博科交换机配置指导手册资料

1、FastTrack Training共一百七十九页AgendaSession One Layer 2 SwitchesAdministration Essentials: Connection, command line and GUI essentialsNetwork Configuration: Default VLAN, VLANs Trunks and LAGRedundant Connections: Spanning tree, RSTP, MSTPBase Layer 3: VEs and VLANs, Routing Ports, Static RoutesSession T

2、wo Layer 3 SwitchesDynamic Routing: RIP and OSPFRedundant Routing interfaces: VRRP and VRRP-EISP Border routing: BGPTraffic Control: ACLsAdditional SlidesAdditional Theory Slides (If required)Additional Material useful for some students but outside the BCNE subjects (eg Rate-Limiting)共一百七十九页THANK YO

3、USection 1.1Layer 2 SwitchesAdministration Essentials共一百七十九页DB-9 male interface.VT-100 terminal - straight-through cable (female to female not a null-modem).The VT-100 configuration is:9600 Baud 8 Data Bits Parity = NoneStop Bits = 1 Flow Control = NoneFor MODEM Cross-Over cable (typically a DB-9F t

4、o DB-9F cable)Console Port共一百七十九页SW-FastIron enableNo password has been assigned yet.SW-FastIron# show chassisSW-FastIron# configure terminalSW-FastIron(config)# show chassisInterface LevelFixed Configuration products specify the Port number (FastIron Simulator)SW-FastIron(config)# int eth 1 (eth 1

5、= ethernet port #1)SW-FastIron(config-if-1)#Chassis products specify the Slot/Port (BigIron Simulator)SW-FastIron(config)# int eth 2/1 (eth 2/1 = Chassis slot #2, ethernet port #1)Stackable products specify the Stack-Number/Unit-Number/PortSW-FastIron(config)# int eth 1/2/1 (eth 1/2/1 = Stack-number

6、 #1, Unit-number #2, ethernet port #1)CLI Basics (Part 1 / 2)共一百七十九页Move back up the menu tree using “exit” SW-ServerIron(config-rs-c1)# exitSW-ServerIron(config)# exitSW-ServerIron# exitSW-ServerIron Use “end” or Cntl-Z to return to “#” promptDisplay the running-config and saved startup-configSW-Se

7、rverIron# write terminalSW-ServerIron# show running-configSW-ServerIron# show configErase the Startup-ConfigSW-ServerIron# erase startup-configThe CLI supports up / down arrow for access to the last commands enteredSW-ServerIron(config)# ping Invalid input - ping Type ? for a listSW-ServerIron(confi

8、g)#exitSW-ServerIron#CLI Basics (Part 2 / 2)共一百七十九页Two Image Storage AreasPrimary and SecondaryView The Flash:BigIron Router#sh versionBigIron Router#sh flashActive management module:Code Flash Type: AMD 29F032B, Size: 64 * 65536 = 4194304, Unit: 2Boot Flash Type: AMD 29F040, Size: 8 * 65536 = 52428

9、8Compressed Pri Code size = 3485205, Version 07.5.01T53 (b2r07501.bin)Compressed Sec Code size = 3494253, Version 07.5.02T53 (b2r07502.bin)Maximum Code Image Size Supported: 3866112 (0 x003afe00)Boot Image size = 149324, Version 07.02.01 (m2b07201.bin)Primary FlashSecondary FlashBoot ImageFile Manag

10、ement (Part 1 / 3)共一百七十九页Specify where to boot from:Primary FlashSecondary FlashTFTP ServerBootP ServerWhere you enter the command also dictates when to loadPRIVELEDGED level INTERMEDIATE reboot/reloadConfig Level Load at next scheduled reboot OrBigIron# (config) # boo sy f sBigIron# (config) # wri

11、memBigIron# reload at 06 : 00 : 00 01-19-04SystemTFTPServerFlash PrimaryFlash SecondaryRAMImage CodeManagement Moduleabbreviated but unique command lineFile Management (Part 2 / 3)共一百七十九页From/To TFTP ServersFrom/To Primary or Secondary FlashExec Privileged Level:NetIron# copy tftp flash 4 vm1r07501.

