Intel 480T - Manual

Intel® NetStructure™ 480T Routing Switch User Guide vii How FDB Entries Get Added ................................... 121Associating a QoS Profile with an FDB Entry .......... 122 Configuring FDB Entries ............................................. 122 FDB Configuration Examples 123 Displaying FDB ...

Intel ® NetStructure ™ 480T Routing Switch User Guide xix List of Figures Figure 1.1: Intel ® NetStructure ™ 480T routing switch (front) ........................................................................... 9 Figure 1.2: Intel ® NetStructure ™ 480T routing switch (with and without redundant po...

Intel ® NetStructure ™ 480T Routing Switch User Guide xxi List of Tables Table 1.1: Switch LEDs .................................................. 11Table 1.2: Global Factory Defaults ................................. 12Table 1.3: Media Types and Distances ........................... 14Table 1.4: 10...

Preface This preface provides an overview of this user guide, describes guide conventions, and lists other useful publications. Introduction This user guide provides the information you need to configure the Intel ® NetStructure ™ 480T routing switch. Information in the “Late Breaking News” shipped ...

2 Intel ® NetStructure ™ 480T Routing Switch User Guide • Internet Packet Exchange (IPX) • Server Load Balancing (SLB) • Simple Network Management Protocol (SNMP) Related Publications For further information refer to these publications: • Command Line Interface Reference Guide • Intel ® NetStructure...

Overview The Intel ® NetStructure ™ 480T routing switch uses a powerful, full- featured software operating system for local management of the switch. This chapter offers an overview of the switch operation and covers these topics: • Summary of features • Software licensing • Hardware specifications ...

C H A P T E R 1 Overview 5 Full-Duplex Support The 480T routing switch provides full-duplex support for all ports. Full-duplex mode allows frames to be transmitted and received simultaneously and, in effect, doubles the bandwidth available on a link. All 100/1000 Mbps ports on the 480Tswitch autoneg...

6 Intel ® NetStructure ™ 480T Routing Switch User Guide Quality of Service (QoS) See Chapter 10,"Quality of Service (QoS)" on page 135. The local management software has Policy-Based Quality of Service (QoS) features that enable you to specify service levels for different traffic groups. By ...

C H A P T E R 1 Overview 7 Load Sharing See “Configuring Ports” on page 79. Load sharing allows you to increase bandwidth and resiliency by using a group of ports to carry traffic in parallel between systems. The switch’s sharing algorithm allows you to use multiple ports as a single logical port. F...

8 Intel ® NetStructure ™ 480T Routing Switch User Guide Full Layer 3 Functionality Switches using a Full Layer 3 license also support other routing protocols and functions in addition to Basic functions, including: • IP routing using OSPF • IP multicast routing using DVMRP • IP multicast routing usi...

C H A P T E R 1 Overview 9 Figure 1.1: Intel ® NetStructure ™ 480T routing switch (front) For information on switch LEDs, refer to "Switch LEDs" on page 10. Rear View Figure 1.2 shows two rear view configurations. The second has a redundant power supply. Figure 1.2: Intel ® NetStructure ™ 48...

10 Intel ® NetStructure ™ 480T Routing Switch User Guide AC Connector The 480T routing switch automatically adjusts to the supply voltage. The power supply unit (PSU) operates down to 100V, and is suitable for both 110 VAC and 200-240 VAC operation. Serial Number Use this serial number for fault-rep...

C H A P T E R 1 Overview 11 . Table 1.1: Switch LEDs LED Color Indicates 1000BASE-X Port Status LEDs (GBIC LEDs) Link/activity GreenOrange Green flashing (steady)Off Link is present; port is enabled.Frames are being transmitted/received on this port.Link is present; port is disabled.Link is not pres...

12 Intel ® NetStructure ™ 480T Routing Switch User Guide Software Factory Defaults Table 1.2 lists factory defaults for global features. Table 1.2: Global Factory Defaults Item Default Setting Serial or Telnet user account admin with no password and user with no password Web network management Enabl...

14 Intel ® NetStructure ™ 480T Routing Switch User Guide Media Types, Distances and Specifications Table 1.3 describes the media types and distances (cable lengths) for the different types of switch ports. Table 1.3: Media Types and Distances Type Media M Hz/Km Rating Maximum Distance 1000BASE-SX 50...

C H A P T E R 1 Overview 15 Table 1.4 describes the specifications for the 1000B-LH interface. Optical Output Power The minimum cable length without a 10 dB attenuator is 32 kilometers. The transmitter output power level for the 1000-LH is +5dBm. The maximum allowable receiver input power level is -...

Installation and Setup This chapter describes: • Determining the Switch Location • Installing the Switch • Connecting Equipment to the Console Port • Checking the Installation Using the Power-On Self Test (POST) • Logging In for the First Time • Upgrading Your Firmware • Installing the Gigabit Inter...

18 Intel ® NetStructure ™ 480T Routing Switch User Guide Determining the Switch Location The 480T routing switch can be free standing or mounted in a standard 19-inch equipment rack. Mounting brackets are supplied with the switch. When deciding where to install the switch, ensure that: • The switch ...

C H A P T E R 2 Installation and Setup 19 4 Replace the screws and fully tighten with a screwdriver, as shown in Figure 2.1. Figure 2.1: Fitting the mounting bracket 5 Repeat the two previous steps for the other side of the switch. 6 Insert the switch into the 19-inch rack. Ensure that ventilation h...

20 Intel ® NetStructure ™ 480T Routing Switch User Guide Free-Standing The 480T routing switch is supplied with four self-adhesive rubber pads. You can stack up to four switches on top of one another. 1 Apply the pads to the underside of the device by sticking a pad in the marked area at each corner...

C H A P T E R 2 Installation and Setup 21 If the switch passes the POST, the MGMT LED blinks at a slow rate (1 blink per second). If the switch fails the POST, the MGMT LED shows a solid orange light. Logging In for the First Time After the switch has completed the Power-On Self Test (POST), it is o...

22 Intel ® NetStructure ™ 480T Routing Switch User Guide Upgrading Your Firmware To upgrade your Intel ® NetStructure ™ 480T routing switch you must upgrade the BootRom image and firmware. Refer to the Late Breaking News that shipped with your switch for this procedure. Installing the Gigabit Interf...

Using Intel ® Device View Intel ® Device View is a graphical user interface that helps you manage the Intel NetStructure ™ 480T routing switch and other supported Intel networking devices on your network. Intel Device View provides these features: • The ability to configure new network devices • A g...

24 Intel ® NetStructure ™ 480T Routing Switch User Guide You can install both the Windows and the Web version of Intel Device View. To Install Intel Device View If you manage devices with Intel Device View from only one location on the network, install the Windows § version. 1. Put the Intel Device ...

C H A P T E R 3 Using Intel ® Device View 25 Starting the Windows § Version We recommend you use the Window version of Intel Device View if you manage devices from only one location on the network. To start the Windows version: 1 From your desktop, click Start. 2 Point to Programs > Intel Device ...

26 Intel ® NetStructure ™ 480T Routing Switch User Guide Installing a New Device After you’ve installed a new switch on your network, you can use Intel Device View’s Device Install Wizard to configure it for management. To Install and Configure a New Switch for Management 1. Start Intel Device View....

C H A P T E R 3 Using Intel ® Device View 27 network. As it discovers devices, it adds an icon for each device to the Device Tree on the left side of the screen. Different states of the 480T routing switch are represented by unique icons in the Device Tree as indicated below. Device Tree icons Devic...

28 Intel ® NetStructure ™ 480T Routing Switch User Guide The Device Tree works much like Windows Explorer: • To expand the root or a subnet, click the (+) next to the icon. • To collapse the view, click the (-) next to the icon. • Double-click a device icon to view the device image. To Add a Device ...

C H A P T E R 3 Using Intel ® Device View 29 3. In the Find Device dialog box, enter the IP address of the device you want to find in the tree. 4. Click OK . The device’s icon is highlighted in the Device Tree. Losing Contact with a Device If Intel Device View loses contact with a switch, it replace...

30 Intel ® NetStructure ™ 480T Routing Switch User Guide The Express 480T Web Device Manager appears in the Intel Device View window. For complete information on using Intel Device View, refer to the program’s online help or see the Intel Device View Help file on the installation CD-ROM. Viewing RMO...

C H A P T E R 3 Using Intel ® Device View 31 switch creates an event (see below). For example, you might set an alarm if switch utilization exceeds 30%. • Group 9 Events — Provides notification and tells the switch what to do when an event occurs on the network. Events can send a trap to a trap-rece...

Using Web Device Manager Web Device Manager is device-management software running in the Intel ® NetStructure ™ 480T routing switch. It allows you to access the switch over a TCP/IP network, using a Web browser that supports frames and JavaScript § (such as Netscape Navigator § 3.0 or later, or Micr...

34 Intel ® NetStructure ™ 480T Routing Switch User Guide Use the none option to remove a configured access profile. To display the status of Web access, use this command: show management To disable Web access, use this command: disable web To re-enable Web access, use this command: enable web {acces...

C H A P T E R 4 Using Web Device Manager 35 Accessing Web Device Manager To access the default home page of the switch, enter this URL in your browser (substituting the actual ip address): http://<ip_address> When you access the home page of the system, the Login screen appears. Enter your use...

36 Intel ® NetStructure ™ 480T Routing Switch User Guide Below the task buttons are options. Options are specific to the task button that you select. When you select an option, the information displayed in the content frame changes. However, when you select a new task button, the content frame does ...

C H A P T E R 4 Using Web Device Manager 37 Status Messages Status messages are displayed at the top of the content frame. There are four types of status messages: • Information —Displays information that is useful to know prior to, or as a result of, changing configuration options. • Warning —Displ...

38 Intel ® NetStructure ™ 480T Routing Switch User Guide Filtering Information On some pages you can click a Filter button to display a subset of information for a page. For example, on the OSPF configuration page, you can configure authentication based on the VLAN, area identifier, or virtual link....

Accessing the Switch This chapter provides information to help you manage the Intel ® NetStructure™ 480T routing switch, including: • Understanding the Command Syntax • Line-Editing Keys • Command History • Common Commands • Configuring Management Access • Real-time Basic Connectivity Checking • Met...

40 Intel ® NetStructure ™ 480T Routing Switch User Guide To use the command-line interface (CLI): Most configuration commands require that you have administrator privileges. 1. Enter the command name.When entering a command at the prompt, ensure that you have the appropriate privilege level. 2. Ente...

C H A P T E R 5 Accessing the Switch 41 Command Shortcuts All component names must be unique. Name components using the create command. When you enter a command to configure a named component, you do not need to use the keyword of the component. For example, to create a VLAN, you must enter a unique...

42 Intel ® NetStructure ™ 480T Routing Switch User Guide Symbols You may see a variety of symbols shown as part of the command syntax. These symbols explain how to enter the command, and you do not type them as part of the command itself. Table 5.1 summarizes command syntax symbols. Press the Tab ke...

C H A P T E R 5 Accessing the Switch 43 Line-Editing Keys Table 5.2 describes the line-editing keys available using the CLI. Table 5.2: Line-Editing Keys Key(s) Description Backspace Deletes characters to the left of the cursor and shifts the remainder of the line to the left. Delete or Ctrl + D Del...

44 Intel ® NetStructure ™ 480T Routing Switch User Guide Command History The local management software stores the last 49 commands you entered. You can display a list of these commands by using this command: history Common Commands Table 5.3 describes common commands used to manage the 480T routing ...

C H A P T E R 5 Accessing the Switch 45 configure time <date> <time> Configures the system date and time. The format is as follows: mm/dd/yyyy hh:mm:ss The time uses a 24-hour clock format. configure timezone <gmt_offset> {autodst | noautodst} Configures the time zone information t...

46 Intel ® NetStructure ™ 480T Routing Switch User Guide disable clipaging Disables pausing of the screen display when a show command output reaches the end of the page. disable idletimeout Disables the timer that disconnects all sessions. Once disabled, console sessions remain open until the switch...

48 Intel ® NetStructure ™ 480T Routing Switch User Guide Configuring Management Access The local management software supports these two levels of management: • User • Administrator In addition to these management levels, you can optionally use an external RADIUS server to provide CLI command authori...

C H A P T E R 5 Accessing the Switch 49 Prompt Text The prompt text is taken from the SNMP sysname setting (see Table 5.8, “SNMP Configuration Commands,” on page 64). The number that follows the colon indicates the sequential line/command number. If an asterisk (*) appears in front of the command-li...

50 Intel ® NetStructure ™ 480T Routing Switch User Guide 4. Enter the new password at the prompt. 5. Re-enter the password for verification. To add a password to the default user account: 1. Log in to the switch using the name admin . 2. At the password prompt, press Enter, or enter the password tha...

C H A P T E R 5 Accessing the Switch 51 Deleting an Account To delete an account, you must have administrator privileges. Use this command to delete an account: delete account <username> The account name admin cannot be deleted. Domain Name Service Client The Domain Name Service (DNS) client a...

52 Intel ® NetStructure ™ 480T Routing Switch User Guide Real-time Basic Connectivity Checking Use these commands to check basic connectivity: • ping • traceroute Ping You can use the ping command to send Internet Control Message Protocol (ICMP) echo messages to a remote IP device. The ping command ...

C H A P T E R 5 Accessing the Switch 53 Traceroute The traceroute command enables you to trace the routed path between the switch and a destination endstation. The traceroute command syntax is: traceroute [<ip_address> | <hostname>] {from <src_ipaddress>} {ttl <TTL>} {port &l...

54 Intel ® NetStructure ™ 480T Routing Switch User Guide You can use Telnet, a Web browser, or an SNMP manager to manage the switch remotely. There can be one console session, one Web session or eight concurrent Telnet sessions. Using the Console Interface You can access the built-in CLI of the 480T...

C H A P T E R 5 Accessing the Switch 55 Telnet session is lost inadvertently, the switch terminates the session within two hours. Before you can start a Telnet session, you must set up the IP parameters described in the section "Configuring Switch IP Parameters" on page 55.. Telnet is enable...

