Intel IXM5414E User's Manual
Contents
1. AL Pots Table Current Size Max Size AGL 1 100 Delsje Appi ACL Make a selection from the pull down menu You may create a new ACL or update the configuration of an existing ACL ACL ID ACL ID must be a whole number between 1 and 100 Ports This dynamic multi selector lists all available valid interfaces for ACL mapping All non routing physical interfaces and interfaces participating in LAGs that are not already assigned to an ACL are listed You can map an interface to one and only one ACL but multiple interfaces can be assigned to one ACL Direction Select the packet filtering direction for the ACL from the pull down menu Currently the only choice is Inbound The packet direction for a given ACL 1s the same for all affected interfaces Table Displays the current and maximum number of ACLs Current Size Max Size Displays the number of existing ACLs and the maximum number of configurable ACLs Click the Apply button to send the updated configuration to the switch Configuration changes take effect immediately If you want the switch to retain the new values across a power cycle you must perform a save Click the Delete button to remove the currently selected ACL from the switch configuration Intel Blade Server Ethernet Switch Module IXM5414E Summary This panel displays a summary of all ACLs on the switch ACL Summary ACL Rules Ports Direction Bay 5 Bay 5 Bay negim ACL The ACL ident2. Connections Specifies the current SSH connections Secure Socket Layer SSL commands config http secureport Use this command to configure the SSL port where port is between 1 and 65535 Default 443 Format config http secureport lt port gt config http secureprotocol Use this command to enable or disable SSL and set protocol levels versions The protocol level can be set to TLS1 SSL3 or to both TLS1 and SSL3 Default both Format config ip http secure protocol lt ss 3 tlsI both gt lt add remove gt config http secureserver adminmode Command 1s used to enable disable the SSL for secure HTTP Default disable Format config http secureserver adminmode lt enable disable gt show http info Displays the http settings for the switch Format show http info 218 Intel Blade Server Ethernet Switch Module IXM5414E Mode Privileged EXEC Secure Server Administrative Mode Indicates whether the administrative mode of secure HTTP is enabled or disabled Secure Protocol Level The protocol level may have the values of SSL3 TSL1 or both Secure Port Specifies the port configured for SSL HTTP Mode Indicates whether the HTTP mode is enabled or disabled Quality of Service QoS commands This section describes the commands used to configure and manage the Quality of Service QoS features of the Intel Blade Server Ethernet Switch Module IXM5414E These features include e Access Control Lists ACLs e Bandwidth provisio
3. DANGER Some laser products contain an embedded Class 3A or Class 3B laser diode Note the following Laser radiation when open Do not stare into the beam do not view directly with optical instruments and avoid direct exposure to the beam 2X CAUTION Hazardous energy is present when the blade is connected to the power source Always replace the blade cover before installing the blade Regulatory specifications and disclaimers Safety compliance USA UL 60950 3rd Edition CSA 22 2 No 60950 Canada cUL certified 3rd Edition CSA 22 2 No 60950 for Canada product bears the single cUL mark for U S and Canada Europe Low Voltage Directive 73 23 EEC UL CB to EN60950 3rd Edition International UL CB to IEC 60950 3rd Edition UL CB EN60 950 3rd Edition UL CB EMKO TSE 74 SEC 207 94 Australia New CB Report to IEC 60950 3rd Edition plus international deviations Zealand 280 Intel Blade Server Ethernet Switch Module IXM5414E Electromagnetic compatibility EMC FCC CFR 47 Part 2 and 15 Verified Class A Limit IC ICES 003 Class A Limit EMC Directive 89 336 EEC EN55022 Class A Limit Radiated amp Conducted Emissions EN55024 ITE Specific Immunity Standard EN61000 4 2 ESD Immunity Level 2 Contact Discharge Level 3 Air Discharge EN61000 4 3 Radiated Immunity Level 2 EN61000 4 4 Electrical Fast Transient Level 2 EN61000 4 5 AC Surge EN61000 4 6 Conducted RF EN61000 4 8 Power Frequen
4. Li Lr DANGER Electrical current from power telephone and communication cables is hazardous To avoid a shock hazard Do not connect or disconnect any cables or perform installation maintenance or reconfiguration of this product during an electrical storm Connect all power cords to a properly wired and grounded electrical outlet Connect to properly wired outlets any equipment that will be attached to this product When possible use one hand only to connect or disconnect signal cables Never turn on any equipment when there is evidence of fire water or structural damage Disconnect the attached power cords telecommunications systems networks and modems before you open the device covers unless instructed otherwise in the installation and configuration procedures Connect and disconnect cables as described in the following table when installing moving or opening covers on this product or attached devices To Connect To Disconnect Turn everything OFF Turn everything OFF First attach all cables to devices First remove power cords from outlet Attach signal cables to connectors Remove signal cables from connectors oe i E Attach power cords to outlet Remove all cables from devices Turn device ON oS gs oe IS a Statement 2 aa 2 CAUTION When laser products such as CD ROMs DVD drives fiber optic devices or transmitters are installed note the following e Do not remove th
5. Name Enter the name you want to give to the bandwidth profile You may enter up to 15 alpha numeric characters and may include the underscore _ or the dash You cannot change the name after the initial configuration Maximum Bandwidth Enter the maximum allowable bandwidth for this bandwidth allocation profile Click the Apply button to send the updated configuration to the switch Configuration changes take effect immediately If you want the switch to retain the new values across a power cycle you must perform a save Click the Delete button to delete the selected bandwidth allocation profile from the system Bandwidth profile summary This panel displays the bandwidth allocation information for all bandwidth profiles on the switch Intel Blade Server Ethernet Switch Module IXM5414E 143 Bandwidth Profile Summary Bandwidth Minimum Bandwidth Maximum Gandwidth Profile Marne Mbps Pele iiaia ee fest enone 1d oon Bandwidth Profile Displays the number associated with the bandwidth profile Name Displays the name of the bandwidth profile Allocated Minimum Bandwidth Displays the sum of the minimum guaranteed bandwidth for all bandwidth profiles configured on this interface Maximum Bandwidth Displays the sum of the maximum allowable bandwidth for all bandwidth profiles configured on this interface Traffic class configuration Use this panel to create a traffic class 144 Intel Blade Server Ethernet Switch
6. config bwprovisioning bwallocation delete Use this command to delete a bandwidth allocation profile from the system The lt name gt field is the user supplied name associated with the bandwidth allocation profile A bandwidth allocation profile may not be deleted while it is associated with a traffic class Format config bwprovisioning bwallocation delete lt name gt config bwprovisioning bwallocation maxbandwidth This commands configures the maximum allowable bandwidth for this bandwidth allocation profile The lt maxbandwidth gt parameter is a value from 0 to the maximum bandwidth of the interface to be associated with this profile The bandwidth allocation profile maximum bandwidth must be greater than or equal to the minimum bandwidth If this value is set to O it will not allow any traffic for this bandwidth allocation profile Default 100 Mpbs Format config bwprovisioning bwallocation maxbandwidth lt name gt lt maxbandwidth gt show bwprovisioning bwallocation detailed Use this command to display detailed bandwidth allocation information for the specified bandwidth allocation profile Format show bwprovisioning bwallocation detailed lt name gt Bandwidth Allocation Profile Name Displays the user defined name of this bandwidth allocation profile Minimum Bandwidth Displays the minimum guaranteed bandwidth of this bandwidth allocation profile in Mbps Maximum Bandwidth Displays the maximum allowable bandwidth of this band
7. Root Port Bridge Forward Delay The value that all bridges use for forwarddelay when this bridge is acting as the root Values range from 4 to 30 The Factory default is 15 seconds Hello Time The amount of time between the transmission of Configuration BPDUs by this node or any port when it is the root of the spanning tree or trying to become the root Bridge Hold Time Minimum time between transmission of Configuration BPDUs CST Regional Root The regional root bridge Regional Root Path Cost The cost of the path to the regional root as seen from this bridge Associated FIDs List of forwarding database identifiers currently associated with this bridge instance Associated VLANS List of VLAN IDs currently associated with this bridge instance show spanningtree cst port detailed 198 Use this command to display the settings and parameters for a specific switch port within the CST The lt port gt is the port to be affected Format show spanningtree cst port detailed lt port gt Port Identifier The port identifier for this port within the CST Port Priority The priority of the port within the CST Intel Blade Server Ethernet Switch Module IXM5414E Port Forwarding State The forwarding state of the port within the CST Port Role The role of the specified interface within the CST Auto calculate Port Path Cost Indicates whether automatic calculation of the port path cost is enabled Port Path Cost The configured path cost for the
8. 1 Start a Telnet session to connect to the switch module 2 Enter your user ID and password After successful login the CLI prompt displays Enter transfer download and press Enter Enter serverip ipaddress where ipaddress is the IP address of your TFTP server and press Enter Enter datatype 8051 mcu code and press Enter es a a Enter filename IXM54_MCUnnn hex where nnn is the software sequence number of the new switch MCU Code and press Enter 7 Enter start and press Enter to begin the software upgrade process Intel Blade Server Ethernet Switch Module IXM5414E 8 Review the information on the screen and enter y when prompted to confirm the correctness of the entries After confirmation the MCU code is transferred to the switch from the TFTP server After successful update the switch module is automatically powered off 9 To activate the new MCU code turn on the Ethernet switch module through the management module interface see Resetting and restarting the Ethernet switch module Section Upgrading the image using web interface 4 port Sb Ethemet be 1 Switch Modula le Itt CHILI im a x yilar ARF Echa Download File To Switch banton Infoemmation Corhiyuractiar t Forwarding Database File lyp t Loge b Hiiri TFTF Tane pmr Address lg 0 SNMP Statistics TF IF File Path malin hi Ea Eae All Applied Changes FIF File Mame oystam Masai kesel Consgurati n to Defaults
9. 257 Table 10 STP parameters bridge Bridge hello time The length of time between broadcasts of the hello 2 seconds message Bridge maxage time The length of time before topology information or 20 seconds information from BPDUs is discarded because it has aged out Bridge forward delay The amount of time spent by a port in the discarding 15 seconds time states waiting for a BPDU that might return the port to the discarding state if the bridge is in IEEE 802 1D compatibility mode or if operPointToPointMAC and operEdgePort are both False The following table shows the user configurable STP parameters for the ports on the bridge Table 11 STP port parameters Port priority The relative priority for each port The lower the number 128 the higher the priority and the greater the likelihood of the port being elected as the root port Port path cost A value used by STP to evaluate paths auto calculated based on the link speed Creating a stable topology 258 For STP to arrive at a stable network topology the following information is used e A unique identifier for each bridge e An identifier for each bridge port e The path cost to the root bridge associated with each bridge port STP communicates between bridges on the network using bridge protocol data units BPDUs There are two types of BPDUs e Configuration messages containing a spanning tree priority vector describing the transmitter s view of the spann
10. Blade Server Ethernet Switch Module IXM5414E LAN 1 er Intel Blade Server Ethernet Switch Module IXM5414E Port Cost 19 ff A Port 3 D Bridge ID 15 g Port 1 Port 2 Port Cost 4 pore ees Port Cost 4 gt a gt Port 1 B C Port 1 Bridge ID 30 Bridge ID 20 Port Cost 19 Port 2 Port 3 D E Port 2 Port 3 Y Port Cost 19 Port Cost 19 LAN 2 LAN 3 NOTE In this example only the default STP values are used LAN 1 A Port 3 R Root Bridge Port 1 Port 2 S A Designated Port Designated Port Root Port e g E Designated Bridge Root Port Port 1 L Port 2 Port 34 Blocked gt Port 2 Port 3 LAN 2 LAN 3 The bridge with the lowest bridge ID bridge A was elected the root bridge and the ports were selected to give a high port cost between bridges B and C 263 Note also that the example network topology is intended to provide redundancy to protect the network against a link or port failure not a switch failure or removal For example a failure of bridge A would isolate LAN 1 from connecting to LAN 2 or LAN 3 Discarding state A port in the discarding state does not forward packets When the switch is started a BPDU is sent to each port in the bridge putting these ports in the discarding state A bridge initially assumes it is the root it then begins the exchange of BPDUs with other bri
11. Use this command to reset all user passwords to the factory defaults You will be prompted to confirm that the password reset should proceed Format clear pass clear stats port Use this command to clear the statistics for a specified port You will be prompted to confirm that you want to issue this command Format clear stats port lt port listofports all gt clear stats switch Use this command to clear the statistics for the switch You will be prompted to confirm that you want to issue this command Format clear stats switch clear transfer Use this command to reset the file transfer parameters to the factory defaults You will be prompted to confirm that you want to issue this command Format clear transfer clear traplog Use this command to clear the trap log You will be prompted to confirm that you want to issue this command Format clear traplog clear vlan Use this command to reset the VLAN configuration parameters to the factory defaults You will be prompted to confirm that you want to issue this command Format clear vlan logout Use this command to close the current Telnet connection or reset the current serial connection If you have any saved configuration changes you will be prompted to save them If you logout without issuing a save config command any configuration changes you have made will be lost Format logout 182 Intel Blade Server Ethernet Switch Module IXM5414E ping Use this com
12. address is a set of destination ports and VLAN information Any packet with a particular Static MAC Address in a particular VLAN is admitted only if the ingress port is 1n the set of source ports otherwise the packet is dropped On the egress side the packet if admitted is sent out of all the ports that are in the set of destination ports Upon ingress each packet s destination MAC address is compared against the forwarding database If the address is not in the table the packet is flooded within the VLAN If the address is in the table then it is checked to see if it has been defined as a filter If the MAC address 1s not defined as a filter forwarding is performed as a normal parced address If the specific destination MAC address 1s defined as a filter the packet is forwarded to the set of destination ports defined in the filter Static entries are never aged and can only be removed by user command NOTE Even though the above discussion pertains to the forwarding database MAC filters are not configured and displayed as part of the forwarding database they are configured and displayed separately Generic Attribute Registration Protocol GARP This protocol is used to exchange information between GARP participants to register and de register attribute values within a bridged LAN When a GARP participant declares or withdraws a given attribute the attribute value is recorded with the applicant state machine for that attribute for
13. authenticator and authentication server Operating Control Mode Displays the control mode under which the port is actually operating Possible values are Force Unauthorized The authenticator PAE unconditionally sets the controlled port to unauthorized Force Authorized The authenticator PAE unconditionally sets the controlled port s to authorized mode Auto The authenticator PAE sets the controlled port s mode to reflect the result of the authentication exchanges between the supplicant authenticator and authentication server Reauthentication Enabled Displays whether reauthentication of the supplicant for the specified port is allowed The possible values are true and false If the value is true reauthentication will occur Otherwise reauthentication will not be allowed Key Transmission Enabled Displays whether key transmission is enabled on the selected port The possible values are true and false If the value is true keys will be transmitted to the supplicant Otherwise keys will not be transmitted Port Status Displays the authorization status of the specified port The possible values are Authorized and Unauthorized Click the Refresh button to update the information on the page Statistics This panel displays the IEEE 802 1X statistics for the specified port Intel Blade Server Ethernet Switch Module IXM5414E 123 124 Refresh Clear Al Cipa Port Select the port whose information is to be displaye
14. c 020s cts eters had ear iew tem tGaee ca eee ee 24 SOC UNI aaea ae eee a ees cei eee ones are eee a ere 35 Quality of Service QOS sacs cesncane saw d Pitas ewre nese dae awe ewe 38 5 Web Based Network Management 000c eee e eee eee 41 INIKOGUCHION 2 s226o Nees ee eae Co ee es ee ee es 41 Remotely managing the switch module 0 0 00 e eee es 41 Gelling stared iwi r tte vacates once bate a yorestetmateet how eshs 42 SOV SECINY glee enayas espe E E ere bee becom ee argh E E N E E E E EE 45 SWICHING 22 oha5 20 tatoos tte ete aie eee ete hee ta eee 91 Class Of SEVICE eiaeia dest ioe tart ees aed ae ia ae eee alee nee ar eae ee 115 DOCU ect 5s ba R trae etre Dear ea ane nn a apace time Ob angen dane eter oneness 116 QOS cet eae e He metre tat ae eee ae ee eee od eee ee ate iw Seto ee re elon ae 137 LOGOUT Atte teter ee ee esa at teehee ot eres ete ae So ee 147 6 Updating the Ethernet Switch Software 000 ee 149 Determining the software version 0 0 cc eee 149 Upgrading the switch software 0 ee 150 Resetting and restarting the switch module 000 cece eee eee 152 7 Command Line Interface Management 020 0c eee eee 155 Command Line Interface CLI conventions 0000 ce eee eee 155 Remotely managing the IXM5414E switch module 00000 eee ees 158 IXM5414E switch module system commands 00000 eee eeneaee 160 Switching configuration commands
15. e GMRP PDUs are transmitted as VLAN tagged frames or untagged frames in accordance with the state of the Untagged Set for that port for the VLAN concerned Where VLAN tagged frames are transmitted the VID field of the tag header carries the VLAN Context Identifier value Internet Group Management Protocol IGMP snooping Internet Group Management Protocol IGMP snooping is a feature that allows a switch to forward multicast traffic intelligently on the switch Multicast IP traffic 1s traffic destined to a host group Host groups are identified by class D IP addresses which range from 224 0 0 0 to 239 255 255 255 Based on the IGMP query and report messages the switch forwards traffic only to the ports that request the multicast traffic This prevents the switch from broadcasting the traffic to all ports and possibly affecting network performance Note that the IP address range 224 0 0 1 through 224 0 0 255 is reserved for routing protocols and other low level topology discovery or maintenance protocols For example the address 224 0 0 1 1s the all hosts address and 224 0 0 2 indicates all routers on this subnet Also only the least significant 23 bits of the IP address are mapped to MAC addresses so for example 225 0 0 123 and 239 128 0 123 and similar IP multicast addresses all map to MAC address 01 00 5E 00 00 7B for Ethernet Therefore a switch using IGMP Snooping may collapse IP multicast group memberships into a single Etherne
16. however entries may be aged out too soon and have to be relearned While the entries are being relearned received packets whose source addresses cannot be found in the forwarding table will be transmitted through all ports on the switch thus unnecessarily increasing network traffic Spanning Tree Protocol STP The Institute of Electrical and Electronics Engineers IEEE 802 1D Spanning Tree Protocol STP enables the blocking of links between switches that form loops within the network When multiple links between switches are detected a primary link is established Duplicated links are blocked from use and become standby links The protocol enables the duplicate links to be used in the event of a failure of the primary link When the STP is configured and enabled primary links are established and duplicated links are blocked automatically The reactivation of the blocked links at the time of a primary link failure is also accomplished automatically without operator intervention This automatic network reconfiguration provides maximum uptime to network users However the concepts of the Spanning Tree Algorithm and Protocol are complicated and complex subjects and must be fully researched and understood It 1s possible to cause serious degradation of the performance of the network if the spanning tree is incorrectly configured Read the following information before making any changes from the default values The switch module STP performs
17. packets cannot cross VLANs without a network device performing a routing function between the VLANS The switch module supports only IEEE 802 1Q VLANs The port untagging function can be used to remove the 802 1Q tag from packet headers to maintain compatibility with devices that are tag unaware The switch module default is to assign all blade servers and the four external ports to a single 802 1Q VLAN named DEFAULT with a VLAN ID VID of 1 The switch module can be configured to enable a wide variety of VLAN configurations among the various external ports IEEE 802 1Q VLANs 26 The following terms are relevant to VLANs and important with respect to understanding how VLANs function Tagging The act of adding 802 1Q VLAN information to the header of a packet Untagging The act of stripping 802 1Q VLAN information out of the packet header Ingress port A port on a switch where packets are flowing into the switch and where VLAN decisions must be made Egress port A port on a switch where packets are flowing out of the switch either to another switch or to an end station and where tagging decisions must be made The IXM5414E switch module implements IEEE 802 1Q VLANs which require tagging This enables them to span the entire network provided that all switches on the network are IEEE 802 1Q compliant VLANs enable a network to be segmented to reduce the size of broadcast domains All packets entering a VLAN will be forwarded o
18. 0 0 0c cee es 187 Class of Service commands 00 00 eee es 205 Security configuration commands 00 0c eee ee ees 206 Quality of Service QOS commands 0 00 eee eee eee 219 Appendix A RJ 45 Pin Specifications 0 0 eee ees 227 Appendix B Cable Lengths 0 00 cee ee 229 Appendix C Run time Switching Software Default Settings 231 Appendix D CLI Command Tree 0 000 cece eee 239 Appendix E CLI Configuration Examples 0 020 e eee eee 249 IEEE 802 1w configuration example 0 00 cee eee es 251 VLAN configuration example 000 eee 252 Link aggregation configuration example 0 000 eee eee eee 253 IGMP snooping configuration example 0000 eee eee eee 254 Access Control List configuration example 00000 ee eee eens 255 Appendix F Troubleshooting the Spanning Tree Protocol 257 Appendix G Getting Help and Technical Assistance 5 275 AppendDCH NOCES i riranin a ee ee ee eee ee ee 277 Safety Before installing this product read the Safety Information Antes de instalar este produto leia as Informa es de Seguran a FERAL fo ZA tPF AHR Safety Information ZERA FL J a ail TREE se Lay sa ZUR ee SE Prije instalacije ovog produkta obavezno pro itajte Sigurnosne Upute P ed instalac tohoto produktu si p e t te p ru ku bezpe nostn ch instrukc L s
19. 2 on bridge C should be in the discarding state but since it can no longer receive BPDUs from port 2 on bridge B it will change to the forwarding state If the failure exists at boot time STP will not converge on a stable topology and restarting the bridges will have no effect NOTE In the previous example restarting the bridges will provide a temporary resolution This type of failure is difficult to detect because the Link state LEDs for Ethernet links rely on the transmit side of the cable to detect a link If a unidirectional failure on a link is suspected it is usually necessary to go to the console or other management software and look at the packets received and transmitted for the port For example a unidirectional port will have many packets transmitted but none received or vice versa Packet corruption Packet corruption can lead to the same type of failure If a link is experiencing a high rate of physical errors a large number of consecutive BPDUs can be dropped and a port in the discarding state would change to the forwarding state The discarding port would have to have the BPDUs dropped for 50 seconds at the default settings and a single BPDU would reset the timer If the Max Age is set too low this time is reduced Resource errors The switch performs its switching and routing functions primarily in hardware using specialized application specific integrated circuits ASICs STP is implemented in software and is th
20. Enable Erathe lays neadlod etn Cisatlod Pret Erat Ergi Bay 5 matod a Casathid Fort Ena Enabt Bay 6 Enabled abi Disatled Port Ena Enable HaT maihi Dipati Cai satel Forn reli Erak aas Eman Disable Casatled Port Erat Enable Bay Enabled Disab s Disabisd Pot Enable Enable Bay 10 Enabled abis Disabled Port Enable Enable Bay 11 Enatlad esate Disabled Fort Enable Enable ay 12 Enrabia Des abies Disabled Pot Enable Enable Bay 13 Enabled Tecate Disabled Porn Enable Enable yid Emailed abe Cisabied Port Enable Enable ct Emate paning Decaan P Erate Chane Eai AG E ated Pesabled Casetted Port Erabi Enable Ext Lesabece Bianya fq Disabled Prat erata Erabig Ext 4 Chaer Lisabieg La sated Fat Emate Enable LAs a iE gabezi Lasaiied Fat Chains if Identifies the physical port If not blank this field indicates that this port 1s a special type of port The possible values are Mirrored Port being mirrored Probe Probe port participating in Port Mirroring LAG Member of a link aggregation trunk The Administrative Mode for the port or LAG The possible values are Enabled and Disabled Forwarding State Port Role Admin Mode The port s current spanning tree state This state controls what action a port takes on receipt of a frame If the bridge detects a malfunctioning port it will place that port into the Broken state The other four states are defined in IEEE 802 1s as e Disabled e Manual Forwarding e Learning e Forwarding Ea
21. Host Configuration Protocol DHCP server when the switch module is turned on or reset The DHCP protocol enables IP addresses network masks and default gateways to be assigned by a DHCP server IXM5414E switch module system commands 160 This section describes the commands that you use to configure and manage the switch These commands include e System information and statistics commands e System configuration commands e System description commands e System utility commands e Trap management commands Later sections describe the commands that you use to configure and manage the various protocols running on the switch Intel Blade Server Ethernet Switch Module IXM5414E System commands These commands display and configure system information and statistics Address Resolution Protocol ARP cache show arp switch Use this command to display the connectivity between the switch and other devices The Address Resolution Protocol ARP cache identifies the MAC addresses of the IP stations communicating with the switch Format show arp switch MAC Address A unicast MAC address of a device on a subnet attached to one of the switch s routing interfaces for which the switch has forwarding and or filtering information The format is six two digit hexadecimal numbers separated by hyphens for example 01 23 45 67 89 AB IP Address The IP address associated with the MAC address Port The identification of the port being used for
22. Idle Time The idle session time Session Time The total session time Click the Refresh button to update the information on the page Login summary This panel displays a list of all users set up for each authentication login list Intel Blade Server Ethernet Switch Module IXM5414E 55 User Login Summary m Lagin Plethod List Login Users 802 1x Port Security Users etait iss hice LISERIO BERE WES ES Jett Sal maresh Login Identifies the authentication login list summarized in this row Method List The ordered list of methods configured for this login list Login Users The users you assigned to this login list on the User Login Configuration screen This list is used to authenticate the users for system login access 802 1X Port Security Users The users you assigned to this login list on the Port Access Control User Login Configuration screen This list is used to authenticate the users for port access using the IEEE 802 1X protocol Click the Refresh button to update the information on the page User login 56 Use this panel to assign a user to an authentication login list Intel Blade Server Ethernet Switch Module IXM5414E a Dole Appt Each configured user is assigned to a login list that specifies how the user should be authenticated when attempting to access the switch or a port on the switch After creating a new user account on the User Account screen you should assign that user to a login list
23. Module IXM5414E late AGEE bii yb ahar Internet Expbercr p aigi zj fie Cot Yew Faoi ook jp big Delete App Traffic Class Select Create from the pull down menu to configure a new Traffic Class or select one of the existing classes to display and update its configuration Name Enter the name to be given to the Traffic Class You may enter up to 15 alpha numeric characters and may include the underscore _ or the dash You cannot change the name after the initial configuration Weight Enter the weight to be assigned to the Traffic Class The weight must be a decimal number from to 1024 Type The only supported type is per VLAN per Interface VLAN ID Enter the ID of the VLAN to be associated with the traffic class This is a value between 2 and 4094 Interface Select the interface to which the Traffic Class will be applied The pull down menu contains the port identification of all interfaces for which a traffic class may be configured Bandwidth Profile Select the Bandwidth Profile for the Traffic Class from the pull down menu The list contains the identification of all Bandwidth Profiles in the form name id min max Mbps If you have not configured any Bandwidth Profiles the list will contain only the default profile This field associates a bandwidth allocation profile with a Traffic Class The sum of the bandwidth allocation profile minimum bandwidth of all Traffic Classes associated with the same interface sh
24. Pari IE Typera Faning Priority Bury 2 Adil Ad Dated Bary 2 F WL AM Cirih Digablid Ei LA Enit ue 4 Ach Castle E Admit A Disabled Ey Admit A Lasaia Bary Admi Pisable ET Admit Al Disabled bay Ahit Ad LASAe Eey Adal Al Locale Bay Admit Al Disabled Ba Adit Ad Disabled ry Admit Al Lasabled CaF Admi Al Lasatied Ext Admi 4 sable Admit Disabled I E Drsathed A Casabled j Port Indicates which port is associated with the fields on this line Port VLAN ID The VLAN ID that this port will assign to untagged frames or priority tagged frames received on this port if the acceptable frame types parameter is set to Admit All The factory default is 1 Acceptable Frame Types The types of frames that may be received on this port The options are VLAN Only and Admit All When set to VLAN Only untagged frames or priority tagged frames received on this port are discarded When set to Admit All untagged frames or priority tagged frames received on this port are accepted and assigned the value of the Port VLAN ID for this port With either option VLAN tagged frames are forwarded in accordance with the IEEE 802 1Q VLAN specification Port Priority The VLAN Port Priority that this port will assign to untagged frames received on this port Intel Blade Server Ethernet Switch Module IXM5414E Reset configuration All VLAN configuration parameters are reset to their factory default values if you click the Reset button and
25. Ray VWiMiN TAS an 74 honor Sy stem Statue mw ling LEDs BERETE Him charimi WH Blade Tasks Powan ined arl Remote Contral Firmware Update Lanfair Serial Owar LAN lM Hodule Tasks Power Hasta Management Firmware Update FWh Contr General Settings Lagin Frois Filial Pot Assignments Network Interfaces Heat Fratinol Secures Management Module Blade Sarvar Firmware YPO Dayls Name 1 SNAZI TALAAWV IE lo sand hirea WRO for a bidi This process may take a while Target All Blades WO Module Firmware YPO Bay ype Fihemet Shi Plain Agipliceation 2 Management Module Firma Ray Mame Finna ype Boo ROM Main Application 1 Firmware Type Altos Diagnostics Blade eye mgr a r feted the lade ay re VFO Finnene Type Build M BRISh2 BRSM ARISM Hi H Gaili 1 BSF OOADLS RENTALS r t BROT A imf chick Reliad eo Hilmad YAI Rolise OF 2004 UUK aA MARA Paill 10 File Haman Released Revision EAS 1 01 07 02 2003 1 00 BE 7 FHiwision 30i 00 Fa Heli Hewissinn 149 Obtaining the latest version To determine the latest version of the switch module software available from Intel complete the following steps 1 Go to http downloadfinder intel com 2 Enter XM5414E in the download search box and click Go A Results window opens displaying a list of links to the current software update 3 Compare the software version that you had noted f
26. Registration Protocol GARP summary and configuration panels Menu options are e Status e Switch configuration e Port configuration Status This screen shows the GARP Status for the switch and for the individual ports Note that the timers are only relevant when the status for a port shows as Enabled Seach CMR Enabled Leave Leave All Port GYRP PotGMRP Join Timer Timer Timer Prout Mode Made centisecs fcentisecs centisecs Bay 1 Enab Enaticd Al z Oot ays Erabeet Enabed F La LEE Security Bay Enabiced Enabisij x bi cary Enapkj Enapisj hay Enab Fmabiend rat zil miy Enabiea Enateen pi cay Erte Enabisj i PEJ Daya Enabeed Enabieed i Bay Ernane Ernani AL D nay Enabiz brated f Bayi Enabled Enabied i Bey 12 Emabisd Cnabicij Fal Bay 13 Enabiej Enahierd Ft zil LDL Bary 14 Erabaad Enab sj Fl 5 PEHO Ext Enabled Enabled a aa hoo x Switch GVRP Indicates whether the GVRP administrative mode for this switch is Enabled or Disabled The factory default is Disabled Switch GMRP Indicates whether the GMRP administrative mode for this switch is Enabled or Disabled The factory default is Disabled Port Indicates which port is associated with the fields on this line Intel Blade Server Ethernet Switch Module IXM5414E 99 Port GVRP Mode Indicates whether the GVRP administrative mode for the port is Enabled or Disabled The factory default is Disabled Port GMRP Mode Indicates whether the GMRP administrative mode
27. Rripi Parmena to Lais Doanlosd File To Swatch z Upload Faa From Swach Start File Transl iD Piney b Trap Manager To upgrade the switch software using the web interface complete the following steps 1 Log on to the management module web interface 2 From the I O Module Tasks menu click Management Advanced Management 3 Click Start Web Session then logon to the Ethernet switch module 4 From the System Utilities menu click Download File to Switch The Download File to Switch window opens 5 Enter the following information in the Download file to Switch window e In the File type field select Code from the drop down list e In the TFTP Server IP Address field enter the IP address of your TFTP server e In the TFTP File Name field enter filename X M54_nnn opr where nnn is the software sequence number of the new switch software 6 Click Start File Transfer to download the new switch software Intel Blade Server Ethernet Switch Module IXM5414E 151 Upgrading the MCU code using web interface 4 port Gb Ethernat Switch Module T Sytem ARP Coon Download File To Switch entary infonraiion t Lonhigiration F Forsaning Makiha File Type 5051 MEL de r Loga t Port TFTF Server F Address Mn P SNMP l P Statisties TFTF File Fath T Sy iem Hinas Sane A App hamis TFTF Fila Name m System Reset R eet Contiguration t Defaulta Renal Posieonin bo Urhu Cicwnioad File To Switch Upload File From Switc
28. SMM LEM LARE la LALAR SHARD Rasage im LARD Fhe Link Aggregation motie Tor hae rag EEE Ut Jad i StS Ree eS arses nioma Hass for Network WIE anata LPT ised iames hth BEL dd GR ie Litera of Weanaged Gerts for Ends dot Tta 1h Roti bo hoe Durfee of boned i arte feo thee Perrot lr j Name The RFC number if applicable and the name of the MIB Description The RFC title or MIB description Click the Refresh button to retrieve and display the database again starting with the first entry in the table Statistics This menu provides access to menu options that display various switch statistics including e Switch detailed e Switch summary e Port detailed e Port summary Switch detailed This panel displays detailed statistics for all CPU traffic Intel Blade Server Ethernet Switch Module IXM5414E 73 74 Papp gl b AELA N bats Transmitted Vitout Errors te Tii et i iia Ei TOMES wies Packets ransreded eames Perea tied p3 Transmit Packets Lascardad g Most Address Entries Ever Used FERED Ernies l Mon VLAN Entries Evor Litod z ifIndex This object indicates the ifIndex of the interface table entry associated with the processor of this switch Received Octets Received The total number of octets of data received by the processor excluding framing bits but including FCS octets Packets Received Without Error The total number of packets including broadcast packets and multica
29. This chapter explains the menus and parameters used by the web management interface Note that your browser window may not exactly match the window illustrations in this guide Remotely managing the switch module The IXM5414E switch module supports two remote access modes for management through Ethernet connections You can select the mode that is best suited for your platform s environment The switch module has an internal Ethernet path to the management module and the four external Ethernet ports on the switch module e The default mode uses the internal path to the management module only In this mode the remote access link to the management console must be attached to the 100 Mbps Ethernet port on the management module With this mode the IP addresses and Simple Network Management Protocol SNMP parameters of the switch modules can be assigned manually through the SBCE Management and Configuration Program This mode enables the system administrator to provide a secure LAN for management of the platform s subsystems separately from the data network Important With this mode the IXM5414E switch module does not respond to remote management commands through the four external Ethernet ports on the switch module 41 See the applicable Installation and User s Guide on the Resource CD for additional instructions for configuring the switch module for this mode of operation e The system administrator can select to enable remote manage
30. a fire hazard and a shock hazard under certain conditions To avoid these hazards ensure that your system electrical requirements do not exceed branch circuit protection requirements Refer to the Statement 7 Mi fr 2X CAUTION Hazardous voltage current and energy levels might be present Only a qualified service technician is authorized to remove the covers where the following label is attached 1 Introducing the Intel Blade Server Ethernet Switch Module IXM5414E Thank you for purchasing an Intel Blade Server Ethernet Switch Module IXM5414E This Installation and User s Guide contains information about e Setting up and installing your switch module e Configuring your switch module For installation details see Chapter 2 Installing and Removing the Intel Blade Server Ethernet Switch Module IXM5414E on page 9 For additional information see the instructions in your appropriate server board chassis publications Your IXM5414E switch module is one of up to four switch modules that can be installed in the SBCE configuration of the blade chassis This high performance IXM5414E switch module is ideally suited for networking environments that require superior microprocessor performance efficient memory management flexibility and reliable data storage Performance reliability and expansion capabilities were key considerations in the design of your switch module These design features make it possible for yo
31. accounting server Accounting Requests Displays the number of RADIUS Accounting Request packets sent not including retransmissions Accounting Retransmissions Displays the number of RADIUS Accounting Request packets retransmitted to this RADIUS accounting server Accounting Responses Displays the number of RADIUS packets received on the accounting port from this server Intel Blade Server Ethernet Switch Module IXM5414E 133 Malformed Accounting Responses Displays the number of malformed RADIUS Accounting Response packets received from this server Malformed packets include packets with an invalid length Bad authenticators and unknown types are not included as malformed accounting responses Bad Authenticators Displays the number of RADIUS Accounting Response packets that contained invalid authenticators received from this accounting server Pending Requests Displays the number of RADIUS Accounting Request packets sent to this server that have not yet timed out or received a response Timeouts Displays the number of accounting timeouts involving this server Unknown Types Displays the number of RADIUS packets of unknown type that were received from this server on the accounting port Packets Dropped Displays the number of RADIUS packets that were received from this server on the accounting port and dropped for some other reason Click the Refresh button to update the information on the page Clear statistics Use this panel
32. adminmode enable IGMP Snooping will be enabled with default values for the group membership interval maximum response and multicast router present expiration timers This command overrides the default for the multicast router present expiration timer config igmpsnooping mcrtrexpiretime 2400 Enable IGMP Snooping for a set of physical ports and for a LAG config igmpsnooping interfacemode bay 1 bay 2 bay 3 bay 4 enable config igmpsnooping interfacemode lag 1 enable To display information about the IGMP Snooping configuration issue show igmpsnooping To display information about all multicast addresses issue show mfdb table all 254 Intel Blade Server Ethernet Switch Module IXM5414E Access Control List configuration example This section provides sample CLI commands showing how to configure the Intel Blade Server Ethernet Switch Module IXM5414E to support Access Control Lists ACLs ACLs offer one way of adding Quality of Service support to your network You define an ACL to control who can use your network or network resources by allowing or prohibiting access The ACL specifies one or more match criteria that will be used to determine whether a given packet will be admitted to the network The first match criteria met by a packet determines whether the packet is admitted If the packet matches none of the criteria it will be dropped An ACL consists of up to ten rules each applied to one or more of the following fields e Sour
33. and click Reload YPO This proce miy lake a when Farga All Blades Reload PO VO Module Firmware VPD Bay Type Tiinmware Type Bulla 1D Released Revision Ethemet SM Bact ROM RISO OF 2004 2 04 Intel Blade Server Ethernet Switch Module IXM5414E 153 154 Intel Blade Server Ethernet Switch Module IXM5414E 7 Command Line Interface Management Your Intel Blade Server Ethernet Switch Module IXM5414E supports a management interface that you can use to set up and control your device over the network using the TCP IP Telnet protocol You can use this facility to perform the same network management functions that you can perform using the Web Interface You can also use the Telnet interface to configure the switch module for management using an SNMP based network management system This chapter describes how to use the CLI to access the IXM5414E switch module change its settings and monitor its operation Important Before you configure your IXM5414E switch module be sure that the management modules in your SBCE unit are properly configured In addition to access and manage your switch module from an external environment you might need to enable certain features such as the external ports and external management over all ports See the applicable Installation and User s Guide publications on the Resource CD for more information Command Line Interface CLI conventions The Command Line Interface CLI syntax conventions and te
34. bridge the set hello time will be used if and when your bridge becomes the root bridge NOTE The hello time cannot be longer than the Max Age Otherwise a configuration error will occur The Max Age can be from 6 to 40 seconds At the end of the Max Age if a BPDU has still not been received from the root bridge your bridge will start sending its own BPDU to all other bridges for permission to become the root bridge If your bridge has the lowest bridge identifier it will become the root bridge Forward Delay The Forward Delay can be from 4 to 30 seconds For IEEE 802 1D operation this is the time that any port on the bridge spends in the learning state while moving from Intel Blade Server Ethernet Switch Module IXM5414E 261 the discarding state to the forwarding state For IEEE 802 1 w operation this is the time that a designated port on the bridge spends in the learning state while moving from the disabled state to the forwarding state when both operPointToPointMAC and operEdgePort are false NOTE Observe the following formulas when setting the previously described parameters e Max Age lt 2 x Forward Delay 1 second e Max Age 2 2 x Hello Time 1 second Port Priority You can set a port priority from 0 to 240 The lower the number the greater the probability that the port will be chosen as the root port Port Path Cost You can set a port cost from 1 to 200000000 or specify auto The lower the number the
35. bwprovisioning Maximum bwallocation maximum Traffic Class Weight 1 config bwprovisioning trafficclass weight ew o o T Add users All config dot1x port users add Control Mode Auto config dot1x port controlmode Initialization Disable config dot1x port initialize Maximum of 2 config dot1x port requests maxrequests Disable config dot1x adminmode Port initialize Disable config dot1x port initialize Quiet Period 60 seconds config dot1x port quietperiod Reauthentication False config dot1x port Enabled reauthenabled Reauthentication 3600 seconds config dot1x port Period reauthperiod 231 23 Table 9 Default settings for run time switching software variables continued Sub Heading heading Variable Default value Command Reauthentication Disable Sequence config dot1x port reauthenticate Server Timeout 30 seconds config dot1x port servertimeout 30 seconds config dot1x port supptimeout Transmit Period 30 seconds config dot1x port transmitperiod OO O Supplicant Time Out Remote Authentication Dial in User Service RADIUS Accounting Accounting Server 1813 Port config radius accounting server port Disable config radius accounting mode Configuration Maximum Retransmits config radius maxretransmits Timeout 5 minutes config radius timeout Server Secure Shell SSH ooo Disable config ssh adminmode Protocol Both SSH1 and config ssh protocol SSH2
36. by that subscriber you can provide enhanced service offerings to your users Bandwidth provisioning reduces the risk of network congestion and prevents a small number of applications or users from consuming all the available bandwidth Bandwidth provisioning provides Maximum Burst Rate MBR management for an interface and a flexible framework for defining and extending traffic classes It allows you to allocate bandwidth by mapping a subscriber s traffic profile e g source destination IP address traffic type to a prescribed policy Bandwidth provisioning actively provisions maximum bandwidth For example bandwidth provisioning can enable monitoring and management of bandwidth for VLAN traffic based on VLAN class IDs over an interface To run bandwidth provisioning you need to define Bandwidth Allocation Profiles BAPs and Traffic Classes TCs and then associate the two Bandwidth Allocation Profile A transmission link definition which specifies a Bandwidth Bucket Identifier as well as maximum bandwidth allowances Traffic Class The definition of the traffic to which a set of rules will apply A class is defined by specifying a VLAN Identifier and an interface number along with the class priority A default BAP which you cannot modify is assigned to all new TCs Any given BAP may be assigned to multiple TCs Once you have defined the BAPs and TCs and attached BAPs to the TCs VLAN traffic on the specified interfaces will not excee
37. connect to multiple networks this protocol is followed for each adapter that you want to configure for TCP IP Multi homed systems are selectively configured for any combination of system interfaces When a DHCP enabled computer is restarted it sends a message to the DHCP server with its current configuration information The DHCP server either confirms this configuration or sends a negative reply so that the client must begin the initializing state again System startup might therefore result in a new IP address for a client computer but neither the user nor the network administrator has to take any action in the configuration process Intel Blade Server Ethernet Switch Module IXM5414E Before loading TCP IP with an address acquired from the DHCP server DHCP clients check for an IP address conflict by sending an Address Resolution Protocol ARP request containing the address If a conflict 1s found TCP IP does not start and the user receives an error message The conflicting address should be removed from the list of active leases or it should be excluded until the conflict is identified and resolved Security IEEE 802 1X Local Area Networks LANs are often deployed in environments that permit the attachment of unauthorized devices The networks also permit unauthorized users to attempt to access the LAN through existing equipment In such environments you may want to restrict access to the services offered by the LAN This section in
38. connections are terminated and the boot code executes The switch uses the stored configuration to initialize the switch You are prompted to confirm that the reset should proceed A successful reset is indicated by the LEDs on the switch 84 Intel Blade Server Ethernet Switch Module IXM5414E System Reset AS Resetting the switch causes all operations of the switch to stop This session will be broken and you will have to log in again after the switch has rebooted You will lose any unsaved changes eget Reset configuration to defaults Click the Reset button to reset the configuration of the switch module to the factory defaults The switch is automatically reset when this command is processed All configuration changes that you have made including those saved to NVRAM will be lost You are prompted to confirm that the reset should proceed Reset Configuration to Defaults sal A This function resets all configuration parameters to their defaut valies Resat Reset passwords to defaults Click the Reset button to reset all user passwords to the factory defaults since only the ADMIN can set passwords this is blank You are prompted to confirm that the password reset should proceed Intel Blade Server Ethernet Switch Module IXM5414E 85 Reset Passwords to Defaults A This function resets all system login passwords to their default values Figi Download file to switch Use this panel to configure
39. disabled blocking listening learning forwarding and broken Port Role The role of the specified port within the spanning tree Link Status The operational status of the link Possible values are Up or Down Link Trap The link trap configuration for the specified interface Intel Blade Server Ethernet Switch Module IXM5414E 199 Spanning tree port commands config spanningtree port migrationcheck Use this command to force the specified port to transmit RST BPDUs The lt port gt parameter specifies the port s to be affected To set the migration check for all ports with a single command lt all gt can be specified Note that the forceversion parameter for the switch must be set to 802 1 w for this command to work Default disable Format config spanningtree port migrationcheck lt port listofports all gt lt enable disable gt config spanningtree port mode Use this command to configure the Administrative Switch Port State to a new value for the specified port The lt port gt parameter specifies the port s to be affected To enable or disable all ports with a single command lt all gt can be specified Note that a maximum of 4095 ports can be enabled Default disable Format config spanningtree port mode lt port listofports all gt lt enable disable gt show spanningtree port Use this command to display the STP statistics for a specific switch port Format show spanningtree port lt port gt Port mode Enabl
40. existing terminal interface session for the same user account Spanning Tree Indicates whether spanning tree traps will be sent This field Enables or Disables STP traps When Enabled topology change notification trap messages will be sent Click the Apply button to send the updated screen to the switch and cause the changes to take effect on the switch These changes will not be retained across a power cycle unless a save is performed Trap log This panel displays the entries in the trap log 90 Intel Blade Server Ethernet Switch Module IXM5414E Trap Log Number of Traps Since Last Reset i isa f hh E Trias qr hime of Trane Sirk Log Lee Log System Up Time Trap i 0 Gas Leis ta Link Ui tal days 43 12 Link Down CHM 1 O days 02 56 30 New Spanning Tree Root 0 O days 02 5330 Link Down LAG W tE i ai 0 Line Lowy i ci a O days 0255 13 Spamming Tree Topology Change O days UG 3 me Lip LA J Ory Ut a d Lir LEAT L RI a O days 25740 Link Up Ext j tama Ua Sa ee ink Lis Ent 4 I bim Gh Sat oe Link Downe Ei dgy EFF Link Lig MM l2 Daa Uaa Link Dom CM 1 F Gay al H Li Tik Ligai LAI J Agy 20 3 Link Divar LA l bday 14 Link Wor Est 3 16 LP eS LAL lad aa Link LAAT cu j Dias 00 Taas ett Tee Topia Chama 0 IR iiias TT i inki ir Fat Number of Traps Since Last Reset The number of traps that have occurred since the last time the switch was reset Number of Traps Since Lo
41. for the port is Enabled or Disabled The factory default is Disabled Join Timer centisecs Specifies the time between the transmission of GARP PDUs registering or re registering membership for a VLAN or multicast group in centiseconds An instance of this timer exists for each GARP participant for each port Permissible values are 10 to 100 centiseconds 0 1 to 1 0 seconds The factory default 1s 20 centiseconds 0 2 seconds Leave Timer centisecs Specifies the time to wait after receiving an unregister request fora VLAN or multicast group before deleting the associated entry in centiseconds This allows time for another station to assert registration for the same attribute in order to maintain uninterrupted service An instance of this timer exists for each GARP participant for each port Permissible values are 20 to 600 centiseconds 0 2 to 6 0 seconds The factory default is 60 centiseconds 0 6 seconds Leave All Timer centisecs This Leave All Time controls how frequently LeaveAll PDUs are generated A LeaveAll PDU indicates that all registrations will shortly be deregistered Participants will need to rejoin in order to maintain registration An instance of this timer exists for each GARP participant for each port The Leave All Period Timer is set to a random value in the range of LeaveAllTime to 1 5 LeaveAlITime Permissible values are 200 to 6000 centiseconds 2 to 60 seconds The factory default is 1000 centiseconds 10 second