12、bin secondaryCopies from the TFTP server the file “vm1r07501.bin ” and stores it to the secondary flash areaNetIron# copy flash tftp 4 vm1r07501.bin secondaryCopies the system image from the secondary flash area and stores it to the TFTP server as filename “vm1r07501.binTurboIron# copy flash flash ?

13、primary Copy secondary to primarysecondary Copy primary to secondaryTurboIron# copy flash flash primaryCopies the system image from the secondary flash area to the primary. SW-FastIron# copy running-config tftp 4 new.cfgCopies from the current running config (not the stored config) and writes it to

14、the TFTP server as filename “new.cfg”.NetIron# copy tftp flash 4 nib06007.bin bootCopies the boot image from tftp server to the boot memory location of flash.(“boot” is a hidden parameter)RAMTFTPServerManagement ModuleFlash PrimaryFlash SecondaryFile Management (Part 3 / 3)共一百七十九页Show commands: NetI

15、ron# show arpRP cacheNetIron# show ip interfaceip interface informationNetIron# show ip cacheIP host/MAC tableNetIron# show ip ospfOSPF informationNetIron# show ip routeIP routes and their statusNetIron# show ip trafficIP (ICMP, UDP, TCP, RIP) traffic statisticsNetIron# show ip dvmrpDVMRP informatio

16、nMany of the above commands have several branchesAn example is:NetIron# show ip ospf neighbor Neighbor router informationReference the manual for a complete list of all commandsShow Commands共一百七十九页Clear forwarding and route tablesSwitch/Router clear commands:(SW-FastIron,TurboIron,BigIron)TurboIron#

17、 clear arpClears ARP tableTurboIron# clear mac-addressClears the MAC forwarding tablesTurboIron# clear statisticsClears all statistic counters.NetIron# clear loggingClears the system logRouter-only clear commands :(NetIron, TurboIron, BigIron)NetIron# clear ip routeClears IP route tables.NetIron# cl

18、ear ip cacheClears IP host/MAC tablesClearing Individual Entries The mac parameter clears only the entries that match the specified address and mask. The vlan parameter clears only the entries that match the specified VLAN.clear mac-addressRemoves learned MAC address entries from the MAC address tab

19、le.EXAMPLE: BigIron# clear mac-address ethernet 1/1Clear Commands共一百七十九页Helpful when trying to verify connectivityCannot be entered when in “configure” modeA few ping commands:SW-FastIron ping 0SW-FastIron# ping 0 count 100SW-FastIron ping 0 size 1200SW-FastIron# ping 0 ttl 5 c 10 s 200Issues 10 pin

20、gs with a time to live of 5 and each ping is 200 bytes longUse “?” after the address for other optionsSyntax: ping | source count timeout ttl size quiet numeric no-fragment verify data briefPing Commands共一百七十九页Show CPU StatisticsFastIron(config)#show process cpuProcess Name 5Sec(%) 1Min(%) 5Min(%) 1

21、5Min(%) Runtime(ms)ACL 0.00 0.00 0.00 0.00 0ARP 0.15 0.20 0.19 0.20 134792BGP 0.00 0.00 0.00 0.00 0DOT1X 0.00 0.00 0.00 0.00 0GVRP 0.00 0.00 0.00 0.00 0ICMP 0.00 0.00 0.00 0.00 3721IP 0.00 0.00 0.00 0.00 1271L2VLAN 9.10 12.17 11.12 10.81 8220839NAT 0.00 0.00 0.00 0.00 0OSPF 0.00 0.00 0.00 0.00 0RIP

22、0.00 0.00 0.00 0.00 129STP 0.01 0.01 0.01 0.01 11588VRRP 0.00 0.00 0.00 0.00 0BroadcastStormBigIron Router# show cpu2 percent busy, from 81 sec ago1 sec avg: 1 percent busy5 sec avg: 1 percent busy60 sec avg: 1 percent busy300 sec avg: 3 percent busy共一百七十九页Allocating Additional Memory for VLANS and