56 Intel ® NetStructure ™ 480T Routing Switch User Guide You can enable BOOTP on a per-VLAN basis using this command: enable bootp vlan [<name> | all] By default, BOOTP is enabled on the default VLAN. If you configure the 480T routing switch to use BOOTP, the switch IP address is not retained ...

58 Intel ® NetStructure ™ 480T Routing Switch User Guide Disconnecting a Telnet Session An administrator-level account can disconnect a management session that is established through Telnet connection. If this happens, the user logged in through Telnet is notified that the session is terminated. To ...

C H A P T E R 5 Accessing the Switch 59 Using Access Profiles An access profile permits or denies a named list of IP addresses and subnet masks. To use access profiles, first define the list, and then apply the named list to the desired application. Access profiles are used by several routing switch...

60 Intel ® NetStructure ™ 480T Routing Switch User Guide The subnet mask specified in the access profile command is interpreted as a reverse mask. A reverse mask indicates the bits that are significant in the IP address and specifies the part of the address that must match the IP address to which th...

C H A P T E R 5 Accessing the Switch 61 Access Profile Rules These rules apply when using access profiles: • Only one access profile can be applied to each application. • The access profile can either permit or deny the entries in the profile. • The same access profile can be applied to more than on...

62 Intel ® NetStructure ™ 480T Routing Switch User Guide When you access the home page of the switch the Logon screen appears. Controlling Web Access By default, Web access is enabled on the routing switch. You can restrict access through the Web Device Manager using an access profile, which permits...

C H A P T E R 5 Accessing the Switch 63 Accessing Switch Agents To have access to the SNMP agent in the routing switch, at least one VLAN must have an IP address assigned to it. For more information on assigning IP addresses, refer to Table 5.3 on page 44. Supported MIBs Along with private MIBs, the...

64 Intel ® NetStructure ™ 480T Routing Switch User Guide • Community strings —Allows a simple method of authentication between the 480T routing switch and the remote Network Manager. There are two types of community strings on the switch. Read community strings provide read-only access to the switch...

66 Intel ® NetStructure ™ 480T Routing Switch User Guide Displaying SNMP Settings To display the SNMP settings configured on the routing switch, use this command: show management This command displays the following information: • Enable/disable state for Telnet, SNMP, and Web access, along with acce...

C H A P T E R 5 Accessing the Switch 67 and then to the secondary RADIUS server, if the primary does not respond. If the RADIUS client is enabled, but access to the RADIUS primary and secondary servers fail, the routing switch uses its local database for authentication. The privileges assigned to th...

68 Intel ® NetStructure ™ 480T Routing Switch User Guide Table 5.9: RADIUS ® Commands Command Description configure radius [primary | secondary] server [<ipaddress> | <hostname>] {<udp_port>} client-ip <ipaddress> Configures the primary and secondary RADIUS § server. Specify ...

C H A P T E R 5 Accessing the Switch 69 configure radius-accounting [primary | secondary] server [<ipaddress> | <hostname>] {<udp_port>} client-ip <ipaddress> Configures the RADIUS accounting server. Specify the following: • [primary | secondary] —Either the primary or second...

70 Intel ® NetStructure ™ 480T Routing Switch User Guide RADIUS RFC 2138 Attributes The RADIUS RFC 2138 optional attributes supported are: • User-Name • User-Password • Service-Type • Login-IP-Host Configuring TACACS+ Terminal Access Controller Access Control System Plus (TACACS+) is a means for pro...

C H A P T E R 5 Accessing the Switch 71 Table 5.10: TACACS+ Commands Command Description configure tacacs [primary | secondary] server [<ipaddress> | <hostname>] {<udp_port>} client-ip <ipaddress> Configures the server information for a TACACS+ server. Specify the following: ...

72 Intel ® NetStructure ™ 480T Routing Switch User Guide Simple Network Time Protocol (SNTP) Therouting switch supports the client portion of the Simple Network Time Protocol (SNTP) Version 3 based on RFC1769. The switch can use SNTP to update and synchronize its internal clock from a Network Time P...

C H A P T E R 5 Accessing the Switch 73 Configuring and Using SNTP To use SNTP: 1 Identify the host(s) that are configured as NTP server(s). 2 Identify the preferred method for obtaining NTP updates. The options are for the NTP server to send out broadcasts, or for switches using NTP to query the NT...

74 Intel ® NetStructure ™ 480T Routing Switch User Guide If the switch cannot obtain the time, it restarts the query process. Otherwise, the switch waits for the sntp-client update interval before querying again. 6 Optionally, you can change the interval for which the SNTP client updates the real-ti...

C H A P T E R 5 Accessing the Switch 75 -6:00 -360 CST - Central Standard Chicago, Illinois, USA; Mexico City, Mexico; Saskatchewan, Canada -7:00 -420 MST - Mountain Standard Salt Lake City, Utah, USA; Alberta, Canada -8:00 -480 PST - Pacific Standard Los Angeles, CA. USA; Seattle, WA, USA -9:00 -54...

76 Intel ® NetStructure ™ 480T Routing Switch User Guide NTP updates are distributed using GMT time. To properly display the local time in logs and other timestamp information, the switch should be configured with the appropriate offset to GMT based on geographical location. +4:00 +240 ZP4 - Russia ...

C H A P T E R 5 Accessing the Switch 77 SNTP Configuration Commands Table 5.12 describes Simple Network Time Protocol (SNTP) configuration commands. Press the Tab key in the command line interface for more command options. SNTP Example In this example, the 480T routing switch queries a specific NTP ...

Configuring Ports This chapter describes how to configure ports on the Intel ® NetStructure ™ 480T routing switch and covers these topics: • Configuring Ports • Changing Port Speed and Duplex Settings • Jumbo Frames • Load Sharing • Jumbo Frames • Port-Mirroring • Enterprise Discovery Protocol Confi...

80 C H A P T E R 6 Intel ® NetStructure ™ 480T Routing Switch User Guide Changing Port Speed and Duplex Setting By default, the switch is configured to use auto-negotiation to determine port speed and duplex setting for each port. You can manually configure the duplex setting and the speed of 100/10...

C H A P T E R 6 Configuring Ports 81 To turn on RED, use this command: enable red port <portnumber> To configure the probability at which you want random early detection to drop packets, use this command: configure red drop-probability <percent> The percentage range is 0 - 100. Turning O...

82 C H A P T E R 6 Intel ® NetStructure ™ 480T Routing Switch User Guide Enabling Jumbo Frames Some network interface cards have a configured maximum MTU size that does not include the additional 4 bytes of CRC. Ensure that the NIC maximum MTU size is at or below the maximum MTU size configured on t...

C H A P T E R 6 Configuring Ports 83 IP Fragmentation with Jumbo frames To set the MTU size greater than 1500, all ports in the VLAN must be jumbo-frame enabled. If an IP packet originates in a local network that allows large packets and that packet traverses a network that limits packets to a small...

84 C H A P T E R 6 Intel ® NetStructure ™ 480T Routing Switch User Guide want IP fragmentation only within a VLAN. This is for inter-VLAN IP fragmentation only. For intra-VLAN IP fragmentation, all ports in the VLAN must be configured for jumbo frame support. Load Sharing Load sharing (also called l...

C H A P T E R 6 Configuring Ports 85 If you do not explicitly select an algorithm, the port-based scheme is used. However, the address-based algorithm has a more even distribution and is the recommended choice. You can configure one of three load-sharing algorithms: • Port-based • Address-based • Ro...

86 C H A P T E R 6 Intel ® NetStructure ™ 480T Routing Switch User Guide To define a load-sharing group, you assign a group of ports to a single, logical port number. To enable or disable a load-sharing group, use these commands: enable sharing <port> grouping <portlist> {algorithm [port...

C H A P T E R 6 Configuring Ports 87 Table 6.1: Port Commands Command Description configure jumbo-frame size <jumbo_frame_mtu> Configures the jumbo frame size. The range is between 1523 and 9216. The default setting is 9216. configure ports <portlist> auto off {speed [100 | 1000]} duplex...

90 C H A P T E R 6 Intel ® NetStructure ™ 480T Routing Switch User Guide Port-Mirroring Port-mirroring configures the switch to copy all traffic coming in and out of one or more ports to a monitor port on the switch. You can connect the monitor port to a network analyzer or RMON probe for packet ana...

C H A P T E R 6 Configuring Ports 91 Mirroring IP Multicast Traffic Due to IGMP snooping, multicast traffic may cease to be seen on a mirror port. If you issue a restart command for the mirror port or remove and reinsert the port connection, multicast traffic will resume for the IGMP host time-out p...

92 C H A P T E R 6 Intel ® NetStructure ™ 480T Routing Switch User Guide Port-Mirroring Example This example selects port 3 as the mirror port, and sends all traffic coming into or out of the switch on port 1 to the mirror port: enable mirroring to port 3 untagged configure mirroring add port 1 This...

C H A P T E R 6 Configuring Ports 93 EDP Commands Table 6.3 lists EDP commands. For further command options, press the Tab key in the command line interface. Table 6.3: EDP Commands Command Description disable edp ports [<portlist> | all] Disables the EDP on one or more ports. enable edp ports...

Virtual LANs (VLANs) Setting up Virtual Local Area Networks (VLANs) on the switch eases many time-consuming tasks of network administration while increasing efficiency in network operations. This chapter describes the concept of VLANs and explains how to implement VLANs on the Intel ® NetStructure ™...

96 Intel ® NetStructure ™ 480T Routing Switch User Guide VLANs Help to Control Traffic With traditional networks, broadcast traffic can cause congestion, because packets are sent to all network devices, even though the data is not needed by all. VLANs increase the efficiency of your network because ...

C H A P T E R 7 Virtual LANs (VLANs) 97 Types of VLANs You can create VLANs based on these criteria: • Physical port • 802.1Q tag • Ethernet, Logical Link Control Service Advertising Protocol (LLC SAP), or Logical Link Control Subnetwork Access Protocol ( LLC/SNAP) Ethernet protocol type • MAC addre...

98 Intel ® NetStructure ™ 480T Routing Switch User Guide of the same port. This means that each VLAN must be configured as a router interface with a unique IP address. Spanning Switches with Port-Based VLANs To create a port-based VLAN that spans two switches, you must: • Assign the port on each swi...

C H A P T E R 7 Virtual LANs (VLANs) 99 • On System 2, ports 1 through 4 are part of VLAN Accounting and ports 5 through 8, 15, and 16 are part of VLAN Engineering . Figure 7.3: Two port-based VLANs spanning two switches • VLAN Accounting spans System 1 and System 2 by way of a connection between Sy...

100 Intel ® NetStructure ™ 480T Routing Switch User Guide lead to connectivity problems if non-802.1Q bridges or routers are placed in the path. Uses of Tagged VLANs Tagging is most commonly used to create VLANs that span switches. The switch-to-switch connections are typically called trunks. Using ...

C H A P T E R 7 Virtual LANs (VLANs) 101 Figure 7.4: Physical diagram of tagged and untagged traffic Figure 7.5 shows a logical diagram of the same network. Figure 7.5: Logical diagram of tagged and untagged traffic In Figure 7.4 and Figure 7.5: • The trunk port on each switch carries traffic for bo...

102 Intel ® NetStructure ™ 480T Routing Switch User Guide • The trunk port on each switch is tagged. • The server connected to port 9 on System 1 has a NIC that supports 802.1Q tagging. • The server connected to port 9 on System 1 is a member of both VLAN Marketing and VLAN Sales . • All other stati...

C H A P T E R 7 Virtual LANs (VLANs) 103 • The remainder of the traffic belongs to the VLAN named MyCompany . • All ports are members of the VLAN MyCompany . Figure 7.6: Protocol-based VLANs Predefined Protocol Filters These protocol filters are predefined on the switch: • IP • IPX § • NetBIOS • DEC...

104 Intel ® NetStructure ™ 480T Routing Switch User Guide Defining Protocol Filters For more information on SNAP for Ethernet protocol types, see TR 11802-5:1997 (ISO/IEC) [ANSI/IEEE std. 802.1H, 1997 Edition]. For more information on standards see "Technical Specifications and Supported Limits&...

C H A P T E R 7 Virtual LANs (VLANs) 105 Deleting a Protocol Filter If a protocol filter is deleted from a VLAN, the VLAN is assigned a protocol filter of none . You can continue to configure the VLAN. However, no traffic is forwarded to the VLAN until a protocol is assigned to it. Precedence of Tag...

106 Intel ® NetStructure ™ 480T Routing Switch User Guide Default VLAN The switch ships with one default VLAN that has these properties: • The VLAN name is default. • It includes all the ports on a new or initialized switch. The default VLAN is untagged on all ports. It has an internal VLANid of 1. ...

C H A P T E R 7 Virtual LANs (VLANs) 107 Table 7.2 describes the commands used to configure a VLAN. For a complete list of command options, press the Tab key in the command line interface. Table 7.2: VLAN Configuration Commands Command Description configure dot1q ethertype <ethertype> Configur...

108 Intel ® NetStructure ™ 480T Routing Switch User Guide VLAN Configuration Examples Example 1 This example creates a port-based VLAN named accounting , assigns the IP address 132.15.121.1, and assigns ports 1, 2, 3 and 6 to it: create vlan accounting configure accounting ipaddress 132.15.121.1 con...

C H A P T E R 7 Virtual LANs (VLANs) 109 configure default delete port 1-3,6 configure accounting add port 1-3,6 Because VLAN names are unique, you do not need to enter the keyword vlan after you have created the unique VLAN name. You can use the VLAN name alone. Example 2 This example creates a tag...

110 Intel ® NetStructure ™ 480T Routing Switch User Guide create protocol myprotocol configure protocol myprotocol add etype 0xf0f0 configure protocol myprotocol add etype 0xffff create vlan myvlan configure myvlan protocol myprotocol Displaying VLAN Settings To display VLAN settings, use this comma...

