Sunfire B1600 Switch User Manual
Contents
1. and _ m Only two copies of the System Software file containing the runtime firmware can be stored in the file directory on the switch The currently designated startup version of this file cannot be deleted If there are two copies of the System Software file present you can delete the one that is not currently designated as the startup version and replace it with a new file or you can copy a new one into the directory using one of the existing file names Alternatively you can remove the startup designation from the current startup file delete that file copy a new version of the System Software file into the directory and finally make the new file the designated startup file Downloading Switch Firmware From a Server When downloading runtime code you can specify the destination file name to overwrite the current image or first download the file to a different file name and then set the new file as the startup file Web Interface Downloading Switch Firmware Open the Switch Status gt Software window Type the IP address of the TFTP server Type the file name of the software to download select a file on the switch to overwrite or specify a new file name Click Download Chapter 3 General Management of the Switch 3 21 Switch Status r fi r System Identity Network Identity Software Switch Software Deployment Tf you would like to upgrade your firrmware with a file other2. Chapter 3 General Management of the Switch 93 117 3 4 4 3 MIB Variables Associated With VLAN Behavior of Interfaces TABLE 3 36 MIB Variables Associated With VLAN Behavior of Interfaces Field Name Port PVID Port Acceptable Frame Type Port Mode Port Ingress Filtering MIB Variable MIB II dotidBridge QqBridgeMIB gqBridgeMIBObjects dotiqgVlan dotligPortVlanTable dotiqPortVlanEntry dotigPvid MIB II dotidBridge QqBridgeMIB gqBridgeMIBObjects dotliqVlan dotligPortVlanTable dotigqPortVlanEntry dotliqPortAcceptabl e FrameTypes sun vlanMgt vlanPortTable vlanPortEntry vlanPortMode MIB II dotidBridge QqBridgeMIB gqBridgeMIBObjects dotiqVlan dotligPortVlanTable dotigqPortVlanEntry dotlqPortIngressFi ltering Access Read write Read write Read write Read write Value Range Default Value Integer 1 4094 1 admitAll 1 admitAll admitOnlyVlan Tagged 2 hybrid 1 hybrid dotiqTrunk 2 true 1 false false 2 3 118 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 TABLE 3 36 MIB Variables Associated With VLAN Behavior of Interfaces Continued Field Name Port GVRP Status GARP Join Time GARP Leave Time GARP Leave All Time MIB Variable MIB II dotidBridge QBridgeMIB gqBridgeMIBObjects dotiqgVlan dotligPortVlanTable dotiqPortVlanEntry dotigPortGVRPStatu
3. MIB II MIB II MIB II MIB II MIB II MIB II MIB II MIB II MIB II MIB II MIB II MIB II MIB II snmp snmp snmp snmp snmp snmp snmp snmp snmp snmp snmp snmp snmp snmp snmp snmpInASNParseErrs snmpInTotalReqVars snmpiInTotalSetVars snmpiInGetRequests snmpiInGetNexts snmpiInSetRequests snmpSilentDrops snmpProxyDrops snmpOutPkts snmpOutTooBigs snmpOutNoSuchNames snmpOutBadValues snmpOutGenErrs snmpOutGetResponses snmpOutT raps Configuring Message Logs Access Read only Read only Read only Read only Read only Read only Read only Read only Read only Read only Read only Read only Read only Read only Read only Read only Read only Read only Read only Range Integer Integer Integer Integer Integer Integer Integer Integer Integer Integer Integer Integer Integer Integer Integer Integer Integer Integer Integer You can limit system log messages saved to switch memory based on severity When configuring message logs through the web interface or CLI the following parameters can be displayed or configured Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 5 4 1 m Enable Logging The status of logging of debug or error messages to switch memory The default is disabled m Logging Level The error level between 0 and 7 of system
4. e Transmit Broadcast Packets The total number of packets that higher level protocols requested be transmitted and which were addressed to a broadcast address at this sub layer including those that were discarded or not sent 3 142 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 TABLE 3 43 Traffic Statistics Continued Statistic e Transmit Discarded Packets e Transmit Errors Ether like Statistics e Alignment Errors e Late Collisions e FCS Errors e Excessive Collisions e Single Collision Frames e Internal MAC Transmit Errors e Multiple Collision Frames e Carrier Sense Errors e SQE Test Errors e Frames Too Long e Deferred Transmissions e Internal MAC Receive Errors Description The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being transmitted One possible reason for discarding such a packet could be to free up buffer space The number of outbound packets that could not be transmitted because of errors The number of alignment errors missynchronized data packets The number of times that a collision is detected later than 512 bit times into the transmission of a packet A count of frames received on a particular interface that are an integral number of octets in length but do not pass the FCS check This count does not include frames received with frame too long or frame too short error
5. Address Aging Virtual LANs e GVRP e Default VLAN e Management VLAN e Tagging e Ingress Filtering Multicast Filtering e IGMP Snooping ARP e Cache Timeout Default Enabled by default for SNPO 15 disabled for NETPO 7 300 seconds Disabled PVID 1 for untagged frames VLAN 2 for the management port RX All frames TX Untagged frames Disabled Enabled Enabled 20 minutes Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 CHAPTER 2 Initial Configuration For full information about performing the initial configuration of the switch refer to the Sun Fire B1600 Blade System Chassis Software Setup Guide This chapter contains the following sections m Section 2 1 Connecting to the Switch Interface on page 2 2 m Section 2 2 Enabling SNMP Management Access on page 2 3 2 1 Zal Connecting to the Switch Interface 2 1 1 Configuration Options For management access the switch module provides a command line configuration interface CLI This program can be accessed by first connecting to the RJ 45 serial console port on the switch and then logging into the switch s CLI from the System Controller s SC command prompt as shown below where SSCn indicates either SSCO or SSC1 sc gt console sscn swt Username admin Password CLI session with the Sun Fire B1600 is opened To end the CLI session enter Exit Console Note You can use a telnet or
6. IEEE 802 3u specification for 100 Mbit sec Fast Ethernet over two pairs of Category 5 UTP cable IEEE 802 3ab specification for Gigabit Ethernet over two pairs of Category 5 5e 100 ohm UTP cable IEEE 802 3 shorthand term for any 1000 Mbit sec Gigabit Ethernet based on 8B 10B signaling The difference between the highest and lowest frequencies available for network signals Also synonymous with wire speed the actual speed of the data transmission along the cable The historical percentage of packets received as compared to total bandwidth Boot protocol used to load the operating system for devices connected to the network Signalling method allowing each node to select its optimum operational mode for example 10 100 or 100 Mbit sec and half or full duplex based on the capabilities of the node to which it is connected A condition in which packets transmitted over the cable interfere with each other Their interference makes both signals unintelligible This only applies to half duplex connections Single CSMA CD LAN segment Carrier Sense Multiple Access Collision Detect is the communication method employed by Ethernet and Fast Ethernet Glossary 1 Dynamic Host Control Protocol DHCP End Station Ethernet Fast Ethernet Full Duplex GARP VLAN Registration Protocol GVRP Generic Attribute Registration Protocol GARP Gigabit Ethernet Group Attribute Registration Protocol IEEE 802 1D IEEE 8
7. Port Speed Duplex Configuration Port Flow Control Configuration MIB Variable Access sun Read write portMgt portTable portEnt ry portCapabilities SUs 4 5 Read write portMgt portTable portEnt ry portSpeedDpxCfg Sits a Read write portMgt portTable portEnt ry portFlowCtricfg Default Value Range Value Bits portCap10half 0 portCap10full 1 portCap100half 2 portCap100full 3 portCap1000half 4 portCap1000full 5 reserved6 13 6 13 portCapSym 14 portCapFlowCtrl 15 reserved 1 halfDuplex10 2 fullDuplex10 3 halfDuplex100 4 fullDuplex100 5 halfDuplex1000 6 fullDuplex1000 7 enabled 1 disabled 2 backPressure 3 dot3xFlowControl 4 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 4 3 Configuring Aggregated Links You can create multiple links between devices that work as one virtual aggregate link An aggregated link offers a dramatic increase in bandwidth for network segments where bottlenecks exist as well as providing a fault tolerant link between two devices You can create up to six aggregated links at a time The switch supports both static aggregated links and dynamic Link Aggregation Control Protocol LACP LACP configured ports will automatically negotiate a link with LACP configured ports on another device You can configure any number of the up link ports on the switch as LACP as long as they are
8. Privileges insufficient General error PVID is invalid Select a correct one Timer is invalid Select a correct one Table is full or data is invalid Privileges insufficient Appendix B Troubleshooting B 13 TABLE B 4 Web Interface Error Messages Continued Menu Message Description Packet Filtering User privileges are not enough to Privileges insufficient perform this operation Monitoring Port Mirroring Data is invalid General error User privileges are not enough to Privileges insufficient perform this operation Logs Data is invalid General error User privileges are not enough to Privileges insufficient perform this operation B 14 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 APPENDIX C Specifications This appendix contains the following sections Section C 1 Switch Architecture on page C 2 Section C 2 Management Features on page C 3 Section C 3 Physical on page C 3 Section C 4 Power on page C 4 Section C 5 Environmental on page C 4 Section C 6 Standards on page C 4 C 1 C 1 C 2 Switch Architecture TABLE C 1 Switch Architecture Item Ports Network Interface Buffer Architecture Aggregate Bandwidth Switching Database LEDs Specifications e Network up links 8 1000BASE T e Midplane 16 Gigabit serialized down links for server Blades e Management channel 1 10 100BASE TX 1 console port seri
9. Protocol Migration z Point iY NETP4 Broken 128 10000 O 32768 0 0000E8666672 126 21 t Disabled Point Bal FIGURE 3 42 The Up Links Spanning Tree Window showing STA status Command line Interface Checking the STA Protocol Status for an Interface This example uses the protocol migration command to verify the spanning tree message type RSTP or STP compatible to send on this interface Console config interface ethernet NETP4 Console config if sSpanning tree protocol migration Console config if MIB Variables Associated With a Port s STA Status TABLE 3 40 MIB Variables Associated With a Port s STA Status Field Name MIB Variable Access Value Range Default Value STA Port sun staMgt Read write true 1 true Protocol staPortTable false 2 Migration staPortEntry staPortProtocolMigr ation Chapter 3 General Management of the Switch 3 133 3 4 7 3 134 Filtering Traffic From the Down Link Ports to the Management Port You can configure the packet filtering to prevent specified IP traffic from reaching the internal management port NETMGT from the down link ports Note Traffic is not allowed between up link ports and the management port The system default is to stop all IP packets from passing from the down link ports to the management port NETMGT If you need the blades to access the management network through the management port NETMGT you must set a filter to permit specific frames to p
10. show garp timer 4 135 bridge ext gvrp 4 135 show bridge ext 4 136 IGMP Snooping Commands 4 138 4 3 14 1 4 3 14 2 4 3 14 3 4 3 14 4 4 3 14 5 4 3 14 6 4 3 14 7 4 3 14 8 4 3 14 9 4 3 14 10 4 3 14 11 4 3 14 12 show ip igmp snooping mrouter ip igmp snooping 4 139 ip igmp snooping vlan static 4 140 ip igmp snooping version 4 141 show ip igmp snooping 4 142 show mac address table multicast 4 143 ip igmp snooping querier 4 144 ip igmp snooping query count 4 144 ip igmp snooping query interval 4 145 ip igmp snooping query max response time 4 146 ip igmp snooping router port expire time 4 147 4 148 4 149 ip igmp snooping vlan mrouter Priority Commands 4 150 4 3 15 1 4 3 15 2 4 3 15 3 4 3 15 4 4 3 15 5 4 3 15 6 4 3 15 7 4 3 15 8 4 3 15 9 4 3 15 10 4 3 15 11 switchport priority default 4 151 queue bandwidth 4 152 queue cos map 4 153 show queue bandwidth 4 155 show queue cos map 4 156 map ip precedence Global Configuration 4 157 map ip precedence Interface Configuration 4 158 map ip dscp Global Configuration 4 159 map ip dscp Interface Configuration 4 160 show map ip precedence 4 161 show map ip dscp 4 162 Contents xv 4 3 16 Mirror PortCommands 4 164 4 3 16 1 port monitor 4 164 4 3 16 2 show port monitor 4 165 4 3 17 Link Aggregation Commands 4 166 4 3 17 1 channel group 4 167 4 3 17 2 lacp 4 168 A Management Information Base A 1 A 1 Supported MIBs A 2 A 2 Supported Traps A 3
11. 100 sec Query max response time 20 sec Query time out 300 sec IGMP snooping version Version 2 Console Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 39 22 MIB Variables Associated With IGMP Parameters TABLE 3 15 MIB Variables Associated With IGMP Parameters Field Name MIB Variable Access Default Value Snooping Status Snooping Querier Snooping Query Count Snooping Query Interval Snooping Query Max Response Time Snooping Router Port Expire Time Snooping Version Specifying Interfaces Connected to Multicast Routers sun igmpSnoopMgt igmpSnoopStatus sun igmpSnoopMgt igmpSnoopQuerier sun igmpSnoopMgt igmpSnoopQueryCount sun igmpSnoopMgt igmpSnoop QueryInterval sun igmpSnoopMgt igmpSnoopQuery MaxResponseTime sun igmpSnoopMgt igmpSnoopRouterPort ExpireTime sun igmpSnoopMgt igmpSnoopVersion Read write Read write Read write Read write Read write Read write Read write Value Range enabled 1 disabled 2 enabled 1 disabled 2 Integer 2 10 Integer 60 125 seconds Integer 5 25 seconds Integer 300 500 seconds Integer 1 2 enabled enabled 125 300 Multicast routers use the information obtained from IGMP Query along with a multicast routing protocol such as DVMRP to support IP multicasting across the Internet These routers may b
12. 3 1 3 TABLE 3 2 Menu Switch Setup Switch Config Main Menu Using the on board web agent you can define system parameters manage and control the switch and all its ports and monitor network conditions The following table briefly describes the selections available from this program Subordinate Menu System Identity Network Identity Software Security Communication VLANs e Static VLAN Port Membership Broadcast amp Multicast e IGMP Parameters e Multicast Router Ports e Multicast Services e Broadcast Parameters Spanning Tree e Basic Configuration e Advanced Configuration Summary of Tasks You Can Perform Using the Web Agent Description Basic configuration Provides basic system description including location and contact information Sets the IP address for management access using DHCP BOOTP or manual configuration Manage switch firmware code and configuration files Global configuration protocols Assigns user names and passwords as well as remote access authentication service using RADIUS or TACACS Sets the SNMP community access strings trap managers and type of traps to issue Displays basic VLAN information enables GVRP multicast protocol configures VLANs Adds static members to VLANs Sets broadcast storm control configures multicast protocols including IGMP Snooping static router port information and multicast services Enables multicast filtering configur
13. A count of frames for which transmission on a particular interface fails due to excessive collisions This counter does not increment when the interface is operating in full duplex mode The number of successfully transmitted frames for which transmission is inhibited by exactly one collision A count of frames for which transmission on a particular interface fails due to an internal MAC sublayer transmit error A count of successfully transmitted frames for which transmission is inhibited by more than one collision The number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame A count of times that the SQE TEST ERROR message is generated by the PLS sublayer for a particular interface A count of frames received on a particular interface that exceed the maximum permitted frame size A count of frames for which the first transmission attempt on a particular interface is delayed because the medium was busy A count of frames for which reception on a particular interface fails due to an internal MAC sublayer receive error Chapter 3 General Management of the Switch 3 143 TABLE 3 43 Traffic Statistics Continued Statistic RMON Statistics e Drop Events e Jabbers e Received Bytes e Collisions e Received Frames e Broadcast Frames e Multicast Frames e CRC Alignment Errors e Undersize Frames e Oversize Frames e Fragments e 64 Bytes Frames e
14. B Troubleshooting B 1 B 1 Diagnosing Switch Indicators B 2 B 2 Diagnosing Port Connections B 2 B 3 Accessing the Management Interface B 2 B 4 Using System Logs B 4 B 4 1 Log Messages B 4 B 5 Error Messages B 5 B 5 1 Command Line Error Detection B 5 B 5 2 System Errors B 6 B 5 3 Command Line Errors B 6 B 5 4 Web Interface Errors B 9 C Specifications C 1 C 1 Switch Architecture C 2 C 2 Management Features C 3 C 3 Physical C 3 C 4 Power C 4 C 5 Environmental C 4 C 6 Standards C 4 xvi Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Glossary Glossary 1 Index Index 1 Contents xvii xviii Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Preface This Sun Fire B1600 Blade System Chassis Switch Administration Guide provides information that enables you to understand and use the switch inside the Switch and System Controller SSC module in the system chassis There are two interfaces to the switch a command line interface and a web interface This manual describes both The manual is intended for network administrators who are responsible for managing the system chassis The manual assumes a working knowledge of local area network operations and familiarity with networking protocols Before You Read This Book Before you start configuring the switch Install your system chassis by following the instructions in the Sun Fire B1600 Blade System Chassis Hardware Inst
15. Example The following example adds a VLAN using VLAN ID 105 and name RD5 The VLAN is activated by default Console config vlan database Console config vlan vlan 105 name RD5 media ethernet Console config vlan 4 122 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 12 3 4 3 12 4 Related Commands show vlan 4 130 interface vlan Use this command to enter interface configuration mode for VLANs and configure a physical interface Syntax interface vlan vlan id vlan id The ID of the configured VLAN Range 1 4094 no leading zeroes Default Setting None Command Mode Global Configuration Example The following example shows how to set the interface configuration mode to VLAN 1 and then assign an IP address to the VLAN Console config interface vlan 1 Console config if ip address 192 168 1 254 255 255 255 0 Console config if Related Commands shutdown 4 91 switchport mode Use this command to configure the VLAN membership mode for a port Use the no form to restore the default Chapter 4 Command Line Reference 4 123 Syntax switchport mode trunk hybrid no switchport mode trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN However note that frames belonging to the port s default VLAN associated with the PVI
16. TACACS server UDP port between 1 and 65 535 used for authentication messages 4 52 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Default Setting None Command Mode Global Configuration Example Console config tacacs server port 181 Console config 4 3 4 10 tacacs server key Use this command to set the TACACS encryption key Use the no form to restore the default Syntax tacacs server key key_string no tacacs server key key_string The encryption key used to authenticate logon access for the client Do not use blank spaces in the string The maximum length is 20 characters Default Setting None Command Mode Global Configuration Example Console config tacacs server key green Console config Chapter 4 Command Line Reference 4 53 4 3 4 11 show tacacs server Use this command to display the current settings for the TACACS server Default Setting None Command Mode Privileged Exec Example Console show tacacs server Remote TACACS server configuration Server IP address 10 11 12 13 Communication key with tacacs server Server port number 1824 Console 4 3 5 SNMP Commands Controls access to this switch from SNMP management stations as well as the error types sent to trap managers TABLE 4 10 SNMP Commands Command Function Mode Page snmp server Sets the community access string to permit access to GC 4 55 community SNMP command
17. e VLAN Classification When the switch receives a frame it classifies the frame in one of two ways If the frame is untagged the switch assigns the frame to an associated VLAN based on the PVID of the receiving port But if the frame is tagged the switch uses the tagged VLAN ID to identify the port broadcast domain of the frame m Port Overlapping Port overlapping can be used to allow access to commonly shared network resources among different VLAN groups such as file servers or printers Note that if you implement VLANs which do not overlap but still need to communicate you can connect them by using a Layer 3 router or switch m Port based VLANs Port based or static VLANs are manually tied to specific ports The switch s forwarding decision is based on the destination MAC address and its associated port Therefore to make valid forwarding or flooding decisions the switch must learn the relationship of the MAC address to its related port and thus to the VLAN at run time However when GVRP is enabled this process can be fully automatic m Automatic VLAN Registration GARP VLAN Registration Protocol GVRP defines a system whereby the switch can automatically learn the VLANs to which each end station should be assigned If an end station or its network adapter supports the IEEE 802 10 VLAN protocol it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join When this switch
18. 2665 2737 2674 2674 A 2 Supported MIBs Title MIB II Bridge MIB e Interfaces e Evolution MIB e RMON MIB RADIUS MIB Etherlike MIB Entity MIB P bridge Q bridge Supported Groups system group interfaces group ip group icmp group tcp group udp group snmp group dotidBase group dotidStp group dotidTp group dotidStatic group ifXTable group ifStackTable group statistics group history group alarm group event group radiusAuthClientMIB dot3StatsTable group entityPhysical group dotldExtBase group dotidPriority group dotidGarp group dotiqBase group dotlqTp group dotlgStatic group dotiqgVlan Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 The Sun private enterprise MIB is listed below TABLE A 2 Sun Private Enterprise MIB Title Version CSSP MIB 01 00 00 A 2 Supported Traps SNMP traps supported include the following items TABLE A 3 SNMP Traps RFC No Title RFC 1215 e coldStart SNMPv1 e linkDown SNMPv2c e authenticationFailure RFC 1493 e newRoot e topologyChange RFC 2819 e risingAlarm e fallingAlarm Sun private enterprise traps supported include the following item TABLE A 4 Sun Private Enterprise Traps RFC No Title CSSP MIB e swPowerStatusChangeTrap Appendix A Management Information Base A 4 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 APPENDIX
