Fujitsu BX600 SB9 User's Manual
Contents
1. 0 1 TRAPMGR 248845768 0 1 TRAPMGR 248845768 0 1 TRAPMGR 248845768 Ere puta e703 49 so otiks Down Unit L Glot 0 Ports 14 White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 37 47 4 2 SNMP 4 2 1 Introduction In most enterprise networks SNMP is used for monitoring of network components The most common protocol versions are SNMPv1 and SNMPv2c which are fully supported by the SB9 SNMPv3 is seldom used today 4 2 2 Recommended Solution We recommend you to enable SNMPv1 and SNMPv2c at the SB9 and for security reasons to enable authentication for SNMPvs 4 2 3 Configuration of SNMP The following steps are necessary in order to configure SNMP e Step 1 Configure SNMP for SNMPv1 and SNMPv2c e Step 2 Configure SNMPvs authentication e Step 3 Test the SNMP configuration using your favorite SNMP management tool Step 1 Configure SNMP for SNMPv1 and SNMPv2c SNMP v1 and v2c setup for SB9 Configure the description contact and the location system name System Description FSC SwitchBlade snmp server sysname bx6 sb9 a snmp server location Team PCT snmp server contact Test123 configure two snmp community strings e g read and write snmp server snmp server community ro read community rw write remove the default community strings no snmp server community public no snmp server community private configure the trap receiver2. 0 11 OUOUDOUROUUDO downlinks l internal Ports link state group SB9 Figure 12 Link State Group 2 6 2 Recommended Solution The SB9 provides a monitor task to see the link level of the upstream ports If any upstream port fails SB9 will disable the downstream ports belonging to the same Link State Group This enables the LAN Teaming Software to detect the link failure and to switch the LAN port from failed one Link down to a working one in a short time We recommend configuring link state groups for the considered ports in the customer configuration to improve failover behaviour 2 6 3 Configuration The following steps are necessary to set up a Link State Group e 1 Enable the Link State feature and create a Link State Group e 2 Configure the up and downstream ports and enable the configured Link State Group e 3 Verify the configuration Step 1 Configure a Link State Group link state Enables the Link State admin mode link state group Creates a link state group Step 2 Configure the up and downstream ports and enable the configured Link State Group interface range 0 1 0 4 link state group 1 downstream Sets the downstream port s for a Link State Group Port 1 to 4 in this example exit interface 0 11 link state group 1 upstream Sets the monitored upstream port for a Link State Group exit link state group enable 1 Enables the configured Link State Group White Paper Issue Octobe
3. Cisco B show spanning tree VLAN0001 Spanning tree enabled protocol rstp Root ID PRILOFICY 1 Address OO eI47053200 Cost 3 POrt 616 Port channel3 Hello Time 1 sec Max Age 11 sec Forward Delay 8 sec Bridge ID Priority 4097 priority 4090 SVs 1d ext 1 Address Q00F Z24 7b a0s0 Hello Time 1 sec Max Age 11 sec Forward Delay 8 sec Aging Time 300 Interface Role Sts Cost Prio Nbr Type Altn BLK 3 128 640 P2p Root FWD 3 128 616 P2p VLANOO10 Spanning tree enabled protocol rstp Root ID Priority 10 Address O07 94 70 3200 Cost 3 Port 616 Port channel3 Hello Time 1 sec Max Age 11 sec Forward Delay 8 sec Bridge ID Priority 4106 priority 4096 sys id ext 10 Address 000 247b q080 Page 19 47 White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 20 47 Hello Time 1 sec Max Age 11 sec Forward Delay 8 sec Aging Time 300 Interface Role Sts Cost Prio Nbr Type Altn BLK 3 128 640 P2p Root FWD 3 128 616 P2p VLANOO20 Spanning tree enabled protocol rstp Root ID Priority 20 Address 0017 9470 3200 Cost 3 Port 616 Port channel3 Hello Time 1 sec Max Age 11 sec Forward Delay 8 sec Bridge ID Priority 4116 priority 4096 sys id ext 20 Address 000f 247b 4080 Hello Time 1 sec Max Age 11 sec Forward Delay 8 sec Aging Time 300 Interface Role Sts Cost Prio Nbr Type Altn BLK 3 128 640 P2p Root FWD 3 128 616 P2p 2 4 4 Configuration without VLAN Trunks You set up the scenari
4. Switch B will therefore also set its port Po2 to designated and forwarding The SB9 takes all decisions as indicated by the BPDUs in VLAN 1 and all other BPDUs will be ignored It is White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 12 47 therefore important that one native VLAN is defined at both VLAN trunks Cisco recommends that this native VLAN should be the same for both trunks to the SB9 If the Po1 link or switch A itself fails the SB9 will change the role of Po2 to designated and its state to forwarding after going through the state learning According to the standard this will lead to a failover time of approximately twice the forward delay which in normal cases will be about 30 seconds Depending of the size of the network this time can be reduced by tuning the STP timers but this must be done very carefully in order to provide a stable network Please refer the standard 802 1D or Cisco s recommendations for timer tuning When the SB9 is running 802 1D it supports features such as Cisco s proprietary port fast when the spanning tree edgeport command is applied This means that an access port will take on the state forwarding and will omit the states listening and learning This is needed when PXE boot mechanisms are used Running PVST on VLAN Trunks while disabling STP at the SB9 When STP is disabled at the SB9 it bridges the BDPUs wit
5. VLAN 20 Static 0727071570 06 171 172 bx6 sb9 a Check if RSTP state at Cisco Switch A Cisco A show spanning tree VLANOOO1 Spanning tree enabled protocol rstp Root ID PRIOELLY 1 Address WOE 94705 5200 This bridge is the root Hello Time 1 sec Max Age 11 sec Forward Delay 8 sec Bridge ID Priority 1 prirority U SYS rd ext 1 Address OOD is 94703200 Hello Time 1 sec Max Age 11 sec Forward Delay 8 sec Aging Time 300 Interface Role Sts Cost Prio Nbr Type White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Desg FWD 3 L263 96 P2p Desg FWD 3 IPS L12 P2p VLANOO10 Spanning tree enabled protocol rstp Root ID Pastor Lily 10 Address OO 947053200 This bridge is the root Hello Time 1 sec Max Age 11 sec Forward Delay 8 sec Bridge ID Priority 10 priority O sys id ext 10 Address 0017 9470 3200 Hello Time 1 sec Max Age 11 sec Forward Delay 8 sec Aging Time 300 Interface Role Sts Cost Prio Nbr Type Desg FWD 3 L286 P2p Desg FWD 3 12 Ors LEZ P2p VLANOO20 Spanning tree enabled protocol rstp Root ID Priority 20 Address OOL 1294 70 3200 This bridge is the root Hello Time 1 sec Max Age 11 sec Forward Delay 8 sec Bridge ID Priority 20 priority 0 sys id ext 20 Address OO f2 9470 23200 Hello Time 1 sec Max Age 11 sec Forward Delay 8 sec Aging Time 300 Interface Role Sts Cost Prio Nbr Type Desg FWD 3 1209796 P2Zp Desg FWD 3 l2 t2 P2 Check if RSTP state at Cisco Switch B
6. 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 38 47 Step 3 Test the SNMP configuration using your favorite SNMP management tool The following tests have been done using NET SNMP with SNMPve2 C gt snmpwalk v 2c c read 10 0 1 70 system SNMPv2 MIB sysDescr 0 STRING FSC SwitchBlade SNMPv2 MIB sysObjectID 0O OID SNMPv2 SMI enterprises 231 DISMAN EVENT MIB sysUpTimelInstance Timeticks 26581200 3 days 1 50 12 00 SNMPvZ MIB sysContact 0 STRING Testi2s SNMPv2 MIB sysName 0 STRING bx6 sb9 a SNMPv2 MIB sysLocation 0 STRING Team PCT SNMPv2 MIB sysServices 0 INTEGER 6 SNMPv2 MIB sysORLastChange 0 Timeticks 500 0 00 05 00 C gt snmpget v 2c c write 10 0 1 70 sysContact 0 SNMPv2 MIB sysContact 0 STRING Test123 C gt snmpset v 2c c write 10 0 1 70 sysContact 0s SNMP v2c Write Test SNMPv2 MIB sysContact 0 STRING SNMP v2c Write Test C gt snmpget v 2c c write 10 0 1 70 sysContact 0 SNMPv2 MIB sysContact 0 STRING SNMP v2c Write Test C gt snmpset v 2c c read 10 0 1 70 sysContact 0 s SNMP v2c Read Only Test Error in packet Reason noAccess Failed object SNMPv2 MIB sysContact 0 4 3 Remote Console Access 4 3 1 Introduction In addition to the web interface the SB9 supports three methods of accessing the command line interface e Console access using console redirection of the management blade e Telnet access e SSH access During the initia
7. Step 2 Set up the port channel SB9 port channel Pol interface 1 1 exit port channel Po2 interface 1 2 exit interface range 0 11 0 12 channel group 1 1 exit interface OL 70714 channel group 1 2 exit interface 1 1 l static COntegquratton no LACP Staticcapability exit interface 1 2 L Static Con iguration io ACP staticceapabiLlity exit end Cisco A incert ace Pore Channel interface range Gi 0 1 2 channel group 1 mode on end Cisco B interface Port channel2 interface range Gi 0 1 2 White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 7 47 channel group 2 mode on end Step 3 Bring up the affected ports SB9 interface range 0 11 0 14 no shutdown exit end Cisco A interface Po no shutdown end Cisco B interface Po no shutdown end Step 4 Verify the operation of the port channels SB9 SB9 show port channel Logical Interface Port Channel Name Link State Mbr Ports Active Ports OF IL O7T2 OF 110 712 0 13 0 14 0 13 0 14 Cisco A Cisco A show etherchannel summary Flags D down P amn pore channe stand alone s suspended Hot standby LACP only Layer3 S Layer2 in use f failed to allocate aggregator unsuitable for bundling waiting to be aggregated default port Number of channel groups in use 1 Number of aggregators 1 Group Port channel Protocol Ports Cisco B Cisc
8. cdp run l Step 2 Check the configuration bx6 sb9 a show cdp Global CDP information CDP Admin mode CDP Hold Time sec CDP Transmit Interval Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 47 47 Enable Enable Enable Enable Enable Enable 4 6 Port Monitoring 4 6 1 Introduction When a network analyzer is used in a switched network a special switch port configuration is needed in order to copy frames from a specified port to the analyzer port This feature is called the port monitor at the SB9 or the port mirror for Cisco switches The SB9 supports one monitor session with multiple source interfaces and one destination interface to which the network analyzer is connected At present port mirror is not supported on port channel interfaces 4 6 2 Configuration of Port Monitoring The following steps are necessary in order to configure a port monitor session e Step 1 Configure the SB9 e Step 2 Check the configuration Step 1 Configure the SB9 Stop an existing monitor session if applicable no port monitor session 1 Start a new monitor session port monitor session 1 source interface 0 1 port monitor session 1 destination interface 0 4 port monitor session 1 mode both Step 2 Check the configuration bx6 sb9 a show port monitor session 1 Sess