C H A P T E R 7 Virtual LANs (VLANs) 111 VLAN Statistics You can collect statistics on a per VLAN basis. Available statistics include: • Receive and Transmit Unicast • Receive and Transmit Multicast • Receive and Transmit Broadcast • Receive and Transmit Byte Count . To display VLAN statistics use t...

112 Intel ® NetStructure ™ 480T Routing Switch User Guide You can tunnel any number of 802.1Q VLANs into a single VLAN that can be switched through the 480T routing switch Ethernet infrastructure. Each tunnel is completely isolated from other tunnels or VLANs. This feature is useful in building tran...

C H A P T E R 7 Virtual LANs (VLANs) 113 The figure shows a vMAN configuration with two tunnels that have ingress/egress ports on each 480T routing switch. The switches are configured as follows: configure dot1q ethertype 9100 enable jumbo-frame ports 1,2 configure jumbo-frame size 1530 create vlan ...

114 Intel ® NetStructure ™ 480T Routing Switch User Guide Specific to this configuration, a Layer 1 or Layer 2 redundancy method would also be employed, such as Spanning Tree or other protocol available on the switch. MAC-Based VLANs MAC-based VLANs allow physical ports to be mapped to a VLAN based ...

C H A P T E R 7 Virtual LANs (VLANs) 115 This example show MAC 00:00:00:00:00:aa is only allowed to enter into the VLAN on ports 10 and 11 because of membership in group 100: • The group any is equivalent to the group 0 (zero). Ports that are configured as any allow any MAC address to be assigned to...

116 Intel ® NetStructure ™ 480T Routing Switch User Guide VLAN association remains until the port connection is dropped or the FDB entry ages out. MAC-Based VLAN Commands Table 7.4 describes MAC-based VLAN commands. For a complete list of command options, press the Tab key in the command line interf...

C H A P T E R 7 Virtual LANs (VLANs) 117 • The MAC address 00:00:00:00:00:01 has a group number of 10 associated with it, and can only be assigned to a VLAN if inserted into ports 5 or 6. • The MAC address 00:00:00:00:00:03 has a group number of 200 associated with it and can only be inserted into p...

118 Intel ® NetStructure ™ 480T Routing Switch User Guide Example For MAC-based VLANs, the downloaded file is an ASCII file that consists of CLI commands used to configure the most recent MAC-to-VLAN database. This feature is different from the normal download configuration command in that it allows...

ForwardingDatabase (FDB) This chapter describes the contents of the forwarding database (FDB), how the FDB works, and how to configure the FDB. Overview of the FDB The Intel ® NetStructure ™ 480T routing switch maintains a database of all media access control (MAC) addresses received on all of its p...

120 Intel ® NetStructure ™ 480T Routing Switch User Guide You can download up to 7,000 MAC addresses to the switch when using MAC-based VLANs. You can create up to 3,000 VLANs on the switch. FDB Contents Each FDB entry consists of: • The MAC address of the device • An identifier for the port on whic...

C H A P T E R 8 Forwarding Database (FDB) 121 Permanent Entries All entries entered through the command line interface are stored as permanent.Only entries designated as Permanent are retained in the database if the switch is reset or a power off/on cycle occurs. A permanent entry can either be a un...

122 Intel ® NetStructure ™ 480T Routing Switch User Guide • You can enter and update entries using a MIB browser, an SNMP Network Manager, or the command line interface (CLI). Associating a QoS Profile with an FDB Entry The switch applies the QoS profile as soon as the FDB entry is learned. You can ...

C H A P T E R 8 Forwarding Database (FDB) 123 FDB C ONFIGURATION E XAMPLES This example adds a permanent entry to the FDB: create fdbentry 00:A0:C9:12:34:56 vlan marketing port 4 The permanent entry has these characteristics: • MAC address is 00:A0:C9:12:34:56. • VLAN name is marketing . • Port numb...

124 Intel ® NetStructure ™ 480T Routing Switch User Guide Displaying FDB Entries To display FDB entries, use the command: Show fdb {<mac_address> | vlan <name> | ports <portlist> | permanent} where the following is true: • mac_address —Displays the entry for a particular MAC addres...

Spanning TreeProtocol (STP) Using the Spanning Tree Protocol (STP) functionality of the Intel ® NetStructure ™ 480T routing switch makes your network more fault tolerant. STP is a part of the 802.1D bridge specification defined by the IEEE (Institute of Electrical and Electronics Engineers), a stand...

126 Intel ® NetStructure ™ 480T Routing Switch User Guide STPD has its own Root Bridge and active path. After the STPD is created, you can assign one or more VLANs to it. A port can belong to only one STPD. If a port is a member of multiple VLANs, then all those VLANs must belong to the same STPD. R...

C H A P T E R 9 Spanning Tree Protocol (STP) 127 • Marketing is defined on all switches (Switch A, Switch B, Switch Y, Switch Z, and Switch M). Two STPDs are defined: • STPD1 contains VLANs Sales and Personnel. • STPD2 contains VLANs Manufacturing and Engineering. The VLAN Marketing is a member of t...

C H A P T E R 9 Spanning Tree Protocol (STP) 129 Configuring STP We recommend that you do not configure STP parameters unless you have considerable knowledge and experience with STP. The default STP parameters are adequate for most networks. To configure STP: STPD, VLAN, and QoS profile names must b...

C H A P T E R 9 Spanning Tree Protocol (STP) 131 create stpd <stpd_name> Creates an STPD. When created, an STPD has these default parameters: • Bridge priority—32,768 • Hello time—2 seconds • Forward delay—15 seconds enable ignore-stp vlan <name> Configures the switch to ignore the STP p...

132 Intel ® NetStructure ™ 480T Routing Switch User Guide STP Configuration Example This example creates and enables an STPD named Backbone_st . It assigns the Manufacturing VLAN to the STPD. It disables STP on ports 1 through 7, and port 12. create stpd backbone_st configure stpd backbone_st add vl...

C H A P T E R 9 Spanning Tree Protocol (STP) 133 Disabling and Resetting STP To disable STP or return STP settings to their defaults, use the commands listed in Table 9.4. For further command options, press the Tab key in the command line interface. Table 9.4: STP Disable and Reset Commands Command ...

136 Intel ® NetStructure ™ 480T Routing Switch User Guide prioritization parameters. The bandwidth-management and prioritization parameters that modify the forwarding behavior of the switch affect how the switch transmits traffic for a given hardware queue on a physical port. The switch tracks and e...

C H A P T E R 1 0 Quality of Service (QoS) 137 Applications and Types of QoS Applications vary significantly in QoS requirements. These applications are ones that you will most commonly encounter and need to prioritize: • Voice applications • Video applications • Critical database applications • Web...

138 Intel ® NetStructure ™ 480T Routing Switch User Guide For example, in the playback of stored video streams, some applications can transmit large amounts of data for multiple streams in one spike, with the expectation that the endstations will buffer significant amounts of video-stream data. This...

C H A P T E R 1 0 Quality of Service (QoS) 139 File Server Applications File serving typically poses the greatest demand on bandwidth, although file server applications are tolerant of latency, jitter, and some packet loss, depending on the network operating system and the use of TCP or UDP. Buildin...

140 Intel ® NetStructure ™ 480T Routing Switch User Guide 2. Assign one or more traffic groupings to a QoS profile to create a QoS policy. Traffic grouping —A classification or traffic type that has one or more attributes in common. These can range from a physical port to a VLAN to IP Layer 4 port i...

C H A P T E R 1 0 Quality of Service (QoS) 141 other queues. The minimum bandwidth for all queues should add up to less than 90%. The default value on all minimum bandwidth parameters is 0%. • Maximum bandwidth – The maximum percentage of total link bandwidth that may be transmitted by a hardware qu...

142 Intel ® NetStructure ™ 480T Routing Switch User Guide Configuring a QoS Profile Table 10.4 lists the commands used to configure QoS. For further command options, press the Tab key in the command line interface. Table 10.3: Default QoS Profiles Profile Name Hardware Queue Priority Buffer Minimum ...

C H A P T E R 1 0 Quality of Service (QoS) 143 Table 10.4: QoS Configuration Commands Command Description configure qosprofile <qosprofile> {minbw <percent>} {maxbw <percent>} {priority <level>} {<portlist> | maxbuf <percent> minbuf <percent> [K | M]} Config...

144 Intel ® NetStructure ™ 480T Routing Switch User Guide Modifying a QoS Profile You can modify the default profiles as desired. To modify the parameters of an existing QoS profile, use this command: configure qosprofile <qosprofile> {minbw <percent>} {maxbw <percent>} {priority &...

C H A P T E R 1 0 Quality of Service (QoS) 145 IP-Based Traffic Groupings IP-based traffic groupings are based on any combination of: • IP source or destination address • TCP/UDP or other Layer 4 protocol • TCP/UDP port information IP-based traffic groupings are defined using access lists (see chapt...

146 Intel ® NetStructure ™ 480T Routing Switch User Guide The MAC address options are: • Permanent • Dynamic • Blackhole • Broadcast/unknown rate limiting Permanent MAC Addresses Permanent MAC addresses can be assigned a QoS profile whenever traffic is destined for the MAC address. You can do this w...

C H A P T E R 1 0 Quality of Service (QoS) 147 Broadcast/Unknown Rate Limiting MAC Address IP multicast traffic is subject to broadcast and unknown rate limiting only when IGMP snooping is disabled. Refer to "IGMP Snooping" on page 278. It is possible to assign broadcast and unknown destinat...

148 Intel ® NetStructure ™ 480T Routing Switch User Guide be preserved across a routed switch boundary and DiffServ code points can be observed or overwritten across a Layer 2 switch boundary. Configuring 802.1p Priority The switch supports the standard 802.1p priority bits that are part of a tagged...

C H A P T E R 1 0 Quality of Service (QoS) 149 As described in Table 10.2, by default a QoS profile is mapped to a hardware queue, and each QoS profile has configurable bandwidth parameters and priority. In this way, an 802.1p priority value detected on ingress can be mapped to a particular QoS prof...

150 Intel ® NetStructure ™ 480T Routing Switch User Guide that is used when transmitting the packet. To replace 802.1p priority information, use the command: enable dot1p replacement ports [<portlist> | all] 802.1p priority information is replaced according to the hardware queue that is used w...

C H A P T E R 1 0 Quality of Service (QoS) 151 Configuring DiffServ Contained in the header of every IP packet is a field for IP Type of Service (TOS), also referred to as the DiffServ field. The DiffServ or TOS field is used by the switch to determine the type of service provided to the packet. Fig...

152 Intel ® NetStructure ™ 480T Routing Switch User Guide Observing DiffServ Information When a packet arrives at the switch on an ingress port, the switch examines the first six of eight TOS bits. These bits are called the code point. The switch can assign the QoS profile used to subsequently trans...

C H A P T E R 1 0 Quality of Service (QoS) 153 You can change the QoS profile assignment for all 64 code points. Use this command: configure diffserv examination code-point <code- point> qosprofile <qosprofile> ports [<portlist>] Once assigned, the rest of the switches in the netwo...

154 Intel ® NetStructure ™ 480T Routing Switch User Guide You can change the 802.1p priority to DiffServ code point mapping to any code point value using this command: configure diffserv replacement priority vpri <number> code-point <code-point> ports [<portlist>] By doing so, the ...

C H A P T E R 1 0 Quality of Service (QoS) 155 Table 10.11 describes the commands used to configure DiffServ. For further command options, press the Tab key in the command line interface. Table 10.11: DiffServ Configuration Commands Command Description configure diffserv examination code-point <c...

156 Intel ® NetStructure ™ 480T Routing Switch User Guide DiffServ Example In this example, we use DiffServ to signal a class of service throughput and assign any traffic coming from network 10.1.2.x with a specific DiffServ code point. This allows all other network switches to send and observe the ...

C H A P T E R 1 0 Quality of Service (QoS) 157 transmitted out to any other port. To configure a source port traffic grouping, use this command: configure ports [all | mgmt | <portnumber>] qosprofile <qosprofile> In the following example, all traffic sourced from port 7 uses the QoS prof...

158 Intel ® NetStructure ™ 480T Routing Switch User Guide QoS Monitor The QoS monitor is a utility that monitors the hardware queues associated with any port(s). The QoS monitor keeps track of the number of frames and the frames per second that a specific queue is responsible for transmitting on a p...

C H A P T E R 1 0 Quality of Service (QoS) 159 • A port is sampled for five seconds before the packets per second (pps) value is displayed on the screen. Background Performance Monitoring Monitoring QoS in the background places the transmit counter and any overflow information into the switch log. T...

160 Intel ® NetStructure ™ 480T Routing Switch User Guide • To display information including QoS information for the port. show ports info {detail} Modifying a QoS Policy If you change the parameters of a QoS profile after a QoS policy was created (by applying a QoS profile to a traffic grouping), t...

C H A P T E R 1 0 Quality of Service (QoS) 161 To set the maxbuf value on a queue, use this command: configure qosprofile <qos profile> minbw <percent> maxbw <percent> priority <priority> maxbuf <number> To view the maxbuf configuration, use this command: show qosprofil...

162 Intel ® NetStructure ™ 480T Routing Switch User Guide Minimum bandwidth settings The minimum bandwidth settings determine the reserved port bandwidth available to each queue. Table 10.14 shows actual reserved bandwidth for each setting. If the reserved percentage configured does not match the se...

164 Intel ® NetStructure ™ 480T Routing Switch User Guide You can utilize up to eight ingress rate-shaping queues per VLAN and eight egress rate-shaping queues per physical port. By defining a QoS profile’s minimum and maximum bandwidth corresponding to the physical queue and port, you define commit...

C H A P T E R 1 0 Quality of Service (QoS) 165 • Unicast traffic from a non-rate-shaped port to a rate-shaped port within the VLAN will not be rate-shaped. • The aggregate forwarding bandwidth of all rate-shaped ports in a VLAN is determined by the traffic groupings and bandwidth settings for the Qo...