23、VEsSystem maximum number depends on:Product and Management ModuleBigIron(config)# system-max vlan 2048BigIron(config)# system-max virtual-interface 2048BigIron(config)# write memoryBigIron(config)# endBigIron# reload共一百七十九页Management IP Address and Default-GatewayLANIronViewTelnetIP Add: 5 FastIron#

24、 con t FastIron # (Config) ip address 5 FastIron # (Config) ip default-gateway BigIron Router# con t BigIron Router# (Config) int eth 1/1 BigIron Router# (Config) ip address 5 共一百七十九页PasswordsFactory Default = no Enable passwordsPasswords can be up to 32 characters longMultiple levels of “Enable” pa

25、ssword access Access depends on which password you useSuper User - Unlimited access, can change all parametersConfigure Port - Change interface level parameters Read Only - View only, no changing allowedBigIron(config)# enable super-user-password SuPswdBigIron(config)# enable port-config-password PC

26、PswdBigIron(config)# enable read-only-password ROPswdBigIron enable PCPswdorBigIron enable Password:If the system password is not yet set, the system warns youBigIron enableNo password has been assigned yet.共一百七十九页Passwords, recoveringYou can recover from a forgotten passwords Requires direct access

27、 to the Serial Port and a System ResetHave terminal session plugged into serial port, then: Reboot the system Within 2 seconds, enter b to initiate the boot monitorBOOT MONITOR no password(cannot be abbreviated)BOOT MONITOR boot system flash primaryThis bypasses the system password checkSW-FastIron

28、enableNo password has been assigned yetSW-FastIron# Reassign Super-User password & save configSW-FastIron(config)#enab super-user NewPassword(assigns a new password)SW-FastIron(config)#write memory共一百七十九页Also specify passwords for:Telnet AccessSW-FastIron(config)#enable telnet password TelNetPswdWhe

29、re Passwords can be changed fromSW-FastIron(config)#password-change serial-port-onlyoptions: Usernames / Password combinationsSpecify Username, Password and Privilege Level(config)#username BigKahuna priv 0 password BKpswdPrivilege level: 0=Super-User, 4=Port-Config, 5=Read-onlyA Super-User account

30、(or Super-User enable password) must be set Passwords are stored in Config File ENCRYPTED (default)or you can turn off encryption(config)# no service password-encryptionUsername Lists are applied with AAA commandsPasswords共一百七十九页Authentication for the following access typesSyntax:aaa authentication

31、default aaa authentication what type of access default how to validate aaa authentication snmp-server applications - IronView, HPOV, Spectrum, etc.aaa authentication web-server .Web Browser to Brocade Switches and Routersaaa authentication enable “enable” command to gain Privileged and CONFIG level

32、accessaaa authentication login TELNET access to the Brocade Switch/RouterPasswords - aaa authentication types共一百七十九页Authentication methodsSyntax: aaa authentication default If a validation method is NOT configured, use next methodTACACS, TACACS+, RADIUSQuery a TACACS, TACACS+ or RADIUS server for us

33、ername/password LocalUse locally defined username/password combinationsLineUse the TELNET access passwordEnableUse the “enable” passwords (super-user, port-config, read-only)Passwords - aaa authentication methods共一百七十九页Syntax:aaa authentication what type of access default how to validateExamplesaaa

34、authentication login default localFor TELNET access (“login”), use the locally defined usernamesaaa authentication enable default radius localTo gain privileged /CONFIG access (“enable” command), query a configured RADIUS server; if not configured, fallback to locally defined usernamesaaa authentica

35、tion web default radius local enableThe Web Browser will first look at 1. RADIUS usernames, if not configured, 2. locally defined usernames, if not configured3. use the “enable” super-user, port-config, and read-only passwordsPasswords - aaa authentication examples共一百七十九页SNMP required information:SW

36、-FastIron(config)# ip address 5 SW-FastIron(config)# ip default-gateway SW-FastIron(config)# snmp-server contact “Bill Clinton”SW-FastIron(config)# snmp-server location the_white_houseSW-FastIron(config)# snmp-server host 5 publicSW-FastIron(config)# snmp-server community notsafe roSW-FastIron(confi

37、g)# snmp-server community safe rwNote: The first two commands are valid for switches only. Routers would assign an IP address at the interface level, not at the global level.BigIron(config) interface ethernet 1/2BigIron(config-if-1/2)# ip address 5 SNMP Configurations共一百七十九页Enabled with web browserU