9. complies with the IEEE standard This is unfortunately not usually used in datacenter networks where PVST and RAPID PVST are more common Unlike 802 1D in which only one STP instance is used to control the STP state of the trunk PVST runs one STP instance per VLAN sends BPDUs and maintains one STP state per VLAN on a trunk In addition to this major deviation from the standard Cisco added a number of minor changes such as the port fast uplink fast and backbone fast features which have only local effects and do not limit their interoperability PVST is also compatible to STP as specified in 802 1D when there is a native VLAN on the trunk Figure 3 shows a scenario in which two Cisco switches are running PVST and an SB9 is running STP as specified in 802 1D Cisco A Cisco B priority 0 for all vlans priority 4096 for all vlans Root port Designated port forwarding forwarding Designated port forwarding Designated port forwarding Root port forwarding Alternate discarding On all trunks VLAN 1 native SB9 priority 32768 VLAN 10 tagged VLAN 20 tagged Figure 3 Combining PVST and 802 1D Switch A is configured as root bridge while switch B will take over the root role when A fails Since switch A sends untagged BPDUs from VLAN 1 to Poi the SB9 uses Poi as root port Po2 of SB9 will take on port role alternate and will be in the state discarding and will not send any BPDUs at this port
10. in the SB9 Some older Cisco switches implement a proprietary and incompatible ISL but all devices found in modern datacenters will support 802 1Q trunks Figure 2 shows a typical setup between a Cisco and an SB9 switch whereby a port channel is combined with a VLAN trunk It is important to know the role of the so called native VLAN on an 802 1Q trunk All the packets on the trunk are encapsulated in 802 1Q packets which means that a header containing the VLAN number and certain other information is added to the packet before it is transported over the trunk Only the packets of the native VLAN are untagged for a variety of reasons In most installations VLAN1 is configured as native VLAN which is used for a number of protocols such as VTP CDP STP etc 2 3 2 Recommended Solution Cisco s VTP and standard GVRP are not compatible Since a VLAN registration protocol is useful only when applied to several switches within a switch domain GVRP is not recommended in a Cisco environment A number of features of the current version V 2 0 make it neither usual nor advisable to use VTP in datacenter networks e The design of the VTP server and client concept is extremely delicate if you bring in a VTP client switch with a higher configuration version number than the rest of the network all the switches will copy the VLAN database from this switch This will be a disaster if the new switch has been used in a laboratory and one or more VLANs had been del
11. priority 0 Timers are tuned Please refer Cisco documentation before l using this part of the configuration spanning tree vlan 1 10 20 hello time 1 spanning tree vlan 1 10 20 forward time 8 spanning tree vlan 1 10 20 max age 11 l vlan 10 White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 17 47 name VLAN 10 l vlan 20 name VLAN 20 Petine the POr channe ks interface Port channell switchport trunk encapsulation dotlq Switchport mode trunk interface Port channel3 switchport trunk encapsulation switchport mode trunk interface GigabitEthernet0 1 switchport trunk encapsulation switchport mode trunk channel group 1 mode on interface GigabitEthernet0 2 switchport trunk encapsulation switchport mode trunk channel group 1 mode on interface GigabitEthernet0 23 switchport trunk encapsulation switchport mode trunk channel group 3 mode on interface GigabitEthernet0 24 switchport trunk encapsulation switchport mode trunk channel group 3 mode on Cisco Switch B Enable and configure RSTP spanning tree mode rapid pvst Sspanning tree vlan 1 10 20 priority 4096 l Timers are tuned Please refer Cisco documentation before using this part Of the configuration spanning tree vlan 1 10 20 hello time 1 spanning tree vlan 1 10 20 forward time 8 spanning tree vlan 1 10 20 max age 11 l vlan 10 name VLAN 10 l vlan 20 name VLAN 20 Define
12. switches are forwarding this may lead to an unnecessary network failure We recommend using SLB without Auto Fallback for CPU with Broadcom NICs running Microsoft Windows Almost the same applies to CPUs equipped with Intel NICs running under Microsoft Windows They provide some additional failover mechanisms e Adapter Fault Tolerance AFT e Adaptive Load Balancing ALB e Link Aggregation Static or 802 3ad e Switch Fault Tolerance SFT Link aggregation cannot also be used with Intel adapters in a BX600 rack AFT and ALB both define a primary adapter and will fallback automatically when the link comes back after a switch failure This would lead to the same problem as Auto Fallback on Broadcom NICs If you configure SFT with no adapter priorities there will be no automatic fallback This is the recommended setup for CPU Blades equipped with Intel NICs running Microsoft Windows Failover times of under one second can be achieved by following our recommendations White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 25 47 2 5 3 Configuration The following sample configurations show how to set up the switches access ports and the NIC drivers in a typical setup as shown in Figure 11 bx6 sb9 a bx6 sb9 b 0 1 Internal fixed wired CPU BLADE 01 CPU BLADE 02 Broadcom NIC Intel NIC VLAN 10 VLAN 20 Figure 11 Typical access port configuration The following steps are required t
13. the port channels interface Port channel2 switchport trunk encapsulation dotlq Switchport mode trunk interface Port channel3 switchport trunk encapsulation dotlq Switchport mode trunk interface GigabitEthernet0 1 switchport trunk encapsulation dotiq switchport mode trunk channel group 2 mode on interface GigabitEthernet0 2 switchport trunk encapsulation dotiq White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 18 47 switchport mode trunk channel group 2 mode on interface GigabitEthernet0 23 switchport trunk encapsulation switchport mode trunk channel group 3 mode on interface GigabitEthernet0 24 switchport trunk encapsulation switchport mode trunk channel group 3 mode on Step 2 Verify the configuration Check if STP is diabled SB9 l bx6 sb9 a show spanning tree summary Spanning Tree Adminmode Disabled Spanning Tree Version TEEE 602410 Configuration Default Configuration Configuration Digest Key Oxac36177 50283cd4b83821d8ab26de62 Configuration Format Selector No MST instances to display Check port channel configuration bx6 sb9 a Show port channel all Ports Link Log Channel Adm Trap Port Mode Mode Active Static Static Check the VLAN configuration bx6 sb9 a show vlan VLAN ID VLAN Name VLAN Type Interface s Default Default O74 07 5507 b07 T0 0775 0 16 1 1 1 2 VLAN 10 Static OIT 6h corm 0TG 1 11 2
14. 0 2 discardin On all trunks S R 9 VLAN 1 native VLAN 10 tagged VLAN 20 tagged STP disabled Figure 8 Configuration example RAPID PVST while STP is disabled at SB9 Step 1 Configure the switches SB9 configuration Disable STP for the whole switch This command is normally not displayed no spanning tree White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 16 47 Define the VLANs vlan database vlan 10 vlan name 10 VLAN 10 vlan 20 vlan name 20 VLAN 20 exit Definine the port channels port channel Pol interface 1 1 exit interface 0 11 channel group 1 1 exit interface 0 12 channel group 1 1 exit port channel Po2 interface 1 2 exit interface 0 13 channel group 1 2 exit interface 0 14 channel group 1 2 exit Configure the interfaces interface range 0 11 0 14 spanning tree port mode Switchport allowed vlan add 10 Switchport tagging 10 Switchport allowed vlan add 20 Switchport tagging 20 exit interface 1 1 staticcapability spanning tree port mode switchport allowed vlan add 10 Switchport tagging 10 Switchport allowed vlan add 20 Switchport tagging 20 exit interface 1 2 Staticcapability spanning tree port mode Switchport allowed vlan add 10 SWLECHDOFE tagging LO switchport allowed vlan add 20 Switchport tagging 20 exit end Cisco Switch A Enable and configure RSTP spanning tree mode rapid pvst Sspanning tree vlan 1 10 20
15. 00 GbE switch is an integrated Gigabit Ethernet switch for use in the PRIMERGY BX600 chassis Up to four switches can be installed and each installed switch offers ten 1Gbit downlink ports to the midplane for connection to server blades The PRIMERGY GbE switch comes in two variants as regards the external ports one with six 1 Gbit uplink ports RJ45 and one with six 1 Gbit uplink ports and two 10 Gbit uplink ports XFP CX4 The two 10 Gbit ports of the second variant can be connected by means of an XFP module and a CX4 cable Layer 2 3 4 functionalities are supported PRIMERGY BX600 GbE switch variant 1 PRIMERGY BX600 GbE switch variant 2 e Six 1 Gbit s Ethernet RJ45 ports e Two 10 Gbit s Ethernet ports XFP CX4 e Infiniband cable 10m 10GBASE CX4 must be ordered separately e XFP multimode module 10GBASE SR must be ordered separately e Six 1 Gbit s Ethernet RJ45 ports White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 4 47 2 Switch Connectivity 2 1 Auto Negotiation 2 1 1 Introduction The SB9 is equipped with at least six Gigabit Ethernet ports which are implemented as specified in the 1000BaseT standard Since ten Gigabit Ethernet is not usual in datacenters server access layer the 10GBaseCX4 and XFP interfaces that are also available are not covered here These ports can be run with different data rates and different duplex settings comparable to Cisco Switches Table 1 s