166 Intel ® NetStructure ™ 480T Routing Switch User Guide To add rate-shaped ports to the VLAN, use the following command: configure vlan <vlan name> add port <portlist> {tagged | untagged} {nobroadcast} soft-rate-limit To delete rate-shaped ports from the VLAN, use the command: configur...

Enterprise Standby Router Protocol (ESRP) Overview We recommend that all switches using ESRP use the same version of firmware for interoperability. See "Software Upgrade and Boot Options" on page 419. Enterprise Standby Router Protocol (ESRP) allows multiple switches to provide redundant rou...

168 Intel ® NetStructure ™ 480T Routing Switch User Guide ESRP-Aware Switches 480T routing switches that are not running ESRP, but are connected on a network with other 480T routing switches running ESRP, are ESRP-aware. When ESRP-aware switches are attached to ESRP-enabled switches, the ESRP-aware ...

C H A P T E R 1 1 Enterprise Standby Router Protocol (ESRP) 169 Multiple ESRP VLANs If multiple ESRP VLANs share a host port, each VLAN must be in an ESRP group. Mixing Clients and Routers on ESRP VLANs ESRP should not be enabled on a VLAN that is also expected to exchange routes with other non-ESRP...

170 Intel ® NetStructure ™ 480T Routing Switch User Guide • For a VLAN to be recognized as participating in ESRP, the assigned IP address or the IPX NetID for the separate switches must be identical . Other aspects of the VLAN, including its name, are ignored. • ESRP must be enabled on the desired V...

C H A P T E R 1 1 Enterprise Standby Router Protocol (ESRP) 171 default priority setting is 0. A priority setting of 255 loses the election and remains in standby mode. • System MAC address —The switch with the higher MAC address has priority. ESRP Tracking You can use tracking information to monito...

172 Intel ® NetStructure ™ 480T Routing Switch User Guide route of the switch, or any device meaningful to network connectivity of the master ESRP switch. The switch automatically relinquishes master status and remains in standby mode if a ping keepalive fails three consecutive times. To view the st...

C H A P T E R 1 1 Enterprise Standby Router Protocol (ESRP) 173 Electing the Master Switch A new master can be elected in one of these ways: • A communicated parameter change • Loss of communication between master and slave(s). Whenever a parameter that determines the master changes (for example, li...

174 Intel ® NetStructure ™ 480T Routing Switch User Guide ESRP Options ESRP options include: • ESRP Host Attach • ESRP Domains • ESRP Groups • Linking ESRP Switches • Configuring ESRP and Multinetting • ESRP and Spanning Tree ESRP Host Attach ESRP host attach (HA) is an optional ESRP configuration t...

C H A P T E R 1 1 Enterprise Standby Router Protocol (ESRP) 175 Figure 11.1: ESRP host attach Other applications allow lower-cost redundant routing configurations, because hosts can be directly attached to the switch involved with ESRP. The ESRP HA feature requires at least one link between the mast...

176 Intel ® NetStructure ™ 480T Routing Switch User Guide For example, two ESRP switches provide Layer 2 and Layer 3 connectivity and redundancy for the subnet, while another two ESRP switches provide Layer 2 connectivity and redundancy for a portion of the same subnet. Figure 11.2 shows ESRP groups...

C H A P T E R 1 1 Enterprise Standby Router Protocol (ESRP) 177 Linking ESRP Switches Direct links between ESRP switches are useful under these conditions: • When the ESRP switches are routing and supporting multiple VLANs (where the master/standby configuration is split so one switch is master for ...

178 Intel ® NetStructure ™ 480T Routing Switch User Guide you can combine ESRP and STP on a network and a VLAN, but you must do so on separate devices. Be careful to maintain ESRP connectivity between ESPR master and standby switches when you design a network that uses ESRP and STP. ESRP and VLAN Ag...

C H A P T E R 1 1 Enterprise Standby Router Protocol (ESRP) 179 • show esrp {detail} —Verifies ESRP is enabled and operational. ESRP Commands Table 11.1 describes the commands used to configure ESRP. Press the Tab key in the command line interface for more command options. Table 11.1: ESRP Commands ...

180 Intel ® NetStructure ™ 480T Routing Switch User Guide configure vlan <name> delete track-diagnostic Disables the priority of the diagnostic failover. configure vlan <name> delete track-environment Disables the priority of the environmental failover. configure vlan <name> delete...

182 Intel ® NetStructure ™ 480T Routing Switch User Guide ESRP Examples This section provides examples of ESRP configurations. Single VLAN Using Layer 2 and Layer 3 Redundancy This example, shown in Figure 11.3, uses a number of switches that perform Layer 2 switching for VLAN Sales. The switches ar...

C H A P T E R 1 1 Enterprise Standby Router Protocol (ESRP) 183 Figure 11.3: ESRP example using Layer 2 and Layer 3 redundancy The VLAN Sales master switch, acting as master for VLAN Sales , performs both Layer 2 switching and Layer 3 routing services for VLAN Sales . The switch in standby mode for ...

184 Intel ® NetStructure ™ 480T Routing Switch User Guide The following commands are used to configure both VLAN Sales switches. The assumption is that the inter-router backbone is running OSPF, with other routed VLANs already properly configured. Similar commands would be used to configure a switch...

C H A P T E R 1 1 Enterprise Standby Router Protocol (ESRP) 185 Figure 11.3 builds on Figure 11.4, but eliminates the requirement of Layer 3 redundancy. It has these features: • An additional VLAN, Engineering , is added that uses Layer 2 redundancy. • The VLAN Sales uses three active links to each ...

186 Intel ® NetStructure ™ 480T Routing Switch User Guide create vlan sales configure sales add port 1-3 configure sales ipaddr 10.1.2.3/24 create vlan eng configure eng add port 1,4 configure eng ipaddr 10.4.5.6/24 enable esrp sales enable esrp eng configure eng esrp priority 5 Displaying ESRP Info...

IP Unicast Routing This chapter describes how to configure IP routing on the Intel ® NetStructure ™ 480T routing switch. It assumes that you are already familiar with IP unicast routing. If not, refer to these publications for additional information: • RFC 1256 — ICMP Router Discovery Messages • RFC...

190 Intel ® NetStructure ™ 480T Routing Switch User Guide Policy-Based Routing and Route Load-Sharing Policy-based routing is used to alter the normally calculated next- hop route, which is based on the route table. This same alteration can also load-share across multiple routers. It implies a set o...

C H A P T E R 1 2 IP Unicast Routing 191 Router Interfaces The routing software and hardware move IP traffic between router interfaces. A router interface is simply a VLAN that has an IP address assigned to it. As you create VLANs with IP addresses belonging to different IP subnets, you can also cho...

192 Intel ® NetStructure ™ 480T Routing Switch User Guide Populating the Routing Table The 480T routing switch maintains an IP routing table for both network routes and host routes. The table is populated from these sources: If you define a default route, and later delete the VLAN on the subnet asso...

C H A P T E R 1 2 IP Unicast Routing 193 Multiple Routes When there are multiple, conflicting choices of equal-cost routes to a particular destination, the router picks the route with the longest matching network mask. If these are still equal, the router picks the route using these criteria (in thi...

194 Intel ® NetStructure ™ 480T Routing Switch User Guide • Direct • Static • RIP • OSPF • BGP These route maps match the various characteristics of the route based on the originating protocol and set the accounting indices. Use this command to configure route maps: configure iproute route-map [bgp ...

C H A P T E R 1 2 IP Unicast Routing 195 enable ospf export [bgp | i-bgp | e-bgp] [[cost <metric> [ase-type-1 | ase-type-2] {tag <number>} | <route map>] enable ospf export vip [[cost <metric> [ase-type-1 | ase-type-2] {tag <number>} | <route map>] BGP and OSPF Ro...

196 Intel ® NetStructure ™ 480T Routing Switch User Guide Proxy ARP Proxy Address Resolution Protocol (ARP) was first invented so that ARP-capable devices could respond to ARP request packets on behalf of ARP-incapable devices. Proxy ARP can also be used to achieve router redundancy and simplify IP ...

C H A P T E R 1 2 IP Unicast Routing 197 For example, an IP host is configured with a class B address of 100.101.102.103 and a mask of 255.255.0.0: • The switch is configured with the IP address 100.101.102.1 and a mask of 255.255.255.0. • The switch is also configured with a proxy ARP entry of IP a...

198 Intel ® NetStructure ™ 480T Routing Switch User Guide To change the relative route priority, use this command: configure iproute priority [rip | bootp | icmp | static | ospf-intra | ospf-inter | e-bgp | i-bgp | ospf-extern1 | ospf-extern2] <priority> IP Multinetting IP multinetting is used...

C H A P T E R 1 2 IP Unicast Routing 199 IP Multinetting Operation Multinetted VLAN groups must contain identical port assignments. To use IP multinetting, follow these steps: 1. Select a port where you want IP multinetting to run, for example, port 2. 2. Remove the port from the default VLAN, using...

200 Intel ® NetStructure ™ 480T Routing Switch User Guide IP Multinetting Examples This example configures the switch to have one multinetted segment (port 5) that contains three subnets (192.67.34.0, 192.67.35.0, and 192.67.37.0): configure default delete port 5 create protocol mnet create vlan net...

C H A P T E R 1 2 IP Unicast Routing 201 configure net35 protocol mnet configure net37 protocol mnet config net34 add port 5 config net35 add port 5 config net37 add port 5 configure default delete port 8,9,10 create vlan net36 create vlan net45 configure net36 ipaddress 192.67.36.1 configure net45 ...

202 Intel ® NetStructure ™ 480T Routing Switch User Guide 5. Turn on RIP or OSPF using one of these commands: enable rip enable ospf Verifying the IP Unicast Routing Configuration Use the show iproute command to display the current configuration of IP unicast routing for the switch and for each VLAN...

C H A P T E R 1 2 IP Unicast Routing 203 • The subVLANs use the IP address of the superVLAN as the default router address. • Groups of clients are then assigned to subVLANs that have no IP address, but are members of the superVLAN. • Clients can be informally allocated any valid IP addresses within ...

204 Intel ® NetStructure ™ 480T Routing Switch User Guide In Figure 12.2, all stations are configured to use the address 10.3.2.1 for the default router. VLAN Aggregation Properties These properties apply to VLAN aggregation operation: • All broadcast and unknown traffic remains local to the subVLAN...

C H A P T E R 1 2 IP Unicast Routing 205 SubVLAN Address Range Checking The use of static ARP entries associated with superVLANs or sub-VLANs is not supported. Sub-VLAN address ranges can be configured on each subVLAN to prohibit the entry of IP addresses from hosts outside of the configured range. ...

206 Intel ® NetStructure ™ 480T Routing Switch User Guide VLAN Aggregation Example The following example illustrates how to configure VLAN aggregation. The VLAN vsuper is created as a superVLAN, and subVLANs vsub1 , vsub2 , and vsub3 are added to it. 1. Create and assign an IP address to a VLAN desi...

C H A P T E R 1 2 IP Unicast Routing 207 2. Create and add ports to the subVLANs: create vlan vsub1 configure vsub1 add port 8-10 create vlan vsub2 configure vsub2 add port 11-13 create vlan vsub3 configure vsub3 add port 15-16 3. Configure the superVLAN by adding the subVLANs: configure vsuper add ...

208 Intel ® NetStructure ™ 480T Routing Switch User Guide • Configure the addresses, where you want to direct DHCP or BOOTP requests, using this command: configure bootprelay add <ipaddress> To delete an entry, use this command: configure bootprelay delete {<ipaddress> | all} Verifying t...

C H A P T E R 1 2 IP Unicast Routing 209 Configuring UDP Forwarding To configure UDP forwarding, the you must first create a UDP- forward destination profile. The profile describes the types of UDP packets (by port number) that are used, and where they are to be forwarded. You must give the profile ...

210 Intel ® NetStructure ™ 480T Routing Switch User Guide • You can alter the default settings for security reasons, by restricting the success of tools that could be used to find information on an important application, host, or topology. • For ICMP packets that are typically routed, you can apply ...

C H A P T E R 1 2 IP Unicast Routing 211 IP Commands Table 12.4 describes the commands used to configure basic IP settings. For more command options, press the Tab key in the command line interface. configure vlan <name> udp-profile <profile_name> Assigns a UDP-forwarding profile to the ...

212 Intel ® NetStructure ™ 480T Routing Switch User Guide Table 12.4: Basic IP Commands Command Description clear iparp {<ipaddress> | vlan <name>} Removes dynamic entries in the IP ARP table. Permanent IP ARP entries are not affected. clear ipfdb {<ipaddress> | vlan <name> }...

C H A P T E R 1 2 IP Unicast Routing 213 configure iparp timeout <minutes> Configures the IP ARP timeout period. The default setting is 20 minutes. A setting of 0 disables ARP aging. The maximum aging time is 32 minutes. configure tcp-sync-rate <number_sync_per_sec> Configures a limit fo...

214 Intel ® NetStructure ™ 480T Routing Switch User Guide Table 12.5 describes the commands used to configure the IP route table. For more command options, press the Tab key in the command line interface. enable bootprelay Enables the forwarding of BOOTP and Dynamic Host Configuration Protocol (DHCP...

C H A P T E R 1 2 IP Unicast Routing 215 configure iproute add blackhole <ipaddress> <mask> Adds a blackhole address to the routing table. All traffic destined for the configured IP address is dropped, and no Internet Control Message Protocol (ICMP) message is generated. configure iprout...

216 Intel ® NetStructure ™ 480T Routing Switch User Guide Table 12.6 describes the commands used to configure IP options and the ICMP protocol . For more command options, press the Tab key in the command line interface . Table 12.6: ICMP Configuration Commands Command Description configure irdp [mul...

218 Intel ® NetStructure ™ 480T Routing Switch User Guide enable icmp unreachables vlan [<name> | all] Enables ICMP network-unreachable messages (type 3, code 0), and host unreachable messages (type 3, code 1) when a packet cannot be forwarded to the destination because of an unreachable route...