42. for the switch using this screen and if necessary to a login list for the ports using the Port Access Control User Login Configuration screen If you need to create a new login list for the user you would do so on the Login Configuration screen The pre configured users are assigned to a pre configured list named defaultList which you may not delete All newly created users are also assigned to the defaultList until you specifically assign them to a different list A user that does not have an account configured on the switch is termed the default or non configured user If you assign the non configured user to a login list that specifies authentication via the RADIUS server you will not need to create an account for all users on each switch However by default the non configured user is assigned to defaultList which by default uses local authentication User Select the user you want to assign to a login list Note that you must always associate the admin user with the default list This forces the admin user to always be authenticated locally to prevent full lockout from switch configuration If you assign a user to a login list that requires remote authentication the user s access to the switch from all CLI web and Telnet sessions will be blocked until the authentication is complete Login Select the authentication login list you want to assign to the user for system login Click the Refresh button to update the information on the pag
43. identifies the port to be added There can be a maximum of 8 member ports Format config lag addport lt logical port gt lt port gt config lag adminmode Use this command to enable or disable the specified LAG s The option lt all gt sets every configured LAG to the same administrative mode setting Format config lag adminmode lt ogical port listofports all gt lt enable disable gt Intel Blade Server Ethernet Switch Module IXM5414E 191 config lag create Use this command to configure a new LAG assign a name and generate a logical port number for it To display the assigned logical port number use the show lag command The lt name gt parameter is a string of up to 15 alphanumeric characters Format config lag create lt name gt config lag deletelag Use this command to delete the specified LAG s The lt all gt option removes all configured LAGs Format config lags deletelag lt logical port listofports all gt config lag deleteport Use this command to delete one or more ports from a LAG The first interface parameter designates a configured LAG The second interface number designates a port that is a member of the LAG Use lt all gt to delete all ports in the specified LAG Format config lag deleteport lt ogical port gt lt port listofports all gt config lag linktrap Use this command to enable or disable link trap notifications for the specified LAG The option lt all gt sets every configured LAG to th
44. igmpsnooping Use this command to display IGMP Snooping information for the IXM5414E switch module Configuration information is displayed whether or not IGMP Snooping is enabled Status information is only displayed when IGMP Snooping is enabled Format show igmpsnooping Admin Mode This indicates whether or not IGMP Snooping is enabled on the switch Group Membership Interval secs This displays the IGMP Query Interval Time This is the amount of time the switch will wait for a report for a particular group on a particular interface before it sends a query on that interface Max Response Time secs This displays the amount of time the switch will wait after sending a query on an interface because it did not receive a report for a particular group on that interface Multicast Router Present Expiration Time secs If a query is not received on an interface within this amount of time the interface 1s removed from the list of interfaces with multicast routers attached Interfaces Enabled for IGMP Snooping This is the list of interfaces on which IGMP Snooping is enabled The following status value is only displayed when IGMP Snooping is enabled Multicast Control Frame Count This displays the number of multicast control packets that have been processed by the CPU Link Aggregation LAG commands config lag addport Use this command to add a physical port to a LAG The first interface parameter designation is of a configured LAG and the second
45. including multicast and broadcast packets received by the processor Broadcast Packets Received The total number of packets received that were directed to the broadcast address Note that this does not include multicast packets Packets Received With Error The number of inbound packets that contained errors that prevented them being delivered to a higher layer protocol Packets Transmitted Without Errors The total number of packets transmitted from the switch module Broadcast Packets Transmitted The total number of packets that higher layer protocols requested to be transmitted to the broadcast address including those that were discarded or not sent Transmit Packet Errors The number of outbound packets that could not be transmitted because of errors Address Entries Currently In Use The number of learned and static Forwarding Database Address Table entries currently in use by this switch module VLAN Entries Currently In Use The number of VLANs currently in the VLAN table on this switch module Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for the switch were last cleared 180 Intel Blade Server Ethernet Switch Module IXM5414E show sysinfo Use this command to display switch information Format show sysinfo Switch Description The product name of the switch System Name The name used to identify the switch System Location Text used to identify the location of the switc
46. last row of the table is used to display information about the progress of the file transfer The screen will refresh automatically until the file transfer completes Click the Start File Transfer button to apply any changes made to the fields and initiate the upload Click the Apply button to send the updated screen to the switch this does not perform the file upload This command is valid only when the transfer mode is TFTP Intel Blade Server Ethernet Switch Module IXM5414E Ping Use this panel to have the switch transmit a Ping request to a specified IP address This checks whether the switch can communicate with a particular IP device Once you click the Apply button the switch will send three pings and the results will be displayed in the Ping field below the IP address The switch can be pinged from any IP workstation with which the switch is connected through the default VLAN VLAN 1 as long as there is a physical path between the switch and the workstation IP Address Enter the IP address of the station you want the switch to ping The initial value is blank The IP address you enter is not retained across a power cycle Ping Displays the results of the ping If a reply to the ping is not received you will see No Reply Received from IP xxx xxx xxx xxx otherwise you will see Reply received from IP xxx xxx xxx xxx send count 3 receive count n Click the Apply button to initiate the ping Trap manager The follo
47. listname gt config dot1x login Use this command to assign the specified authentication login list to the specified user for port security The lt user gt must be a configured user and the lt listname gt must be a configured login list Format config dot1x login lt listname gt config dot1x port controlmode Use this command to configure the authentication mode to be used on the specified port or ports The control mode may be one of the following forceunauthorized The authenticator Port Access Entity PAE unconditionally sets the controlled port s to unauthorized mode forceauthorized The authenticator PAE unconditionally sets the controlled port s to authorized mode auto The authenticator PAE sets the controlled port s mode to reflect the result of the authentication exchanges between the supplicant authenticator and authentication server Default auto Format config dot1x port controlmode lt port listofports all gt lt forceunauthorized forceauthorized auto gt config dot1x port initialize Use this command to begin the initialization sequence on the specified port This command is only valid if dot x is enabled and the control mode for the specified port is auto Default disable Format config dot1x port initialize lt port gt config dot1x port maxrequests Use this command to configure the maximum number of times the authenticator state machine on the specified port will retransmit an Extensible Authentica
48. login list Component The component either user or 802 1X for which the login list is assigned show users authentication Use this command to display all user and authentication login information for the switch including the login list assigned to the default user Format show users authentication User A list of all users with an assigned login list System login The authentication login list assigned to the user for system login 802 1X The authentication login list assigned to the user for IEEE 802 1X port security IEEE 802 1X commands clear dot1x port stats Use this command to reset the IEEE 802 1X statistics for the specified port s Intel Blade Server Ethernet Switch Module IXM5414E 207 Format clear dot1x port stats lt port all gt config dot1x adminmode Use this command to enable or disable authentication support on the switch The default value is disable In disabled mode the dot1x configuration is retained and can be changed but it is not activated Default disable Format config dotlx adminmode lt enable disable gt config dot1x defaultlogin Use this command to assign the authentication login list to use for non configured users for IEEE 802 1X port security This setting is overridden by the authentication login list assigned to a specific user if the user is configured locally If this value is not configured users will be authenticated using local authentication only Format config dot1x defaultlogin lt
49. lt vlan gt The lt macaddr gt parameter must be specified as a 6 byte hexadecimal number in the format of O0 12 34 56 78 90 The lt vlan gt parameter must identify a valid VLAN The lt port gt parameter identifies the destination port s to be removed from the destination port filter set for the MAC filter If lt all gt is selected all ports will be removed from the destination port filter set Format config macfilter deldest lt macaddr gt lt vlan gt lt port listofports all gt config macfilter remove Use this command to remove the static MAC filter entry for the given MAC address on the VLAN The lt macaddr gt parameter must be specified as a 6 byte hexadecimal number in the format of 00 12 34 56 78 90 The lt vlan gt parameter must identify a valid VLAN Intel Blade Server Ethernet Switch Module IXM5414E 193 Format config macfilter remove lt macaddr gt lt vlan gt show macfilter Use this command to display the Static MAC Filtering information If lt all gt 1s selected as the first parameter all the Static MAC Filters in the switch module are displayed If a lt macaddr gt is entered a VLAN ID must also be entered and the Static MAC Filter information will be displayed only for that MAC address and VLAN ID pair Format show macfilter lt all macaddr lt all vlan gt gt MAC Address The MAC address of the static MAC filter entry VLAN ID The VLAN ID of the static MAC filter entry Destination Port s The
50. management stations to read and modify the settings of gateways routers switches and other network devices SNMP can be used to perform many of the same functions as a directly connected console or can be used within an integrated network management software package such as IBM NetView or Hewlett Packard OpenView SNMP performs the following functions e Sending and receiving SNMP packets using the IP protocol e Collecting information about the status and current configuration of network devices e Modifying the configuration of network devices The switch module has a software program called an agent that processes SNMP requests but the user program that makes the requests and collects the responses runs on a management station a designated computer on the network The SNMP agent and the user program both employ the user datagram protocol Internet protocol UDP IP to exchange packets Authentication The authentication protocol ensures that both the SNMP agent in the switch module and the remote user SNMP application program discard packets from unauthorized users Authentication 1s accomplished by using community strings which function like passwords The remote user SNMP application and the switch module s SNMP agent must use the same community string SNMP community strings of up to 20 characters can be entered using the CLI snmp community commands described in Chapter 7 Command Line Interface Management on page 155 Switchin
51. nongrounded power extension cables power surges and missing safety grounds Do not touch live electrical circuits with the reflective surface of an inspection mirror The surface is conductive such touching can cause personal injury and machine damage Intel Blade Server Ethernet Switch Module IXM5414E Handling electrostatic discharge sensitive devices Any computer part containing transistors or integrated circuits IC should be considered sensitive to electrostatic discharge ESD ESD damage can occur when there is a difference in charge between objects Protect against ESD damage by equalizing the charge so that the server the part the work mat and the person handling the part are all at the same charge NOTE Use product specific ESD procedures when they exceed the requirements noted here Make sure that the ESD protective devices you use have been certified ISO 9000 as fully effective When handling ESD sensitive parts Keep the parts in protective packages until they are inserted into the product Avoid contact with other people Wear a grounded wrist strap against your skin to eliminate static on your body Prevent the part from touching your clothing Most clothing is insulative and retains a charge even when you are wearing a wrist strap Use the black side of a grounded work mat to provide a static free work surface The mat is especially useful when handling ESD sensitive devices Select a grounding system s
52. not sent Broadcast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a broadcast address including those that were discarded or not sent Transmit Packets Discarded The number of outbound packets that were chosen to be discarded even though no errors had been detected One possible reason for discarding a packet could be to free up buffer space Table Entries Most Address Entries Ever Used The highest number of Forwarding Database Address Table entries used by this switch module since the last reboot Address Entries In Use The number of learned and static Forwarding Database Address Table entries currently in use by this switch module Maximum VLAN Entries The maximum number of VLANs allowed on the switch module Most VLAN Entries Ever Used The highest number of VLANs that have been active on this switch module since the last reboot Static VLAN Entries The number of VLANs currently active on this switch module that were created statically Dynamic VLAN Entries The number of VLANs currently active on this switch module that were created by GARP VLAN Registration Protocol GVRP registration VLAN Deletes The number of VLANs that have been created and then deleted on this switch module since the last reboot Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for this port were last cleared Intel Blade Server Ethern
53. occur until the configured timeout value on that server has passed without a response from the RADIUS server Therefore the maximum delay in receiving a response from the RADIUS application equals the sum of maxretransmit times timeout for all configured servers If the RADIUS request was generated by a user login attempt all user interfaces will be blocked until the RADIUS application returns a response Default 3 Format config radius timeout lt 1 30 gt show radius stats Use this command to display RADIUS statistics for the switch that are not associated with a specific server or accounting server Format show radius stats Invalid Server Address The number of RADIUS access response packets received from an unknown address show radius summary Use this command to display a summary of the RADIUS configuration parameters for the switch Format show radius summary Current Server IP Address The IP address of the RADIUS server currently used for authentication Number of Configured Servers The number of RADIUS servers that have been configured Max Number of Retransmits The maximum number of times a request packet will be retransmitted Timeout Duration secs The timeout value in seconds for request retransmissions Accounting Mode Indicates whether accounting is currently enabled Intel Blade Server Ethernet Switch Module IXM5414E 215 RADIUS server commands config radius server add Use this command to configure the
54. of the statistics for a specified port Format show stats port summary lt port gt Packets Received Without Error The total number of packets including multicast and broadcast packets received on this port Packets Received With Error The number of inbound packets that contained errors that prevented them being delivered to a higher layer protocol Broadcast Packets Received The total number of packets received that were directed to the broadcast address Note that this does not include multicast packets Packets Transmitted Without Error The total number of packets transmitted from the interface Transmit Packet Errors The number of outbound packets that could not be transmitted because of errors Collision frames The best estimate of the total number of collisions on this Ethernet segment Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for this port were last cleared show stats switch detailed Use this command to display detailed statistics for all CPU traffic Format show stats switch detailed Received Octets Received The total number of octets of data received by the processor excluding framing bits but including FCS octets Packets Received Without Errors Total number of packets received on the network 178 Intel Blade Server Ethernet Switch Module IXM5414E Unicast Packets Received The number of subnetwork unicast packets delivered to a higher layer pro
55. or re registering membership for an attribute Current attributes are a VLAN or a multicast group There is an instance of this timer on a per port per GARP participant basis Permissible values are 10 to 100 centiseconds 0 1 to 1 0 seconds in increments of 1 centisecond 0 01 seconds The factory default is 20 centiseconds 0 2 seconds Leave Timer Displays the period of time to wait after receiving an unregister request for an attribute before deleting the attribute Current attributes are a VLAN or a multicast group This allows time for another station to assert registration for the same attribute in order to maintain uninterrupted service There is an instance of this timer on a per port per GARP participant basis Permissible values are 20 to 600 centiseconds 0 2 to 6 0 seconds in increments of 1 centisecond 0 01 seconds The factory default 1s 60 centiseconds 0 6 seconds LeaveAll Timer Shows how frequently LeaveAll PDUs are generated A LeaveAll PDU indicates that all registrations will shortly be deregistered Participants will need to rejoin in order to maintain registration There is an instance of this timer on a per port per GARP participant basis The LeaveAll Period Time is set to a random value in the range of LeaveAll Time to 1 5 LeaveAll Time Permissible values are 200 to 6000 centiseconds 2 to 60 seconds in increments of 1 centisecond 0 01 seconds The factory default is 1000 centiseconds 10 seconds Inte
56. port s in the destination filter Packets with the associated MAC address and VLAN ID will only be transmitted out of ports in the list Multicast Forwarding Database MFDB commands show mfdb gmrp Use this command to display the GMRP entries in the Multicast Forwarding Database MFDB table Format show mfdb gmrp Mac Address A MAC address and VLAN pair for which the switch has forwarding and or filtering information The format is two two digit hexadecimal numbers representing the VLAN and six two digit hexadecimal numbers representing the MAC address separated by hyphens for example O00 01 00 23 45 67 89 AB Type Displays the type of the entry Static entries are those that are configured by the end user Dynamic entries are added to the table as a result of a learning process or protocol Description The text description of this multicast table entry Interfaces The list of interfaces that are designated for forwarding Fwd and filtering FIt show mfdb igmpsnooping 194 Use this command to display the IGMP Snooping entries in the MFDB Format show mfdb igmpsnooping Mac Address A MAC address and VLAN pair for which the switch has forwarding and or filtering information The format is two two digit hexadecimal numbers representing the VLAN and six two digit hexadecimal numbers representing the MAC address separated by hyphens for example 00 01 00 23 45 67 89 AB Type Displays the type of the entry Static
57. ports to offer faster transitions to the forwarding state The config spanningtree forceversion command is used to switch from TEEE8021D operation to IEEE 802 1 w operation The two versions of the protocol can interoperate within the same LAN it is not necessary for all bridges to run the same version Where IEEE 802 1D is mentioned in this document you should understand that the switch is actually operating in IEEE 802 1D compatibility mode according to the protocol specified in IEEE 802 1s Both versions of the Spanning Tree Algorithm STA create a single spanning tree for an entire network within which there is at most one route between any two end stations and will automatically reconfigure the tree when necessary The topology created by the algorithm is influenced by user configurable parameters but care should be taken when changing these parameters from the factory defaults The following table shows the user configurable STP parameters for the bridge Table 10 STP parameters bridge Bridge identifier A combination of the Bridge Priority and the switch MAC 32768 MAC address The 16 bit priority parameter is concatenated Not user configurable with the 48 bit Ethernet MAC address except by setting the priority as described in this table Bridge Priority A relative priority for each bridge The lower the number the higher the priority and the greater the likelihood of the bridge being elected as the root bridge
58. profile associated with this traffic class This field is blank when there is no bandwidth allocation profile associated with this traffic class The following attributes are only displayed when there is a bandwidth allocation profile associated with this traffic class Minimum Bandwidth Displays the minimum bandwidth defined for this traffic class Maximum Bandwidth Displays the maximum bandwidth defined for this traffic class show bwprovisioning trafficclass summary Use this command to display the traffic class information for all traffic classes in the system Format show bwprovisioning trafficclass summary Traffic Class Name Displays the user defined name of this traffic class Port Displays the interface to which this traffic class is attached VLAN ID Displays the Virtual Local Area Network VLAN ID with which this traffic class is associated Weight Displays the weight of this traffic class Intel Blade Server Ethernet Switch Module IXM5414E 225 Bandwidth Allocation Profile Displays the bandwidth allocation profile associated with this traffic class This field is blank when there is no bandwidth allocation profile associated with this traffic class 226 Intel Blade Server Ethernet Switch Module IXM5414E Appendix A RJ 45 Pin Specifications The four external Ethernet ports of this switch module are auto configuring and will work with straight through or crossover cables when connected to other Ethernet equipment Rev
59. propagate throughout the network before starting to forward packets They must also wait for the packet lifetime to expire for BPDU packets that were forwarded based on the old topology The forward delay timer is used to ensure that the network topology stabilizes after a topology change In addition STP specifies a series of states a port must go through to further ensure that a stable network topology is created after a topology change Each port on a bridge using STP exists in one of the following four states Discarding The port is blocked from forwarding or receiving packets For additional information see Discarding state on page 264 Learning The port is adding addresses to its forwarding database but not yet forwarding packets For additional information see Forwarding state on page 266 Intel Blade Server Ethernet Switch Module IXM5414E 259 Forwarding The port is forwarding packets For additional information see Forwarding state on page 266 Disabled The port responds only to network management messages and must return to the discarding state first For additional information see Disabled state on page 268 Note that the STP port state of disabled applies only to the port s role within the spanning tree and should not be confused with the port s administrative state of enabled or disabled A port changes from one state to another as follows e From initialization switch startup to discarding
60. received that were without error Unicast Packets Received The number of subnetwork unicast packets delivered to a higher layer protocol Multicast Packets Received The number of packets received that were directed to a multicast address Note that this number does not include packets directed to the broadcast address Broadcast Packets Received The number of packets received that were directed to a broadcast address Note that this number does not include packets directed to the multicast address Packets Received with MAC Errors Total Packets Received with MAC Errors The total number of inbound packets that contained errors that prevented them from being delivered to a higher layer protocol Jabbers Received The total number of packets received that were longer than 1518 octets excluding framing bits but including FCS octets and had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Note that this definition of jabber is different than the definition in IEEE 802 3 section 8 2 1 5 LOBASES and section 10 3 1 4 LOBASE2 These documents define jabber as the condition where any packet exceeds 20 ms The allowed range to detect jabber is between 20 ms and 150 ms Fragments Undersized Received The total number of packets received that were less than 64 octets in length excluding framing bits but including FCS octets Alignment E
61. removing the interfaces that are listed as the static filtering interfaces Spanning tree commands Spanning tree bridge commands config spanningtree bridge forwarddelay Use this command to configure the Bridge Forward Delay parameter to a new value Forwarddelay is used by bridges to ensure that a new network topology has stabilized before leaving the blocking state The forwarddelay value is in whole seconds within a range of 4 to 30 with the value being greater than or equal to Bridge Max Age 2 1 Default 15 Format config spanningtree bridge forwarddelay lt 4 30 gt config spanningtree bridge hellotime Use this command to configure the Hello Time parameter to a new value Hellotime determines how often a hello message is broadcast it cannot be longer than MaxAge but should be longer than forwarddelay The hellotime value is in whole seconds within a range of to 10 with the value being less than or equal to Bridge Max Age 2 1 Default 2 Format config spanningtree bridge hellotime lt 7 10 gt config spanningtree bridge maxage Use this command to configure the Bridge Max Age parameter to a new value This is the value that all bridges use for maxage when this bridge is acting as the root A BPDU will be discarded when its age exceeds maxage The maxage value is in whole seconds within a range of 6 to 40 with the value being less than or equal to 2 times Bridge Forward Delay 1 Default 6 Format config spanning
62. sikkerhedsforskrifterne f r du installerer dette produkt Lees voordat u dit product installeert eerst de veiligheidsvoorschriften Ennen kuin asennat t m n tuotteen lue turvaohjeet kohdasta Safety Information Avant d installer ce produit lisez les consignes de s curit Vor der Installation dieses Produkts die Sicherheitshinweise lesen Mpv EYKATAOTNHOETE TO mnpoi v auT a oTtEe TIG TMANPOMOPIES AOMAGAELAC safety information MIN VIN NINNIN NX WIP NT ININ 1N pNNW 397 A term k telep t se el tt olvassa el a Biztons gi el r sokat Prima di installare questo prodotto leggere le Informazioni sulla Sicurezza SU fa OasziS QAI ZENAR E in lt TSL ANSS 2 NHI AA Oy AVS HASANA IIpen na ce uHCTasMpa OBO HPOAyKT Wpowuuntajte HHPopMaryvjata 3a Ge3sOeNHHOcT Les sikkerhetsinformasjonen Safety Information f r du installerer dette produktet Przed zainstalowaniem tego produktu nale y zapozna sie z ksi k Informacje dotycz ce bezpiecze stwa Safety Information Antes de instalar este produto leia as Informa es sobre Seguran a lepen ycTaHOBKON NponyKTa NPOYTUTe NHCTpyKUMN NO TexHNKe 6ezonacHocTn Pred in tal ciou tohto zariadenia si pecitaje Bezpe nostn predpisy Pred namestitvijo tega proizvoda preberite Varnostne informacije Antes de instalar este producto lea la informaci n de seguridad L s s kerhetsinformationen innan du installerar den h r produkten Statement 1
63. specified interface Designated Port Cost Path Cost offered to the LAN by the designated port Designated Bridge The bridge containing the designated port Designated Port Identifier Port used to forward frames towards the root bridge for this CST on this LAN It is the port with the lowest cost path to the bridge and the highest port priority Topology Change Acknowledgement Value of flag in next Configuration BPDU transmission indicating if a topology change is in progress for this port Hello Time The hello time in use for this port Edge Port The configured value indicating if this port is an edge port Edge Port Status The derived value of the edge port status True if operating as an edge port false otherwise Point To Point MAC Status Derived value indicating if this port is part of a point to point link CST Regional Root The regional root identifier in use for this port CST Path Cost The configured path cost for this port show spanningtree cst port summary Use this command to display the status of one some or all ports within the CST The parameter lt port listofports all gt indicates the port or ports to be affected Format show spanningtree cst port summary lt port listofports all gt Port The interface being displayed STP Mode Whether the STP is enabled or disabled on the port STP State The port s current spanning tree state This state controls what action a port takes on receipt of a frame Possible states are
64. standard While the old and new protocols will successfully interoperate the IEEE 802 1 standards committee recommends the use of the new protocol Configuration of the switch to support IEEE 802 1w is simple In normal operation the bridge timers are not used to control reconfiguration and the default values should be adequate Bridge and port priorities and path costs are still required and are configured as shown for IEEE 802 1D Configure the switch to use rapid reconfiguration config spanningtree forceversion 802 1w To disable support for rapid reconfiguration config spanningtree forceversion 802 1d Intel Blade Server Ethernet Switch Module IXM5414E 251 VLAN configuration example 252 This section provides sample CLI commands showing how to configure the Intel Blade Server Ethernet Switch Module IXM5414E to support IEEE 802 1Q VLANs Configuring VLANs allows you to partition your network on a logical rather than physical basis The only physical restriction is that both ends of a point to point link must be in the same VLAN There are many possible logical partitions one common one being department membership The script in the following example shows you how to create and configure VLANs on your switch Create and name two VLANs the names are optional config vlan create 1 config vlan name 1 vlan_one config vlan create 2 config vlan name 2 vlan_two Assign the ports that will belong to vlan_one This will be a tagg
65. telnet mode Use this command to allow or disallow new Telnet and SSH sessions If sessions are enabled new Telnet sessions can be established until there are no more sessions available If sessions are disabled no new Telnet sessions are established but an established session will remain active until the session is terminated or an abnormal network error ends it Default enable Format config telnet mode lt enable disable gt config telnet timeout Use this command to specify the number of minutes of inactivity that will occur on a Telnet or SSH session before the switch logs off A value of 0 indicates there will be no timeout and the session will remain active indefinitely The time is a decimal value from 0 to 160 Changing the timeout value does not affect an active session until the session is reaccessed Any keystroke will also activate the new timeout duration Default 5 Format config telnet timeout lt 0 160 gt show telnet Use this command to display Telnet settings Format show telnet Telnet Login Timeout minutes The number of minutes of inactivity that will occur on a Telnet or SSH session before the switch logs off A value of zero means there will be no timeout Maximum Number of Telnet Sessions The number of simultaneous Telnet and SSH sessions allowed Allow New Telnet Sessions Indicates whether new Telnet and SSH sessions are allowed User accounts config users add Use this command to add a new user accoun
66. the switch and read the management screens Some popular browsers are Opera Netscape Navigator Communicator and Microsoft Internet Explorer Follow the installation instructions for the browser You are now ready to begin managing your switch by simply running the browser installed on your computer and pointing it to the IP address defined for the device The URL in the address bar should have the following format and contain information similar to http 123 123 123 123 where the numbers 723 123 123 123 represent the IP address of the switch Note When the switch module is attached to the 100 Mbps port on the management module use the statically assigned switch module IP address When management of the Ethernet switch module is enabled through the four external ports use the IP address the switch module acquired from a Dynamic Host Configuration Protocol DHCP server when the switch module was turned on or reset Depending on which browser you are using a Login hyperlink displays 42 Intel Blade Server Ethernet Switch Module IXM5414E Logn Surian Hene Pra Lotpa cariem Coniac Click on Login and a dialog box similar to the following will open Enter USERID in the User name field and enter PASSWORD with a zero in place of the O in the Password field Click the OK button This opens the main page in the management module NOTE The User name and Password fields are case sensitive To increase system se
67. the connection Forwarding DB config forwardingdb agetime Use this command to configure the forwarding database address aging timeout Default 300 Format config forwardingdb agetime lt seconds gt Seconds The lt seconds gt parameter must be within the range of 10 to 1 000 000 seconds show forwardingdb agetime Use this command to display the address aging timeout for the forwarding database Format show forwardingdb agetime Agetime The address aging timeout for the forwarding database in seconds show forwardingdb learned Use this command to display forwarding database entries for learned addresses Format show forwardingdb learned show forwardingdb table Use this command to display the forwarding database entries If the command is entered with no parameter the entire table is displayed This is the same as entering the optional lt all gt parameter Alternatively you can enter a MAC address to display the table entry for that address and all entries following it Format show forwardingdb table MAC Address A unicast MAC address for which the switch has forwarding and or filtering information The format is a two byte hexadecimal VLAN ID number followed by a six byte MAC address with each byte separated by hyphens for example 00 01 00 23 45 67 89 AB Port The physical interface on which the MAC address was learned Intel Blade Server Ethernet Switch Module IXM5414E 161 ifIndex The ifIndex of the MIB interface tabl
68. the duplex mode and speed will be set by the auto negotiation process Note that the port s maximum capability will be advertised Otherwise you must enter the port s speed and duplex mode manually The factory default is auto Physical Status Indicates the current port speed and duplex mode Link Status Indicates whether the link is Up or Down Link Trap Indicates whether or not a trap will be sent when link status changes The factory default is Enabled ifIndex Indicates the ifIndex of the interface table entry associated with this port Mirroring This panel displays the port mirroring information for the switch module Intel Blade Server Ethernet Switch Module IXM5414E 67 Delete Aoga Port Mirroring Mode Select the Port Mirroring Mode by selecting the corresponding line on the pull down entry field The factory default is Disabled Probe Port The interface you want to act as the Probe Once configured there is no network connectivity on the probe port The probe port will not forward or receive any traffic The probe tool attached to the probe port will not be able to ping the switch or through the switch and nobody will be able to ping the probe tool Port to be Mirrored The interface selected as the Mirror Every packet seen at the mirrored port is copied to the probe port That includes all packets received and admitted received and dropped and transmitted out of the mirrored port Click the Delete button to
69. the standard of the Voluntary Control Council for Interference by Information Technology Equipment VCCI If this equipment is used in a domestic environment radio disturbance may arise When such trouble occurs the user may be required to take corrective actions ICES 003 Canada Cet appareil num rique respecte les limites bruits radio lectriques applicables aux appareils num riques de Classe A prescrites dans la norme sur le mat riel brouilleur Appareils Num riques NBM 003 dict e par le Ministre Canadian des Communications English translation of the notice above This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the interference causing equipment standard entitled Digital Apparatus ICES 003 of the Canadian Department of Communications BSMI Taiwan The BSMI Certification number and the following warning is located on the product safety label which is located visibly on the external chassis bie A a TA TADRE oe SP ie Oe TRE AAR AIL RM ae Ae AREAL OF Rb gt ay RRL Korea EEA S528 AIH aaae O60 26 Agde 0 88 FANAN HAU Dt F EZEN ZE PARRE Hae ease a8 Br Al 71 LIG A JAk AOR AUR pepee amp NIEA FHASA RE 2E ASMA HOE Laut BI SET PEE FER T ETT NEET TAD BE J7 JRE USBANIE UC Intel Blade Server Ethernet Switch Module IXM5414E English translation of the previous notice Device User s Information Class A de
70. traps through TCP IP to an external SNMP manager based on the SNMP configuration the trap receiver and other SNMP community parameters Community Use this pull down menu to select one of the existing community names or select Create to add a new one Name A community name is associated with the switch and with a set of SNMP managers that manage it with a specified privileged level The length of the name can be up to 16 case sensitive characters There are two default community names public with Read only access and private with Read Write access You can replace these default community names with unique identifiers for each community The default values for the remaining four community names are blank Community names in the SNMP community table must be unique If you make multiple entries using the Intel Blade Server Ethernet Switch Module IXM5414E 69 same community name the first entry is kept and processed and all duplicate entries are ignored Client IP Address Client IP Mask Access Mode Status Enter the IP address or portion thereof from which this device will accept SNMP packets with the associated community name The requesting entity s IP address is ANDed with the Client IP mask before being compared to the Client IP address Note that if the Client IP mask is set to 0 0 0 0 an IP address of 0 0 0 0 matches all IP addresses The default value is 0 0 0 0 Enter the mask to be ANDed with the requesting entity s
71. value as a match criterion Source IP Address Specify that a packet s source IP address is a match condition for the selected ACL rule If you click Configure on this line you will be shown a new screen where you can select the IP address and mask to be used as the match condition On that screen you can enter an IP address using dotted decimal notation Destination IP Address Enter an IP address using dotted decimal notation to be compared to a packet s destination IP address as a match criteria for the selected ACL rule Source IP Mask Enter the IP Mask in dotted decimal notation to be used with the Source IP address value Intel Blade Server Ethernet Switch Module IXM5414E 141 Source L4 Port Keyword Specify that a packet s source Layer 4 port is a match condition for the selected ACL rule If you click Configure on this line you will be shown a new screen where you can select the port to be used as the match condition The possible values are domain echo FTP ftpdata HTTP SMTP SNMP Telnet TFTP and www Each of these values translates into its equivalent port number which is used as both the start and end of the port range Source L4 Port Number Specify a packet s source Layer 4 port number as a match condition for the selected ACL rule Destination L4 Port Keyword Specify that a packet s destination Layer 4 port is a match condition for the selected ACL rule If you click Configure on this line you will be shown a new
72. vlan makestatic lt 2 4094 gt config vlan mcaststorm Use this command to enable or disable multicast storm control for a particular VLAN If multicast storm control is enabled storms are controlled by counting the number of multicast packets within a certain time period If the packets per second count limit is exceeded the packets are discarded Intel Blade Server Ethernet Switch Module IXM5414E 201 Default disable Format config vlan mcaststorm lt 1 4094 gt lt enable disable gt packets per second config vian name Use this command to change the name of a VLAN The name is an alphanumeric string of up to 16 characters and the number identifies an existing VLAN Default The name for VLAN ID 1 is always Default The default name for other VLANs is a blank string Format config vlan name lt name gt lt 2 4094 gt config vian participation Use this command to configure the degree of participation for a specific interface ina VLAN The number identifies an existing VLAN and the parameter lt port listofports all gt indicates the port or ports to be affected Format config vlan participation lt exclude include auto gt lt 1 4094 gt lt port listofports all gt Participation options are include The interface is always a member of this VLAN This is equivalent to registration fixed exclude The interface is never a member of this VLAN This is equivalent to registration forbidden auto The interface is dynamically regist
73. when GVRP 1s enabled Default 1000 centiseconds 10 seconds Format config garp leavealltimer lt port listofports all gt lt 200 6000 gt 188 Intel Blade Server Ethernet Switch Module IXM5414E config garp leavetimer Use this command to configure the GARP Leave Time for the specified port s Leave Time is the time to wait after receiving an unregister request for a VLAN or a multicast group before deleting the VLAN entry or group This allows time for another station to assert registration for the same attribute in order to maintain uninterrupted service The time may range from 20 to 600 centiseconds This command has an effect only when GVRP 1s enabled Default 60 centiseconds 0 6 seconds Format config garp leavetimer lt port listofports all gt lt 20 600 gt show garp info Use this command to display GARP information for the IXM5414E switch module Format show garp info GMRP Admin Mode This displays the administrative mode of GMRP for the switch module The default is disable GVRP Admin Mode This displays the administrative mode of GVRP for the IXM5414E switch module The default is disable show garp interface Use this command to display GARP information for one some or all interfaces Format show garp interface lt port listofports all gt Port This displays the identification of the interface that this row in the table describes Join Timer Displays the interval between the transmission of GARP PDUs registering
74. you use a third party vendor s SNMP software to manage the switch module a diskette listing the switch module proprietary enterprise MIBs can be obtained by request If your software provides functions to browse or modify MIBs you can also get the MIB values and change them if the attributes of the MIBs permit the write operation However this process can become complicated because you must know the MIB OIDs and retrieve them one by one Port mirroring The IXM5414E switch module enables you to copy packets that were transmitted and received on a source port and to redirect the copies to another target port The source port can be either one of the four 10 100 1000 Mbps external ports or one of the fourteen internal blade server ports The target port is where you will connect a monitoring troubleshooting device such as a sniffer or an RMON probe The target port must be one of the four 10 100 1000 Mbps external ports Intel Blade Server Ethernet Switch Module IXM5414E 23 You can attach a monitoring device to the mirrored port such as a sniffer or an RMON probe to view details about the packets that pass through the first port This is useful for network monitoring and troubleshooting purposes Simple Network Management Protocol SNMP The Simple Network Management Protocol SNMP is an open system interconnection OSI layer 7 application layer protocol for remotely monitoring and configuring network devices SNMP enables network
75. 0 srcip srcl4port keyword number authentication login create delete set bwprovisionin g bwallocation create delete maxbandwidth trafficclass bwallocation create delete port vlan weight classofservice 802 1mapping dot1x adminmode defaultlogin login port controlmode initialize maxrequests quietperiod reauthenabled reauthenticate reauthperiod servertimeout supptimeout transmitperiod users add remove Intel Blade Server Ethernet Switch Module IXM5414E forwardingdb agetime garp gmrp adminmode interfacemode gvrp adminmode interfacemode jointimer leavealltimer leavetimer http secureport secureprotocol secureserver adminmode igmpsnooping adminmode groupmember shipinterval interfacemode maxresponse mcrtexpiretime lag addport adminmode create deletelag deleteport linktrap name loginsession close macfilter adddest create deldest remove mirroring create delete mode Intel Blade Server Ethernet Switch Module IXM5414E 241 242 network javamo
76. 0 100 1000 Mbps Ethernet ports on the switch module for management and control of the 19 module by selecting this mode as an option through the management module configuration utility program see the applicable Installation and User s Guide publications on the Resource CD for more information Switch module management and control 20 This document describes the user interfaces screens parameters and other information that you need for remote management and control of your IXM5414E switch module Complete the following initial configuration steps 1 Connect the Ethernet port of the management module to a 10 100 Mbps network with access to a management station or directly to a management station 2 Initially configure the management module with the appropriate IP addresses for network access see the applicable SB HE Installation and User s Guide publications on the Resource CD for more information 3 From the management module Web interface click I O Module Tasks click Management then click the bay in which the switch module is installed 4 Click Advanced Management under the selected bay and make sure that the following Ethernet switch module features are enabled e External ports e External management over all ports e Preserve new IP configuration on all resets 5 Click Save Note When management of the Ethernet switch module is enabled through the four external ports the switch module will acquire its IP addr
77. 1 or Version 2 must be Enabled at all times SSH Connections in Use Displays the number of SSH connections currently in use in the system Click the Download Host Keys button to link to the File Transfer page to download the Host Key s NOTE To download SSH key files SSH must be administratively Disabled and there can be no active SSH sessions Intel Blade Server Ethernet Switch Module IXM5414E Click the Submit button to send the updated screen to the switch and have the changes take effect on the switch If you want the switch to retain the new values across a power cycle you must perform a Save Click the Refresh button to display the current page with the latest settings and status QoS This menu provides access to two Quality of Service QoS menus e Access Control Lists ACLs e Bandwidth provisioning Access Control Lists An Access Control List ACL consists of a set of rules which are matched sequentially against a packet When a packet meets the match criteria of a rule the specified rule action Permit Deny is taken and the additional rules are not checked for a match You can specify the interfaces to which an ACL applies using the Configuration screen You specify the rules for the ACL using the ACL Rule Configuration screen ACL menu options are e Configuration e Summary e Rule configuration Configuration Use this panel to create an ACL Intel Blade Server Ethernet Switch Module IXM5414E 137 138
78. 44 Intel Blade Server Ethernet Switch Module IXM5414E summary trafficclass allocatedbw detailed summary classofservice 802 1pmappin g dot1x port detailed stats summary user summary eventlog forwardingdb agetime learned table garp info interface history http info igmpsnooping inventory lag loginsession macfilter mfdb gmrp igmpsnooping staticfiltering stats table mirroring msglog network Intel Blade Server Ethernet Switch Module IXM5414E 245 port protocol radius accounting stats summary server stats summary stats summary snmpcommuni ty snmptrap spanningtree bridge cst detailed port detailed summary port summary ssh info stats port detailed summary switch detailed summary sysinfo telnet trapflags traplog users authentication info vian detailed port summary transfer 246 Intel Blade Server Ethernet Switch Module IXM5414E download datatype filename path serverip start upload datatype filename C a ee ee a i 2 ee ee a ee ee Intel Blade Server Ethernet Switch Module IXM5414E 247 248 Intel Blade Server Ethernet Switch Module IXM5414
79. 5 127 octets The total number of packets including bad packets received that were between 65 and 127 octets in length excluding framing bits but including FCS octets Packets Received 128 255 Octets The total number of packets including bad packets received that were between 128 and 255 octets in length excluding framing bits but including FCS octets Packets Received 256 511 Octets The total number of packets including bad packets received that were between 256 and 511 octets in length excluding framing bits but including FCS octets Packets Received 512 1023 Octets The total number of packets including bad packets received that were between 512 and 1023 octets in length excluding framing bits but including FCS octets Packets Received 1024 1518 Octets The total number of packets including bad packets received that were between 1024 and 1518 octets in length excluding framing bits but including FCS octets 174 Intel Blade Server Ethernet Switch Module IXM5414E Packets Received 1519 1522 Octets The total number of packets including bad packets received that were between 1519 and 1522 octets in length excluding framing bits but including FCS octets Packets Received gt 1522 Octets The total number of packets including bad packets received that were gt 1522 octets in length excluding framing bits but including FCS octets Packets Received Successfully Total Packets Received Without Error The total number of packets
80. 8 CBC 36 Intel Blade Server Ethernet Switch Module IXM5414E Table 2 Secure Shell Feature Details Hash Algorithms MD5 SHA 1 SHA 1 96 Key Exchange Methods Diffie Hellman Compression Algorithms e zlib e none i e no compression Public Key Algorithms e SSH DSA aa E SSH Protocol Versions e SSH 2 0 D E Secure Socket Layer SSL Managing devices with a web browser has been standard practice for several years Unfortunately standard HTTP transactions are no more secure than Telnet The solution is the use of the Secure Sockets Layer SSL protocol which provides a means of abstracting an encrypted connection between two stations Once established such a connection is virtually no different to use than an unsecured connection This allows an established protocol e g HTTP to operate in a secure manner on an open network Table 3 Secure Sockets Layer Details SSL Feature Component Type Protocols Secured HTTP Hash Algorithms e MD5 S Key Exchange Methods e Diffie Hellman ee SSL Protocol Versions e TLS 1 0 pe Intel Blade Server Ethernet Switch Module IXM5414E 37 Quality of Service QoS The Quality of Service QoS features of the Intel Blade Server Ethernet Switch Module IXM5414E allow you to allocate network bandwidth according to the needs of the network users This section will give you an overview of the methods available Quality of Service technologies are intended to provide guaranteed timel
81. 9 32 8 1 40 This is used to identify a physical interface in the form of bay port for an I O module bay and ext port for an external port You enter a name and number separated by a period for example bay 1 identifies I O module bay 1 ext 4 identifies external port 4 This is a comma delimited list of valid ports in the form of bay port bay port or ext port ext port Port lists must NOT contain spaces and each interface must have its prefix specified for example bay 10 ext 2 bay 1 This is used to identify a logical interface a Link Aggregation Group or a VLAN You enter a name and number separated by a period for example lag 3 identifies LAG 3 vlan 2 identifies VLAN 2 Intel Blade Server Ethernet Switch Module IXM5414E character strings Use double quotation marks to identify character strings for example System Name with Spaces An empty string is not valid Comments When you are writing a test or configuration script you may add comments by using the character to flag the beginning of a comment The comment flag character can begin a word anywhere on the command line and all input following this character will be ignored Any command line that begins with the character is recognized as a comment line and is ignored by the parser For example Script file for displaying the ip interface Display information about interfaces show ip interface ext 1 Displays information about the first
82. A 2 J BPDUs Blocked In this example B has been elected as the designated bridge and port 2 on bridge C is in the discarding state The election of B as the designated bridge is determined by the exchange of BPDUs between bridges B and C Bridge B had a better spanning tree priority vector than bridge C Bridge B continues sending BPDUs that advertise its superiority over the other bridges on this LAN If bridge C fails to receive these BPDUs for longer than the Max Age time default of 20 seconds it could start to change its port 2 from the discarding state to the forwarding state NOTE To remain in the discarding state a port must continue to receive BPDUs that advertise superior paths There are several circumstances in which the algorithm can fail mostly related to the loss of a large number of BPDUs These situations will cause a port 1n the discarding state to change to the forwarding state Full half duplex mismatch A mismatch in the duplex state of two ports is a very common configuration error for a point to point link If one port is configured as full duplex and the other port is left in auto negotiation mode the second port will end up in half duplex because ports explicitly configured as half or full duplex do not negotiate Intel Blade Server Ethernet Switch Module IXM5414E 269 a N A Half duplex Root 3 Port 1 Port 2 P i a N Port 1 Full duplex D
83. Aggregation LAG configuration and status screens Menu options are e Configuration e Status Configuration Use this panel to configure a new LAG assign a name to it and generate a logical port number for it The logical port number will be displayed after the LAG has been created Administrare Link Status Link LA Membership Comlicts LAG Name Create Use this pull down menu to select one of the existing LAGs or select Create to add a new one There can be a maximum of 9 LAGs This is an alphanumeric string up to 15 characters in length Port Displays the logical port number associated with this LAG Name LAG Name Enter a name for the LAG you are creating Name is an alphanumeric string of up to 15 characters You can also use this field to modify the name that was associated with a LAG when it was created Link Trap Enables or Disables link trap notifications for the specified LAG Administrative Mode This field Enables or Disables the specified LAG s Link Status Indicates whether the Link is Up or Down Intel Blade Server Ethernet Switch Module IXM5414E 105 STP Mode Sets the STP mode for the specified LAG s Port Identifies a physical port To add the port to the LAG select Include from the Participation column There can be a maximum of 8 member ports in a LAG Participation For each port specify whether it is to be included as a member of this LAG or not The default is exclude There can be a maxim
