethernet port 5 - Enter new value (disabled,enabled) [enabled]: disabled Setting the Port Path Cost You can set ...

11-10 C HAPTER 11: A DMINISTERING B RIDGE P ORTS Setting the Port Priority The STP port priority influences the choice of port when the bridge has two ports connected to the same LAN, creating a loop. The port with the lowest port priority will be the one used by the Spanning Tree Protocol. Port pri...

Administering Port Addresses 11-11 Administering Port Addresses You can administer the MAC addresses of stations connected to Ethernet and FDDI ports on the Switch 2200. Listing Addresses You can display MAC addresses currently associated with the selected ports. Each address type (static or dynamic...

11-12 C HAPTER 11: A DMINISTERING B RIDGE P ORTS Adding New Addresses When you assign new MAC addresses to the selected ports, these addresses are added as statically configured addresses. A statically configured address is never aged and can never be learned on a different Ethernet port. To add a M...

Administering Port Addresses 11-13 Flushing All Addresses You can flush all static and dynamic MAC addresses from the selected port(s). Static MAC addresses are those that you specified using the add menu option. Dynamic MAC addresses are those that were automatically learned by the bridge. To flush...

11-14 C HAPTER 11: A DMINISTERING B RIDGE P ORTS To freeze all dynamic addresses: 1 From the top level of the Administration Console, enter: bridge port address freeze You are prompted for the port type. 2 Enter Ethernet , FDDI , or all . You are prompted for the port number(s). 3 Enter the number(s...

12 C REATING AND U SING P ACKET F ILTERS This chapter describes how to create and edit packet filters using the packet filter language. This chapter also provides instructions for how to: ■ List, display, and delete currently defined filters ■ Load packet filter definitions created in an ASCII-based...

12-2 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Listing Packet Filters When you list the packet filters for the system, the filter identification, filter name (if any), and filter assignments are displayed. To list the currently defined packet filters, enter the following from the top level ...

Displaying Packet Filters 12-3 Displaying Packet Filters When displaying the contents of a single packet filter, you select the packet filter using the filter id (which you can obtain by listing the packet filters as described in the previous section). The packet filter instructions are displayed; h...

Creating Packet Filters 12-5 Table 12-2 describes the instructions and stacks of a packet filter. Table 12-2 Packet Filter Instructions and Stacks — Descriptions and Guidelines Element Descriptions and Guidelines Instructions Each instruction in a packet filter definition must be on a separate line ...

12-6 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Basic Elements of a Packet Filter Before creating a packet filter, you must decide which part of the packet you want to filter. You can filter Ethernet packets by the destination address, source address, type/length, or some part of the data. Y...

Creating Packet Filters 12-7 The Ethernet and FDDI packet fields in Figure 12-1 are used as operands in the packet filter. The two simplest operands are described in Table 12-3. The operators that you specify in the packet filter allow the filter to make a logical decision about whether the packet s...

12-8 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Implementing Sequential Tests in a Packet Filter Filter language expressions are normally evaluated to completion — a packet is accepted if the value remaining on the top of the stack is non-zero. Frequently, however, a single test is insuffici...

Creating Packet Filters 12-9 The following example shows the use of both accept and reject in a packet filter. This packet filter was created for a network running both Phase I and Phase II AppleTalk. TM The goal of the filter is to eliminate the AppleTalk traffic. Name “Filter AppleTalk datagrams” ...

12-10 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Run-time storage of packet filters For run-time storage of packet filter programs, each Switch 2200 system provides a maximum of 8192 bytes. There is no explicit system or per-packet-filter overhead; however, performance considerations can res...

Creating Packet Filters 12-11 4 Apply a logic operation to the values in steps 2 and 3. The operator you use depends on what comparison you want to make. Variations on these four basic steps of writing packet filters include: ■ Use pushTop for each additional comparison you intend to make with the p...

12-12 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Packet Filter Solution The solution described here is to create a highly sophisticated packet filter that prevents only the broadcast packets from the market data servers from being forwarded onto the segments that are not part of an active tr...

Creating Packet Filters 12-13 The pseudocode translates into the following packet filter: Name “IP XNS ticker bcast filter” # Assign this filter in the multicast path# of a port only--this is very important## XNS FILTERING SECTION# pushField.w 12 # get the type field of the packet and # place it on ...

12-14 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS The rest of this section concentrates on the parts of the filter, showing you how to translate the pseudocode’s requirements into filter language. The large filter on page 12-13 is broken down into subsets to show how you can create small filt...