C H A P T E R 1 2 IP Unicast Routing 219 Routing Configuration Example Figure 12.3 illustrates a 480T routing switch with three VLANs defined as: • Financeaddress 192.207.35.1 • protocol sensitive VLAN using the IP protocol • Ports 1 and 3 are assigned • IP address 192.207.35.1. • Personnel • Protoc...

220 Intel ® NetStructure ™ 480T Routing Switch User Guide The stations connected to ports 1 through 4 generate a combination of IP traffic and NetBIOS traffic. The IP traffic is filtered by the protocol-sensitive VLANs. All other traffic is directed to the VLAN MyCompany . In this configuration, all...

C H A P T E R 1 2 IP Unicast Routing 221 Resetting and Disabling Router Settings To return router settings to their defaults and disable routing functions, use the commands listed in Table 12.8. For more command options, press the Tab key in the command line interface. show iparp {<ipaddress | vl...

RIP and OSPF This chapter describes the interior routing protocols available on the Intel ® NetStructure ™ 480T routing switch, RIP and OSPF. It assumes that you are already familiar with IP unicast routing. If not, refer to these publications: • RFC 1058 — Routing Information Protocol (RIP) • RFC 1...

224 Intel ® NetStructure ™ 480T Routing Switch User Guide Distinguishing RIP and OSPF The distinction between RIP and OSPF lies in the fundamental differences between distance-vector protocols and link-state protocols. Using a distance-vector protocol, each router creates a unique routing table from...

C H A P T E R 1 3 RIP and OSPF 225 Overview of RIP RIP is an IGP first used in computer routing in the Advanced Research Projects Agency Network (ARPAnet) as early as 1969. It is primarily intended for use in homogeneous networks of moderate size. To determine the best path to a distant network, a r...

226 Intel ® NetStructure ™ 480T Routing Switch User Guide Triggered Updates Triggered updates occur whenever a router changes the metric for a route, and it is required to send an update message immediately, even if it is not yet time for a regular update message to be sent. This will generally resu...

C H A P T E R 1 3 RIP and OSPF 227 Link-State Database Upon initialization, each router transmits a link-state advertisement (LSA) on each of its interfaces. LSAs are collected by each router and entered into the LSDB of each router. OSPF uses flooding to distribute LSAs between routers. Any change ...

228 Intel ® NetStructure ™ 480T Routing Switch User Guide • Area Border Router (ABR): An ABR has interfaces in multiple areas. It is responsible for exchanging summary advertisements with other ABRs. You can create a maximum of 7 non-zero areas. • Autonomous System Border Router (ASBR): An ASBR acts...

C H A P T E R 1 3 RIP and OSPF 229 • External routes originating from an ASBR connected to the NSSA can be advertised within the NSSA. • External routes originating from the NSSA can be propagated to other areas, including the backbone area. The command to control the NSSA function is similar to the...

230 Intel ® NetStructure ™ 480T Routing Switch User Guide Figure 13.1: Virtual link for stub area You can use virtual links to repair a discontiguous backbone area. In Figure 13.2, if the connection between ABR1 and the backbone fails, the ABR2 connection provides redundancy so the discontiguous are...

C H A P T E R 1 3 RIP and OSPF 231 OSPF Database Overflow The OSPF Database Overflow feature allows you to both limit the size of the LSDB and maintain a consistent LSDB across all the routers in the system. Maintaining a consistent LSDB across all the routers in the domain ensures that all routers ...

232 Intel ® NetStructure ™ 480T Routing Switch User Guide To reconfigure an OSPF interface as a normal interface: configure ospf add vlan <vlan name> area <area identifier> To display passive interface configuration: show ospf interfaces [detail] Routing with OSPF Set the RouterID We rec...

C H A P T E R 1 3 RIP and OSPF 233 Figure 13.3: Route redistribution Configuring Route Redistribution Exporting routes from OSPF to RIP, and from RIP to OSPF, are discrete configuration functions. To run OSPF and RIP simultaneously, first configure both protocols, and then verify the independent ope...

234 Intel ® NetStructure ™ 480T Routing Switch User Guide These commands enable or disable the exporting of RIP, static, and direct routes by way of LSAs to other OSPF routers as Autonomous System (AS)-external type 1 or type 2 routes. The default setting is disabled. The cost metric is inserted for...

C H A P T E R 1 3 RIP and OSPF 235 OSPF Timers and Authentication Configuring OSPF timers and authentication on a per-area basis is a shorthand for applying the timers and authentication to each VLAN in the area at the time of configuration. If you add more VLANs to the area, be sure to configure th...

236 Intel ® NetStructure ™ 480T Routing Switch User Guide You can make dynamic changes to the route map. Direct and Static route changes are reflected immediately, while RIP, OSPF, and BGP changes are reflected within 30 seconds. Route Map Support for OSPF Export When OSPF is enabled the route map i...

C H A P T E R 1 3 RIP and OSPF 237 BGP and OSPF Route Map Support for DSB Accounting Route map support for BGP and OSPF accounting allows you to set the cost and type of the exported routes. Use this command to enable accounting: configure route-map <route-map> <sequence number> [add | d...

238 Intel ® NetStructure ™ 480T Routing Switch User Guide configure rip Rxmode [none | v1only | v2only | any] {vlan [<name> | all]} Changes the RIP receive mode for one or all VLANs. Specify: • none —Drop all received RIP packets. • v1only —Accept only RIP v1 format packets. • v2only —Accept o...

C H A P T E R 1 3 RIP and OSPF 239 enable rip aggregation Enables aggregation of subnet information on interfaces configured to send RIP v2 or RIP v2-compatible traffic. The 480T routing switch summarizes subnet routes to the nearest class network route. These rules apply when using RIP aggregation:...

240 Intel ® NetStructure ™ 480T Routing Switch User Guide RIP Configuration Example Figure 13.4 illustrates a switch that has three VLANs defined as follows: Finance • Protocol-sensitive VLAN using the IP protocol • Ports 1 and 3 have been assigned • IP address 192.207.35.1 Personnel • Protocol-sens...

C H A P T E R 1 3 RIP and OSPF 241 MyCompany • Port-based VLAN • All ports have been assigned Figure 13.4: RIP configuration example The stations connected to the system generate a combination of IP traffic and NetBIOS § traffic. The IP traffic is filtered by the protocol- sensitive VLANs. All other...

242 Intel ® NetStructure ™ 480T Routing Switch User Guide configure Finance add port 1,3 configure Personnel add port 2,4 configure MyCompany add port all configure Finance ipaddress 192.207.35.1 configure Personnel ipaddress 192.207.36.1 enable ipforwarding configure rip add vlan all enable rip Dis...

C H A P T E R 1 3 RIP and OSPF 243 Configuring OSPF Each switch configured to run OSPF must have a unique routerID. We recommended manually setting the routerID of the switches participating in OSPF, instead of having each switch automatically choose its routerID based on the highest interface IP ad...

C H A P T E R 1 3 RIP and OSPF 245 configure ospf [vlan <name> | area <areaid> | virtual-link <routerid> <areaid>] timer <retransmit_interval> <transmit delay> <hello interval> <dead interval> Configures the timers for one interface or all interfaces i...

C H A P T E R 1 3 RIP and OSPF 247 configure ospf routerid [automatic | <routerid>] Configures the OSPF routerID. If automatic is specified, the 480T routing switch uses the largest IP interface address as the OSPF routerID. Manual routerID setting is recommended. configure ospf spf-hold-time ...

C H A P T E R 1 3 RIP and OSPF 249 OSPF Configuration Example Figure 13.5 shows an example of an autonomous system using OSPF routers. The details of this network follow. Figure 13.5: OSPF configuration example Area 0 is the backbone area and has these characteristics: • 2 internal routers (IR1 and ...

250 Intel ® NetStructure ™ 480T Routing Switch User Guide • Network number 10.0.x.x • 2 identified VLANs (A0_10_0_2 and A0_10_0_3) Area 5 is connected to the backbone area through ABR1 and ABR2, having these characteristics: • Network number 160.26.x.x • 1 identified VLAN (A5_160_26_26) • 2 internal...

C H A P T E R 1 3 RIP and OSPF 251 configure vlan A5_160_26_26 ipaddress 160.26.26.1 255.255.255.0 create ospf area 0.0.0.5 create ospf area 0.0.0.6 enable ipforwarding configure ospf area 0.0.0.6 stub nosummary stub- default-cost 10 configure ospf vlan A6_161_48_2 area 0.0.0.6 configure ospf vlan A...

252 Intel ® NetStructure ™ 480T Routing Switch User Guide Displaying OSPF Settings To display settings for OSPF, use the commands listed in Table 13.6. For more command options, press the Tab key in the command line interface. Table 13.6: OSPF Show Commands Command Description show ospf Displays glo...

256 Intel ® NetStructure ™ 480T Routing Switch User Guide You can use BGP as an exterior border gateway protocol (EBGP), or you can use it within an AS, as an interior border gateway protocol (IBGP). BGP Attributes These well-known BGP attributes are supported by the 480T routing switch: • Origin – ...

C H A P T E R 1 4 Border Gateway Protocol (BGP) 257 BGP Features The BGP features supported by the 480T routing switch include: • Route Reflectors • Route Confederations • Route Aggregation • Route Map Support • IGP Synchronization • Loopback Interface • OSPF-to-BGP Route Redistribution • BGP Peer G...

258 Intel ® NetStructure ™ 480T Routing Switch User Guide Route Confederations BGP requires networks to use a fully-meshed router configuration. This requirement does not scale well, especially when BGP is used as an interior gateway protocol. One way to reduce the size of a fully-meshed AS is to di...

C H A P T E R 1 4 Border Gateway Protocol (BGP) 259 Using the confederation, AS 200 is split into two sub-ASs: SubAS65001 and SubAS65002. Each sub-AS is fully meshed, and IBGP (Internal BGP) is running among its members. EBGP (External BGP) is used between Sub65001 and SubAS65002. Router B and Route...

260 Intel ® NetStructure ™ 480T Routing Switch User Guide create vlan bd configure vlan bd add port 3 configure vlan bd ipaddress 192.1.1.9/30 enable ipforwarding vlan bd configure ospf add vlan bd area 0.0.0.0 disable bgp configure bgp as-number 65001 configure bgp routerid 192.1.1.22 configure bgp...

C H A P T E R 1 4 Border Gateway Protocol (BGP) 261 To configure Router D, use these commands: create vlan db configure vlan db add port 1 configure vlan db ipaddress 192.1.1.10/30 enable ipforwarding vlan db configure ospf add vlan db area 0.0.0.0 create vlan de configure vlan de add port 2 configu...

262 Intel ® NetStructure ™ 480T Routing Switch User Guide Route Aggregation Route aggregation involves combining the sub-networks of several routes so that they are advertised as a single route. Aggregation reduces the amount of information that a BGP speaker must store and exchange with other BGP s...

C H A P T E R 1 4 Border Gateway Protocol (BGP) 263 Using the Loopback Interface If you are using BGP as your interior gateway protocol, you may decide to advertise the interface as available, regardless of the status of any particular interface. The loopback interface can also be used for EBGP mult...

264 Intel ® NetStructure ™ 480T Routing Switch User Guide Use these commands to configure the parameters of the peer group. configure bgp peer-group <peer-group> remote-as <number> configure bgp peer-group <peer-group> [route- reflector-client | no-route-reflector-client] configure...

C H A P T E R 1 4 Border Gateway Protocol (BGP) 265 • Password To create a new neighbor and include it as a member of the peer group, use this command: create bgp neighbor <ip address> peer-group <peer- group> {multi-hop} This creates the new neighbor as part of the peer group, and the n...

266 Intel ® NetStructure ™ 480T Routing Switch User Guide BGP Password Encryption The neighbor password for BGP is encrypted in upload/download configuration. Configuring BGP Table 14.1 describes the commands used to configure BGP. For more command options, press the Tab key in the command line inte...

C H A P T E R 1 4 Border Gateway Protocol (BGP) 267 configure bgp delete network [<ipaddress> | <mask> | all] Deletes a network originated from this router. configure bgp as-number <as_number> Changes the local AS number used by BGP. You must disable BGP before the AS number can be...

268 Intel ® NetStructure ™ 480T Routing Switch User Guide configure bgp neighbor [<ipaddress> | all] password [none | {encrypted} <password>] Configures a password for a neighbor. When the password is configured, TCP MD5 authentication is enabled on the TCP connection established with th...

C H A P T E R 1 4 Border Gateway Protocol (BGP) 269 configure bgp neighbor [<ipaddress> | all] soft-reset {in | out} Applies the current input or output routing policy to the routing information already exchanged with the neighbor. The input/output routing policy is determined by the nlri-filt...

270 Intel ® NetStructure ™ 480T Routing Switch User Guide disable bgp aggregation Disables BGP route-aggregation filtering. disable bgp always-compare-med Disables BGP use of the Multi-Exit Discriminator (MED) from neighbors in different autonomous systems in the route-selection algorithm. MED is on...

C H A P T E R 1 4 Border Gateway Protocol (BGP) 271 Displaying BGP Settings To display settings for BGP, use the commands listed in Table 14.2. For more command options, press the Tab key in the command line interface. enable bgp synchronization Enables synchronization between BGP and IGP. When enab...

272 Intel ® NetStructure ™ 480T Routing Switch User Guide Resetting and Disabling BGP To return BGP settings to their defaults, or to disable BGP, use the commands listed in Table 14.3. For more command options, press the Tab key in the command line interface. Table 14.3: BGP Reset and Disable Comma...

C H A P T E R 1 4 Border Gateway Protocol (BGP) 273 BGP Route Selection BGP will select routes based on the following precedence (from highest to lowest): • Weight • Local preference • Shortest length (shortest AS path) • Lowest origin code • Lowest MED • Route from external peer • Lowest cost to ne...