84. C 1321 Message Digest Algorithm RFC 2131 DHCP Client RFC 2865 RADIUS Client e RFC 2866 RADIUS Accounting e RFC 2868 RADIUS Attributes for Tunnel Protocol Support e RFC 2869 RADIUS Extensions e RFC 2869bis RADIUS Support for Extensible Authentication Protocol EAP Advanced Layer 2 Functionality e Broadcast Storm Recovery e Multicast Storm Recovery Intel Blade Server Ethernet Switch Module IXM5414E e Independent VLAN Learning IVL support e Port Mirroring e IGMP Snooping e Static MAC Filtering System Facilities e Event and Error Logging Facility e Run time and Configuration Download Capability e PING Utility Quality of Service QOS Support Bandwidth Provisioning e Maximum Burst Rate MBR e Per Port Interface e Per VLAN Access Control Lists e Source IP e Destination IP e Source L4 Port e Destination L4 Port Management RMON Groups 1 2 3 and 9 supported Simple Network Management Protocol SNMP versions 1 2 and 3 Flash memory for software upgrades done using Trivial File Transfer Protocol TFTP Supports Web based management HTML 4 0 Specification December 1997 Java Script 1 3 Java 1 3 REC 2068 HTTP 1 1 protocol as updated by draft 1erf http v11 spec rev 03 HTML 2 0 Forms with file upload extensions Command Line Interface CLI with the following features Scripting capability Command completion Context sensitive help Mi
85. DELT FPLTIFLT PLI ae Te a 3 Sar mt AARAL AR aa rir LERARES YE T Shoe eine Bul r FeELb PLE PL eh ed LP La Eri REIR a 5 Kpg TCE CECecerre la T TE Hi Bid PELE LL 85 Be rod ree ROR SAIG cpg wErE cceCceecece oood 7 EYEN Bio TEPER aA A i if COE EVENT ig FFFEDD AARAA T od Ha Eve ig entree JARRA DUD wati TE l Bio a so a i i a a i ooo Cet aE Bio TFFFEDO LA iA ign W Pe VWeEhT i Bid EPEE ARARAAAAA rod Ce tl EVWehT Bid Teepe BALAAA A 000 mits 20E Bio FFRED SAA Ri i j pag EWENT Bid ee a A iad Ci EWeERIT Bid FEFE HAARAAN AoE Th We hIT Bid IFFEED A Dii EEN Pie KIT l Bio TFEPeE H a i a ooo i Bese i AIT Bio Treo i a ign ew eer Cees i Bid SPCE Ay 8 Bi rod Cee EVENT Goga Bid WEEFEO i ooo Entry The number of the entry within the event log The most recent entry 1s first Filename The source code filename identifying the code that detected the event Line The line number within the source file of the code that detected the event TaskID The OS assigned ID of the task reporting the event Code The event code passed to the event log handler by the code reporting the event Time The time the event occurred measured from the previous reset in days hours minutes and seconds Click the Refresh button to retrieve and display the database again starting with the first entry in the table Port This menu provides access to port configuration and display options including e Configuration e Summary e Mi
86. E Appendix E CLI Configuration Examples This appendix provides examples of using the CLI to configure the Intel Blade Server Ethernet Switch Module IXM5414E for some key functions Bridging configuration example This section provides sample CLI commands showing how to configure the Intel Blade Server Ethernet Switch Module IXM5414E for basic bridging support Bridging support conforming to the IEEE 802 1D compatibility mode specified in IEEE 802 1s is enabled for the switch and for all ports by default All ports are enabled by default and defaults are also provided for timers and protocol parameters Although the switch will operate correctly as a bridge implementing the base Spanning Tree Protocol STP as configured at the factory the configuration script in this section will show you how to override the defaults Before you do so make sure that you fully understand the protocol and that the values you provide are consistent with each other Set a new bridge priority level Setting the priority level affects the likelihood of the bridge being elected as the root of the spanning tree the lower the number the greater the probability It is the only way to change the bridge identifier which consists of the bridge priority concatenated with the switch s base MAC address The default value is 32768 If all bridges retain their default priority values the bridge with the lowest MAC address will become the root bridge config spann
87. EAP Request Identity frame to Intel Blade Server Ethernet Switch Module IXM5414E the supplicant The transmit period range is to 65535 Supplicant Timeout secs Displays the configured supplicant timeout for the selected port The supplicant timeout is the value in seconds of the timer used by the authenticator state machine on this port to timeout the supplicant The supplicant timeout range is 1 to 65535 Server Timeout secs Displays the configured server timeout for the selected port The server timeout is the value in seconds of the timer used by the authenticator on this port to timeout the authentication server The server timeout range is 1 to 65535 Maximum Requests Displays the configured maximum requests for the selected port The maximum requests value is the maximum number of times the authenticator state machine on this port will retransmit an EAPOL EAP Request Identity before timing out the supplicant The maximum requests value range is 1 to 10 Reauthentication Period secs Displays the configured reauthentication period for the selected port The reauthentication period is the value in seconds of the timer used by the authenticator state machine on this port to determine when reauthentication of the supplicant takes place The reauthentication period value range is 1 to 65535 Reauthentication Enabled Indicates whether reauthentication is enabled on the selected port If you select the value true reauthentica
88. ED illuminates when a system error or event has occurred To identify the error or event check the LEDs on the information panel of the switch module OK power on This green LED is located above the four external 10 100 1000 Mbps ports on the information panel When this LED is on it indicates that the switch module has passed the Power On Self Test POST and is operational Ethernet switch error This amber LED is located next to the OK power on LED on the information panel This LED indicates that the switch module has a fault If the switch module fails the POST this fault LED will be lit Ethernet link This green link status LED is located at the top of each external 10 100 1000 Mbps port When this LED is lit on a port it indicates that there is a connection or link to a device on that port Ethernet activity This green activity LED is located at the bottom of each external 10 100 1000 Mbps port When this LED blinks on a port it indicates that data is being received or transmitted that is activity is occurring on that port The blink frequency is proportional to the amount of traffic on that port Intel Blade Server Ethernet Switch Module IXM5414E 4 Switch Management and Operating Concepts This chapter discusses many of the concepts and features used to manage the Intel Blade Server Ethernet Switch Module IXM5414E and the concepts necessary to understand how it functions In addition this chapter explain
89. Format show radius server stats lt ipaddr gt 216 Intel Blade Server Ethernet Switch Module IXM5414E Server IP Address The IP address of the server whose information is displayed on this row Round Trip Time The time in seconds between the most recent RADIUS access reply access challenge and the matching access request from this RADIUS server Access Requests The number of RADIUS access request packets sent to this server not including retransmissions Access Retransmissions The number of RADIUS access request packets retransmitted to this server Access Accepts The number of RADIUS Access Accept packets both valid and invalid received from this server Access Rejects The number of RADIUS Access Reject packets both valid and invalid received from this server Access Challenges The number of RADIUS access challenge packets both valid and invalid received from this server Malformed Access Responses The number of malformed RADIUS access response packets received from this server including packets with invalid length but not including packets with bad authenticators bad signature attributes or unknown types Bad Authenticators The number of RADIUS access response packets received from this server including packets with invalid authenticators or signature attributes Pending Requests The number of RADIUS access request packets sent to this server that have not yet timed out or received a response Timeouts The n
90. IP address before comparison with the Client IP address If the result matches the Client IP address then the address is an authenticated IP address For example if the IP address 9 47 128 0 and the corresponding Subnet Mask 255 255 255 0 a range of incoming IP addresses would match 1 e the incoming IP address could equal 9 47 128 0 9 47 128 255 The default value is 0 0 0 0 Specify the access level for this community by selecting Read Write or Read only from the pull down menu This field restricts access to switch information Specify the status of this community by selecting Enable or Disable from the pull down menu This field activates or deactivates an SNMP community If a community is Enabled an SNMP manager associated with this community is allowed to access the switch If the community is Disabled no SNMP requests using this community name are accepted In this case the SNMP manager associated with this community cannot manage the switch until the Status is changed back to Enable Click the Delete button to delete the currently selected Community Name If you want the switch to retain the new values across a power cycle you must perform a save Click the Apply button to update the switch with the values on this screen If you want the switch to retain the new values across a power cycle you must perform a save Trap receiver configuration Use this panel to assign a new IP address to a specified trap receiver community Th
91. IP address used to connect to a RADIUS server Up to three servers can be configured for each RADIUS client If three servers are currently configured one must be removed using the config radius server remove command before the add command will succeed Once a server has been added it will be identified in future commands by its IP address Format config radius server add lt ipaddr gt config radius server msgauth Use this command to enable or disable the message authenticator attribute for the specified RADIUS server Enabling the message authenticator attribute provides additional security for the connection between the RADIUS client and server Some RADIUS servers require that the message authenticator attribute be enabled before authentication requests from the RADIUS client will be accepted The IP address specified must match that of a configured server Format config radius server msgauth lt ipaddr gt lt enable disable gt config radius server port Use this command to configure which UDP port will be used to access the specified RADIUS server The IP address specified must match that of the previously configured RADIUS server Default 1812 Format config radius server port lt ipaddr gt lt 0 65535 gt config radius server primary Use this command to specify which configured server should be the primary server for this RADIUS client The primary is the server that is used by default for handling RADIUS requests The remaining config
92. If an interface which has IGMP Snooping enabled is enabled for routing or becomes a member of a LAG IGMP Snooping functionality will be disabled on that interface IGMP Snooping functionality will subsequently be re enabled if routing is disabled or the interface is deleted from the LAG Default disable Format config igmpsnooping interfacemode lt port listofports all gt lt enable disable gt config igmpsnooping maxresponse 190 Use this command to configure the IGMP Maximum Response time on the IXM5414E switch module The maximum response time is the amount of time in seconds that a switch will wait after sending a query on an interface because it did not receive a report for a particular group in that interface This value must be less than the IGMP query interval time value The range is 1 to 3599 seconds Default 10 seconds Format config igmpsnooping maxresponse lt 3599 gt Intel Blade Server Ethernet Switch Module IXM5414E config igmpsnooping mcrtrexpiretime Use this command to configure the Multicast Router Present Expiration time on the switch module This is the amount of time in seconds that a switch will wait for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached The range is 0 to 3600 seconds A value of 0 indicates an infinite timeout 1 e the time never expires Default 0 Format config igmpsnooping mcrtrexpiretime lt 0 3600 gt show
93. Intel Blade Server Ethernet Switch Module IXM5414E Installation and User s Guide A Guide for Technically Qualified Assemblers of Intel Identified Subassemblies Products ce6107 004 ANA AAA Contents STEN ator ad aap Byes asaya alata ete ia ny Sips nar wh ae eos lar ha Sede E Bacedae e V 1 Introducing the Intel Blade Server Ethernet Switch Module IXM5414E 1 Related DuDIICAUONS 64 24 52 3 nes chive endeared eee cae aon e na 2 Notices and statements used in this DOOK 000 ee 3 Major components of the IXM5414E switch module 5 3 Specifications and features 000 ee es 4 2 Installing and Removing the Intel Blade Server Ethernet Switch Module IAM54 Gb een cde es eee eae meee ae ee LAE Eee ee tebe ae 9 Ethernet interface requirements 000 cece eee es 9 Installation guidelines 0 0 cece ee 10 Installing the IXM5414E switch module 0 0 e eee ee 11 Removing the IXM5414E switch module 0 000 eee eee 14 3 Information Panel LEDs and External Ports 00 00 e wees 17 INTOFIMALON Panel son e506 dot eee ne aeea ose ete Cai aden 17 DS secre wieder es neta oe re tea ee we ec cat wrens sade Soe wet ne crenata weer 17 4 Switch Management and Operating Concepts 0 0000e eee 19 Intel Blade Server Ethernet Switch Module IXM5414E overview 19 Switch module management and control 0 0c e ee eee ee 20 SWITCHING CONCCDIS
94. Intel Blade Server Ethernet Switch Module IXM5414E Forwarding Database Search 3 MAC Address Search _ Saerch MAC Address Source Port ifiride x Status CO ae a Est 1 40 7 EE C1 eu Gt 1 Ext acres Liama 1 0 10 Se ENTA i hHanegpement T L LE Fe fet 1 15 Lemn Ce LORE A C gt PIM T lt Leamag fe FPS Ti EAA Gihti 2103 Learned Les PLR oe PLS Chi i Leam fe FEL Rs NIAE Cimi Leams PR ALLORES OA S683 GRL Leam Le PP OLE YA SRA Chay Leama 0E FEADH EAAAS5 Chi 1 j Leama 0 FeAODLEAAASAAA GWM i Leama PFE es See Di lt Leam PE TLE O48 3S Ae Chet ab Leama EFFE L l Lean Le el a ae Leamej Fi i ee ee he Leam WE ReDD A oll ere a Ladamed Filter Specify the entries you want displayed from the pull down menu Once a choice is made the list is automatically refreshed with the selected filter Filter choices are Learned Only MAC addresses that have been learned will be displayed All The entire table will be displayed MAC Address Search You may also search for an individual MAC address Enter the two byte hexadecimal Virtual Local Area Network VLAN ID followed by the six byte hexadecimal MAC address in two digit groups separated by hyphens for example 01 23 00 67 89 AB CD EF where 01 23 is the VLAN ID and 45 67 89 AB CD EF is the MAC address Then click the Search button If the address exists that entry will be displayed as the first entry followed by the remaining greater MAC addres
95. NMPv3 Encryption No encryption config users snmpv3 encryption Transfer transfer Upload Download upload download Datatype datatype Transfer transfer upload download upload download Filename filename Transfer transfer Upload Download IP upload download Address serverip Transfer transfer Upload download upload download path Path Trap Management 236 Intel Blade Server Ethernet Switch Module IXM5414E Table 9 Default settings for run time switching software variables continued Sub Heading heading Variable Default value Command Authenticate Enable config trapflags Trapflags authentication Trapflags Linkmode Enable config trapflags linkmode Trapflags Multiusers Enable config trapflags multiusers Trapflags STP Enable config trapflags stpmode Intel Blade Server Ethernet Switch Module IXM5414E 237 238 Intel Blade Server Ethernet Switch Module IXM5414E Appendix D CLI Command Tree This appendix presents the CLI command tree used in conjunction with the Intel Blade Server Ethernet Switch Module IXM5414E SWITCHING clear config igmpsnooping lag dot1x port stats pass radius stats stats port switch transfer traplog vian config acl create delete interface add remove rule action create delete match dstip dstl4port keyword number every protocol keyword number 239 24
96. Octets Received The total number of octets of data including those in bad packets received on the network excluding framing bits but including FCS octets This object can be used as a reasonable estimate of Ethernet utilization If greater precision is desired the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval Packets Received 64 Octets The total number of packets including bad packets received that were 64 octets in length excluding framing bits but including FCS octets Packets Received 65 127 Octets The total number of packets including bad packets received that were between 65 and 127 octets in length excluding framing bits but including FCS octets Packets Received 128 255 Octets The total number of packets including bad packets received that were between 128 and 255 octets in length excluding framing bits but including FCS octets Packets Received 256 511 Octets The total number of packets including bad packets received that were between 256 and 511 octets in length excluding framing bits but including FCS octets Packets Received 512 1023 Octets The total number of packets including bad packets received that were between 512 and 1023 octets in length excluding framing bits but including FCS octets Packets Received 1024 1518 Octets The total number of packets including bad packets received that were between 1024 and 1518 octets in length excluding framing bits but incl
97. Packets Transmitted 1519 1522 Octets The total number of packets including bad packets transmitted that were between 1519 and 1530 octets in length excluding framing bits but including FCS octets Max Info The maximum size of the information non MAC field that this port will receive or transmit Total Packets Transmitted Successfully Total Packets Transmitted Successfully The total number of packets that have been transmitted by this port to its segment without an error occurring Unicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Multicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a multicast address including those that were discarded or not sent Broadcast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a broadcast address including those that were discarded or not sent Total Transmit Errors Total Transmit Errors The sum of Single Multiple and Excessive Collisions Tx FCS Errors The total number of packets transmitted that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with an integral number of octets Tx Oversized The total number of packets that exceeded the maximu
98. Secure Socket Layer SSL Oooo Secure port 443 config http secureport Secure Protocol Both SSL3 and TLS1 config http secureprotocol a Secure Server Mode VLAN Switching Server Port 1812 config radius accounting server port Disable config http secureserver adminmode N Intel Blade Server Ethernet Switch Module IXM5414E Table 9 Default settings for run time switching software variables continued acceptframe config vlan port priority disable config garp gmrp adminmode disable config garp gmrp interfacemode 20 centiseconds config garp jointimer 1000 centiseconds config garp leavealltimer 60 centiseconds config garp leavetimer disable config garp gvrp adminmode disable config gvrp gmrp interfacemode 20 centiseconds config gvrp jointimer 1000 centiseconds config gvrp leavealltimer 60 centiseconds config gvrp leavetimer Group Membership 260 seconds config igmpsnooping Interval groupmembershipinterv al Interface disable config igmpsnooping interfacemode Maximum response 10 seconds config igmpsnooping time maxresponse MCRT Expiration O seconds config igmpsnooping Time mcertexpiretime Disable config igmpsnooping adminmode Heading heading Variable Accept frame Broadcast Storm o_o Default port VID Multicast Storm Name Port priority GARP administration GARP interface GARP join timer GARP leave all timer GARP leave timer GVRP GVRP administration 7 GVRP i
99. Suopited Be 1907 SNe ys RFC 2819 RMON SSHEGESWLREF Me MP COMMUNIT 48 SNMP FRMME WORK es SMiMP MPCLME MMP HOTIF CATION Ee HRP TARGE T MIR SNMP USER BASED SHE ME VEWLBASED L ACK ME LISM TARGET TAG MIa 13 REC ZISMB T 1496 BRIDGE Me 43 Eii k e 233 F E System The System menu provides access to the following panels and menus e Address Resolution Protocol ARP cache e Inventory information e Configuration e Forwarding database e Logs Intel Blade Server Ethernet Switch Module IXM5414E 45 e Port e SNMP e Statistics e System utilities e Trap manager ARP cache This panel displays the connectivity between the switch and other devices The ARP cache identifies the Media Access Control MAC addresses of the IP stations communicating with the switch ARP Cache MAE Aditress IP Address Port Lae ee SL l LTI Refresni MAC Address A unicast MAC address of a device on a subnet attached to one of the switch s interfaces for which the switch has forwarding and or filtering information The format is six two digit hexadecimal numbers separated by hyphens for example 01 23 45 67 89 AB IP Address The IP address associated with the MAC address Port The identification of the port being used for the connection Click the Refresh button to retrieve and display the database again starting with the first entry in the table Inventory information This panel displays inventory in
100. TFTP Server IP Address The Internet Protocol IP address of the server where the file 1s to be uploaded TFTP File Path The directory path specification for the file to be uploaded TFTP File Name The name to be given to the file after it has been uploaded File Type The type of file to be uploaded config error log message log or trap log Trap manager config trapflags authentication Use this command to enable or disable the Authentication Flag which determines whether a trap message is sent when the switch detects an authentication failure Default enable Format config trapflags authentication lt enable disable gt config trapflags linkmode Use this command to enable or disable Link Up Down traps for the entire switch When enabled link trap messages are sent only if the Link Trap flag associated with the affected port is also set to enabled Default enable Format config trapflags linkmode lt enable disable gt config trapflags multiusers Use this command to enable or disable Multiple User traps When enabled a multiple user trap message is sent when a user logs in to the terminal interface EIA 232 or Telnet and there is an existing terminal interface session for the same user account Default enable Format config trapflags multiusers lt enable disable gt config trapflags stpmode Use this command to enable or disable STP traps When enabled topology change notification trap messages will be sent Default enabl
101. The best estimate of the total number of collisions on this Ethernet segment Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for this port were last cleared Click the Clear Counters button to clear all the counters resetting all statistics for this port to default values Intel Blade Server Ethernet Switch Module IXM5414E 83 Click the Clear All Counters button to clear all the counters for all ports resetting all statistics for all ports to default values Click the Refresh button to refresh the data on the screen with the present state of the data in the switch System utilities This menu provides access to several systems related panels These include e Save all applied changes e System reset e Reset configuration to default e Reset passwords to default e Download file to switch e Upload file from switch e Ping Save all applied changes Click the Save button to have configuration changes you have made saved across a system reboot All changes submitted since the previous save or system reboot will be retained by the switch Save All Applied Changes he Carth werd cep aT SL k ror Fie Grey Let ee A tat hau i This function saves all applied changes to configuration panels thus retaining their new values across a system reboot uf System reset Click the Reset button to reset the switch without powering off Reset means that all network
102. VLAN one that is created using the config vlan create command e a Dynamic VLAN one that is created by GVRP registration Intel Blade Server Ethernet Switch Module IXM5414E In order to change a VLAN from dynamic to static use the config vlan makestatic command BeastStorm This displays the administrative mode of broadcast storm control for this VLAN If storm control is enabled storms are controlled by counting the number of broadcast packets within a certain time period If a count limit is exceeded the packets are discarded MeastStorm This displays the administrative mode of multicast storm control for this VLAN If storm control is enabled storms are controlled by counting the number of multicast packets within a certain time period If a count limit is exceeded the packets are discarded Class of Service commands config classofservice 802 1pmapping Use this command to map an User priority to a Traffic Class priority queue Default see table below Table 6 Classofservice 802 1p Mapping IEEE 802 1p priority IXE5416 priority queue Format config classofservice 802 1pmapping lt 0 7 gt lt 0 7 gt show classofservice 802 1pmapping Use this command to show the current mapping of IEEE 802 1p priority values to traffic class priority queues Format show classofservice 802 1pmapping User Priority The IEEE 802 1p priority number The range is 0 to 7 Traffic Class Priority Queue The priority queue number The ran
103. VLAN select Enable from the pull down list If storm control is Enabled storms are controlled by counting the number of broadcast packets within a certain time period If a count limit 1s exceeded the packets are discarded Only 64 combined broadcast and multicast storm rules are allowed to be configured at one time Broadcast Packets Second The rate at which the broadcast packets will begin being discarded The valid range is O to 104856000 packets per second Mulitcast Storm Control Mode Configures multicast storm control on the VLAN To Enable multicast storm control on this VLAN select Enable from the pull down list This command Enables or Disables multicast storm control for a particular VLAN If storm control is Enabled storms are controlled by counting the number of multicast packets within a certain time period If a count limit is exceeded the packets are discarded Only 64 combined broadcast and multicast storm rules are allowed to be configured at one time Multicast Packets Second The rate level at which the multicast packets will begin being discarded The valid range is 0 to 104856000 packets per second Port Indicates which port is associated with the fields on this line Status Displays the current degree of participation of this port in this VLAN The permissible values are Include This port is always a member of this VLAN This is equivalent to registration fixed in the IEEE 802 1Q standard Exclude This port is neve
104. _ Ethemet ports T Lj e a media access control MAC address label Hy me f Media access s control MAC address labe The switch MAC address can also be displayed using CLI command show inventory or from the Web Interface In addition you can also set an IP address for a gateway router This becomes necessary when the network management station and switch modules are located on different IP networks requiring management packets to go through a router to reach the network manager For security you can specify the IP addresses of the network managers that are permitted to manage the switch module using the config sampcommunity ipaddr CLI command or the Web Interface equivalent You can also change the default SNMP community strings in the switch module and set the access rights of these community strings Traps Traps are messages that alert you of certain events that occur on the switch module The events can be as serious as a restart for example someone accidentally turned off the switch module or less serious such as a port status change The switch module generates traps and sends them to the network manager trap recipient Trap recipients are special users of the network who are given certain rights and access to oversee the maintenance of the network Trap recipients will receive traps sent from the switch module they may then need to take certain actions to avoid future failure or breakdown of the network You can also
105. able traps will not be sent System configuration Network connectivity config network javamode Use this command to enable or disable the java applet that displays a picture of the switch module at the top right of the screen when you are using the Web interface If you run the applet you will be able to click on the picture of the switch to select configuration screens instead of using the navigation tree at the left side of the screen The factory default is enabled Default enable Format config network javamode lt enable disable gt config network parms Use this command to set the IP Address subnet mask and gateway of the router The IP Address and the gateway must be on the same subnet Default 10 90 90 9x 255 255 255 0 0 0 0 0 Format config network parms Paddress netmask gateway config network protocol Use this command to specify the network configuration protocol Select DHCP BootP or None The change 1s effective immediately Default none Format config network protocol none bootp dhcp Values none The network interface is manually configured with static IP information bootp The network interface is configured to acquire an IP configuration using the Bootstrap Protocol BootP dhcp The network interface is configured to acquire an IP configuration using the Dynamic Host Configuration Protocol DHCP If you select DHCP and management of the Ethernet switch module through the four ports is enabled the switch modul
106. abled all traffic is transmitted as untagged frames The parameter lt port listofports all gt indicates the port or ports to be affected Format config vlan port tagging lt enable disable gt lt port listofports all gt show vlan detailed Use this command to display detailed information including interface information for a specific VLAN Format show vlan detailed VLAN ID There is a VLAN Identifier VLAN ID associated with each VLAN The range of the VLAN ID is 1 to 4094 VLAN Name A string associated with this VLAN as a convenience It can be up to 16 alphanumeric characters long including blanks The default is blank VLAN ID 1 always has a name of Default This field is optional VLAN Type The type of VLAN A VLAN can be e the Default VLAN VLAN ID 1 e astatic VLAN one that is created using the config vlan create command e a Dynamic VLAN one that is created by GVRP registration In order to change a VLAN from Dynamic to Static use the config vlan makestatic command Broadcast Storm Control Displays the administrative mode of broadcast storm control for this VLAN The threshold value for broadcast storm control is in packets per second Multicast Storm Control Displays the administrative mode of multicast storm control for this VLAN The threshold value for broadcast storm control in packets per second Port Indicates which port is associated with the fields on this line Current Displays the degree of part
107. acl interface add ext 4 inbound 1 256 Intel Blade Server Ethernet Switch Module IXM5414E Appendix F Troubleshooting the Spanning Tree Protocol This appendix provides details about how the Spanning Tree Protocol and Algorithm work and describes how to troubleshoot them Spanning Tree Protocol STP operation Spanning Tree Protocol STP is used in a bridged LAN environment to reduce the physical network to a stable logical topology with no data loops that still allows for the existence of redundant connections The topology is calculated by the bridges that interconnect the individual LAN segments and is recalculated when physical or parameter changes occur Each bridge in the network has a unique bridge identifier which is used to determine the root bridge of the spanning tree Where more than one bridge on the same LAN segment offers connectivity to the root bridge one bridge is selected as the designated bridge and one port on that bridge becomes the root port providing access to the root bridge Two versions of STP are supported by the Intel Blade Server Ethernet Switch Module IXM5414E both of which are defined in IEEE 802 1s The first version is IEEE 802 1D compatibility mode set as the factory default The second version is Rapid Reconfiguration mode originally defined in IEEE 802 1w Rapid Reconfiguration uses a bridging device s ability to recognize full duplex links point to point and ports connected to end stations edge
108. afety Information Inte RB BRERSRABMA SSeS Consignes de s curit Lisez attention toutes les consignes de securite et les mises en garde indiquees dans ce document avant de suivre toute instruction Consultez Jirel Server Boards and Server Chassis Safety Information sur le CD Resource CD ou bien rendez vous sur le site htip support intel com Instrucciones de seguridad importantes Lea todas las declaraciones de seguridad y precaucion de este documento antes de realizar cualquiera de las instrucciones Vea Jntel Server Boards and Server Chassis Safety Information en el CD Resource y o en http support intel com 277 General Safety Follow these rules to ensure general safety Observe good housekeeping in the area of the machines during and after maintenance Do not perform any action that causes hazards to the customer or that makes the equipment unsafe Place removed covers and other parts in a safe place away from all personnel while you are servicing the machine Keep your tool case away from walk areas so that other people will not trip over it Do not wear loose clothing that can be trapped in the moving parts of a machine Ensure that your sleeves are fastened or rolled up above your elbows If your hair is long fasten it Insert the ends of your necktie or scarf inside clothing or fasten it with a nonconductive clip approximately 8 centimeters 3 inches from the end Do not wear jewelry chains metal fr
109. al Ethernet path to the management module and its four external Ethernet ports 158 The default mode uses the internal path to the management module only In this mode the remote access link to the management console must be attached to the 10 100 Mbps Ethernet port on the management module With this mode the IP addresses and SNMP parameters of the Ethernet switch modules can be manually assigned through the SBCE Management and Configuration Program This mode allows you to provide a secure LAN for management of the platform s subsystems separately from the data network Important In this mode the IXM5414E switch module does not respond to remote management commands from the four external Ethernet ports on the switch module See the applicable Installation and User s Guide publications on the Resource CD for additional instructions for configuring the Intel Blade Server Ethernet Switch Module IXM5414E for this mode of operation You can choose to enable remote management of the IXM5414E switch module through the four external Ethernet ports on the switch module instead of or in addition to access through the management module This mode can only be enabled through the management module configuration interface Once this mode is enabled the external Ethernet ports will support both management traffic and data traffic Also the Ethernet switch module will be able to transmit DHCP request frames through the external Ethernet ports Th
110. all network devices are 802 1Q compliant These devices are referred to as tag unaware 802 1Q devices are referred to as tag aware Before the adoption of 802 1Q VLANs port based and MAC based VLANs were in common use These VLANs relied upon a port VLAN ID PVID to forward packets A packet received on a given port would be assigned that port PVID and then be forwarded to the port that corresponded to the packet destination address found in the switch forwarding table If the PVID of the port that receives the packet 1s different from the PVID of the port that is to transmit the packet the switch module will drop the packet A switch port can have only one PVID but can have as many VIDs as the switch module has memory in its VLAN table to store them Tagging and untagging Every port on an 802 1Q compliant switch can be configured to admit or discard packets that are received without a tag Untagged packets that are admitted will be tagged with the port s PVID Every port on an 802 1Q compliant switch can also be configured to transmit packets with or without tags Ports with tagging enabled will leave the 802 1Q tag received with the packet or inserted by the ingress port unchanged Ports with untagging enabled will strip the 802 1Q tag from all packets that it transmits Untagging is used to send packets from an 802 1Q compliant network device to a noncompliant one Egress rules If the packet is not tagged with VLAN information the in
111. ame eyeglasses or metal fasteners for your clothing Remember Metal objects are good electrical conductors Wear safety glasses when you are hammering drilling soldering cutting wire attaching springs using solvents or working in any other conditions that might be hazardous to your eyes After service reinstall all safety shields guards labels and ground wires Replace any safety device that is worn or defective Reinstall all covers correctly before returning the machine to the customer Electrical Safety 324 CAUTION 278 Electrical current from power telephone and communication cables can be hazardous To avoid personal injury or equipment damage disconnect the server system power cords telecommunication systems networks and modems before you open the server covers Important Observe the following rules when working on electrical equipment Disconnect all power before performing a mechanical inspection Before you start to work on the machine unplug the power cord or power off the wall box that supplies power to the machine and to lock the wall box in the off position Regularly inspect and maintain your electrical hand tools for safe operational condition Do not use worn or broken tools and testers Never assume that power has been disconnected from a circuit First check that it has been powered off Always look carefully for possible hazards in your work area Examples of these hazards are moist floors
112. ameters for all switch ports Port Access Control Port Summary tl K Operating Control Reauthentication Transmission Port Central Mode Mode Enabled Enabled Pant Statue Say E ia wits Mii fas M t Tijn gha in bemad loiud Ee fake Linguthorized Bay 3 wia Mia fae aka rather rent 4 J TE wits adc ae fae Ln red wit ulti riti mii E aii aaiim Bayt win mts ati fatih iIngnuithorized Bay guts wit false fakaj Uhahonppd jiii iuta Jari l t i Wnauthorited Bary wis utc lah lake Uneuthionzed Bay 1 auth wid fae fake neuthorized Bay 11 wia Wia fae faa Unauthonied Aa i guto auc lake fake inauthorred J j Baey 13 wit itt es be hea E aei iTiijim a faTi Ba la Wiii mA Per Manji ca silni m g Fa i forceeuthored forceauthorined fats fan Authorized ui Bute S oar Terai Luo Hae i I Tom j 1 2 Lit iene eat 4 auto iio faba faki Linguthorited Port The port whose settings are displayed in the associated table row Control Mode Displays the configured control mode for the port Possible values are 122 Intel Blade Server Ethernet Switch Module IXM5414E Force Unauthorized The authenticator port access entity PAE unconditionally sets the controlled port to unauthorized Force Authorized The authenticator PAE unconditionally sets the controlled port s to authorized mode Auto The authenticator PAE sets the controlled port s mode to reflect the result of the authentication exchanges between the supplicant
113. ard and IEEE 802 1w Rapid Reconfiguration Configuration Digest Key A derived value identifying the configuration Click the Refresh button to update the screen with the most recent data Click the Apply button to send the updated screen to the switch and cause the changes to take effect on the switch If you want the switch to retain the new values across a power cycle you must perform a save Common Spanning Tree CST configuration status Use this panel to configure or display the bridge parameters for the Spanning Tree Algorithm Intel Blade Server Ethernet Switch Module IXM5414E 111 Bridge Priority Specifies the bridge priority The value may be between 0 and 61440 It is set in multiples of 4096 For example if you enter any value between O and 4095 it will be set to 0 If you enter any value between 4096 and 2 4096 1 it will be set to 4096 The default priority 1s 32768 Bridge Max Age secs Specifies the bridge maximum age timeout value The value may be between 1 and 40 and should be less than or equal to 2 Bridge Forward Delay 1 and greater than or equal to 2 Bridge Hello Time 1 The default value is 15 Bridge Hello Time secs Specifies the bridge hello timeout value with the value being less than or equal to Bridge Max Age 2 1 The default hello time value is 2 Bridge Forward Delay Secs Specifies the time the bridge will spend in Listening and Learning mode before starting to forw
114. ard packets Bridge Forward Delay must be greater than or equal to Bridge Max Age 2 1 The time range is from 4 seconds to 30 seconds and the default value is 15 Bridge Identifier The bridge identifier The bridge priority is concatenated with the base MAC address of the bridge to create the identifier Time Since Topology Change The time in seconds since the spanning tree topology last changed Topology Change Count Number of times the spanning tree topology has changed 112 Intel Blade Server Ethernet Switch Module IXM5414E Topology Change The value of the topology change parameter for the switch indicating if a topology change is in progress on any port on the bridge It takes a value if True or False Designated Root The bridge identifier of the root bridge Root Path Cost Path Cost to the Designated Root for this bridge instance Root Port Port to access the Designated Root Max Age secs Path Cost to the Designated Root for this bridge instance Forward Delay secs Derived value of the Root Port Bridge Forward Delay parameter Hold Time secs Minimum time between transmission of Configuration BPDUs CST Regional Root Priority and base MAC address of the Common Spanning Tree Regional Root CST Path Cost Path Cost to the CST tree Regional Root Click the Refresh button to update the screen with the most recent data Click the Apply button to update the switch with the values on this screen If you wan
115. arddelay Bridge Forward Delay The value that all bridges use for Forward Delay when this bridge is acting as the root Forwarddelay is used by bridges to ensure that a new network topology has stabilized before leaving the blocking state Note that IEEE 802 1D specifies that the range for this parameter is related to the value of STP Bridge Maximum Age Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units BPDUs Spanning tree Common Spanning Tree CST commands config spanningtree cst port edgeport Use this command to specify whether a port is an edge port within the Common Spanning Tree CST This will allow the port to transition to Forwarding State without delay The lt port gt is the port to be affected The edgeport value can either be true or false Default false Format config spanningtree cst port edgeport lt port gt lt true false gt config spanningtree cst port pathcost Use this command to configure the path cost to a new value for the specified port in the CST The lt port gt is the port to be affected The pathcost value can be specified as a number in the range of to 200000000 or auto If lt auto gt is specified the pathcost value will be set based on Link Speed Default auto Format config spanningtree cst port pathcost lt port gt lt I 200000000 auto gt config spanningtree cst port priority Use this command to configure the port priority to a new value for use
116. arded The number of outbound packets that were chosen to be discarded even though no errors had been detected One possible reason for discarding a packet could be to free up buffer space Table Entries Most Address Entries Ever Used The highest number of Forwarding Database Address Table entries used by this switch module since the last reboot Address Entries In Use The number of learned and static Forwarding Database Address Table entries currently in use by this switch module VLAN Entries Maximum VLAN Entries The maximum number of VLANs allowed on the switch module Intel Blade Server Ethernet Switch Module IXM5414E 179 Most VLAN Entries Ever Used The highest number of VLANs that have been active on this switch module since the last reboot Static VLAN Entries The number of VLANs currently active on this switch module that were created statically Dynamic VLAN Entries The number of VLANs currently active on this switch module that were created by GVRP registration VLAN Deletes The number of VLANs that have been created and then deleted on this switch module since the last reboot Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for this port were last cleared show stats switch summary Use this command to display a summary of the statistics for all switch traffic Format show stats switch summary Packets Received Without Error The total number of packets
117. atabase Switching Addresses Fabric Port 2 Forwarding Network Segment Intel Blade Server Ethernet Switch Module IXM5414E 267 Disabled state A port in the disabled state does not participate in frame forwarding or STP A port in the disabled state is virtually non operational Note that this STP port state should not be confused with the port s administrative state A disabled port does the following e Discards packets received from the network segment to which it is attached e Discards packets sent from another port on the bridge for forwarding e Does not add addresses to its forwarding database e Neither receives nor transmits BPDUs The following illustration shows the actions that occur when a port is in the disabled state Network Segment Port 1 El I L Fawardip pa l l Network Addresses BPDUs Mangement Data Packets Packets Forwarding Database CPU Switching Fabric BPDUs Data Packets Port Disabled i Network Segment 268 Intel Blade Server Ethernet Switch Module IXM5414E Troubleshooting STP This section describes how to troubleshoot the STP Spanning Tree Protocol Failure A failure in the Spanning Tree Algorithm generally results in a bridging loop This is caused by a port that should be in the discarding state but is instead forwarding packets A Root Port 1 Port 2 ee A x Port 1 B C Port 1 Designated C Port 2 J s
118. ation for the switch module Format show mirroring Port Mirroring Mode Indicates whether the port mirroring feature is enabled or disabled Probe Port The port that is configured as the probe port If this value has not been configured Not Configured will be displayed Mirrored Port The port that is configured as the mirrored port If this value has not been configured Not Configured will be displayed Simple Network Management Protocol SNMP SNMP community commands config snmpcommunity accessmode Use this command to configure SNMP access to switch information for a specific community name The access mode can be Read only also called public or Read write also called private Format config snampcommunity accessmode lt readonly readwrite gt lt name gt config snmpcommunity create Use this command to add and name a new SNMP community A community name associates the switch with a set of SNMP managers with a specified privileged level The name can be up to 16 case sensitive characters long Community names in the SNMP community table must be unique If you make multiple entries using the same community name the first entry is kept and processed and all duplicate entries are ignored Default There are two default community names Public with Read only access and Private with Read write access You can replace these default community names with unique identifiers for each community The default values for th
119. attached There are no serviceable parts inside these components If you suspect a problem with one of these parts contact a service technician Complete the following steps to remove the IXM5414E switch module 1 Select an appropriate I O module bay from which to remove a switch module in accordance with the instructions in Ethernet interface requirements on page 9 Unplug any cables from the selected switch module 3 For the SBCE platform pull the release latch toward the side of the switch module as shown in the illustration below The module moves out of the I O module bay about 0 64 cm 0 25 inch Switch module SBCE 14 Intel Blade Server Ethernet Switch Module IXM5414E Slide the switch module out of the I O module bay and set it aside 5 Place either another switch module or a filler module in the I O module bay within 1 minute If you placed another switch module in the I O module bay reconnect any cables that you unplugged in Step 2 7 Replace the acoustic attenuation module option if you removed it in step 1 Intel Blade Server Ethernet Switch Module IXM5414E 15 16 Intel Blade Server Ethernet Switch Module IXM5414E 3 Information Panel LEDs and External Ports This chapter describes the information panel and LEDs also known as indicators on the Intel Blade Server Ethernet Switch Module IXM5414E This chapter also identifies the external ports on the information panel Information pa
120. be sent when link status changes The factory default is Enabled Member Ports A listing of the ports that are members of this LAG in port notation There can be a maximum of 8 ports assigned to a given LAG MFDB The Multicast Forwarding Database MFDB holds the port membership information for all active multicast address entries The key for an entry consists of a VLAN ID and MAC address pair Entries may contain data for more than one protocol Options on this menu are e MEDB table e GMRP table e IGMP snooping table e Stats MFDB table Use this panel to display entries from the MFDB Multicast Forwarding Database Table sal i Sa Forwarding i MAC Acie aa Compare Type Degerepiieri Farce Parts Me LO1 01L0ROSSSo99 GMRF Dynamie vtech Fwd Ext Fwd Ext 1 Ei GMF 1 F Secu I 01 01 komf Cang i F J SPOON I i E taki 3 Fis Fid Bhi Be Bay 11 Ea Ril Intel Blade Server Ethernet Switch Module IXM5414E 107 MAC Address Enter a MAC address and VLAN pair for which the switch has forwarding and or filtering information The format is two two digit hexadecimal numbers representing the VLAN and six two digit hexadecimal numbers representing the MAC address separated by hyphens for example 00 01 00 23 45 67 89 AB After you have entered a MAC address click the Search button and the data associated with the address will be displayed Otherwise all entries will be displayed Component The component that is responsi
121. ber of EAP response frames other than response identity frames that have been transmitted by the authenticator port Invalid EAPOL Frames Received The number of EAPOL frames that have been received by the authenticator port with an unrecognized frame type EAP Length Error Frames Received The number of EAPOL frames that have been received by the authenticator port with an incorrect length show dot1x port summary Use this command to display a summary of the IEEE 802 1x configuration parameters for the specified port s Format show dotlx port summary lt port listofports all gt Port The interface whose configuration is displayed on this row Control Mode The configured control mode forceunauthorized forceauthorized or auto Operating Control Mode The active control mode Reauthentication Enabled Indicates whether reauthentication 1s enabled for the port Transmission Enabled Indicates whether a key is transmitted to the supplicant from the port Port Status Indicates whether a port is authorized show dot1x port users Use this command to display IEEE 802 1 X port security information about locally configured users Format show dotl1x port users lt port gt User The locally configured users with access to the specified port show dot1x summary Use this command to display a summary of the IEEE 802 1X configuration parameters for the switch Format show dotlx summary Administrative mode Indicates whether authentica
122. bits but including FCS octets This object can be used as a reasonable estimate of Ethernet utilization If greater precision 1s desired the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval Packets Transmitted 64 Octets The total number of packets including bad packets transmitted that were 64 octets in length excluding framing bits but including FCS octets Packets Transmitted 65 127 octets The total number of packets including bad packets transmitted that were between 65 and 127 octets in length excluding framing bits but including FCS octets Packets Transmitted 128 255 Octets The total number of packets including bad packets transmitted that were between 128 and 255 octets in length excluding framing bits but including FCS octets Packets Transmitted 256 511 Octets The total number of packets including bad packets transmitted that were between 256 and 511 octets in length excluding framing bits but including FCS octets Packets Transmitted 512 1023 Octets The total number of packets including bad packets transmitted that were between 512 and 1023 octets in length excluding framing bits but including FCS octets Intel Blade Server Ethernet Switch Module IXM5414E 79 80 Packets Transmitted 1024 1518 Octets The total number of packets including bad packets transmitted that were between 1024 and 1518 octets in length excluding framing bits but including FCS octets
123. ble for this entry in the Multicast Forwarding Database Possible values are IGMP Snooping GMRP and Static Filtering Type This displays the type of the entry Static entries are those that are configured by the end user Dynamic entries are added to the table as a result of a learning process or protocol Description The text description of this multicast table entry Ports The list of interfaces that are designated for forwarding Fwd and filtering FIt Forwarding Ports The forwarding list is derived from combining all the component s forwarding interfaces and removing the interfaces that are listed as the static filtering interfaces Click the Refresh button to update the screen with the latest information GMRP table This panel displays the GMRP entries in the MFDB table MFOB GMRP Table MAC Address Type Degonption Ports LE L 1 ihmi E i LE a qa Tit pj ire el be E rii Fl ee ee MAC Address A MAC address and VLAN pair for which the switch has forwarding and or filtering information The format is two two digit hexadecimal numbers 108 Intel Blade Server Ethernet Switch Module IXM5414E representing the VLAN and six two digit hexadecimal numbers representing the MAC address separated by hyphens for example 00 01 00 23 45 67 89 AB Type Displays the type of the entry Static entries are those that are configured by the end user Dynamic entries are added to the table as a result of a learning process or pr
124. blocking state Link up This trap indicates that the link state of a port has changed from link down to link up Link down This trap indicates that the link state of a port has changed from link up to link down Management Information Bases MIB Management and counter information are stored in the switch module in the management information base MIB The switch module uses the standard MIB II management information base module Consequently values for MIB objects can be retrieved using any SNMP based network management software In addition to the standard MIB II module the switch module also supports its own proprietary enterprise MIB as an extended management information base This MIB can also be retrieved by specifying the object identifier OID of the MIB as the network manager MIB values can be either Read only or Read Write Read only MIB variables can be either constants that are programmed into the switch module or variables that change while the switch module is in operation Examples of Read only constants are the number of ports and type of ports Examples of Read only variables are the statistics counters such as the number of errors that have occurred or how much data in kilobytes has been received and forwarded through a port Read Write MIBs variables are usually related to user customized configurations Examples of these are the switch module IP address Spanning Tree Protocol STP parameters and port status If
125. c programs might tell you that you need additional or updated device drivers or other software The troubleshooting information or the diagnostic programs might tell you that you need additional or updated device drivers or other software Hardware and software service and support Contact your Intel Support Representative for hardware and software service and support 275 276 Intel Blade Server Ethernet Switch Module IXM5414E Appendix H Notices Safety and regulatory information NOTE These service procedures are designed to help you isolate problems They are written with the assumption that you have model specific training on all computers or that you are familiar with the computers functions terminology and service information provided in this manual Important Safety Instructions Read all caution and safety statements in this document before performing any of the instructions See nte Server Boards and Server Chassis Safety Information on the Resource CD and or at http support intel com Wichtige Sicherheitshinweise Lesen Sie zun chst s mtliche Warn und Sicherheitshinweise in diesem Dokument bevor Sie cine der Anweisungen ausf hren Beachten Sie hierzu auch die Sicherheitshinweise zu Intel Serverplatinen und Servergehausen auf der Ressourcen CD oder unter http support intel com FETS ERTEN TZA WARBER REAREN SN Resource CD HAXA W X htip support iniel com EBY Intel Server Boards and Server Chassis S