19. 4 114 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 11 11 Related Commands spanning tree cost 4 112 spanning tree edge port Use this command to specify an interface as an edge port Use the no form to restore the default Syntax spanning tree edge port no spanning tree edge port Default Setting NETP0 7 NETMGT Disabled SNP0O 15 Enabled fixed at this setting Command Mode Interface Configuration Ethernet Port Channel Command Usage You can enable this option if an interface is attached to a LAN segment that is at the end of bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only be enabled for ports connected to an end node device Chapter 4 Command Line Reference 4 115 Example Console config interface ethernet SNP5 Console config if spanning tree edge port Console config if 4 3 11 12 spanning tree protocol migration Use this command to
20. Console config interface port channel 1 Console config if exit Console config interface ethernet NETP2 Console config if channel group 1 Console config if 4 3 17 2 lacp Use this command to enable 802 3ad Link Aggregation Control Protocol LACP for the current interface Use the no form to disable it 4 168 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Syntax lacp no lacp Default Setting Enabled Command Mode Interface Configuration Ethernet Command Usage The ports on both ends of an aggregated link must be configured for full duplex either by forced mode or auto negotiation An aggregated link formed with another switch using LACP will automatically be assigned the next available port channel ID a If the target switch has also enabled LACP on the connected ports the aggregated link will be activated automatically If more than four ports attached to the same target switch have LACP enabled the additional ports are placed in standby mode and are only enabled if one of the active links fails Chapter 4 Command Line Reference 4 169 Example The following shows LACP enabled on ports NETPO to NETP2 Because LACP has also been enabled on the ports at the other end of the links the show interfaces status port channel 1 command shows that port channel 1 has been established Console config interface ethernet NETPO Console config if lacp Console
21. Displays or edits static entries in the Address Table enables and disables learning of permanent entries Configures port settings for the global spanning tree Configures STP port level settings for interface s on the global spanning tree Port configuration Displays port connection status Specifies port attributes including default PVID switchport mode ingress filtering GVRP GARP timers configures static VLAN members Filters traffic entering the management port from the up link ports Switch monitoring functions Sets the source and target ports for mirroring Displays statistics on port traffic including information from the Interfaces Group Ethernet like MIB and RMON MIB Displays statistics on SNMP messages Configures logging message parameters displays messages stored in switch memory See Page 3 121 3 125 3 125 3 96 3 96 3 114 3 134 3 139 3 139 3 141 3 152 3 152 Chapter 3 General Management of the Switch 3 7 3 2 SPAM oe Wea Basic Configuration Displaying System Information You can identify the system by providing a descriptive name location and contact information When displaying system information using the web interface or CLI the following parameters are displayed or can be configured m Host Name The name assigned to the switch m Location The system chassis location m Contact The administrator responsible for the system m System
22. RADIUS server UDP port between 1 and 65 535 used for authentication messages 4 48 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Default Setting 1812 Command Mode Global Configuration Example Console config radius server port 181 Console config 4 3 4 4 radius server key Use this command to set the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server key key_string The encryption key used to authenticate logon access for the client Do not use blank spaces in the string The maximum length is 20 characters Default Setting None Command Mode Global Configuration Example Console config radius server key green Console config Chapter 4 Command Line Reference 4 49 4 3 4 5 4 3 4 6 radius server retransmit Use this command to set the number of retries Use the no form to restore the default Syntax radius server retransmit number_of_retries no radius server retransmit number_of_retries The number of times between 1 and 30 the switch tries to authenticate logon access through the RADIUS server Default Setting 2 Command Mode Global Configuration Example Console config radius server retransmit 5 Console config radius server timeout Use this command to set the interval between transmitting authentication requests to the RADIUS server Use the no form to
23. Related Commands password thresh 4 66 4 3 6 7 show line Use this command to display the terminal line s parameters Syntax show line console vty console The console terminal line vty A virtual terminal for remote console access Telnet 4 68 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 7 Default Setting Shows all lines Command Mode Normal Exec Privileged Exec Example To show the connection settings for all lines enter this command Console show line Console configuration Password threshold 3 times Interactive timeout Disabled Silent time Disabled Baudrate 9600 Databits 8 Parity none Stopbits 1 Vty configuration Password threshold 3 times Interactive timeout 600 Console IP Commands By default the switch searches for its IP address default gateway and netmask using DHCP You can manually configure a specific IP address or direct the device to obtain an address from a BOOTP or DHCP server Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Anything outside this format will not be accepted by the software TABLE 4 12 IP Commands Command Function Mode Page IP Configuration ip address Sets the IP address for this device IC 4 70 ip dhcp restart Submits a BOOTP or DCHP client request PE 4 71 Chapter 4 Command Line Reference 4 69 TABLE 4 12 IP Commands Command Function Mode P
24. STA root change notification STA root change 6 STA topology change notification STA topology change 6 RMON rising alarm notification RMON rising alarm 6 RMON falling alarm notification RMON falling alarm 6 1 Indicates unit 1 port YY YY 1 to 25 2 Indicates a VLAN ID value XX 1 to 4094 3 Syslog message level See logging history on page 4 35 B S Error Messages B 5 1 Command Line Error Detection If the switch detects invalid input in the command line it displays a beneath the location where the error was detected For example Console show interfaces statuss e 1 1 AN Invalid input detected at marker Appendix B Troubleshooting B 5 B 5 2 System Errors The key error messages generated by the switch are listed in the following table To control the message levels issued by the switch see logging history on page 4 35 TABLE B 2 System Error Messages Message Description Levels module create task fail Specified software module cannot create the task Z module task idle too long Specified software module stayed in idle state too 2 long Allocate string memory fail Allocate memory failed for specified String 2 Free string memory fail Free memory failed for specified String 2 string switch to default Specified value is invalid or not supported the default 3 value will be used Please refer to the on line help or this manual for information on acceptable values 1 Indicates the
25. TI dotidBridge QqBridgeMIB gqBridgeMIBObjects dotigVlan dotlqvilanCurrentT able dotigVlanCurrentE ntry dotigVlaniIndex MIB TI dotidBridge QqBridgeMIB gqBridgeMIBObjects dotigVlan dotigVlanStaticTa ble dotigVlanStaticEn try dotlgVlanStaticNa me MIB TI dotidBridge QqBridgeMIB qBridgeMIBObjects dotigVlan dotigVlanStaticTa ble dotigVlanStaticEn try dotigqVlanStatic RowStatus Default Access Value Range Value No access Integer 1 Read Octet string create size 0 32 Read enable 1 create disable 2 Chapter 3 General Management of the Switch 3 49 TABLE 3 13 MIB Variables Associated With VLAN Configuration Continued Field Name VLAN Type VLAN Ports MIB Variable MIB TI dotidBridge QqBridgeMIB qBridgeMIBObjects dotigVlan dotigVlanCurrentT able dotigVlanCurrentE ntry dotigVlanStatus MIB TI dotidBridge QqBridgeMIB qBridgeMIBObjects dotigVlan dotigVlanCurrentT able dotigVlanCurrentE ntry dotigVlanCurrent EKgressPorts Access Read only Read only 3 3 1 4 Adding Static Members to VLANs When adding static members to VLANs using the web interface or CLI the following parameters are displayed or can be configured m Name The name of the VLAN a Up Time at Creation The time the VLAN was created m Status The method by which the VLAN was added to the switch a Dynamic Automatically learned through GVRP a Static Man
26. Untagged The interface is a member of the VLAN All packets transmitted by the port on this VLAN are untagged that is do not carry a tag and therefore do not carry VLAN or COS information Forbidden The interface is forbidden from automatically joining the VLAN through GVRP See Automatic VLAN Registration on page 3 40 a Remove The selected interface is removed from the VLAN 3 4 4 1 Web Interface Configuring VLAN Behavior for Interfaces 1 Open Up Links Down Links Management Port gt VLANs Chapter 3 General Management of the Switch 3 115 3 116 2 Modify the required settings for each interface 3 Click Save r f up inks F f r Connection Status Link Aggregation VLANs Static Addresses Spanning Tree Sun Fire 81600 gt Up Links gt WLANS Select Port NETE4 z You can configure WLAN behavior for specific interfaces including the default VLAN identifier PWID accepted frame types ingress filtering GVRP status and GARP timers Default VLAN for Port PYID 4 Finance Acceptable Frame Types All Frame Types C Tagged Only Switch Port Mode Trunk Hybrid Ingress Filtering Enabled Enable GARP VLAN Registration Protocol GVRP Enable Disable Configure Group Addrass Registration Protocol GARP Parameters GARP Join Timer 20 GARP Leave Timer leo GARP Leaveall Timer 1000 P FIGURE 3 37 The Up Links VLANs Window Sun Fire B1
27. byte diag_0060 Boot Rom image 111360 run_0200 Operation Code 1083008 startup Config File 2710 Console 4 3 2 5 boot system Use this command to specify the file or image used to start up the system Syntax boot system boot rom config opcode filename The type of file or image to set as a default includes a boot rom Boot ROM config Configuration file opcode Run time operation code a The colon is required filename Name of the configuration file or image name Default Setting None Command Mode Global Configuration Command Usage A colon is required after the specified file type a If the file contains an error it cannot be set as the default file 4 26 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Example Console config boot system config startup Console config Related Commands dir 4 23 whichboot 4 25 4 3 3 System Management Commands These commands are used to control system logs passwords user names browser configuration options and display or configure a variety of other system information TABLE 4 6 System Management Commands Command Function Mode Page Device Description Command hostname Specifies or modifies the host name for the device GC 4 28 User Access Commands enable password Sets a password to control access to the Privileged Exec GC 4 30 level Web Server Commands 1p Reto Dore Specifies th
28. dotldTrafficClass Chapter 3 General Management of the Switch 3 83 3 3 9 3 Setting the Service Weight for Traffic Classes This switch uses the Weighted Round Robin WRR algorithm to determine the frequency at which it services each priority queue As described in Mapping COS Values to Egress Queues on page 3 80 the traffic classes are mapped to one of the four egress queues provided for each port You can assign a weight to each of these queues and thereby to the corresponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software applications assigned a specific priority value When setting the weight for traffic classes through the web interface or CLI the following parameters can be configured m Traffic Class Queue A list of weights for each traffic class a WRR Weights The weight between 1 and 255 for the selected traffic class Web Interace Setting the Service Weight for Traffic Classes Open Switch Config Class of Service Basic Traffic Prioritisation Scroll to Setting the Service Weights for Traffic Classes Egress Queues Select a traffic class output queue Type a value in the WRR Weights text field Click Save Switch Contig Security Communication VLANs Broadcast amp Multicast Spanning Tree Class of Service Addres Setting the Service Weights for Traftic C
29. each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops might result Root Hold Time The interval in seconds during which no more than two configuration BPDUs shall be transmitted by the switch The following root device global parameters can be configured m Priority The bridge priority that is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device 0 highest 61440 lowest However if all devices have the same priority the device with the lowest MAC address will then become the root device Specify a value from 0 to 61 440 in steps of 4096 The possible options are 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 and 61440 The default is 32 768 Hello Time The interval in seconds after which the switch transmits a configuration BPDU frame when it becomes the root device Specify a value from 1 to the lower of 10 or Max Message Age 2 1 The default is 2 seconds Chapter 3 General Management of the Switch 3 71 3 72 m Maximum Age The maximum time in seconds the switch can wait without receiving a configuration message before attempting to reconfigure All switch ports except for designated ports receive configuration messages at regular intervals Any port that ages out the STA information p
30. size 0 32 Timeticks in centiseconds other 1 permanent 2 dynamicGvrp 3 Octet string port list Chapter 3 General Management of the Switch 3 53 Rey TABLE 3 14 MIB Variables Associated With Adding Ports to a VLAN Continued Field Name MIB Variable Access Value Range Default Value VLAN MIB II Read create Octet string Forbidden Ports dotidBridge port list qBridgeMIB qBridgeMIBObjects dotigVlan dotigPortVlanTable dotigPortVlanEntry dotlgqVlanForbidden BKgressPorts Port Trunk Index sun Read only Integer Channel portMgt Groups portTable portEntry portTrunkIndex VLAN Static MIB II Read create enable 1 Row Status dot1dBridge disable 2 qBridgeMIB qBridgeMIBObjects dotigVlan dotigqVlanStaticTable dotliqVlanStaticEntry dotigqVlanStatic RowStatus Multicast Configuration Multicasting is used to support real time applications such as videoconferencing or streaming audio A multicast server does not have to establish a separate connection with each client It merely broadcasts its service to the network and any hosts that want to receive the multicast service register with their local multicast switch router Although this approach reduces the network overhead required by a multicast server the broadcast traffic must be carefully pruned at every multicast switch router it passes through to ensure that traffic is only passed on to the hosts that subscribed to the service
31. stored Example Console config logging on Console config 4 34 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 3 8 Related Commands logging history 4 35 clear logging 4 36 logging history Use this command to limit syslog messages saved to switch memory based on severity The no form returns the logging of syslog messages to the default level Syntax logging history flash ram level no logging history flash ram a flash The event history stored in Flash memory permanent memory m ram The event history stored in temporary RAM memory flushed on power reset a level 0 to 7 Messages saved include the selected level down to level 0 TABLE 4 8 Error Levels Level Argument Level debugging 7 informational 6 notifications 5 warnings 4 errors 3 critical 2 alerts 1 emergencies 0 Description Debugging messages Informational messages only Normal but significant condition such as cold start Warning conditions for example return false unexpected return Error conditions for example invalid input default used Critical conditions for example memory allocation or free memory error resource exhausted Immediate action needed System unusable There are no Level 0 or Level 1 error messages for the current firmware release Default Setting Flash errors level 3 to 0 RAM warnings level 7 to 0 Chapter 4 Comman
32. 0 7 o FIGURE 3 29 The Switch Config Class of Service Window for Mapping IP Precedence Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Command line Interface Mapping IP Precedence The following example maps IP Precedence value 1 to COS value 0 on port SNP5 and then displays all the IP Precedence settings for that port Console config interface ethernet SNP5 Console config if map ip precedence 1 cos 0 Console config if end Console tshow map ip precedence ethernet SNP5 Precedence mapping status disabled Precedence COS O 0 1 0 2 2 3 3 4 4 5 5 6 6 7 7 Console MIB Variables Associated With Mapping IP Precedence TABLE 3 28 MIB Variables Associated With Mapping IP Precedence Field Name MIB Variable Access Value Range Default Value IP Precedence Suner Not Integer 0 7 Value priorityMgt accessible priolpPrecTable priolpPrecEntry priolpPrecValue IP Precedence Suits os Read write Integer 0 7 one to one CoS priorityMgt mapping priolpPrecTable priolpPrecEntry priolpPrecCos 15 Mapping specific values for IP Precedence is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Chapter 3 General Management of the Switch 3 89 3 3 9 6 Mapping DSCP Priority The DSCP is six bits wide enabling coding for up to 64 different forwarding behaviors The DSCP replaces the ToS bits but it retains backward comp
33. 1600 gt Switch Config gt Broadcast amp Multicast View IGMP Parameters Configuring IGMP Parameters Te configure the switch to use IGMP intemet Group Management Protecel For multicast filtering you will need to enable GMP Snooping You can alse configure the switch te act as an GMP Querier which will make it responsible for propagating multicast traffic te other switches or routers on the network W IGMP Snooping Enabled IGMP Protocol Version Version 2 C Version 1 W IGMP Querier Enabled Query Count 1 2 fio Query Intaryal a0 125isecs fioo Query Report Delay 5 30 secs o Router Port Expire Time 300 500 secs5 300 E E y FIGURE 3 19 The Switch Config Broadcast amp Multicast Window Chapter 3 General Management of the Switch 3 57 3 58 Command line Interface Configuring IGMP Snooping Parameters This example modifies the settings for multicast filtering and then displays the current status Console config ip igmp snooping Console config ip igmp snooping querier Console config ip igmp snooping query count 10 Console config ip igmp snooping query interval 100 Console config ip igmp snooping query max response time 20 Console config ip igmp router port expire time 300 Console config ip igmp snooping version 2 Console config exit Console show ip igmp snooping Igmp Snooping Configuration Service status Enabled Querier status Enabled Query count 10 Query interval
34. 2 Specifying Trap Managers and Trap Types 3 36 Configuring Global Network Protocols 3 39 3 3 1 3 32 3 3 3 3 3 4 3 3 9 VLAN Configuration 3 39 3 3 1 1 Displaying Basic VLAN Information 3 41 3 3 1 2 Enabling or Disabling GVRP Global Setting 3 45 3 3 1 3 Configuring VLANs 3 46 3 3 1 4 Adding Static Members to VLANs 3 50 Multicast Configuration 3 54 D321 Configuring IGMP Snooping Parameters 3 55 332 2 Specifying Interfaces Connected to Multicast Routers 3 59 3 3 2 3 Configuring Multicast Services 3 64 Broadcast Storm Control Global Setting 3 67 3 3 3 1 Web Interface Using Broadcast Storm Control 3 67 3 3 3 2 Command line Interface Using Broadcast Storm Control 3 68 Spanning Tree Algorithm Configuration 3 70 3 3 4 1 Configuring Basic STA Settings 3 70 3 3 4 2 Configuring Advanced STA Settings 3 76 Class of Service Configuration 3 78 SASAMI Setting the Default Priority for Interfaces 3 78 Z392 Mapping COS Values to Egress Queues 3 80 3 3 5 3 Setting the Service Weight for Traffic Classes 3 84 3 3 5 4 Mapping Layer 3 4 Priorities to COS Values 3 85 Contents vii 3 3 6 3 3 5 5 Mapping IP Precedence 3 87 3 3 5 6 Mapping DSCP Priority 3 90 Address Table Settings 3 92 3 3 6 1 Displaying the Address Table 3 92 3 3 6 2 Changing the Aging Time 3 94 3 4 Port Configuration 3 96 3 4 1 3 4 2 3 4 3 3 4 4 3 4 5 3 4 6 Displaying Connection Status 3 96 Configuring Interface Connections 3 102
35. 3 6 4 3 6 1 Line Commands You can access the on board configuration program by attaching a VT100 compatible device to the switch s serial port These commands are used to set communication parameters for the serial port or Telnet a virtual terminal Note The connection parameters for the serial interface are fixed at 8 data bits 1 stop bit no parity and 9600 bps TABLE 4 11 Line Commands Command Function Mode Page line Identifies a specific line for configuration and starts GC 4 62 the line configuration mode login Enables password checking at login LC 4 63 password Specifies a password on a line LC 4 64 exec timeout Sets the interval that the command interpreter waits LC 4 66 until user input is detected password thresh Sets the password intrusion threshold which limits LC 4 66 the number of failed logon attempts silent time Sets the amount of time the management console is LC 4 67 inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password thresh command show line Displays a terminal line s parameters NE 4 68 PE This command only applies to the serial port line Use this command to identify a specific line for configuration and to process subsequent line configuration commands Syntax line console vty a console The console terminal line vty A virtual terminal for remote console access Telnet 4 62 Sun Fire B1600 Blade System Ch
36. 4 126 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Command Usage If an interface is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before you can assign its PVID to that group If acceptable frame types is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames entering the ingress port Example The following example shows how to set the PVID for port SNP1 to VLAN 3 Console config interface ethernet SNP1 Console config if switchport native vlan 3 Console config if 4 3 12 8 switchport allowed vlan Use this command to configure VLAN groups on the selected interface Use the no form to restore the default Syntax switchport allowed vlan add vlan tagged untagged remove vlan no switchport allowed vlan a add vlan VLAN identifier to add a remove vlan VLAN identifier to remove Do not enter leading zeros Range 1 4094 Note You cannot use the no switchport allowed vlan command on the NETMGT port If you do the switch will display an error message Chapter 4 Command Line Reference 4 127 To restore the management port to its factory default VLAN VLAN 2 and remove it from any other VLANs you have added it to type the following commands Console