IP Multicast Routing This chapter describes the components of IP multicast routing, and how to configure it on the Intel ® NetStructure ™ 480T routing switch. For more information on IP multicasting, refer to these publications: • RFC 1112— Host Extension for IP Multicasting • RFC 2236— Internet Gro...

276 Intel ® NetStructure ™ 480T Routing Switch User Guide IP multicast routing consists of these functions: Configure IP unicast routing before you configure IP multicast routing. • A router that can forward IP multicast packets. • A router-to-router multicast routing protocol, for example, Distance...

C H A P T E R 15 IP Multicast Routing 277 PIM Sparse Mode (PIM-SM) You can run either PIM-DM or PIM-SM on each VLAN. Unlike PIM-DM, PIM-SM is an explicit join and prune protocol, and supports shared trees as well as shortest path trees (SPTs). The routers must explicitly be joined to one or more gro...

278 Intel ® NetStructure ™ 480T Routing Switch User Guide The switch also forwards PIM-SM traffic to a PIM-DM network. The PMBR sends a join message to the RP and the PMBR then broadcasts traffic from the RP into the PIM-DM network. There are no new commands that need to be entered to enable PIM-SM ...

C H A P T E R 15 IP Multicast Routing 279 IGMP snooping is disabled, all IGMP and IP multicast traffic will flood within a given VLAN. This is normal 802.1d bridge behavior. IGMP and IGMP snooping must be enabled when IP unicast or multicast routing is configured (the default setting is enabled). IG...

280 Intel ® NetStructure ™ 480T Routing Switch User Guide IGMP Query Interval The maximum value you can set for the IGMP query interval is 429,496,729. The values you can set for query response interval and the last member query interval are between 1 second and 25 seconds. IGMP Configuration Comman...

C H A P T E R 15 IP Multicast Routing 281 configure igmp <query_interval> <query_response_interval> <last_member_query_interval> Configures the IGMP timers. Timers are based on IEEE RFC2236. Specify: • query_interval —The amount of time, in seconds, the system waits between sending...

282 Intel ® NetStructure ™ 480T Routing Switch User Guide Configuring IP Multicasting Routing To configure IP multicast routing: 1. Configure the system for IP unicast routing. 2. Enable multicast routing on the interface, using this command: enable ipmcforwarding {vlan <name>} 3. Enable DVMRP...

C H A P T E R 15 IP Multicast Routing 283 configure dvmrp timer <route_report_interval> <route_replacement_time> Configures the global DVMRP timers. Specify the following: • route_report_interval —how many seconds the system waits between transmitting periodic route report packets. The r...

284 Intel ® NetStructure ™ 480T Routing Switch User Guide configure dvmrp vlan <name> timer <probe_interval> <neighbor timeout> Configures DVMRP interface timers. Specify: • probe_interval —How many seconds the system waits between transmitting DVMRP probe messages. The range is 1 ...

C H A P T E R 15 IP Multicast Routing 285 Configuration Examples See Chapter 13, "RIP and OSPF" on page 223 for information on configuring OSPF. In the example below, the system labeled IR1 is configured for IP multicast routing using PIM-DM. l Figure 15.1: IP multicast routing PIM-DM config...

286 Intel ® NetStructure ™ 480T Routing Switch User Guide configure vlan A0_10_0_2 ipaddress 10.0.2.2 255.255.255.0 configure ospf add vlan all enable ipforwarding enable ospf enable ipmcforwarding configure pim add vlan all enable pim PIM-SM Configuration Example In this example, the system labeled...

C H A P T E R 15 IP Multicast Routing 287 Configuration for ABR1 The following is the configuration for the router labeled ABR1: configure vlan A0_10_0_2 ipaddress 10.0.2.1 255.255.255.0 configure vlan A0_10_0_3 ipaddress 10.0.3.1 255.255.255.0 configure vlan A6_161_48_2 ipaddress 161.48.2.2 255.255...

288 Intel ® NetStructure ™ 480T Routing Switch User Guide Deleting and Resetting IP Multicast Settings To return IP multicast routing settings to their defaults and disable IP multicast routing functions, use the commands listed in Table 15.4. For more command options, press the Tab key in the comma...

IPX Routing This chapter describes how to configure IPX § , IPX/RIP, and IPX/SAP on the Intel ® NetStructure ™ 480T routing switch. It assumes that you are familiar with IPX. If not, refer to your Novell documentation. Overview of IPX The 480T routing switch provides support for IPX, IPX/RIP (Routin...

292 Intel ® NetStructure ™ 480T Routing Switch User Guide IPX NetID or an IP address. You also can configure a VLAN for both IPX and IP routing. Figure 16.1 shows the same switch discussed earlier in Figure 12.1 on page 191. In Figure 16.1, IPX routing is added to the switch, and two additional VLAN...

C H A P T E R 1 6 IPX Routing 293 IPX Encapsulation Types Novell NetWare § supports four types of frame encapsulation. The term for each type is described in Table 16.1. To configure a VLAN to use a particular encapsulation type, use this command: configure vlan <name> xnetid <netid> [en...

294 Intel ® NetStructure ™ 480T Routing Switch User Guide IP and IPX on the Same VLAN The switch supports IP and IPX routing within the same VLAN. This feature does not require any special configuration. Tagged IPX VLAN The switch supports tagged 802.1Q traffic on an IPX VLAN that is performing rout...

C H A P T E R 1 6 IPX Routing 295 Populating the Routing Table The routing switch builds and maintains an IPX routing table. As in the case of IP, the table is populated using dynamic and static entries. Dynamic Routes Dynamic routes are typically learned using IPX/RIP. Routers that use IPX/RIP exch...

296 Intel ® NetStructure ™ 480T Routing Switch User Guide IPX/RIP is automatically enabled when a NetID is assigned to the VLAN. To remove the advertisement of an IPX VLAN, use the command: configure ipxrip delete {vlan <name> | all} GNS Support The 480T routing switch supports the Get Nearest...

C H A P T E R 1 6 IPX Routing 297 Configuring IPX This section describes the commands associated with configuring IPX, IPX/RIP, and IPX/SAP on the 480T routing switch. Configure IPX routing as follows: 1. Create at least two VLANs (see "Virtual LANs (VLANs)" on page 95). 2. If you are combin...

298 Intel ® NetStructure ™ 480T Routing Switch User Guide • show ipxrip —Displays the enable status of IPX/RIP for the VLAN, including operational and administrative status. It also lists identified IPX/RIP neighbors, RIP packet statistics, and several other timer settings. • show ipxservice —Displa...

C H A P T E R 1 6 IPX Routing 299 To increase route stability, you can increase the hold multiplier (default is 3 for 180 seconds). To modify these parameters use CLI commands: configure ipxrip <vlan name> update-interval <time> hold-multiplier <number> configure ipxsap <vlan na...

300 Intel ® NetStructure ™ 480T Routing Switch User Guide IPX Commands Table 16.3 describes the commands used to configure basic IPX settings. For more command options, press the Tab key in the command line interface. Table 16.3: Basic IPX § Commands Command Description configure ipxmaxhops <numb...

302 Intel ® NetStructure ™ 480T Routing Switch User Guide Table 16.5 describes the commands used to configure IPX/SAP. For more command options, press the Tab key in the command line interface. configure ipxrip vlan [all | <name>] [import-filter | export-filter | trusted-gateway] [none | <a...

C H A P T E R 1 6 IPX Routing 303 configure ipxsap delete vlan [<name> | all] Disables IPX/SAP on an interface. configure ipxsap vlan [<name> | all] delay <msec> Configures the time between each SAP packet within an update interval. The default setting is 55 milliseconds. configure...

304 Intel ® NetStructure ™ 480T Routing Switch User Guide IPX Configuration Example Figure 16.2 builds on the example showing the IP/RIP configuration that was used in Figure 13.4 on page 241. Now, along with having IP VLANs configured, this example illustrates a switch that has two IPX VLANs define...

C H A P T E R 1 6 IPX Routing 305 The stations connected to the system generate a combination of IP traffic and IPX traffic. The IP traffic is filtered by the IP VLANs. IPX traffic is filtered by the IPX VLANs. In this configuration, all IP traffic from stations connected to ports 1 and 3 have acces...

306 Intel ® NetStructure ™ 480T Routing Switch User Guide Resetting and Disabling IPX To return IPX settings to their defaults and disable IPX functions, use the commands listed in Table 16.7. show ipxroute {vlan <name> | xnetid <netid> | origin [static | rip | local]} Displays the IPX r...

C H A P T E R 1 6 IPX Routing 307 unconfigure ipxsap {vlan <name>} Resets the IPX/SAP settings on one or all VLANs to the default. Removes import and export filters, and resets the MTU size, update interval, and inter-packet delay. unconfigure vlan <name> xnetid Removes the IPX NetID of ...

Access Policies This chapter describes access policies, and how they are created and implemented on the Intel ® NetStructure ™ 480T routing switch. Overview of Access Policies Access policies are a generalized category of features that impact forwarding and route forwarding decisions. Access policie...

310 Intel ® NetStructure ™ 480T Routing Switch User Guide profile or dropped. Using access lists has no impact on switch performance. Access lists are typically applied to traffic that crosses Layer 3 router boundaries, but it is possible to use access lists within a Layer 2 VLAN. Routing Access Pol...

C H A P T E R 17 Access Policies 311 configure access-profile <access_profile> [add | delete] {seq-number} ipx-sap <ipx_sap_type_in_hex> <ipx_name_string> To assign IPX access profiles as either import or export filters to RIP or SAP, use these commands: configure ipxrip vlan [<...

312 Intel ® NetStructure ™ 480T Routing Switch User Guide • Physical source port • Precedence number (optional) How IP Access Lists Work For each access list entry, you can either permit the packet to be forwarded, or deny the packet (in which case, it is dropped). When you create a permit access li...

C H A P T E R 17 Access Policies 313 or dropped. If no default rule is specified, the default implicit behavior is to forward the packet. This example shows a default entry used to specify an implicit deny: create access-list denyall ip destination 0.0.0.0/0 source 0.0.0.0/0 deny ports any Once the ...

314 Intel ® NetStructure ™ 480T Routing Switch User Guide the keyword. For example, you could use this entry to permit TCP sessions originated from anywhere in the 10.1.0.0 network only: create access-list TCPout tcp destination 10.1.0.0/ 16 ip-port any source 0.0.0.0/0 ip-port any permit-establishe...

C H A P T E R 17 Access Policies 315 • IP source and destination address and mask • ICMP type code • Physical source port (optional) • Numbered precedence (optional) When using an access control list with an IP deny any rule, all ICMP traffic will not be blocked (for either Layer 2 or Layer 3). To b...

320 Intel ® NetStructure ™ 480T Routing Switch User Guide IP Access List Examples This section presents two IP access list examples: • Using the permit-establish keyword • Filtering ICMP packets Example 1: Using the Permit-Established Keyword This example uses an access list that permits TCP session...

C H A P T E R 17 Access Policies 321 in conjunction with IP, it is technically not an IP data packet. Thus, ICMP data traffic, such as ping traffic, is not affected. Use this command to create the access-list: create access-list denyall ip destination any source any deny ports any Figure 17.1: Acces...

322 Intel ® NetStructure ™ 480T Routing Switch User Guide Step 3 - Permit-Established Access List When a TCP session begins, there is a three-way handshake that includes a sequence of a SYN, SYN/ACK and ACK packets. Figure 17.3 shows an illustration of the handshake that occurs when Host A initiates...

C H A P T E R 17 Access Policies 323 Figure 17.4 shows the final outcome of this access list. Figure 17.4: Permit-established access list filters out SYN packet to destination Example 2: Filtering ICMP Packets This example creates an access list that filters out ping (ICMP echo) packets. ICMP echo p...

C H A P T E R 17 Access Policies 325 with each entry in the list. Once a match is found, the operation is either permitted or denied, depending on the configuration of the matched entry. If no match is found, the operation is implicitly denied. To add or delete IP addresses or VLANs from an access p...

326 Intel ® NetStructure ™ 480T Routing Switch User Guide can be used when you wish to match only against the subnet address, and ignore all addresses within the subnet. If you are using CIDR subnet masking, the same logic applies, but the configuration is more tricky. For example, the address 141.2...

C H A P T E R 17 Access Policies 327 Deleting an Access Profile Entry To delete an access profile entry, use this command: configure access-profile <access_profile> delete <seq_number> Applying Access Profiles After the access profile is defined, apply it to one or more routing protocols...

328 Intel ® NetStructure ™ 480T Routing Switch User Guide configure rip vlan [<name> | all] import-filter [<access_profile> | none] • Export Filter —Use an access profile to determine which RIP routes are advertised into a particular VLAN, using this command: configure rip vlan [<name...

C H A P T E R 17 Access Policies 329 Assuming the backbone VLAN interconnects all the routers in the company (and, therefore, the Internet router does not have the best routes for other local subnets), the commands to build the access policy for the switch would be: create access-profile nointernet ...

330 Intel ® NetStructure ™ 480T Routing Switch User Guide • External Filter —For switches configured to support multiple OSPF areas (an ABR function), you can apply an access profile to an OSPF area that filters a set of OSPF external routes from being advertised into that area. To configure an exte...

C H A P T E R 17 Access Policies 331 Figure 17.7: OSPF access policy example Routing Access Policies for DVMRP The access policy capabilities for DVMRP resemble those for RIP. If the DVMRP protocol is used for routing IP multicast traffic, you can configure the switch to use an access profile to det...

332 Intel ® NetStructure ™ 480T Routing Switch User Guide • Export Filter —Use an access profile to determine which DVMRP routes are advertised into a particular VLAN, using this command: configure dvmrp vlan [<name> | all] export- filter [<access_profile> | none] DVMRP Example In this e...

C H A P T E R 17 Access Policies 333 configure the switch to use an access profile to determine trusted neighbor (PIM) router neighbors for the VLAN on the switch running PIM. To configure a trusted neighbor policy, use this command: configure pim vlan [<name> | all] trusted- gateway [<acce...