126. cally register and de register Group membership information with other networking devices attached to the same segment and across all the bridged LAN devices that support Extended Filtering Services The operation of GMRP relies upon the services provided by the GARP The information registered de registered and disseminated via GMRP is in the following forms Group Membership Information This indicates that there exists one or more GMRP participants which are members of a particular Group and carries the group MAC address es associated with this Group Registration of group membership information allows networking devices to be made aware that frames destined for these group MAC address es should be forwarded in the direction of registered members of the group Forwarding of frames destined for the group MAC address es occurs on ports on which such membership registration has been received Group Service Requirements Information This indicates that one or more GMRP participants require Forward all Groups or Forward Unregistered to be the default filtering behavior Registration of group services requirement information allows networking devices to be made aware that any of their ports that can forward frames in the direction from which the group service requirement information has been received should modify their default group behavior in accordance with the group service requirement When the switch module receives GMRP PDUs it will updat
127. cast Multicast Sram Stern VLAN WLAN VLAN Cont rol Broadcast Control Multi ast IE Mame Type hode PacketeiSecona Maie PatketelSeconmd eim Deia Disable Caeebhe There is a VLAN Identifier VLAN ID associated with each VLAN The range of the VLAN ID is 1 to 4094 A string associated with this VLAN as a convenience It can be up to 16 alphanumeric characters long including blanks The default is blank VLAN ID 1 always has a name of Default This field is optional What type of VLAN this is A VLAN can be e the Default VLAN VLAN ID 1 e astatic VLAN one that you have created e a Dynamic VLAN one that is created by GVRP registration Intel Blade Server Ethernet Switch Module IXM5414E In order to change a VLAN from Dynamic to Static use the VLAN Configuration panel or the config vlan makestatic command Broadcast Storm Control Mode This field shows the mode of broadcast storm control on the VLAN If storm control is Enabled storms are controlled by counting the number of broadcast packets within a certain time period If a count limit is exceeded the packets are discarded Broadcast Packets Second The rate level at which the broadcast packets will begin being discarded Multicast Storm Control Mode This field shows the mode of multicast storm control on the VLAN If storm control is Enabled storms are controlled by counting the number of multicast packets within a certain time period If a count limit is exceeded the packe
128. cator role only The authenticator PAE is responsible for submitting information received from the supplicant to the authentication server in order for the credentials to be checked which will determine the authorization state of the port The authenticator PAE controls the authorized unauthorized state of the controlled port depending on the outcome of the authentication process Authentication messages use the Extensible Authentication Protocol EAP A port may take one of two states Controlled Traffic will only be exchanged if the port is in the Authorized state Uncontrolled Allows the uncontrolled exchange of EAP over IEEE 802 LANs EAPoL PDUs between the Authenticator and Supplicant Intel Blade Server Ethernet Switch Module IXM5414E 35 A controlled port is configured by management to be in one of three states ForceUnauthorized The port is set to the unauthorized state ForceAuthorized The port is set to the authorized state Auto The port s state will be set based on the outcome of authentication exchanges between the Supplicant Authenticator and the Authentication server This is the default port state when port based access control is enabled Local authentication Local authentication matches a user ID password combination received from the supplicant to the switch module s local database The switch module will transmit an EAP Request Identity packet to the supplicant to obtain the combination and if a match is fou
129. cause In this case the port utilization data will have unusually high values The priority for most cases is to restore connectivity as soon as possible The simplest remedy is to manually disable all of the ports that provide redundant links Disabling the ports one at a time and then checking for the restoration of a user s connectivity will identify the link that is causing the Intel Blade Server Ethernet Switch Module IXM5414E 271 problem if sufficient time is available Connectivity will be restored immediately after disabling a data loop Avoiding network problems To help your network operate more efficiently you can avoid or minimize network problems as described in this section 272 Know where the root is located Although the STP can elect a root bridge a well designed network has an identifiable root for each VLAN Careful setup of the STP parameters results in the selection of this best bridge as the root for each VLAN Redundant links can then be built into the network STP is well suited to maintaining connectivity in the event of a device failure or removal but is poorly suited to designing networks Know which links are redundant Organize the redundant links and tune the port cost parameters of STP to force those ports into the discarding state For each VLAN know which ports should be discarding in a stable network A network illustration that shows each physical loop in the network and which ports break
130. ce IP address e Destination IP address e Source Layer 4 port e Destination Layer 4 port e Type of Service byte e Internet Protocol number The script in the following example restricts access to the network to UDP and TCP traffic from a defined set of IP source addresses Create Access Control List 1 config acl create 1 Create Rule for ACL 1 config acl rule create 1 1 Define the content of ACL 1 Rule 1 Packets will be accepted only if they are TCP packets from the source IP address set defined by the specified IP address and mask config acl rule action 1 1 permit config acl rule match protocol keyword 1 1 tcp config acl rule match dstip 1 1 192 168 50 0 255 255 255 0 Create Rule 2 for ACL 1 config acl rule create 1 2 Define the content of ACL 1 Rule 2 Packets will be accepted only if they are UDP packets from the source IP address set defined by the specified IP address and mask This is the same source IP address set defined for TCP traffic config acl rule action 1 2 permit config acl rule match protocol keyword 1 2 udp config acl rule match dstip 1 2 192 168 50 0 255 255 255 0 Apply ACL to inbound traffic received on external ports 1 4 Packets that do not match the criteria specified in Rules 1 or 2 will be dropped config acl interface add ext 1 inbound 1 Intel Blade Server Ethernet Switch Module IXM5414E 255 config acl interface add ext 2 inbound 1 config acl interface add ext 3 inbound 1 config
131. ceived from this accounting server including packets with invalid length but not including packets with bad authenticators or unknown types Bad Authenticators The number of RADIUS accounting response packets received from this accounting server including packets with invalid authenticators Pending Requests The number of RADIUS accounting request packets sent to this accounting server that have not yet timed out or received a response Timeouts The number of RADIUS packets sent to this accounting server that have timed out Unknown Types The number of RADIUS packets of unknown type received from this accounting server Packets Dropped The number of RADIUS packets received from this accounting server dropped for a reason not otherwise included in this list show radius accounting summary Use this command to display a summary of the RADIUS accounting configuration parameters for the switch Format show radius accounting summary Accounting Mode Indicates whether accounting mode is enabled or disabled IP Address The IP address of the RADIUS accounting server currently in use Port The port used to access the accounting server Secret configured Indicates whether a secret has been configured for the accounting server RADIUS configuration summary commands clear radius stats Use this command to reset all RADIUS statistics for the switch You will be prompted to confirm this choice Format clear radius stats config
132. cess the value is displayed but cannot be changed Secret Specifies the shared secret to use with the specified accounting server This field is only displayed if the user has Read Write access Apply The Secret is applied only if this box is checked If the box is not checked anything entered in the Secret field has no affect and is not retained This field is only displayed if the user has Read Write access Intel Blade Server Ethernet Switch Module IXM5414E Secret Configured Indicates whether the shared secret for this accounting server has been configured Click the Apply button to send the updated screen to the switch and cause the changes to take effect on the switch If you want the switch to retain the new values across a power cycle you must perform a save Click the Remove button to remove the selected accounting server from the configuration This button is only available to Read Write users If you want the switch to retain the new values across a power cycle you must perform a save Click the Refresh button to update the information on the page Accounting server statistics This panel displays the RADIUS statistics for the accounting server Accounting Server IP Address Identifies the accounting server associated with the statistics Round Trip Time secs Displays the time interval in hundredths of a second between the most recent Accounting Response and the Accounting Request that matched it from this RADIUS
133. ch Enabled bridge port is assigned a port role The port role will be one of the following values Root Port Designated Port Alternate Port Backup Port Master Port or Disabled Port Displays the port administration mode The port must be Enabled in order for it to be allowed into the network The factory default is Enabled Intel Blade Server Ethernet Switch Module IXM5414E Control Mode Displays whether flow control is Enabled or Disabled on this port The following displays the right side of the panel Descriptions of these fields follow Physical fdode Physical Status Enabia Ante Link Lear cre Link Tran 3 Mindex Enaiecs Tai Link Eigen Enable Enas Anti Laney Licwen cnaile 2 Enans Anii Link Ciya Ematde il Emnat AD Lank Dosw Enable E Ema Anii Link Giese Enable Engst Ate Link Cow Cree i Emai PRE Lank Liaw Cree 5 Enab Asoo Link Ciwan creat iJ Enatee Tai Link Liaw chabie Ww Enate Ayo Land Cowen Enatle 11 Eman Ate Link Liyan craie la Emnat Aion Link Lian crate 1 CTIB Aii Link Cigs cnahe 14 Emnat AUH MEJ MEn Ful Lapis Link Lip cree Sa Enab Auer LinkDown Enable irae Enab ailai i bos Ful Dupi Link Up Enables Se Enatee vir Link Ligy trahe AT Enatie Link Cowen Enatle fiat E LACP Mode Displays whether Link Aggregation Control Protocol LACP is Enabled or Disabled on this port Physical Mode Displays the selected port speed and duplex mode If auto negotiation support is selected then
134. condition for the rule The possible values are ICMP IGMP IP TCP and UDP Source IP Address Displays the source IP address if any that is a match condition for this rule Source IP Mask Displays the source IP mask if any that is a match condition for this rule Source Ports Displays the source port range if any that is a match condition for this rule Service Type Field Match Indicates whether an IP DSCP IP Precedence or IP TOS match condition is specified for this rule Service Type Field Value Indicates the value specified for the Service Type Field Match IP DSCP IP Precedence or IP TOS if it a match condition for this rule show acl summary Use this command to display a summary of the ACLs associated with interfaces in the system Format show acl summary ACL ID Displays the ACL identifier Rules Displays the number of rules that are associated with this ACL Interface s Displays the interfaces associated with this ACL Direction Displays the packet filtering direction for the ACL on the interface The possible values displayed are inbound and outbound 222 Intel Blade Server Ethernet Switch Module IXM5414E Bandwidth provisioning commands BW provisioning BW allocation commands config bwprovisioning bwallocation create Use this command to create a bandwidth allocation profile The lt name gt field is an alphanumeric string up to 15 characters Format config bwprovisioning bwallocation create lt name gt
135. confirm your selection on the next screen Also all VLANs except for the default VLAN will be deleted The factory default values are e All ports are assigned to the default VLAN of 1 e All ports are configured with a PVID of 1 e All ports are configured to an Acceptable Frame Types value of Admit All Frames e All ports are configured to transmit only untagged frames e GVRP is disabled on all ports and all dynamic entries are cleared e GVRP is disabled for the switch and all dynamic entries are cleared Filters This menu provides access to two MAC filter screens e MAC filter configuration e MAC filter summary MAC filter configuration Use this panel to add a static MAC filter entry for a MAC address and VLAN pair update existing filter information or delete one or more configured filters Destination Port MAC Filter Mac Address B Mask ae ES a E Ty F IE Emi ES E 6 B ry Ema Deste Ceke Al Appi MAC Filter This is the list of MAC address and VLAN ID pairings for all configured filters To change the port mask s for an existing filter select the entry you want to change Intel Blade Server Ethernet Switch Module IXM5414E 97 To add a new filter select Create Filter from the top of the list Up to 48 static MAC filters may be created MAC Address The MAC address of the filter in the format 00 01 1A B2 53 4D You can only change this field when you have selected the Create Filter option You can
136. curity set a password after you log onto the system for the first time and be sure to store the new password in a safe location Intel Blade Server Ethernet Switch Module IXM5414E 43 44 z If java mode is enabled for the switch the default is enabled the top panel shows a real time information panel display of the switch module as shown below You can change the java mode on the Network Connectivity Configuration menu See Network connectivity on page 49 External port Blade server bays Status O OZO Switch module J Link status rear view The panel on the left side of the screen displays the main menu The main menu contains System Switching Class of service Security QOS Logout All of these main menu options except Logout have sub menus some of which have further sub menus as shown below All of the Web based switch module management features are accessed from these sub menus and are described in the remainder of this chapter Intel Blade Server Ethernet Switch Module IXM5414E When you first log on to the switch you will see the System Description details in the center of the screen For more details on the information displayed see System description on page 48 system Description m Sisam Desonpion Emnepnise Serer Glade Gegaitit Ehemet Swich System Marne Sytem Location Sytem Conka IP Ares 192 TEs 21 25 wiem Obat O Fial Sym Ue Tim O days O hours T us MIS
137. cy Magnetic Fields EN61000 4 11 Voltage Dips and Interrupts VCCI Class A ITE CISPR 22 Class A Limit Australia New AS NZS 3548 Class A Limit Zealand Electromagnetic compatibility notice USA This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense Electromagnetic compatibility notices International Europe CE Declaration of Conformity This product has been tested in accordance to and complies with the Low Voltage Directive 73 23 EEC and EMC Directive 89 336 EEC The product has been marked with the CE Mark to illustrate its compliance Japan EMC Compatibility Intel Blade Server Ethernet Switch Module IXM5414E 281 ORE HERE RECREMEOTAMEES VCCI Ose CESS PSA AMREMEETT ORRESERATHATSLRR HSEUAGoOT CLASES COMSCRRA AAR ENT SLIBRINSCEMBOET English translation of the notice above This is a Class A product based on
138. d LACP Mode Displays whether Link Aggregation Control Protocol is enabled or disabled on this port FlowControl Mode Displays whether flow control is enabled or disabled on this port Mirroring commands config mirroring create Use this command to configure a probe port and a mirrored port for port mirroring The first port is the probe port and the second port is the mirrored port If this command is executed while port mirroring is enabled it will have the effect of changing the probe and mirrored port values The probe port will be removed from all VLANs Format config mirroring create lt port gt lt port gt config mirroring delete Use this command to remove the port mirroring designation from both the probe port and the mirrored port The probe port must be manually re added to any desired VLANs Format config mirroring delete config mirroring mode Use this command to configure the port mirroring mode The possible values are enable and disable The probe and mirrored ports must be configured before port mirroring can be enabled If enabled the probe port will mirror all traffic received and transmitted on the physical mirrored port It is not necessary to disable port mirroring before modifying the probe and mirrored ports Default disable Format config mirroring mode lt enable disable gt Intel Blade Server Ethernet Switch Module IXM5414E 165 show mirroring Use this command to display the port mirroring inform
139. d When the selection is changed a screen refresh occurs causing all fields to be updated for the newly selected port All physical interfaces are valid EAPOL Frames Received The number of valid EAPOL frames of any type that have been received by this authenticator EAPOL Frames Transmitted The number of EAPOL frames of any type that have been transmitted by this authenticator EAPOL Start Frames Received The number of EAPOL start frames that have been received by this authenticator EAPOL Logoff Frames Received The number of EAPOL logoff frames that have been received by this authenticator Last EAPOL Frame Version The protocol version number carried in the most recently received EAPOL frame Last EAPOL Frame Source The source MAC address carried in the most recently received EAPOL frame EAP Response ID Frames Received The number of EAP response identity frames that have been received by this authenticator EAP Response Frames Received The number of valid EAP response frames other than response identity frames that have been received by this authenticator Intel Blade Server Ethernet Switch Module IXM5414E EAP Request ID Frames Transmitted The number of EAP request identity frames that have been transmitted by this authenticator EAP Request Frames Transmitted The number of EAP request frames other than request identity frames that have been transmitted by this authenticator Invalid EAPOL Frames Received The number of EAPOL fram
140. d hot swap module is replaced with an identical module or filler module within 1 minute of removal e Cables for the optional modules are routed according to the illustrations and instructions in this document Handling static sensitive devices Attention Static electricity can damage electronic devices and your system To avoid damage keep static sensitive devices in their static protective packages until you are ready to install them To reduce the possibility of electrostatic discharge observe the following precautions e Limit your movement Movement can cause static electricity to build up around you e Handle the device carefully holding it by its edges or its frame e Do not touch solder joints pins or exposed printed circuitry 10 Intel Blade Server Ethernet Switch Module IXM5414E e Do not leave the device where others can handle and possibly damage it e While the device is still in its static protective package touch it to an unpainted metal part of the SBCE platform for at least two seconds This drains static electricity from the package and from your body e Remove the device from its package and install it directly into your SBCE without setting it down If it is necessary to set the device down place it in its static protective package Do not place the device on your SBCE platform or on a metal table e Take additional care when handling devices during cold weather because heating reduces indoor humidity and i
141. d on the switch if any For example Quality of Service Logs show eventlog Use this command to display the event log which is used to hold error messages for catastrophic events After the event is logged and the updated log is saved in FLASH memory the switch will be reset The log can hold at least 2 000 entries the actual number depends on the platform and OS and is erased when an attempt is made to add an entry after it is full Format show eventlog File The source code filename identifying the code that detected the event Line The line number within the source file of the code that detected the event Task Id The OS assigned ID of the task reporting the event Code The event code passed to the event log handler by the code reporting the event Time The time the event occurred measured from the previous reset NOTE Event log information is retained across a switch module reset show msglog Use this command to display the message log The message log contains system trace information that records non critical problems Format show msglog Time The time the event occurred calculated from the time the switch was last reset File The source code filename identifying the code that detected the event Line The line number within the source file of the code that detected the event Description An explanation of the problem being reported NOTE Message log information is not retained across a switch module reset and wrap
142. d the maximum configured bandwidth 38 Intel Blade Server Ethernet Switch Module IXM5414E Access Control Lists ACL You use Access Control Lists ACLs to control the traffic entering or exiting a network for example where two networks are connected or an internal network is connected through a firewall router to the Internet This allows you to ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach them You can use ACLs to e Provide traffic flow control e Determine which types of traffic will be forwarded or blocked e Provide network security An ACL consists of one or more rules or filtering criteria A packet is accepted or rejected based on whether or not it matches the criteria After you create the set of rules for an ACL you attach the ACL to an interface Filtering is done on inbound traffic An ACL rule may apply to any one or more of the following fields e Source IP address e Source Port Layer 4 e Destination IP e Destination Port Layer 4 e IP Protocol Number An implicit deny rule is added to the end of every ACL This means that if a packet does not match any of the rules you have defined it will be dropped Intel Blade Server Ethernet Switch Module IXM5414E 39 40 Intel Blade Server Ethernet Switch Module IXM5414E 5 Web Based Network Management This chapter describes how to use the Web based network management module to acc
143. de webmode port adminmode autoneg flowcontrol lacomode linktrap physicalmode prompt protocol create delete interface add remove protocol add remove vian add remove radius accounting mode server add port remove secret maxretransmit server add msgauth port primary remove secret timeout snmpcommuni accessmode ty Intel Blade Server Ethernet Switch Module IXM5414E create delete ipaddr ipmask mode snmptrap create delete ipaddr mode spanningtree adminmode bridge forwarddelay hellotime maxage priority cst port edgeport pathcost priority forceversion port migrationchec k mode ssh adminmode protocol syscontact syslocation sysname telnet maxsessions mode timeout trapflags authentication linkmode multiusers Intel Blade Server Ethernet Switch Module IXM5414E 243 stpmode users add defaultlogin delete login passwd snmpv3 accessmode authentication encryption vian bcaststorm create delete makestatic mcaststorm name participation port acceptframe priority pvid tagging help logout ping reset system save config show acl detailed summary arp switch authentication login info users bwprovisionin bwallocation detailed g 2
144. dges This will determine which bridge in the network is the best choice for the root bridge If there is only one bridge on the network no BPDU exchange occurs the forward delay timer expires and the ports move to the learning state All STP enabled ports enter the discarding state following the bridge startup 264 A port in the discarding state does the following Discards packets received from the network segment to which it is attached Discards packets sent from another port on the bridge for forwarding Does not add addresses to its forwarding database Receives BPDUs and directs them to the central processing unit CPU Does not transmit BPDUs from the CPU Intel Blade Server Ethernet Switch Module IXM5414E The following illustration shows the actions that occur when a port is in the discarding state Network Segment Port 1 Forwarding Network Mangement Dat Addresses BPDUs Soe e Forwarding Database switching Fabric Data Packets Port Discarding A Network Segment Learning state A port in the learning state prepares to participate in frame forwarding The port enters the learning state from the discarding state A port will move from learning to forwarding when its forward delay timer expires A port in the learning state does the following e Discards frames received from the network segment to which it is attached e Discards packets sent from another port on the bridge for f
145. e Click the Apply button to cause the changes made on this screen to take effect on the switch click If you want the switch to retain the new values across a power cycle you must perform a save Intel Blade Server Ethernet Switch Module IXM5414E 57 Forwarding database The first option on this menu is the Configuration panel which allows you to configure the forwarding database aging interval The second option is the Search panel which displays the forwarding database entries specified by a MAC address or filter you enter Configuration Use this panel to configure the forwarding database aging interval Aging Interval secs The forwarding database contains static entries which are never aged out and dynamically learned entries which are removed if they are not updated within a given time You specify that time by entering a value for the Aging Interval Enter any number of seconds between 10 and 1000000 IEEE 802 1D recommends a default of 300 seconds which is the factory default Click the Apply button to cause the changes made on this screen to take effect on the switch If you want the switch to retain the new values across a power cycle you must perform a save Search This panel displays the forwarding database entries You can specify a filter to determine which addresses are displayed or a MAC address to display the table entry for the requested MAC address and all entries following the requested MAC address 58
146. e Format config trapflags stpmode lt enable disable gt show trapflags Use this command to display trap conditions When the condition identified by an active trap is encountered by the switch a trap message will be sent to any enabled SNMP Trap Receivers and a message will be written to the trap log Cold and warm start traps are always enabled Format show trapflags Authentication Flag Indicates whether authentication failure traps will be sent enable or not disable 186 Intel Blade Server Ethernet Switch Module IXM5414E Link Up Down Flag Indicates whether a trap will be sent when the link status changes from up to down or vice versa Multiple Users Flag Indicates whether a trap will be sent when the same user ID is logged into the switch more than once at the same time either via Telnet or serial port Spanning Tree Flag Indicates whether spanning tree traps will be sent show traplog Use this command to display the trap log Format show traplog Number of Traps Since Last Reset The number of traps that have occurred since the last time the switch was reset Number of Traps Since Log Last Viewed The number of traps that have occurred since the traps were last displayed Displaying the traps by any method terminal interface display Web display upload file from switch etc will cause this counter to be cleared to 0 Log The sequence number of this trap System Up Time The time at which this trap occurred expre
147. e From discarding to learning or to disabled e From learning to forwarding or to disabled e From forwarding to disabled or to discarding e From disabled to discarding When you enable STP every port on every bridge in the network goes through the discarding state and then goes through the learning state at startup If properly configured each port stabilizes to the forwarding or discarding state No packets except BPDUs and LACPDUs are forwarded from or received by STP enabled ports until the forwarding state is enabled for that port IEEE 802 1w STP port states The IEEE 802 1w protocol definition speeds up the reconfiguration of the spanning tree using two new mechanisms e Bridges exchange explicit acknowledgement frames e Ports may be configured to transition directly to the forwarding state when the bridge is reinitialized this 1s appropriate for edge ports The number of port states were reduced from five to three specified in the original IEEE 802 1D standard Discarding The port is blocked from forwarding or receiving packets and does not add information to the forwarding database Learning The port is adding addresses to its forwarding database but not yet forwarding packets Forwarding The port is adding addresses to its forwarding database and is forwarding packets Table 12 Relationship between IEEE 802 1D and IEEE 802 1w port states IEEE 802 1D port Admin bridge MAC operational IEEE 802 1w port Active to
148. e configured to use the algorithm and protocols defined in IEEE 802 1 w instead IEEE 802 1D has been further revised in IEEE 802 1s which incorporates IEEE 802 1w and defines a multiple Spanning Tree Protocol along with an IEEE 802 1D compatibility mode The IXM5414E switch module defaults to IEEE 802 1D compatibility mode operation but can be configured to use the algorithm and protocols defined in IEEE 802 1w instead Where this document refers to IEEE 802 1D you should be aware that the reference is to IEEE 802 1D compatibility mode Intel Blade Server Ethernet Switch Module IXM5414E 25 For additional information about both forms of the Spanning Tree Protocol see Appendix H on page LTT Virtual Local Area Networks VLAN A virtual local area network VLAN is a network topology configured according to a logical scheme rather than the physical layout VLANs can be used to combine any collection of blade servers into an autonomous user group that appears as a group within one or more chassis VLANs also logically segment the blade servers into different broadcast domains so that packets are forwarded only between blade servers and the four external ports within the VLAN VLANs can enhance performance by conserving bandwidth and improve security by limiting traffic to specific domains Notes about VLANs on the IXM5414E switch module No matter what basis is used to uniquely identify blade servers and assign these nodes VLAN membership
149. e covers Removing the covers of the laser product could result in exposure to hazardous laser radiation There are no serviceable parts inside the device e Use of controls or adjustments or performance of procedures other than those specified herein might result in hazardous radiation exposure La DANGER Some laser products contain an embedded Class 3A or Class 3B laser diode Note the following Laser radiation when open Do not stare into the beam do not view directly with optical LN Class 1 Laser Product Laser Klasse 1 Laser Klass 1 Luokan 1 Laserlaite Appareil A Laser de Classe 1 Vil Statement 3 La gt 18 kg 39 7 Ib gt 32 kg 70 5 Ib gt 55 kg 121 2 Ib 2X CAUTION Use safe practices when lifting Statement 4 ZN 2X CAUTION If you install a strain relief bracket option over the end of the power cord that 1s connected to the device you must connect the other end of the power cord to an easily accessible power source Statement 5 a Lp 2X CAUTION Never remove the cover on a power supply or any part that has the following label attached Hazardous voltage current and energy levels are present inside any component that has this label attached There are no serviceable parts inside these components If you suspect a problem with one of these parts contact a service technician viii Statement 6 ha a DANGER Overloading a branch circuit is potentially
150. e entry associated with the port Status The status of the entry The possible values are Static The value of the corresponding instance was added by the system or a user and cannot be relearned Learned The entry was learned by observing the source MAC addresses of incoming traffic and is currently in use Management The system MAC address identified with Bay 1 Self The MAC address of one of the switch s physical interfaces Inventory information show inventory Use this command to display inventory information for the switch Format show inventory Switch Description The product name of this switch Machine Type The machine type of this switch Machine Model The model within the machine type Serial Number The unique box serial number for this switch FRU Number The field replaceable unit number Part Number The manufacturing part number Maintenance Level The identification of the hardware change level Manufacturer The two octet code that identifies the manufacturer Burnedin MAC Address The burned in universally administered MAC address of this switch Software Version The release version maintenance number of the code currently running on the switch Operating System The operating system currently running on the switch Network Processing Element Identifies the network processor hardware 162 Intel Blade Server Ethernet Switch Module IXM5414E Additional Packages The list of optional software packages installe
151. e maximum length of name is 16 case sensitive alphanumeric characters 70 IP addresses in the SNMP trap receiver table must be unique If you make multiple entries using the same IP address the first entry is retained and processed All duplicate entries are ignored Intel Blade Server Ethernet Switch Module IXM5414E Delete Apok Community This field adds an SNMP trap receiver community name and associated IP address Name Enter the community string for the SNMP trap packet to be sent to the trap manager This may be up to 16 characters and is case sensitive IP Address Enter the IP address to receive SNMP traps from this device Status This field Enables or Disables the SNMP trap receiver identified by trap receiver community name and IP address Enabled trap receivers are active able to receive traps Disabled trap receivers are inactive not able to receive traps Click the Delete button to delete the currently selected Community Name If you want the switch to retain the new values across a power cycle you must perform a save Click the Apply button to update the switch with the values on this screen If you want the switch to retain the new values across a power cycle you must perform a save Trap receiver summary This panel displays information about SNMP trap receivers Trap messages are sent across a network to an SNMP Network Manager These messages alert the manager to events occurring within the switch or
152. e mode for the port by selecting Enable or Disable from the pull down menu If you select Disable the protocol will not be active and Join Time Leave Time and Leave All Time have no effect The factory default is Disable Join Timer centisecs Specify the time between the transmission of GARP PDUs registering or re registering membership for a VLAN or multicast group in centiseconds Enter a number between 10 and 100 0 1 to 1 0 seconds The factory default is 20 centiseconds 0 2 seconds An instance of this timer exists for each GARP participant for each port Leave Timer centisecs Specify the time to wait after receiving an unregister request fora VLAN or multicast group before deleting the associated entry in centiseconds This allows time for another station to assert registration for the same attribute in order to maintain uninterrupted service Enter a number between 20 and 600 0 2 to 6 0 seconds The factory default 1s 60 centiseconds 0 6 seconds An instance of this timer exists for each GARP participant for each port Leave All Timer centisecs The Leave All Timer controls how frequently LeaveAll PDUs are generated A LeaveAll PDU indicates that all registrations will shortly be deregistered Participants will need to rejoin in order to maintain registration The Leave All Period Timer is set to a random value in the range of LeaveAllTime to 1 5 LeaveAlIlTime The timer is specified in centiseconds Enter a number betwe
153. e must be less Intel Blade Server Ethernet Switch Module IXM5414E 103 than the Group Membership Interval Multicast Router Present Expiration Time secs Specify the amount of time you want the switch to wait to receive a query on an interface before removing it from the list of interfaces with multicast routers attached Enter a value between 0 and 3600 seconds The default is 0 seconds A value of zero indicates an infinite timeout i e no expiration Multicast Control Frame Count The number of multicast control frames that are processed by the CPU Interfaces Enabled for IGMP Snooping A list of all the interfaces currently enabled for IGMP snooping Click the Apply button to update the switch with the values you enter If you want the switch to retain the new values across a power cycle you must perform a save Interface configuration Use this panel to specify on which ports to enable IGMP snooping Select the Ports to Enable for IGMP Snooping The multiple select box lists all physical and LAG interfaces Those interfaces currently enabled for IGMP snooping are shown as selected Select all the interfaces you want enabled and deselect all those you want Disabled Click the Apply button to update the switch with the values you enter If you want the switch to retain the new values across a power cycle you must perform a save 104 Intel Blade Server Ethernet Switch Module IXM5414E LAG This menu provides access to the Link
154. e remaining four community names are blank Format config snmpcommunity create lt name gt config snmpcommunity delete Use this command to remove a name from the SNMP community table Format config snmpcommunity delete lt name gt config snmpcommunity ipaddr 166 Use this command to specify the IP address or portion thereof from which this device will accept SNMP packets with the associated community name The requesting entity s IP address is ANDed with the IP mask before being compared to this IP address Note that if the IP mask is set to 0 0 0 0 an IP address of 0 0 0 0 matches all IP addresses The default value is 0 0 0 0 The parameter lt name gt is the applicable community name and may be up to 16 alphanumeric characters Default 0 0 0 0 Intel Blade Server Ethernet Switch Module IXM5414E Format config snmpcommunity ipaddr lt ipaddr gt lt name gt config snmpcommunity ipmask Specify the mask to be ANDed with the requesting entity s IP address before comparison with the SNMP community IP address associated with the same community name If the result matches the SNMP community IP address then the address is an authenticated IP address For example if the IP address 9 47 128 0 and the corresponding IP mask 255 255 255 0 a range of incoming IP addresses would match 1 e the incoming IP address could equal 9 47 128 0 9 47 128 255 The default value is 0 0 0 0 The parameter lt name gt is the ap
155. e same administrative mode setting Default enable Format config lag linktrap lt logical port listofports all gt lt enable disable gt config lag name Use this command to define a name for the specified LAG Name is an alphanumeric string up to 15 characters Use this command to modify the name that was associated with the LAG when it was created Format config lag name lt logical port gt lt name gt show lag 192 Use this command to display an overview of all link aggregation groups LAGs on the switch Format show lag lt logical port listofports all gt Logical Port The logical port identifying the LAG in the format lag port LAG Name The name of this LAG Link State Indicates whether the link is up or down Admin Mode The administrative mode The factory default is enabled Link Trap Mode Indicates whether or not a trap will be sent when link status changes The factory default is enabled STP Mode The Spanning Tree Protocol Administrative Mode associated with the LAG The possible values are Disable Spanning tree is disabled for this LAG Enable Spanning tree is enabled for this LAG Intel Blade Server Ethernet Switch Module IXM5414E Mbr Ports A listing of the ports that are members of this LAG in port notation There can be a maximum of 8 ports assigned to a given LAG Port Speed The speed of the LAG A LAG is always full duplex MAC filter commands config macfilter adddest Use this command
156. e the multicast table with a new entry or modify an existing entry with the new information The switch module will forward multicast packets through only those ports for which GMRP has created a group registration entry for that multicast address GMRP registrations are specific to a VLAN which allows the Group filtering behavior for one VLAN to be independent of the Group filtering behavior for other VLANs The same ingress rules are applied to GMRP PDUs as to other packets Therefore e GMRP frames with no VLAN classification 1 e untagged or priority tagged GMRP frames are discarded if the Acceptable Frame Types parameter for the Port is set to Admit Only VLAN tagged frames Otherwise they are classified according to the PVID Port VLAN ID for the Port e VLAN tagged GMRP frames are classified according to the VID carried in the tag header Intel Blade Server Ethernet Switch Module IXM5414E 31 The VLAN classification thus associated with received GMRP PDUs establishes the VLAN context for the received PDU and identifies the GARP participant instance to which the PDU 1s directed GMRP PDUs transmitted by GMRP participants are VLAN classified according to the VLAN context associated with that participant GMRP Participants in VLAN networking devices apply the same egress rules that are defined for the transmission port Therefore e GMRP PDUs are transmitted through a given port only if the port is a member of the VLAN concerned
157. e will acquire its IP address network mask and default gateway from a DHCP server when the switch module is turned on or reset config network webmode Use this command to enable or disable access to the switch module via the Web interface When access is enabled a user can login to the switch from a web browser through TCP port 80 Disabling access takes effect immediately on all interfaces Default enable Format config network webmode lt enable disable gt Intel Blade Server Ethernet Switch Module IXM5414E 169 show network Use this command to display network configuration settings that are necessary for in band connectivity Format show network IP Address The IP address of the interface The factory default value 1s 10 90 90 9x where x is determined by the the number of the I O module bay in which the Ethernet switch module is installed See Table 1 Default IP addresses based on I O module bay numbers on page 21 The IP address may have been acquired from a DHCP server or may be the static IP address acquired from the management module See the Network Configuration Protocol item for more information Subnet Mask The IP subnet mask for this interface The factory default value is 255 255 255 0 Default Gateway The default IP gateway address for this interface The factory default value is 0 0 0 0 Burned In MAC Address The burned in MAC address used for in band connectivity if you choose not to configure a locally ad
158. e will be one of the following values Root Port Designated Port Alternate Port Backup Port Master Port or Disabled Port Designated Root Root Bridge for the spanning tree Designated Cost Path Cost offered to the LAN by the Designated Port Designated Bridge Bridge Identifier of the bridge with the Designated Port Designated Port Port Identifier on the Designated Bridge that offers the lowest cost to the LAN Topology Change Acknowledge Identifies whether the next BPDU to be transmitted for this port would have the topology change acknowledgement flag set It is either True or False Hello Time secs Configured value of the hello timer Edge Port Indicates whether the port is Enabled as an edge port It takes the value Enabled or Disabled Point to point MAC Derived value of the point to point status CST Regional Root Bridge Identifier of the CST Regional Root It is made up using the bridge priority and the base MAC address of the bridge Intel Blade Server Ethernet Switch Module IXM5414E CST Path Cost Path Cost to the CST Regional Root Click the Apply button to send the updated screen to the switch and cause the changes to take effect on the switch If you want the switch to retain the new values across a power cycle you must perform a save Click the Force button to force the port to send out 802 1w BPDUs Click the Refresh button to update the screen with the most recent data Statistics This panel displays BPDU statis
159. ections to a backbone end stations and servers Fourteen internal full duplex gigabit ports one connected to each of the blade servers Two internal full duplex 100 Mbps ports connected to the management modules e Performance features Transmission method Store and forward Packet filtering forwarding rate Full wire speed for all connections e 148k packets per second per port for 100 Mbps e 1 48m packets per second pps per port for 1000 Mbps Media Access Control MAC address learning Automatic update Supports 3584 MAC address Forwarding table age time Maximum age 10 to 1 000 000 seconds Default 1s 300 seconds Support for 128 concurrent VLANs Switch Topology Star Intel Blade Server Ethernet Switch Module IXM5414E e Standards The following standards apply to the IXM5414E switch module Switching Support IEEE 802 3 lOBASE T Ethernet IEEE 802 3 Auto negotiation IEEE 802 3u LOOBASE TX Fast Ethernet IEEE 802 3z Gigabit Ethernet IEEE 802 3ab 1000BASE T IEEE 802 1Q Tagged VLAN EEE 802 1p Priority GARP GMRP GVRP IEEE 802 3ac VLAN Tagging IEEE 802 3ad Link Aggregation IEEE 802 1s Spanning Tree IEEE 802 1w Rapid Spanning Tree IEEE 802 1X Port Based Authentication IEEE 802 3X Flow Control RFC 768 UDP RFC 783 TFTP RFC791 IP RFC 792 ICMP RFC 793 TCP RFC 826 ARP RE
160. ed VLAN only tagged packets will be accepted by member ports and all packets transmitted from member ports will be tagged config vlan participation include 1 bay 1 bay 2 config vlan port tagging enable 1 bay 1 bay 2 config vlan port acceptframe vlanonly 1 bay 1 bay 2 Assign the ports that will belong to vlan_two Untagged packets will be accepted by member ports bay 3 and bay 4 and assigned the default PVID of 2 and all packets transmitted from member ports will be untagged Note that bay 2 is a member of both vlan_one and vlan_two and that ext 1 and ext 2 will never be members config vlan participation include 2 bay 2 bay 3 bay 4 config vlan participation exclude 2 ext 1 ext 2 config vlan port acceptframe all 2 bay 3 bay 4 Assign the same default PVID to ports bay 3 and bay 4 config vlan port pvid 2 bay 3 bay 4 Intel Blade Server Ethernet Switch Module IXM5414E Link aggregation configuration example This section provides sample CLI commands showing how to configure the Intel Blade Server Ethernet Switch Module IXM5414E to support IEEE 802 3ad aggregated links By defining a Link Aggregation Group LAG you can treat multiple physical links between two end points as one logical link The LAG will also be seen by management functions as a single link LAGs are used to increase both link bandwidth and reliability they are often used for links to the Internet or to shared servers The script in the following example shows you
161. ed or disabled Port Up Time Since Counters Last Cleared The time in days hours minutes and seconds since the counters were last reset STP BPDUs Transmitted The number of STP BPDUs sent by this port STP BPDUs Received The number of STP BPDUs received by this port RSTP BPDUs Transmitted The number of Rapid Reconfiguration STP BPDUs sent by this port RSTP BPDUs Received The number of Rapid Reconfiguration STP BPDUs received by this port Spanning tree summary commands config spanningtree adminmode Use this command to configure the STP operational mode While the operational mode 1s disabled the spanning tree configuration is retained and can be changed but it is not activated Default disable Format config spanningtree adminmode lt enable disable gt config spanningtree forceversion 200 Use this command to select which version of the STP will be used The lt version gt can be one of the following e 02 1D IEEE 802 1D functionality supported STP BPDUs are transmitted rather than R Rapid STP BPDUs e 802 1w IEEE 802 1w functionality supported RSTP BPDUs are transmitted rather than STP BPDUs Intel Blade Server Ethernet Switch Module IXM5414E Default IEEE 802 1D Format config spanningtree forceversion lt 802 1D 802 1w gt show spanningtree summary Use this command to display STP settings and parameters for the switch Format show spanningtree summary Spanning Tree Adminmode Enabled or disabled S
162. ed that were between 65 and 127 octets in length excluding framing bits but including FCS octets Packets Transmitted 128 255 Octets The total number of packets including bad packets transmitted that were between 128 and 255 octets in length excluding framing bits but including FCS octets Packets Transmitted 256 511 Octets The total number of packets including bad packets transmitted that were between 256 and 511 octets in length excluding framing bits but including FCS octets Packets Transmitted 512 1023 Octets The total number of packets including bad packets transmitted that were between 512 and 1023 octets in length excluding framing bits but including FCS octets Packets Transmitted 1024 1518 Octets The total number of packets including bad packets transmitted that were between 1024 and 1518 octets in length excluding framing bits but including FCS octets Packets Transmitted 1519 1522 Octets The total number of packets including bad packets transmitted that were between 1519 and 1522 octets in length excluding framing bits but including FCS octets Max Info The maximum size of the Info non MAC field that this port will receive or transmit Packets Transmitted Successfully Total Packets Transmitted Successfully The total number of packets that have been transmitted by this port to its segment Unicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a subnetwork u
163. ed with the fields on this line Port VLAN ID The VLAN ID that this port will assign to untagged frames or priority tagged frames received on this port if the acceptable frame types parameter is set to Admit All The factory default is 1 Acceptable Frame Types The types of frames that may be received on this port The options are VLAN only and admit all When set to VLAN only untagged frames or priority tagged frames received on this port are discarded When set to admit all untagged frames or priority tagged frames received on this port are accepted and assigned the value of the Port VLAN ID for this port With either option VLAN tagged frames are forwarded in accordance with the IEEE 802 1Q VLAN specification GVRP Indicates whether GVRP is enabled or disabled on the port Default Priority The IEEE 802 1p priority that will be assigned to untagged frames accepted on this port for this VLAN show vian summary 204 Use this command to display information about all configured VLANs Format show vlan summary VLAN ID There is a VLAN Identifier VLAN ID associated with each VLAN The range of the VLAN ID 1s 1 to 4094 VLAN Name A string associated with this VLAN as a convenience It can be up to 16 alphanumeric characters long including blanks The default is blank VLAN ID 1 always has a name of Default This field is optional VLAN Type What type of VLAN this is A VLAN can be e the Default VLAN VLAN ID 1 e astatic
164. en 200 and 6000 2 to 60 seconds The factory default is 1000 Intel Blade Server Ethernet Switch Module IXM5414E centiseconds 10 seconds An instance of this timer exists for each GARP participant for each port Click the Apply button to update the switch with the values you enter If you want the switch to retain the new values across a power cycle you must perform a save IGMP snooping This menu provides access to the Internet Group Management Protocol IGMP snooping configuration and status screens Menu options are e Configuration and status e Interface configuration Configuration and status Use this menu to configure the parameters for IGMP snooping which is used to build forwarding lists for multicast traffic Admin Mode Select the administrative mode for IGMP snooping for the switch from the pull down menu The default is Disable Group Membership Interval secs Specify the amount of time you want the switch to wait for a report for a particular group on a particular interface before it deletes that interface from the group Enter a value between 1 and 3600 seconds The default is 260 seconds Max Response Time secs Less Than Group Membership Interval Specify the amount of time you want the switch to wait after sending a query on an interface because it did not receive a report for a particular group on that interface Enter a value between 1 and 3600 seconds The default is 10 seconds The configured valu
165. ent to server file transfer Each scenario involves uploading the config bin file from the switch to the location c tftp on the server The different scenarios are detailed below Table 4 TFTP Upload Scenarios TFTP Server path TFTP Client path Click the Start File Transfer button to apply any changes made to the fields and initiate the download Click the Apply button to send the updated screen to the switch this does not perform the file download Intel Blade Server Ethernet Switch Module IXM5414E 87 Upload file from switch Use this panel to configure the information needed to upload a file from the switch See the previous menu option Download file to switch on page 86 for more information about specifying TFTP File Paths and Names 88 Upload File from Switch p Stat Fik Tanda Apply File Type This field sets the type of file to be uploaded from the switch The datatype is one of the following config Configuration file errorlog Error log msglog Message log TFTP Server IP Address Enter the IP address of the TFTP server The factory default is 0 0 0 0 TFTP File Path This field specifies the directory path on the TFTP server where the file to be uploaded from the switch is to be located The switch will remember the last file path used TFTP File Name This field specifies the name of the file that is to be uploaded from the switch The switch will remember the last file name used The
166. entries are those that are configured by the end user Dynamic entries are added to the table as a result of a learning process or protocol Description The text description of this multicast table entry Interfaces The list of interfaces that are designated for forwarding Fwd and filtering FIt Intel Blade Server Ethernet Switch Module IXM5414E show mfdb staticfiltering Use this command to display the Static Filtering entries in the MFDB Format show mfdb staticfiltering Mac Address A MAC address and VLAN pair for which the switch has forwarding and or filtering information The format is two two digit hexadecimal numbers representing the VLAN and six two digit hexadecimal numbers representing the MAC address separated by hyphens for example 00 01 00 23 45 67 89 AB Type Displays the type of the entry Static entries are those that are configured by the end user Dynamic entries are added to the table as a result of a learning process or protocol Description The text description of this multicast table entry Interfaces The list of interfaces that are designated for forwarding Fwd and filtering FIt show mfdb stats Use this command to display the MFDB statistics Format show mfdb stats Max MFDB Table Entries Displays the total number of entries possible in the MFDB table Most MFDB Entries Since Last Reset Displays the largest number of entries that have been present in the MFDB table since the switch was re