16. 1 i Designated port Root port i Cisco A forwarding forwarding Cisco B RAPID PVST RAPID PVST priority O for all vlans priority 4096 for all vlans MAC Address Table MAC_1 Port 0 1 MAC_2 Port Po3 MAC Address Table MAC_1 Port Po3 MAC_2 Port Po Designated port forwarding down down S B 9 Root port forwarding RSTP 802 1w MAC Address Table priority 32768 MAC_1 Port Po2 MAC_2 Port 01 On all trunks Se rver 2 VLAN 1 native VLAN 10 VLAN 10 tagged VLAN 20 tagged Figure 6 Combining RAPID PVST and 802 1w after failure of Po1 Figure 6 shows this scenario When server 1 now wants to send data to server 2 switch B will send it to switch A via Po3 as indicated by the MAC address table which has no connection to the SB9 and will drop the packet This will not change until either the MAC address table entry times out after 300 seconds or the server SB9 sends a packet that has been seen by switch B whichever happens first This scenario shows that RSTP and RAPID PVST are not compatible in this respect A worst case failover time of 300 sec will not be acceptable Running RAPID PVST on VLAN Trunks while disabling STP at the SB9 When RAPID PVST is running at the Cisco switches and STP is disabled at the SB9 we have almost the same scenario as above where the Cisco switches were running STP and STP was disabled at the SB9 Figure 7 shows this scenario Root port Designated port forwarding forwardin
17. 1 TACACS Cisco IOS r Configuration Pr Gust wip Conf Teukation Add Entry Search Interface op Configuration Administration To Q ARA Gi ears 9 Control AAA Server Name AAA Server IP Address AAA Server Type wm server 1 192 168 241 129 CiscoSecure ACS External User Databases Reports and Activity ES b Ti Online Documentation 9 Back to Help D I A a D I E a T I I a T I S f P I k A amp Applet appPing started a Local intranet White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Bice interned Laphrer berdigan von Chl eSieneans K See HR ute Eeebetes Areia Eremi Ens T ae Gp ETES O eb fae Qe 3 3 mf Ee Oo Beg tein By iber AE hiipii ID F22 2 Devaar hri h CFE ECE 2 CEG cos GER yj Sevess 2 ABD SE SHE te Haree E AES Cisce rimen Network Configuration Add AAA Client AAA Cha Astneme haf zhia LO 0 1 70 AAA Chent FP Address Fury isc e Os Authenboate Using RADIUS IETF Ca etre f Eeg hta O Leg Update Watchdog Packets Grom thes AAA Chen Hulk O Leg RADIUS Tunneling Packets from the AAJA Client T Replace FRADINS Pornit mth Use fom Gur AAA Chen Stage Comet TAT ACE RAA Chest Eerad ates in arenar on fbure Sabra j Suomi Resist Cancal i Chesfecurn ACS Micro Internal Explerer bortipesio le von CAD een AP SP Cate Reeth Ahi Peewee Este T park is i J
18. 2006 PRIMERGY BX600 GbE Switch six 1 Gbit two 10 Gbit Ports Layer 2 3 4 Switch Page 2 47 4 5 1 Introduction 46 4 5 2 Recommended Solution 46 4 5 3 Configuration of CDP 46 4 6 Port Monitoring 47 4 6 1 Introduction 47 4 6 2 Configuration of Port Monitoring 47 4 7 Further information in the Internet 47 Whitepaper Issue 20th October 2006 PRIMERGY BX600 GbE Switch six 1 Gbit two 10 Gbit Ports Layer 2 3 4 Switch Page 3 47 1 Introduction Today most datacenter networks run with switches from a single vendor Although most of the protocols used are standardized there are a number of proprietary ones especially redundancy and management protocols Other features may be so individual that interoperability is possible but not simple It is therefore sometimes a challenge to integrate switches from one vendor into a network that has been build using a different vendor This paper is intended to guide the reader with the task of integrating BX600 SB9 switches into Cisco networks A number of major aspects that are common to most datacenter networks are covered and have been tested in Fujitsu Siemens laboratories All the features of Cisco switches mentioned in this paper have been tested with Catalyst 3560 and Catalyst 3750 series switches The following Cisco IOS software was used for the integration tests Catalyst 3750 IOS 12 2 25 SEE1 Advanced IP Services Catalyst 3560 IOS 12 2 25 SEE1 Advanced IP Services The PRIMERGY BX6
19. 64 which is supported both by SB9 and Cisco switches The server may be an UNIX system in which a syslog daemon is usually distributed with the operating system or a Windows system with a special syslog server installed A syslog message includes a time stamp to enable administrators to correlate events and it is therefore necessary to synchronize the time bases used by all the devices The standards for this task are NTP and SNTP NTP Network Time Protocol is a mechanism that ensures reliable synchronization between devices over IP networks even where there is a high delay on the lines such as when the synchronization is running over WAN links When running in a LAN environment you can use a less complex protocol SNTP standing for simple NTP which is compatible to NTP and can use a NTP Server as time source 4 1 2 Recommended Solution Since syslog is an unreliable protocol we recommend that you also enable logging to memory at the SB9 The synchronization should be performed by configuring two NTP servers or using a NTP broadcast source as specified in whichever standard is in use at the data center 4 1 3 Configuration of syslog and SNTP The following steps are necessary to enable logging and SNTP Step 1a Configure the SB9 for unicast SNTP Step 1b Alternatively configure the SB9 for broadcast SNTP Step 2 Configure the SB9 for logging and syslog Step 3 Test the configuration Step 1a Configure the SB9 for unicast SNTP
20. AN Trunks SB9 firmware gt 1 14 required The recommended solution when running STP over VLAN trunks between Cisco and SB9 switches is to disable STP completely at the SB9 and run the STP or RSTP protocol at the Cisco switches see Figure 4 and Figure 7 When the SB9 is connected to Cisco switches without VLAN trunks the preferred solution is RSTP because this would lead to the shortest failover times Caution In order to avoid loops in the network please be sure that the VLAN configuration on both uplinks is the same Misconfiguration may lead to unidirectional links and to network loops Caution There is a significant difference between disabling STP on the SB9 globally and for each interface If STP is disabled for one interface BPDUs are neither sent nor bridged This behavior may lead to network loops When STP is disabled globally BPDUs are bridged This is needed in the recommended scenarios Caution When running STP on an SB39 it is important to enable STP at all ports especially when creating port channels this is not the default and must be enabled manually 2 4 3 Configuration with VLAN Trunks You set up the scenario shown in Figure 8 by performing the following steps e Step 1 Configure the switches e Step 2 Verify the configuration Root port Designated port forwarding forwarding CiscoA priority O for all vlans Cisco B priority 4096 for all vlans Designated port forwarding Gi
21. Configuration In this example PIM dense mode is activated since this is the most simple solution In datacenter networks a more sophisticated solution should be used but multicast routing is not in the scope of this document ip multicast routing distributed interface Vlanl tp address 10 222 0 4 255 0 20 0 ip pim dense mode interface Vlanl10 ip address LIZ 6S Oe Veo 255 yoo 20 ip pim dense mode interface Vlan20 tO Aacdress LOZ e168 20 1 2554259525950 ip pim dense mode 2 Enable IGMP snooping at all Layer 2 switches Layer 2 Switch Configuration Cisco l All these commands are enable by default and are not seen in the config normally l Enable IGMP snooping global ip igmp snooping Enable IGMP snooping for VLANs ip igmp snooping vlan 1 ip igmp snooping vlan 10 ip igmp snooping vlan 20 SBI Switch Configuration Enable IGMP snooping global White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 33 47 ip igmp snooping Enable IGMP snooping for VLANs vlan database set igmp 1 set igmp 10 set igmp 20 exit Enable IGMP snooping for ports interface 07 1 0716 ip igmp snooping interfacemode exit inceriace 171 172 ip igmp snooping interfacemode exit 3 Verify the configuration bx6 sb9 b show ip igmp snooping Admi ModE i vate ges a GAL ce aari ues Bee SO ee ee Enable Multicast Control Frame CO
22. SB9 unicast SNTP configuration I Fnable The SNTP LISHE sntp client mode unicast Configure the NTP server sntp server 10 222 0 1 ipv4 sntp server 10 222 0 2 ipv4 Configure the time zone sntp clock timezone MEST 2 0 before utc Step 1b Configure the SB9 for broadcast SNTP SB9 broadcast SNTP configuration Enable the SNTP client in broadcast mode sntp client mode broadcast Configure the time zone sntp clock timezone MEST 2 0 before utc Step 2 Configure the SB9 for logging and syslog SB9 logging configuration l Enable logging into memory logging buffered l Wrap the logging buffer when capacity is reached logging buffered wrapped Enable syslog logging syslog Send syslog messages to 10 222 0 21 port 514 default Include all messages upto debug severity logging host 10 222 0 21 514 debug White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Step 3 Test the configuration When running in SNTP unicast mode the output is as follows bx6 sb9 a show sntp Last Update Time AUG 21 FS 23425 9 2006 Last Unicast Attempt Time AUG 21 13234259 2006 Last Attempt Status Success Broadcast Count Time Zone gt MEST 02 00 Before UTC bx6 sb9 a show sntp client Client Supported Modes unicast broadcast SNTP Version 4 POrt 123 Client Mode unicast Unicast Poll Interval 6 which mean 2 6 in seconds Poll Timeout s
23. Spanning tree edgeport Forbid all VLANs but the access VLAN switchport forbidden vlan add 1 Switchport forbidden vlan add 10 Permit the access VLAN Switchport allowed vlan add 20 Set the access VLAN as native VLAN Switchport native vlan 20 exit Step 2 Configure the Broadcom NIC To configure the Broadcom NIC start the Broadcom Advanced Control Suite 2 0 xi This is the main window of the Broadcom File wiew Tools Help Advanced Control Suite 2 Name Driver Status MAC Address Link Status IP Address Select the menu item Tools gt Create a Team HA 0001 Broadcom Net treme Gigabit Fiber Loaded 00 C0 5F 26 E1 Up 10 100 0 5 BS 0002 Broadcom Net treme Gigabit Fiber Loaded O0 LO 9F 26 E1 Up 10 100 0 13 BROADCOM Cancel Apply Help W Enable Tray Icon Click on any device at left panel For detail information or press F1 For help New Team Configuration l i Enter a name for the team and press Next gt Enter a name you will use to identify this team SLEI Team Type Smart Load Balance and Fail Over Link Aggregation B02 3ad C Genetic Trunking FEC GEC 802 Jad Draft Static SLB Auto Fallback Disable 4 back Apply Cancel Help White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 27 47 J Select the first adapter as Load Balance Member and the second as Standby Member and press Pr