37. 4 7 4 1 2 9 Understanding Command Modes 4 7 4 1 2 10 ExecCommands 4 8 4 1 2 11 Configuration Commands 4 9 4 1 2 12 Command Line Processing 4 10 4 2 Command Groups 4 11 4 3 Detailed Command Description 4 13 4 3 1 General Commands 4 13 4 3 1 1 enable 4 13 Loney disable 4 14 4 3 1 3 configure 4 15 4 3 1 4 show history 4 16 4 3 1 5 reload 4 17 4 3 1 6 end 4 18 x Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 2 4 3 3 4 3 4 4 3 1 7 4 3 1 8 exit 4 19 quit 4 19 Flash File Commands 4 20 4 3 2 1 copy 4 20 4 3 2 2 delete 4 22 4 3 2 3 dir 4 23 4 3 2 4 whichboot 4 25 4 3 2 5 bootsystem 4 26 System Management Commands 4 27 4 3 3 1 hostname 4 28 4 3 3 2 username 4 29 4 3 3 3 enable password 4 30 4 3 3 4 ip http port 4 31 4 3 3 5 ip http server 4 32 4 3 3 6 jumbo frame 4 33 4 3 3 7 loggingon 4 34 4 3 3 8 logging history 4 35 4 3 3 9 clear logging 4 36 4 3 3 10 show logging 4 37 4 3 3 11 show startup config 4 38 4 3 3 12 show running config 4 40 4 3 3 13 show system 4 42 4 3 3 14 show users 4 44 4 3 3 15 show version 4 44 Authentication Commands 4 45 4 3 4 1 authentication login 4 46 4 3 4 2 radius server host 4 48 4 3 4 3 radius server port 4 48 Contents xi 4 3 4 4 4 3 4 5 4 3 4 6 4 3 4 7 4 3 4 8 4 3 4 9 4 3 4 10 4 3 4 11 SNMP Commands 4 54 4 3 5 4 3 5 1 4 3 5 2 4 3 5 3 4 3 5 4 4 3 5 5 4 3 5 6 4 3 6 4 3 6 1 4 3 6 2 4 3 6 3 4 3 6 4 4 3 6 5 4 3 6 6
38. 65 127 Byte Frames 128 255 Byte Frames 256 511 Byte Frames 512 1023 Byte Frames 1024 1518 Byte Frames 1519 1536 Byte Frames Description The total number of events in which packets were dropped due to lack of resources The total number of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and had either an FCS or alignment error Total number of bytes of data received on the network This statistic can be used as a reasonable indication of Ethernet utilization The best estimate of the total number of collisions on this Ethernet segment The total number of frames bad broadcast and multicast received The total number of good frames received that were directed to the broadcast address Note that this does not include multicast packets The total number of good frames received that were directed to this multicast address The number of CRC alignment errors FCS or alignment errors The total number of frames received that were less than 64 octets long excluding framing bits but including FCS octets and were otherwise well formed The total number of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise well formed The total number of frames received that were less than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or alignment error The total num
39. Active On Green Service Required On Amber Ready to Remove On Blue RJ 45 Ports Link On Green Speed On Amber Off Uplink Port gt NETP4 NETPS NETP6 NETP7 Designations m m eI eg es Ge NETPO NETP1 NETP2 NETP3 Status The SSC is functioning normally The SSC requires service The SSC can now be removed Port has established a valid network connection Link is operating at 1 Gbps Link is operating at less than 1 Gbps Chapter 1 Introduction 1 5 igo Features of the Switch The switch provides a wide range of advanced performance enhancing features Multicast filtering provides support for real time network applications Port based and tagged virtual local area networks VLANs plus support for automatic GARP VLAN Registration Protocol GVRP provides traffic security and efficient use of network bandwidth Quality of Service QoS priority queueing ensures the minimum delay for moving real time multi media data across the network Flow control eliminates the loss of packets due to bottlenecks caused by port saturation And broadcast storm suppression prevents broadcast traffic storms from engulfing the network Some of the management features are briefly described in this section m IEEE 802 1D Bridge The switch supports IEEE 802 1D transparent bridging The address table facilitates data switching by learning add
40. B1600 Blade System Chassis Switch Administration Guide June 2003 Command Usage The meanings of items displayed by this command are as follows Max support vlan numbers The VLAN version used by the switch as specified in the IEEE 802 10 standard Max support vlan ID Maximum VLAN ID recognized by the switch Extended multicast filtering services The switch does not support the filtering of individual multicast addresses based on GMRP GARP Multicast Registration Protocol Static entry individual port The switch allows static filtering for unicast and multicast addresses page 4 99 and 4 140 VLAN learning The switch uses Independent VLAN Learning IVL where each port maintains its own filtering database Configurable PVID tagging The switch allows you to override the default Port VLAN ID PVID used in frame tags and egress status VLAN Tagged or Untagged on each port page 4 126 Local VLAN capable This item refers to the support provided by the switch for Multiple Spanning Tree At present Multiple Spanning Tree is not supported Traffic classes The switch provides mapping of user priorities to multiple traffic classes page 4 153 Global GVRP status GARP VLAN Registration Protocol GVRP defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports across the network This function should be enabled to permit VLAN groups which extend beyond
41. COS value 0 and so forth Command Mode Interface Configuration Ethernet Port Channel Command Usage m The precedence for priority mapping is IP Precedence or IP DSCP and default switchport priority a IP Precedence values are mapped to default Class of Service values on a one to one basis according to recommendations in the IEEE 802 1p standard and then mapped to the queue defaults Mapping specific values for IP Precedence is implemented as an interface configuration command but any changes apply to all interfaces on the switch 4 158 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 15 8 Example The following example shows how to map IP precedence value 1 to COS value 0 Console config interface ethernet SNP5 Console config if map ip precedence 1 cos 0 Console config if map ip dscp Global Configuration Use this command to enable IP DSCP mapping Differentiated Services Code Point mapping Use the no form to disable IP DSCP mapping Syntax map ip dscp no map ip dscp Default Setting Enabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Precedence or IP DSCP and default switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types automatically disables the other type Example The following example shows how to enable IP DSCP mapping globally Conso
42. Configuration VLAN Command Usage You can manually configure a specific IP address or direct the device to obtain an address from a BOOTP or DHCP server The factory default is to use DHCP Valid IP addresses consist of four numbers 0 to 255 separated by periods Any other format will not be accepted by the software a If you select the bootp or dhcp option IP is enabled but does not function until a BOOTP or DHCP reply is received Requests are broadcast periodically by the switch in an effort to learn its IP address BOOTP and DHCP values can include the IP address default gateway and subnet mask You can start broadcasting BOOTP or DHCP requests by entering an ip dhcp restart command or by rebooting the switch Note The IP address of the switch is in fact the IP address of the VLAN containing the management port NETMGT By default the management port is on VLAN 2 Therefore by assigning an IP address to VLAN 2 you set up network access to the switch Only the VLAN containing the management port should be assigned an IP address If you assign an IP address to any other VLAN the original IP address is immediately disabled and the new address takes immediate effect Example In the following example the device is assigned an address in VLAN 2 Console config interface vlan 2 Console config if ip address 192 168 1 5 255 255 255 0 Console config if Related Commands ip dhcp restart 4 71 4 3 7 2
43. DHCP or BOOTP Data is invalid Set DHCP Client ID error User privileges are not enough to perform this operation Data is invalid Please input a destination file Please input a source file Please input or select a destination file Please select a file System will be restarted User privileges are not enough to perform this operation Cannot add user Cannot set password for user Cannot set user privilege Cannot set user status User does not exist Community String cannot contain spaces Community table is full or data is invalid Description Privileges insufficient When restarting DHCP the switch must be in DHCP or BOOTP mode General error Failed to set DHCP client ID Privileges insufficient General error Input a destination file name to download or upload Input a source file name to download or upload Input or select a file name for downloading or uploading Select a file to download or upload System will be restarted Privileges insufficient User name is invalid or maximum number of users has been exceeded Password is invalid There is a problem with the user table There is a problem with the user table There is a problem with the user table Community string cannot contain spaces Community table is full or data is invalid Appendix B Troubleshooting B 9 TABLE B 4 Menu Security VLAN Web Interface Error Messages Continued Message Da
44. DISCLAIMERS ARE HELD TO BE LEGALLY INVALID Copyright 2003 Sun Microsystems Inc 4150 Network Circle Santa Clara California 95054 Etats Unis Tous droits r serv s Sun Microsystems Inc a les droits de propri t intellectuels relatants a la technologie incorpor e dans le produit qui est d crit dans ce document En particulier et sans la limitation ces droits de propri t intellectuels peuvent inclure un ou plus des brevets am ricains num r s a http www sun com patents et un ou les brevets plus suppl mentaires ou les applications de brevet en attente dans les Etats Unis et dans les autres pays Ce produit ou document est prot g par un copyright et distribu avec des licences qui en restreignent l utilisation la copie la distribution et la d compilation Aucune partie de ce produit ou document ne peut tre reproduite sous aucune forme parquelque moyen que ce soit sans l autorisation pr alable et crite de Sun et de ses bailleurs de licence s il y ena Le logiciel d tenu par des tiers et qui comprend la technologie relative aux polices de caract res est prot g par un copyright et licenci par des fournisseurs de Sun Des parties de ce produit pourront tre d riv es des syst mes Berkeley BSD licenci s par l Universit de Californie UNIX est une marque d pos e aux Etats Unis et dans d autres pays et licenci e exclusivement par X Open Company Ltd Sun Sun Microsystems le logo Sun AnswerBook
45. Defines CSMA CD access method and physical layer specifications for 1000BASE T Fast Ethernet Defines frame extensions for VLAN tagging Defines CSMA CD access method and physical layer specifications for 100BASE TX Fast Ethernet Defines Ethernet frame start stop requests and timers used for flow control on full duplex links Defines CSMA CD access method and physical layer specifications for 1000BASE Gigabit Ethernet Listening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members Commonly used to send echo messages Ping for monitoring purposes A protocol through which hosts can register with their local router for multicast services If there is more than one multicast router on a given subnetwork one of the routers is made the querier and assumes responsibility for keeping track of group membership Management of the network from a station attached directly to the network A process whereby this switch can pass multicast traffic along to participating hosts Separate LAN or collision domain Light emitting diode used for monitoring a device or network condition Length of twisted pair or fiber cable joining a pair of repeaters or a repeater and a PC A group of interconnected computer and support devices Glossary 3 Layer 2 Layer 3 Link Aggregation Link Aggregation Control Protocol LACP Media Access
46. Guide June 2003 4 3 4 3 1 4 3 1 1 Detailed Command Description General Commands TABLE 0 2 Command Function enable Activates privileged mode disable Returns to normal mode from privileged mode configure Activates global configuration mode reload Restarts the system end Returns to Privileged Exec mode exit Returns to the previous configuration mode or exits the CLI quit Exits a CLI session help Shows how to use help Shows options for command completion context sensitive enable Mode NE PE PE PE GC IC LC VC any NE PE any any Page 4 13 4 14 4 15 4 17 4 18 4 19 4 19 NA NA Use this command to activate Privileged Exec mode In privileged mode additional commands are available and certain commands display additional information See Understanding Command Modes on page 4 7 Syntax enable level level Privilege level to log in to the device The device has two privilege levels 0 Normal Exec 15 Privileged Exec Type level 15 to access Privileged Exec mode Chapter 4 Command Line Reference 4 13 4 3 1 2 Default Setting Level 15 Command Mode Normal Exec Command Usage m super is the default password required to change the command mode from Normal Exec to Privileged Exec To set this password see the enable password command on page 4 30 m The character is appended to the end of the prompt to indicate that the system is in pri
47. June 2003 TABLE 3 16 MIB Variables Associated With Interfaces Connected to Multicast Routers Field Name MIB Variable Access Value Range Snooping Sunes Read create Octet string Multicast Router igmpSnoopMgt port list Static Ports igmpSnoopRouterStaticTable i1gmpSnoopRouterStaticEntry igmpSnoopRouterStaticPorts Snooping BU eax Read create valid 1 Multicast Router igmpSnoopMgt invalid 2 Static Status igmpSnoopRouterStaticTable i1gmpSnoopRouterStaticEntry igmpSnoopRouterStaticStatus Chapter 3 General Management of the Switch 3 63 5 0 2 0 Configuring Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages as described in Configuring IGMP Snooping Parameters on page 3 55 For certain applications that require tighter control you might need to manually assign a multicast service to a specific interface First add all the ports connected to participating hosts to a common VLAN and then assign the multicast service to that VLAN group Note the following points about configuring multicast services m Static multicast addresses are never aged out m When a multicast address is statically assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports in that VLAN When configuring multicast services through the web interface or CLI the following parameters are displayed or can be configured m All known ports and Mu
48. Network Circle Santa Clara California 95054 U S A All rights reserved This product protected by one or more U S Patents Patents Pending This distribution may include materials developed by third parties Sun Sun Microsystems the Sun logo Java Solaris Sun Fire and the 100 Pure Java logo are trademarks or registered trademarks of Sun Microsystems Inc in the U S and other countries All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International Inc in the U S and other countries Products bearing SPARC trademarks are based upon architecture developed by Sun Microsystems Inc This product is covered and controlled by U S Export Control laws and may be subject to the export or import laws in other countries Nuclear missile chemical biological weapons or nuclear maritime end uses or end users whether direct or indirect are strictly prohibited Export or reexport to countries subject to U S embargo or to entities identified on U S export exclusion lists including but not limited to the denied persons and specially designated nationals lists is strictly prohibited Use of any spare or replacement CPUs is limited to repair or one for one replacement of CPUs in products exported in compliance with U S export laws Use of CPUs as product upgrades unless authorized by the U S Government is strictly prohibited Copyright c 2003 Sun Microsystems Inc 4150 Network Circle Santa Cl
49. Text Hes C i oo10bss169F7 C BOOTP Restart DHCP BOOTP for changes to take effect Save and Restart FIGURE 3 6 Open Switch Setup Network Identity Window Showing DHCP BOOTP Radio Buttons 3 16 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 If the address assigned by DHCP is no longer functioning you will not be able to renew the IP settings through the web interface You can only restart the DHCP service through the web interface if the current address is still valid Note If you lose your management connection use a console connection and the show ip interface command to determine the new switch address Note The Client ID specified in this menu will be overwritten by the SC the next time the System Controller or the switch itself is rebooted The Client ID field will be removed from the next firmware release Command line Interface Using Dynamic IP Configuration Services Specify the management interface Set the IP address mode to DHCP or BOOTP Issue the ip dhcp restart command Console tconfig Console config interface vlan 2 Console config if ip address dhcp Console config if ip dhep client id hex 00 00 e8 66 65 72 Console config if end Console tip dhcp restart Console tshow ip interface IP address and netmask 10 1 0 54 255 255 255 0 on VLAN 2 and address mode DHCP Console DHCP may lease addresses to clients indefinitely or for a specific
50. The option 7 is used internally by the switch at system bootup time to enable the switch to read any encrypted passwords stored in the configuration file Example Console config line password 0 secret Console config line Related Commands login 4 63 password thresh 4 66 Chapter 4 Command Line Reference 4 65 4 3 6 4 4 3 6 5 exec timeout Use this command to set the interval that the system waits for user input before terminating the current session Use the no form to restore the default Syntax exec timeout seconds no exec timeout seconds Integer that specifies the number of seconds Range 0 65535 seconds 0 no timeout Default Setting CLI No timeout Telnet 10 minutes Command Mode Line Configuration Command Usage a If user input is detected within the timeout interval the session is kept open otherwise the session is terminated a This command applies to both the serial console and Telnet connections but you cannot disable the timeout for Telnet Example To set the timeout to two minutes enter this command Console config line exec timeout 120 Console config line password thresh Use this command to set the password intrusion threshold that limits the number of failed login attempts Use the no form to remove the threshold value 4 66 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Syntax password thresh threshold no pass
51. The role is set to disabled disabled port if a port has no role within the spanning tree m Designated root The priority and MAC address of the device in the Spanning Tree that the switch has accepted as the root device m Forward transitions The number of times the port has transitioned from the Learning state to the Forwarding state m Oper edge port This parameter is initialized to the setting for Admin Edge Port that is true or false but will be set to false if a BPDU is received m Oper Link type The operational point to point status of the LAN segment connected to the interface This parameter is determined by manual configuration or by auto detection as described for Admin Link Type Web Interface Displaying the Current Interface Settings for STA Open Up Links Down Links gt Spanning Tree gt Spanning Tree Protocol 25 The CLI displays this term Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 r up Links f Status Link Aggregation VLANs Address Filtering Spanning Tree Spanning Tree Port Status al Port properties for advanced configuration of STP and RASTE Configure Protocol Migration Point NETED Forwarding 128 100000 O 327685 0 000068666677 125 17 to Disabled Port Pomt C METEL Broken 128 10000 327608 0 0000E 6 672 128 18 t Disabled Point Point C NETP2 Broken 128 10000 0 32 7658 0 000068666672 128 19 t Di
52. Too Long Deferred Transmissions oOo Oo oO oO oO oO oO oO 8 oO le Internal MAC Receive Errors FIGURE 3 45 The Monitoring gt Port Statistics window Chapter 3 General Management of the Switch 3 145 3 146 Scroll down the page to view RMON statistics RMON Statistics Property Drop Events Jabbers Received Bytes Collisions Received Frames 64 Bytes Frames Broadcast Frames 65 127 Bytes Frames Multicast Frames 128 255 Bytes Frames CRC Alignment Errors 256 511 Bytes Frames Undersize Frames 512 1023 Bytes Frames Oversize Frames 1024 1518 Bytes Frames Fragments o o 438662 o o 5859 29 97 5869 14 FIGURE 3 46 The Monitoring gt Port Statistics Window Showing RMON Statistics Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 RIAZ Command line Interface Viewing Port Statistics This example shows statistics for port SNP13 Console show interfaces counters ethernet SNP13 Ethernet 13 Iftable stats Octets input 868453 Octets output 3492122 Unicast input 7315 Unicast output 6658 Discard input 0 Discard output 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 17027 Broadcast input 231 Broadcast output 7 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred tr
53. Up Time The length of time the management agent has been up m System Description The system hardware description assigned by the manufacturer Serial Number The serial number of the main board a System OID string The MIB II object ID for switch s network management subsystem m MAC Address The physical layer address for the switch m Web server The operational status of web HTTP management access on the switch m Web server port The TCP port number used by the web interface a POST result The results of the switch power on self test Web Interface Displaying and Specifying Identification Details Open the Switch Setup System Identity window Specify the host name location and contact information for the system administrator Click Save 1 CLI See show version on page 4 44 2 CLI only 3 Web See Setting the IP Address on page 3 12 3 8 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Switch Status BED tee it ee ae System Identity Network Identity Software System Configuration To easily identify the switch you will need to provide a descriptive name location and contact information for the switch edit the following properties and press the save button to store changes on the switch Host Mame rap 5 Location We 9 Contact Charles System Uptime O days 0 hours 7 minutes and 50 79 seconds System Descri