167. er s Guide the Intel Server Boards and Server Chassis Safety Information is included with your switch module This multilingual publication is provided in PDF on the Resource CD It contains translated versions of the caution and danger statements that appear in the documentation Depending on your switch model additional publications might be included on the Resource CD 2 Intel Blade Server Ethernet Switch Module IXM5414E Notices and statements used in this book The caution and danger statements that appear in this book are also in the multilingual Safety Information Book on the Resource CD Each statement is numbered to refer to the corresponding statement in the Safety Information Book The following notices and statements are used in this book e Note These notices provide important tips guidance or advice e Important These notices provide information or advice that might help you avoid inconvenient or problematic situations e Attention These notices indicate possible damage to programs devices or data An attention notice is placed just before the instruction or situation in which damage could occur e Caution These statements indicate situations that can be potentially hazardous to you A caution statement is placed just before the description of a potentially hazardous procedure step or situation e Danger These statements indicate situations that can be potentially lethal or extremely hazardous to you A danger
168. er is not being used if it is moved to another subnet or if its lease expires Usually network policy ensures that the same IP address is assigned to a client each time and that addresses returned to the free address pool are reassigned When the address lease expires the DHCP client enters the renewing state The client sends a request message to the DHCP server that provided the address The DHCP server sends an acknowledgement that contains the new lease and configuration parameters The client then updates its configuration values and returns to the bound state When the DHCP client is in the renewing state it must release its address immediately in the rare event that the DHCP server sends a negative acknowledgment The DHCP server sends this message to inform a client that it has incorrect configuration information forcing it to release its current address and acquire new information If the DHCP client cannot successfully renew its lease the client enters a rebinding state The client then sends a request message to all DHCP servers in its range attempting to renew its lease Any DHCP server that can extend the lease sends an acknowledgment containing the extended lease and updated configuration information If the lease expires or if a DHCP server responds with a negative acknowledgment the client must release its current configuration and then return to the initializing state If your DHCP client uses more than one network adapter to
169. ered in this VLAN by GVRP The interface will not participate in this VLAN unless a join request is received on this interface This is equivalent to registration normal config vlan port acceptframe Use this command to configure the frame acceptance mode for the specified port s Possible values are all Both tagged and untagged frames are accepted Untagged frames will be assigned the PVID and default priority configured for the port s for this VLAN vlan Untagged frames are discarded With either option VLAN tagged packets are forwarded in accordance with the IEEE 802 1Q VLAN Specification Default all Format config vlan port acceptframe lt all vlanonly gt lt port listofports all gt config vian port priority Use this command to change the default IEEE 802 1p port priority assigned to untagged frames received on the specified port s for the specified VLAN Default 0 Format config vlan port priority lt 0 7 gt lt port listofports all gt config vlan port pvid Use this command to change the VLAN ID that the specified port s will assign to untagged frames if untagged frames are accepted 202 Intel Blade Server Ethernet Switch Module IXM5414E Default 1 Format config vlan port pvid lt 1 4094 gt lt port listofports all gt config vlan port tagging Use this command to configure the tagging behavior for a specific interface in a VLAN If tagging is enabled all traffic is transmitted as tagged frames If tagging is dis
170. ernet Switch Module IXM5414E 219 config acl rule action Use this command to specify the action for the ACL and rule referenced by the parameters lt aclid gt and lt rulenum gt The values of permit or deny indicate how this rule is applied Format config acl rule action lt aclid gt lt rulenum gt lt permit deny gt config acl rule create Use this command to create a rule within the ACL referenced by the parameter lt aclid gt The rule is identified by the lt rulenum gt parameter An ACL may have up to 10 user specified rules whose lt rulenum gt ranges from to 10 Rules are created with a default action of deny Default deny Format config acl rule create lt aclid gt lt rulenum gt config acl rule delete Use this command to remove a rule from the ACL referenced by the parameter lt aclid gt The rule is identified by the lt rulenum gt parameter Format config acl rule delete lt aclid gt lt rulenum gt config acl rule match dstip Use this command to specify a destination IP address and mask match condition for the ACL rule referenced by the lt aclid gt and lt rulenum gt parameters The lt ipaddr gt and lt ipmask gt parameters are 4 digit dotted decimal numbers which represent the destination IP address and IP mask respectively Format config acl rule match dstip lt aclid gt lt rulenum gt lt ipaddr gt lt ipmask gt config acl rule match dstl4port keyword Use this command to specify a destination la
171. ers login Use this command to assign the specified authentication login list to the specified user for system login The lt user gt must be a configured user and lt listnhame gt must be a configured login list If the user is assigned a login list that requires remote authentication all access to the interface from CLI web and Telnet sessions will be blocked until the authentication is complete Refer to the discussion of maximum delay in the config radius maxretransmit and config radius timeout commands Note that the login list associated with the user with Read write privileges cannot be changed to prevent accidental lockout from the switch Format config users login lt user gt lt listname gt show authentication login info Use this command to display the ordered authentication methods for all authentication login lists Format show authentication login info Authentication Login List The login list whose information is displayed on this line Method 1 The first method in the login list if any Method 2 The second method in the login list if any Method 3 The third method in the login list if any show authentication login users Use this command to display information about the users assigned to the specified login list If the login list is assigned to non configured users the word default will appear as the user name Format show authentication login users lt istname gt User The user assigned to the specified
172. es that have been received by this authenticator with an invalid length EAP Length Error Frames Received The number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized Click the Refresh button to update the information on the page Click the Clear All button to reset all statistics for all ports to 0 There is no confirmation prompt When this button is clicked the statistics are immediately cleared Click the Clear button to reset the statistics for the selected port There is no confirmation prompt When this button is clicked the statistics are immediately cleared Login Use this panel to assign a selected authentication login list to a selected user for port security Both user and the login list must already be configured wk RILL Port Access Control User Login Configuration 2 Lhe Bir 2 Fi BOOM gured user feof snus izi Refraeati Apply Users Select the user name to be configured Login Selects the login list to be associated with the selected user All configured login lists are displayed Intel Blade Server Ethernet Switch Module IXM5414E 125 Click the Refresh button to update the information on the page Click the Apply button to send the updated screen to the switch and cause the changes to take effect on the switch Port access privileges Use this panel to add the specified user to the list of users with access to the specified p
173. esignated B Port 2 J oN C A Blocked In the preceding example port 1 on bridge B is configured as a full duplex port and port 1 on bridge A is either configured as a half duplex port or is left in auto negotiation mode Because port 1 on bridge B is configured as a full duplex port it does not test for carrier sense when accessing the link Bridge B will then start sending packets even if bridge A is using the link A will then detect collisions and begin to run the flow control algorithm If there is enough traffic between bridges B and A all packets including BPDUs will be dropped If the BPDUs sent from bridge A to bridge B are dropped for longer than the Max Age bridge B will lose its connection to the root bridge A and will unblock its connection to bridge C This will create a data loop Unidirectional link Unidirectional links can be caused by an undetected failure in one side of a fiber cable or by a problem with a port s transceiver Any failure that enables a link to remain up while providing one way communication is very likely to cause a Spanning Tree Protocol failure A Root Port 1 N Port 1 B Designated Port 2 p N BPDUs Lost Port 2 J C Port 1 Blocked 270 Intel Blade Server Ethernet Switch Module IXM5414E In this example port 2 on bridge B can receive but not transmit packets Port
174. ess and configure the internal switching software Important Before you configure your Intel Blade Server Ethernet Switch Module IXM5414E be sure that the management modules in your SBCE platform are properly configured In addition to access and manage your switch module from an external environment you might need to enable certain features such as the external ports and external management over all ports See the applicable Installation and User s Guide publications on the Resource CD for more information Introduction The Intel Blade Server Ethernet Switch Module IXM5414E offers an embedded Hypertext Markup Language HTML Web based interface that enables you to manage the switch through a standard browser such as Opera Netscape Navigator Communicator or Microsoft Internet Explorer The Web browser acts as an access tool and can communicate directly with the switch using the HTTP protocol NOTE This Web based management module does not accept Chinese language input or other double byte character set languages The Web based management module and the Telnet program are different ways to access and configure the same internal switching software Thus all the settings that you encounter in Web based management are the same as those found in the Telnet program If your system application requires that you use the Telnet program see Chapter 7 Command Line Interface Management on page 155 for additional information
175. ess control e RADIUS e Secure HTTP e Secure shell Port access control The Port Access Control menu provides access to configuration status and summary screens e Configuration 116 Intel Blade Server Ethernet Switch Module IXM5414E e Port configuration e Port status e Port summary e Statistics e Login e Port access privileges 2 Port access summary Configuration Use this panel to enable or disable authentication support on the switch In disabled mode the IEEE 802 1X configuration is retained and can be changed but it is not activated bep b s hid j Ta Pee Cancel Apok Administrative Mode Lists the two options for administrative mode Enable and Disable The default value is Disable Click the Cancel button to reset the page to display the administrative mode that is currently configured by the selected unit Click the Apply button to send the updated screen to the switch and cause the changes to take effect on the switch If you want the switch to retain the new values across a power cycle you must perform a save Port configuration Use this panel to begin the initialization or the reauthentication sequence on the selected port Intel Blade Server Ethernet Switch Module IXM5414E 117 118 Port Control Mode a oe Eri GCE RELL Refresh Appi Select the port to be configured When the selection is changed a screen refresh will occur causing all fields to be updated for t
176. ess from a Dynamic Host Configuration Protocol DHCP server when the switch module is turned on or reset Once a transmission control protocol Internet protocol TCP IP communication path has been established with the switch module through the Management Module s Ethernet port you can perform a series of management and control tasks These tasks are in the following categories e Configuration e Modification of the switch module s parameter settings e Remote management setup e Network monitoring Automatically receive error alerts traps View reset port traffic statistics Monitor data traffic on selected output ports e Maintenance Update the switch module s software View and configure the message and event logs Restore factory default settings The switch module supports three primary management and control user interfaces A built in Web browser interface is the primary interface see Chapter 5 Web Based Network Management on page 41 for detailed information The Web browser interface can be invoked from the management and configuration utility program along with the Telnet interface that provides a Command Line Interface Intel Blade Server Ethernet Switch Module IXM5414E CLI see Chapter 7 Command Line Interface Management on page 155 for detailed information Both interfaces provide access to the same switch information and control parameters In addition you can access an extensive set
177. et Switch Module IXM5414E 15 Click the Clear Counters button to clear all the counters resetting all summary and switch detailed Statistics to defaults except for the counts of discarded packets which cannot be cleared Click the Refresh button to refresh the data on the screen with the present state of the data in the switch Switch summary This panel displays a summary of the statistics for CPU traffic Bii T earl T e Dia i i his Roc ard Vimo Enas ISiTi Drmadai Packets Herc enwed m rm TTT Pees Aa erie Vie Ere Packets read iout Emors Ase Bradas Packs Maraid ig Transm Packet Ermy Adis Erie Cunami im La VLAN Entnes Cume in Lise Time Site Counters Les Claarad d i hr 1S rran 20 Gas Qear Counters Redresti ifIndex This object indicates the ifIndex of the interface table entry associated with the processor of this switch Total Packets Received Without Errors The total number of packets including multicast and broadcast packets received by the processor without an error occurring Broadcast Packets Received The total number of packets received that were directed to the broadcast address Note that this does not include multicast packets Packets Received With Error The number of inbound packets that contained errors that prevented them being delivered to a higher layer protocol Packets Transmitted Without Errors The total number of packets transmitted from the switch module without an error occurri
178. external interface Display information about the next interface show ip interface ext 2 End of the script file Special characters Certain special key combinations speed up use of the CLI They are listed in this section Also help is available for the CLI by typing HELP DEL BS delete previous character Ctrl A go to beginning of line Ctrl E go to end of line Ctrl F go forward one character Ctrl B go backward one character Ctrl D delete current character Ctrl H display command history or retrieve a command Ctrl U X delete to beginning of line Ctrl K delete to end of line Ctrl W delete previous word Ctrl T transpose previous character Ctrl P go to previous line in history buffer Ctrl N go to next line in history buffer Ctrl Z return to root command prompt Tab lt SPACE gt command line completion Exit go to next lower command prompt 1 execute the most recent command t n execute the nth most recent command Intel Blade Server Ethernet Switch Module IXM5414E 157 str execute the nth command in history buffer execute the most recent command that starts with the string str str execute the most recent command that contains the string str list choices Remotely managing the IXM5414E switch module The IXM5414E switch module supports two remote access modes for management over Ethernet connections You can select the mode that is best suited for your environment The switch module has an intern
179. file associated with this Traffic Class in the form name id min max Mbps This field is blank when there is no bandwidth allocation profile associated with this traffic class Intel Blade Server Ethernet Switch Module IXM5414E Interface allocation summary This panel displays the bandwidth allocated to the listed interfaces The allocated minimum bandwidth does not exceed the capability of the interface unless the interface is a LAG Interface Allocation Summary Allocated Allocated Nominal Minimum Maximum Ayailabhe l Bandwidth Bandwidth Bandwidth Bandwidth Interface Mibpa Mbps Mbps Mbps Emy Hi to ii fata Interface The Port designation of an interface for which you have configured one or more traffic classes Nominal Bandwidth Mbps The interface s nominal bandwidth in Mbps This number is only known for physical interfaces Allocated Minimum Bandwidth Mbps The sum of the minimum guaranteed bandwidth for all traffic classes configured on this interface Allocated Maximum Bandwidth Mbps The sum of the maximum allowable bandwidth for all traffic classes configured on this interface Available Bandwidth Mbps The difference between the Nominal and Allocated Minimum Bandwidths This number is only known for physical interfaces Logout When you re finished and want to exit the program simply close your browser If you click the Logout option on the main menu you will get the message Please close yo
180. formation for the switch 46 Intel Blade Server Ethernet Switch Module IXM5414E Inventory Information m aam LaSscngHl on cepas Server Glade gate Chemat sah biachina Typi ti System Description The product name of this switch Machine Type The machine type of this switch Machine Model The model within the machine type Serial Number The unique box serial number for this switch FRU Number The field replaceable unit number Part Number The manufacturing part number Maintenance Level The identification of the hardware change level Manufacturer The code that identifies the manufacturer displayed as two two digit hexadecimal numbers Base MAC Address The burned in universally administered MAC address of this switch displayed as six two digit hexadecimal numbers separated by hyphens Software Version The release version maintenance number of the code currently running on the switch Intel Blade Server Ethernet Switch Module IXM5414E 47 Operating System The operating system currently running on the switch Network Processing Device The network processor hardware Additional Packages The list of optional software packages installed on the switch if any For example Quality of Service Configuration The Configuration menu gives you access to panels used for switch module management The options are System description Network connectivity Telnet User accounts Login configuration Login sess
181. formation on Intel products what to do 1f you experience a problem with your server platform and whom to call for service if it is necessary Before you call Before you call make sure that you have taken these steps to try to solve the problem yourself e Check all cables to make sure that they are connected e Check the power switches to make sure that the system is turned on e Use the troubleshooting information in your system documentation and use the diagnostic tools that come with your system You can solve many problems without outside assistance by following the troubleshooting procedures that Intel provides in the publications that are provided on the Resource CD that ships with your system and software The documentation also describes the diagnostic tests that you can perform Most systems operating systems and programs come with information that contains troubleshooting procedures and explanations of error messages and error codes If you suspect a software problem see the information for the operating system or program Using the documentation Information about your server platform and pre installed software if any 1s available on the Resource CD that comes with your system The Resource CD includes user manuals maintenance manuals and troubleshooting guides See the troubleshooting information in your system documentation for instructions for using the diagnostic programs The troubleshooting information or the diagnosti
182. g Last Viewed The number of traps that have occurred since the traps were last displayed Displaying the traps by any method terminal interface display Web display upload file from switch etc will cause this counter to be cleared to 0 Log The sequence number of this trap System Up Time The time at which this trap occurred expressed in days hours minutes and seconds since the last reboot of the switch Trap Information identifying the trap Click the Clear Log button to clear all entries in the log Subsequent displays of the log will only show new log entries Switching This menu provides access to all the switch related processing screens Options on this menu are e VLAN e Filters e GARP e IGMP snooping e Link aggregation e Multicast forwarding database Intel Blade Server Ethernet Switch Module IXM5414E 91 e Spanning tree VLAN This menu provides access to Virtual Local Area Network VLAN configuration displays status and displays summary information Menu options are e Configuration e Status e Port configuration e Port summary e Reset configuration Configuration This panel displays detailed information including interface information for a specific VLAN You also use it to create new VLANS VLAN Contiguration zi VLAN D gid Hame a VLAN VLAN Mamea VLAN Typs iO te Iama Pont Satis Participation Tagging All Bey 1 nclude inc
183. g concepts This section introduces the concepts and protocols relevant to the switching functionality of the Intel Blade Server Ethernet Switch Module IXM5414E Packet forwarding 24 The switch module uses a forwarding table to store the information that it collects about the location of devices on the network The table holds destination MAC addresses and the destination port number through which they can be reached Packets sent to known addresses are therefore transmitted only through relevant destination ports thus reducing network traffic For example 1f port receives a packet destined for a station on port 2 the switch module transmits that packet through port 2 only and transmits nothing through the other ports Creating the table is referred to as learning the network topology An aging timer is used to make sure that the table is updated if devices are moved Dynamic entries those learned by the switch by observing network traffic are deleted from the table if they are not accessed within the aging time Static entries those entered by a network administrator are not subject to the aging process Intel Blade Server Ethernet Switch Module IXM5414E The aging time can be from 10 to 1 000 000 seconds with a default value of 300 seconds Setting the value too high could mean that some entries in the table become out of date causing the switch module to make incorrect packet forwarding decisions If the aging time is too short
184. ge is 0 to 7 Intel Blade Server Ethernet Switch Module IXM5414E 205 Security configuration commands This section describes the commands used to configure and manage the security features of the Intel Blade Server Ethernet Switch Module IXM5414E These features include e Authentication commands e JEEE 802 1X Port based network access control e Remote Authentication Dial In User Service RADIUS e Secure Shell SSH commands e Secure Socket Layer SSL commands Authentication commands config authentication login create Use this command to create an authentication login list The lt listname gt is up to 15 alphanumeric characters and is case sensitive Up to 10 authentication login lists can be configured on the switch When a list is created the authentication method local is set as the first method Authentication methods can be changed using the config authentication login set command Format config authentication login create lt listname gt config authentication login delete Use this command to delete the specified authentication login list The command will fail if any of the following conditions are true e The login list name is invalid or does not identify an existing login list e The specified login list is currently assigned to a user or to the nonconfigured user e The specified login list is the default login list included with the default configuration and was not created using the config authentication lo
185. gin set command Format config authentication login delete lt listname gt config authentication login set Use this command to configure an ordered list of methods for the specified authentication login list You may specify up to three methods The possible methods are local radius and reject The value of local indicates that the user s locally stored ID and password should be used for authentication The value of radius indicates that the user s ID and password will be authenticated using the RADIUS server The value of reject indicates that the user is never authenticated To authenticate a user the authentication methods in the user s login list will be attempted in order until an authentication attempt succeeds or fails Note that the default login list included with the default configuration can not be changed Format config authentication login set lt listname gt lt local radius reject gt local radius reject local radius reject config users defaultlogin Use this command to assign the authentication login list to be used when a non configured user attempts to log in to the system This setting is overridden by the authentication login list assigned to 206 Intel Blade Server Ethernet Switch Module IXM5414E a specific user if the user is configured locally If this value is not configured users will be authenticated using local authentication only Format config users defaultlogin lt listname gt config us
186. greater the probability that the port will be chosen to forward packets If you specify auto the switch will assign the port cost based on the link speed Illustration of STP 262 A simple illustration of three bridges or three switches connected in a loop is depicted in this section In this example you can anticipate some major network problems if the STP assistance is not applied If bridge A broadcasts a packet to bridge B bridge B will broadcast it to bridge C and bridge C will broadcast it back to bridge A and so on The broadcast packet will be passed indefinitely in a loop potentially causing a network failure STP can be applied as shown in the following illustration In this example STP breaks the loop by blocking the connection between bridges B and C The decision to block a particular connection is based on the STP calculation of the most current bridge and port settings If bridge A broadcasts a packet to bridge C bridge C will drop the packet at port 2 and the broadcast will end there Setting up an STP using values other than the defaults can be complex Therefore keep the default factory settings and the STP will automatically assign root bridges ports and block loop connections However influencing STP to choose a particular bridge as the root bridge using the Priority setting or influencing STP to choose a particular port to block using the Port Priority and Port Cost settings is relatively straightforward Intel
187. gress port will tag the packet with its own PVID as a VID if the port is configured to accept untagged packets and pass it to the forwarding function Intel Blade Server Ethernet Switch Module IXM5414E 29 The forwarding function determines the destination port If the destination or egress port is a member of the same VLAN as the packet the destination port transmits the packet on its attached network segment If the egress port is not a member of the VLAN the packet is dropped IEEE 802 1Q VLAN configuration The switch module initially configures one VLAN VID 1 named DEFAULT The factory default setting assigns all ports on the switch module to VLAN I As new VLANs are configured their respective member ports are removed from VLAN 1 In addition the VLAN ID value of 4095 is reserved for internal use Following is additional configuration information e Packets cannot cross VLANs If a member of one VLAN is to connect to a member of another VLAN the link must be through an external router e Ifno VLANs are configured on the switch module all packets will be forwarded to any destination port Packets with unknown source addresses will be flooded to all ports Broadcast and multicast packets will also be flooded to all ports Static MAC filtering Static MAC Filtering allows you to add a small number in the order of hundreds of unicast or multicast MAC addresses directly to the forwarding database Associated with each Static MAC
188. gt config dot1x port reauthperiod Use this command to configure the value in seconds of the timer used by the authenticator state machine on this port to determine when reauthentication of the supplicant takes place The reauthperiod must be between 1 and 65535 Default 3600 Format config dot1x port reauthperiod lt port gt lt 1 65535 gt config dot1x port servertimeout Use this command to configure the value in seconds of the timer used by the authenticator on the specified port to timeout the authentication server The server timeout must be between 1 and 65535 Default 30 Format config dot1x port servertimeout lt port gt lt 1 65535 gt config dot1x port supptimeout Use this command to configure the value in seconds of the timer used by the authenticator state machine on the specified port to timeout the supplicant The supplicant timeout must be between 1 and 6553 Default 30 Intel Blade Server Ethernet Switch Module IXM5414E 209 Format config dot1x port supptimeout lt port gt lt 1 65535 gt config dot1x port transmitperiod Use this command to configure the value in seconds of the timer used by the authenticator state machine on the specified port to determine when to send an EAPOL EAP Request Identity frame to the supplicant The transmit period must be a value in the range of 1 and 65535 Default 30 Format config dot1x port transmitperiod lt port gt lt 1 65535 gt config dot1x port users add Use this c
189. h alent File res Finn Trap Manggar To upgrade the switch MCU code using the Web interface complete the following steps l 2 3 4 Log on to the management module web interface From the I O Module Tasks menu click Management Advanced Management Click Start Web Session then logon to the Ethernet switch module From the System Utilities menu click Download File to Switch The Download File to Switch window opens Enter the following information in the Download file to Switch window e In the File type field select 805 1 MCU Code from the drop down list e In the TFTP Server IP Address field enter the IP address of your TFTP server e In the TFTP File Name field enter filename XM54_MCUnnn hex where nnn is the software sequence number of the new switch MCU code Click Start File Transfer to download the new switch software After confirmation the MCU code is transferred to the switch from the TFTP server After a successful update the switch module is then automatically powered off To activate the new MCU code turn on the Ethernet switch module through the management module interface Resetting and restarting the switch module To activate the new image you must restart the switch module through the management module interface Complete the following steps to reset the switch module l 2 3 152 From the I O Module Tasks menu click Management Advanced Management Select the I O module bay on w
190. h May be up to 31 alphanumeric characters The factory default is blank System Contact Text used to identify a contact person for the switch May be up to 31 alphanumeric characters The factory default is blank System ObjectID The base object ID for the switch s enterprise MIB System Up Time The time in days hours and minutes since the last reboot MIBs Supported The list of MIBs supported by the management agent running on the switch System utilities System utility commands The commands in this section allow you to fine tune your systems performance and functionality clear config Use this command to reset the configuration of the switch module to the factory defaults The switch is automatically reset when this command is processed All configuration changes that you have made including those saved to NVRAM will be lost You will be prompted to confirm that the reset should proceed Format clear config clear igmpsnooping Use this command to clear the tables managed by the Internet Group Management Protocol GMP Snooping function The switch will attempt to delete these entries from the Multicast Forwarding Database MFDB You will be prompted to confirm that you want to issue this command Format clear igmpsnooping clear lag Use this command to clear all LAGs You will be prompted to confirm that you want to issue this command Format clear lag Intel Blade Server Ethernet Switch Module IXM5414E 181 clear pass
191. h RADIUS client 128 Intel Blade Server Ethernet Switch Module IXM5414E Fhad Fhine Apply RADIUS Server IP Address Select the RADIUS Server to be configured Select Add to add a new server Port The User Datagram Protocol UDP port used by this server The valid range is 0 65535 Secret The shared secret for this server The data entered in this field will not be displayed Apply The Secret is applied only 1f this box is checked If the box is not checked anything entered in the Secret field has no affect and is not retained This field is only displayed 1f the user has Read Write access Primary Server Sets the selected server to be the Primary or Secondary server Message Authenticator Enable or Disable the message authenticator attribute for the selected server Secret Configured Indicates whether the shared secret for this server has been configured Current Indicates whether this server is currently in use as the authentication server Click the Apply button to send the updated screen to the switch and cause the changes to take effect on the switch If you want the switch to retain the new values across a power cycle you must perform a save Click the Remove button to remove the selected server from the configuration This button is only available to Read Write users If you want the switch to retain the new values across a power cycle you must perform a save Click the Refresh button to update the information
192. h logs off A zero means there will be no timeout You may enter any number from 0 to 160 The factory default is 5 Maximum Number of Telnet Sessions Use the pull down menu to select how many simultaneous Telnet and SSH sessions will be allowed The maximum is 5 with 5 being the factory default Allow New Telnet Sessions Indicates whether new Telnet sessions are allowed If you set this to no new Telnet and SSH sessions will not be allowed The factory default is yes Click the Apply button to update the switch with new values If you want the switch to retain the new values across a power cycle you must perform a save User accounts Use this panel to reconfigure an existing user account or to create a new one This panel is only available for the user with Read Write privileges herein referred to as admin Intel Blade Server Ethernet Switch Module IXM5414E 51 52 enssssss niii P ered aT LLLE pi EEGA et KELLELLT E Riis eins ee m a bikai SNMP v3 User Configuration She yA i Poet beech m L1 iii j fi I 4 viel A uthenicab on PTAH ir ii Encrpean Protace Mone Encrypon Key F Appi Agt User Use this pull down menu to select one of the existing accounts or select Create to add a new one provided the maximum of five Read only accounts has not been reached User Name The name the user will use to login using the serial port Telnet or Web It can be up to eight alphanumeric characters and is n
193. he newly selected port All physical interfaces are valid Lists the options for control mode The control mode is only set if the port is in Link Up status The options are Force Unauthorized The authenticator Port Access Entity PAE unconditionally sets the controlled port to unauthorized Force Authorized The authenticator PAE unconditionally sets the controlled port to authorized mode Auto The authenticator PAE sets the controlled port mode to reflect the result of the authentication exchanges between the supplicant authenticator and authentication server Quiet Period secs Configures the quiet period for the selected port This command sets the value in seconds of the timer used by the authenticator state machine on this port to define periods of time during which it will not attempt to acquire a supplicant The quiet period is the period for which the authenticator does not attempt to acquire a supplicant after a failed authentication exchange with the supplicant The quiet period range is 0 to 65535 A quiet period value of O means that the authenticator state machine will never acquire a supplicant The default value is 60 Intel Blade Server Ethernet Switch Module IXM5414E Transmit Period secs Configures the transmit period for the selected port The transmit period is the value in seconds of the timer used by the authenticator state machine on the specified port to determine when to send an Extensible Authentica
194. he user This field specifies the protocol to be used to authenticate a user account The valid authentication protocols are None MD5 or SHA If MD5 or SHA are specified the user login password will be used as the SNMPv3 authentication password Encryption Protocol Specify the SNMPv3 Encryption Protocol settings for the selected user account The valid encryption protocols are None or DES If you select the DES protocol you must enter a key in the Encryption Key field The key may be up to 16 characters long If None is specified for the protocol the Encryption Key is ignored Encryption Key If you selected DES in the Encryption Protocol field enter the SNMPv3 Encryption Key here Otherwise this field is ignored Valid keys are 0 to 15 characters long The Apply checkbox must be checked in order to change the Encryption Protocol and Encryption Key Click the Apply button to update the switch with the values on this screen If you want the switch to retain the new values across a power cycle you must perform a save Click the Delete button to delete the displayed user this button is only visible when you have selected a user account with Read only access You cannot delete the Read Write user Login configuration Use this panel to configure login lists A login list specifies the authentication method s you want used to validate switch or port access for the users associated with the list The pre configured users admin and GUEST are ass
195. heading IP address which you have installed the switch module Subnet mask 255 255 255 0 System Contact config syscontact System Location config syslocation System Name config sysname Forwarding Database 300 seconds config forwardingdb aging time agetime Auto Negotiation config port autoneg Flow control config port flowcontrol LACP mode config port lacomode Port Enable config port adminmode Mirroring Mode config mirroring mode IP connectivity 10 90 90 9x config network parms parameters 255 255 255 0 0 0 0 0 IP connectivity None config network protocol protocol Java enable status Enable config network javamode Web enable status Enable config network webmode Configuration Forwarding Database Network Connectivity SNMPcommunit 35 Table 9 Default settings for run time switching software variables continued Sub Heading heading Variable Default value Command IP a 0 0 0 config snmpcommunity poo a inal Mask 0 0 0 0 config snmpcommunity lpmask Default private and config snmpcommunity public communities mode are enabled by default The four undefined communities are disabled by default Type Public Private config snmp community create ae Max Number eo oo telnet Sessions maxsessions i ee asa P Password Blank config users passwd users passwd ES ee Access Za for admin Mode ReadOnly for others SNMPv3 No authorization config users snmpv3 Authentication authentication S
196. hentication Enabled Enable or Disable the reauthentication of the supplicant for the specified port If the value true is selected reauthentication will occur Otherwise reauthentication will not be allowed The default value is false Click the Initialize button to begin the initialization sequence on the selected port This button is only selectable if the control mode is auto If the button is not selectable it will be grayed out Once you click this button the action 1s immediate and you will not need to press the Apply button for the action to occur Click the Reauthenticate button to begin the reauthentication sequence on the selected port This button is only selectable if the control mode is auto If the button is not selectable it will be grayed out Once you click this button the action is immediate and you will not need to press the Apply button for the action to occur Click the Refresh button to update the information on the page Click the Apply button to send the updated screen to the switch and cause the changes to take effect on the switch If you want the switch to retain the new values across a power cycle you must perform a save Port status This panel displays the details of the IEEE 802 1 X configuration parameters for the specified port Intel Blade Server Ethernet Switch Module IXM5414E 119 120 Peauthantcagan Pero sears Freee vonrot custecern rvs False e E L fecha Porc cal wai PAF Lapateliterc Authen
197. hich the software update is installed From the I O Module Tasks menu click Power Restart Intel Blade Server Ethernet Switch Module IXM5414E oY i ae Click Power Off Module s Select the I O module bay on which the software update is installed again Click Power On Module s Wait 70 seconds for POST to be completed Make sure that the latest switch operating system software 1s correctly installed on the Ethernet switch module From the Monitors menu click Firmware VPD The Firmware VPD window opens In the Firmware VPD window locate the I O Module Firmware VPD section Scroll down to the number of the I O module bay that contains the Ethernet switch module that you just installed then note the corresponding level of the software for the switch module Make sure that the latest switch operating system software is correctly installed on the Ethernet switch module Ray T WM TAS ARS fdomdarm 1h System Status Event Log LEs Fuel Gauge Hardware WPD Firnas YHL ial lis l r EN Fowernirestart Homme Contreal Firmmaare Lip ate Configuration a i EE T Serial Pair i T HO hlodule Tasks PowerRestart hHanagement Firmina pdala hd anir ipeneral sathngs Management Module Blade Sarver Firmware VPO Bayis Mame Plinmware Type Bulla ID Released 14 SMAJT TRLJA IOJ DiS SEOQOSDUS D732 Laagneshics ASOT RAIS DUA Blade sys moni prac BRETT A nila To reread frroware YPO for blade select the blade
198. how to configure and enable two LAGs on the same switch Create and name two LAGs config lag create lag_internet config lag create lag_server When the switch creates the LAGs it will assign logical interface IDs that you will use to identify them in subsequent commands Use the following command to find out what IDs have been assigned show lag all Add the physical ports to the LAGs Assume that lag_internet was assigned ID lag 1 and lag_server was assigned ID lag 2 config lag addport lag 1 ext 1 config lag addport lag 1 ext 2 config lag addport lag 2 ext 3 config lag addport lag 2 ext 4 Enable both LAGs config lag adminmode lag 1 lag 2 enable The previous command could have been issued instead as config lag adminmode all enable Intel Blade Server Ethernet Switch Module IXM5414E 253 IGMP snooping configuration example This section provides sample CLI commands showing how to configure the Intel Blade Server Ethernet Switch Module IXM5414E to support IGMP Snooping Activating IGMP Snooping allows you to restrict the forwarding of multicast packets to network segments that need to see the packets The switch uses information gained from examining IGMP packets to decide how to forward multicast packets You can activate IGMP Snooping for both individual and aggregated physical interfaces The script in the following example show you how to configure IGMP Snooping Enable IGMP Snooping on the switch config igmpsnooping
199. icipation of this port in this VLAN The permissible values are Include This port is always a member of this VLAN This is equivalent to registration fixed in the IEEE 802 1Q standard Exclude This port is never a member of this VLAN This is equivalent to registration forbidden in the IEEE 802 1Q standard Autodetect This port will not participate in this VLAN unless a GVRP join request is received on this port This is equivalent to registration normal in the IEEE 802 1Q standard Configured Displays the configured degree of participation of this port in this VLAN The permissible values are Intel Blade Server Ethernet Switch Module IXM5414E 203 Include This port is always a member of this VLAN This is equivalent to registration fixed in the IEEE 802 1Q standard Exclude This port is never a member of this VLAN This is equivalent to registration forbidden in the IEEE 802 1Q standard Autodetect This port will not participate in this VLAN unless a GVRP join request is received on this port This is equivalent to registration normal in the IEEE 802 1Q standard Tagging Displays the tagging behavior for this port in this VLAN The default is untagged Tagged All frames transmitted for this VLAN will be tagged Untagged All frames transmitted for this VLAN will be untagged show vlan port Use this command to display VLAN port information Format show vlan port lt port listofports all gt Port Indicates which port is associat
200. ide 2 Lintagged 2 Bay inchide ficie Limagped Bay neiude ficie Untagged J Bay a nclude ince Lintagged Bays nekuda finie Untegged Bay 6 inckide ixcice PLimagped Bay nclude incide Untagged ETH mIRE LL irai l VLAN ID and Name Select the VLAN to display from the pop down menu or select Create to set up a new VLAN When Create is selected the VLAN ID field changes from non configurable to configurable VLAN ID There is a VLAN Identifier VLAN ID associated with each VLAN Use this field to create anew VLAN and assign it an ID The ID is a number in the range of 2 to 4094 ID 1 is reserved for the default VLAN VLAN Name A string associated with this VLAN as a convenience It can be up to 16 alphanumeric characters long including blanks The default is blank VLAN ID 1 92 Intel Blade Server Ethernet Switch Module IXM5414E always has a name of Default Use this field to change an existing Name This field is optional VLAN Type What type of VLAN this is A VLAN can be e the Default VLAN VLAN ID 1 e aStatic VLAN one that you create using this panel or the config vlan create command e a Dynamic VLAN one that is created by GVRP registration In order to change a VLAN from Dynamic to Static use this panel or the config vlan makestatic command Broadcast Storm Control Mode Configures broadcast storm control mode on the VLAN To Enable broadcast storm control on this
201. iew the documentation that comes with the product you are connecting to for matching cable pin assignments The following illustration and table show the standard RJ 45 receptacle connector and their corresponding pin assignments 12345 Lt SAL Table 7 Standard Ethernet cable RJ 45 pin assignment Media direct interface signal rte 227 228 Intel Blade Server Ethernet Switch Module IXM5414E Appendix B Cable Lengths Use the following table as a guide for the maximum cable lengths Table 8 Maximum cable lengths Standard Data transmission rate transmission rate Media type r T 1000 alenee an Category 5e UTP cable 100 meters 328 1 ft Category 5 UTP cable 100BASE TX TX 100 100 Mbps Category 5 UTP cable 100 meters 328 1 ft T 10 Dalar a Category 3 UTP cable 100 meters 328 1 ft 229 230 Intel Blade Server Ethernet Switch Module IXM5414E Appendix C Run time Switching Software Default Settings The following table contains the default settings for the run time switching software variables Variables are separated by category and further by sub headings listed alphabetically within category Default value is self explanatory while Command lists the CLI command used to change the default setting Table 9 Default settings for run time switching software variables Sub Quality of Service D a a a Bandwidth Provisioning Bandwidth Allocation 100 mbps config
202. ifier Rules The number of rules that are associated with this ACL Ports The interfaces that are associated with this ACL Direction The packet filtering direction for the ACL on the interface Click the Refresh button to update the screen with the latest information Rule configuration This panel configures the rules associated with an ACL When the screen first displays you will see the first four fields described below If you select False as the Match Entry criteria and click Apply the screen will be refreshed and you will see the remaining fields Clicking one of the configure buttons shown on that screen will display a third screen allowing you to configure the match criterion you selected Intel Blade Server Ethernet Switch Module IXM5414E 139 140 ACL Rule Action Match Every ACL Rule Configuration ACI 1 Rula Moo Acio Perel Configure Match Every True Configure Use the pull down menu to select the ACL for which you want to create or update a rule Enter a whole number in the range of 1 to 10 that will be used to identify the rule An ACL may have up to 10 user specified rules Specify what action should be taken if a packet matches the rule s criteria Permit means that matching traffic will be accepted Deny means that it will be excluded Select True or False from the pull down menu If you select true you are specifying that all packets will match the selected ACL and Rule and will be ei
203. igned to a pre configured list named defaultList which you may not delete All newly created users are also assigned to the defaultList until you specifically assign them to a different list Delete April Intel Blade Server Ethernet Switch Module IXM5414E 53 Login Select the authentication login list you want to configure Select Create to define a new login list When you create a new login list Local is set as the initial authentication method Login Name If you are creating a new login list enter the name you want to assign It can be up to 15 alphanumeric characters long and is not case sensitive The pull down menus you use to specify authentication methods only appear after you create a list by entering a name Method 1 Use the pull down menu to select the method that should appear first in the selected authentication login list If you select a method that does not time out as the first method such as local no other method will be tried even if you have specified more than one method Note that this parameter will not appear when you first create a new login list The options are Local The user s locally stored ID and password will be used for authentication Radius The user s ID and password will be authenticated using the RADIUS server instead of locally Reject The user is never authenticated Undefined The authentication method is unspecified this may not be assigned as the first method Method 2 Use the
204. ing tree topology e Topology Change Notification TCN messages Each BPDU includes the following information e The unique identifier of the bridge that the transmitting bridge currently recognizes as the root bridge e The path cost to the root from the transmitting port e The port identifier of the transmitting port Intel Blade Server Ethernet Switch Module IXM5414E The bridge sends BPDUs to communicate and construct the spanning tree topology All bridges connected to the LAN on which a packet is transmitted will receive the BPDU BPDUs are not directly forwarded by the bridge but the receiving bridge uses the information in the frame to calculate the topology and if it changes to initiate a BPDU transmission The communication between bridges through BPDUs causes the following results e The bridge with the lowest numerical identifier is elected as the root bridge e Each bridge calculates its root path cost by adding the path costs for each port receiving frames on the lowest cost path to the root bridge e The port on each bridge with the lowest root path cost for that bridge becomes that bridge s root port in the event of a tie the port with the lowest numerical port identifier is chosen e For each LAN the bridge with the lowest root path cost is selected as the designated bridge in the event of a tie the bridge with the lowest numerical bridge identifier 1s chosen and the port connecting that bridge to the LAN become
205. ingtree bridge priority 7680 Set new port priority levels Setting the priority level affects the likelihood of the port being elected as the root port of the spanning tree the lower the number the greater the probability It is the only way to change the port identifier which consists of the port priority concatenated with the port s interface number The default value is 128 config spanningtree port priority ext 1 16 config spanningtree port priority ext 2 32 Set new timer values The timer values will only take effect if the bridge becomes the root bridge in which case they will take effect for all bridges in the network config spanningtree bridge maxage 30 config spanningtree bridge forwarddelay 16 config spanningtree bridge hellotime 14 Assign new path cost values to the ports whose priority values were changed The lower the path cost the more likely that a port will be elected as the root port config spanningtree port pathcost ext 1 8 config spanningtree port pathcost ext 2 16 In addition to the parameters that affect the Spanning Tree Protocol other parameters and protocols are defined in IEEE 802 1D which you may also change For example IEEE 802 1p has been included in the latest version of 802 1D Use the following commands to change the 249 250 default priority mapping provided by the switch These commands affect all of the interfaces on the switch and leave the defaults unchanged for priority levels 3 7 co
206. ion Login summary User login System description This panel displays and allows configuration of system information 48 system Description m Hem eamp EMepise Server Glade Gigabit Ethernet Seaich Intel Blade Server Ethernet Switch Module IXM5414E System Description The product name of this switch System Name The name used to identify this switch The range for name is from to 31 alphanumeric characters System Location The physical location of this switch May be up to 31 alphanumeric characters The factory default is blank System Contact The person or organization responsible for this switch May be up to 31 alphanumeric characters The factory default is blank IP Address The IP address of the interface The factory default value is 10 90 90 9x where x is determined by the number of the I O module bay into which you have installed the Ethernet switch module See Table 1 Default IP addresses based on I O module bay numbers on page 21 System Object ID The base object ID for the switch s enterprise MIB System Up Time The time in days hours and minutes since the last reboot MIBs Supported The list of MIBs supported by the management agent running on this switch Click the Apply button to update the switch with the values on the screen If you want the switch to retain the new values across a power cycle you must perform a save Network connectivity This panel displays network configuration settings
207. is mode allows the switch module IP addresses to reside on a different subnet than the management modules This is useful when the switch modules are to be managed and controlled as part of the overall network infrastructure while maintaining secure management of other chassis subsystems through the management module However management access to the IXM5414E switch module link will be lost if the switch module IP address is not on the same subnet as the management module This chapter contains additional instructions for configuring the switch module for this mode of operation The two previously described modes are only applicable to the Intel Blade Server Ethernet Switch Module IXM5414E The management module can only be remotely accessed through the 10 100 Mbps Ethernet port on the management module Connecting to the IXM5414E switch module When you know the IP address for your switch module and have an existing network connection you can use the Telnet program in VT 100 compatible terminal mode to access and control the switch module If you need to obtain the IP address for your switch module or establish a network connection consult your system or network administrator Be sure to use the correct IP address in the required command as specified in this section Intel Blade Server Ethernet Switch Module IXM5414E The IXM5414E switch module supports user based security that you can use to prevent unauthorized users from accessi