334 Intel ® NetStructure ™ 480T Routing Switch User Guide attributes of the NLRI. To configure an autonomous system path filter policy, use this command: configure bgp neighbor [<ipaddress> | all] as- path-filter [in | out] [<access_profile> | none] You can apply the autonomous system pa...

C H A P T E R 17 Access Policies 335 Routing Access Policy Commands Table 17.3 describes the commands used to configure routing access policies. Press the Tab key in the command line interface for further command options. Table 17.3: Routing Access Policy Configuration Commands Command Description c...

336 Intel ® NetStructure ™ 480T Routing Switch User Guide configure access-profile <access_profile> delete <seq_number> Deletes an access profile entry using the sequence number. configure access-profile <access_profile> mode [permit | deny | none] Configures the access profile to ...

C H A P T E R 17 Access Policies 337 Using Route Maps Route maps are a mechanism you can use to conditionally control the redistribution of routes between two routing domains, and to modify the routing information that is redistributed. configure ospf area <area_id> interarea-filter [<acces...

338 Intel ® NetStructure ™ 480T Routing Switch User Guide Route maps are used in conjunction with the match and set operations. A match operation specifies a criteria that must be matched. A set operation specifies a change that is made to the route when the match operation is successful. There are ...

C H A P T E R 17 Access Policies 339 configure route-map <route-map> <sequence number> add match [nlri-list <access_profile> | as-path [access_profile <access-profile> | <as num>] | community [access-profile <access_profile> | <as_num>:<number> | numbe...

340 Intel ® NetStructure ™ 480T Routing Switch User Guide community [<access_profile> | <community>] Matches the communities in the path attribute against the specified BGP community access profile or the community number. next-hop <ipaddress> Matches the next-hop in the path attri...

C H A P T E R 17 Access Policies 341 Route Map Operation The entries in the route map are processed in the ascending order of the sequence number. Within the entry, the match statements are processed first. When the match operation is successful, the set and goto statements within the entry are proc...

342 Intel ® NetStructure ™ 480T Routing Switch User Guide These points apply to this example: • RTA is a member of AS 1111 and peers with a router in the Internet to receive the entire Internet routing table. • RTB is a member of AS 2222, and has an EBGP connection with RTA through which it receives...

C H A P T E R 17 Access Policies 343 You can apply the changes on the NLRI information that had been exchanged before the policy changes, by issuing a soft reset on the ingress or egress side, depending on the changes. For soft resets to be applied on the ingress side, the changes must be previously...

344 Intel ® NetStructure ™ 480T Routing Switch User Guide Table 17.6: Route Map Commands Command Description configure route-map <route-map> [add | delete] <sequence number> [deny | permit] {match-all | match one} Adds or deletes entries to the route map. Specify: • The sequence number u...

346 Intel ® NetStructure ™ 480T Routing Switch User Guide configure route-map <route-map> add <sequence number> [permit | deny] {match-one | match-all] Adds a statement to the route map with the specified sequence number and action. The sequence number determines the order of the stateme...

Server Load Balancing (SLB) Overview The Server Load Balancing (SLB) feature of the Intel ® NetStructure ™ 480T routing switch divides many client requests among several servers. This activity is transparent to the client using the resource. It is mainly used for Web hosting where several redundant ...

348 Intel ® NetStructure ™ 480T Routing Switch User Guide Nodes A node is an individual service on a physical server that consists of an IP address and a port number. Pools A pool is a group of nodes that is mapped to a corresponding virtual server. Pools allow you to scale large networks that conta...

C H A P T E R 1 8 Server Load Balancing (SLB) 349 • The virtual port number Once you know which virtual server options are useful in your network, you can: • Define standard virtual servers • Define wildcard virtual servers Each virtual server maps to a single pool, which can be a group of content s...

350 Intel ® NetStructure ™ 480T Routing Switch User Guide Table 18.1 summarizes the features supported by each forwarding mode. Transparent Mode As with any server load balancing application, the content must be duplicated on all physical servers. Using transparent mode, the 480T routing switch does...

C H A P T E R 1 8 Server Load Balancing (SLB) 351 . Figure 18.1: Transparent mode In Figure 18.1, the 480T routing switch is configured to respond to requests for the VIP by forwarding them to the load balanced servers. The servers are configured as follows: • The interface for server 1 is 192.168.2...

352 Intel ® NetStructure ™ 480T Routing Switch User Guide Use these commands to create a round-robin pool called MyWeb , and add nodes to the new pool: create slb pool MyWeb lb-method round configure slb pool MyWeb add 192.168.200.1:80 configure slb pool MyWeb add 192.168.200.2:80 Use this command t...

C H A P T E R 1 8 Server Load Balancing (SLB) 353 To configure translational mode, use this command: create slb vip <vipname> pool <poolname> mode translation <ipaddress>{-<upper_ipaddress>}: <L4Port> {unit <number>} Figure 18.2 shows translational mode. Figure 18...

354 Intel ® NetStructure ™ 480T Routing Switch User Guide configure vips ipaddress 192.168.201.1 /24 configure srvr add port 4-8 configure clnt add port 1-4 enable ipforwarding These commands create a round-robin pool called MyWeb , and add nodes to the new pool: create slb pool MyWeb lb-method roun...

C H A P T E R 1 8 Server Load Balancing (SLB) 355 routing switch automatically changes the IP address and port address on incoming packets to that of the load balanced servers. As with any server load balancing application, the content must be duplicated on all physical servers. Configure port trans...

356 Intel ® NetStructure ™ 480T Routing Switch User Guide In Figure 18.3, the 480T routing switch is configured to balance all traffic sent to the VIP based on the client IP address. All servers have the same: • MAC address • IP address • Content The commands used to configure the switch, as indicat...

C H A P T E R 1 8 Server Load Balancing (SLB) 357 • Subnet-Route - If your network configuration requires that the VIPs be propagated through a routing protocol by the switch, you need to create a loopback VLAN with the VIP(s) being valid members of the loopback VLAN’s subnet. When a routing protoco...

358 Intel ® NetStructure ™ 480T Routing Switch User Guide Ratio If you are working with servers that differ significantly in processing speed and memory, you may want to switch to the ratio load balancing method. In ratio, the 480T routing switch distributes connections among devices according to ra...

C H A P T E R 1 8 Server Load Balancing (SLB) 359 Priority Priority mode is a variant of round-robin designed to provide redundant standby nodes within a pool. When you add a node to a pool, you can assign a priority level. Priority numbers range from 1 to 65,535, with the highest number indicating ...

360 Intel ® NetStructure ™ 480T Routing Switch User Guide configure slb pool <poolname> delete <ipaddress>:<L4Port> Deletes a physical server from a server pool. configure slb pool <poolname> lb-method [round-robin | ratio | priority | least-connections] Configures the SLB lo...

C H A P T E R 1 8 Server Load Balancing (SLB) 363 Advanced SLB Application Example This example builds upon the introductory SLB example. The advanced concepts included in this example are: • Multiple pools • Multiple VIPs • Multiple balancing algorithms • Multiple types of health checking Figure 18...

364 Intel ® NetStructure ™ 480T Routing Switch User Guide Figure 18.4: Advanced SLB configuration The commands used to configure are described below. Use these commands to create the VLAN from which outside connections will come: create vlan outside configure vlan outside ipaddress 172.16.0.1 /16 co...

C H A P T E R 1 8 Server Load Balancing (SLB) 365 configure vlan sites ipaddress 192.168.201.254 /24 All VIPs is configured to use this subnet. There are no ports associated with this VLAN. You can use these commands to create the VLAN servers and enable IP forwarding: create vlan servers configure ...

366 Intel ® NetStructure ™ 480T Routing Switch User Guide enable slb node 192.168.200.2:443 tcp-port-check The next series of commands creates a second Web site. This second site is similar to the first example; the difference is that content checking is enabled on this site. For this type of health...

C H A P T E R 1 8 Server Load Balancing (SLB) 367 create slb vip myssl3 pool site3web mode transparent 192.168.201.4:443 The next example demonstrates the series of commands you would use to create an FTP site. The site is defined as having two servers: 192.168.200.3 and 192.168.200.4. Only FTP is b...

368 Intel ® NetStructure ™ 480T Routing Switch User Guide Health Checking The 480T routing switch supports both internal and external health checking. Health check definitions For reference, the following health checks are available on all Server Load Balancing, Web Cache Redirection and Policy-base...

C H A P T E R 1 8 Server Load Balancing (SLB) 369 using the name and password supplied during the configuration. The check will succeed when the switch successfully logs into the next-hop. Layer 7 NNTP Check The NNTP health check connects to the server or next-hop, establishes a connection, and atta...

C H A P T E R 1 8 Server Load Balancing (SLB) 371 Service-Check Service-check is Layer 7-based and application-dependent. It is defined on a VIP and is performed on each node in the pool with which this VIP is associated. The default frequency is 60 seconds and the default timeout is 180 seconds. Ea...

372 Intel ® NetStructure ™ 480T Routing Switch User Guide text from error text, we recommend that you specify an actual string to match. For FTP, Telnet, and POP3, service-check attempts to log on and off the application on the server using the specified userID and password. For SMTP, service-check ...

C H A P T E R 1 8 Server Load Balancing (SLB) 373 enable slb gogo-mode master service-check [http | ftp | telnet | smtp | nntp | pop3 | all | tcpport] Use these commands to disable GoGo mode health checking: disable slb gogo-mode master ping-check disable slb gogo-mode master tcp-port-check [port | ...

374 Intel ® NetStructure ™ 480T Routing Switch User Guide configure slb gogo-mode master service-check pop3 {l4-port port} {userid userid password {encrypted} password} configure slb gogo-mode master service-check timer [http | ftp | telnet | smtp | nntp | pop3 | tcpport] frequency seconds timeout s...

C H A P T E R 1 8 Server Load Balancing (SLB) 375 Health Checks for Web Cache Redirection and Policy Based Routing Health checking works on the ports configured by their associated flow. For example, if you configure a flow to redirect on port 80 (HTTP), but FTP is configured as the service check, t...

376 Intel ® NetStructure ™ 480T Routing Switch User Guide Layer 4 Flows Policy-based routing and Web cache redirection support an any option for the Layer 4 protocol type which allows the redirection of TCP, UDP and other traffic types with the exception of ICMP traffic. To configure this capability...

C H A P T E R 1 8 Server Load Balancing (SLB) 377 To show configuration and status of flow redirection rules, use this command: show flow-redirect [<flow_rule_name | <cr>] Maintenance Mode You can easily put a node or VIP into maintenance mode by disabling the node or VIP. In maintenance mo...

378 Intel ® NetStructure ™ 480T Routing Switch User Guide configure slb proxy-client-persistent [add | delete] <ipaddress / mask> Sticky Persistence Sticky persistence provides a special type of persistence that is especially useful for cache servers. Similar to client persistence, sticky pers...

C H A P T E R 1 8 Server Load Balancing (SLB) 379 Availability mode or having to introduce another interconnecting switch), and recovery from a switch failure occurs in less than 8 seconds. Figure 18.5 shows SLB enabled using ESRP and dual-attached servers. Figure 18.5: SLB using ESRP and dual-attac...

380 Intel ® NetStructure ™ 480T Routing Switch User Guide Configuring the Switches for SLB and ESRP The SLB and ESRP configurations are identical on both switches, in relation to the ports being used. The procedure used to configure the Switch 1 and Switch 2 in Figure 18.5 is described below. 1. Cre...

C H A P T E R 1 8 Server Load Balancing (SLB) 381 show slb stats vip site2 7. To configure the ratio and priority of an existing pool member and to display the current SLB pool statistics, use this command for each pool member, filling in the ipaddress, port, ratio and prio-ity as needed: configure ...

382 Intel ® NetStructure ™ 480T Routing Switch User Guide Configuration of SLB with ESRP Note the following about the configurations for switches running SLB and ESRP: • All switch ports connected directly to the servers must be configured as ESRP host ports. • The link between the two switches must...

C H A P T E R 1 8 Server Load Balancing (SLB) 383 Redundant SLB The 480T routing switch supports a failover process that uses a redundant configuration of two switches. If one switch fails, the second switch takes over the SLB duties of the first. By preparing a redundant switch for the possibility ...

384 Intel ® NetStructure ™ 480T Routing Switch User Guide When both switches are active, each switch performs SLB only for the VIPs assigned to it. If a switch fails, the other switch takes over the VIPs assigned to the failed switch. The basic failover configure command assigns the switch’s unit nu...

C H A P T E R 1 8 Server Load Balancing (SLB) 385 Figure 18.6: Active-active configuration In this sample configuration, failover is enabled to ensure fault tolerance. To configure this example on the first switch, use these commands: create vlan inside create vlan server configure vlan inside ipadd...

C H A P T E R 1 8 Server Load Balancing (SLB) 387 enable slb failover enable slb fail ping configure slb vip site1 unit 1 configure slb vip site2 unit 2 configure slb fail ping-check 1.10.0.1 freq 1 The differences between the configurations of these two switches are the IP addresses, and the design...

388 Intel ® NetStructure ™ 480T Routing Switch User Guide Figure 18.7: SLB failover configuration using SLB H/A Configuring Clients The configuration used to connect clients to SLB virtual sites with High Availability enabled is transparent to the accessing clients. As with normal SLB, the clients c...

390 Intel ® NetStructure ™ 480T Routing Switch User Guide configure inside slb client configure server slb server Configure SLB H/A for the switch, using this command: configure slb failover unit 1 remote 1.10.0.3 local 1.10.0.2 l4-port 1028 One switch in a High Availability pair is designated as un...

C H A P T E R 1 8 Server Load Balancing (SLB) 391 in the load balancing scheme. Without ESRP, another switch interconnecting all the servers is necessary. • One switch is designated as unit 1 and the other as unit 2. This designation determines which VIPs are active on each switch in the failover pa...

392 Intel ® NetStructure ™ 480T Routing Switch User Guide This configuration uses transparent mode. Therefore, the VIPs need to be added to the servers as loopback addresses. This is done by configuring the network interfaces on the servers. A detailed description for doing this is provided after Fi...