24. able Control Reports and c i e TACACS Enable Password Dis aE D oni q ceeeeee e TACACS Outbound Password Online cae e TACACS Shell Command gn OPETAN C Separate CHAP MS CHAP ARAP Authorization Password e Command Authorization for Network Conk 5 Device Management Applications om amp e TACACS Unknown Services amp gt e IETF RADIUS Attributes Submit Cancel DADIE VWandaw Cn naifin Abtethetnn lt Applet nas_filter started a Local intranet White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 45 47 Step 2 Configure the SB9 SB9 Configuration for TACACS Create a authentication list authenticatio will be done agains TACACS if the server does not respond it will be done locally authentication login TACACS tacacs local reject bind the authentication list to all users which are Moe Locally username defaultlogin TACACS Enable TACACS Tacacs Set the shared key for server 1 tacacs key 1 0 fsc Set the IP address of server 1 tacacs Server ip 1 10 222 0 21 Define the server 1 as master tacacs mode 1 master 1 Since all users which are authenticated by TACACS are read only user it s important to set the enable password which is not seen in the configuration file enable passwd Step 3 Test the login C gt telnet bx6 sb9 b Test a login with correct username but wrong password Dx6 s5sp9 b User tes
25. aen epee 2 a AS AB beep 2a 0 2 teats Hra E ms FG OO EGR OO AG rene D MO P etiken Ta Circe Suorem Leer Setup j3 N 5 pe a mc ee ee ee a aa 5 i Dartas Foes a Sperihic err r he Dimreiarure Teer Diarahase Adding a User ta the Coetetecas fren rarabace Alas k ee ihis ia User lio Find awe Je l i Parirala Character e Liring All Ossian ii the mete sd lee Darah ace Coocedecorce zer Datshasge List teers be grungy wath eect er BECRETGADATELA User Sep eaables yon to coinme pei eer moman add werg myd delete uenra m be data wc Veer Setup and Extemal Uee WEE RELL Beee Cis Secure ACS no pa on E ai p a i iwi Page 40 47 Enter the name and IP address of the switch Use RADIUS IETF enter the shared key and press Submit Restart Add the users to the ACS database e g the user test ro White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Diii Ei ree Erawa Enb F a A ean Sehnert fF Cisca Spence User Setup Supplementary User lafe Beal Hame Drescnpten ser Serp 2 Passvord Asthenicaion Cemoecue Lsshes Cisco becure PAP Ado used fer CHAPS CHAH AEAF fte Stpatate bek ii met checked Aim miiran re Ca rive Quine Pirwani Oi Separate HARHA CERRAR AP Eannord CinEm CETELE EI Sabra Cancel i Appdat nar fim scartad Step 2 Configur
26. authentication using server 10 222 0 21 radius server host auth 10 222 0 21 Set the share key for the authentication server radius server key auth 10 222 0 21 0 fsc Define the server as primary radius server primary 10 222 0 21 Page 41 47 White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 42 47 Step 3 Test the login C gt telnet bx6 sb9 b Test a login with correct username but wrong password bx6 sb9 a User test ro Password WRONG Test a login with correct username and password User test ro Password test ro bx6 sb9 a gt At the ACS you can see the failed and successful attempts View the failed attempts Pe SEF hres bee i 7 D a hg ral ih MCT Rereitre ite etre ir Bj remna LaFa e HAH ire os battle a r E lii 1 i Creampie Portal Te i aac iri ar ii tutes Reports and Activi E a i Reports Lire Taye Meee Howe Gen Cale Popes Pomme alte ME BAL B ay WY Fenr Authenteat Def ee r e Eray pe CLE ead arnt Haila danm porated io Lagd n Umre tr ea FL Doaky Areh j ar ACE Backus Ard Er e 1 Le tye A iri cee h Cole eral kg Ter Teer Posrmand z mE 3B ACS Sanne Keocionng View the passed authentications Fiste ferme a i Br i a Eiig Un sings aia ha k ei Ge E e HAH ire os batt a Maes q Pei aderi AE repren Portal Tes a sacle AL bre ar i j hiis fcitinn fle rls anil Activi x Nt em i Reports a i Pa
27. dr Rey ar Pudbecate Irra HES ig m Tpi Caret TACACS AAA Chest ecord riep n arara en eere O Leg Up is W aehd Facka Germ tha AAA Ciri O Leg FALIIS Tie Pecks Sim thes AAA Che El Replace BADIS Port inte ui Usmar fom Bes AAA Shea l Subri Subd Paen Conca 2 EE ET Gr roo co re Seine Gj AoC iiaa hipag AMEE G Di a GE SA E Reece AG Erap Paria oaa cong resi Or E x Heeteerk Deine frocapa Adzkug a Betreok Derce Cron Hyas a Saimoak Device Groep Dobrimg a Bepeork Derme Orem Feoocheng in Geteerk Deran s AAA Clients Abkng a AAA Cioni Eding Aia Chenji Dking Aii Cira Moie is pee g Ga a ee a if rou are using Meroe Deeae Gewops HID Ss aer Too xk Panat Coa cee oe Fha eee har Arter Hha beer Fb Lesa rimsi e weheen au x Aai Cher Hoe ASA Chem IF Adike Egr Hetk Derre Daop Agthentic ste Using Single Comet LACADH AAA bei Log Upisi Wet ldeg Pakets fee thay ia Cra Lap RADIUS Tuneling Packets fren thes AAA kai Replace RODS Pest ade rath Cosme fog thay Aii Chani A Chem Hosier The fih Cheer Hiie 1 Pie aE det rd o ke Aai char AA Chen LP Ahh The fuia Cieni DF Bieg ig the IF dki se aragrst oy the Ai chen m ml Td eo rimsi To add the device press Add Enter the name IP Address and the shared key for the device select TACACS and press Submit Restart White Paper Issue October 2006 Integration of BX600 SB9 Swi
28. e ANS team modes e Adapter Fault Tolerance Adaptive Load Balancing static Link Aggregation IEEE 802 Sad Dynamic Link Aggregation Rwth Faut Tolerance x The wizard has the settings needed to create the team ou can view and modify the settings for these adapters from the team properties dialog Cancel White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 31 47 2 6 Link State 2 6 1 Introduction BX600 Blade Servers are equipped with 2 independent LAN ports by default LAN Port redundancy is realized by utilizing NIC management programs with LAN teaming functions such as Broadcom BACS Intel ProSETII and Linux Channel Bonding However the server blade cannot detect a link down situation or a port failure situation timely if link failures occur on the uplink port s on SB9 Switch connected to the next higher level switches In this case it takes a long time over 5 10 seconds to perform a NIC failover via the teaming software of the server blade it depends on polling period implemented in NIC management program In order to realize a rapid fail over of redundant blade server LAN ports SB9 is able to shut down ports linked to server blades internal ports whenever an uplink port external port fails If the upstream port is resumed to active state the downstream ports will be enabled again Cisco 0 11 external Ports SB9 detall uplinks Gi 0 1
29. e the SB9 SB9 Configuration for RADIUS m la E A e Actomit Disalbed Deleting a Uvername Supplementary User Info Password Antivir amen Creag to wherh the neces em smire Callback Client IP Aukdiess Assignment Advanced edime a Ketrogk Access Mephitis Klas Spini Te Chinkacr a Accomit Disable Dhevahoulable ACLs ihvanre Ar aes amp a TACACHA Fuable Conrad TACACH Fiable Pasa oid TAC ACE Onthaand Pas rear e TACACH fell Command Filer ee c TES a Tenn Date Management Applic amens TACACHK Unlenonin Services DATTE Bln de Deis bebibrikan E fe Local internat bind the authentication list to all users which are l not locally username defaultlogin RADIUS LIST Enable RADIUS radius accounting mode radius server host auth 10 222 0 21 radius server key auth 10 222 0 21 7 8C555426262626262626262626262626 radius server primary 10 222 0 21 Since all users which are authenticated by TACACS are read only Specify the user s password and press Submit user it s important to set the enable password which is not seen in the configuration file enable passwd Create a authentication list authenticatio will be done agains RADIUS if the server does not respond it will be done locally authentication login RADIUS LIST radius reject bind the authentication list to all users which are L noc Locally username defaultlogin RADIUS LIST Enable the
30. econds 5 Poll Retry 1 bx6 sb9 a show calendar Current Time 8 21 2006 13 36 20 When running in STNP broadcast mode the output is as follows bx6 sb9 a show sntp client Client Supported Modes unicast broadcast SNTP Version 4 Port 123 Client Mode broadcast Broadcast Poll Interval 6 which mean 2 6 in seconds bx6 sb9 a show sntp Last Update Time AUG 21 13 55716 2006 Last Unicast Attempt Time AUG 21 1340222 2006 Last Attempt Status Success Broadcast Count Time Zone gt MEST 02 00 Before UTC ox6 sb9 a show calendar Current Time 8 21 2006 13 56 27 At the syslog server entries may look like as follows IAO 20 O06 sez 9 Kernel Info HOO 22 COAUG LT L32796 T04 sntp_client c 1679 36 SNTP system clock synchronized on THU L406 2006 137 31 Kernel Noticel0 0 2 70 PUG AF ASSSO TL Oy reputed gens Sh se Link Up Units 1 Soe sO P rcr Li Ee 206 oer oA Kernel Noticel0 0 2 70 BUG ad Wee Oe aly Ou trapu til C703 36 es ank Ups Unit db Slots 0 Ports 12 de 08 2006 Los Kernel Notice10 0 2 70 AUG ILT AS73071 A0 traputil yet 103 39 too Link Up Umt plot L Ports 1 20832006 14702 Kernel Noticel0 0 2 70 AUG 17 14 01 23 10 traepucilse 70s 40 3 Tink Up Unit L oloto L Ports 2 L408 2006 14 202 Kernel Noticel0 0 2 70 AUG 17 14 01 54 10 Page 36 47 s TOSI UNKN 199044152 WD des ene 2 0006 UG 0 1 TRAPMGR 248845768 0 1 TRAPMGR 248845768
31. el settings between SB9 and Cisco switches The combinations marked red are very risky and would lead to networks loops Table 2 Possible port channel configurations No Channel So called split channels where one channel from one switch is terminated at two other switches are supported neither by the SB9 nor by Cisco switches 2 2 2 Recommended Solution Although Cisco switches and SB9 both support LACP and although this feature has been tested to be compatible between these devices we recommend using static configured trunks This is the best practice to minimize the risk of incompatibilities and misconfigurations Caution In order to avoid loops in the network please be sure that the affected ports of a port channel are shut down during the configuration process Generating loops in a datacenter network may cause serious network problems White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 6 47 2 2 3 Configuration The setup in Figure 1 would be configured in the following steps Step 1 Shut down the affected ports to avoid loops Step 2 Set up the port channel Step 3 Bring up the affected ports Step 4 Verify the operation of the port channels Step 1 Shut down the affected ports to avoid loops SB9 interface range 0 11 0 14 shutdown exit Cisco A interface range Gi 0 1 2 shutdown end Cisco B interface range Gi 0 1 2 shutdown end