Creating Packet Filters 12-15 4 Enter executable instruction #3: eq # if the two values on the top of the stack are equal, # then return a non-zero value Packet Filter Two. This filter is designed to accept packets within the socket range of 0x76c and 0x898. These steps show how to create this filte...

12-16 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Combining a Subset of the Filters. The next filter accepts IP packets with a socket range of 0x76c (1900) and 0x898 (2200). The filter combines packet filters one and two, modifying them for IP. These steps show how to create this filter. 1 Na...

Creating Packet Filters 12-17 Combining All the Filters. Together, the four packet filters work to perform the solution to the problem: filtering the broadcast packets from the market data servers. These steps show how to create this filter: 1 Name the filter: “Discard XNS & IP pkts w/in socket ...

12-18 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS The maximum length of a packet filter definition is 4096 bytes. The editor assumes a terminal capability no higher than a glass tty (that is, it does not assume an addressable screen). You can place any ASCII printable character into the editi...

Creating Packet Filters 12-19 Table 12-6 Packet Filter Editor Commands Command Keys Description List buffer Ctrl+l Displays each of the lines in the editing buffer and then redisplays the line currently being edited Next Line Ctrl+n Moves cursor to next line; positions cursor at start of line Previo...

12-20 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Using an External Text Editor To use an ASCII-based editor to create a packet filter: 1 Create the definition in a text file. 2 From a networked workstation, ftp the file to the Switch 2200 on which you want to load the filter. 3 Load the filt...

Editing, Checking and Saving Packet Filters 12-21 To edit a packet filter using the Switch 2200 system line editor: 1 From the top level of the Administration Console, enter: bridge packetFilter edit 2 Enter the packet filter id number. Specifying a filter id loads that filter into the edit buffer. ...

12-22 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Loading Packet Filters When you create packet filters using an external text editor, you must load the filters onto the system from the network host on which you created them. Once loaded, the packet filter definition is converted into the int...

Assigning Packet Filters to Ports 12-23 it meets the forwarding criteria. A packet that does not meet the forwarding criteria defined in the filter is discarded. To assign a packet filter: 1 From the top level of the Administration Console, enter: bridge packetFilter assign 2 Enter the id number of ...

12-24 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Unassigning Packet Filters from Ports To unassign a packet filter from one or more ports, the packet filter must have been previously assigned to at least one port. To unassign a packet filter: 1 From the top level of the Administration Consol...

13 C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS This chapter describes how to use address and port groups as filtering criteria in a packet filter, and how to administer address and port groups. Using Groups in Packet Filters You can use address groups (a list of MAC addresses...

13-2 C HAPTER 13: C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS Port group packet filter example In this example, packets are not forwarded to ports in groups 3 and 8. Name “Discard Groups 3 and 8” pushSPGM # Get source port group mask pushLiteral.l 0x0084 # Select bits 3 and 8...

Displaying Groups 13-3 Address group example In this example, three address groups are defined in the system. The first address group has an id of 1 and the name Accounting . This group uses an address group mask of 1 (the bit set in the mask) . Address Groups Address Group 1 - Accounting Address gr...

13-4 C HAPTER 13: C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS members of the group. The name of the address group in this example is Development , and the group has five members. Select address group to be displayed [1-n]: 2 Address Group 2 - Development 05-39-24-56-ab-ee 08-...

Creating New Groups 13-5 Enter the ports in this syntax: < Ethernet | E | FDDI | F > [port] < port number > As you enter each address or port, the system attempts to add it to the group. If the address or port you enter is already a member of the group, the system displays a message, as ...

13-6 C HAPTER 13: C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS Port group example In this example, a new port group is created and loaded on the system. The bit in the port group mask for the group is 12 and the name of the group is Education . One port is entered and assigned...

Adding Addresses and Ports to Groups 13-7 Adding Addresses and Ports to Groups When adding addresses or ports to an existing group, you can either enter the addresses or ports at the prompts or import them from a file. At least one address group or port group must exist before you can add addresses ...

13-8 C HAPTER 13: C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS Enter the ports in this syntax: < Ethernet | E | FDDI | F > [port] < port number > As you enter each address or port, the system attempts to add it to the group. If the address or port you enter is alre...

Removing Addresses or Ports from a Group 13-9 Port group example This example shows a port successfully added to the Manufacturing port group. Select port group to be modified [1-4]: 2 Adding ports to group 2 - Manufacturing Enter the ports to be added - type q to return to the menu: Port: Ethernet ...

13-10 C HAPTER 13: C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS As you enter addresses and ports, the system attempts to remove them from the group. If the address or port is not found in the group, a warning message is displayed, as shown here: Warning: Specified address was ...