38、sername & Password AccessUser NamePasswordRead OnlygetpublicRead / WritesetOnly one session can be Read/WriteMultiple Read-only sessions (password protected access)Web Browser GUI Config共一百七十九页You can restrict Web,Telnet and SNMP access to a single management address:BigIron(config)#web client 9BigI

39、ron(config)#snmp-client 4BigIron(config)#telnet client 6BigIron(config)#all-client 9 for all three typesTo disable Management completely:BigIron(config)#no web-managementBigIron(config)#no telnet serverBigIron(config)#no snmp-serverControlling Access共一百七十九页THANK YOUSection 1.2Layer 2 SwitchesPort Co

40、nfiguration and Link Aggregation共一百七十九页Specific attributes of each portSpeed Auto-negotiate (default)Forced to 10 or 100Mbps-Full Duplex/Half DuplexExamples:NetIron enable passwordhereNetIron# config termNetIron(config)# interface e8NetIron(config-if-8)# speed-duplex 100-halfNetIron(config-if-8)# sp

41、eed 10-fullNetIron(config-if-8)# speed autoNetIron(config-if-8)# interface e12NetIron(config-if-12)# speed 100-fullNetIron(config-if-12)# endNetIron# write memInterface Configuration (Part 1 / 2)共一百七十九页FastIron(config)# show interface briefFastIron(config)# Int eth 5 to 10FastIron(config-inf-eth 5 t

42、o 10)# DisableFastIron(config)# show interface brief Port Link State DuplexSpeedTag Priority MAC Trunk01 Down NoneNoneNoneNoNormal00e0.5200.0385102 Down NoneNoneNoneNoNormal00e0.5200.0386103 Down NoneNoneNoneNoNormal00e0.5200.0387None04 Down NoneNoneNoneNo Normal00e0.5200.0388 None05 Down NoneNoneNo

43、neNo Normal00e0.5200.0389 None06 Down NoneNoneNoneNo Normal00e0.5200.038a None07 Down NoneNoneNoneNo Normal00e0.5200.038b None08 Down NoneNoneNoneNo Normal00e0.5200.038c None09 Up ListenFull100MYesNormal00e0.5200.038d None10 Up ForwardFull100MNoNormal00e0.5200.038e None11 Down NoneNoneNoneNoNormal00

44、e0.5200.038f None12 Down NoneNoneNoneNoNormal00e0.5200.0390 None13 Down NoneNoneNoneNoNormal00e0.5200.0391 None14 Down NoneNoneNoneNoNormal00e0.5200.0392 None15 Up ForwardFull100MNoNormal00e0.5200.0393 None16 Down NoneNoneNoneNoNormal00e0.5200.0394 None17 Up ForwardFull1G NoNormal00e0.5200.0395 None

45、 Current Link StateUp or DownSpanning Tree StateForward, Listen, etc.Current Duplex StateFull or Half None = no link stateCurrent Speed10M, 100M, 1G802.1q Tagged or notQoS Priority, Normal, HighIs this port part of a Trunk Group?(Trunk Group #)Interface Configuration (Part 2 / 2)共一百七十九页A trunk is a

46、group of physical ports that act as one logical port.Also called Etherchannel in some quartersStatic trunks have been replaced by the 802.3ad dynamic LACP protocol by most manufacturers Trunking = Link Aggregation共一百七十九页FastIronA(config)# trunk ethernet 1 to 4FastIronA(config-trunk-1-4)# write memor

47、yFastIronA(config-trunk-1-4)# exitFastIronA(config)# trunk deploy (Not on Simulator)BigIronA(config)# trunk ethernet 1/1 to 1/4 ethernet 4/5 to 4/8BigIronA(config-trunk-1/1-4/8)# write memoryBigIronA(config-trunk-1/1-4/8)# exitBigIronA(config)# trunk deploy (Not on Simulator)Multi-Slot Trunk Group C