54. a Any system and event messages stored in memory Chapter 4 Command Line Reference 4 37 Example The following example shows that system logging is enabled the message level for Flash memory is errors default level 3 to 0 the message level for RAM is debugging default level 7 to 0 and lists one sample error Console tshow logging flash Syslog logging Enable History logging in FLASH level errors LO 07075 17171 PRI _MGR_InitDefault function fails level 3 module 13 function 0 and event no Console show logging ram Syslog logging Enable History logging in RAM level debugging LO 02025 27171 PRI MGR InitDefault function fails level 3 module 13 function 0 and event no Console Related Commands logging on 4 34 logging history 4 35 4 3 3 11 show startup config 4 38 Use this command to display the configuration file stored in non volatile memory that is used to start up the system Default Setting None Command Mode Privileged Exec Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Command Usage a Use this command in conjunction with the show running config command to compare the information in running memory to the information stored in non volatile memory a This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command display
55. aggregated link status Data is invalid User privileges are not enough to perform this operation Data is invalid Please enter a valid PVID Please enter a valid timer Table is full or data is invalid User privileges are not enough to perform this operation Data is invalid Please enter a valid MAC address Please enter a valid VLAN ID Table is full or data is invalid User privileges are not enough to perform this operation Data is invalid User privileges are not enough to perform this operation Path cost is out of range Priority is out of range Path cost is out of range Priority is out of range User privileges are not enough to perform this operation Management Ports VLANs Data is invalid Please enter a valid PVID Please enter a valid timer Table is full or data is invalid User privileges are not enough to perform this operation Description Cannot enable LACP for a static member of an aggregated link General error Privileges insufficient General error PVID is invalid Select a correct one Timer is invalid Select a correct one Table is full or data is invalid Privileges insufficient General error Invalid MAC address VLAN ID is invalid Table is full or data is invalid Privileges insufficient General error Privileges insufficient Path cost is out of range Priority is out of range Path cost is out of range Priority is out of range
56. and t indicates tagged page 4 127 Forbidden Vlan Shows the VLANs this interface can not dynamically join through GVRP page 4 129 Chapter 4 Command Line Reference 4 97 Example This example shows the configuration setting for Ethernet port NETP7 Console show interfaces switchport ethernet NETP7 Information of NETP7 Broadcast threshold Enabled 256 packets second Lacp status Enabled VLAN membership mode Hybrid Ingress rule Disabled Acceptable frame type All frames Native VLAN 1 Priority for untagged traffic 0 Gvrp status Enabled Allowed Vlan 1 u Forbidden Vlan a Console 4 3 9 Address Table Commands These commands are used to configure the address table for filtering specified addresses displaying current entries clearing the table or setting the aging time TABLE 4 14 Address Table Commands Command Function Mode Page mac address table Maps a static address to a port ina VLAN GC 4 99 static clear mac address Removes any learned entries from the forwarding PE 4 100 table dynamic database show mac address Displays entries in the bridge forwarding database PE 4 100 table mac address table Sets the aging time of the address table GC 4 101 aging time show mac address Shows the aging time for the address table PE 4 102 table aging time 4 98 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 9 1 mac address table static Use this command
57. and using a null address and network mask for both the source address and destination address Console config ip filter permit any 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Console config This accepts any incoming packets if the source address is within subnet 10 7 1 x For example if the rule is matched that is the rule 10 7 1 1 amp 255 255 255 0 equals the masked address 10 7 1 2 amp 255 255 255 0 the packet passes through Console config ip filter permit any 10 7 1 1 255 255 255 0 0 0 0 0 0 0 0 0 Console config Example Checking for fragments This example blocks all fragments and logs the matching packets in the log Console config ip filter deny any 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 fragment log Console config Example Checking for code values This blocks all TCP packets from class C addresses 192 168 1 0 with SYN set Console config ip filter deny tcp 192 168 1 0 255 255 255 0 0 0 0 0 0 0 0 0 code syn Console config 4 80 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 This also blocks all TCP packets from class C addresses 192 168 1 0 with SYN set Console config ip filter deny tcp 192 168 1 0 255 255 255 0 0 0 0 0 0 0 0 0 code 2 2 Console config Example Checking for port numbers This example allows TCP packets from class C addresses 192 168 1 0 to anywhere when set for destination port 80 Console config ip filter permit tcp 192 168 1 0
58. command to display the status for an interface Chapter 4 Command Line Reference 4 93 Syntax show interfaces status interface interface a ethernet port name a port name down link SNPO 15 up link NETPO 7 mgt NETMGT m port channel channel id Range 1 6 a vlan vlan id Range 1 4094 Default Setting Shows status for all interfaces Command Mode Normal Exec Privileged Exec Command Usage If no interface is specified information on all interfaces is displayed For a description of the items displayed by this command see Displaying Connection Status on page 3 96 4 94 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Example Console show interfaces status ethernet SNP11 Information of SNP11 Basic information Port type L000Sx Mac address 00 00 e8 00 00 0a Configuration Name Blade Slot 11 Port admin status Up Speed duplex Auto Capabilities 1000full Broadcast storm status Enabled Broadcast storm limit 256 packets second Flow control status Enabled Lacp status Disabled Current status Link status Down Operation speed duplex 1000full Flow control type Dot3X Console 4 3 8 11 show interfaces counters Use this command to display statistics for an interface Syntax show interfaces counters interface interface ethernet port name port name down link SNPO 15 up link NETPO0 7 mgt NETMGT m port channel channel id Range 1 6 Default S
59. components are functioning properly B 2 Diagnosing Port Connections If a port does not work check the following m The cable connections are secure and the cables are connected to the correct ports at both ends of the link m The port status Admin is enabled and the auto negotiation feature is enabled or the ports at both ends of the link are configured to the same speed and duplex mode See Port Configuration on page 3 96 for more information B 3 Accessing the Management Interface You can access the management interface for the switch from anywhere within the connected network using Telnet a Web browser or any SNMP based network management software If you are having trouble accessing the management interface see the troubleshooting information displayed below If you cannot connect using Telnet a Web browser or SNMP software check the following m Be sure the system chassis is powered up m Check the network cabling between the management station and the switch B 2 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 m Check that you have a valid network connection to the switch and that the port you are using has not been disabled See Port Configuration on page 3 96 m If there are only Layer 2 switches between the management station and system chassis make sure that The switch s management VLAN is configured with a valid IP address and subnet mask The man
60. config if exit Console config interface ethernet NETP1 Console config if lacp Console config if exit Console config interface ethernet NETP2 Console config if lacp Console config if exit Console config exit Console show interfaces status port channel 1 Information of Trunk 1 Basic information Port type 1000t Mac address 00 00 e8 00 00 0b Configuration Name Port admin status Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Flow control status Disabled Current status Created by lacp Link status Up Operation speed duplex 1000full Flow control type None Member Ports NETPO NETP1 NETP2 Console 4 170 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 APPENDIX A Management Information Base An SNMP management station can configure and monitor network devices by setting or reading device variables specified in the Management Information Base MIB The key MIB groups supported by the switch are listed in this appendix Also note that specific MIB variables used for each configuration task are listed in Chapter 3 General Management of the Switch This appendix contains the following sections m Section A 1 Supported MIBs on page A 2 m Section A 2 Supported Traps on page A 3 A 1 A l Supported MIBs The standard MIBs are listed in the following table TABLE A 1 RFC No 1213 1493 2863 2819 2618
61. config if no negotiation Console config if speed duplex 100half Console config if Related Commands negotiation 4 86 capabilities 4 87 4 3 8 4 negotiation Use this command to enable auto negotiation for a given interface Use the no form to disable auto negotiation Syntax negotiation no negotiation 4 86 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage a Down link ports SNPO 15 are fixed with auto negotiation disabled a When auto negotiation is enabled the switch will negotiate the best settings for a link based on the capabilites command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcontrol commands a If auto negotiation is disabled auto MDI MDI X pin signal configuration will also be disabled for the up link ports This means that you may have to use a cross over cable to connect two switches However an alternative is to leave auto negotiation enabled this is the default setting but reduce the subset of permitted modes to the single mode that you want to use Example The following example configures port SNP11 to use auto negotiation Console config interface ethernet SNP11 Console config if negotiation Console config if Related Commands capabilities 4 87 speed duplex 4 85 fl
62. d une fa on directe ou indirecte aux exportations des produits ou des services qui sont r gi par la l gislation am ricaine en mati re de contr le des exportations U S Commerce Department s Table of Denial Orders et la liste de ressortissants sp cifiquement d sign s U S Treasury Department of Specially Designated Nationals and Blocked Persons L utilisation de pi ces d tach es ou d unit s centrales de remplacement est limit e aux r parations ou a I change standard d unit s centrales pour les produits export s conform ment a la l gislation am ricaine en mati re d exportation Sauf autorisation par les autorit s des Etats Unis l utilisation d unit s centrales pour proc der a des mises a jour de produits est rigoureusement interdite Contents Introduction 1 1 1 1 1 2 1 3 1 4 Overview 1 2 1 1 1 Switch Architecture 1 2 1 1 2 Ways of Accessing the Switch Management Application 1 2 Description of Hardware 1 3 1 2 1 Ethernet Ports 1 3 1 2 1 1 Up link Ports 1 3 V2 A 2 Internal Ports 1 4 1 2 2 Status LEDs 1 5 Features of the Switch 1 6 Switch Default Settings 1 9 Initial Configuration 2 1 2 1 22 Connecting to the Switch Interface 2 2 2 1 1 Configuration Options 2 2 es ea Configuring the Switch Through the Built in Switch Interfaces 2 2 Enabling SNMP Management Access 2 3 2 2 1 Community Strings 2 3 2 2 2 Trap Receivers 2 4 3 General Management of the Switch 3 1 3 1
63. defines the time after a query during which a response is expected from a multicast client If a querier has sent a number of queries defined by the ip igmp snooping query count but a client has not responded a countdown timer is started using an initial value set by this command If the countdown finishes and the client still has not responded then that client is considered to have left the multicast group Example The following shows how to configure the maximum response time to 20 seconds Console config ip igmp snooping query max response time 20 Console config Related Commands ip igmp snooping version 4 141 ip igmp snooping query max response time 4 146 4 3 14 10 ip igmp snooping router port expire time Use this command to configure the snooping query timeout Use the no form of this command to restore the default Syntax ip igmp snooping router port expire time seconds no ip igmp snooping router port expire time seconds The time the switch waits after the previous querier stops querying before it considers the interface which had been receiving query packets to no longer be attached to a querier Range 300 500 Chapter 4 Command Line Reference 4 147 4 3 14 11 Default Setting 300 seconds Command Mode Global Configuration Command Usage The switch must use IGMPv2 for this command to take effect Example The following shows how to configure the timeout to 500 seconds Console co
64. example some notification types are always enabled Example Console config snmp server host 10 1 19 23 batman version 1 Console config 4 58 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 5 5 Related Commands snmp server enable traps 4 59 snmp server enable traps Use this command to enable the switch to send Simple Network Management Protocol traps SNMP notifications Use the no form to disable SNMP notifications Syntax snmp server enable traps authentication link up down no snmp server enable traps authentication link up down authentication The keyword to issue authentication failure traps a link up down The keyword to issue link up or link down traps Default Setting Issue authentication and link up down traps Command Mode Global Configuration Command Usage If you do not enter an snmp server enable traps command no notifications controlled by this command are sent In order to configure this device to send SNMP notifications you must enter at least one snmp server enable traps command If you enter the command with no keywords both authentication and link up down notifications are enabled If you enter the command with a keyword only the notification type related to that keyword is enabled The snmp server enable traps command is used in conjunction with the snmp server host command Use the snmp server host command to specify which
65. forbidden vlan show gvrp Displays GVRP configuration for selected interface NE 4 132 configuration PE garp timer Sets the GARP timer for the selected function IC 4 133 show garp timer Shows the GARP timer for the selected function NE 4 135 PE Global Commands bridge ext gvrp Enables GVRP globally for the switch GC 4 135 show bridge ext Shows bridge extension configuration PE 4 136 Chapter 4 Command Line Reference 4 131 4 3 13 1 switchport gvrp Use this command to enable GVRP for a port Use the no form to disable it Syntax switchport gvrp no switchport gvrp Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Example Console config interface ethernet SNP1 Console config if switchport gvrp Console config if 4 3 13 2 show gvrp configuration Use this command to show if GVRP is enabled or disabled Syntax show gvrp configuration interface interface a ethernet port name port name down link SNPO 15 up link NETPO 7 mgt NETMGT m port channel channel id Range 1 6 4 132 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 13 3 Default Setting Shows both global and interface specific configuration Command Mode Normal Exec Privileged Exec Example Console tshow gvrp configuration Whole system GVRP configuration Enabled SNPO Gvrp configuration Enabled SNP1 Gvrp configuration Enabled garp
66. host or hosts receive SNMP notifications In order to send notifications you must configure at least one snmp server host command Chapter 4 Command Line Reference 4 59 Example Console config snmp server enable traps link up down Console config Related Commands snmp server host 4 57 4 3 5 6 show snmp Use this command to check the status of SNMP communications Default Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides information on the community access strings counter information for SNMP input and output protocol data units and whether or not SNMP logging has been enabled with the snmp server enable traps command 4 60 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Example Console show snmp SNMP traps Authentication enable Link up down enable SNMP communities 1 private and the privilege is read write 2 public and the privilege is read only 0 SNMP packets input Bad SNMP version errors Unknown community name Illegal operation for community name supplied Encoding errors Number of requested variables Number of altered variables Get request PDUS Get next PDUs set request PDUs 0 SNMP packets output Too big errors No such name errors Bad values errors General errors Response PDUS Trap PDUs 0 0 0 0 O 0 O 0 0 SNMP logging disabled Console Chapter 4 Command Line Reference 4 61 4
67. interface ethernet NETP4 Console config if port security Console config if exit Console config mac address table static 00 80 c8 00 00 01 interface ethernet NETP4 vlan 1 permanent Console config mac address table static 00 80 c8 00 00 02 interface ethernet NETP4 vlan 1 delete on reset Console config exit Console show mac address table ethernet NETP4 Interface Mac Address Vlan Type NETP4 O0 80 C8 00 00 O1 1 Permanent NETP4 O0 80 C8 00 00 02 1 Delete on reset Console 3 4 5 3 MIB Variables Associated With Static Addresses TABLE 3 37 MIB Variables Associated With Static Addresses Default Field Name MIB Variable Access Value Range Value Static Receive MIB II Read write Integer Port dotidBridge dotidStatic dotidStaticTable dotldStaticEntry dotidStaticReceiv ePort Port Security SUN ses Read write enabled 1 disabled Status securityMgt disabled 2 portSecurityMgt portSecPortTable portSecPortEntry portsecPortStatus Number of Not Defined Static Addresses Chapter 3 General Management of the Switch 3 123 3 124 TABLE 3 37 MIB Variables Associated With Static Addresses Continued Field Name VLAN Index Static Address Static Status MIB Variable Access MIB II Index dot1idBridge qBridgeMIB qBridgeMIBObjects dotigVlan dotigVlanStaticTa ble dotigqVlanStaticEn try dotigVlanIndex MIB IIl Read write dotlidBridge dotldStatic dotldStaticTable dot1dStaticEntry dot
68. ip dhcp restart Use this command to initiate a BOOTP or DCHP client request Chapter 4 Command Line Reference 4 71 Default Setting None Command Mode Privileged Exec Command Usage m DHCP requires the server to reassign the client s last address if available If the BOOTP or DHCP server is moved to a different domain the network portion of the address provided to the client is based on this new domain Example In the following example the device is reassigned the same address Console config interface vlan 2 Console config if ip address dhcp Console config if exit Console tip dhcp restart Console show ip interface IP interface vlan IP address and netmask 10 1 0 54 255 255 255 0 on VLAN 2 and address mode DHCP Console Related Commands ip address 4 70 4 3 7 3 ip dhcp client identifier You can use this command to specify the DCHP client identifier for the switch Use the no form to remove this identifier Note The client identifier is overwritten by the SC the next time the system or the switch itself is rebooted The client identifier command will be removed from the next firmware release 4 72 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Syntax ip dhcp client identifier text text hex hex no ip dhcp client identifier a text A text string Range 1 15 characters hex The hexidecimal value Default Setting The DHCP client identif
69. lower values should be assigned to interfaces attached to faster media and higher values assigned to interfaces with slower media Path cost takes precedence over interface priority m When the spanning tree pathcost method is set to short the maximum value for path cost is 65 535 Example Console config interface ethernet SNP5 Console config if Sspanning tree cost 50 Console config if Chapter 4 Command Line Reference 4 113 4 3 11 10 Related Commands spanning tree port priority 4114 spanning tree port priority Use this command to configure the priority for the specified interface Use the no form to restore the default Syntax spanning tree port priority priority no spanning tree port priority priority The priority for an interface Range 0 240 in steps of 16 Default Setting 128 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command defines the priority for the use of an interface in the spanning tree algorithm If the path cost for all interfaces on a switch are the same the interface with the highest priority that is lowest value is configured as an active link in the spanning tree a Where more than one interface is assigned the highest priority the interface with lowest numeric identifier will be enabled Example Console config interface ethernet SNP5 Console config if Spanning tree port priority 0 Console config if
70. multicast services supported on VLAN 1 Console config ip igmp snooping vlan 1 static 224 0 0 12 ethernet NETPO Console config exit Console show mac address table multicast vlan 1 VLAN M cast IP addr Member ports Type 224 0 0 12 NETP1 IGMP 224 1 2 3 NETPO USER Console MIB Variables Associated With Configuring Multicast Serovcies TABLE 3 17 MIB Variables Associated With Configuring Multicast Services Field Name MIB Variable Access Value Range Snooping SU iy Index Integer Multicast Router igmpSnoopMgt Static Vlan Index igmpSnoopMulticastStaticTable igmpSnoopMulticastStaticEntry dotigVlanIndex Snooping sun Index IP address Multicast Static igmpSnoopMgt IP Address igmpSnoopMulticastStaticTable igmpSnoopMulticastStaticEntry igmpSnoopMulticastStaticIPAddress Snooping Sls Read create Octet string Multicast Static igmpSnoopMgt port list Port List igmpSnoopMulticastStaticTable igmpSnoopMulticastStaticEntry i1gmpSnoopMulticastStaticPorts Snooping SU sass Read create valid 1 Multicast Router igmpSnoopMgt invalid 2 Static Status igmpSnoopRouterStaticTable i1gmpSnoopRouterStaticEntry igmpSnoopRouterStaticStatus Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 3 3 3 3 3 1 Broadcast Storm Control Global Setting Broadcast storms can occur when a device on your network is malfunctioning or if application programs are not well designed or properly configured
71. need to specify encrypted passwords on the command line The option 7 is used internally by the switch at system bootup time to enable the switch to read any encrypted passwords stored in the configuration file Example This example shows how the set the access level and password for a user Console config username bob access level 15 Console config username bob password 0 smith Console config 4 3 3 3 enable password After initially logging onto the system first set the Privileged Exec password Remember to record it in a safe place Use this command to control access to the Privileged Exec level from the Normal Exec level Use the no form to reset the default password Syntax enable password level level 0 7 password no enable password level level a level level Level 15 for Privileged Exec Levels 0 to 14 are not used 0 7 0 means input plain password 7 means input encrypted password password password for this privilege level Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting a The default is level 15 The default password is super 4 30 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 3 4 Command Mode Global Configuration Command Usage a You cannot set a null password You have to enter a password to change the command mode from Normal Exec to Privileged Exec with the enable command page 4 13 There is