32. eted in the meantime e Manual trunk configuration is very deterministic as to which VLAN is on which trunk This will simplify troubleshooting e Manual trunk configuration may help the administrator to set up a simple load sharing We therefore recommend using manual VLAN registration in a Cisco datacenter network Since the SB9 does not support ISL the only solution for VLAN trunks to Cisco switches is IEEE 802 1Q When STP is used which is the case for most of datacenters it is necessary to use a native VLAN because the standard defines that BPDUs have to be transported untagged See also Spanning Tree Cisco recommends not using VLAN 1 for anything productive It therefore makes sense to configure the management IP address of the SB9 into another VLAN but it is nevertheless important to have one native VLAN defined on the trunk 2 3 3 Configuration You set up a VLAN trunk as shown in Figure 2 and our recommendations by performing the following steps e Step 1 Configure the port channels e Step 2 Define the VLANs e Step 3 Configure VLAN trunk e Step 4 Verify the VLAN trunk White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 9 47 Step 1 Configure the port channels Please refer chapter 2 2 Step 2 Define the VLANs SB9 Configure the VLANs VLAN 1 is default and can t be configured vlan database vlan 10 vlan name 10 VLAN 10 vlan 20 vlan name 20 VLAN 20 exit C
33. eview Member Assignment for Team SLB Available Adapters Load Balance Members 0001 Broadcom Net treme Gigabit Fiber Br oo lolx Review the configuration and press OK File View Tools Help Name Team Properties Statistics E49 Network Interfaces Summary Eli SLB Information Value Virtual Adapters Team Name SLB Te SLB 0009 BASF Virtual Adapter Team Type SLB Auto Fallback Disable Team Mode Primary Baspxp32 sys fem Primary Adapters Fh 0001 Broadcom Netxtreme Gigabit i ae gal Standby Adapters _ Driver Date 12 14 2004 SE 0002 Broadcom NetXtreme Gigabit Delete Team Configure Team Add VLAN Fallback BROADCOM Cancel Apply Help J Enable Tray Icon Click on any device at left panel For detail information or press F1 for help Broadcom Advanced Control Suite 2 x Press Yes Network connection will be temporarily interrupted Connection will resume after the completion of selected tasks Do you want to continue IP Address Setting Reminder i xj Press OK The team configuration has been completed Please refer to the Network Properties for P address and Gateway address settings White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 28 47 Step 3 Configure the Intel Adapter To configure the Intel NIC open the Local Area Connection Properties for the first adapter l Local Area Connec
34. forwarding Disabled Enabled Disabled Disabled Interface Enabled Disabled Disabled Enabled Forwarding Root Enabled Discarding Alternate Check if RSTP state at Cisco Switch A Cisco A show spanning tree VLANOOO1 Spanning tree enabled protocol rstp Root ID Priori y 1 Address VOL 7294 70 3200 This bridge is the root Hello Time 1 sec Max Age 11 sec Forward Delay 8 sec Bridge ID Priority Le Xprrority 0 SyS Ld exe 1 Address VOLT 394 10 3S200 Hello Time 1 sec Max Age 11 sec Forward Delay 8 sec Aging Time 300 Interface Role Sts Cost Prio Nbr Type Desg FWD 3 LAG 396 Desg FWD 3 IZS3I12 P2p Check if RSTP state at Cisco Switch B Cisco B show spanning tree VLANOOO1 Spanning tree enabled protocol rstp Root ID Priority al Address OO 94 70 3200 Cost 3 POLG 616 Port channel3 Hello Time 1 sec Max Age 11 sec Forward Delay 8 sec Bridge ID Priority 4097 priority 4096 sys id ext 1 Address JOUT 24 7b lt d013 0 Hello Time 1 sec Max Age 11 sec Forward Delay 8 sec Aging Time 300 Interface Role Sts Cost Prio Nbr Type Altn BLK 3 128 640 P2p Root FWD 3 128 616 P2p Page 23 47 White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 24 47 2 5 Access Port and NIC Configuration 2 5 1 Introduction In atypical setup ports for server access are not configured as VLAN trunks but as normal access ports Since the SB9 configuration differs slightly from the Cisco config
35. g CiscoA priority O for all vlans Cisco B priority 4096 for all vlans Designated port forwarding eee discarding On all trunks VLAN 1 native SB9 STP disabled VLAN 10 tagged VLAN 20 tagged Figure 7 RAPID PVST while STP is disabled at SB9 When the Po1 link fails the Po2 of switch B will stop receiving BPDUs After three times the hello interval the switch will change the state of port Po2 to learning and will then follow the normal state machine so that the convergence time is the same as with 802 1D Since the RSTP cannot operate with the proposal agreement mechanism on this link root changes will also be relatively slow within all the VLANs that are running on the trunks to the SB9 White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 15 47 2 4 2 Recommended Solution As discussed earlier there are a number of different combinations of STP protocols that can be selected when integrating SB9 switches into Cisco networks Although using MSTP between the Cisco and the SB9 would be the best solution it will not be discussed further in this paper because MSTP is so very unusual in Cisco networks If you were to run MSTP 802 1s on the SB9 switches while using STP or RSTP at the Cisco switches MSTP would fall back to RSTP and STP respectively The resulting and possible solutions are shown in Table 4 Table 4 Possible STP combinations when using VL
36. hout any modifications Figure 4 shows this scenario CiscoA Cisco B priority O for all vlans priority 4096 for all vlans Root port Designated port forwarding forwarding Designated port Alternate forwarding discarding On all trunks VLAN 1 native SB9 STP disabled VLAN 10 tagged VLAN 20 tagged Figure 4 PVST while STP is disabled at SB9 Since switch B receives the BPDUs of switch A its port Po2 will get the role alternate and it will take on the state discarding The SB9 will not be involved in any decisions while the topology is changing If the link Po1 fails switch B will not receive any BPDUs at Po2 After three times the hello interval Po2 will initiate its change to the role designated and will subsequently take on the forwarding state Since no STP is enabled at the SB9 all the switch s ports will be enabled and forwarding as soon as they come up Without STP timer tuning worst case failover times resulting from link or switch failures were found to be approximately 45 seconds White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 13 47 Rapid Spanning Tree The standard IEEE 802 1w RSTP defines only BPDUs in the native VLAN as implemented by the SB9 Cisco also enhanced RSTP to RAPID PVST which is compatible to RSTP in a number of ways Figure 5 shows this scenario Server 1 VLAN 10 Root port forwarding De
37. hows the possible combinations of a Cisco Switch and an SB9 Only the combinations marked green are viable the combinations marked red are risky because they will lead to a duplex failure UJ Fix Full Duplex 10 O O 2 aoa x lt y x lt Q K a TE O 0 T 40 x lt L LL nas LL Fix Full Duplex 100 N A N A N A N A Table 1 Speed and Duplex Settings Cisco Switch During the ports autonegotiation phase the flow control mechanism can also be negotiated Switches are not the best location for buffering packets during congestion this mechanism should therefore not be activated on links between switches but preferably between servers and switches In this case the server would be able to buffer the packets if the switch were to detect congestion on the uplink Since flow control depends very much on the server hardware and software this issue is not covered in this paper 2 1 2 Recommended Solution We recommend setting the ports on both sides to auto negotiation In this setting the switches will negotiate their capabilities and will find the best possible setting When connected to the usual 1000BaseT port of a Cisco switch using a crossover or straight thru 8 wire Cat5E or better a patch cable the SB9 will negotiate 1000 Mbit with full duplex Flow control should be disabled between switches 2 1 3 Configuration You set a port of the SB9 e g 0 12 to auto negotiation and no flow control by en
38. instances for VLAN trunks Cisco supported only on access ports not on trunks RSTP 802 1w Rapid STP as specified in 802 1w Fast convergence does not SB9 conforms to the standard support multiple instances for VLAN trunks Cisco supported only on access ports not on trunks MSTP 802 1s Multiple Instance STP as specified in 802 1s Fast convergence SB9 conforms to the standard support multiple instances for VLAN trunks Cisco conforms to the standard but not common in Cisco environments PVST STP as specified in 802 1D with the following enhancements Cisco proprietary solution e port fast feature SB9 not supported yet e uplink fast feature e backbone fast features e spanning tree for each VLAN Fast convergence compatible to 802 1D even on VLAN trunks PVST Like PVST but supporting only ISL trunks Cisco proprietary solution RAPID PVST RSTP as specified in 802 1w with the following enhancements Cisco proprietary solution e spanning tree for each VLAN SB9 not supported yet Fast convergence compatible to 802 1D even on VLAN trunks Table 3 Spanning tree protocol implementations When connecting switches without VLAN trunks PVST and STP are compatible with RSTP and RAPID PVST respectively without any problems Other combinations are discussed in the following section Running ST P 802 1D with PVST on VLAN Trunks When running STP over VLAN trunks MSTP is the only STP protocol implemented by Cisco that completely
39. ion ID Admin Mode Dest Port Source Port Enable Both 0 4 4 7 Further information in the Internet PRIMERGY servers www fujitsu siemens com primergy Delivery subject to availability specifications subject to change without notice correction of errors Published by Extranet and omissions excepted FSC EP ESB ST PRIMERGY m i oye is All conditions quoted TCs are recommended cost prices in EURO excl VAT unless stated Enterprise Server Business Support amp e fujitsu siemens com primer otherwise in the text All hardware and software names used are brand names and or trademarks Trainings http www fujitsu siemens com primergy S of their respective holders Copyright Fujitsu Siemens Computers 10 2006