208. ith the associated community name The requesting entity s IP address is ANDed with the Client IP mask before being compared to the Client IP address Note that if the Client IP mask is set to 0 0 0 0 an IP address of 0 0 0 0 matches all IP addresses The default value is 0 0 0 0 Client IP Mask The mask that will be ANDed with the requesting entity s IP address before comparison with the Client IP address If the result matches the Client IP address Intel Blade Server Ethernet Switch Module IXM5414E 167 then the address is an authenticated IP address For example if the IP address 9 47 128 0 and the corresponding Client IP mask 255 255 255 0 a range of incoming IP addresses would match 1 e the incoming IP address could equal 9 47 128 0 9 47 128 255 The default value is 0 0 0 0 Access Mode The access level for this community Either Read write or Read only Status The status of this community Either enable or disable SNMP trap commands config snmptrap create Use this command to add an SNMP trap receiver community name and associated IP address The maximum length of name is 16 case sensitive alphanumeric characters Format config snmptrap create lt name gt lt ipaddr gt config snmptrap delete Use this command to delete a trap receiver from a community Format config snmptrap delete lt name gt lt ipaddr gt config snmptrap ipaddr Use this command to assign a new IP address to a specified trap receiver commun
209. ither command can be used to configure or modify the source layer 4 port range Format config acl rule match srcl4port keyword lt aclid gt lt rulenum gt lt portkey gt Intel Blade Server Ethernet Switch Module IXM5414E 221 config acl rule match srcl4port number Use this command to specify a packet s source layer 4 port match condition for the ACL rule referenced by the lt aclid gt and lt rulenum gt parameters The lt startport gt and lt endport gt parameters identify the first and last ports that are part of the port range and have values from 0 to 65535 The ending port must have a value equal or greater than the starting port The starting port ending port and all ports in between will be part of the contiguous source port range Either this command or config acl match srcl4port keyword can be used to specify a source layer 4 port range as a match criterion Format config acl rule match srcl4port range lt aclid gt lt rulenum gt lt startport gt lt endport gt show acl detailed Use this command to display an ACL and all of the rules that are defined for the ACL The lt aclid gt is the number used to identify the ACL Format show acl detailed lt aclid gt Rule Number Displays the number identifier for each rule that is defined for the ACL Action Displays the action that will be taken if a packet matches the rule s criteria The choices are permit or deny Protocol Displays which IP protocol if any is a match
210. ity The maximum length of name is 16 case sensitive alphanumeric characters IP addresses in the SNMP trap receiver table must be unique If you make multiple entries using the same IP address the first entry is retained and processed All duplicate entries are ignored Format config snmptrap ipaddr lt ipaddrold gt lt name gt lt ipaddrnew gt config snmptrap mode Use this command to enable or disable an SNMP trap receiver identified by trap receiver community name and IP address Enabled trap receivers are active able to receive traps Disabled trap receivers are inactive not able to receive traps Format config snmptrap mode lt enable disable gt lt name gt lt ipaddr gt show snmptrap Use this command to display information about SNMP trap receivers Trap messages are sent across the network to an SNMP Network Manager These messages alert the manager to events occurring within the switch or on the network Up to six trap receivers are supported at the same time Format show snmptrap SNMP Trap Name The community string of the SNMP trap packet sent to the trap manager Note that trap receiver communities and SNMP communities are separate and distinct IP Address The IP address that receives SNMP traps from the switch for this trap receiver community Status Indicates whether traps are currently enabled for this community 168 Intel Blade Server Ethernet Switch Module IXM5414E Enable traps will be sent Dis
211. l Blade Server Ethernet Switch Module IXM5414E 189 Port GMRP Mode Indicates the GMRP administrative mode for the port It may be enabled or disabled If this parameter is disabled Join Time Leave Time and LeaveAll Time have no effect The factory default 1s disabled Port GVRP Mode Indicates the GVRP administrative mode for the port It may be enabled or disabled If this parameter is disabled Join Time Leave Time and LeaveAll Time have no effect The factory default is disabled IGMP snooping commands config igmpsnooping adminmode Use this command to enable or disable IGMP Snooping on the switch module Default disable Format config igmpsnooping adminmode lt enable disable gt config igmpsnooping groupmembershipinterval Use this command to configure the IGMP Group Membership Interval time on the IXM5414E switch module The group membership interval time is the amount of time in seconds that a switch will wait for a report from a particular group on a particular interface before deleting the interface from the entry This value must be greater than the IGMP maximum response time value The range is 2 to 3600 seconds Default 260 seconds Format config igmpsnooping groupmembershipinterval lt 2 3600 gt config igmpsnooping interfacemode Use this command to enable or disable IGMP Snooping on a selected interface The lt port listofports all gt parameter identifies the interface s on which to enable or disable IGMP Snooping
212. labeled through 4 on the switch module see Chapter 3 Information Panel LEDs and External Ports on page 17 for an illustration Depending on the application the external Ethernet interfaces can be configured to meet a variety of requirements for bandwidth or function The IXM5414E switch module has been pre configured with default parameter settings that can be used with some typical installations Most installations will need some configuration of parameters Information on initial software configuration can be found in Remotely managing the IXM5414E switch module on page 158 and IXM5414E switch module system commands on page 160 Chassis configuration and operation Each IXM5414E switch module is an integral subsystem within an overall SB HE platform For additional platform level information see the applicable Installation and User s Guide publications on the Resource CD Each chassis includes one or two management modules MM as the central element for overall chassis management and control The switch module includes 100 Mbps internal Ethernet ports that can only be accessed by the management modules To prevent inadvertent changes this management port 1s hidden and does not appear in the port configuration and status screens The factory default settings will only permit management and control access to the switch module through the 10 100 Mbps Ethernet port on the management module You can use the four external 1
213. m the multicast forwarding database Intel Blade Server Ethernet Switch Module IXM5414E 109 Click the Refresh button to update the screen with the latest information Stats This panel displays the MFDB statistics Multicast Forwarding Database Statistics m Ha Wale CA Table Eres Mead ERFDE Braise Since Law Peal ij Refresh Max MFDB Table Entries Displays the total number of entries possible in the MFDB table Most MFDB Entries Since Last Reset Displays the largest number of entries that have been present in the MFDB table since last reset This value is also known as the MFDB high water mark Current Entries Displays the current number of entries in the MFDB table Click the Refresh button to update the screen with the latest information Spanning tree This menu provides access to spanning tree related configuration and status screens Menu options are e Switch configuration status e CST configuration status e CST port configuration status e Statistics Switch configuration status Use this panel to configure the spanning tree parameters for the switch 110 Intel Blade Server Ethernet Switch Module IXM5414E Fofas Apih Spanning Tree Admin Mode Select Enable or Disable from the pull down menu to specify whether spanning tree operation is Enabled on the switch Force Protocol Version Specify the version of the Spanning Tree Protocol STP you want the switch to use The options are IEEE 802 1D stand
214. m permitted frame size This counter has a maximum increment rate of 815 counts per second at 10 Mbps Underrun Errors The total number of packets discarded because the transmit FIFO buffer became empty during frame transmission Total Transmit Packets Discarded Total Transmit Packets Discarded The sum of single collision frames discarded multiple collision frames discarded and excessive collision frames discarded Single Collision Frames The number of successfully transmitted packets which encountered exactly one collision Multiple Collision Frames The number of successfully transmitted packets which encountered more than one collision Intel Blade Server Ethernet Switch Module IXM5414E Excessive Collision Frames The number of packets which were not successfully transmitted because of excessive collisions STP BPDUs Received The number of STP BPDUs Bridge Protocol Data Units received by the spanning tree layer STP BPDUs Transmitted The number of STP BPDUs transmitted from the spanning tree layer RSTP BPDUs Received The number of RSTP BPDUs received at the selected port RSTP BPDUs Transmitted The number of RSTP BPDUs transmitted from the selected port 802 3x Pause Frames Transmitted A count of MAC Control frames transmitted on this interface with an opcode indicating the PAUSE operation This counter does not increment when the interface is operating in half duplex mode GVRP PDUs Received The number of GVRP PDUs received by
215. mand to have the switch transmit a Ping request to a specified IP address This checks whether the switch can communicate with a particular IP device The switch will send three Ping requests and display the results The switch can be pinged from any IP workstation with which it is connected through the default VLAN VLAN 1 as long as there is a physical path between the switch and the workstation Format ping lt ipaddr gt reset system Use this command to reset the switch without powering it off Reset means that all network connections are terminated and the boot code executes The switch uses the stored configuration to initialize the switch You will be prompted to confirm that the reset should proceed A successful reset 1s indicated by the LEDs on the switch Format reset system save config Use this command to permanently save configuration changes made since the previous save or reboot to Non Volatile Random Access Memory NVRAM You are prompted to verify your choice Format save config show history Use this command to show the contents of the command history buffer The output will display the oldest command in the history buffer first and the show history command the newest command last Format show history Transfer download commands transfer download datatype Use this command to configure the type of file to be downloaded to the switch Default code Format transfer download datatype lt code config gt tran
216. ment of the IXM5414E switch module through the four external Ethernet ports on the switch module instead of or in addition to access through the management module This mode can only be enabled through the management module configuration interface Once this mode is enabled the external Ethernet ports will support both management traffic and SBCE application data traffic Also the IXM5414E switch module can transmit DHCP request frames through the external Ethernet ports This mode enables the switch module s IP addresses to reside on a different subnet than the management modules This is useful when the switch modules are to be managed and controlled as part of the overall network infrastructure while maintaining secure management of other SBCE subsystems through the management module However management access to the IXM5414E switch module link will be lost if its IP address is not on the same subnet as the management module This chapter contains additional instructions for configuring the IXM5414E switch module for this mode of operation The two previously described modes are only applicable to the IXM5414E switch module The management module can only be remotely accessed through the 10 100 Mbps Ethernet port on the management module Getting started The first step in getting started using Web based management for your switch is to install a web browser on the endstation you will be using The web browser will allow you to connect to
217. ministered address Network Configuration Protocol Indicates what network protocol was used on the last or current power up cycle if any The configuration methods are DHCP BootP and none The factory default method is none Note When management of the Ethernet Switch Module is enabled through the four external ports and Dynamic Host Configuration Protocol DHCP is enabled the switch module acquires its IP address from a DHCP server when the switch module is turned on or reset otherwise the switch module acquires a static IP address from the management module Web Mode Indicates whether the switch may be accessed from a web browser If web mode is enabled you can manage the switch from a web browser The factory default is enabled Java Mode Indicates whether the java applet that displays a picture of the switch at the top right of the screen is enabled or disabled If the applet 1s enabled you will be able to click on the picture of the switch to select configuration screens instead of using the navigation tree at the left side of the screen The factory default is enabled Telnet config telnet maxsessions Use this command to configure the number of simultaneous Telnet and Secure Shell SSH sessions that can be established A value of 0 indicates that no Telnet session can be established The range is 0 to 5 Default 5 Format config telnet maxsessions lt 0 5 gt 170 Intel Blade Server Ethernet Switch Module IXM5414E config
218. mmand will cause future accounting attempts to fail Format config radius accounting server remove lt ipaddr gt config radius accounting server secret Use this command to configure the secret shared between the RADIUS client and accounting server The IP address specified must match that of the previously configured accounting server When you enter this command you will be prompted to enter the secret which must be an alphanumeric value of 20 characters or less Format config radius accounting server secret lt ipaddr gt show radius accounting stats Use this command to display the RADIUS statistics for the accounting server Format show radius accounting stats lt ipaddr gt Accounting Server IP Address The IP address of the server whose statistics are displayed on this row Round Trip Time The time in hundredths of a second between the most recent RADIUS accounting response and the matching accounting request from this RADIUS accounting server Accounting Requests The number of RADIUS accounting request packets sent to this accounting server not including retransmissions Intel Blade Server Ethernet Switch Module IXM5414E 213 Accounting Retransmissions The number of RADIUS accounting request packets retransmitted to this accounting server Accounting Responses The number of RADIUS packets received from this accounting server Malformed Accounting Responses The number of malformed RADIUS accounting response packets re
219. n either a blade or a filler blade Ethernet interface requirements The SBCE platform supports a minimum of one hot swap Ethernet switch module in I O module bay 1 This switch module is a fully functional four connector Ethernet switch that provides a network connection to Ethernet Link in all the blade servers in the SBCE To provide a network connection for Ethernet Link 2 in each blade server install an Ethernet switch module in I O module bay 2 If you install an interface option on any blade server you must install a hot swap switch module of the same interface type in I O module bay 3 to obtain connection 1 for the interface option To provide connection 2 for the interface option install a switch module of that interface type in I O module bay 4 The switch modules in I O module bays 3 and 4 provide connections to all the interface options in the SBCE Important The switch modules in I O module bays 3 and 4 and all blade server interface options in the SBCE must use the same interface type For example if you install an Ethernet interface option on a blade server the switch modules that you install in I O module bays 3 and 4 must be Ethernet All other interface options in the SBCE must also be Ethernet interface options The following table summarizes the application for each switch module I O module bay Switch module function 1 Connection 1 Ethernet Link 1 for all blade servers in the SBCE I O module bay Switch mod
220. ncreases static electricity Installing the IXM5414E switch module Statement 8 A A xxCAUTION Never remove the cover on a power supply or any part that has the following label attached Hazardous voltage current and energy levels are present inside any component that has this label attached There are no serviceable parts inside these components If you suspect a problem with one of these parts contact a service technician The following illustrations show how to install a switch module in the rear of the SBCE platform Intel Blade Server Ethernet Switch Module IXM5414E 11 SBCE Complete the following steps to install the IXM5414E switch module 1 Review the information in Safety on page v and in Installation guidelines on page 10 2 Remove the acoustic attenuation module if installed from the rear of the SBCE platform The following illustrations show how to remove the module from the SBCE platform Acoute mochuhe Locking handie 12 Intel Blade Server Ethernet Switch Module IXM5414E 3 Select an I O module bay in which to install the switch module in accordance with the instructions in Ethernet interface requirements on page 9 4 Remove the filler module from the selected I O module bay Store the filler module for future use 5 If you have not already done so touch the static protective package that contains the switch module to an unpainted metal part of the SBCE platform fo
221. nd will then send an EAP Request MD5 packet to the supplicant The supplicant s MD5 response is sent to the authenticator for validation A match results in a successful authentication of the port NOTE The switch module s Authenticator supports only the EAP MD5 authentication type for local authentication RADIUS authentication When Remote Authentication Dial In User Service RADIUS authentication is used the authenticator basically becomes a pass through to facilitate communication between the supplicant and the RADIUS server The authenticator encapsulates the EAP messages exchanged between the supplicant and the server in either EAPoL or RADIUS frames depending on the direction of the frame The authenticator determines the authorization status of the port based on RADIUS Access Accept or Access Reject frames The authenticator switch also needs to send and process all appropriate RADIUS attributes Secure Shell SSH Interactive login is widely used as a means to control and or configure an entity across a network For decades the Telnet protocol and its cousin rlogin have provided this capability However these protocols permit the transmission of sensitive information over unprotected networks The current standard for providing interactive login in a secure fashion is the Secure SHell SSH Table 2 Secure Shell Feature Details Connection Type Interactive Login Ciphers 3DES CBC Blowfish CBC Twofish128 CBC AES12
222. necessary for in band connectivity The network interface is the logical interface used for in band connectivity with the switch via any of the switch s front panel ports The configuration parameters associated with the switch s network interface do not affect the configuration of the front panel ports through which traffic 1s switched or routed To access the switch over a network the switch must first be configured with its IP information IP address subnet mask and default gateway Once you have established in band connectivity you can change the IP information using any of the following e Terminal interface via telnet or SSH connections e SNMP based management e Web based management Intel Blade Server Ethernet Switch Module IXM5414E 49 50 IP Address The IP address of the interface The factory default value is 10 90 90 9x where x is determined by the number of the I O module bay into which you have installed the Ethernet switch module see Table 1 Default IP addresses based on I O module bay numbers on page 21 Subnet Mask The IP subnet mask for this interface The factory default value is 255 255 255 0 Default Gateway The default IP gateway address for this interface The factory default value is 0 0 0 0 Network Configuration Protocol Indicates what network protocol was used on the last or current power up cycle if any The configuration methods are DHCP BootP and none The factory default method i
223. nel The information panel of the IXM5414E switch module consists of LEDs and four external 1OOOBASE T ports as shown in the following illustration LEDs f oK LEDs Ports The Intel Blade Server Ethernet Switch Module IXM5414E contains e Comprehensive LEDs which display the status of the switch module and the network see LEDs e Fourteen internal ports one connected to each of the processor blades e Two internal full duplex 10 100 Mbps ports connected to the management module e Four external 1 OOOBASE T Ethernet ports for 10 100 1000 Mbps connections to external Ethernet devices such as backbones end stations and servers These ports are identified as Ext Ext2 Ext3 and Ext4 in the switch configuration menus and are labeled 1 through 4 from top to bottom on the switch module as shown in the preceding illustration LEDs The LEDs on the information panel of the IXM5414E switch module include OK Ethernet link and Ethernet activity The following illustration shows the LEDs on the switch module A description of each LED follows the illustration 17 18 Power on Ethernet switch error om f ri EE i ES Ethernet link Ethernet activity joi pai Notes 1 The illustrations in this document may differ slightly from your hardware 2 An amber L
224. nfig classofservice 802 1p mapping 0 0 config classofservice 802 1p mapping 1 2 config classofservice 802 1p mapping 2 1 The switch supports two protocols based on the Generic Attribute Registration Protocol GARP defined in IEEE 802 1D GARP Multicast Registration Protocol GMRP and GARP VLAN Registration Protocol GVRP These protocols are disabled by default config garp gmrp adminmode enable config garp gmrp interfacemode all config garp gvrp adminmode enable config garp gvrp interfacemode all While the Spanning Tree Protocol is needed to maintain the network topology forwarding of frames also requires that the switch learn the location of end stations The switch does this by recording the port on which packets from a source MAC address are received The forwarding database is used to hold this information You can control how long an address will remain in the database if no traffic 1s seen from it the aging timer config forwardingdb agetime 500 Intel Blade Server Ethernet Switch Module IXM5414E IEEE 802 1w configuration example This section shows you how to configure the Intel Blade Server Ethernet Switch Module IXM5414E to support rapid reconfiguration of the spanning tree topology The IEEE 802 1w support specified in IEEE 802 1s defines a new configuration algorithm and protocol that provide significantly faster reconfiguration of the spanning tree than the original algorithm and protocol defined in the base IEEE 802 1D
225. ng Broadcast Packets Transmitted The total number of packets that higher layer protocols requested to be transmitted to the broadcast address including those that were discarded or not sent 76 Intel Blade Server Ethernet Switch Module IXM5414E Transmit Packet Errors The number of outbound packets that could not be transmitted because of errors Address Entries Currently In Use The number of learned and static Forwarding Database Address Table entries currently in use by this switch module VLAN Entries Currently In Use The number of VLANs currently in the VLAN table on this switch module Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for this port were last cleared Click the Clear Counters button to clear all the counters resetting all summary and switch detailed Statistics to defaults except for the counts of discarded packets which cannot be cleared Click the Refresh button to refresh the data on the screen with the present state of the data in the switch Port detailed This panel displays detailed statistics for a specified port 5 Port Use this field to select the port for which to display statistics Click the down arrow to display the list of ports from which to choose ifIndex This object indicates the ifIndex of the interface table entry associated with this port Packets Received Intel Blade Server Ethernet Switch Module IXM5414E T7 78
226. ng information fields are displayed TFTP Server IP The IP address of the server where the file is to be downloaded TFTP Path The directory path specification for the file to be downloaded TFTP Filename The name of the file to be downloaded Data Type The type of file to be downloaded config error log message log or trap log Transfer upload commands TFTP upload example 184 This example shows three ways to specify the same TFTP client to server file transfer Each scenario involves uploading the config bin file from the switch to the location c tftp on the server The different scenarios are shown below Table 5 TFTP Upload Scenarios TFTP Server path TFTP Client path The directory path statement can be cleared by issuing the clear config command Format transfer upload path lt path gt Intel Blade Server Ethernet Switch Module IXM5414E transfer upload datatype Use this command to specify the type of file to be uploaded from the switch Format transfer upload datatype lt config errorlog msglog traplog gt The datatype is one of the following config Configuration file errorlog Error log msglog Message log traplog Trap log the default transfer upload filename Use this command to specify the name of the file to be uploaded from the switch The switch will remember the last file name used You may specify the file path as part of the file name if the string is less than 31 characters Otherwise use
227. ng the switch module or changing its settings This section tells you how to log on to the switch module for the first time Complete the following steps to connect to the switch module through the Telnet interface 1 Display a window that contains a DOS prompt command line for example C gt 2 Type the following command on the DOS prompt command line and press Enter telnet x x x x where X x x x is the IP address for your switch module When you first connect to the switch module you will be prompted to enter a user ID followed by a password Enter USERID in response to the prompt for a user ID and enter PASSWORD in response to the prompt for a password notice the use of the zero and not the O This will give you Read write access to the switch module By default the switch module has one Read only account named GUEST The password for the Read only GUEST account is left blank just press Enter For security you should change these default passwords after you log onto the system for the first time NOTE All user Ds and passwords are CASE SENSITIVE Only a user with Read write privileges can add new user accounts or make changes to existing user accounts Another function available with a Read write account is updating firmware and configuration files Changing configuration settings The IXM5414E switch module has two levels of memory normal random access memory RAM and non volatile RAM NVRAM When you enter a c
228. nicast address including those that were discarded or not sent Multicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a multicast address including those that were discarded or not sent Broadcast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a broadcast address including those that were discarded or not sent Transmit Errors Intel Blade Server Ethernet Switch Module IXM5414E Total Transmit Errors The sum of Single Multiple and Excessive Collisions Tx FCS Errors The total number of packets transmitted that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with an integral number of octets Tx Oversized The total number of packets that exceeded the maximum permitted frame size This counter has a maximum increment rate of 815 counts per second at 10 Mbps Underrun Errors The total number of packets discarded because the transmit FIFO buffer became empty during frame transmission Transmit Discards Total Transmit Packet Discarded The sum of single collision frames discarded multiple collision frames discarded and excessive collision frames discarded Single Collision Frames The number of successfully transmitted packets which encountered exactly one collision Multiple Collision Frames The number of successfull
229. ning Access Control List ACL commands An ACL consists of a set of rules which are matched sequentially against a packet When a packet meets the match criteria of a rule the specified rule action permit deny is taken and the additional rules are not checked for a match This section describes the commands you use to specify the interfaces to which an ACL applies whether it applies to inbound or outbound traffic and its match criteria config acl create Use this command to create an ACL identified by the parameter lt aclid gt The ACL number is an integer from to 100 Format config acl create lt aclid gt config acl delete Use this command to delete an ACL identified by the parameter lt aclid gt from the system Format config acl delete lt aclid gt config acl interface add Use this command to associate an ACL with an interface and specifies whether it affects inbound or outbound traffic The lt direction gt parameter can have the values of in or out The lt aclid gt parameter specifies the ACL to add Format config acl interface add lt port gt lt direction gt lt aclid gt config acl interface remove Use this command to disassociate an ACL from an interface for the specified direction The lt direction gt parameter can have the values of in or out The lt aclid gt parameter specifies the ACL to remove Format config acl interface remove lt port gt lt direction gt lt aclid gt Intel Blade Server Eth
230. nk ports before removing a port trunk to avoid creating a data loop Trunking can be set as a static or a dynamic port group using the IEEE 802 3ad Link Aggregation commands When trunking is enabled a blue border will be placed around the ports on the Web device panel display Static LAGs When you create a LAG the member links will attempt to exchange LACPDUs with their partners If a link does not receive a LACPDU within 3 seconds it will come up with default values If a LACPU is later received with different values the link will drop out of the LAG When all member links have dropped out the LAG will reconfigure itself with the new values from the received LACPDUs It is important that when you configure LAGs you should configure the LAGs and enable STP on both partner devices before connecting the cables Distribution method Link aggregation or port trunking enables several ports to be grouped together and to act as a single link This gives a bandwidth that is a multiple of a single link bandwidth Port trunking is most commonly used to link a bandwidth intensive network device or devices such as a server to the backbone of a network Intel Blade Server Ethernet Switch Module IXM5414E 33 The switch module offers link aggregation on four external ports for up to two static trunk groups or two LACP 802 3ad link aggregation groups The trunked ports can be non continuous that is have non sequential port numbers All of the
231. not define filters for these MAC addresses e 00 00 00 00 00 00 e 01 80 C2 00 00 00 to 01 80 C2 00 00 0F e 01 80 C2 00 00 20 to 01 80 C2 00 00 21 e FF FF FF FF FF FF VLAN ID The VLAN ID used with the MAC address to fully identify packets you want filtered You can only change this field when you have selected the Create Filter option and you can only select a configured VLAN Destination Port Mask Select the ports you want included in the filter from the pull down menu Packets with the MAC address and VLAN ID you selected will only be transmitted out of ports that are in the list Click the Delete button to remove the currently selected filter Click the Delete All button to remove all configured filters Click the Apply button to update the switch with the values on the screen If you want the switch to retain the new values across a power cycle you must perform a save MAC filter summary This panel displays the Static MAC filtering information 98 MAC Filter Summary PAC Aciregs VEAN ID Degtiration Port Members ee rub j re Tre 1 l PATS E e E Fy Ly Ti 1 Intel Blade Server Ethernet Switch Module IXM5414E MAC Address The MAC address of the filter in the format OO 01 1A B2 53 4D VLAN ID The VLAN ID associated with the filter Destination Port Members A list of the ports to which packets with the MAC address and VLAN ID may be forwarded GARP This menu provides access to the Generic Attribute
232. nterface GVRP join timer GVRP leave all timer GVRP leave timer IGMP Snooping Intel Blade Server Ethernet Switch Module IXM5414E 233 Table 9 Default settings for run time switching software variables continued Sub Link Aggregation Spannng Tree Protocol STP D e a Forward Delay 15 secs config spanningtree bridge forwarddelay Hello Time 2 Secs config spanningtree bridge hellotime Max Age 6 secs config spanningtree bridge maxage Priority 32768 config spanningtree bridge priority Admin Mode Disable config spanningtree adminmode Configuration name The base MAC config spanningtree address displayed configuration name using hexadecimal notation Forced Version IEEE 802 1D config spanningtree forceversion config spanningtree configuration revision EE re eee ee Edgeport False config spanningtree cst port edgeport Pathcost Auto config spanningtree cst port pathcost Priority 128 config spanningtree cst port priority Revision level Port Migration Check Disable config spanningtree port migrationcheck Port Mode Disable config spanningtree port mode 234 Intel Blade Server Ethernet Switch Module IXM5414E Intel Blade Server Ethernet Switch Module IXM5414E Table 9 Default settings for run time switching software variables continued Variable Default value Command Configuration update Default gateway 0 0 0 0 10 90 90 9x where x depends on the number of the bay into Sub Heading
233. o be used to authenticate a user account The valid authentication protocols are none md5 or sha If md5 or sha are specified the user login password will be used as the SNMPv3 authentication password The lt user gt is the user account for which the specified authentication protocol will be used Default no authentication Format config users snmpv3 authentication lt user gt lt none md5 sha gt config users snmpv3 encryption Use this command to specify the encryption protocol and key to be used to authenticate a user account The valid encryption protocols are none or DES The DES protocol requires a key which can be specified on the command line The key may be up to 16 characters long If the DES protocol is specified but a key is not provided you will be prompted for the key If none is specified as the protocol you may not enter a key The lt user gt is the user account for which the specified encryption protocol will be used Default no encryption Format config users snmpv3 encryption lt user gt lt none des key gt show users info 172 Use this command to display the configured user names and their settings This command is only available for the user with Read write privileges Format show users info User Name The name the user will use to login using the serial port Telnet or Web Intel Blade Server Ethernet Switch Module IXM5414E User Access Mode Shows whether the user is able to change parameters on
234. o negotiation must be disabled Format config port physicalmode lt port listofports all gt lt 1l000f 100f 100h 10f 10h gt Acceptable values are 1000f 1000BASE T full duplex 100f 100BASE T full duplex 100h 100BASE T half duplex 10f 10BASE T full duplex 10h 10BASE T half duplex show port 164 Use this command to display port information Format show port lt port listofports all gt Port The interface number of the physical port or LAG whose information is displayed on the line Type If not blank this field indicates that this port 1s a special type of port The possible values are Mon Monitoring port participating in Port Mirroring Intel Blade Server Ethernet Switch Module IXM5414E Probe Probe port participating in Port Mirroring LAG Member of a LAG Admin Mode Displays the administration mode of the port The port must be enabled in order for it to be allowed into the network The factory default is enabled Physical Mode Displays the port speed and duplex mode If auto negotiation is specified for the port then the duplex mode and speed will be set by the auto negotiation process Note that the port s maximum capability full duplex 100M will be advertised The factory default is auto Physical Status Indicates the port speed and duplex mode Link Status Indicates whether the link is up or down Link Trap Indicates whether or not a trap will be sent when link status changes The factory default is enable
235. of both standard and private MIB objects through SNMP protocols IP addresses and SNMP community names Each switch module must be assigned its own Internet protocol IP address which is used for communication with a Simple Network Management Protocol SNMP network manager or other transmission control protocol Internet protocol TCP IP application The switch module default IP address is 10 90 90 9x where x depends on the number of the I O module bay into which you have installed the switch module as shown in Table 1 Table 1 Default IP addresses based on I O module bay numbers I O module bay number Default IP address Switch Module Bay 1 10 90 90 91 Switch Module Bay 2 10 90 90 92 Switch Module Bay 3 10 90 90 94 Switch Module Bay 4 10 90 90 97 The following illustration shows the I O module bay locations You can change the default switch module IP address to meet the requirements of your networking address scheme The switch module also has a unique factory assigned media access control MAC address The switch module MAC address is located on one side of the switch module on the same label as the serial number as shown in the following illustration NOTE The MAC address is also located on a separate label on the information panel under the external Ethernet port connectors Intel Blade Server Ethernet Switch Module IXM5414E 21 Ethernet switch module Release haich Information panel Serial number
236. of six user accounts only one of which can have Read write privileges The interface does not permit deletion of the currently logged in user in order to prevent accidentally deleting all the users with Root privileges To log in after you have created a registered user enter login at a command line prompt 1 Type your user ID when prompted and press Enter 2 Type your password when prompted and press Enter NOTE The passwords used to access the switch module ARE case sensitive Only the user with Read write privileges can add new user accounts or make changes to existing user accounts Before you can update a user account you must also enter the password if any for that user account Complete the following steps to update a user account 1 Enter the config users passwd command with the name of the account and the new password as parameters 2 Enter the old password when prompted or just press enter if the account did not have a password To delete a user account simply enter the config users delete command with the name of the account Initial configuration Some settings must be entered to enable the IXM5414E switch module to be managed from an SNMP based Network Management System such as SNMP version 1 or to be able to access the switch module using the Telnet protocol If the management of the Ethernet switch module is enabled through the four external ports the switch module will acquire its IP address from a Dynamic
237. of the data in the switch Port summary 82 This panel displays a summary of the statistics for a specified port Intel Blade Server Ethernet Switch Module IXM5414E Port Summary Statistics Fai ifi we E i ia Packets Riecened Wathout Eiter ae JHE aheg With Er i Broadced Packets Rocenved Packets Transmitted Without Errces Fi Trasamil Pacha Eiti pi oa ston Frames Tint Since Counties Last Cliw td Oday 2 hw S32 min 25 Ser Clear Counters Clear Al Coortars Retest Port Use this field to select the port for which to display statistics Click the down arrow to display the list of ports from which to choose ifIndex This object indicates the ifIndex of the interface table entry associated with this port on an adapter Total Packets Received Without Errors The total number of packets including multicast and broadcast packets received on this port without an error occurring Packets Received With Error The number of inbound packets that contained errors that prevented them being delivered to a higher layer protocol Broadcast Packets Received The total number of packets received that were directed to the broadcast address Note that this does not include multicast packets Packets Transmitted Without Errors The total number of packets transmitted from the interface without an error occurring Transmit Packet Errors The number of outbound packets that could not be transmitted because of errors Collision Frames
238. ollowing illustration shows the 802 1Q VLAN packet forwarding decision making process of the switch module For more information about packet forwarding see Packet forwarding on page 24 For more information about port VLAN IDs PVIDs see Port VLAN ID on page 29 For more information about tagging and untagging see Tagging and untagging on page 29 For more information about port states see IEEE 802 1D STP port states on page 259 and IEEE 802 1w STP port states on page 260 802 1 Packet Forwarding Packet Y Transmit Packet Receive Egress Y Rules Forwarding AA gt Process a Filtering PVIb to VID Database VLAN Table Port State Intel Blade Server Ethernet Switch Module IXM5414E 27 IEEE 802 1Q VLAN tags The following illustration shows the 802 1Q VLAN tag Four additional octets are inserted between the source MAC address and the packet s EtherType field Their presence is indicated by a value of 0x8100 in the two bytes following the MAC address in the VLAN tag s EtherType field indicating that the packet carries an IEEE 802 1Q 802 1p tag The tag is contained in the following 2 octets and consists of 3 bits of user priority 1 bit of Canonical Format Identifier CFI and 12 bits of VLAN ID VID The 3 bits of user priority are used according to the protocols defined in IEEE 802 1p now part of IEEE 802 1D The VID is the VLAN identifier and its use is defined by the 802 1Q standard Beca
239. ommand to add the specified user to the list of users with access to the specified port s The user must be a configured user and the port must be a valid port By default a user is given access to all ports Default all Format config dot1x port users add lt user gt lt port all gt config dot1x port users remove Use this command to remove the specified user from the list of users with access to the specified port s Format config dot1x port users remove lt user gt lt port all gt show dot1x port detailed Use this command to display the details of the IEEE 802 1 X configuration parameters for the specified port Format show dotlx port detailed lt port gt Port The interface whose configuration is displayed on this row Protocol Version The version of IEEE 802 1X active on the port Currently this is always 1 PAE Capabilities The port access entity state of the port Either authenticator of supplicant Authenticator PAE State The current state of the authenticator state machine Possible values are initialize disconnected connecting authenticating authenticated aborting held forceauthorized and forceunauthorized Backend Authentication State The current state of the back end authentication state machine Possible values are request response success fail timeout idle and initialize Quiet Period secs The timer used by the authenticator state machine on this port to define periods of time in which it will n
240. on the network Up to six trap receivers are supported at the same time Intel Blade Server Ethernet Switch Module IXM5414E 71 SNMP Trap Receiver Configuration Community IF Address Phau fees commit Si a4 Disable Community Displays the community string for the SNMP trap packet to be sent to the trap manager Note that trap receiver communities and SNMP communities are separate and distinct IP Address Displays the IP address to receive SNMP traps from this device Status Indicates whether traps are currently Enabled for this community Enable Traps will be sent Disable Traps will not be sent Supported Management Information Bases MIB This panel displays a list of all the MIBs supported by the switch 72 Intel Blade Server Ethernet Switch Module IXM5414E SNMP Supported MIBs Hame Description Pan REC 1907 SAMEVAMB The ME module for S5NMPv entities Re ISa GL AaB Remote Mapak hloniiceme Management idoomeator fquratien Base LVLT REF ME LVLT Reference Hv OOMMUMT YM Thes MIG module defines otyects to help support i ee ee LE o oo CORES DS een Seat w Hi ee The Sie hlanegement Arcidecture ME Ld Mh The WE tor M ess ee E A EH Ihe MOON Caton HD Merise AE SME ARGE Mig Phe banged ME kihis Shi LS be AS ihe Managemen iomadan definitions tor ihe Sr yi BES Lice based Secunty Wiede hi WEVA CL ihe manapamenm OT Chat ra cares for Tie Vig AMS based Aocess Lorie ode for
241. on the page Intel Blade Server Ethernet Switch Module IXM5414E 129 RADIUS statistics This panel displays RADIUS statistics for the switch that are not associated with a specific server or accounting server RADIUS Statistics Forgan Invalid Server Addresses The number of RADIUS Access Response packets received from unknown addresses Click the Refresh button to update the information on the page Server statistics This panel displays the statistics for a configured RADIUS server 130 Intel Blade Server Ethernet Switch Module IXM5414E Perea RADIUS Server IP Address Select the IP address of the server whose information is to be displayed Round Trip Time secs The time in seconds between the most recent RADIUS Access Reply Access Challenge and the matching Access Request from this RADIUS server Access Requests The number of RADIUS Access Request packets sent to this server not including retransmissions Access Retransmissions The number of RADIUS Access Request packets retransmitted to this server Access Accepts The number of RADIUS Access Accept packets both valid and invalid received from this server Access Rejects The number of RADIUS Access Reject packets both valid and invalid received from this server Access Challenges The number of RADIUS Access Challenge packets both valid and invalid received from this server Malformed Access Responses The number of malformed RADIUS Acce
242. onfiguration change the new settings will be immediately applied to the switching software in RAM The new settings will remain in effect until the switch is restarted or you make another change To make the changes permanent you need to issue the save config command which stores the current configuration in NVRAM When the switch configuration settings have been saved to NVRAM they become the default settings for the switch These settings will be used every time the switch module is restarted NOTE Some settings require you to restart the switch before they will take effect Make sure you save the new configuration to NVRAM first There are two ways to change the configuration stored in NVRAM e Save anew configuration using the save config command e Reset all configuration values to the initial settings listed in Appendix Appendix C Run time Switching Software Default Settings on page 231 by issuing the clear config command This restores the configuration settings that were entered at the factory and causes a reboot Loading the factory default configuration will erase any user accounts and all other configuration settings that you might have entered and return the switch module to its original state at the time of purchase Intel Blade Server Ethernet Switch Module IXM5414E 159 Managing user accounts Access to the IXM5414E switch module is controlled through an authorized user ID and password The switch supports a maximum
243. ort s By default a user is given access to all ports Port Access Privileges Pait Emi j Frosh Apply Port Select a port from the pull down menu All physical ports are available for this selection Users Select the users that may have access to the selected port or ports Click the Refresh button to update the information on the page Click the Apply button to send the updated screen to the switch and cause the changes to take effect on the switch Port access summary This panel displays IEEE 802 1 X port security information about locally configured users 126 Intel Blade Server Ethernet Switch Module IXM5414E Port Access Summary Port Bary 1 Port The port whose information is displayed on this line Users The locally configured users with access to the specified port Click the Refresh button to update the information on the page RADIUS The Remote Authentication Dial in User Service RADIUS menu provides access to the following panels e Configuration e Server configuration e RADIUS statistics e Server statistics e Accounting server configuration e Accounting server statistics e Clear statistics Configuration Use this panel to configure RADIUS parameters for the switch Consideration should be given to the maximum delay time when configuring RADIUS maximum retransmit and timeout values If multiple RADIUS servers are configured the maximum retransmit value on each is exhausted befo
244. orwarding e Learns station location information from the source address of packets and adds this information to its forwarding database e Receives BPDUs for the CPU and transmits BPDUs from the CPU The following illustration shows the actions that occur when a port is in the learning state Intel Blade Server Ethernet Switch Module IXM5414E 265 Network Seqment Port 1 Fonwarding Network Mangement Data Addresses BPDUs Set Packets Forwarding Database CPU switching Addresses Fabric Data Packets Port 2 Learning t BPDUs Network Segment Forwarding state A port in the forwarding state forwards packets The port enters the forwarding state from the learning state when the forward delay timer expires A port in the forwarding state does the following e Forwards packets received from the network segment to which it is attached e Forwards packets sent from another port on the bridge for forwarding e Incorporates station location information into its address database e Receives BPDUs and directs them to the system CPU e Transmits BPDUs from the system CPU e Receives and responds to network management messages The following illustration shows the actions that occur when a port is in the forwarding state 266 Intel Blade Server Ethernet Switch Module IXM5414E Network Segment Port 1 Forwarding Network Mangement Data Addresses BPDUs Packets Packets Forwarding D
245. ot attempt to acquire a supplicant The value is expressed in seconds and will be in the range 0 and 65535 Transmit Period secs The timer used by the authenticator state machine on the specified port to determine when to send an EAPOL EAP Request Identity frame to the supplicant The value is expressed in seconds and will be between 1 and 65535 210 Intel Blade Server Ethernet Switch Module IXM5414E Supplicant Timeout secs The timer used by the authenticator state machine on this port to timeout the supplicant The value is expressed in seconds and will be between 1 and 65535 Server Timeout secs The timer used by the authenticator on this port to timeout the authentication server The value is expressed in seconds and will be in the range of 1 and 65535 Maximum Requests The maximum number of times the authenticator state machine on this port will retransmit an EAPOL EAP Request Identity before timing out the supplicant The value will be in the range of 1 and 10 Reauthentication Period secs The timer used by the authenticator state machine on this port to determine when reauthentication of the supplicant takes place The value is expressed in seconds and will be between 1 and 65535 Reauthentication Enabled Indicates whether reauthentication 1s enabled for the port Key Transmission Enabled Indicates whether a key is transmitted to the supplicant from the port Control Direction Indicates the control direction for the por
246. ot case sensitive Six user names can be defined including the Read only user GUEST which cannot be changed The admin user will enter USERID all caps case sensitive in this field Password Enter the optional new or changed password for the account It will not display as it is typed only asterisks will show The password is up to eight alphanumeric characters and is case sensitive Default for GUEST is blank and for the admin is PASSWORD please note the use of zero instead of O Confirm Password Enter the password again to confirm that you entered it correctly The information entered in this field will not display but will show as asterisks Access Mode Displays whether the user is able to change parameters on the switch Read Write or is only able to view them Read only As a factory default admin has Read Write access and GUEST has Read only access There can only be one Read Write user and up to five Read only users SNMP v3 Access Mode Indicates the SNMPv3 access privileges for the user account If the value is set to Read Write the SNMPv3 user will be able to set and retrieve parameters on the system If the value is set to Read only the SNMPv3 user will only be able to retrieve parameter information The SNMPv3 access mode may be different from the CLI and Web access mode Intel Blade Server Ethernet Switch Module IXM5414E Authentication Protocol The protocol if any used to authenticate t
247. otocol Description The text description of this multicast table entry Possible values are Management Configured Network Configured and Network Assisted Ports The list of interfaces that are designated for forwarding Fwd and filtering FIt Click the Refresh button to update the screen with the latest information IGMP snooping table This panel displays the IGMP snooping entries in the MFDB MFOB IGMP Snooping Table a Pra e Mit n MAC Aderese Type Description Farta CELE 1 01 1 be oe 1 011 i BF Tui Piafi ik ATHITI F J E if L it WL 11 01 J EF Pre Pli Bink Agaa Fig Eat 3 Cipar Exeries Feien MAC Address A MAC address and VLAN pair for which the switch has forwarding and or filtering information The format is two two digit hexadecimal numbers representing the VLAN and six two digit hexadecimal numbers representing the MAC address separated by hyphens for example 00 01 00 23 45 67 89 AB Type Displays the type of the entry Static entries are those that are configured by the end user Dynamic entries are added to the table as a result of a learning process or protocol Description The text description of this multicast table entry Possible values are Management Configured Network Configured and Network Assisted Ports The list of interfaces that are designated for forwarding Fwd and filtering Flt Click the Clear Entries button to tell the IGMP Snooping component to delete all of its entries fro
248. ou may enter up to 64 alphanumeric characters Format config prompt lt system prompt gt Intel Blade Server Ethernet Switch Module IXM5414E 173 config syscontact Use this command to configure the name of the person or organization responsible for the switch The range for name is from to 31 alphanumeric characters Format config syscontact lt contact gt config syslocation Use this command to configure the physical location assigned to the switch The range for name is from 1 to 31 alphanumeric characters Format config syslocation lt location gt config sysname Use this command to configure the name assigned to the switch The range for name is from 1 to 31 alphanumeric characters Format config sysname lt name gt show stats port detailed Use this command to display detailed statistics for a specified port Format show stats port detailed lt port gt Packets Received Octets Received The total number of octets of data including those in bad packets received on the network excluding framing bits but including FCS octets This object can be used as a reasonable estimate of Ethernet utilization If greater precision is desired the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval Packets Received 64 Octets The total number of packets including bad packets received that were 64 octets in length excluding framing bits but including FCS octets Packets Received 6
249. ould not exceed the total bandwidth of the interface Intel Blade Server Ethernet Switch Module IXM5414E 145 There is no restriction on the sum of the maximum bandwidth of all Traffic Classes associated with the same interface When a Traffic Class is attached to a LAG interface the bandwidth allocation profile minimum bandwidth parameter will not be applicable to the Traffic Class Click the Apply button to send the updated screen to the switch and cause the changes to take effect on the switch If you want the switch to retain the new values across a power cycle you must perform a save Click the Delete button to remove the currently selected Traffic Class Traffic class summary 146 This panel displays the traffic class information for all Traffic Classes in the system Traffic Class Summary gee of ae Accept Tree Byte VLAN Bandwean ele Class Mame Weight Count Type i Interface Profile fest chase i pS Dary Tal Hateau i1 Ekra Traffic Class The number of the Traffic Class whose data is displayed in the rest of the line Name The user defined name of this Traffic Class Weight The weight of this Traffic Class Accept Byte Count The number of bytes accepted for the Traffic Class Type The only supported type is per VLAN per Interface VLAN ID The VLAN ID with which this Traffic Class is associated Interface The interface to which the Traffic Class is applied Bandwidth Profile The bandwidth allocation pro