72. no need to specify encrypted passwords on the command line The option 7 is used internally by the switch at system bootup time to enable the switch to read any encrypted passwords stored in the configuration file Example Console config enable password level 15 0 admin Console config Related Commands enable 4 13 ip http port Use this command to specify the TCP port number used by the Web browser interface Use the no form to use the default port Syntax ip http port port number no ip http port port number The TCP port to be used by the browser interface Range 1 to 65 535 Default Setting 80 Chapter 4 Command Line Reference 4 31 Command Mode Global Configuration Example Console config ip http port 769 Console config Related Commands ip http server 4 32 4 3 3 5 ip http server Use this command to allow the switch to be monitored or configured from a browser Use the no form to disable this function Syntax ip http server no ip http server Default Setting Enabled Command Mode Global Configuration 4 32 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 3 6 Example Console config ip http server Console config Related Commands ip http port 431 jumbo frame Use this command to enable support for jumbo frames Use the no form to disable it Syntax jumbo frame no jumbo frame Default Setting disabled Com
73. occur refer to the other manuals for the system chassis to ensure that the problem you encountered is actually caused by the switch If the problem appears to be caused by the switch follow these steps Enable logging Set the error messages reported to include all categories Designate the SNMP host that is to receive the error messages Repeat the sequence of commands or other actions that lead up to the error Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed Contact customer service Example Console config logging on Console config logging history flash 7 Console config snmp server host 10 1 0 23 Log Messages Log messages generated by this switch are listed in the following table TABLE B 1 Log Messages Message Description Level System coldStart notification Switch cold boot 5 System warmStart notification Switch warm boot 5 Unit 1 Port YY link up notification Port link up 6 Unit 1 Port YY link down notification Port link down 6 Trunk 1 link up notification Aggregated link up 6 B 4 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 TABLE B 1 Log Messages Message Description Levels Trunk 1 link down notification Aggregated link down 6 VLAN XX link up notification VLAN link up 6 VLAN XX link down notification VLAN link down 6 Authentication failure notification SNMP access authentication failure 6
74. operation Aging time is out of range User privileges are not enough to perform this operation Up Links Down Links Status Link Aggregation Cannot set port capabilities Data is invalid User privileges are not enough to perform this operation Cannot add aggregated link The specified aggregated link is full or data is invalid Cannot create aggregated link Cannot remove aggregated link Cannot remove member of aggregated link Data is invalid Description General error Privileges insufficient CoS Value is out of range General error Priority is out of range Invalid Queue weight Traffic Class is out of range Privileges insufficient CoS Value is out of range Select one of these options when priority service is enabled Traffic Class is out of range Privileges insufficient Maximum address aging time exceeded Privileges insufficient Incorrect speed duplex mode for specified port General error Privileges insufficient The specified aggregated link is full or data is invalid Maximum number of aggregated links has been exceeded There is a problem with the aggregated link table There is a problem with the aggregated link table Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 TABLE B 4 Menu VLANs Address Filtering Spanning Tree Config Port Web Interface Error Messages Continued Message Cannot set
75. parameter value range Type to get more detail information wou Invalid TFTP server IP address Not enough resources please try later No such file No such VLAN Port port name Port is an ethernet port port name Port port name Port port name unknown Session terminated Session timed out Startup file cannot be deleted does not exist is not present Command Line Error Messages Continued Description Show command failed Configuration command failed Certificate file has an error private key file error such as incorrect pass phrase or private key does not match the certificate public key Incomplete command Not enough memory Not enough space to collect all information Invalid filename input Wrong keyboard input Invalid command Ping parameter 1S wrong Value or character string length is not allowed TFTP IP address error Ping function has no resources System does not have the file VLAN does not exist The port name does not exist Port is an Ethernet port The port is not present when entering interface mode Port is an unknown port CLI exited the current session Connect session timed out Startup file cannot be deleted Appendix B Troubleshooting B 7 B 8 TABLE B 3 Command Line Error Messages Continued Message This command for console only This command is only valid for adding a single port toa an aggregated link This
76. period of time If the address expires or the switch is moved to another network segment you will lose management access to the switch In this case you can reboot the switch or submit a client request to restart DHCP service Type the following command to restart DHCP service Console tip dhcp restart Chapter 3 General Management of the Switch 3 17 MIB variables Using Dynamic IP Configuration Services TABLE 3 5 MIB Variables Associated With Dynamic IP Configuration Services Field Name MIB Variable Access Value Range Default Value Management SU ss Read write Integer 1 4094 1 VLAN switchMgt SwitchManagementVlan IP Address Mode sun Read write user 1 dchp vlanMgt bootp 2 vlanTable vlanEntry dhcp 3 vlanAddressMethod DHCP Client ID sun Read write Octet string ipMgt MAC address dhcpClientIfClientId DHCP Restart sun Read write restart 1 noRestart ipMgt noRestart 2 ipDhcpRestart 22 0 Displaying Switch Software Versions When displaying switch software versions using the web interface or CLI the following parameters are displayed m Loader Version The version number of the loader code m Boot ROM Version The version number of the boot code m Operation Code Version The version number of the runtime code m Unit ID The ID of the active switch This value will always be 1 3 23 Web Interface Displaying Switch Software Version Information Open Switch Status gt Softwar
77. port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec 4 156 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 15 6 Example Console show queue cos map ethernet SNP11 Information of SNP11 Queue ID Traffic class Console map ip precedence Global Configuration Use this command to enable IP precedence mapping IP Type of Service Use the no form to disable IP precedence mapping Syntax map ip precedence no map ip precedence Default Setting Enabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Precedence or IP DSCP and default switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types automatically disables the other type Chapter 4 Command Line Reference 4 157 4 3 15 7 Example The following example shows how to enable IP precedence mapping globally Console config map ip precedence Console config map ip precedence Interface Configuration Use this command to set IP precedence priority IP Type of Service priority Use the no form to restore the default table Syntax map ip precedence ip precedence value cos cos value no map ip precedence precedence value 3 bit precedence value Range 0 7 cos value Class of Service value Range 0 7 Default Setting One to one mapping Precedence value 0 maps to
78. priority and MAC address of the switch m Designated Root The priority and MAC address of the device in the spanning tree that the switch has accepted as the root device Root Port The number of the port on the switch that is closest to the root The switch communicates with the root device through this port If there is no root port then the switch has been accepted as the root device of the spanning tree network Root Path Cost The path cost from the root port on the switch to the root device Root Hello Time The interval in seconds after which the current root device transmits a configuration BPDU frame Root Maximum Age The maximum time in seconds the switch can wait without receiving a configuration message before attempting to reconfigure All switch ports except for designated ports should receive configuration messages at regular intervals If the root port ages out STA information provided in the last configuration message a new root port is selected from among the switch ports connected to the network References to ports in this section means interfaces which includes both ports and aggregated links Root Forward Delay The maximum time in seconds the switch waits before changing states for example from discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition
79. receives these messages it will automatically place the receiving port in the specified VLANs and then forward the message to all other ports When the message arrives at another switch that supports GVRP it will also place the receiving port in the specified VLANs and pass the message on to all other ports VLAN requirements are propagated in this way throughout the network This allows GVRP compliant devices to be automatically configured for VLAN groups based solely on end station requests To implement GVRP in a network first add the host devices to the required VLANs using the operating system or other application software so that these VLANs can be propagated onto the network For both the edge switches attached directly to these hosts and core switches in the network enable GVRP on the links between these devices See Configuring VLAN Behavior for Interfaces on Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 3 1 1 page 3 114 You should also determine security boundaries in the network and disable GVRP on end station ports where you need to prevent advertisements from being propagated or forbid ports from joining restricted VLANs Note If you have host devices that do not support GVRP you must configure static VLANs for the switch ports connected to these devices as described in Adding Static Members to VLANs on page 3 50 But you still need to enable GVRP on these edge switch
80. registered end stations Formerly called Group Address Registration Protocol A 1000 Mbit sec network communication system based on Ethernet and the CSMA CD access method See Generic Attribute Registration Protocol Specifies a general method for the operation of MAC bridges including the Spanning Tree Protocol VLAN Tagging Defines Ethernet frame tags which carry VLAN information It allows switches to assign end stations to different virtual LANs and defines a standard way for VLANs to communicate across switched networks An IEEE standard for providing quality of service QoS in Ethernet networks The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value Sun Fire B1600 Blade System Chassis Switch Administration Guide April 2003 IEEE 802 1w IEEE 802 3 IEEE 802 3ab IEEE 802 3ac IEEE 802 3u IEEE 802 3x IEEE 802 3z IGMP Snooping Internet Control Message Protocol ICMP Internet Group Management Protocol IGMP In Band Management IP Multicast Filtering LAN Segment LED Link Segment Local Area Network LAN An IEEE standard for the Rapid Spanning Tree Protocol RSTP which is designed to supersede IEEE 802 1D RSTP provides considerably faster convergence for topology changes Defines carrier sense multiple access with collision detection CSMA CD access method and physical layer specifications
81. restore the default Syntax radius server timeout number_of_seconds no radius server timeout number_of_seconds The number of seconds between 1 and 65 535 the switch waits for a reply before resending a request 4 50 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 4 7 Default Setting 5 Command Mode Global Configuration Example Console config radius server timeout 10 Console config show radius server Use this command to display the current settings for the RADIUS server Default Setting None Command Mode Privileged Exec Example Console show radius server Remote radius server configuration Server IP address 10 11 12 13 Communication key with radius server green Server port number 1812 Retransmit times 2 Request timeout 5 Console Chapter 4 Command Line Reference 4 51 4 3 4 8 tacacs server host Use this command to specify the TACACS server Use the no form to restore the default Syntax tacacs server host host_ip_address no tacacs server host host_ip_address IP address of server Default Setting None Command Mode Global Configuration Example Console config tacacs server host 192 168 1 25 Console config 4 3 4 9 tacacs server port Use this command to set the TACACS server network port Use the no form to restore the default Syntax tacacs server port port_number no tacacs server port port_number
82. spanning tree transmission limit Use this command to configure the minimum interval between the transmission of consecutive RSTP BPDUs Use the no form to restore the default Syntax spanning tree transmission limit count no spanning tree transmission limit count The transmission limit in seconds Range 1 10 Default Setting 3 Command Mode Global Configuration Command Usage This command limits the maximum transmission rate for BPDUs Example Console config spanning tree transmission limit 4 Console config 4 3 11 9 spanning tree cost Use this command to configure the spanning tree path cost for the specified interface Use the no form to restore the default 4 112 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Syntax Sspanning tree cost cost no spanning tree cost cost The path cost for the interface Range 1 200 000 000 The recommended range is Ethernet 200 000 20 000 000 Fast Ethernet 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 Default Setting Ethernet half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 a Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 a Gigabit Ethernet full duplex 10 000 trunk 5 000 Command Mode Interface Configuration Ethernet Port Channel Command Usage a This command is used by the spanning tree algorithm to determine the best path between devices Therefore
83. state of Link Aggregation Control Protocol LACP on the port Web Interface Displaying Connection Status for the Ports To display port status information and configure connections for one or more interfaces 1 Open Up Links Down Links Management Port gt Status 2 Select the check box next to the interface to configure 3 Click Configure See Configuring Interface Connections on page 3 102 19 CLI only To display this parameter through the Web interface see Setting the IP Address on page 3 12 20 CLI only To display this parameter through the Web interface see Configuring Interface Connections on page 3 102 21 CLI only Chapter 3 General Management of the Switch 3 97 Switch Status Switch Config Down Links Management Ports Monitoring Connection Status Link Aggregation VLANs Static Addresses Spanning Tree Sun Fire 81600 gt Up Links gt Connection Status Port Type 1000Base Tx The Up Links are the external LOO0 B4SE T ports from the switch into the data metwork The Up Links table displays the currant link status including link state speed dupla mode flow control auto negotiation and port security The link capabilities can be configured either by marking the chackbownext to the selected enteries and clicking configure or by clicking directly on the port Description Link Speed Flow AutoNeg Protect Status Duplex Control Status External RJ 45 connector NETO Enabled 100 full
84. statistics etherStatsTable e therStatsEntry etherStatsPktsxtoy Octets Access Read only Read only Read only Read only Read only Read only Read only Range Integer Integer Integer Integer Integer Integer Integer Chapter 3 General Management of the Switch 93 151 3 9 3 3 152 Showing SNMP Statistics You can display key statistics on SNMP traffic crossing the management port This information can be used to debug SNMP errors or to display the overall amount of SNMP traffic processed by the switch as well as any illegal attempts to access the switch through SNMP TABLE 3 45 SNMP Traffic Statistics Statistic Description SNMP packets input SNMP packets input Bad SNMP version errors Unknown community name Illegal operation for community name supplied Encoding errors Number of requested variables Number of altered variables Get request PDUs Get next PDUs Set request PDUs The total number of messages delivered to the SNMP entity from the transport service The total number of SNMP messages which were delivered to the SNMP protocol entity and were for an unsupported SNMP version The total number of SNMP messages delivered to the SNMP protocol entity which used a SNMP community name not known to said entity The total number of SNMP messages delivered to the SNMP protocol entity which represented an SNMP operation which was not allowed by the SN
85. sun staMgt staSystemStatus sun staMgt staProtocolType Access Read write Read write Value Range enabled 1 disabled 2 stp 1 rstp 2 Consists of bridge priority plus MAC address sun xstMgt mstInstanceCfgTable mstInstanceCfgEntry mstInstanceCfg DesignatedRoot sun xstMgt mstInstanceCfgTable mstInstanceCfgEntry mstInstanceCfgRootPort sun xstMgt mstInstanceCfgTable mstInstanceCfgEntry mstInstanceCfgRootCost sun staMgt xstMgt mstInstanceCfgTable mstInstanceCfgEntry mstInstanceCfg HelloTime sun staMgt xstMgt mstInstanceCfgTable mstInstanceCfgEntry mstInstanceCfgMaxA Age sun staMgt xstMgt mstinstanceCfgTable mstinstanceCfgEntry mstinstanceCfg ForwardDelay sun staMgt xstMgt mstInstanceCfgTable mstInstanceCfgEntry mstInstanceCfgPriority MIB II dotilastp dotidStp BridgeHelloTime Read only Read only Read only Read only Read only Read only Read write Read write Octet string Integer Integer Integer Integer Integer Integer 0 61440 Integer 100 1000 centiseconds Default Value enabled rstp 200 centiseconds 2000 centiseconds 1500 centiseconds 32768 200 centiseconds Chapter 3 General Management of the Switch 3 75 TABLE 3 19 MIB Variables Associated With Basic STA Settings Continued Field Name MIB Variable Access Value Range Default Value Bridge MIB
86. table for filtering specified addresses 4 98 displaying current entries clearing the table or setting the aging time Configures secure addresses for a port 4 103 Configures Spanning Tree settings for the switch 4 105 Configures VLAN settings and defines port membership for 4 120 VLAN groups Configures GVRP settings that permit automatic VLAN 4 131 learning shows the configuration for bridge extension MIB Configures IGMP multicast filtering querier eligibility query 4 138 parameters and specifies ports attached to a multicast router Chapter 4 Command Line Reference 4 11 TABLE 4 4 Command Groups Continued Command Group Description Page Priority Sets port priority for untagged frames relative weight for 4 150 each priority queue and the maximum number of queues enabled also sets priority for IP precedence and DSCP Mirror Port Mirrors data to another port for analysis without affecting 4 164 the data passing through or the performance of the monitored port Link Aggregation Statically groups multiple ports into an aggregated link 4 166 and LACP configures Link Aggregation Control Protocol for aggregated links The access mode shown in the following tables is indicated by these abbreviations m NE Normal Exec m PE Privileged Exec m GC Global Configuration a IE Interface Configuration m LC Line Configuration m VC VLAN Database Configuration 4 12 Sun Fire B1600 Blade System Chassis Switch Administration
87. the switch Only the VLAN containing the management port should be assigned an IP address If you assign an IP address to any other VLAN the original IP address is immediately disabled and the new address takes immediate effect When setting the switch IP configuration using the web interface or CLI the following parameters are displayed or can be configured Current IP Address The current address of the VLAN interface that is allowed management access ms MAC Address The physical layer address for this switch m Management VLAN The VLAN through which you can manage the switch By default the management port NETMGT is configured as a member of this VLAN that is VLAN 2 However if you change the Management VLAN you will lose management access to the switch unless the NETMGT port has already been configured as a member of the new VLAN If this occurs you will have to use the console interface to add the NETMGT port to the newly configured Management VLAN See Section 4 3 12 8 switchport allowed vlan on page 127 m IP Address Mode The method through which IP functionality is enabled The options are manual configuration Static Dynamic Host Configuration Protocol DHCP or Boot Protocol BOOTP If DHCP BOOTP is enabled IP will not function until a reply has been received from the server Requests are broadcast periodically by the switch for IP configuration settings DHCP BOOTP values can include the I
88. the local switch page 4 135 GMRP GARP Multicast Registration Protocol GMRP allows network devices to register end stations with multicast groups This switch does not support GMRP it uses the Internet Group Management Protocol IGMP to provide automatic multicast filtering Chapter 4 Command Line Reference 4 137 Example Console tshow bridge ext Max support vlan numbers 255 Max support vlan ID 4094 Extended multicast filtering services No Static entry individual port Yes VLAN learning IVL Configurable PVID tagging Yes Local VLAN capable Yes Traffic classes Enabled Global GVRP status Enabled GMRP Disabled Console 4 3 14 IGMP Snooping Commands This switch uses IGMP Internet Group Management Protocol to query for any attached hosts that want to receive a specific multicast service It identifies the ports containing hosts requesting a service and sends data out to those ports only It then propagates the service request up to any neighboring multicast switch router to ensure that it continues to receive the multicast service TABLE 4 19 IGMP Snooping Commands Command Function Mode Page Basic IGMP Commands ip igmp snooping Enables IGMP snooping GC 4 139 ip igmp snooping Adds an interface as a member of a multicast group GC 4 140 vlan static ip igmp snooping Configures the IGMP version for snooping GC 4 141 version show ip igmp Shows the IGMP snooping configuration PE 4 142 snooping show br