40. isco A Configure the VLANs VLAN 1 is default and can t be configured vlan 10 name VLAN 10 vlan 20 name VLAN 20 vlan 30 name VLAN 30 Step 3 Configure VLAN trunk SB9 Definition of the port channel port channel Pol interface 1 1 exit interface 07a channel group 1 1 exit interface 0 12 channel group 1 1 exit Configure the interfaces for VLAN trunking interface range 0 11 0 12 the native vlan 1 is default and normally not displayed in configuration Switchport native vlan 1 Switchport allowed vlan add 10 Switehport tagging 10 Switchport allowed vlan add 20 Switchport tagging 20 exit Configure the port channel for VLAN trunking interface 171 staticcapability the native vlan 1 is default and normally not displayed in configuration switchport native vlan 1 switchport allowed vlan add 10 switchport tagging 10 switchport allowed vlan add 20 Switchport tagging 20 exit Cisco A interface Port channel6 Switchport trunk native vlan 1 switchport trunk encapsulation dotlq Switchport mode trunk White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 10 47 Switchport allowed vlan 1 10 20 I interface range GigabitEthernet0 1 2 the native vlan 1 is default and normally not displayed in configuration Switchport trunk native vlan 1 Switchport trunk allowed vlan 1 10 20 switchport trunk encapsulation dotlq Switchport mode trunk channel group 6 m
41. l as tOr SNMPVZC snmptrap MySNMPv2 10 222 20 20 l a for SNMPv1 snmptrap MySNMPvl 10 222 0 20 snmpversion snmpvl Step 2 Configure SNMPv3 authentication It is important to set the SNMPv3 authentication protocol to MD5 for each configured user name to ensure that nobody can access the switch using SNMPv3 without authentication This can only be done using the web interface F area Seih Blade himnar Micravall ierat Explaret bere pes te yta CA Teeri AP 8 IE Ei Dea heie gadi Ferceberi Extras 2 Fig Cone wi fh ae Gere OH aa E hua mab a eee hd a see il Ej Wectasin ru QPS Oc TO SOM DJAM ytewere QP SAD interes GAA G Cee AE H ache Sete Endep Parha Homa he sir SIEMENS FRIMEAET be i sh P a L I ipatam O ARF Ciche 7 ied ioe Lee era li rmi Leer Accounts y Cani paraan L Sette Deco ption Heihest Connichhiiy i Tenet eaa Ea Cth ted Tali e A i C Teri Pert pee J 4uthentication List Caniig Lj Lag TE ILLI 5 BS Aurtheatit Sth Lit Sarin E Uwar Legis pU Firmir ing atalage Log T E Part C SAP yj Matea pte wilting La Trap Mien er 0 el OHO Chant 2 lj fsitching oe MH 4 Protocol based VLAH E F ise WS ty nT Pa ati Cin bin Paar MMP yA User Contigurahins GHP vi iren Hoca Aau lH bian Protoni i Shits pen PT Fielifea Eris Poon Kier Cortraber ami ESL cite ILANI Copper SR Ce Pugs ees Oo gle ead ris White Paper Issue October
42. l setup console redirection is the only possible way of accessing the switch Access using telnet or SSH will subsequently be more convenient 4 3 2 Recommended Solution Telnet is an unencrypted protocol which means that not only the data but also the password is sent unencrypted over IP For this reason most enterprise customers prefer not to use telnet SSH encrypts not only the password but also the entire data traffic and is the preferred protocol for remote console access We recommend you to enable SSH and disable telnet access to the switch 4 3 3 Configuration of SSH The following steps are necessary to enable SSH and disable telnet e Step 1 Configure the SB9 e Step 2 Test the login Step 1 Configure the SB9 SB9 ssh configuration Enable ssh ip ssh Set the procol version 2 ip SS p otocdol 2 Disable telnet line vty no sessions exit Step 2 Test the login One of the popular SSH clients is putty which is distributed under license from MIT C gt putty bx6 sb9 b login as test ro test ro bxo sb9 b s password bx6 sbo b lt gt White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 39 47 4 4 Integration into Radius and TACACS 4 4 1 Introduction Radius and TACACS are protocols that can be used for authentication authorization and accounting Enterprises often use one of these protocols to authenticate administrative users of net
43. o A show etherchannel summary Flags D down P in port channel stand alone s suspended Hot standby LACP only Layer3 S Layer2 in use f failed to allocate aggregator unsuitable for bundling waiting to be aggregated default port Number of channel groups in use 1 Number of aggregators 1 Group Port channel Protocol Ports White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 8 47 2 3 VLANs and Trunks 2 3 1 Introduction Most network administrators want to partition their network into multiple broadcast domains to provide better network stability and better information security This is implemented using virtual LAN technology VLANs which provides multiple virtual LAN segments in one switched network domain as specified in the standard 802 1Q A number of protocols have been developed to simplify the management of such VLANs While Cisco uses its own proprietary VLAN Trunking Protocol VTP the IEEE describes the GARP VLAN Registration Protocol GVRP which has been implemented in the SB9 Cisco A VLAN 1 10 20 30 Gi0 1 Gi0 2 Port channel and VLAN Trunk transporting VLAN 1 10 and 20 0 12 0 11 VLAN 1 10 20 SB9 Figure 2 VLAN Trunk between SB9 and Cisco Switch When multiple switches are interconnected there is often a need to transport multiple VLANs over one line This technique is called VLAN Trunking and is described in the IEEE standard 802 1Q and implemented
44. o configure this scenario e Step 1 Configure the access ports of the switches e Step 2 Configure the Broadcom Adapter e Step 3 Configure the Inter Adapter Step 1 Configure the access ports of the switches Configuration of bx6 sb9 a interface 0 1 This line is only needed if you are running STP on the switch Spanning tree edgeport Forbid all VLANs but the access VLAN switchport forbidden vlan add 1 Switchport forbidden vlan add 20 Permit the access VLAN Switchport allowed vlan add 10 Set the access VLAN as native VLAN Switchport native vlan 10 exit interface 0 2 This line is only needed if you are running STP on the switch Spanning tree edgeport Forbid all VLANs but the access VLAN Switchport forbidden vlan add 1 Switchport forbidden vlan add 10 Permit the access VLAN Switchport allowed vlan add 20 Set the access VLAN as native VLAN Switchport native vlan 20 exit Configuration of bx6 sb9 b interface 0 1 This line is only needed if you are running STP on the switch Spanning tree edgeport Forbid all VLANs but the access VLAN switchport forbidden vlan add 1 Switchport forbidden vlan add 20 Permit the access VLAN White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 26 47 Switchport allowed vlan add 10 Set the access VLAN as native VLAN Switchport native vlan 10 exit This line is only needed if you are running STP on the switch
45. o shown in Figure 8 by performing the following steps e Step 1 Configure the switches e Step 2 Verify the configuration Root port Designated port forwarding forwarding CiscoA priority O for all vlans Cisco B priority 4096 for all vlans Designated port forwarding discarding SB9 RSTP enabled No Trunks Figure 9 Configuration example RSTP without VLAN trunks Step 1 Configure the switches SB9 configuration Enable RSTP for the whole switch Spanning tree Spanning tree mode rstp Definine the port channels port channel Pol interface 1 1 exit interface 0 11 channel group 1 1 exit interface 0 712 White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 21 47 channel group 1 1 exit port channel Po2 interface 1 2 exit interface 0 13 channel group 1 2 exit interface 0 14 channel group 1 2 exit Configure the interfaces interface range 0 1 0 10 Spanning tree edgeport spanning tree port mode interface range 0 11 0 14 spanning tree port mode exit interface 1 1 staticcapability spanning tree port mode exit interface 1 2 staticcapability spanning tree port mode exit end Cisco Switch A Enable and configure RSTP Sspanning tree mode rapid pvst Sspanning tree vlan 1 priority 0 Timers are tuned Please refer Cisco documentation berore using this part of the configuration l spanning tree vlan 1 hell
46. o time 1 Spanning tree vlan 1 forward time 8 spanning tree vlan 1 max age 11 l Define the port channels l interface Port channell These commands are default and normally displayed Switchport mode access Switchport access vlan 1 interface Port channel3 These commands are default and normally displayed Switchport mode access Switchport access vlan 1 interface range GigabitEthernet0 1 2 These commands are default and normally displayed Switchport mode access Switchport access vlan 1 channel group 1 mode on interface range GigabitEthernet0 23 24 These commands are default and normally displayed Switchport mode access Switchport access vlan 1 channel group 3 mode on Cisco Switch B White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Enable and configure RSTP Sspanning tree mode rapid pvst spanning tree vlan 1 priority 0 Timers are tuned Please refer Cisco documentation before 1 using this part ofthe configuration spanning tree vlan 1 hello time 1 Spanning tree vlan 1 forward time 8 spanning tree vlan 1 max age 11 Define the port channels interface Port channel2 These commands are default and normally Switchport mode access Switchport access vlan 1 interface Port channel3 These commands are default and normally Switchport mode access Switchport access vlan 1 Interface range GigabitEthernet0O 1 2 These commands are default and normall
47. oO FUJITSU coneurens Wh ite Pa per SIEMENS Integration of BX600 SB9 Issue 20th October 2006 Switches in Cisco Networks Pages 47 Contents 1 Introduction 2 Switch Connectivity 2 1 Auto Negotiation 2 1 1 Introduction 2 1 2 Recommended Solution 2 1 3 Configuration 2 2 Port Aggregation 2 2 1 Introduction 2 2 2 Recommended Solution 2 2 3 Configuration 2 3 VLANs and Trunks 2 3 1 Introduction 2 3 2 Recommended Solution 2 3 3 Configuration 2 4 Spanning Tree Protocol 2 4 1 Introduction 2 4 2 Recommended Solution 2 4 3 Configuration with VLAN Trunks 2 4 4 Configuration without VLAN Trunks 2 5 Access Port and NIC Configuration 2 5 1 Introduction 2 9 2 Recommended solution 2 5 3 Configuration 2 6 Link State 2 6 1 Introduction 2 6 2 Recommended Solution 2 6 3 Configuration 3 Basic Multicast Services 3 1 Introduction 3 2 Recommended solution 3 3 Configuration 4 Switch Management 4 1 Logging and Synchronization 4 1 1 Introduction 4 1 2 Recommended Solution 4 1 3 Configuration of syslog and SNTP 4 2 SNMP 4 2 1 Introduction 4 2 2 Recommended Solution 4 2 3 Configuration of SNMP 4 3 Remote Console Access 4 3 1 Introduction 4 3 2 Recommended Solution 4 3 3 Configuration of SSH 4 4 Integration into Radius and TACACS 4 4 1 Introduction 4 4 2 Recommended Solution 4 4 3 Configuration of RADIUS 4 4 4 Configuration of TACACS 4 5 Cisco Discovery Protocol WDWDDMDADNAUNUHARAA LO Whitepaper Issue 20th October