Loading Groups 13-11 Loading Groups There is no explicit menu item to load address and port groups that are defined in a file on a remote host. However, you can “load” groups by creating a script on a remote host (which includes your address or port group) and then running that script. The following...

V Appendix A Packet Filter Opcodes, Examples, and Sytax Errors Appendix B Technical Support A PPENDIXES

A P ACKET F ILTER O PCODES , E XAMPLES , AND S YNTAX E RRORS This appendix: ■ Describes the specific opcodes you can use when creating a packet filter ■ Provides numerous examples of commonly used packet filters ■ Describes the possible syntax errors you might receive when loading a packet filter Fo...

Opcodes A-3 pushTop Description: Pushes the current top of the stack onto the stack (that is, it reads the top of the stack and pushes the value onto the stack). The size of the push is determined by the size of the contents of the stack. Storage Needed: 1 byte pushSAGM Description: Pushes the sourc...

Opcodes A-7 or (bit-wise OR) Description: Pops two values from the stack and pushes the bit-wise OR of these values back onto the stack. The size of the operands and the result are determined by the contents of the stack. Storage Needed: 1 byte xor (bit-wise exclusive-OR) Description: Pops two value...

A-8 A PPENDIX A: P ACKET F ILTER O PCODES , E XAMPLES , AND S YNTAX E RRORS reject Description: Conditionally rejects the packet being examined. A byte is popped from the stack. If it is non-zero, the packet is rejected and evaluation of the filter ends immediately; otherwise, filter evaluation cont...

Packet Filter Examples A-9 Packet Filter Examples The following examples of using the packet filter language start with basic packet filter concepts. Destination Address Filter This filter operates on the destination address field of a frame. It allows packets to be forwarded that are destined for s...

Packet Filter Examples A-11 Source Address and Type Filter This filter operates on the source address and type fields of a frame. It allows XNS packets to be forwarded that are from stations with an OUI of 08-00-02. To customize this filter to another OUI value, change the literal value loaded in th...

Common Syntax Errors A-13 Common Syntax Errors When a packet filter definition is loaded, the definition is checked for syntax errors. The syntax errors and their causes are listed in Table A-1. Table A-1 Possible Syntax Errors When Loading Packet Filters Syntax Error Description Opcode not found An...

A-14 A PPENDIX A: P ACKET F ILTER O PCODES , E XAMPLES , AND S YNTAX E RRORS Invalid characters in number The number specified as an offset or literal is improperly formatted. Possible causes are 1) lack of white space setting off the number, and 2) invalid characters in the number. Note: The radix ...

B T ECHNICAL S UPPORT 3Com provides easy access to technical support information through a variety of services. This appendix describes these services. Online Technical Services 3Com offers worldwide product support seven days a week, 24 hours a day, through the following online systems: ■ 3Com Bull...

B-2 A PPENDIX B: T ECHNICAL S UPPORT Access by ISDN ISDN users can dial in to 3ComBBS using a digital modem for fast access up to 56 Kbps. To access 3ComBBS using ISDN, dial the following number: (408) 654 2703 World Wide Web Site Access the latest networking information on 3Com’s World Wide Web sit...

Support from Your Network Supplier B-3 3ComFacts SM Automated Fax Service 3Com Corporation’s interactive fax service, 3ComFacts, provides data sheets, technical articles, diagrams, and troubleshooting instructions on 3Com products 24 hours a day, seven days a week. Call 3ComFacts using your touch-to...

B-4 A PPENDIX B: T ECHNICAL S UPPORT Support from 3Com If you are unable to receive support from your network supplier, technical support contracts are available from 3Com. In the U.S. and Canada, call (800) 876-3266 for customer service. If you are outside the U.S. and Canada, contact your local 3C...

I NDEX Numerics 3Com Bulletin Board Service (3ComBBS) B-13Com sales offices B-43ComFacts B-33ComForum B-2 A abort at prompts 2-9enabling CTL+C 2-11 accept opcode 12-8, A-7access levels 2-1address adding static 11-12aging time 10-6filters A-9flushing 11-13for SNMP trap reporting 3-17freezing 11-13in ...

2 I NDEX baud rate console serial port 3-2 bell, warning 4-1blocking state 11-5bridge See also packet filter address threshold, setting 10-6aging time, setting 10-6designated 11-3IP fragmentation, enabling 10-5IPX Snap Translation, enabling 10-5menus 2-5Spanning Tree bridge priority, setting 10-7ena...