89. the switch to automatically aggregate ports based on configuration information Enable LACP Disable LACP NETPO NETP1 NETP2 NETP3 NETP4 NETPS NETEP6 NETE Haad ma aaa o Enabled Enabled Disabled Disabled Disabled Disabled Disabled Disabled I FIGURE 3 35 The Uplink gt Link Aggregation Window Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Command line Interface Dynamic Aggregated Links LACP The following example enables LACP for ports NETPO and NETP1 These ports can be connected to two LACP enabled ports on another switch to form an aggregated link Console config interface ethernet NETPO Console config if lacp Console config if exit Console config interface ethernet NETP1 Console config if lacp Console config if end Console show interfaces status port channel 1 Information of Trunk 1 Basic information Port type 1000T Mac address 00 00 E8 66 66 83 Configuration Name Port admin Up Speed duplex Auto Capabilities L0halr 1L0full L0Ghalt 100furk T000fuLll Flow control status Disabled Current status Created by Lacp Link status Up Port operation status Up Operation speed duplex 1000full Flow control type None Member Ports NETPO NETP1 Console Chapter 3 General Management of the Switch 3 109 MIB Variables Associated With Dynamic Aggregated Links TABLE 3 34 MIB Variables Associated With Dynamic Aggregated Links Fi
90. timer Use this command to set the values for the join leave and leaveall timers Use the no form to restore the timers default values Syntax garp timer join leave leaveall timer_value no garp timer join leave leaveall a join leave leaveall1 The timer to set a timer_value Value of timer Range join 20 1000 centiseconds leave 60 3000 centiseconds leaveall 500 18000 centiseconds Chapter 4 Command Line Reference 4 133 Default Setting a join 20 centiseconds a leave 60 centiseconds leaveall 1000 centiseconds Command Mode Interface Configuration Ethernet Port Channel Command Usage a Group Address Registration Protocol GARP is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be changed unless you are experiencing difficulties with GMRP or GVRP registration deregistration Timer values are applied to GVRP for all the ports on all VLANs Timer values must meet the following restrictions leave gt 2 x join leaveall gt leave Note Set GVRP timers on all Layer 2 devices connected in the same network to the same values Otherwise GVRP will not operate successfully Example Console config interface ethernet SNP1 Console config if garp timer join 100 Console config if Related Command
91. to restore the default Syntax Spanning tree mode stp rstp no spanning tree mode stp Spanning Tree Protocol IEEE 802 1D Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 rstp Rapid Spanning Tree Protocol IEEE 802 1w Default Setting rstp Command Mode Global Configuration Command Usage a Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below a SIP Mode If the switch receives an 802 1D BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs a RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Example The following example configures the switch to use Rapid Spanning Tree Console config spanning tree mode rstp Console config 4 3 11 3 spanning tree forward time Use this command to configure the spanning tree bridge forward time globally for this switch Use the no form to restore the default Syntax Spanning tree forward time seconds no spanning tree forward time seconds The time in seconds Range 4 30 seconds Chapter 4 Command Line Refere
92. tree bridge maximum age globally for this switch Use the no form to restore the default Syntax Spanning tree max age seconds no spanning tree max age seconds The time in seconds Range 6 40 seconds The minimum value is the higher of 6 or 2 x hello time 1 The maximum value is the lower of 40 or 2 x forward time 1 Default Setting 20 seconds Chapter 4 Command Line Reference 4 109 Command Mode Global Configuration Command Usage This command sets the maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becomes the designated port for the attached LAN If it was a root port a new root port is selected from among the device ports attached to the network Example Console config spanning tree max age 40 Console config 4 3 11 6 spanning tree priority Use this command to configure the spanning tree priority globally for this switch Use the no form to restore the default Syntax spanning tree priority priority no spanning tree priority priority Priority of the bridge O highest 61440 lowest Range 0 to 61 440 in steps of 4096 Options 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 5
93. web interface or CLI the following parameters can be configured m Ports The interface port or link and assigned default class of service priority m Default COS Priority The priority between 0 and 7 that is assigned to untagged frames received on the specified interface The default is 0 Web Interface Configuring Class of Service Open Switch Config Class of Service gt Basic Traffic Prioritisation Scroll to Setting the Default CoS Priority for Ports Select an interface from the Ports list Select the default priority Click Save 12 CLI displays this information as Priority for untagged traffic 3 78 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Switch Config Security Communication VLANs Broadcast amp Multicast Spanning Tree Class of Service Addres Sun Fire B1600 gt Switch Config gt Class of Service View Basic Traffic Priarntisatian Setting the default Cos Priority for Ports Ports NETP2 cos 0 METF3 COS 0 NETP4 coso NETPS coso Default COS Priority s 0 7 d FIGURE 3 25 The Switch Config Class of Service Command line Interface Configuring Class of Service This example assigns a default priority of 5 to port NETP1 Console config interface ethernet NETP1 Console config if switchport priority default 5 Console show interfaces switchport ethernet NETP1 Information of NETP
94. 0 to 2 000 000 and Gigabit Ethernet 2000 to 200 000 Chapter 3 General Management of the Switch 3 129 a The default values for Ethernet connections are 2 000 000 half duplex 1 000 000 full duplex and 500 000 aggregated link The default values for Fast Ethernet connections are 200 000 half duplex 100 000 full duplex and 50 000 aggregated link The default values for Gigabit Ethernet connections are 10 000 full duplex and 5000 aggregated link Note When the Path Cost Method is set to short page 3 76 the maximum path cost is 65 535 m Admin Link Type The link type attached to the interface The default is Auto a Point to Point A connection to exactly one other bridge a Shared A connection to two or more bridges a Auto The switch automatically determines if the interface is connected to a point to point link or to shared media m Admin Edge Port You can enable this option if an interface is connected to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the inte
95. 00 Blade System Chassis Switch Administration Guide June 2003 When you connect through a web browser the switch provides HTTP management access with a graphical user interface The information provided by SNMP can be displayed by an appropriately configured management application that is able to use SNMP 1 2 1 2 1 LAZNA Description of Hardware The SSC includes the switch board the SC cooling fans as well as midplane and rear panel connectors The SC provides management access to the server chassis and switch board The SC also drives the system indicators duplicate copies of which are located on the front and rear of the Sun Fire B1600 blade system chassis Ethernet Ports Up link Ports Eight external RJ 45 ports support IEEE 802 3x auto negotiation of speed duplex mode and flow control Each port can operate at 10 Mbit sec 100 Mbit sec and 1000 Mbit sec full and half duplex and control the data stream to prevent buffers from overflowing The up link ports can be connected to other IEEE 802 3ab 1000BASE T compliant devices up to 100 m 328 ft away using Category 5 twisted pair cable These ports also feature automatic MDI MDI X operation so you can use straight through cables for all connections The up link ports are named NETPO to NETP7 in the configuration interface Note When using auto negotiation the speed transmission mode and flow control can be automatically set if this feature is also support
96. 02 10 IEEE 802 1p Glossary 2 Provides a framework for passing configuration information to hosts on a TCP IP network DHCP is based on the Bootstrap Protocol BOOTP adding the capability of automatic allocation of reusable network addresses and additional configuration options A workstation server or other device that does not act as a network interconnection A network communication system developed and standardized by DEC Intel and Xerox using baseband transmission CSMA CD access logical bus topology and coaxial cable The successor IEEE 802 3 standard provides for integration into the OSI model and extends the physical layer and media with repeaters and implementations that operate on fiber thin coax and twisted pair cable A 100 Mbit sec network communication system based on Ethernet and the CSMA CD access method Transmission method that allows switch and network card to transmit and receive concurrently effectively doubling the bandwidth of that link Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work automatically over a Spanning Tree network GARP is a protocol that can be used by end stations and switches to register and propagate multicast group membership information in a switched environment so that multicast data frames are propagated only to those parts of a switched LAN containing
97. 0full 1000full flowcontrol and symmetric When auto negotiation is enabled with the negotiation command the switch negotiates the best settings for a link based on the capabilites command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcontrol commands a NETMGT port capabilities are fixed at 10half 10full 100half 100full 4 88 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 8 6 Example The following example configures port NETP5 capabilities to 100half 100full and flowcontrol config interface ethernet NETP5 config if no capabilities 10half config if no capabilities 10hfull config if no capabilities 1000full config if capabilities 100half Console Console Console Console Console Console Console Console config if capabilities 100full config if capabilities flowcontrol ee M ee ee config if Related Commands negotiation 4 86 speed duplex 4 85 flowcontrol 4 89 flowcontrol Use this command to enable flow control Use the no form to disable flow control Note The integrated switches in the Sun Fire B1600 blade system chassis are each composed of two switch chips linked together It is only possible to enable flow control between two ports on the same switch chip The ports NETPO NETP1 NETP4 NETP5 and SNP8 through SNP15 are on one switch chip The ports NETP2 NETP3 NETP6 N
98. 1 Broadcast threshold Enabled 256 packets second Lacp status Disabled VLAN membership mode Hybrid Ingress rule Disabled Acceptable frame type All frames Native VLAN 1 Priority for untagged traffic 5 Gvrp status Enabled Allowed Vlan 1 u Forbidden Vlan Console Chapter 3 General Management of the Switch 3 79 MIB Variables Associated With Class of Service TABLE 3 21 MIB Variables Associated With Class of Service Field Name MIB Variable Access Value Range Default Value Port Default MIB II Read write Integer 0 7 0 User Priority dotldBridge pBridgeMIB pBridgeMIBObjects dot1idPriority dotlidPortPriorityTable dotlidPortPriorityEntry dotldPortDefault UserPriority D002 Mapping COS Values to Egress Queues This switch processes Class of Service COS priority tagged traffic by using four priority queues for each port with service schedules based on Weighted Round Robin page 3 84 Up to eight separate traffic priorities are defined in the IEEE 802 1p standard The default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown in the following table TABLE 3 22 IEEE 802 1p Default Priority Recommendations Priority 3 80 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 The priority levels recommended in the IEEE 802 1p standard for various network applications are shown in the following table However you can map the priori
99. 2 docs sun com Sun Fire et Solaris sont des marques de fabrique ou des marques d pos es de Sun Microsystems Inc aux Etats Unis et dans d autres pays Toutes les marques SPARC sont utilis es sous licence et sont des marques de fabrique ou des marques d pos es de SPARC International Inc aux Etats Unis et dans d autres pays Les produits protant les marques SPARC sont bas s sur une architecture d velopp e par Sun Microsystems Inc L interface d utilisation graphique OPEN LOOK et Sun a t d velopp e par Sun Microsystems Inc pour ses utilisateurs et licenci s Sun reconnait les efforts de eee de Xerox pour la recherche et le d veloppment du concept des interfaces d utilisation visuelle ou graphique pour l industrie de l informatique Sun d tient une license non exclusive do Xerox sur l interface d utilisation graphique Xerox cette licence couvrant galement les licenci es de Sun qui mettent en place l interface d utilisation graphique OPEN LOOK et quien outre se conforment aux licences crites de Sun LA DOCUMENTATION EST FOURNIE EN L ETAT ET TOUTES AUTRES CONDITIONS DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE YCOMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE A L APTITUDE A UNE UTILISATION PARTICULIERE OU A L ABSENCE DE CONTREFA ON Ka Adobe PostScript Copyright c 2003 Sun Microsystems Inc 4150
100. 2 10 show vlan Use this command to show VLAN information Syntax show vlan id vlan id name vlan name id Keyword to be followed by the VLAN ID vlan id ID of the configured VLAN Range 1 4094 no leading zeroes name Keyword to be followed by the VLAN name vlan name ASCII string from 1 to 15 characters Default Setting Shows all VLANs Command Mode Normal Exec Privileged Exec 4 130 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 13 Example The following example shows how to display information for VLAN 1 Console show vlan id 1 Status Ports Channel groups 1 Static DefaultVlan Active SNPO SNP1 SNP2 SNP3 SNP4 SNP5 SNP6 SNP7 SNP8 SNP9 SNP10 SNP11 SNP12 SNP13 SNP14 SNP15 NETPO NETP1 NETP2 NETP3 NETP4 NETP5 NETP6 NETP7 2 Static Active NETMGT Console GVRP and Bridge Extension Commands GARP VLAN Registration Protocol GVRP defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network This section describes how to enable GVRP for individual interfaces and globally for the switch as well as how to display default configuration settings for the Bridge Extension MIB TABLE 4 18 GVRP and Bridge Extension Commands Command Function Mode Page Interface Commands switchport gvrp Enables GVRP for an interface IC 4 132 switchport Configures forbidden VLANs for an interface IC 4 129
101. 255 255 255 0 0 0 0 0 0 0 0 0 80 Console config This example drops any TCP packets from source 10 7 1 1 to destination 10 8 1 1 with the source port between 30 46 and the destination port between 100 2000 Console config ip filter deny tcp 10 7 1 1 255 255 255 255 30 46 10 8 1 1 255 255 255 255 100 2000 Console config 4 3 7 9 show ip filter Use this command to display all rules in the IP filter table Syntax show ip filter rule number log a rule number Display a filter rule at the specified position in the table Range 1 128 log Display all packets stored in the log buffer Note that packets stored in this buffer must match the rules in the filter table The maximum number of entries stored in the log buffer is 64 If no options are selected all packets in the log buffer are displayed Default Setting None Chapter 4 Command Line Reference 4 81 Command Mode Privileged Exec Example In this example the only specified rule permits packets within the subnet 10 1 0 x to pass between the management port and the down link ports Console tshow ip filter i gt Falcer Rule 1 Action permit Protocol any Log disable Fragments disable Source 10 1 0 0 255 255 255 0 any Destination 10 1 0 0 25512554255 0 any 4 82 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 8 4 3 8 1 Interface Commands These commands are used to display o
102. 3 m Duration The address can be set to the following type Permanent The assignment is permanent and restored after the switch is reset a Delete on Reset The assignment lasts until the switch is reset Web Interface Configuring Static Addresses Open Up Links Down Links gt Address Filtering Select the interface Select Secure Port to enable port security Select VLAN MAC address and duration Click Add g f up Links r Sun Fire 61600 gt Up Links gt Static Addresses Static Addresses Select Port NETP4 Secure port to prevent dynamic learning of new addresses Secured Unsecured Number of Static Addresses Static MAC Addresses Assigned to Port in a VLAN 1 DefaultVlan 00 80 C8 00 00 01 Permanent 1 DefaultVlan O0 80 C8 00 00 02 Delete on Reset VLAN MAC Address Duration fi Default lan Delete on Reset FIGURE 3 39 The Up Links gt Static Addresses Window r Connection Status Link Aggregation VLANs Static Addresses Spanning Tree static address can be assigned to a specific interface an the switch Static addresses are bound ta the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be written to the address table i 3 4 5 2 Command line Interface Configuring Static Addresses This example adds the same items to the static address table Console config
103. 3 4 2 1 Web Interface Configuring Interface Connections 3 103 9A 2 2 Command line Interface Configuring Interface Connections 3 105 3 4 2 3 MIB Variables Inspecting or Configuring Interface Connections 3 105 Configuring Aggregated Links 3 107 3 4 3 1 Dynamically Configuring an Aggregated Link with LACP 3 108 3 4 3 2 Statically Configuring an Aggregated Link 3 111 Configuring VLAN Behavior for Interfaces 3 114 3 4 4 1 Web Interface Configuring VLAN Behavior for Interfaces 3 115 3 4 4 2 Command line Interface Configuring VLAN Behavior for Interfaces 3 117 3 4 4 3 MIB Variables Associated With VLAN Behavior of Interfaces 3 118 Configuring Static Addresses 3 121 3 4 5 1 Web Interface Configuring Static Addresses 3 122 3 4 5 2 Command line Interface Configuring Static Addresses 3 123 3 4 5 3 MIB Variables Associated With Static Addresses 3 123 Managing Interfaces for Spanning Tree Algorithm 3 125 viii Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 5 3 4 7 3 4 6 1 Displaying the Current Interface Settings for STA 3 125 3 4 6 2 Configuring Interface Settings for STA 3 129 3 4 6 3 Checking the STA Protocol Status for Interfaces 3 132 Filtering Traffic From the Down Link Ports to the Management Port 3 134 3 4 7 1 Web Interface Filtering Traffic to the Management Port 3 135 3 4 7 2 Command line Interface Filtering Traffic to the Management Port 3 136 3 4 7 3 MIB Vari
104. 3 45 3 3 1 3 3 46 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 MIB Variables Associated With GVRP TABLE 3 12 MIB Variables Associated With GVRP Field Name MIB Variable Access GVRP Status MIB IIL Read write dotlidBridge QqBridgeMIB gqBridgeMIBObjects dotiqgBase dotligGvrpStatus Configuring VLANs Default Value disabled When configuring VLANs using the web interface or CLI the following parameters are displayed or can be configured a ID The ID of configured VLAN 1 to 4094 Name The name of the VLAN 1 to 15 characters m Status The current operational state of the VLAN Enable Active The VLAN is active s Disable Suspend The VLAN is suspended that is it does not pass packets m Creation Type The method by which the VLAN was added to the switch Dynamic GVRP Dynamic Automatically learned through GVRP Permanent Static Manually configured as a static entry m Ports Channel groups The interfaces that are members of the VLAN Web Interface Configuring VLANs To create a new VLAN follow these steps Open Switch Config VLANs Type the new VLAN ID and name Set the status to Enabled or Disabled Click Add To modify existing VLANs Select one or more entries 9 CLI displays these terms 2 Click Enable Disable or Remove To add interfaces to a VLAN 1 Select an entry 2 Click Membershi
105. 4 address table 3 92 4 100 aging time 3 94 4 101 aggregated links 4 166 aging time 3 94 4 101 B BOOTP 3 16 4 71 broadcast storm port setting 3 103 4 91 threshold 3 67 4 91 C Class of Service See CoS CLI 4 2 command line interface See CLI community string 2 3 3 34 4 55 configuration settings saving 2 4 saving or restoring 3 25 4 20 console port configuring 4 62 connection 4 2 CoS configuring 3 78 4 150 default priority 3 78 4 151 layer 3 4 priorities 3 85 4 151 queue mapping 3 78 4 153 service weight 3 84 4 152 D DHCP 3 16 4 71 client identifier 3 12 4 72 Differentiated Services Code Point See DSCP down link ports 1 4 downloading software 3 21 4 20 DSCP 3 90 4 159 E edge port STA 3 126 4 115 encrypted passwords 4 30 4 31 4 65 error messages B 5 command line errors B 6 logging 4 34 system errors B 6 Web interface B 9 F filtering traffic management port 3 134 4 77 firmware version displaying 3 18 4 44 firmware upgrading 3 21 4 20 G GARP 3 114 4 134 setting timers 3 115 4 134 GARP VLAN Registration Protocol See GVRP Group Address Registration Protocol See GARP GVRP 3 40 3 114 4 131 Index 1 description 3 40 global setting 3 45 4 135 interface configuration 3 115 4 132 IEEE 802 1D 3 70 4 106 IEEE 802 1w 3 70 4 107 IGMP 3 54 4 138 ingress filtering 3 114 4 125 Internet Group Management Protocol See IGMP IP add
106. 4 3 6 7 4 3 7 4 3 7 1 4 3 7 2 4 3 7 3 4 3 7 4 radius server key 4 49 radius server retransmit 4 50 radius server timeout 4 50 show radius server 4 51 tacacs server host 4 52 tacacs server port 4 52 tacacs server key 4 53 show tacacs server 4 54 snmp server community 4 55 snmp server contact 4 56 snmp server location 4 57 snmp server host 4 57 snmp server enable traps 4 59 show snmp 4 60 Line Commands 4 62 line 4 62 login 4 63 password 4 64 exec timeout 4 66 password thresh 4 66 silent time 4 67 show line 4 68 IP Commands 4 69 ip address 4 70 ip dhcp restart 4 71 ip dhcp client identifier 4 72 ip default gateway 4 74 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 8 4 3 9 4 3 10 4 3 11 4 3 7 5 4 3 7 6 4 3 7 7 4 3 7 8 4 3 7 9 Interface Commands show ip interface 4 75 show ip redirects 4 75 ping 4 76 ip filter 4 77 show ip filter 4 81 4 83 4 3 8 1 interface 4 83 4 3 8 2 description 4 84 4 3 8 3 speed duplex 4 85 4 3 8 4 negotiation 4 86 4 3 8 5 capabilities 4 87 4 3 8 6 flowcontrol 4 89 4 3 8 7 shutdown 4 91 4 3 8 8 switchport broadcast packet rate 4 91 4 3 8 9 clear counters 4 93 4 3 8 10 show interfaces status 4 93 4 3 8 11 show interfaces counters 4 95 4 3 8 12 show interfaces switchport 4 96 Address Table Commands 4 98 4 3 9 1 mac address table static 4 99 4 3 9 2 clear mac address table dynamic 4 100 4 3 9 3 show mac address t
107. 4 3 9 4 mac address table aging time Use this command to set the aging time for entries in the address table Use the no form to restore the default aging time Chapter 4 Command Line Reference 4 101 Syntax mac address table aging time seconds no mac address table aging time seconds The time is the number of seconds 18 to 2184 Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example Console config mac address table aging time 300 Console config 4 3 9 5 show mac address table aging time Use this command to show the aging time for entries in the address table Default Setting None Command Mode Privileged Exec 4 102 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 10 4 3 10 1 Example Console show mac address table aging time Aging time 300 sec Console Port Security Commands These commands can be used to disable the learning function or manually specify secure addresses for a port You might want to leave port security off for an initial training period enable the learning function to register all the current VLAN members on the selected port and then enable port security to ensure that the port drops any incoming frames with a source MAC address that is unknown or has been previously learned from another port TABLE 4 15 Port Securi