48. ode on Step 4 Verify the VLAN trunk SB9 ox6 sb9 a show vlan VLAN ID VLAN Name VLAN Type Interface s Default Default O74 OF 5407 6407 717 0765 0 7 97 0 10 0 11 0 12 0 13 0 15 0 16 1 1 172 10 VLAN 10 Static 0717 O07 11 0712 07 13 0714 07 15 Of 16 1 14 172 20 VLAN 20 Static 0 2 0 11 0 12 0713 0 14 0715 O 16 171 272 bx6 sb9 a show interface switchport 1 1 POEL Acceptable Ingress Default Interface VLAN ID Frame Types Filtering GVRP Priority Admit All Disable Disable bx6 sb9 a Cisco A Cisco A show interface trunk Pore Mode Encapsulation Status Native vlan Pol on 802 1q trunking 1 Port Vlans allowed on trunk Pol 1 10 20 POrt Vlans allowed and active in management domain Pol Te pew Port Vlans in spanning tree forwarding state and not pruned Pol se i 6 Pee 6 White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 11 47 2 4 Spanning Tree Protocol 2 4 1 Introduction When the only standard for spanning tree protocols in LANs was STP as specified in 802 1D Cisco developed a number of proprietary protocol enhancements Some of these were adopted into the RSTP standard but others were not Cisco therefore also modified their RSTP implementation to be compatible with their enhanced STP Table 3 shows all current STP implementations STP 802 1D STP as specified in 802 1D Slow convergence does not SB9 conforms to the standard support multiple
49. r 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 32 47 Step 3 Verify the configuration show link state Shows information about configured Link State Groups 3 Basic Multicast Services 3 1 Introduction IP Multicast applications are common to many datacenter networks At least the deployment software for the blade server often uses multicast to deploy multiple servers using one data stream In most Cisco networks the SB9 will act as a Layer 2 switch which has to perform IGMP snooping in order to avoid unnecessary multicast traffic at ports that are not interested in this traffic 3 2 Recommended solution It is advisable to enable IGMP snooping over the whole broadcast domain and therefore at all switches To get IGMP snooping running you will need one IGMP querier per VLAN In most cases there will be a Layer 3 switch in each VLAN which is also the unicast router for that VLAN We recommended you to configure this router for multicast routing and enable a IGMP querier in this way because the multicast router will need the IGMP information anyway At the SB9 and at all other L2 switches you only need to enable IGMP snooping 3 3 Configuration The following steps are necessary to set up IGMP snooping e 1 Enable multicast routing and IGMP at the layer 3 switch e 2 Enable IGMP snooping at all layer 2 switches e 3 Verify the configuration 1 Enable multicast routing and IGMP at the layer 3 switch Layer 3 Switch
50. sas Uers Orom Calie Nas NASIE Tune I i ae OWIRRIOE 25503 Arien OR He Dated evil Ten eae ea eres Loain Vier EY Caveat 1 shied Bees m h E Er me th Disab m bee 5 Bazkun And Eecicre Hig Weer ip Paceed Auchenbewbare Raded Azengt BRON LESTI Athen OR i EO Anken OE WE ES I amp i 1 70 LET LATE dre Dafa BRS 209 Ambe OE EF ne HEA 1 0 1 70 WIRD Laid Aen OR er rine ea tens ae BROS aeg Anim OF Lie fault maen OB LRN Leo Athen OE epg ate ete 4 5 Cisco Discovery Protocol 4 5 1 Introduction The Cisco Discovery Protocol CDP is intended to provide a way of finding out about the physical cabling of a switch environment It is often implemented in data center networks to give the administrator additional help with troubleshooting and documentation In some situations CDP will be a security issue since it would also give a hacker interesting information about the network 4 5 2 Recommended Solution In normal solutions CDP will not represent a security risk In high security areas or hosted environments the administrator may decide to disable CDP In this case we recommend you to disable CDP at the access ports to the server 4 5 3 Configuration of CDP The following steps are necessary to disable CDP at the access ports e Step 1 Configure the SB9 e Step 2 Check the configuration Step 1 Configure the SB9 SB9 CDP configuration l Disable CDP interface range 0 1 0 10 no
51. signated port forwarding Cisco A RAPID PVST priority 0 for all vlans Cisco B RAPID PVST priority 4096 for all vlans MAC Address Table MAC_1 Port 0 1 MAC 2 PortPo3 MAC Address Table MAC_1 Port Po3 Designated port MAC_2 Port Pot forwarding Designated port forwarding Po2 OZ g discarding Root port torwarding SB9 RSTP 802 1w MAC Address Table priority 32768 MAC_1 Port Po1 MAC_2 Port 01 port 0 1 On all trunks Se rver 2 VLAN 1 native VLAN 10 VLAN 10 tagged VLAN 20 tagged Figure 5 Combining RAPID PVST and 802 1w All RSTP features are functioning for the native in this example VLAN1 Since the SB9 implements the standard and does not know about tagged BPDUs RAPID PVST has the same restrictions as PVST There is an additional problem due to the fact that RSTP generates a Topology Change Notification TCN only when changing a port to the state designated If the Po1 link in Figure 5 fails port Po1 of switch A will go down and will not generate a TCN as specified in 802 1w SB9 will change the role of port Po2 to root port and its state to forwarding and will generate a TCN as specified in 802 1w on the native VLAN This has the effect that the Cisco switches will flush their MAC address tables of VLAN 1 but not for the other VLANs White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 14 47 server 1 VLAN 10 rt Of
52. ssed Authentications active csv E E T e eS a Tiape STEELY Mfpee age dere Caie Naio ARI Px retain pi aay ee Type Home Tir Tiare Addrece AP Acc Default 1 aj Baira IBGE 213 Adhe TE wiri x Hery 100 i70 Card apr dim ap as A ire ace h cole Era kg Ter Teer Posrmand z eu Co ACS Samre keaoionng White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks 4 4 4 Configuration of TACACS The following steps are necessary to integrate an SB9 into RADIUS authentication e 1 Prepare the ACS e 2 Configure the SB9 e 3 Test the login Step 1 Prepare the ACS Page 43 47 To prepare the ACS to be an authentication server for the SB9 login the web interface of the SB9 and do the following configurations i Coeur ACS Mic roectt interes opiera be rv fete Eerste imah feet bree ne O i a i phe ya b mia E o sh Eiaa in gna A i ee taadas Metak Configuration Gal i AAA Clim kdl Fatal Cim AAA Ca IF Jas their Ahire ATE rh ate Uang TACAT force TOE W201 Wo ba RADIIS ETFI CCR Search AAA See AA Sere Miane AAA Serre IP Adkeit AAA Sait Tepe 13 D aL Le DEH osn ACS Adatray Seach ac cours Ais in Te fete Bete ih pe bre D O a ai pote Gree A a a m Re a Eiig Un sings aia ha Gr GAE Gar GAH ee AMD G Di AAD AE SA E adira Re ee I es od tutu Metwork Configuration Aci AAA Client AAA Sent Hector teih 100 iA AAA Chri IP Ba
53. t ro Password WRONG Test a login with correct username and password User test ro Password test ro bx6 sb9 b gt At the ACS you can see the failed and successful attempts I Cheev ecurn ACS Micro Internal Fzglerer boreal van CA eee Se E3 View the failed Dabi Gerbin aih Femi Estes i k attempts Om O BEG pme tiem O OS e LBBS E hapa D2 O ILHE ber ba Ej ahina oe ee re Owo oc or sere i OOO E AE rte eee ig res i Die ten IEI niaig E reri Ptal W Ejn ie Hua oot va Basia Reports and Activity ir TA Ci Betesh M Dewoed nee Failed Attempts active cay ios Seorang Duet Ti elf Accom Hd Ahana zi ey Fr Tone SEEE TA SOPAN ite E AA zji A iied oa tanid igr Birnir is F a a Ea kiral Ane Dashi d Accoun DE LENE J215 be hied i Edmira Awt Mieseage User Gran Caller S SEDO vuchor NAS NASIP Aull pis Vi Dirie aan Fy ih Soot tg ated White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 46 47 i Cheeafecurn ACS Micro Internal Fxplerer bo rrtipesiol ss van LA eee ae Se E i View the passed ee abre eee eee a authentications E Fes i yp eter Ef Prema A d Be je SA mA AB beg fd 22 A 2 ea ha bern GA S008 0606 Go PC fooewes BeOS Stine Bes Ee ee herders Beiepeeeet hewe El oe Blk Eas Cimey Sesreet Reports and Activity Tal m ire i Cinni Reports Passed Authentications active csv E E macane esnan TACACSE Admaatanon 7 hir
54. tches in Cisco Networks Page 44 47 Z CiscoSecure ACS Microsoft Internet Explorer bereitgestellt von CAT Siemens XP SP2 Sele Add the users to the ACS Datei Bearbeiten Ansicht Favoriten Extras ar database e g the user test ro Zur ck 7 x E A Suchen pr Favoriten E2 X ee w bi ae rel 3 Adresse E http 10 222 0 21 4169 index2 htm l E v wechseln zu Links FSC G ccIE csc Ocom ORFE Siemens 4 A amp D SE SH2 intern Homepage 4 AMEX ri Cisco Systems User Setup x ited amp s e User Setup and External User Databases e Finding a Specific User in the Stared Profile Add Edit CiscoSecure User Database Group Y Setup User testro E 255 e Changing a Username in the CiscoSecure User Database Components 1 1 e Adding a User to the CiscoSecure Network User Database r Configuration SNA SEER Te i e Listing Usernames that Begin with a System j inni i Particular Character s Beet ation List users beginning with letter number art ABCDEFGHIJSIKLUH e Listing All Usernames in the Interface _ NOPQRSTUVWXYZ CiscoSecure User Database Configuration 0123 2 5627 6 5 Administration a Control gE External User Databases P 3 aa Reports and fe aana User Setup enables you to configure Ra individual user information add gje Online users and delete users in the is Documentation database User Set