250. ously had GARP enabled Default disable Format config garp grmp interfacemode lt port listofports all gt lt enable disable gt config garp gvrp adminmode Use this command to enable or disable GVRP on the switch module Default disable Format config garp gvrp adminmode lt enable disable gt config garp gvrp interfacemode Use this command to enable or disable GVRP for one some or all interfaces If GVRP is disabled Join Time Leave Time and LeaveAll Time have no effect Default disable Format config garp gvrp interfacemode lt port listofports all gt lt enable disable gt config garp jointimer Use this command to configure the GARP Join Time for the specified port s Join Time is the interval between the transmission of GARP Protocol Data Units PDUs registering or re registering membership for a VLAN or multicast group This command has an effect only when GVRP is enabled The time may range from 10 to 100 centiseconds Default 20 centiseconds 0 2 seconds Format config garp jointimer lt port listofports all gt lt 10 100 gt config garp leavealltimer Use this command to configure how frequently LeaveAll PDUs are generated for the specified port s A LeaveAll PDU indicates that all registrations will be unregistered Participants would need to rejoin in order to maintain registration The value applies per port and per GARP participation The time may range from 200 to 6000 centiseconds This command has an effect only
251. panning Tree Version Indicates which version of the STP is being run Possible values are IEEE 802 1w or IEEE 802 1D Configuration Digest Key Calculated value used as part of the configuration identifier Configuration Format Selector Identifies the level of the IEEE 802 1 standard in use by the switch Virtual Local Area Network VLAN commands config vlan bcaststorm Use this command to enable or disable broadcast storm control for a particular Virtual Local Area Network VLAN If broadcast storm control is enabled storms are controlled by counting the number of broadcast packets within a certain time period If the packets per second count limit is exceeded the packets are discarded Default disable Format config vlan bcaststorm lt 1 4094 gt lt enable disable gt packets per second config vian create Use this command to create a new VLAN and assign it an ID The ID is a VLAN identification number in the range of 2 4094 ID 1 is reserved for the default VLAN Format config vlan create lt 2 4094 gt config vian delete Use this command to delete an existing VLAN The ID is a valid VLAN identification number The default VLAN cannot be deleted Format config vlan delete lt 2 4094 gt config vian makestatic Use this command to change a dynamically created VLAN one that is created by GVRP registration to a static VLAN one that is permanently configured and defined The number identifies an existing VLAN Format config
252. plicable community name and may be up to 16 alphanumeric characters Default 0 0 0 0 Format config snampcommunity ipmask lt ipmask gt lt name gt config snmpcommunity mode Use this command to activate or deactivate an SNMP community If a community is enabled an SNMP manager associated with this community is allowed to access the switch If the community 1s disabled no SNMP requests using this community name are accepted In this case the SNMP manager associated with this community cannot manage the switch until the status is changed back to Enable Default The default private and public communities are enabled by default The four undefined communities are disabled by default Format config snmpcommunity mode lt enable disable gt lt name gt show snmpcommunity Use this command to display SNMP community information Up to six communities are supported You can add change or delete communities The switch does not have to be reset for changes to take effect The SNMP agent of the switch complies with SNMP Version 1 for more about the SNMP specification see the SNMP RFCs The SNMP agent sends traps through TCP IP to an external SNMP manager based on the SNMP configuration the trap receiver and other SNMP community parameters Format show snmpcommunity SNMP Community Name The community name of this row of the table Client IP Address An IP address or portion thereof from which this device will accept SNMP packets w
253. pology port state port state state role Disabled Disabled Excluded disabled Disabled Enabled Excluded disabled 260 Intel Blade Server Ethernet Switch Module IXM5414E Table 12 Relationship between IEEE 802 1D and IEEE 802 1w port states IEEE 802 1D port Admin bridge MAC operational IEEE 802 1w port Active topology port state port state state role Enabled True Discarding ne Geo PA designated Listening Learning Forwarding Enabled True Learning Included root or designated Enabled True Forwarding Included root or designated Setting user changeable STP parameters The next table shows the default spanning tree configuration Table 13 Default STP parameters Enable state Port priority Port cost Bridge priority STP enabled for all ports 128 32768 The factory default settings are compatible with the majority of installations and it is advisable to keep the default settings as set at the factory unless it is absolutely necessary to change them The user changeable parameters in the bridge are as follows Priority Hello Time Max Age You can set a priority for the bridge from O to 65535 A value of O indicates the highest priority The hello time can be from 1 to 10 seconds This is the interval between two transmissions of BPDU packets sent by the root bridge to tell all other bridges that it is indeed the root bridge If you set a hello time for your bridge and it is not the root
254. ports in the group must be members of the same VLAN In addition the trunked ports must connect at the same speed in full duplex mode Load balancing is automatically applied to the ports in the trunked group and a link failure within the group causes the network traffic to be directed to the remaining links in the group The STP will treat a port trunking group as a single link on the switch level On the port level the STP will use the port parameters of the Master Port in the calculation of port cost and in determining the state of the port trunking group If two redundant port trunking groups are configured on the switch module STP will block one entire group in the same way STP will block a single port that has a redundant link Dynamic Host Configuration Protocol DHCP 34 The Dynamic Host Configuration Protocol DHCP can reduce the administrative burden of assigning and maintaining IP address information DHCP provides reliable and simple TCP IP network configuration ensures that address conflicts do not occur and helps to conserve the use of IP addresses through centralized management of address allocation Dynamic address allocation enables a client to be assigned an IP address from a pool of free addresses Each address is assigned with a lease and a lease expiration period The client must renew the lease to continue using the assigned address Dynamically assigned addresses can be returned to the free address pool if the comput
255. publickeyfile 03 SECSH Public Key File Format e Draft ietf secsh dh group exchange 04 Diffie Hellman Group Exchange for the SSH Transport Layer Protocol MIBs Supported Switching MIBs e REC 1213 MIB II e REC 1493 Bridge MIB e RFC 1643 Ethernet like MIB Intel Blade Server Ethernet Switch Module IXM5414E T e REC 2674 VLAN MIB e RFC 2618 RADIUS Authentication Client MIB e RFC 2620 RADIUS Accounting MIB e RFC 2819 RMON Groups 1 2 3 and 9 e IEEE 802 1X MIB IEEE 802 1 PAE MIB e Enterprise MIB QOS SNMP Support in Enterprise MIBs e Available through Management Module e Private MIBs for full configuration of ACL and Bandwidth Provisioning functionality e Network Cable Support lJOBASE T UTP Category 3 4 5 100 meters maximum 100 ohm STP 100 meters maximum 100BASE TX UTP Category 5 100 meters maximum EIA TIA 568 100 ohm STP 100 meters maximum 1000BASE T UTP Category 5e 100 meters maximum UTP Category 5 100 meters maximum EIA TIA 568B 100 ohm STP 100 meters maximum Intel Blade Server Ethernet Switch Module IXM5414E 2 Installing and Removing the Intel Blade Server Ethernet Switch Module IXM5414E The following illustration shows the I O module bay locations in the SBCE platform Attention To maintain proper system cooling each I O module bay must contain either a module or a filler module each blade bay must contai
256. pull down menu to select the method if any that should appear second in the selected authentication login list This is the method that will be used if the first method times out If you select a method that does not time out as the second method the third method will not be tried Note that this parameter will not appear when you first create a new login list Method 3 Use the pull down menu to select the method if any that should appear third in the selected authentication login list Note that this parameter will not appear when you first create a new login list Click the Apply button to cause the changes made on this screen to take effect on the switch If you want the switch to retain the new values across a power cycle you must perform a save Click the Delete button to remove the selected authentication login list from the configuration The delete will fail if the selected login list is assigned to any user including the default user for system login or IEEE 802 1X port access control You can only use this button if you have Read Write access Login session This panel displays the details for all user login sessions 54 Intel Blade Server Ethernet Switch Module IXM5414E Login Sessions z iD Liser Hame Cennecton Fram idie Time Session Time Le JSEHH ElA 232 ie Set es Tl Fear ID The ID of this row User Name The user name of user made the session Connection From The user is connected from which machine
257. r a member of this VLAN This is equivalent to registration forbidden in the IEEE 802 1Q standard Autodetect This port will not participate in this VLAN unless a GVRP join request is received on this port This is equivalent to registration normal in the IEEE 802 1Q standard Participation Use the pull down menu to configure the degree of participation of this port in this VLAN The permissible values are Include This port is always a member of this VLAN This is equivalent to registration fixed in the IEEE 802 1Q standard Intel Blade Server Ethernet Switch Module IXM5414E 93 Tagging Exclude This port is never a member of this VLAN This is equivalent to registration forbidden in the IEEE 802 1Q standard Autodetect This port will not participate in this VLAN unless a GVRP join request is received on this port This is equivalent to registration normal in the IEEE 802 1Q standard Use the pull down menu to configure the tagging behavior of this port in this VLAN The default is untagged Tagged All frames transmitted for this VLAN will be tagged Untagged All frames transmitted for this VLAN will be untagged Click the Apply button to update the switch with the values on this screen If you want the switch to retain the new values across a power cycle you must perform a save Status This panel displays information about all configured VLANs 94 sraguratan VLAN ID VLAN Name VLAN Type VLAN Status Broad
258. r at least two seconds 6 Remove the switch module from its static protective package 7 Ensure that the release latch on the switch module is in the open position perpendicular to the module 8 Slide the switch module into the appropriate I O module bay until it stops Push the release latch on the front of the switch module to the closed position 10 Make sure that the LEDs on the switch module indicate that it is operating properly Verify that e The DC power LED and the ac power LED on each power module are lit e The OK LED on each management module is lit e The OK LED on each switch module is lit 11 If you have other switch modules to install do so now otherwise continue with the next step 12 Attach any cables required by the switch module For the location of the connectors on the SBCE platform see Intel Server Chassis SBCE Installation and User s Guide on the Resource CD 13 Replace the acoustic attenuation module if you removed it in Step 2 The following illustration shows how to replace the acoustic attenuation module in the SBCE platform AT Acoustic module Locking handle Intel Blade Server Ethernet Switch Module IXM5414E 13 Removing the IXM5414E switch module Statement 8 A A xxCAUTION Never remove the cover on a power supply or any part that has the following label attached Hazardous voltage current and energy levels are present inside any component that has this label
259. radius maxretransmit 214 Use this command to configure the maximum number of times a request packet is retransmitted when no response is received from the RADIUS server The maxretransmit value is an integer in the range of and 15 Consideration should be given to the maximum delay time when configuring RADIUS maxretransmit and timeout values If multiple RADIUS servers are configured the maxretransmit Intel Blade Server Ethernet Switch Module IXM5414E value on each will be exhausted before the next server is attempted A retransmit will not occur until the configured timeout value on that server has passed without a response from the RADIUS server Therefore the maximum delay in receiving a response from the RADIUS application equals the sum of maxretransmit times timeout for all configured servers If the RADIUS request was generated by a user login attempt all user interfaces will be blocked until the RADIUS application returns a response Default 4 Format config radius maxretransmit lt 1 15 gt config radius timeout Use this command to configure the timeout value in seconds after which a request must be retransmitted to the radius server if no response is received Consideration should be given to the maximum delay time when configuring RADIUS maxretransmit and timeout values If multiple RADIUS servers are configured the maxretransmit value on each will be exhausted before the next server is attempted A retransmit will not
260. ral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Note that this definition of jabber is different than the definition in IEEE 802 3 section 8 2 1 5 LOBASES and section 10 3 1 4 OBASE2 These documents define jabber as the condition where any packet exceeds 20 ms The allowed range to detect jabber is between 20 ms and 150 ms Fragments Undersize Received The total number of packets received that were less than 64 octets in length excluding framing bits but including FCS octets Alignment Errors The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with a non integral number of octets Rx FCS Errors The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with an integral number of octets Total Received Packets Not Forwarded 802 3x Pause Frames Received A count of MAC Control frames received on this interface with an opcode indicating the PAUSE operation This counter does not increment when the interface is operating in half duplex mode Total Packets Transmitted Octets Total Packets Transmitted Octets The total number of octets of data including those in bad packets transmitted on the network excluding framing
261. rameters The lt protocolnum gt parameter identifies the protocol by number The protocol number is a standard value assigned by IANA and is an integer from 0 to 255 Either this command or the config acl match protocol keyword command can be used to specify an IP protocol value as a match criterion Format config acl rule match protocol number lt aclid gt lt rulenum gt lt protocolnum gt lt protocolmask gt config acl rule match srcip Use this command to specify a packet s source IP address and Mask as a match condition for the ACL rule referenced by the lt aclid gt and lt rulenum gt parameters The lt ipaddr gt and lt ipmask gt parameters are 4 digit dotted decimal numbers which represent the source IP address and IP mask respectively Format config acl rule match srcip lt aclid gt lt rulenum gt lt ipaddr gt lt ipmask gt config acl rule match srcl4port keyword Use this command to specify a source layer 4 port match condition for the ACL rule referenced by the lt aclid gt and lt rulenum gt parameters The lt portkey gt uses a single keyword notation and has the possible values of domain echo ftp ftpdata http smtp snmp Telnet tftp and www Each of these values translates into its equivalent port number which is used as both the start and end of the port range This command and the config acl match srcl4port number command are two methods of specifying the source layer 4 port range as a match condition E
262. re the next server is attempted A retransmit does not occur until the configured timeout value on that server has passed without a response Therefore the maximum delay in receiving a response from the RADIUS application equals the sum of maximum retransmit times the timeout for all configured servers If the RADIUS request was generated by a user login Intel Blade Server Ethernet Switch Module IXM5414E 127 attempt all user interfaces are blocked until the RADIUS application returns a response RADIUS Configuration ol wl E in wu er Pe Le Refresh Apaly Current Server IP Address The IP address of the current server This field is blank if no servers are configured Number of Configured Servers The number of RADIUS servers that have been configured The range for this value is 0 to 3 Max Number of Retransmits The value of the maximum number of times a request packet is retransmitted The valid range is 1 15 Timeout Duration secs The timeout value in seconds for request retransmissions The valid range is 30 Accounting Mode Select whether the RADIUS accounting mode is Enabled or Disabled Click the Refresh button to update the information on the page Click the Apply button to send the updated screen to the switch and cause the changes to take effect on the switch Server configuration Use this panel to configure the IP address of a RADIUS server Up to three servers can be configured for eac
263. remove the Port Mirroring configuration The mode must be Disabled before the configuration can be deleted Click the Apply button to update the switch with the values on this screen If you want the switch to retain the new values across a power cycle you must perform a save SNMP 68 This menu provides access to the following Simple Network Management Protocol SNMP options e Community configuration e Trap receiver configuration e Trap receiver summary e Supported MIBs Intel Blade Server Ethernet Switch Module IXM5414E Community configuration By default two SNMP Communities exist e private with Read Write privileges and status set to Enable e public with Read only privileges and status set to Enable These are well known communities you can use this menu to change the defaults or to add other communities Only the communities that you define using this menu will have access to the switch using the SNMPv1 and SNMPv2c protocols Only those communities with Read Write privileges will have access to this menu via SNMP Use this panel when you are using the SNMPv1 or SNMPv2c protocol if you want to use SNMP v3 you should use the User Accounts menu Six communities are supported You can add change or delete communities The switch does not have to be reset for changes to take effect The SNMP agent of the switch complies with SNMPv1 for more about the SNMP specification see the SNMP RFCs The SNMP agent sends
264. rminology are described in this section Each CLI command referenced in this document is illustrated using the structure outlined below Format Some commands such as show inventory do not require parameters Other commands such as config lag deleteport have parameters for which you must supply a value Parameters are positional you must type the values in the correct order Optional parameters will follow required parameters For example config vlan mcaststorm lt 1 4094 gt lt enable disable gt packets per second e config vlan mcaststorm is the command name e lt I 4094 gt lt enable disable gt are the required values for the command e packets per second is the optional value for the command config lag deleteport lt logical port gt lt port listofports all gt e config lag deleteport is the command name e lt logical port gt lt port listofports all gt are the required values for the command Please note that usually the actual value of the parameter as seen in the CLI e g lt 1 4094 gt is used in the documentation In some instances a generic term s such as lt port listofports all gt must be used since listing all possible choices is not possible Command name The following conventions apply to the command name e The command name is displayed in this document in bold font and must be typed exactly as shown e Once you have entered enough letters of a command name to uniquely identify the command hit
265. rom the I O Module Firmware VPD section with the version of the latest software update If the two software versions do not match download the latest version to a TFTP server Upgrading the switch software You upgrade the switch software using a TFTP server application that runs under the operating system in your server Make sure that this software is installed on your server then download the software image or the MCU code from the Intel Web site into a directory on your TFTP server Enable the TFTP server and set the directory that contains the image as the default directory Upgrading the image using Telnet To upgrade the switch software using a Telnet session complete the following steps 1 Start a Telnet session to connect to the switch module 2 Enter your user ID and password After successful login the CLI prompt displays 3 Enter transfer download and press Enter 4 Enter serverip ipaddress where ipaddress is the IP address of your TFTP server and press Enter 5 Enter datatype Code and press Enter 6 Enter filename IXM54_nnn opr where nnn is the software sequence number of the new switch software and press Enter 7 Enter start and press Enter to begin the software upgrade process 8 Review the information on the screen and enter y when prompted to confirm the correctness of the entries Upgrading the MCU code using Telnet 150 To upgrade the MCU code using a Telnet session complete the following steps
266. rroring Configuration Use this panel to enable or disable one or more ports The port will only participate in the network when it is enabled 62 Intel Blade Server Ethernet Switch Module IXM5414E Port Selects the interface for which data is to be displayed or configured Port Type For normal and LAG ports this field will be blank Otherwise the possible values are Probe Monitoring port participating in Port Mirroring Following is how this panel displays when the port type is Probe Intel Blade Server Ethernet Switch Module IXM5414E 63 64 Mirrored Port being mirrored LAG Member of a Link Aggregation LAG trunk Following is how this panel displays when the port type is LAG STP Mode Select the Spanning Tree Protocol STP Administrative Mode for the port or LAG The possible values are Enabled and Disabled Admin Mode Use the pull down menu to select the port control administration state You must select Enabled if you want the port to participate in the network The factory default is Enabled Flow Control Mode Use the pull down menu to Enable or Disable flow control for the port The factory default is Disabled LACP Mode Selects the Link Aggregation Control Protocol administration state The mode must be Enabled in order for the port to participate in Link Aggregation It may be Enabled or Disabled by selecting the corresponding line on the pull down entry field The factory default is Enabled Phy
267. rrors The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with a non integral number of octets Rx FCS Errors The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with an integral number of octets Received Packets Not Forwarded 802 3x Pause Frames Received A count of MAC Control frames received on this interface with an opcode indicating the PAUSE operation This counter does not increment when the Intel Blade Server Ethernet Switch Module IXM5414E 175 176 interface 1s operating in half duplex mode Packets Transmitted Total Packets Transmitted Octets The total number of octets of data including those in bad packets transmitted on the network excluding framing bits but including FCS octets This object can be used as a reasonable estimate of Ethernet utilization If greater precision is desired the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval Packets Transmitted 64 Octets The total number of packets including bad packets transmitted that were 64 octets in length excluding framing bits but including FCS octets Packets Transmitted 65 127 Octets The total number of packets including bad packets transmitt
268. ry interval An interface may be removed from an IGMP group in response to an IGMP Leave Group message Li nk aggreg ation LAG The Intel Blade Server Ethernet Switch Module IXM5414E supports Link Aggregation LAG or port trunking Port trunks aggregated ports can be used to increase the bandwidth of a network connection or to ensure fault recovery You can configure up to two trunk connections combining two to four ports into one fat pipe between any two SB HEs or other Layer 2 switches However before making any physical connections between devices use the Link Aggregation commands to specify the ports that will belong to the trunking group on both switches When using a port trunk note that e The ports used in a trunk must all be of the same speed 100 Mbps or 1000 Mbps and operate in full duplex mode only e The ports that can be assigned to the same trunk have certain other restrictions as described in this section e Each port can only be assigned to one trunk group whether a static or dynamic group e The ports at both ends of a connection must be configured as trunk ports e All of the ports in a trunk have to be treated as a whole when moved from to added or deleted from a VLAN e The Spanning Tree Protocol STP will treat all the ports in a trunk as a whole e Enable the trunk before connecting any cable between the switches to avoid creating a data loop e Disconnect all trunk port cables or disable the tru
269. s Switch configuration 100 Use this panel to Enable or Disable GVRP and GMRP for this switch Note It can take up to 10 seconds for GARP configuration changes to take effect Intel Blade Server Ethernet Switch Module IXM5414E GVRP Mode Choose the GVRP administrative mode for the switch by selecting Enable or Disable from the pull down menu The factory default is Disable GMRP Mode Choose the GMRP administrative mode for the switch by selecting Enable or Disable from the pull down menu The factory default is Disable Click the Apply button to update the switch with the values you enter If you want the switch to retain the new values across a power cycle you must perform a save Port configuration Use this panel to specify GARP detail for one or all ports Note It can take up to 10 seconds for GARP configuration changes to take effect Intel Blade Server Ethernet Switch Module IXM5414E 101 102 ERA GARP Timers kwa Die eee eee b a m alij TA PSS 30 iiio ti Leave Hirmer joanicers Apoi PEY Port Select the port you want to configure from the pull down list or select all ports Port GVRP Mode Specify the GVRP administrative mode for the port by selecting Enable or Disable from the pull down menu If you select Disable the protocol will not be active and the Join Time Leave Time and Leave All Time will have no effect The factory default is Disable Port GMRP Mode Specify the GMRP administrativ
270. s after 512 entries Port commands System and configuration config port adminmode Use this command to enable or disable one or more ports The port will only participate in the network when it is enabled Default enable Format config port adminmode lt port listofports all gt lt enable disable gt config port autoneg Use this command to enable or disable automatic negotiation on one or more ports Default enable Intel Blade Server Ethernet Switch Module IXM5414E 163 Format config port autoneg lt port listofports all gt lt enable disable gt config port flowcontrol Use this command to enable or disable IEEE 802 3x flow control for one or more ports Default disable Format config port flowcontrol lt port listofports all gt lt enable disable gt config port lacpmode Use this command to enable or disable the Link Aggregation Control Protocol LACP on one or more ports Default disable Format config port lacpmode lt port listofports all gt lt enable disable gt config port linktrap Use this command to enable or disable link status traps for one or more ports NOTE This command is valid only when the Link Up Down Flag is enabled see config trapflags linkmode on page 186 Format config port linktrap lt port listofports all gt lt enable disable gt config port physicalmode Use this command to configure the speed and duplex mode for one or more ports For this configuration to take effect aut
271. s many important points regarding these features Configuring the switch module to implement these concepts and use its many features is discussed in detail in the following chapters Intel Blade Server Ethernet Switch Module IXM5414E overview This section provides information that you should be familiar with when managing and configuring the internal switch modules If you are familiar with Ethernet switches you will recognize the industry standard parameters and terminology used in this document However it is important that you also understand the operating environment of the SB HE platform with regard to the internal switches IXM5414E switch modules are hot swappable subsystems that provide Ethernet switching capabilities within the chassis of the SB HE platform The primary purpose of the switch module is to provide Ethernet interconnectivity among the processor blades management modules and the external network infrastructure The SB HE platform may be configured with up to four independent switch modules supporting up to fourteen server blades Ports 1 through 14 on the switch module correspond to server blades 1 through 14 respectively numbered left to right when viewed from the front of the chassis Each switch module has four external 10 100 1000 Mbps Ethernet ports for connection to the external network infrastructure These ports are identified as Ext 1 Ext 2 Ext 3 and Ext 4 in the switch module configuration menus and are
272. s none When management of the Ethernet switch module is enabled through the four external ports the switch module will acquire its IP address from a Dynamic Host Configuration Protocol DHCP server when the switch module is turned on or reset Burned In MAC Address Web Mode Java Mode The burned in MAC address used for in band connectivity if you choose not to configure a locally administered address Specify whether the switch may be accessed from a web browser through TCP port 80 If you choose to Enable web mode you will be able to manage the switch from a web browser The factory default is Enabled Enable or Disable the java applet that displays a picture of the switch at the top right of the screen If you run the applet you will be able to click on the picture of the switch to select configuration screens instead of using the navigation tree at the left side of the screen The factory default is Enabled Intel Blade Server Ethernet Switch Module IXM5414E Click the Apply button to update the switch with new values If you want the switch to retain the new values across a power cycle you must perform a save Telnet Use this panel to configure Telnet settings Telnet Configuration Teint Login Temen minutes fi t to t0 Biag Gur Humber u lnet Bessons 5 Aiia Ph Tene Sa E f Apply Telnet Login Timeout minutes Specify how many minutes of inactivity should occur on a Telnet or SSH session before the switc
273. s the designated port in the event of a tie the port with the lowest numerical port identifier is chosen e Inthe IEEE 802 1D standard ports that are not selected as root or designated ports do not forward frames and are known as alternate ports e Inthe IEEE 802 1w standard a port that offers an alternate path to the root bridge but is not selected as the root does not forward frames and is known as an alternate port Ports that offer an alternate connection to the same LAN as a designated port do not forward frames and are known as backup ports If all bridges have STP enabled with default settings the bridge with the lowest MAC address in the network will become the root bridge By increasing the priority lowering the priority number of a given bridge STP can be forced to select that bridge as the root bridge When STP is enabled using the default parameters the path between source and destination stations in a switched network might not be ideal For example connecting higher speed links to a port that has a higher number than the current root port can cause a root port change The goal is to make the fastest link the root port IEEE 802 1D STP port states The BPDUs take some time to pass through a network This propagation delay can result in topology changes in which a port that changed directly from a discarding state to a forwarding state could create temporary data loops Ports must wait for new network topology information to
274. screen where you can select the protocol to be used as the match condition The possible values are domain echo FTP ftpdata HTTP SMTP SNMP Telnet TFTP and www Each of these values translates into its equivalent port number which is used as both the start and end of the port range Destination L4 Port Number Specify a packet s destination Layer 4 port number match condition for the selected ACL rule Click the Configure button to configure the corresponding match criteria for the selected rule Click the Delete button to remove the currently selected Rule from the selected ACL If you want the switch to retain the new values across a power cycle you must perform a save Bandwidth provisioning This menu provides access to the following bandwidth provisioning configuration and summary screens e Bandwidth profile configuration e Bandwidth profile summary e Traffic class configuration e Traffic class summary e Interface allocation summary Bandwidth profile configuration Use this panel to create a bandwidth allocation profile 142 Intel Blade Server Ethernet Switch Module IXM5414E Bandwidth Profile Configuration z a ee PTS 2 Ea Cee i Delete Apply Bandwidth Profile Select Create from the pull down menu to configure a new bandwidth profile or select one of the existing profiles to display and update its configuration Bandwidth profile 1 named default always exists and you cannot change or delete it
275. ses An exact match is required MAC Address A unicast MAC address for which the switch has forwarding and or filtering information The format is a two byte hexadecimal VLAN ID number followed by a six byte MAC address with each byte separated by hyphens for example 00 01 00 23 45 67 89 AB Source Port The port where this address was learned i e the port through which the MAC address can be reached In the above example CMM refers to Chassis Management Module ports ifIndex The ifIndex of the MIB interface table entry associated with the port Status The status of this entry The possible values are Learned The entry was learned by observing the source MAC addresses of incoming traffic and is currently in use Intel Blade Server Ethernet Switch Module IXM5414E 59 Management The value of the corresponding instance 1s also the value of an existing instance of dotld StaticAddress Currently this is used when enabling VLANs for routing Self The MAC address of one of the switch s physical interfaces GMRP Learned The value of the corresponding instance was learned via GARP Multicast Registration Protocol GMRP Other The value of the corresponding instance does not fall into one of the other categories Click the Search button to search for the specified MAC address Click the Refresh button to retrieve and display the database again starting with the first entry in the table Logs This menu provides access to
276. set This value is also known as the MFDB high water mark Current Entries Displays the current number of entries in the MFDB table show mfdb table Use this command to display the MFDB information If the command is entered with no parameter the entire table is displayed This is the same as entering the optional lt all gt parameter The user can display the table entry for one MAC address by specifying the MAC address as an optional parameter Format show mfdb table macaddr all Mac Address A MAC address and VLAN pair for which the switch has forwarding and or filtering information The format is two two digit hexadecimal numbers representing the VLAN and six two digit hexadecimal numbers representing the MAC address separated by hyphens for example 00 01 00 23 45 67 89 AB Type This displays the type of the entry Static entries are those that are configured by the end user Dynamic entries are added to the table as a result of a learning process or protocol Component The component that is responsible for this entry in the MFDB Possible values are IGMP Snooping GMRP and Static Filtering Description The text description of this multicast table entry Interfaces The list of interfaces that are designated for forwarding Fwd and filtering FIt Intel Blade Server Ethernet Switch Module IXM5414E 195 Forwarding Interfaces The forwarding list 1s derived from combining all the component s forwarding interfaces and
277. sfer download filename Use this command to specify the name of the file that is to be downloaded to the switch The switch will remember the last file name used You may specify the file path as part of the file name if the string is less than 31 characters Otherwise use the transfer download path command This command is valid only when the Transfer Mode is TFTP See transfer download mode Format transfer download filename lt name gt Intel Blade Server Ethernet Switch Module IXM5414E 183 transfer download path Use this command to specify the directory path on the TFTP server where the file to be downloaded to the switch is located The switch will remember the last file path used This command is valid only when the Transfer Mode is TFTP See transfer download mode Details of the TFTP path are explained under the command transfer upload path Format transfer download path lt path gt transfer download serverip Use this command to configure the IP address of the server on which a file to be downloaded is located This command is valid only when the transfer mode is TFTP See transfer download mode Default 0 0 0 0 Format transfer download serverip lt ipaddr gt transfer download start Use this command to start a download transfer After the current settings are displayed you will be prompted to confirm your decision This command will close your connection to the host Format transfer download start The followi
278. sical Mode Use the pull down menu to select the port s speed and duplex mode If you select auto the duplex mode and speed will be set by the auto negotiation process Note that the port s maximum capability full duplex and 100 Mbps will be advertised Otherwise your selection will determine the port s duplex mode and transmission rate The factory default 1s auto You can only use this menu for the external ports Physical Status Indicates the port speed and duplex mode This field only displays if the Link Status is Up Intel Blade Server Ethernet Switch Module IXM5414E Link Status Indicates whether the Link is Up or Down Following is how this panel displays when the link status 1s link up Link Trap This object determines whether or not to send a trap when link status changes The factory default is Enabled ifIndex The ifIndex of the interface table entry associated with this port Click the Apply button to update the switch with the values you entered If you want the switch to retain the new values across a power cycle you must perform a save Summary This panel displays the status of all ports in the box Intel Blade Server Ethernet Switch Module IXM5414E 65 66 Port Port Type STP Mode STP Admin Control Pout Font Type ode Forwarding State Port Kale Mode Mode Bay Probe erated Desnbiers Disathed Put Frat Enatta hay 2 itt Ermid Draghi Diath Fait Enabh Enabh Bay 3 Ernatled Cire obi Casatled Port
279. specify which network managers can receive traps from the switch module by entering a list of the IP addresses of authorized network managers You can enter up to four trap recipient IP addresses and four corresponding SNMP community strings SNMP community strings function like passwords in that the community string entered for a given IP address must be used in the management station software otherwise a trap will be sent The following are trap types that the switch module can send to a trap recipient Cold start This trap indicates that the switch module has been turned on and initialized such that software settings are reconfigured and hardware systems are restarted A cold start is different from a factory reset in that configuration settings saved to 22 Intel Blade Server Ethernet Switch Module IXM5414E nonvolatile random access memory NVRAM are used to reconfigure the switch module Warm start This trap indicates that the switch module has been restarted however the power on self test POST is skipped Authentication failure This trap indicates that someone has tried to log on to the switch module using an invalid SNMP community string The switch module automatically stores the source IP address of the unauthorized user Topology change Spanning Tree Protocol STP This trap indicates that one or more of the configured ports has changed from the learning state to the forwarding state or from the forwarding state to the
280. ss Response packets received from this server including packets with invalid length but not including packets with bad authenticators bad signature attributes or unknown types Bad Authenticators The number of RADIUS Access Response packets received from this server including packets with invalid authenticators or signature attributes Intel Blade Server Ethernet Switch Module IXM5414E 131 Pending Requests The number of RADIUS Access Request packets sent to this server that have not yet timed out or received a response Timeouts The number of RADIUS packets sent to this server that have timed out Unknown Types The number of RADIUS packets of unknown type received from this server Packets Dropped The number of RADIUS packets received from this server dropped for a reason not otherwise included in this list Click the Refresh button to update the information on the page Accounting server configuration Use this panel to configure the IP address of the accounting server Only a single accounting server can be configured 132 RADIUS Accounting Server Configuration png Senw IP Address 77ra Piri IOE 1b Bf othe B E Ar cr emet Configured N Rema Retresh Appi Accounting Server IP Address Select Add to configure an accounting server or the address of an already configured server Port Specifies the UDP Port to be used by the accounting server The valid range is O 65535 If the user has Read only ac
281. ssed in days hours minutes and seconds since the last reboot of the switch Trap Information identifying the trap NOTE Trap log information is not retained across a switch module reset Switching configuration commands This section describes the commands you use to manage the switch and to show the current management settings This section also provides detailed explanations of said switching commands The commands are divided into nine groups e Generic Attributes Registration Protocol GARP commands e IGMP snooping commands e Link Aggregation LAG commands e MAC filter commands e Mirroring commands e Multicast Forwarding Database MFDB commands e Spanning tree commands e Virtual Local Area Network VLAN commands Intel Blade Server Ethernet Switch Module IXM5414E 187 Generic Attribute Registration Protocol GARP commands config garp gmrp adminmode Use this command to enable or disable the GARP Multicast Registration Protocol GMRP on the switch module Default disable Format config garp gmrp adminmode lt enable disable gt config garp gmrp interfacemode Use this command to enable or disable the GMRP on one some or all interfaces If an interface which has GARP enabled is enabled for routing or is made a member of a LAG GARP functionality will be disabled on that interface GARP functionality will subsequently be re enabled if routing 1s disabled or LAG membership is removed from an interface that previ
282. st packets received by the processor Unicast Packets Received The number of subnetwork unicast packets delivered to a higher layer protocol Multicast Packets Received The number of packets received that were directed to a multicast address Note that this number does not include packets directed to the broadcast address Broadcast Packets Received The number of packets received that were directed to a broadcast address Note that this number does not include packets directed to the multicast address Receive Packets Discarded The number of inbound packets that were chosen to be discarded even though no errors had been detected that would prevent their being deliverable to a higher layer protocol One possible reason for discarding a packet could be to free up buffer space Transmitted Intel Blade Server Ethernet Switch Module IXM5414E Octets Transmitted The total number of octets of data transmitted on the network including framing bits Packets Transmitted Without Errors The total number of packets that have been transmitted on the network without an error occurring Unicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Multicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a multicast address including those that were discarded or
283. statement is placed just before the description of a potentially lethal or extremely hazardous procedure step or situation Major components of the IXM5414E switch module The green on components and labels on your IXM5414E switch module and on the platform identifies hot swap or hot plug components You can install or remove these components while the system is running provided that your system is configured to support this function The blue color on components and labels indicates touch points where a component can be gripped a latch can be moved and so on The following illustration shows the major components of your switch module NOTE The illustrations in this document may differ slightly from your hardware Intel Blade Server Ethernet Switch Module IXM5414E 3 senal number media access control Ethemet switch module Release haich Information panel _ Ethernet ports MAC address label aie Media access ae control MAC address labe For more information about the components of the information panel see Chapter 3 Information Panel LEDs and External Ports on page 17 For more information about the MAC address see IP addresses and SNMP community names on page 21 Specifications and features The following section provides a summary of the specifications and features for your IXM5414E switch module e Ports Four external OOOBASE T ports for making 10 100 1000 Mbps conn
284. t Possible values are both and in show dot1x port stats Use this command to display the IEEE 802 1X statistics for the specified port Format show dot1x port stats lt port gt Port The interface whose statistics are displayed on this row EAPOL Frames Received The number of valid Extensible Authentication Protocol over LANs EAPOL frames of any type that have been received by the authenticator port EAPOL Frames Transmitted The number of valid EAPOL frames of any type that have been transmitted by the authenticator port EAPOL Start Frames Received The number of EAPOL start frames that have been received by the authenticator port EAPOL Logoff Frames Received The number of EAPOL logoff frames that have been received by the authenticator port Last EAPOL Frame Version The protocol version number in the most recently received EAPOL frame Last EAPOL Frame Source The source MAC address in the most recently received EAPOL frame EAP Response ID Frames Received The number of EAP response identity frames that have been received by the authenticator port Intel Blade Server Ethernet Switch Module IXM5414E 211 EAP Response Frames Received The number of EAP response frames other than response identity frames that have been received by the authenticator port EAP Request ID Frames Transmitted The number of EAP response identity frames that have been transmitted by the authenticator port EAP Response Frames Transmitted The num
285. t 1f the maximum number of users has not been reached The lt name gt can be up to eight alphanumeric characters and is case sensitive A maximum of six user IDs can be defined Format config users add lt name gt config users delete Use this command to remove a user account Format config users delete lt name gt NOTE The admin user account cannot be deleted Intel Blade Server Ethernet Switch Module IXM5414E 171 config users passwd Use this command to change the password of an existing user The password is up to eight alphanumeric characters and is case sensitive After you enter this command you will be prompted for the user s current password If none press enter Default Blank indicating no password for users with Read only access For those with Read write access the factory standard password is PASSWORD Please note the use of zero instead of the letter O Format config users passwd lt user gt config users snmpv3 accessmode Use this command to specify the SNMPv3 access privileges for the specified user account The valid accessmode values are lt readonly gt or lt readwrite gt The lt user gt is the login user name for which the specified access mode will apply Default readwrite for admin user readonly for all other users Format config users snmpv3 accessmode lt user gt lt readonly readwrite gt config users snmpv3 authentication Use this command to specify the protocol t
286. t multicast group A traditional Ethernet network may be physically separated into different network segments to prevent overload of the shared media Bridges and switches connect these segments When a packet with a broadcast or multicast destination address is received the switch will forward a copy into each of the remaining network segments in accordance with IEEE 802 1D Eventually the packet is made accessible to all nodes connected to the network This approach works well for broadcast packets that are intended to be seen or processed by all connected nodes In the case of multicast packets however this approach can lead to less efficient use of network bandwidth particularly when the packet is intended for only a small number of nodes Packets will be flooded onto network segments where no node has any interest in receiving the packet The problem of wasting bandwidth is even worse when the LAN segment is not shared for example in full duplex links Allowing switches to snoop IGMP packets is one way to solve this problem The switch uses the information in the IGMP packets as they are being forwarded throughout the network to determine which segments should receive packets directed to particular group addresses 32 Intel Blade Server Ethernet Switch Module IXM5414E Group addresses are stored in the Multicast Forwarding Database MFDB An IGMP address will be removed from the database if a report for it is not received within the que
287. t the switch to retain the new values across a power cycle you must perform a save CST port configuration status Use this panel to configure a particular port within the CST ince _ounters Last Hemmed Port Select one of the physical or LAG interfaces from the pull down menu Intel Blade Server Ethernet Switch Module IXM5414E 113 Port Priority Specify the priority for the selected port The port priority is set in multiples of 16 and the range is O to 240 Admin Edge Port Select Enable to specify the port as an Edge Port within the CST Disable is the default Port Path Cost Set the Path Cost to a new value for the specified port The range is 1 to 200000000 Auto calculate Port Path Cost Displays whether the path cost is automatically calculated Enabled or not Disabled Path cost will be calculated based on the link speed of the port if the configured value for Port Path Cost is zero Port ID The port identifier for the specified port It is created by concatenating the port priority with the interface number of the port Port Up Time Since Counters Last Cleared Time since the counters were last cleared displayed in Days Hours Minutes and Seconds Port Mode STP Administrative Mode associated with the port or LAG The possible values are Enable or Disable Port Forwarding State The Forwarding State of this port Port Role Each Enabled bridge port is assigned a Port Role within the spanning tree The port rol
288. tartport gt lt endport gt 220 Intel Blade Server Ethernet Switch Module IXM5414E config acl rule match every Use this command to specify a match condition in which all packets will be considered to match the ACL rule referenced by the lt aclid gt and lt rulenum gt parameter If the parameter lt true false gt is set to lt true gt all packets will be either permitted or denied based on the action setting for the rule and no other match conditions may be specified Specifying lt false gt allows other match conditions to be specified Format config acl rule match every lt aclid gt lt rulenum gt lt true false gt config acl rule match protocol keyword Use this command to specify the IP protocol of a packet as a match condition for the ACL rule referenced by the lt aclid gt and lt rulenum gt parameters The lt protocolkey gt parameter identifies the protocol using a single keyword notation and has the possible values of ICMP IGMP IP TCP and UDP A protocol keyword of ip is interpreted to match all protocol number values Either this command or the config acl match protocol number command can be used to specify an IP protocol value as a match criterion Format config acl rule match protocol keyword lt aclid gt lt rulenum gt lt protocolkey gt config acl rule match protocol number Use this command to specify a protocol number as a match condition for the ACL rule referenced by the lt aclid gt and lt rulenum gt pa
289. tes button to link to the File Transfer page to download SSL Certificate s Download is through the System Utilities menu NOTE To download SSL Certificate files SSL must be administratively Disabled Click the Apply button to send the updated screen to the switch and have the changes take effect on the switch If you want the switch to retain the new values across a power cycle you must perform a Save Intel Blade Server Ethernet Switch Module IXM5414E 135 Secure Shell Secure Shell SSH is the standard encryption protocol used to provide a secure interactive login over a network This Secure Shell menu provides access to the SSH configuration panel Configuration Use this panel to configure SSH variables 136 uw mgm m miba ee ee zH Looe corr in Lise Retesh CownloadHostKeys Apply Admin Mode Select Enable or Disable to turn the Administrative Mode of SSH on or off The currently configured value is shown when the web page is displayed The default value is Disable SSH Version 1 Select Enable or Disable to turn Protocol Level 1 for SSH on or off The currently configured value is shown when the web page is displayed The default value is Enable Either SSH Version 1 or Version 2 must be Enabled at all times SSH Version 2 Select Enable or Disable to turn Protocol Level 2 for SSH on or off The currently configured value is shown when the web page is displayed The default value is Enable Either SSH Version
290. the Generic Attribute Registration Protocol GARP layer GVRP PDUs Transmitted The number of GVRP PDUs transmitted by the GARP layer GVRP Failed Registrations The number of times attempted GVRP registrations could not be completed GMRP PDUs Received The number of GMRP PDUs received by the GARP layer GMRP PDUs Transmitted The number of GMRP PDUs transmitted by the GARP layer GMRP Failed Registrations The number of times attempted GMRP registrations could not be completed Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for this port were last cleared The following displays the bottom of the panel showing the buttons available Intel Blade Server Ethernet Switch Module IXM5414E 81 Extestne Colon Framo Pont Memberstin Discard VILAN Viable Ceecard STP BP OLE Aired Se DeU Lansmitted RSTP BPO ls Recennd BST Bes Irersmied za I Sa ee Eee anana OVE FLLS Fecr fi Re piis T fie H RP Falaj Ae J fi MRP POM Ie R j 4417 fee Pals ire mieg l MAP Failed Rea Tit lond laaya h T Ige Char Counters Char Al Coumers Retresn j Click the Clear Counters button to clear all the counters resetting all statistics for this port to default values Click the Clear All Counters button to clear all the counters for all ports resetting all statistics for all ports to default values Click the Refresh button to refresh the data on the screen with the present state