48、onfigurationemptyemptyemptyemptyAB共一百七十九页Show Trunk共一百七十九页Load sharing is dependent on:Device Family/Type: BigIron Chassis, FastIron StackTraffic Type: Layer-2 or Layer-3, IP or non IPFor example: FastIron X SeriesLayer 2 Bridged non-IP: Source and destination MAC addressesLayer 2 Bridged TCP/UDP: S

49、ource and destination MAC addresses, source and destination IP addresses, and source and destination TCP/UDP portsLayer 2 Bridged IP (non-TCP/UDP): Source and destination MAC addresses, and source and destination IP addressesLayer 3 Routed traffic: Source and destination IP addresses and protocol fi

50、eldTrunk Group Load Sharing共一百七十九页Trunks and Link Aggregation are synonymsPorts follow the same rules as for Static TrunksLink Aggregation Control Protocol - LACP, sends out packets like 802.1d Spanning Tree sends out BPDUs These are called Link Aggregation Control Protocol Data Units, LACPDULACP pa

51、ckets allow both sides of a trunk to automatically configure themselves. It is a standard that is supported by multiple manufacturers802.3ad Dynamic Link Aggregation共一百七十九页Config for 2 port trunk exampleActive device (sends/receives LACP packets):BigIron_A(config)# interface ethernet 1/1BigIron_A(co

52、nfig-if-e1000-1/1)# link-aggregate activeBigIron_A(config)# interface ethernet 1/2BigIron_A(config-if-e1000-1/2)# link-aggregate activePassive device: (only receives LACP packets):BigIron_B(config)# interface ethernet 1/1 to 1/2BigIron_B(config-mif-1/1-1/2)# link-aggregate passive802.3ad Dynamic Tru

53、nks共一百七十九页System priority - specifies devices link aggregation priority relative to the partner devicePort priority - determines active and standby links.Link type - specifies whether partner is server or to another networking deviceKey - identifies the group of potential trunk ports the port belong

54、s to802.3ad Link Aggregation Parameters共一百七十九页Key identifies the group of potential trunk ports a port belongs toEvery Port that is 802.3ad enabled has a keyPorts with a same key are called a Key-Group and are eligible to be in the same trunk groupA default-key is automatically assigned to an untagg

55、ed port when linked aggregation is enabledYou must manually configure link aggregation keys for tagged portsNote that IronStack supports cross stack TrunksAggregate Link KeysPort 1/1Port 1/2Port 3/8Port 1/3Port 1/4Port 3/6Port 3/5Port 3/7Port 1/1Port 1/2Port 4/8Port 1/4Port 4/6Port 4/5Port 4/7Switch

56、 1Switch 2Slot 3Slot 4Key 10Key 20Key 30Key 40共一百七十九页The Show Command (Part 1 / 2)共一百七十九页The Show Command (Part 2 / 2)共一百七十九页NetIron MLX/XMR (Version 3.7.00 and later) and BigIron RX (Version 2.6.00 and later) chassis use a different command line format for Link AggregationStatic LAGs These trunk gr

57、oups are manually-configured aggregate links containing multiple ports.Dynamic LAGs This LAG type uses the Link Aggregation Control Protocol (LACP), to maintain aggregate links over multiple port. LACP PDUs are exchanged between ports on each router to determine if the connection is still active. Th

58、e LAG then shuts down ports whose connection is no longer active.Keep Alive LAGs In a Keep Alive LAG a single connection between a single port on 2 routers is established. In a keep alive LAG, LACP PDUs are exchanged between the 2 ports to determine if the connection between the routers is still act

59、ive. If it is determined that the connection is no longer active, the ports are blocked.BigIron RX supports 31 multi-port LAGs with up to 97 additional Keep Alive LAGs.NetIron MLX/XMR can support up to 256 8-port trunks, 128 16-port trunks or 64 32-port trunks. Set using the system-max trunk-num com

60、mand.NetIron/BigIron Chassis LAG共一百七十九页Static LAG command line NetIron(config)# lag blue static id 124NetIron(config-lag-blue)# ports ethernet 1/2 to 1/3NetIron(config-lag-blue)# primary-port 1/3NetIron(config-lag-blue)# deployDynamic LAG command LineNetIron(config)# lag red dynamicNetIron(config-la