55. tering the following commands in configuration mode interface 0 12 negotiate no storm control flowcontrol exit Here is the corresponding Cisco configuration interface GigabitEthernet0 2 speed auto duplex auto flowcontrol receive off end White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 5 47 2 2 Port Aggregation 2 2 1 Introduction You will usually need more than 1 Gbit when connecting an SB9 switch in a datacenter In this case two or more links are set up to form a port channel also known as a Fast Ethernet Channel FEC or Gigabit Ethernet Channel GEC in Cisco networks Figure 1 shows a typical uplink configuration for an SB9 One port channel connects to Cisco switch A and a second one connects to Cisco switch B Each port channel is formed of two links running with 1000 Mbit in full duplex mode The redundancy mechanisms between these links will be discussed later In principle port channels can be configured statically or using a port aggregation protocol Cisco supports LACP as specified in 802 3ad and their proprietary PagP while the SB9 supports LACP as specified in 802 3ad Using static or LACP dynamic configuration you can form up to six GE links between the SB9 and one other switch Cisco A Cisco B Gi0 2 GiO 1 GiO 1 Gi0 2 0 12 0 11 SB9 Figure 1 Typical uplink configuration for SB9 Table 2 shows the possible combinations of port chann
56. this adapter Each network connection operates independently and is not part of a team New Team Wizard a Welcome to the Intel A PRO Adapter New Team Wizard xi Enter a name for the team and press Specii a name for the team Team 0 Advanced Networking Services 4NM3 team names are limited to 46 characters After you create the SMS team you can view and modify ts settings on the Settings tab in Team properties For more information about ANS teaming click here zl 4 Back Cancel xi Check the desired adapters and press Next Select the adapters to include in this team Intel A PROVTO00 MB Dual Port Server Connection Intel A PRO TO00 ME Dual Port Server Connection 2 The list shows the adapters that are available for Advanced Networking Services ANS teaming Adapters that do not support ANS teaming or that are already members of another SNS or Express team are unavailable and are not shown in the list When an adapter it added to an ANS team all protocol x Back Cancel White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 30 47 Xl Select Switch Fault Tolerance and press Next Select a team mode Adapter Fault Tolerance Adaptive Load Balancing Static Link Aggregation IEEE 802 Sad Dynamic Link Aggregation Switch Fault Tolerance Advanced Networking Services ANS Team Types Networking supports thes
57. tion Properties 2 x Press Configure General Authentication Advanced Connect using E Intell R PRO 1000 MB Dual Port Ser Thi connection uses the Following items LI Network Load Balancing m File and Printer Sharing for Microsott Networks W Intemet Protocol TCP IP Install Uninstall Properties Description Allows your computer to access resources on a Microgoft network F Show icon in notification area when connected M Notify me when this connection has limited or no connectivity Select the Teaming tab General Link Advanced Teaming VLANs Driver Resources Intell A PRO TOO0 ME Dual Port Server Connection Device tupe Network adapters Manufacturer Intel Location PCI bus 4 device 4 function 0 Device status This device is working properly Fou are having problems with this device click Troubleshoot to start the troubleshooter i Device usage Use this device enable White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 29 47 Select Team with other adapters and Press New Team Intel R PRO 1000 MB Dual Port Server Connection Properties General Link Advanced Teaming VLANs Driver Resources intel S Adapter Teaming Teaming options C Express Team all ports on this adapter Team with other adapters Hen Team Jean No teams available Eraperties Do not team
58. unNnt ss se essees 89107 Interfaces Enabled for IGMP Snooping 0 1 OE2 0 3 0 4 075 0 6 0 7 0 8 0 9 OFAR OIA 0712 0 13 0 14 OF alee 0 16 1 1 a 2 bx6 sb9 b show ip igmp snooping mrouter VLAN Type Memeber Port 1 Dynamic TAL 10 Dynamic 171 20 Dynamic TAL bx6 sb9 b show ip igmp snooping multicast VLAN MAC Addr Type Memeber Port 1 Ode 0e5e 200 201s 18 Dynamic 1 1 I O14 005er 000I Dynamic 1 1 1 O12 001 5se100 501s 36 Dynamic 1 1 ii Odie OODE r007 L7 Dynamic 1 1 1 01 00 5e 7 00 01 Dynamic 1 1 0 5 lt 0 5 has joined 239 255 0 1 1 01 00 5e 7 00 02 Dynamic 1 1 0 5 lt 0 5 has joined 239 255 0 2 1 0120056 722 bre ra Dynamic 1 1 I LOO ser Eef f Ee Dynamic 1 1 10 Ole OO Sse RON Dynamic 1 1 0 1 10 OS O05 tes O0e07 Dynamite 7 LAOaL White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 34 47 Oe OOs Seo 00s Cul Dynamic 1 1 0 2 OLeO0r ser 7E O0 S02 Dynamic 1 1 0 2 White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Page 35 47 4 Switch Management 4 1 Logging and Synchronization 4 1 1 Introduction When there are problems in a network it is vital to log the events at all network devices Since a data center network often consists of many network devices a central logging server is used to collect the information from all components Logging information is usually sent using the protocol syslog RFC 31
59. up and External User Databases Before Cisco Secure ACS can RS EEE eae EEE eh Rep eee hd Applet encryptor started t Local intranet 7 E 1 7 7 CiscoSecure ACS Microsoft Internet Explorer bereitgestellt von CAT Siemens XP SP2 Ais led Specify the user s password and a ne i 4 Datei Bearbeiten Ansicht Favoriten Extras 3 press Su bmit zur ck lp x E A s Suchen Kg Favoriten Ei 3 ee w h B rel 3 Adresse Ka http 10 222 0 21 4169 index2 htm v E wechseln zu Links FSC G cce H csco Acom ORFE Siemens 4 A amp D SE SH2 intern Homepage 4 AMEX Cisco Systems User Setup x Supplementary User Info e Account Disabled Real Name D Group L e Deleting a Username jee Description e Supplementary User Info Shared Profile e Password Authentication es ni x re i r e Group to which the user is assigned Net work Callback Fe ere ain Callback eee Ace Weer Setup 9 e Chent IP Address Assignment ml Sustem e Advanced Settings onfiguration Te hisi RO Password Authentication a Acces s Restrictions Interf e Max Sessions i Configuration CiscoSecure Database s Tei ho x S x gt ag Administration CiscoSecure PAP Also used for CHAP MS e Account Disable vant CHAP ARAP if the Separate field is not e Downloadable ACLs i External User checked e Advanced TACACS Settings n 4 1c 4 J batsases a a e TACACS En
60. uration we show how to set up an access port of the SB9 switch 1 switch 2 Figure 10 BX600 port mapping To ensure high availability of the servers most BX600 racks will be equipped with two SB9 switches In this case each blade has one NIC port connected to the first SB9 and another port connected to the second SB9 switch see also Figure 10 In order to provide a fast failover between these NIC ports both switch ports must be configured identically and the NIC failover must be configured in the right way 2 5 2 Recommended solution The failover mechanism depends on the NIC vendor At the moment there are two different type of NICs used for CPU blades Intel and Broadcom For CPUs equipped with Broadcom NICs running Microsoft Windows there are in general two failover mechanisms available e Smart Load Balance and Failover with and without Auto Fallback e Link Aggregation 802 3ad or FEC GEC Since the two ports of the NIC are terminated on two different switches link aggregation cannot be used for failover SLB depends on the link state of the NIC When the CPU comes up the primary adapter will become active If the corresponding switch fails and the link state goes down the secondary adapter takes over If the link state of the primary adapter comes back and Auto Fallback is enabled the primary adapter will become active again since the link state of the primary adapter may come up before the uplinks of the corresponding
61. work components The SB9 supports RADIUS and TACACS for the authentication of users which want to access the switch using the web interface telnet or SSH It also supports these protocols for 802 1X but since this protocol is rarely used in datacenter networks this feature is not discussed here 4 4 2 Recommended Solution In most Cisco networks a Cisco Secure ACS is used as TACACS and RADIUS server The protocol should be selected in compliance with company policy so both configurations are described here 4 4 3 Configuration of RADIUS The following steps are necessary to integrate an SB9 into RADIUS authentication e 1 Prepare the ACS e 2 Configure the SB9 e 3 Test the login Step 1 Prepare the ACS To prepare the ACS to be an authentication server for the SB9 log in to the web interface of the SB9 and perform the following configuration 4 CiscoSecure ACS Microsoft Internet Explorer bereitgestellt von CAI Siemens XP SP2 SE Add the device using Bearbeiten Ansicht Favoriten Extras ae the button Add Entry arik 7 x E A a Suchen 5 2 Favoriten E4 lt w Lud Re rel 33 Adresse 2 http 10 222 0 21 4169 index2 htm v E wechseln zu Links FSC Sj cclE cisco Acom RFC Siemens A amp D SE SHZ intern Homepage 4 AMEX bt cisco Srsreus Network Configuration xi S Group P3 a J PA Sctu AAA Clients 2 Ry Premas AAA Client Hostname AAA Client IP Address Authenticate Using we Network 3750 1 10 222 0
62. y Switchport mode access Switchport access vlan 1 channel group 2 mode on interface range GigabitEthernet0 23 24 These commands are default and normally Switchport mode access Switchport access vlan 1 channel group 3 mode on Step 2 Verify the configuration Check if RSTP is enbled SB9 bx6 sb9 a show spanning tree summary Spanning Tree Adminmode Spanning Tree Version COnLagubakvon Configuration Revision Level Configuration Digest Key Configuration Format Selector No MST instances to display Default Check port channel configuration bx6 sb9 a show port channel all Port Link GOG Channel Adm Trap Mode Mode Check the RSTP State Enabled IEEE 802 1w displayed displayed displayed displayed Oxac36177 50283cd4b83821d8ab26de62 Port Type Ports Active Static Static bx6 sb9 a show spanning tree mst port summary 0 all STP Interface Mode Enabled Enabled Enabled Enabled Forwarding Forwarding Disabled Forwarding Port Designated Designated Disabled Designated Page 22 47 White Paper Issue October 2006 Integration of BX600 SB9 Switches in Cisco Networks Enabled Enabled Enabled Enabled Enabled Enabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Enabled Manual forwarding Disabled Enabled Manual forwarding Disabled Enabled Manual forwarding Disabled Enabled Manual
Download Pdf Manuals
Related Search