C H A P T E R 1 8 Server Load Balancing (SLB) 393 configure slb failover unit <number> {remote-ip <ipaddress> local-ip <ipaddress>: {<L4Port>}} Configures the slb failover. Specify: • remote-ip-address —The remote peer IP address. • local-ip-address —The address of a local IP...

394 Intel ® NetStructure ™ 480T Routing Switch User Guide configure slb global http url <url_string> match-string [<match_string> | any-content] Configures the default parameters for L7 service checking. configure slb global nntp newsgroup <newsgroup> Configures the default paramet...

C H A P T E R 1 8 Server Load Balancing (SLB) 397 enable slb vip [<vipname> | all] client-persistence {mask <mask>} Enables client persistence and specifies the timeout and client address mask. If the client sets up multiple sessions to a virtual server, all sessions must connect to the ...

398 Intel ® NetStructure ™ 480T Routing Switch User Guide Web Cache Redirection Web cache redirection uses the TCP or UDP port number to redirect client requests to a target device (or group of devices). Web cache redirection transparently redirects traffic to Web cache devices or to proxy servers a...

C H A P T E R 1 8 Server Load Balancing (SLB) 399 Precedence of Flow Redirection Rules Multiple flow redirection rules can overlap in making a redirection decision. In these cases, precedence is determined by "best match" where the most specific redirection rule that satisfies the criteria w...

400 Intel ® NetStructure ™ 480T Routing Switch User Guide In this case, Policy 1 is the rule with the best match as it contains an explicit Destination IP Port even though the mask for the Destination IP Address is less specific. In this case, Policy 4 is the rule with the best match as it contains ...

C H A P T E R 1 8 Server Load Balancing (SLB) 401 Flow Redirection Example Figure 18.8 uses flow redirection to redirect Web traffic to Web cache servers. In this example, the clients and the cache devices are located on different networks. This is done by creating a different VLAN for the clients a...

Status Monitoring and Statistics This chapter describes how to view the current operating status of the Intel ® NetStructure ™ 480T routing switch, how to display information in the log, and how to take advantage of available Remote Monitoring (RMON) capabilities. Viewing statistics on a regular bas...

404 Intel ® NetStructure ™ 480T Routing Switch User Guide Table 19.1: Status Monitoring Commands Command Description show log config Displays the log configuration, including the syslog host IP address, the priority level of messages being logged locally, and the priority level of messages being sen...

C H A P T E R 1 9 Status Monitoring and Statistics 405 Port Statistics The 480T routing switch allows you to view port statistic information. The summary information lists values for the current counter against each port on each operational module in the system, and it is refreshed approximately eve...

406 Intel ® NetStructure ™ 480T Routing Switch User Guide • Received Packet Count (Rx Pkt Count) —The total number of good packets that were received by the port. • Received Byte Count (Rx Byte Count) —The total number of bytes that were received by the port, including bad or lost frames. This numbe...

C H A P T E R 1 9 Status Monitoring and Statistics 407 To view port receive errors, use this command: show ports <portlist> rxerrors The following port receive error information is collected: • Receive Bad CRC Frames (Rx CRC) —The total number of frames received by the port that were of the co...

408 Intel ® NetStructure ™ 480T Routing Switch User Guide Setting the System Recovery Level You can configure the system to automatically reboot after a software task exception, using this command: configure sys-recovery-level [none | critical | all] Where: • none —Configures the level to no recover...

410 Intel ® NetStructure ™ 480T Routing Switch User Guide Local Logging The 480T routing switch maintains 1,000 messages in its internal log. You can display a snapshot of the log at any time, using the command: show log {<priority>} Displays the current snapshot of the log. Priority filters t...

C H A P T E R 1 9 Status Monitoring and Statistics 411 Real-Time Display Along with viewing a snapshot of the log, you can configure the system to maintain a running real-time display of log messages on the console. To turn on the log display, enter this command: enable log display To configure the ...

412 Intel ® NetStructure ™ 480T Routing Switch User Guide The priorities are the same as for local logging. If not specified, only critical priority messages are sent to the syslog host. Logging Configuration Changes The local management software allows you to record all configura-tion changes (and ...

C H A P T E R 1 9 Status Monitoring and Statistics 413 configure log display {<priority>} Configures the real-time log display. Displays the current snapshot of the log. Priority filters the log to display messages with the selected or higher (more critical) priority. Priorities include (in or...

414 Intel ® NetStructure ™ 480T Routing Switch User Guide RMON Using the Remote Monitoring (RMON) capabilities of the 480T routing switch allows network administrators to improve system efficiency and reduce the load on the network. This sections explain more about the RMON concept and the RMON feat...

C H A P T E R 1 9 Status Monitoring and Statistics 415 A typical RMON setup consists of two components: • RMON probe —An intelligent, remotely controlled device or software agent that continually collects statistics about a LAN segment or VLAN. The probe transfers the information to a management wor...

416 Intel ® NetStructure ™ 480T Routing Switch User Guide The History group is useful for analysis of traffic patterns and trends on a LAN segment or VLAN, and to establish baseline information indicating normal operating parameters. Alarms The Alarms group provides a versatile, general mechanism fo...

417 Intel ® NetStructure ™ 480T Routing Switch User Guide network without costing more than traditional network management. The 480T routing switch accurately maintains RMON statistics at the maximum line rate of all of its ports. For example, statistics can be related to individual ports. RMON Prob...

Software Upgrade and Boot Options Overview This chapter describes the procedure for upgrading the Intel ® NetStructure ™ 480T routing switch firmware image. It also includes a discussion of how to save and load a primary and secondary image and configuration file on the switch. Saving Configuration ...

420 Intel ® NetStructure ™ 480T Routing Switch User Guide If you make a mistake, or find you must revert to the configuration as it was before you started making changes, you can set the switch to use the secondary configuration on the next reboot. If the switch is rebooted during a configuration sa...

C H A P T E R 2 0 Software Upgrade and Boot Options 421 Once the TFTP server is running, click the Server Dir. button. Verify that the active directory is Program Files\Intel\Intel Device View\Firmware. Make sure that both the BootROM image (a file named ngboot nn .bin ) and the firmware image (a fi...

422 Intel ® NetStructure ™ 480T Routing Switch User Guide Upgrading the Firmware To upgrade the firmware on the switch: 1. Download the latest image from your TFTP server. download image <TFTPserverIP> v<nnn>b<nn>.tfp primary 2. Verify that primary image is now at the latest versio...

C H A P T E R 2 0 Software Upgrade and Boot Options 423 show switch • Reboot the switch using the reboot command. If you have followed upgrade instructions, your original configuration should be operational. If you did not have an older configuration, you may perform a minimal configuration for the ...

424 Intel ® NetStructure ™ 480T Routing Switch User Guide specified, the current configuration is immediately uploaded to the TFTP server. To cancel a scheduled configuration upload, use the command: upload configuration cancel Using TFTP to Download the Configuration To modify the switch configurat...

C H A P T E R 2 0 Software Upgrade and Boot Options 425 connection (and not the console port), your connection is terminated when the switch reboots, but the command executes normally. Downloading an Incremental Configuration You can make a partial or incremental change to the switch configuration u...

426 Intel ® NetStructure ™ 480T Routing Switch User Guide Remember to Save Regardless of the download option used, configurations are downloaded into switch runtime memory only. The configuration is saved only when the save command is issued, or if the configuration file itself includes the save com...

C H A P T E R 2 0 Software Upgrade and Boot Options 427 • Press 2 for the image stored in secondary. Then, press the f key to boot from newly selected on-board flash memory. To boot to factory default configuration: • Press the d key for default, and • Press the f key to boot from the configured on-...

Technical Specifications and Supported Limits Technical Specifications For IEEE standards information refer to http://standards.ieee.org The following table lists specifications for the Intel® NetStructure™ 480T routing switch. Table A.1: Specifications Physical Dimensions Height: 3.5 inches x Width...

432 Intel ® NetStructure ™ 480T Routing Switch User Guide CE (European Community) TUV/GS (German Notified Body) C-Tick (Australian Communication Authority) Underwriters Laboratories (USA and Canada) Safety Agency Certifications UL 1950 3rd Edition, listedcUL listed to CSA 22.2#950TUV GS mark safety ...

Appendix A Technical Specifications and Supported Limits 433 Supported Standards, RFCs and Protocols Table A.2: Supported Standards, RFCs and Protocols RFCs, Standards, and Protocols RFC 1058 RIPRFC 1723 RIP v2RFC 1112 IGMPRFC 2236 IGMP v2DVMRP v3 - Draft IETF DVMRP v3-07PIM-DM v2 - Draft IETF PIM-D...

434 Intel ® NetStructure ™ 480T Routing Switch User Guide Supported Limits The table below summarizes tested metrics for various features on the 480T routing switch. These metrics are laboratory results and are for reference and comparison only. Table A.3: Supported Limits Metric Description Limit A...

436 Intel ® NetStructure ™ 480T Routing Switch User Guide ESRP – number of instances Maximum number of ESRP-supported VLANs for a single switch. 64 ESRP – number of ESRP groups Maximum number of ESRP groups within a broadcast domain. 4 ESRP – number of VLANs in a single ESRP domain Maximum number of...

Appendix A Technical Specifications and Supported Limits 437 OSPF virtual links Maximum number of OSPF virtual links supported. 32 BGP routes Maximum number of routes contained in the BGP route table. 500,000 BGP peers Maximum number of BGP peers on a single router. 64 Policy-Based Routing Maximum n...

438 Intel ® NetStructure ™ 480T Routing Switch User Guide IPX Router interfaces Maximum number of IPX router interfaces. 256 IPX Access control lists Maximum number of access lists in which all rules utilize all available options. worst case: 255 Table A.3: Supported Limits

Troubleshooting If you encounter problems when using the Intel ® NetStructure ™ 480T routing switch, this appendix may be helpful. If you have a problem not listed here or in the “Late Breaking News,” contact your local technical support representative (see "Intel Customer Support" on page 4...

440 Intel ® NetStructure ™ 480T Routing Switch User Guide the link LED lit, and the side with autonegotiation enabled will not have the LED lit. • The default configuration for a 1000 Mbps port is autonegotiation enabled . Verify by using this command: show port config Why won’t the switch power on?...

A p p e n d i x B Troubleshooting 441 Why won’t the Telnet workstation access the device? • Check that the device IP address, subnet mask and default gateway are configured correctly, and that the device has been reset. • Ensure that you enter the IP address of the switch correctly when invoking the...

442 Intel ® NetStructure ™ 480T Routing Switch User Guide How do I remove unused default and static routes? • If you have defined static or default routes, those routes will remain in the configuration, independent of whether the VLAN and VLAN IP address that used them remains. You should manually d...

A p p e n d i x B Troubleshooting 443 • To establish a full-duplex link either force it at both sides, or run autonegotiation on both sides (using full-duplex as an advertised capability, the default setting). Always verify that the switch and the network device match in configuration for speed and ...

444 Intel ® NetStructure ™ 480T Routing Switch User Guide • Then convert each octet into a decimal value. (for example, 00000000.00000000.0000001.10010000 = 0.0.1.144). • Therefore, 400 = 0.0.1.144 VLANs What if I can’t add a port to a VLAN? • If you attempt to add a port to a VLAN and get an error ...

A p p e n d i x B Troubleshooting 445 VLAN Names There are restrictions on VLAN names. They cannot contain white spaces and cannot start with a numeric value unless you use quotation marks around the name. If a name contains white spaces, starts with a number, or contains non-alphabetical characters...

446 Intel ® NetStructure ™ 480T Routing Switch User Guide Why does the switch keep aging out endstation entries in the switch Forwarding Database (FDB)? • Reduce the number of topology changes by disabling STP on those systems that do not use redundant paths. • Specify that the endstation entries ar...

Regulatory Information Compliance statements Each of the following compliance statements applies only to products that bear the mark or text required by the appropriate certification agency. FCC Part 15 Compliance Statement This product has been tested and found to comply with the limits for a Class...

448 Intel ® NetStructure ™ 480T Routing Switch User Guide This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the interference-causing equipment standard entitled: "Digital Apparatus," ICES-003 of the Canadian Department of Co...

A p p e n d i x C Regulatory Information 449 Warnings WARNING This is a Class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures. Internal access to the Intel NetStructure 480T routing switch is intended onl...

450 Intel ® NetStructure ™ 480T Routing Switch User Guide • in Regionen, in denen elektrische Stürme auftreten, mit einem Überspannungsschutzgerät verbunden sein; während eines elektrischen Sturms sollte keine Verbindung der Telekommunikationsleitungen mit dem Modem bestehen; • mit einer geerdeten W...

Intel Customer Support Intel offers a range of support services for your Intel ® NetStructure ™ 480T routing switch. You can learn about the options available for your area by visiting the Intel support Web site at http://www.intel.com/network/services. Worldwide Access to Technical Support Intel ha...

462 Intel ® NetStructure ™ 480T Routing Switch User Guide Other areas For support in other countries, use the following table to dial the toll-free support number. Using the table, locate the country from which you are calling, dial the access number, await the dial tone, and then dial the listed 80...

Index Numerics 10/100 Mbps management port ................................................ 10 802.1p configuration commands (table) ................................... 150 802.1Q links, troubleshooting ................................................ 445 802.1Q VLAN tag ...............................

468 I N D E X show commands (table) ...................................................271 soft reset ......................................................................334 bi-directional rate shaping .....................................................163 blackhole ................................

494 I N D E X viewing accounts ...................................................................50 VIPs, SLB ..........................................................................348 Virtual LANs. See VLANs virtual link, OSPF ................................................................229 ...

496 I N D E X wildcard IP address ..............................................................349

A14542-001 100044-00 rev04 Intel ® NetStructur e ™ 480T Routing Switch User Guide Intel ® NetStructure ™ 480T Routing Switch User Guide User Guide User Guide User Guide User Guide