108. 600 Blade System Chassis Switch Administration Guide June 2003 Scroll down to the VLAN membership table and configure the VLANs required for the selected interface Up Links Connection Status Link Aggregation YLANS Static Addresses Spanning Tree Configure YLANS on Selected Port s fou can use these list boxes to statically assign VLANs to the selected port All VLANS Membership VLANs 3 R amp D 1 DefaultVlan Allowfuntagged 5 Marketing Add Untagged P Mgt lan Forbidden 4 Finance Allow tagged Add Forbidden gt Save Cancel 5 FIGURE 3 38 The Up Links gt VLANs Window cont d 3 4 4 2 Command line Interface Configuring VLAN Behavior for Interfaces This example sets port NETP4 to accept only tagged frames assigns PVID 4 as the native VLAN ID enables GVRP sets the GARP timers and then sets the switchport mode to hybrid Console Console Console Console Console Console Console Console Console Console Console Console config interface ethernet NETP4 config if switchport acceptable frame types tagged config if no switchport ingress filtering config if switchport allowed vlan add 4 tagged config if switchport native vlan 4 config if switchport gvrp config if garp timer join 10 config if garp timer leave 90 config if garp timer leaveall 2000 config if switchport mode hybrid config if switchport forbidden vlan add 3 config if
109. 7344 61440 Default Setting 32768 Command Mode Global Configuration 4 110 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 11 7 Command Usage Bridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device O highest 61440 lowest However if all devices have the same priority the device with the lowest MAC address will then become the root device Example Console config spanning tree priority 40000 Console config spanning tree pathcost method Use this command to configure the path cost method used for Rapid Spanning Tree Use the no form to restore the default Syntax Spanning tree pathcost method long short no spanning tree pathcost method a long Specifies 32 bit based values that range from 1 200 000 000 short Specifies 16 bit based values that range from 1 65535 Default Setting short method Command Mode Global Configuration Command Usage The path cost method is used to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Note that path cost page 4 112 takes precedence over port priority page 4 114 Chapter 4 Command Line Reference 4 111 Example Console config spanning tree pathcost method long Console config 4 3 11 8
110. AN settings by entering the show vlan command a Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the running configuration file and you can display this file by entering the show running config command Example Console config vlan database Console config vlan Related Commands show vlan 4 130 vlan Use this command to configure a VLAN Use the no form to restore the default settings or delete a VLAN Chapter 4 Command Line Reference 4 121 Syntax vlan vlan id name vlan name media ethernet state active suspend no vlan vlan id name state a vlan id ID of configured VLAN Range 1 4094 no leading zeroes name Keyword to be followed by the VLAN name vlan name ASCII string from 1 to 15 characters media ethernet Ethernet media type a state Keyword to be followed by the VLAN state a active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets Default Setting By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration Command Usage no vlan vlan id deletes the VLAN no vlan vlan id name removes the VLAN name no vlan vlan id state returns the VLAN to the default state active a VLAN 1 cannot be suspended but any other VLAN can be suspended You can configure up to 255 VLANs on the switch
111. B Troubleshooting If you are having problems connecting to the network check your network cabling to ensure that the device in question is properly connected to the network Then see Diagnosing Switch Indicators on page B 2 to verify that the corresponding port on the switch is functioning properly If you are having problems connecting to the management interface see the troubleshooting chart under Accessing the Management Interface on page B 2 This appendix contains the following sections Section B 1 Diagnosing Switch Indicators on page B 2 Section B 2 Diagnosing Port Connections on page B 2 Section B 3 Accessing the Management Interface on page B 2 Section B 4 Using System Logs on page B 4 Section B 5 Error Messages on page B 5 B 1 B 1 Diagnosing Switch Indicators If you have a connected a device to a port on the switch but the Link LED is off then check the following items m Be sure the cable is plugged into both the switch and corresponding device m Verify that the proper cable type is used and its length does not exceed specified limits m Check the adapter on the connected device and cable connections for possible defects Replace the defective adapter or cable if necessary Verify that all system components have been properly installed If any network cabling appears to be malfunctioning test it in an alternate environment where you are sure that all the other
112. Bridge QqBridgeMIB gqBridgeMIBObjects dotiqVlan dotligPortVlanTable dotigqPortVlanEntry dotigVlanForbidden EgressPorts Access Read create Read create Read create Read create Value Range Default Value Octet string size 0 32 enable 1 disable 2 Octet string port list Octet string port list Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 4 5 Configuring Static Addresses You can use address filtering to set static addresses that are bound to a specific port and VLAN or to enable port security that restricts all inbound traffic to the entries currently listed in the address table including either dynamic or static addresses Note the following points about static addresses and port security Setting Static Addresses A static address can be assigned to a specific interface on the switch When a static address that is currently bound to an interface is seen on another interface the new interface that sees it does not accept or transmit data from or for that address and does not include the address in its address table Configuring Port Security If you enable port security the switch stops dynamically learning new addresses on the specified port Only incoming traffic with source addresses already stored in the dynamic address table are accepted To use port security first allow the switch to dynamically learn the lt source MAC addres
113. BridgeMIB gqBridgeMIBObjects Read only dotligBase dotiqMaxSupportedv lans MIB II dotlidBridge pBridgeMIB pBridgeMIBObjects Read only dotidExtBase dot1ldDeviceCapabi lities MIB Variables Associated With Basic VLAN Information Default Value Range Value version 1 version1l Integer 4094 Integer 255 Bit String 2 3 6 7 ExtendedFiltering dotidServices 0 dotldTrafficClasses 1 StaticEntry dot1ldIndividualPort 2 dotidIVLCapable 3 dotldSVLCapable 4 dotldHybridCapable 5 dotldConfigurablePvi d dotidTagging 6 dotidLocalVlanCapable 7 Chapter 3 General Management of the Switch 3 43 3 44 TABLE 3 11 MIB Variables Associated With Basic VLAN Information Continued Field Name Value Range Traffic Classes Enabled GMRP Status GVRP Status MIB Variable MIB II dotidBridge pBridgeMIB pBridgeMIBObjects dotldExtBase dotidTrafficClasses Enabled MIB II dotidBridge pBridgeMIB pBridgeMIBObjects dotldExtBase dotldGmrpStatus MIB II dotidBridge qBridgeMIB qBridgeMIBObjects dotlqBase dotlqGvrpStatus Access Read write Read write Read write true 1 false 2 enabled 1 disabled 2 enabled 1 disabled 2 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Default Value true disabled disabled Ope laZ Enabling or Disabling GVRP Global Setting GARP VLAN Registration P
114. C address or address type any combination for the search criteria 3 Click Query Switch Contig Security Communication VLANs Broadcast amp Multicast Spanning Tree Class of Service Address Tables SSS SS Ses Sun Fire B1600 gt Switch Config gt Address Tables Dynamic and Static MAC Addresses Assigned to Port in a VLAN To find the dynamic and static addresses registered is the switch address table use the checkboxes to select a search criteria to query on Dynamic entries can be given a global aging time Portia VLAN ID MAC Address Address Type hw netro m 2mgtvian m foo o0 00 00 o0 01 m Dynamic Port ID WYLAN ID MAC Address Address Type NETPO 1 Default Vlan 00 00 4B CD 00 04 0 O Dyanmic ME TPO 1 Default lan DO 10 BS b2 O3 74 Dyanmic FIGURE 3 31 The Switch Config Address Tables Window Command line Interface Viewing the Address Tables This example displays the address table entries for port NETP1 Console show mac address table interface ethernet NETP1 Interface Mac Address Vlan Type NETPO 00 20 9c 23 cd 61 1 Dynamic Console Chapter 3 General Management of the Switch 3 93 MIB Variables Associated With the Address Tables TABLE 3 30 MIB Variables Associated With the Address Tables Field Name MIB Variable Access Interface MIB II Read only dot1dBridge dot1dTp dot1dTpFdbTable dot1 dTpFdbEntry dot1ldTpFdbPort MAC Address MIB II Read only dot1dBridge dot1dTp dot1
115. Console config if Related Commands negotiation 4 86 capabilities flowcontrol symmetric 4 87 4 90 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 8 7 4 3 8 8 shutdown Use this command to disable an interface To restart a disabled interface use the no form Syntax shutdown no shutdown Default Setting All interfaces are enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This command allows you to disable a port due to abnormal behavior for example excessive collisions and then reenable it after the problem has been resolved You may also want to disable a port for security reasons Example The following example disables Ethernet port SNP5 Console config interface ethernet SNP5 Console config if shutdown Console config if switchport broadcast packet rate Use this command to configure broadcast storm control Use the no form to disable broadcast storm control Chapter 4 Command Line Reference 4 91 Syntax switchport broadcast packet rate rate no switchport broadcast rate The threshold level in packets per second Range 16 64 128 256 Default Setting Enabled for all ports 256 packets per second Command Mode Interface Configuration Ethernet Command Usage m When broadcast traffic exceeds the specified threshold packets above that threshold are dropped a This command can
116. Console configure Console config Chapter 4 Command Line Reference 4 9 To enter the other modes at the configuration prompt type one of the following commands Use the exit command to return to Configuration mode or the end command to return to Privileged Exec mode TABLE 4 2 Configuration Modes Mode Command Prompt See Page Interface interface ethernet port port Console config if 4 83 channel id vlan id Line line console vty Console config line 4 62 VLAN vlan database Console config vlan 4121 For example you can use the following commands to enter interface configuration mode and then return to Privileged Exec mode Console config interface ethernet SNP5 Console config if exit Console config 4 1 2 12 Command Line Processing Commands are not case sensitive You can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters You can use the Tab key to complete partial commands or enter a partial command followed by the character to display a list of possible matches You can also use the following editing keystrokes for command line processing TABLE 4 3 CLI Editing Keystrokes Keystrokes Function Ctrl A Shifts cursor to start of command line Ctrl B Shifts cursor to the left one character Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one character Ctrl P
117. Control MAC Management Information Base MIB Multicast Switching Out of Band Management Port Mirroring Remote Monitoring RMON Remote Authentication Dial in User Service RADIUS RJ 45 Connector Glossary 4 Data Link layer in the ISO 7 Layer Data Communications Protocol This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses Network layer in the ISO 7 Layer Data Communications Protocol This layer handles the routing functions for data moving from one open system to another Defines a network link aggregation method which specifies how to create a single high speed logical link that combines several lower speed physical links Allows ports to automatically negotiate an aggregated link with LACP configured ports on another device A portion of the networking protocol that governs access to the transmission medium facilitating the exchange of data between network nodes An acronym for Management Information Base It is a set of database objects that contains information about a specific device A process whereby the switch filters incoming multicast frames for services for which no attached host has registered or forwards them to all ports contained within the designated multicast VLAN group Management of the network from a station not attached to the network A method whereby data on a target port is mirrored to a monitor port for troublesho
118. D are sent untagged hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames Default Setting All ports are in hybrid mode with the PVID set to VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Example The following shows how to set the configuration mode to port SNP1 and then set the switchport mode to hybrid Console config interface ethernet SNP1 Console config if switchport mode hybrid Console config if 4 3 12 5 switchport acceptable frame types Use this command to configure the acceptable frame types for a port Use the no form to restore the default Syntax switchport acceptable frame types all tagged no switchport acceptable frame types all The port accepts all frames tagged or untagged a tagged The port only receives tagged frames 4 124 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 12 6 Default Setting All frame types Command Mode Interface Configuration Ethernet Port Channel Command Usage When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Example The following example shows how to restrict the traffic received on SNP1 to tagged frames Console config interface ethernet SNP1 Console config if switchport acceptable frame types tagged Console config if switchport ingress filtering Use this comman
119. ETP7 and SNPO through SNP7 are on the other If you look at the rear panel of the SSC all the ports on the right are on one chip and all the ports on the left are on the other Syntax flowcontrol no flowcontrol Default Setting Flow control enabled Chapter 4 Command Line Reference 4 89 Command Mode Interface Configuration Ethernet Port Channel Command Usage a Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When enabled back pressure is used for half duplex operation and IEEE 802 3x for full duplex operation a To force flow control on or off with the Llowcontrol orno flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface a When using the negotiation command to enable auto negotiation the optimal settings will be determined by the capabilities command To enable flow control under auto negotiation flowcontrol must be included in the capabilities list for any port Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub Example The following example enables flow control on port NETP7 Console config interface ethernet NETP7 Console config if lowcontrol Console config if no negotiation
120. GC 4 48 radius server key Sets the RADIUS encryption key GC 4 49 radius server Sets the number of retries GC 4 50 retransmit radius server Sets the interval between sending authentication GC 4 50 timeout requests show radius server Shows the current RADIUS settings PE 4 51 TACACS Client tacacs server host Specifies the TACACS server GC 4 52 tacacs server port Sets the TACACS server network port GC 4 52 tacacs server key Sets the TACACS encryption key GC 4 53 show tacacs server Shows the current TACACS settings PE 4 54 4 3 4 1 authentication login Use this command to define the login authentication method and precedence Use the no form to restore the default Syntax authentication login local radius tacacs no authentication login a local Use local password a radius Use RADIUS server password a tacacs Use TACACS server password 4 46 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Authentication methods may be specified in any order Default Setting None Command Mode Global Configuration Command Usage RADIUS uses UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet a RADIUS and TACACS logon authentication can control management access throu
121. II Read write Integer 2000 Maximum Age dotidStp 600 4000 centiseconds dot1dStpBridgeMaxAge centiseconds Bridge MIB II Read write Integer 1500 Forward Delay dotidStp 400 3000 centiseconds dotidStp centiseconds BridgeForwardDelay STA MIB IT Read only Counter Configuration dotldBridge dotidStp Changes dot1ldStpTopChanges STA Last MIB II Read only Integer Topology dot1dBridge dot1dstp Change dot1ldStpTimeSince TopologyChange 3 3 4 2 Configuring Advanced STA Settings This section describes advanced settings for RSTP When configuring RSTP settings through the web interface or CLI the following parameters can be configured m Path Cost Method The setting that defines the range of values that can be assigned as the path cost of each interface The path cost is used to determine the best path between devices in the spanning tree Long Specifies 32 bit based values that range from 1 to 200 000 000 Short Specifies 16 bit based values that range from 1 to 65 535 a Transmission Limit An RSTP parameter between 1 and 10 that defines the rate at which each bridge in the spanning tree transmits BPDUs to its neighbours to inform them that the configured ports are still linked The maximum transmission rate for BPDUs is specified by setting the minimum interval between the transmission of consecutive protocol messages The default is 3 Web Interface Configuring Advanced STA Settings 1 Open Switch Config Sp
122. If there is too much broadcast traffic on your network performance can be severely degraded or everything can come to a complete halt You can protect your network from broadcast storms by setting a threshold for broadcast traffic that applies to every port and then enabling broadcast storm control on the required ports Any broadcast packets exceeding the specified threshold are dropped Note the following points about broadcast storm control m Broadcast storm control is enabled by default m Broadcast control does not affect IP multicast traffic When configuring broadcast storm control through the web interface or CLI the following parameter can be configured Broadcast Storm Threshold Level The threshold in packets per second Specify 16 64 128 or 256 packets per second The default is 256 Web Interface Using Broadcast Storm Control 1 Open Switch Config gt Broadcast amp Multicast gt Broadcast Parameters 2 Select the threshold level 3 Click Save 11 CLI shows Broadcast Storm Limit Chapter 3 General Management of the Switch 3 67 F switch Config f p r r l Security Communication VLANs Broadcast amp Multicast Spanning Tree Class of Service Addres I Sun Fire B1600 gt Switch Config gt Broadcast amp Multicast Wiewe Broadcast Storms Configuring Broadcast Storms You can protect your network from broadcast storms by setting a threshold for Broadcast traffic Fo
123. Information of interfaces status Switchport Information of interfaces switchport 4 6 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 1 2 6 AN2 4 1 2 8 k29 Partial Keyword Lookup If you terminate a partial keyword with a question mark alternatives that match the initial letters are provided Remember not to leave a space between the command and question mark For example s shows all the keywords starting with s Console show s snmp spanning tree startup config system Negating the Effect of Commands For many configuration commands you can enter the prefix keyword no to cancel the effect of a command or reset the configuration to the default value For example the Logging command logs system messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI maintains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again or first modified and then executed Using the show history command displays a longer list of recently executed commands Understanding Command Modes The command set is divided into Exec and Configuration classes Exec commands generally display information on system status or clear statistical counters Confi
124. Initial Configuration 2 3 22 2 The default strings are m public With read only access Authorized management stations are only able to retrieve MIB objects m private With read write access Authorized management stations are able to both retrieve and modify MIB objects Note If you do not intend to utilize SNMP delete both of the default community strings When there are no community strings SNMP management access to the switch is disabled To configure a community string From the Privileged Exec level global configuration mode prompt type snmp server community string mode where string is the community access string and mode is rw read write or ro read only Press Enter To remove an existing string type no snmp server community string where string is the community access string to remove Press Enter Console config snmp server community sun rw Console config no snmp server community private Console config Trap Keceivers You can also specify SNMP stations that are to receive traps from the SSC To configure a trap receiver From the Global Configuration mode prompt type snmp server host host address community string where host address is the IP address for the trap receiver and community string is the string associated with that host Press Enter To configure the SSC to send SNMP notifications you must enter at least one snmp server enable traps command Type s
125. MP community named in the message The total number of ASN 1 or BER errors encountered by the SNMP protocol entity when decoding received SNMP messages The total number of MIB objects which have been retrieved successfully by the SNMP protocol entity as the result of receiving valid SNMP Get Request and Get Next PDUs The total number of MIB objects which have been altered successfully by the SNMP protocol entity as the result of receiving valid SNMP Set Request PDUs The total number of SNMP Get Request PDUs which have been accepted and processed by the SNMP protocol entity The total number of SNMP Get Next PDUs which have been accepted and processed by the SNMP protocol entity The total number of SNMP Set Request PDUs which have been accepted and processed by the SNMP protocol entity Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 TABLE 3 45 SNMP Traffic Statistics Continued Statistic Description SNMP packets output e SNMP packets output The total number of SNMP messages which were passed from the SNMP protocol entity to the transport service e Too big errors The total number of SNMP PDUs delivered to the SNMP protocol entity for which the error status is tooBig e No such name errors The total number of SNMP PDUs delivered to the SNMP protocol entity for which the error status is noSuchName e Bad values errors The total number of SNMP PDUs delivered to the SNMP protocol e