291. the following functions e Creates a single spanning tree from any combination of switching or bridging elements e Automatically reconfigures the spanning tree to compensate for the failure addition or removal of any element in the tree e Reconfigures the spanning tree without operator intervention Improper configuration of the switch module s external ports or improper cabling of the external ports to another switch device can create duplicate links that might cause network loops Consult your network administrator for details about the configuration requirements for your system The single spanning tree created by the Spanning Tree Algorithm is referred to as the Common Spanning Tree CST in some of the commands described in this document The original Spanning Tree Algorithm defined in IEEE 802 1D has been updated to allow for faster reconfiguration in the event of a change to network topology or configuration parameters This new protocol is defined in IEEE 802 1 w as Rapid Reconfiguration and is based on the ability of the bridging device to recognize ports which are full duplex and ports which are connected directly to end stations The IEEE 802 1 standards committee recommends the use of IEEE 802 1 w in preference to IEEE 802 1D except when running certain protocols e g LLC2 and NETBEUI that are sensitive to the slightly increased probability of frame misordering The IXM5414E switch module defaults to IEEE 802 1D operation but can b
292. the following two logs e Message log e Event log The message log tracks non critical error information while the event log tracks critical event information Message log This panel displays the message log maintained by the switch The message log contains system trace information that records non critical problems Message log information is not retained across a switch reset and wraps after 512 entries 60 Intel Blade Server Ethernet Switch Module IXM5414E j Time The time the event occurred calculated from the time the switch was last reset in days hours minutes and seconds File The source code filename identifying the code that detected the event Line The line number within the source file of the code that detected the event Description An explanation of the problem being reported Click the Refresh button to retrieve and display the database again starting with the first entry in the table Event log This panel displays the event log which is used to hold error messages for critical events After the event has been logged and the updated log has been saved in FLASH memory the switch will be reset The log can hold at least 2 000 entries the actual number depends on the platform and OS and is erased when an attempt is made to add an entry after it is full The event log is preserved across system resets Intel Blade Server Ethernet Switch Module IXM5414E 61 Line Taski Ee Te 2h BARES Siu rrr i
293. the information needed to download a file to the switch Start File Transter Apply 86 Intel Blade Server Ethernet Switch Module IXM5414E File Type Specify the type of file to be downloaded to the switch Code 8051 MCU Code Config SSH RSAI Key File SSH RSA2 Key PEM File SSH DSA Key PEM File SSL Trusted Root Certificate PEM File SSL Server Certificate PEM File SSL DH Weak Encryption Parameter PEM File SSL DH Strong Encryption Parameter PEM File 8051 MCU Code TFTP Server IP Address Enter the IP address of the TFTP server The factory default is 0 0 0 0 TFTP File Path This field specifies the directory path on the TFTP server where the file to be downloaded to the switch is located The switch will retain the last file path used TFTP File Name This field specifies the name of the file that is to be downloaded to the switch The switch will remember the last file name used The last row of the table is used to display information about the progress of the file transfer The screen will refresh automatically until the file transfer completes The Intel Blade Server Ethernet Switch Module IXM5414E software supports the use of a TFTP client The TFTP client path statement requirement is server dependent A path statement is generally required to setup the TFTP client however the client path may remain blank See the example of the path setup TFTP Upload Example The TFTP upload example details three scenarios for TFTP cli
294. the port from which the declaration or withdrawal was made Registration occurs only on ports that receive the GARP PDU containing a declaration or withdrawal De registration occurs only if all GARP participants connected to the same LAN segment as the port withdraw the declaration 30 Intel Blade Server Ethernet Switch Module IXM5414E GARP VLAN Registration Protocol GVRP GVRP GARP VLAN Registration Protocol is used to propagate VLAN membership information throughout the network GVRP is based on the Generic Attribute Registration Protocol GARP which defines a method of propagating a defined attribute i e VLAN membership throughout the network GVRP allows both end stations and the switch module to issue and revoke declarations relating to membership in VLANs The Intel Blade Server Ethernet Switch Module IXM5414E complies with the specifications in IEEE 802 1D and IEEE 802 1Q End stations that participate in GVRP register VLAN membership via GARP Protocol Data Unit GPDU messages Networking devices that implement the GVRP protocol and enable GVRP then process the GPDUs The VLAN registration is made in the context of the port that receives the GPDU The switch module propagates this VLAN membership on all of its other ports in the active topology Thus the end station s VLAN ID 1s propagated throughout the network GARP Multicast Registration Protocol GMRP Networking devices use the GARP Multicast Registration Protocol to dynami
295. the switch Read write or is only able to view them Read only As a factory default admin has Read write access and guest has Read only access There can only be one Read write user and up to five Read only users SNMPv3 Access Mode Displays the SNMPv3 Access Mode If the value is set to Read write the SNMPv3 user will be able to set and retrieve parameters on the system If the value is set to Read only the SNMPv3 user will only be able to retrieve parameter information The SNMPv3 access mode does not have to be the same as the CLI and Web access modes SNMPv3 Authentication The protocol 1f any that will be used to authenticate the user SNMPv3 Encryption The encryption protocol if any that will be used for the authentication process Login config loginsession close Use this command to close a specified Telnet session Format config loginsession close lt sessionid all gt show loginsession Use this command to display currently active Telnet and serial port connections to the switch Format show loginsession ID Login Session ID User Name The account name used to login via the serial port or Telnet Connection From The IP address of the Telnet client machine or EIA 232 for the serial port connection Idle Time Time this session has been idle Session Time Total time this session has been connected System description config prompt Use this command to change the prompt that is displayed when you use the CLI Y
296. the transfer upload path command to specify the directory path This command is valid only when the Transfer Mode is TFTP See transfer upload mode Format transfer upload filename lt name gt transfer upload path Use this command to specify the directory path on the TFTP server where you want to save a file uploaded from the switch The switch will remember the last file path used NOTE This command is valid only when the transfer mode is TFTP See the command transfer upload mode The Intel Blade Server Ethernet Switch Module IXM5414E software supports the use of a TFTP client The TFTP client path statement requirement is server dependent A path statement is generally required to setup the TFTP client however the client path may remain blank See the following path setup example transfer upload serverip Use this command to configure the IP address of the server on which a file to be uploaded is to be located It is valid only when the transfer mode is TFTP See transfer upload mode Default 0 0 0 0 Format transfer upload serverip lt ipaddr gt transfer upload start Use this command to start an upload transfer After the current settings are displayed you will be prompted to confirm your decision Note that issuing this command will close your connection to the host Intel Blade Server Ethernet Switch Module IXM5414E 185 Format transfer upload start The following information fields are displayed
297. ther permitted or denied In this case since all packets match the rule you will not be offered the option of configuring other match criteria To configure specific match criteria for the rule remove the rule and re create it or re configure Match Every to False for the other match criteria to be visible Click the Apply button to save your choice and return to the main screen or click the Cancel button to exit without saving a change Intel Blade Server Ethernet Switch Module IXM5414E Serre La Poe Coohiguie Destinaton Ld Pon Configure Delete Protocol Keyword Specify that a packet s IP protocol is a match condition for the selected ACL rule If you click Configure on this line you will be shown a new screen where you can select the protocol to be used as the match condition The possible values are ICMP IGMP IP TCP and UDP Either the Protocol Keyword field or the Protocol Number field can be used to specify an IP protocol value as a match criterion Protocol Number Specify that a packet s IP protocol is a match condition for the selected ACL rule and identify the protocol by number If you click Configure on this line you will be shown a new screen where you can select the protocol to be used as the match condition The protocol number is a standard value assigned by ANA and is interpreted as an integer from to 255 Either the Protocol Number field or the Protocol Keyword field can be used to specify an IP protocol
298. tic ehce Racker state Roigh Port Select the port whose information will be displayed When the selection is changed a screen refresh will occur causing all fields to be updated for the newly selected port All physical interfaces are valid Control Mode Displays the configured control mode for the specified port Options are force unauthorized The authenticator port access entity PAE unconditionally sets the controlled port to unauthorized force authorized The authenticator PAE unconditionally sets the controlled port s to authorized mode auto The authenticator PAE sets the controlled port s mode to reflect the result of the authentication exchanges between the supplicant authenticator and authentication server Quiet Period secs This field displays the configured quiet period for the selected port This quiet period is the value in seconds of the timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant The quiet period is the period for which the authenticator does not attempt to acquire a supplicant after a failed authentication exchange with the supplicant The quiet period range is 0 to 65535 Transmit Period secs Displays the configured transmit period for the selected port The transmit period is the value in seconds of the timer used by the authenticator state machine on the specified port to determine when to send an EAPOL
299. tics for the selected port Port Select the port for which information is to be displayed STP BPDUs Received Number of STP BPDUs received at the selected port STP BPDUs Transmitted Number of STP BPDUs transmitted from the selected port RSTP BPDUs Received Number of Rapid Reconfiguration BPDUs received at the selected port RSTP BPDUs Transmitted Number of Rapid Reconfiguration BPDUs transmitted from the selected port Click the Refresh button to update the screen with the most recent data Class of service This menu contains one option 802 1p priority mapping Intel Blade Server Ethernet Switch Module IXM5414E 115 802 1p priority mapping Use this panel to specify how IEEE 802 1p priority classes are to be mapped to the switch s internal traffic classes 802 1p Priority Mapping Lier Priority TAE Clana J j eed fea el rd fee i ENEN _ApoY User Priority The 802 1p user priority to be mapped Traffic Class Use the pull down menus to select the internal traffic class for each user priority Click the Apply button to send the updated screen to the switch and cause the changes to take effect on the switch If you want the switch to retain the new values across a power cycle you must perform a save Security This menu describes the web menus used to configure and manage the security features of the Intel Blade Server Ethernet Switch Module IXM5414E These features include e Port acc
300. ting the space bar or Tab key will cause the system to complete the word 155 e Entering Ctrl Z will return you to the root level command prompt Parameters The following conventions apply to the parameters e Parameters are order dependent e Parameters are displayed in this document in bold italic font which must be replaced with a name or number e To use spaces as part of a name parameter enclose it in double quotes for example System Name with Space e Parameters may be required or optional and may have a list of choices lt parameter gt The angle brackets indicate that the parameter is required and you must enter a value in place of the brackets and text parameter The square brackets indicate that the parameter is optional and you may choose to enter a value in place of the brackets and text choicel choice2 Enter one and only one of the values listed Values Some parameters are used frequently This section explains the format you should use when providing values for them ipaddr macAddr port listofports logical port 156 Enter a valid IP address made up of four decimal digits ranging from 0 to 255 The default for all IP addresses consists of zeros that is 0 0 0 0 The interface IP address of 0 0 0 0 is invalid In some cases you can also enter the IP address as a 32 bit number The MAC address format is six hexadecimal numbers separated by hyphens for example 00 06 2
301. tion Protocol Over LAN EAPOL EAP Request Identity frame to the supplicant The transmit period range is 1 to 65535 The default value is 30 Supplicant Timeout secs Specify the supplicant timeout for the selected port The supplicant timeout is the value in seconds of the timer used by the authenticator state machine on this port to timeout the supplicant The supplicant timeout range is to 65535 The default value is 30 Changing the value will not change the configuration until the Apply button is clicked Server Timeout secs Specify the server timeout for the selected port The server timeout is the value in seconds of the timer used by the authenticator on this port to timeout the authentication server The server timeout range is 1 to 65535 The default value is 30 Maximum Requests Specify the maximum requests for the selected port The maximum requests value is the maximum number of times the authenticator state machine on this port will retransmit an EAPOL EAP Request Identity before timing out the supplicant The maximum requests range is 1 to 10 The default value is 2 Reauthentication Period secs Specify the reauthentication period for the selected port The reauthentication period is the value in seconds of the timer used by the authenticator state machine on this port to determine when reauthentication of the supplicant takes place The reauthentication period range is to 65535 The default value is 3600 Reaut
302. tion Protocol Over LANs EAPOL EAP 208 Intel Blade Server Ethernet Switch Module IXM5414E Request Identity before timing out the supplicant The maximum requests value must be in the range of 1 and 10 Default 2 Format config dot1x port maxrequests lt port gt lt 1 10 gt config dot1x port quietperiod Use this command to configure the value in seconds of the timer used by the authenticator state machine on the specified port to define periods of time in which it will not attempt to acquire a supplicant The quiet period is the period for which the authenticator does not attempt to acquire a supplicant after a failed authentication exchange with the supplicant The quiet period must be a value in the range of 0 and 65535 Default 60 Format config dotlx port quietperiod lt port gt lt 0 65535 gt config dot1x port reauthenabled Use this command to enable or disable reauthentication of the supplicant for the specified port The reauthenabled value must be true or false If the value is true reauthentication will occur Otherwise reauthentication will not be allowed Default false Format config dot1x port reauthenabled lt port gt lt true false gt config dot1x port reauthenticate Use this command to begin the reauthentication sequence on the specified port This command 1s only valid if dot1x is enabled and the control mode for the specified port is auto Default disable Format config dotlx port reauthenticate lt port
303. tion control is enabled on the switch 212 Intel Blade Server Ethernet Switch Module IXM5414E Remote Authentication Dial In User Service RADIUS commands RADIUS accounting commands config radius accounting mode Use this command to enable or disable the RADIUS accounting function Default disable Format config radius accounting mode lt enable disable gt config radius accounting server add Use this command to configure the IP address to be used to access the accounting server Only a single accounting server can be configured If an accounting server is currently configured it must be removed using the config radius accounting server remove command before this command will succeed Format config radius accounting server add lt ipaddr gt config radius accounting server port Use this command to configure which User Datagram Protocol UDP port will be used to access the accounting server The IP address specified must match that of the previously configured accounting server If a port is already configured for the accounting server the new port will replace the previously configured value Default 1813 Format config radius accounting server port lt ipaddr gt lt 0 65535 gt config radius accounting server remove Use this command to remove a configured accounting server The IP address specified must match that of the previously configured accounting server Since only a single accounting server 1s supported issuing this co
304. tion will occur Otherwise reauthentication will not be allowed Control Direction Displays the control direction for the specified port The control direction dictates the degree to which protocol exchanges take place between supplicant and authenticator This affects whether the controlled port exerts control over communication in both directions disabling both incoming and outgoing frames or just incoming disabling only the reception of incoming frames This field is not configurable on some platforms Protocol Version Displays the protocol version associated with the selected port The only possible value is 1 corresponding to the first version of the IEE 802 1X specification PAE Capabilities Displays the PAE functionality of the selected port Possible values are Authenticator or Supplicant Authenticator PAE State Displays the current state of the authenticator PAE state machine Possible values are e Initialize e Disconnected e Connecting e Authenticating e Authenticated Intel Blade Server Ethernet Switch Module IXM5414E 121 e Aborting e Held e Force Authorized e Korce Unauthorized Backend State Displays the current state of the backend authentication state machine Possible values are e Request e Response e Success e Fail e Timeout e Initialize e Idle Click the Refresh button to update the information on the page Port summary This panel displays a summary of the IEEE 802 1 X configuration par
305. to add the lt port gt to the destination filter set for the MAC filter with the MAC address of lt macaddr gt and VLAN of lt vlan gt The lt macaddr gt parameter must be specified as a 6 byte hexadecimal number in the format of 00 12 34 56 78 90 The lt vlan gt parameter must identify a valid VLAN The lt port gt parameter identifies the destination port s to be added to the destination port filter set for the MAC filter If lt all gt is selected all ports will be added to the destination port filter set Packets for the specified MAC address and VLAN ID will only be transmitted out of ports that are in the filter set Format config macfilter adddest lt macaddr gt lt vlan gt lt port listofports all gt config macfilter create Use this command to add a static MAC filter entry fora MAC address and VLAN pair The lt macaddr gt parameter must be specified as a 6 byte hexadecimal number in the format of 00 12 34 56 78 90 Filters may not be defined for MAC addresses 00 00 00 00 00 00 e 01 80 C2 00 00 00 to 01 80 C2 00 00 0F e 01 80 C2 00 00 20 to 01 80 C2 00 00 21 e FF FF FF FF FF FF The lt vlan gt parameter must identify a valid VLAN Up to 100 static MAC filters may be created Format config macfilter create lt macaddr gt lt vlan gt config macfilter deldest Use this command to remove one or more ports from the destination filter set for the MAC filter with the MAC address of lt macaddr gt and VLAN of
306. to reset all RADIUS statistics for the switch Click the Clear button to clear the accounting server authentication server and RADIUS statistics Secure HTTP The Secure Sockets Layer SSL encryption protocol provides a means of abstracting an encrypted connection between two stations allowing HTTP to operate securely on an open network This menu provides access to the Secure HTTP configuration panel Configuration Use this panel to configure Secure HTTP variables 134 Intel Blade Server Ethernet Switch Module IXM5414E HTTPS Admin Mode Select Enable or Disable to turn the Administrative Mode of Secure HTTP on or off The currently configured value is shown when the web page is displayed The default value is Disable TLS Version 1 Select Enable or Disable to turn Transport Layer Security TLS Version 1 0 on or off The currently configured value is shown when the web page is displayed This field cannot be changed while HTTPS Admin Mode is enabled The default value is Enable SSL Version 3 Select Enable or Disable to turn SSL Version 3 0 on or off The currently configured value is shown when the web page is displayed This field cannot be changed while HTTPS Admin Mode is enabled The default value is Enable HTTPS Port Specify the HTTPS Port Number The value must be in the range of 1 to 65535 Port 443 is the default value The currently configured value is shown when the web page is displayed Click the Download Certifica
307. tocol Multicast Packets Received The number of packets received that were directed to a multicast address Note that this number does not include packets directed to the broadcast address Broadcast Packets Received The number of packets received that were directed to a broadcast address Note that this number does not include packets directed to the multicast address Receive Packets Discarded The number of inbound packets that were chosen to be discarded even though no errors had been detected that would prevent their being deliverable to a higher layer protocol One possible reason for discarding a packet could be to free up buffer space Transmitted Octets Transmitted The total number of octets of data transmitted on the network including framing bits Packets Transmitted Without Errors The total number of packets that have been transmitted on the network Unicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Multicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a multicast address including those that were discarded or not sent Broadcast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a broadcast address including those that were discarded or not sent Transmit Packets Disc
308. tree bridge maxage lt 6 40 gt config spanningtree bridge priority Use this command to configure the Bridge Priority parameter to a new value The bridge priority value is the first two octets of the eight octet Bridge ID This value is a number between 0 and 61440 The lower the number the higher the priority The twelve least significant bits will be masked according to the IEEE 802 1s specification This will cause the priority to be rounded down to the next lower valid priority Default 32768 Format config spanningtree bridge priority lt 0 61440 gt show spanningtree bridge Use this command to display the STP settings for the bridge Format show spanningtree bridge Bridge Priority The priority component of the bridge identifier Valid values range from 0 61440 in increments of 4096 The lower the number the higher the priority The factory default is 32768 196 Intel Blade Server Ethernet Switch Module IXM5414E Bridge Identifier The unique identifier associated with this bridge instance It consists of the bridge priority and the bridge s base MAC address Bridge Max Age The value that all bridges use for Max Age when this bridge is acting as the root a BPDU will be discarded when its age exceeds maxage Bridge Hello Time The value that all bridges use for HelloTime when this bridge is acting as the root Hellotime determines how often a hello message is broadcast it cannot be longer than maxage but should be longer than forw
309. troduces the concepts associated with the two forms of security available on the IXM5414E switch module Local Authentication and Remote Authentication Dial In User Service RADIUS These mechanisms are used to authenticate user access to the switch module and conform to the specifications in IEEE 802 1X Port based network access control makes use of the physical characteristics of LAN infrastructures to provide a means of authenticating and authorizing devices attached to a LAN port Port based network access control prevents access to the port in cases in which the authentication and authorization process fails Access control is achieved by enforcing authentication of entities seeking access to a port on the switch module These entities are referred to as supplicants The result of the authentication process determines whether the supplicant is authorized to access services on that controlled port A Port Access Entity PAE can adopt two different roles in an access control interaction Authenticator A port that enforces authentication before allowing access Supplicant A port that attempts to access services offered by an authenticator Additionally there is a third role Authentication server Performs the authentication function necessary to check the credentials of the Supplicant on behalf of the Authenticator All three roles are required to complete the authentication process The IXM5414E switch module operates in the authenti
310. ts are discarded Multicast Packets Second The rate level at which the multicast packets will begin being discarded Port configuration Use this panel to configure the VLAN behavior for a specific interface in a VLAN Port Select the port you want to configure from the pull down menu Port VLAN ID Specify the VLAN ID you want assigned to untagged or priority tagged frames received on this port The VLAN ID must be that of a VLAN you have already created The factory default is 1 Acceptable Frame Types Specify how you want the port to handle untagged and priority tagged frames If you select VLAN only the port will discard any untagged or priority tagged frames Intel Blade Server Ethernet Switch Module IXM5414E 95 it receives If you select Admit All untagged and priority tagged frames received on the port will be accepted and assigned the value of the Port VLAN ID for this port Whichever you select VLAN tagged frames will be forwarded in accordance with the IEEE 802 1Q VLAN standard The factory default is Admit All Port Priority Specify the default 802 1p priority for the port Click the Apply button to update the switch with the values on this screen If you want the switch to retain the new values across a power cycle you must perform a save Port summary This panel displays VLAN information for all ports on the switch 96 VLAN Port Summary lieing of all Pee on Pa Satie PotVLAN Acceptable Frame ingress Port
311. u to customize the system hardware to meet your needs today while providing flexible expansion capabilities for the future The product name machine type and serial number are located on the identification label on the side of the IXM5414E switch module The Media Access Control MAC address also is located on the identification label See Major components of the IXM5414E switch module on page 3 for an illustration showing the location of the identification label NOTE The MAC address is also located on a separate label on the information panel under the external Ethernet port connectors Record your product information in this table Product name Intel Blade Server Ethernet Switch Module IXM5414E Type SENF Model number Serial number Media access control MAC address Verify that the shipping carton contains an Intel Blade Server Ethernet Switch Module IXM5414E If the switch module is missing or damaged contact your local reseller for replacement Otherwise return the switch module to its static protective package NOTE The illustrations in this document may differ slightly from your hardware Related publications This Installation and User s Guide contains setup and installation instructions for your IXM5414E switch module This publication also provides general information about your switch module including getting started and how to configure the switch module In addition to this Installation and Us
312. uch as those in the following list to provide protection that meets the specific service requirement Attach the ESD ground clip to any frame ground ground braid or green wire ground Use an ESD common ground or reference point when working on a double insulated or battery operated system You can use coax or connector outside shells on these systems Use the round ground prong of the AC plug on AC operated computers NOTE The use of a grounding system is desirable but not required to protect against ESD damage 2X CAUTION If your system has a module containing a lithium battery replace it only with the same module type made by the same manufacturer The battery contains lithium and can explode if not properly used handled or disposed of Do not e Throw or immerse into water e Heat to more than 100xC 212xF e Repair or disassemble e Dispose of the battery as required by local ordinances or regulations 2X CAUTION When laser products such as CD ROMs DVD ROM drives fiber optic devices or transmitters are installed note the following Intel Blade Server Ethernet Switch Module IXM5414E 279 e Do not remove the covers Removing the covers of the laser product could result in exposure to hazardous laser radiation There are no serviceable parts inside the device e Use of controls or adjustments or performance of procedures other than those specified herein might result in hazardous radiation exposure
313. uding FCS octets Packets Received 1519 1522 Octets The total number of packets including bad packets received that were between 1519 and 1522 octets in length excluding framing bits but including FCS octets Packets Received gt 1522 Octets The total number of packets including bad packets received that were gt 1522 octets in length excluding framing bits but including FCS octets Total Packets Received Without Error Total Packets Received Without Errors The total number of packets received that were without error Unicast Packets Received The number of subnetwork unicast packets delivered to a higher layer protocol Multicast Packets Received The number of packets received that were directed to a multicast address Note that this number does not include packets directed to the broadcast address Broadcast Packets Received The number of packets received that were directed to a broadcast address Note that this number does not include packets directed to the multicast address Total Packets Received with MAC Errors Total Packets Received with MAC Errors The total number of inbound packets that contained errors that prevented them from being delivered to a higher layer protocol Intel Blade Server Ethernet Switch Module IXM5414E Jabbers Received The total number of packets received that were longer than 1518 octets excluding framing bits but including FCS octets and had either a bad Frame Check Sequence FCS with an integ
314. ule function Connection 2 Ethernet Link 2 for all blade servers in the SBCE Connection 3 from all blade server interface options in the SBCE Connection 4 from all blade server interface options in the SBCE For additional information see the Intel Blade Server Chassis SBCE Installation and User s Guide on the Resource CD Installation guidelines Before you begin installing the IXM5414E switch module in your SBCE read the following information e Become familiar with the safety and handling guidelines specified under Appendix H Notices on page 277 and Handling static sensitive devices and read the safety statements in the SBCE option publications e The green color on components and labels in your SBCE identifies hot swap or hot plug components You can install or remove hot swap modules while the SBCE is running For complete details about installing or removing a hot swap or hot plug component see the detailed information in this chapter e The blue color on components and labels identifies touch points where you can grip a component move a latch and so on e You do not need to turn off the SBCE to install or replace any of the hot swap modules on the rear of the SBCE System reliability considerations Attention To help ensure proper cooling and system reliability make sure that e Each of the I O module bays on the rear of the SBCE has either a module or filler module installed e A remove
315. ulti session Telnet Server RFC 854 Telnet RFC 855 Telnet Option Intel Blade Server Ethernet Switch Module IXM5414E RFC 1155 SMI v1 RFC 1157 SNMP RFC 1212 Concise MIB Definitions RFC 1901 Community based SNMP v2 RFC 1905 Protocol Operations for SNMP v2 RFC 1906 Transport Mappings for SNMP v2 RFC 1907 Management Information Base for SNMP v2 RFC 1908 Coexistence between SNMP v1 and SNMP v2 RFC 2295 Remote Variant Selection RSVA 1 0 State Management cookies draft ietf http state mgmt 05 RFC 2571 Architecture for Describing SNMP Management Frameworks RFC 2572 Message Processing and Dispatching for SNMP RFC 2573 SNMP v3 Applications REC 2574 User Based Security Model for SNMP v3 RFC 2575 View based Access Control Model for SNMP REC 2576 Coexistence between SNMP v1 v2 and v3 RFC 2580 Conformation statements for SMI v2 Configurable management VLAN Secure Socket Layer SSL 3 0 and Transport Layer Security TLS 1 0 e REC 2246 The TLS Protocol Version 1 0 e RFC 2818 HTTP over TLS e REC 2346 AES Ciphersuites for TLS Secure Shell SSH 1 5 and 2 0 e Draft ietf secsh transport 16 SSH Transport Layer Protocol e Draft ietf secsh userauth 17 SSH Authentication Protocol e Draft ietf secsh connect 17 SSH Connection Protocol e Draft ietf secsh architecture 14 SSh Protocol Architecture e Draft ietf secsh
316. um of 8 ports assigned to a LAG Membership Conflicts Shows ports that are already members of other LAGs A port may only be a member of one LAG at a time If the entry is blank it is not currently a member of any LAG Click the Refresh button to refresh the data on the screen with the present state of the data in the switch Click the Apply button to update the switch with the values you enter If you want the switch to retain the new values across a power cycle you must perform a save Click the Delete button to remove the currently selected LAG All ports that were members of this LAG are removed from the LAG and included in the default VLAN This field will not appear when a new LAG is being created Status This panel displays an overview of all LAGs on the switch 106 LAG Status LAG Admin Link SIF Link Member LAG Mame Mode State Mode Trap Ports LAT test lag Esra Link Enemies Ema Esta Eai a LAG The logical port identifier of the LAG in the format lag port LAG Name The name of this LAG Admin Mode The administrative mode The factory default is Enabled Link State Indicates whether the link is Up or Down Intel Blade Server Ethernet Switch Module IXM5414E STP Mode The Spanning Tree Protocol Administrative Mode associated with the LAG The possible values are Disable Spanning tree 1s Disabled for this LAG Enable Spanning tree is Enabled for this LAG Link Trap Indicates whether or not a trap will
317. umber of RADIUS packets sent to this server that have timed out Unknown Types The number of RADIUS packets of unknown type received from to this server Packets Dropped The number of RADIUS packets received from this server dropped for a reason not otherwise included in this list show radius server summary Use this command to display a summary of the configured RADIUS servers Format show radius server summary Current Indicates the server currently in use for authentication IP Address The IP address of the authentication server Port The port used to access the authentication server Type Indicates whether the server is primary or secondary Secret configured Indicates whether a secret has been configured for the authentication server Intel Blade Server Ethernet Switch Module IXM5414E 217 Secure Shell SSH commands config ssh adminmode Use this command to enable or disable SSH Default Disabled Format config ssh adminmode lt enable disable gt config ssh protocol Use this command to set or remove protocol levels or versions for SSH Either SSH1 1 SSH2 2 or both 1 and 2 can be set Default both Format config ssh protocol lt sshI ssh2 both gt show ssh info Displays the SSH settings Format show ssh info Administrative Mode Indicates whether the administrative mode of SSH 1s enabled or disabled Protocol Level The protocol level may have the values of version 1 version 2 or both versions 1 and 2
318. ur browser to logout Intel Blade Server Ethernet Switch Module IXM5414E 147 Please close vour browser to logout 148 Intel Blade Server Ethernet Switch Module IXM5414E 6 Updating the Ethernet Switch Software Two types of software run on the Ethernet switch module the software image and the Micro Controller Unit MCU code You can update both the software image and the code using either the switch module s CLI commands through a Telnet session or by using the switch module s web interface This chapter describes how to e determine the software version that is currently installed on the switch module e obtain the latest version of the switch software and upgrade the switch e reset the switch module to activate the software upgrade Determining the software version After you install the switch module in your SBCE unit ensure that the latest software is installed on the switch module To determine the version of the software that is installed on the switch module complete the following steps 1 Log on to the management module web interface Obtain the IP address of the management module from your system administrator The login window opens 2 From the Monitors option on the left bar choose Firmware VPD The Firmware VPD window opens 3 Under the I O Module Firmware VPD section locate the I O module bay number that displays the corresponding software version of the Ethernet switch module installed
319. ured servers are used only if the primary server cannot be reached A maximum of three servers can be configured on each client Only one server can be configured as the primary server If a primary server is currently configured and this command is issued the server specified by the IP address used in this command will become the new primary server The IP address specified must match that of a configured server Format config radius server primary lt ipaddr gt config radius server remove Use this command to remove a configured RADIUS server The IP address specified must match that of the previously configured RADIUS server When a server is removed all configuration for the server is erased including the shared secret If the removed server was the primary server one of the remaining configured servers will be used as the RADIUS server for future RADIUS requests Format config radius server remove lt ipaddr gt config radius server secret Use this command to configure the secret shared between the RADIUS client and server A secret must be configured for each RADIUS server The IP address specified must match that of a previously configured RADIUS server When you enter this command you will be prompted to enter the secret which must be an alphanumeric value of 20 characters or less Format config radius server secret lt ipaddr gt show radius server stats Use this command to display the statistics for a configured RADIUS server
320. us reliant upon the speed of the CPU and other factors to converge If the CPU is over utilized it is possible that BPDUs might not be sent in a timely fashion STP is generally not very CPU intensive and is given priority over other processes so this type of error is rare It can be seen that very low values for the Max Age and the Forward Delay can result in an unstable spanning tree The loss of BPDUs can lead to data loops The diameter of the network can also cause problems The default values for STP give a maximum network diameter of about seven This means that two bridges in the network cannot be more than seven hops apart Part of this diameter restriction is the BPDU age field As BPDUs are propagated from the root bridge to the leaves of the spanning tree each bridge increments the age field When this field is beyond the maximum age the packet is discarded For large diameter networks STP convergence can be very slow Identifying a data loop Broadcast storms have a very similar effect on the network to data loops but broadcast storm controls in modern bridges have been along with subnetting and other network practices very effective in controlling broadcast storms The best way to determine if a data loop exists is to capture traffic on a saturated link and check whether similar packets are seen multiple times Generally if all the users of a given domain are unable to connect to the network at the same time a data loop is the
321. use the VID is 12 bits long 4094 unique VLANs can be identified The tag is inserted into the packet header increasing the length of the entire packet by 4 octets All of the information that was originally contained in the packet is retained IEEE 802 1Q Tag Octets O 1 2 3 4 Destination Address 6 octets Source Address 6 octets EtherType 0x8100 Tag Control Information MAC Length Type Begining of Data Cyclic Redundancy Check 4 octets Van CFI VLAN ID VID 12 bits 5 3 bits 1 bit 12 bits The EtherType and VLAN ID are inserted after the MAC source address but before the original EtherType Length or Logical Link Control Because the packet is now longer than it was originally the cyclic redundancy check CRC must be recalculated 28 Intel Blade Server Ethernet Switch Module IXM5414E Adding an IEEE 802 1Q Tag Orginal Ethernet rgina erne Packet Dest Src Length EType Old g yp sae gt New Tagged Packet y y i Dest Src EType ee Data Tag Length EType Data Priority VLAN ID Port VLAN ID Packets that are tagged are carrying the 802 1Q VID information can be transmitted from one 802 1Q compliant network device to another with the VLAN information intact This enables 802 1Q VLANs to span network devices and indeed the entire network if all network devices are 802 1Q compliant Not
322. ver IEEE 802 1Q enabled switches only to the stations that are members of that VLAN This includes broadcast packets multicast packets and unicast packets from unknown sources VLANs can also provide a level of security to your network IEEE 802 1Q VLANs will deliver packets only between stations that are members of the VLAN Any port can be configured as either tagging or untagging The untagging feature of IEEE 802 1Q VLANs enables VLANs to work with legacy switches that do not recognize VLAN tags in packet Intel Blade Server Ethernet Switch Module IXM5414E headers tag unaware devices The tagging feature enables VLANs to span multiple 802 1Q compliant switches through a single physical connection and enables the Spanning Tree Protocol to be enabled on all ports and work normally The IEEE 802 1Q standard restricts the forwarding of untagged packets to the VLAN of which the receiving port is a member The main characteristics of IEEE 802 1Q are as follows e Assigns packets to VLANs by filtering e Assumes the presence of a single global spanning tree e Uses an explicit tagging scheme with one level tagging IEEE 802 1Q VLAN packet forwarding The switch module makes packet forwarding decisions based on the following types of rules Forwarding rules between ports The switch module decides whether to filter or forward the packet Egress rules The switch module determines whether the packet must be sent tagged or untagged The f
323. vice This device complies with RRL EMC and is operated in commercial environment so that distributors or users pay attention to this point lf the product is sold or purchased improperly please exchange this product to what can be used at home Class B device This device complies with RRL EMC and is operated in a residential area so that it can be used at all other location as well as residential area Remarks Class A device operated in a commercial area Class B device operated in a residential area Intel Blade Server Ethernet Switch Module IXM5414E 283 284 Intel Blade Server Ethernet Switch Module IXM5414E
324. visioning trafficclass weight Use this command to configure the priority for this traffic class The lt weight gt parameter will be a value between 1 and 1024 Default i Format config bwprovisioning trafficclass weight lt name gt lt weight gt 224 Intel Blade Server Ethernet Switch Module IXM5414E show bwprovisioning trafficclass allocatedbw Use this command to display the bandwidth allocated The allocated minimum bandwidth should not exceed the interface bandwidth unless the interface 1s a LAG interface Format show bwprovisioning trafficclass allocatedbw lt port gt Port The specified interface Allocated Minimum Bandwidth Displays the sum of the minimum guaranteed bandwidth for all traffic classes configured on this interface Allocated Maximum Bandwidth Displays the sum of the maximum allowable bandwidth for all traffic classes configured on this interface show bwprovisioning trafficclass detailed Use this command to display the traffic class information for the specified traffic class Format show bwprovisioning trafficclass detailed lt name gt Traffic Class Name Displays the name of this traffic class Port Displays the port to which this traffic class is attached VLAN ID Displays the VLAN ID with which this traffic class is associated Weight Displays the weight of this traffic class Accept Byte Count Displays the number of bytes accepted Bandwidth Allocation Profile Displays the bandwidth allocation
325. which loops is extremely helpful Minimize the number of ports in the discarding state A single discarding port changing to the forwarding state at an inappropriate time can cause a large part of a network to fail Limiting the number of blocked ports helps to limit the risk of an inappropriate change Intel Blade Server Ethernet Switch Module IXM5414E Trunk Trunk d J This is a common network design Through trunks bridges C and D have redundant links to backbone bridges A and B Trunks by default carry all the VLAN traffic from VLAN 1 and VLAN 2 Therefore bridge C is not only receiving traffic for VLAN 1 but also unnecessary broadcast and multicast traffic for VLAN 2 Bridge C is also discarding one port for VLAN 2 Thus there are three redundant paths between bridges A and B and two blocked ports per VLAN This increases the chance of a data loop Intel Blade Server Ethernet Switch Module IXM5414E 273 VLAN 1 VLAN 2 In this example the VLAN definitions are extended to bridges A and B This gives only a single blocked port per VLAN and enables the removal of all redundant links by removing bridge A or B from the network 274 Intel Blade Server Ethernet Switch Module IXM5414E Appendix G Getting Help and Technical Assistance This appendix contains information about where to go for additional in
326. width allocation profile in Mbps Associated Traffic Class es Displays the traffic classes that have been associated with this bandwidth allocation profile This field is blank if there are no traffic classes associated with this bandwidth allocation profile show bwprovisioning bwallocation summary Use this command to display the bandwidth allocation information for all bandwidth allocation profiles in the system Format show bwprovisioning bwallocation summary Bandwidth Allocation Profile Name Displays the user defined name of this bandwidth allocation profile Intel Blade Server Ethernet Switch Module IXM5414E 223 Minimum Bandwidth Displays the minimum guaranteed bandwidth of this bandwidth allocation profile in Mbps Maximum Bandwidth Displays the maximum allowable bandwidth of this bandwidth allocation profile in Mbps BW provisioning traffic class commands config bwprovisioning trafficclass bwallocation Use this command to associate a bandwidth allocation profile with a traffic class The lt bwprofile gt parameter must represent a valid bandwidth allocation profile Format config bwprovisioning trafficclass bwallocation lt name gt lt bwprofile gt config bwprovisioning trafficclass create Use this command to create a traffic class The lt type gt field indicates the type of traffic class The only supported value for type is vlan The lt name gt field is an alphanumeric string up to 15 characters Format config b
327. wing trap related panels are available from this menu e Trap flags e Trap log Trap flags This panel displays trap conditions When the condition identified by an active trap is encountered by the switch a trap message will be sent to any enabled SNMP Trap Receivers and a message will be written to the trap log Cold and warm start traps are always enabled Intel Blade Server Ethernet Switch Module IXM5414E 89 Fi tj ae tha Enade Link Ligon Enanle Mulla Livers Enano crane Authentication Indicates whether authentication failure traps will be sent Enable or not Disable This field Enables or Disables the Authentication Flag which determines whether a trap message is sent when the switch detects an authentication failure The factory default is Enabled Link Up Down Indicates whether a trap will be sent when the link status changes from Up to Down or vice versa This field Enables or Disables Link Up Down traps for the entire switch When Enabled link trap messages are sent only 1f the Link Trap flag associated with the affected port is also set to Enabled Multiple Users Indicates whether a trap will be sent when the same user ID is logged into the switch more than once at the same time either via Telnet or the serial port This field Enables or Disables Multiple User traps When Enabled a multiple user trap message is sent when a user logs in to the terminal interface EIA 232 or Telnet and there is an
328. within the CST The lt port gt is the port to be affected The priority value is a number in the range of 0 to 240 in increments of 16 Default 128 Format config spanningtree cst port priority lt port gt lt 0 240 gt show spanningtree cst detailed Use this command to display STP settings for the CST Format show spanningtree cst detailed Bridge Priority The value of the first two octets of the eight octet Bridge ID Valid values are 0 to 61440 Factory default is 32768 Intel Blade Server Ethernet Switch Module IXM5414E 197 Bridge Identifier The unique identifier associated with this bridge instance Time Since Topology Change The time in seconds since the last time a topology change was detected by the bridge entity Topology Change Count The total number of topology changes detected by this bridge since the management entity was last reset or initialized Topology Change in progress Boolean value of the topology change parameter for the switch indicating whether a topology change is in progress on any port assigned to the CST Designated Root The identifier of the bridge currently assumed to be the root of the spanning tree Root Path Cost The cost of the path to the root as seen from this bridge Root Port Identifier The port number of the port which offers the lowest cost path from this bridge to the root bridge Root Port Max Age The maximum age of STP information learned from the network on any port before it is discarded
329. wprovisioning trafficclass create lt type gt lt name gt config bwprovisioning trafficclass delete Use this command to delete a traffic class from the system The lt name gt field identifies the traffic class to be deleted When a traffic class is deleted its association with a bandwidth allocation profile is automatically removed Format config bwprovisioning trafficclass delete lt name gt config bwprovisioning trafficclass port Use this command to attach a traffic class to a specific interface The lt port gt interface must indicate a valid physical or logical interface The sum of the minimum bandwidth allocations of all traffic classes associated with the same interface should not exceed the total bandwidth of the interface There is no restriction on the sum of the maximum bandwidth of all traffic classes attached to the same port When a traffic class is attached to a LAG interface the bandwidth allocation profile minimum bandwidth parameter will not be applicable to the traffic class Format config bwprovisioning trafficclass port lt name gt lt port gt config bwprovisioning trafficclass vlan Use this command to associate a VLAN with a traffic class The lt vlanid gt field is the VLAN ID for the traffic class within the range of 1 to 4094 The VLAN parameter can identify an invalid VLAN the VLAN does not need to exist in the system Format config bwprovisioning trafficclass vlan lt name gt lt vlanid gt config bwpro
330. y delivery of specific application data to a particular destination In contrast standard IP based networks are designed to provide best effort data delivery service Best effort service implies that the network will attempt to deliver the data in a timely fashion although there is no guarantee During times of congestion packets may be delayed sent sporadically or dropped For typical Internet applications such as electronic mail and file transfer a slight degradation in service is acceptable and in many cases is unnoticeable Conversely any degradation of service has undesirable effects on applications with strict timing requirements such as voice or multimedia QoS is a means of providing consistent predictable data delivery by distinguishing packets that have strict timing requirements from those that are more tolerant of delay Packets with strict timing requirements are given special treatment in a QoS capable network To accomplish this all elements of the network must be QoS capable If one node is unable to meet the necessary timing requirements this creates a deficiency in the network path and the performance of the entire packet flow is compromised Bandwidth provisioning Bandwidth provisioning allows you to deliver varying levels of allocated bandwidth to users sharing the same physical interface By mapping a subscriber s traffic profile to a predefined policy and then actively provisioning the maximum bandwidth consumed
331. y transmitted packets which encountered more than one collision Excessive Collision Frames The number of packets which were not successfully transmitted because of excessive collisions Protocol Statistics BPDUs Received The number of BPDUs Bridge Protocol Data Units received by the spanning tree layer BPDUs Transmitted The number of BPDUs Bridge Protocol Data Units transmitted from the spanning tree layer 802 3x Pause Frames Transmitted The number of MAC Control frames received on this interface with an opcode indicating the PAUSE operation This counter does not increment when the interface is operating in half duplex mode GVRP PDUs Received The number of GARP VLAN Registration Protocol GVRP PDUs received by the Generic Attributes Registration Protocol GARP layer GVRP PDUs Transmitted The number of GVRP PDUs transmitted by the GARP layer GVRP PDUs Failed Registrations The number of times attempted GVRP registrations could not be completed Intel Blade Server Ethernet Switch Module IXM5414E 177 GMRP PDUs Received The number of GMRP PDUs received GMRP PDUs Transmitted The number of GMRP PDUs transmitted GMRP PDUs Failed Registrations The number of times attempted GMRP registrations could not be completed Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for this port were last cleared show stats port summary Use this command to display a summary
332. yer 4 port match condition for the ACL rule referenced by the lt aclid gt and lt rulenum gt parameters The lt portkey gt parameter uses a single keyword notation and currently has the values of domain echo ftp ftpdata http smtp snmp Telnet tftp and www Each of these values translates into its equivalent port number which is used as both the start and end of a port range This command and the config acl match destl4port number command are two methods of specifying the destination layer 4 port range as a match condition Either command can be used to configure or modify the destination layer 4 port range Format config acl rule match dstl4port keyword lt aclid gt lt rulenum gt lt portkey gt config acl rule match dstl4port number Use this command to specify a destination layer 4 port match condition for the ACL rule referenced by the lt aclid gt and lt rulenum gt parameters The lt startport gt and lt endport gt parameters identify the first and last ports that are part of the port range They have values from 0 to 65535 The ending port must have a value equal to or greater than the starting port The starting port ending port and all ports in between will be part of the destination port range Either this command or the config acl match destl4port keyword command may be used to specify a destination layer 4 port range as a match condition Format config acl rule match dstl4port range lt aclid gt lt rulenum gt lt s
Download Pdf Manuals
Related Search