126. MP v1 and SNMP v2c The no snmp server community command disables all versions of SNMP Example Console config snmp server community alpha rw Console config 4 3 9 2 snmp server contact Use this command to set the system contact string Use the no form to remove the system contact information Syntax snmp server contact string no snmp server contact string The string that describes the system contact information Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Console config snmp server contact Paul Console config 4 56 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Related Commands snmp server location 4 57 4 3 5 3 snmp server location Use this command to set the system location string Use the no form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Console config snmp server location WC 19 Console config Related Commands snmp server contact 4 56 4 3 5 4 snmp server host Use this command to specify the recipient of a Simple Network Management Protocol notification operation Use the no form to remove the specified host Chapter 4 Command Line Reference 4 57 Syntax snmp serv
127. Mode RX TX Console Related Commands port monitor 4 164 4 3 17 Link Aggregation Commands Ports can be statically grouped into an aggregated link to increase the bandwidth of a network connection or to ensure fault recovery Or you can use the Link Aggregation Control Protocol LACP to negotiate a dynamic aggregated link between this switch and another network device For static aggregated links the switches connected to must be of the same type But for dynamic aggregated links the switches simply have to comply with LACP This switch supports up to six 4 166 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 17 1 ageregated links For example an aggregated link consisting of two 1000 Mbit sec ports can support an aggregate bandwidth of 4 Gbit sec when operating at full duplex TABLE 4 24 Link Aggregation Commands Command Function Mode Page Manual Configuration Commands interface port Configures an aggregated link and enters interface GC 4 83 channel configuration mode for the aggregated link channel group Adds a port to an aggregated link IC 4 167 Dynamic Configuration Command lacp Configures LACP for the current interface IC 4 168 Aggregated link Status Display Command show interfaces Shows information about a particular aggregated link NE 4 93 status PE port channel Guidelines for Creating Aggregated Links Finish configuring aggregated links before you connect the cor
128. None Enabled Enabled External RJ 45 connector NET1 Enabled 1000full None Enabled Enabled External RJ 45 connector NET2 Enabled 1000full None Enabled Enabled External RJ 45 connector NET3 Enabled 1000full None Enabled Enabled External RJ 45 connector NET4 Enabled 1000full None Enabled Enabled External RJ 45 connector NETS Enabled 1000full None Enabled Enabled External RJ 45 connector NETS Enabled 1000full None Enabled Enabled External RI 45 connector NET Enabled 1000full None Enabled Enabled oa o Co Ca Ca co FIGURE 3 33 The Up Links Connections Status Window 3 98 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Command line Interface Displaying the Connection Status of a Port This example shows the connection status for Port NETP7 Console show interfaces status ethernet NETP7 Information of NETP7 Basic information Port type 1000T Mac address 00 00 E8 66 66 83 Configuration Name External RJ 45 connector NET7 Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast storm Enabled Broadcast storm limit 256 packets second Flow control Disabled Lacp Disabled Current status Link status Up Port operation status Up Operation speed duplex 1000full Flow control type None Console Chapter 3 General Management of the Switch 3 99 MIB Variables Associated With the Connection Status of Ports TABLE 3 32 MIB Variables Associated W
129. P and default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged frames This priority does not apply to IEEE 802 10 VLAN tagged frames If the incoming frame is an IEEE 802 10 VLAN tagged frame the IEEE 802 1p User Priority bits are used a This switch provides four priority queues for each port It is configured to use Weighted Round Robin which can viewed with the queue bandwidth command Inbound frames that do not have VLAN tags are tagged with the input port s default ingress user priority and then placed in the appropriate priority queue at the output port The default priority for all ingress ports is zero Therefore any inbound frames that do not have priority tags are placed in queue 0 of the output port Note that if the output port is an untagged member of the associated VLAN these frames are stripped of all VLAN tags prior to transmission Example The following example shows how to set a default priority on port SNP3 to 5 Console config interface ethernet SNP3 Console config if switchport priority default 5 4 3 15 2 queue bandwidth Use this command to assign weighted round robin WRR weights to the four class of service COS priority queues Use the no form to restore the default weights Syntax queue bandwidth weight1 weight4 no queue bandwidth weight1 weight4 The ratio of weight
130. P address subnet mask and default gateway DHCP Dynamic Host Configuration Protocol Enable Client ID Includes a client identifier in all communications with the DHCP server 4 CLI See Displaying System Information on page 3 8 3 12 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Datel Text Hex Indicates whether the client ID has been entered as a text string 1 15 characters or as a hexidecimal value The data type used will depend on the requirements of your DHCP server Note The Client ID specified in this menu will be overwritten by the SC the next time the system or the switch itself is rebooted The Client ID field will be removed from the next firmware release a BOOTP Boot Protocol m Manual The IP parameters are set to specified values IP Address The address of the VLAN interface that is allowed management access Valid IP addresses consist of four numbers 0 to 255 and separated by periods The default is 0 0 0 0 Subnet Mask The mask that identifies the host address bits used for routing to specific subnets The default is 255 0 0 0 Broadcast Address The IP broadcast address used for sending datagrams on the interface associated with the IP address This value applies to both the subnet and network broadcast addresses used by the switch The default is 0 0 0 1 a Gateway IP Address The IP address of the gateway router b
131. PE 4 156 4 150 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 15 1 TABLE 4 20 Priority Commands Continued Command Function Mode Page show interfaces Displays the administrative and operational status of PE 4 96 switchport an interface Layer 3 and 4 Priority Commands map ip precedence Enables IP precedence class of service mapping GC 4 157 map ip precedence Maps IP precedence value to a class of service IC 4 158 map ip dscp Enables IP DSCP class of service mapping GC 4 159 map ip dscp Maps IP DSCP value to a class of service IC 4 160 show map ip Shows the IP precedence map PE 4 161 precedence show map ip dscp Shows the IP DSCP map PE 4 162 switchport priority default Use this command to set a priority for incoming untagged frames or the priority of frames received by the device connected to the specified interface Use the no form to restore the default value Syntax switchport priority default default priority id no switchport priority default default priority id The priority number for untagged ingress traffic The priority is a number from 0 to 7 Seven is the highest priority Default Setting The priority is not set and the default value for untagged frames received on the interface is zero Command Mode Interface Configuration Ethernet Port Channel Chapter 4 Command Line Reference 4 151 Command Usage a The precedence for priority mapping is IP Precedence or IP DSC
132. S MIB II dotidBridge pBridgeMIB pBridgeMIBObjects dotidGarp dotidPortGarpTable dotldPortGarpEntry dotldPortGarpJoinT ime MIB II dotidBridge pBridgeMIB pBridgeMIBObjects dotidGarp dotidPortGarpTable dotldPortGarpEntry dotidPortGarpLeave Time MIB II dotidBridge pBridgeMIB pBridgeMIBObjects dotidGarp dotidPortGarpTable dotidPortGarpEntry dotldPortGarp LeaveAl1Time Chapter 3 Access Read write Read write Read write Read write Value Range enabled 1 disabled 2 Integer 20 1000 centiseconds Integer 60 3000 centiseconds Integer 500 18000 centiseconds General Management of the Switch Default Value disabled 20 centiseconds 60 centiseconds 1000 centiseconds 3 119 3 120 TABLE 3 36 MIB Variables Associated With VLAN Behavior of Interfaces Continued Field Name VLAN Static Name VLAN Static Row Status Tagged Ports Untagged Ports Allowed VLAN VLAN Forbidden Ports MIB Variable MIB II dotidBridge QBridgeMIB gqBridgeMIBObjects dotiqVlan dotigVlanStaticTab le dotigVlanStaticEnt ry dotigVlanStaticNam e MIB II dotidBridge QBridgeMIB gqBridgeMIBObjects dot lov ian dotigVlanStaticTab le dotigVlanStaticEnt ry dotigVlanStaticRow Status MIB II dotidBridge QBridgeMIB gqBridgeMIBObjects dotiqVlan dotigVlanTable dotiqvlLankntry dotigVlanStatic UntaggedPorts MIB II dotid
133. S Re SUN microsystems Sun Fire B1600 Blade System Chassis Switch Administration Guide Sun Microsystems Inc 4150 Network Circle Santa Clara CA 95054 U S A 650 960 1300 Part No 817 2576 10 June 2003 Revision A Send comments about this document to docfeedback sun com Copyright 2003 Sun Microsystems Inc 4150 Network Circle Santa Clara California 95054 U S A All rights reserved Sun Microsystems Inc has intellectual property rights relating to technology embodied in the product that is described in this document In li and without limitation these intellectual property rights may include one or more of the U S patents listed at ttp www sun com patents and one or more additional patents or pending patent applications in the U S and in other countries This document and the product to which it pertains are distributed under licenses restricting their use copying distribution and decompilation No part of the product or of this document may be reproduced in any form by any means without prior written authorization of Sun and its licensors if any Third party software including font technology is copyrighted and licensed from Sun suppliers Parts of the product may be derived from Berkeley BSD systems licensed from the University of California UNIX is a registered trademark in the U S and in other countries exclusively licensed through X Open Company Ltd Sun Sun Microsystems the Sun logo AnswerBoo
134. Shows the last command Ctrl U Deletes the entire line Ctrl W Deletes the last word typed Delete key or backspace key Erases a mistake when typing a command 4 10 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 2 Command Groups The system commands can be broken down into the functional groups shown below TABLE 4 4 Command Groups Command Group General Flash File System Management Authentication SNMP Line IP Interface Address Table Port Security Spanning Tree VLAN GVRP and Bridge Extension IGMP Snooping Description Page Basic commands for entering privileged access mode 4 13 restarting the system or quitting the CLI Manages code image or switch configuration files 4 20 Controls system logs system passwords user name browser 4 27 management options and a variety of other system information Configures authentication for logon access using local 4 45 RADIUS or TACACS methods Activates authentication failure traps configures community 4 54 access strings and trap managers Sets connection options for the serial port and Telnet 4 62 including password checking line password and console time out Configures the IP address and gateway for management 4 69 access displays the default gateway or pings a specified device Configures the connection parameters for all Ethernet ports 4 83 aggregated links and VLANs Configures the address
135. Switch Administration Guide June 2003 Switch Config Security Communication VLANs Broadcast amp Multicast Spanning Tree Class of Service Addres 4 Spanning Tree Basic Configuration Advanced Configuration MST Instance Configuration MSTI VLAN Configuration V Enable Spanning Tree Select Spanning Tree Protocol rstP gt El Ef The Spanning Tree root device is selected using the bridge prority and MAC address If there is no root port then th has been accepted as the root device Bridge ID Designated Root Root Port Root Path Cast Root Hello Time secs Root Maximum Age secs Root Forward Delay secs Root Hold Time secs Root Device Configuration Pnority 0 6144D Hello Time 1 10 secs Maximum Age 6 40 secs Forward Delay 4 30 secs Spanning Tree Statistics Number of Topology Changes Last Topology Change 4 FIGURE 3 23 The Switch Config Spanning Tree Basic Configuration Window Note If you receive an error saying that the data you have entered is invalid 32708 Q0000E8600672 32768 Q0000E8566572 o 2768 o fs Od 1h 12 min 595s M check that the values you have given for Priority Hello Time Maximum Age and Forward Delay are within the specified ranges for these parameters Chapter 3 General Management of the Switch 3 73 Command line Interface Configuring Basic STA Settings The following command displays glob
136. System will be restarted continue lt y n gt y end Use this command to return to Privileged Exec mode Default Setting None Command Mode Global Configuration Interface Configuration Line Configuration VLAN Database Configuration Router Configuration Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode Console config if end Console 4 18 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 1 7 4 3 1 8 exit Use this command to return to the previous configuration mode or exit the configuration program Default Setting None Command Mode Any Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session Console config exit Console texit Press ENTER to start session User Access Verification Username quit Use this command to exit the CLI session Default Setting None Command Mode Normal Exec Privileged Exec Chapter 4 Command Line Reference 4 19 Command Usage The quit and exit commands can both exit the configuration program Example This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verification Username 4 3 2 Flash File Commands These commands are used to manage the system code or configuration files Command Function ModeP
137. TP server 2 Select config or opcode file type 3 22 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 Type the source and destination file names 4 Set the new file to start up the system 5 Restart the switch Console tcopy tftp file TFTP server ip address 10 1 0 99 Choose file type 1 config 2 opcode lt 1 2 gt 2 Source file name v10 bix Destination file name V10000 Write to FLASH Programming Write to FLASH finish Success Console config Console config boot system opcode V10000 Console config exit Console reload To start new firmware use the reload command to reboot the system MIB Variables Associated With Downloading Firmware TABLE 3 7 MIB Variables Associated With Downloading Firmware Field Name MIB Variable Access Value Range Switch Not defined Operation Code Image Files TFTP ServerIP sun Read write IP address Address tftpMgt tfitpServer TFTP File Type sun Read write opcode 1 tftpMgt config 2 tftpFileType TFTP Source S T sa Read write String size 0 127 File Name tfitpMgt tftpSrcFile Chapter 3 General Management of the Switch 3 23 3 24 TABLE 3 7 MIB Variables Associated With Downloading Firmware Continued Field Name TFTP MIB Variable Access Value Range sun Read write Destination File Name TFTP Action TFTP Status Restart Operation Code File Restart Action tftpMgt tftpDestFile sun Re
138. The blade system chassis switch uses the Internet Group Management Protocol IGMP to query for any attached hosts that want to receive a specific multicast service It identifies the ports containing hosts requesting to join the service and sends data out to those ports only It then propagates the service request up to any neighboring multicast switch router to ensure that it will continue to receive the multicast service This procedure is called multicast filtering 3 54 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 DZ The purpose of IP multicast filtering is to optimize a switched network s performance so that multicast packets will only be forwarded to those ports containing multicast group hosts or multicast routers switches instead of flooding traffic to all ports in the subnet VLAN Configuring IGMP Snooping Parameters You can configure the switch to forward multicast traffic intelligently Based on the IGMP query and report messages the switch forwards traffic only to the ports that request multicast traffic This prevents the switch from broadcasting the traffic to all ports and possibly disrupting network performance Note the following points about IGMP snooping m IGMP Snooping The switch can passively snoop on IGMP Query and Report packets transferred between IP multicast routers switches and IP multicast host groups to identify the IP multicast group members It monitors the IGMP packe
139. User privileges are not enough to perform this operation Description General error Privileges insufficient General error Privileges insufficient Maximum broadcast storm threshold level exceeded Privileges insufficient Enter a valid version Query count is out of range Query interval is out of range Query timeout is out of range Report delay is out of range Privileges insufficient General error Select ports to add remove to from multicast router Privileges insufficient General error Select IGMP group member from list IP address format is illegal Select ports to add remove to from static ports on VLAN Privileges insufficient General error Priority is out of range Privileges insufficient Appendix B Troubleshooting B 11 TABLE B 4 Menu Advanced Configuration Class of Service Basic Traffic Prioritisation Layer 3 4 Traffic Prioritisation Address Tables Web Interface Error Messages Continued Message Data is invalid User privileges are not enough to perform this operation Cos Value is out of range Data is invalid Priority is out of range Queue weight must be in a order of QO0 lt Q01 lt Q02 lt 03 Traffic Class is out of range User privileges are not enough to perform this operation Cos Value is out of range Please select IP Precedence or DSCP mode Traffic Class is out of range User privileges are not enough to perform this
140. Using the Web Interface 3 2 3 1 1 SZ Se RG Navigating the Web Browser Interface 3 3 3 1 1 1 Home Page 3 3 ILL Configuration Options 3 4 Panel Display 3 4 Main Menu 3 5 3 2 Basic Configuration 3 8 I 2 2 2 3 2 5 3 2 4 32 5 3 2 6 Displaying System Information 3 8 PANI Web Interface Displaying and Specifying Identification Details 3 8 3 2 1 2 Command line Interface Displaying and Specifying Identification Details 3 10 82 140 MIB Variables Identification Details 3 11 Setting the IP Address 3 12 JLA Manual Configuration 3 13 3 2 2 2 Using DHCP BOOTP 3 16 Displaying Switch Software Versions 3 18 IAS Web Interface Displaying Switch Software Version Information 3 18 3 2 3 2 Comand line Interface Displaying Switch Software Version Information 3 19 3 2 3 3 MIB Variables Associated With Software Version Information 3 20 Managing Firmware 3 21 3 2 4 1 Downloading Switch Firmware From a Server 3 21 Saving or Restoring Configuration Settings 3 25 3 2 9 1 Downloading Configuration Settings From a Server 3 25 Configuring User Authentication 3 28 3 2 6 1 Web Interface Configuring User Authentication 3 30 vi Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 3 Sled 3 2 6 2 Command line Interface Configuring User Authentication 3 32 3 2 6 3 MIB variables Associated With User Authentication 3 33 Configuring SNMP 3 33 SPNA Configuring SNMP Access 3 34 3 2 7
141. a web connection to the switch provided that you have set up a DHCP server on your management network To ensure that the switch receives the same address each time it boots and makes a DHCP request you need to specify the following client identifier on your DHCP server SUNW SWITCH_ID serial number of chassis 0 for the switch in SSCO or SUNW SWITCH_ID serial number of chassis 1 for the switch in 5SC1 For information about preparing the network to receive the system chassis and about all procedures for performing the initial configuration of the switch refer to the Sun Fire B1600 Blade System Chassis Software Setup Guide vd Configuring the Switch Through the Built in Switch Interfaces Console Connection You can access the switch s CLI by typing console sscn swt at the System Controller command prompt where n is either 0 or 1 depending on whether the switch whose console you want to access is in SSCO or SSC1 Telnet Connection You can connect to the switch s CLI remotely by a Telnet connection over the management network 2 2 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Web Interface The switch also includes an embedded HTTP Web agent This agent can be accessed using a standard Web browser from any computer on the management network SNMP Software The switch s management agent is based on Simple Network Management Protocol SNMP supporting versions 1 2c and 3 This SNMP
142. able 4 100 4 3 9 4 mac address table aging time 4 101 4 3 9 5 show mac address table aging time 4 102 Port Security Commands 4 103 4 3 10 1 port security 4 103 Spanning Tree Commands 4 105 4 3 11 1 spanning tree 4 105 Contents xiii 4 3 12 4 3 13 4 3 11 2 spanning tree mode 4 106 4 3 11 3 spanning tree forward time 4 107 4 3 11 4 spanning tree hello time 4 108 4 3 11 5 spanning tree max age 4 109 4 3 11 6 spanning tree priority 4 110 4 3 11 7 spanning tree pathcost method 4 111 4 3 11 8 spanning tree transmission limit 4 112 4 3 11 9 spanning tree cost 4 112 4 3 11 10 spanning tree port priority 4 114 4 3 11 11 spanning tree edge port 4 115 4 3 11 12 spanning tree protocol migration 4 116 4 3 11 13 spanning tree link type 4 117 4 3 11 14 show spanning tree 4 118 VLAN Commands 4 120 4 3 12 1 vlan database 4 121 4 3 12 2 vlan 4 121 4 3 12 3 interface vlan 4 123 4 3 12 4 switchport mode 4 123 4 3 12 5 switchport acceptable frame types 4 124 4 3 12 6 switchport ingress filtering 4 125 4 3 12 7 switchport native vlan 4 126 4 3 12 8 switchport allowed vlan 4 127 4 3 12 9 switchport forbidden vlan 4 129 4 3 12 10 show vlan 4 130 GVRP and Bridge Extension Commands 4 3 13 1 4 3 13 2 4 3 13 3 4 131 switchport gvrp 4 132 show gvrp configuration 4 132 garp timer 4 133 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 14 4 3 15 4 3 13 4 4 3 13 5 4 3 13 6
143. ables Associated With Broadcast Storm Control Field Name MIB Variable Access Value Range Default Value Broadcast Sule ss Read write Integer 256 Storm Packet bcastStormMgt 16 64 128 256 Rate bcastStormTable bceastStormEntry bcastStormPktRate Broadcast Suto Read write enabled 1 enabled Storm Status bceastStormMgt disabled 2 bceastStormTable bcastStormEntry bcastStormStatus Chapter 3 General Management of the Switch 3 69 3 3 4 3 3 4 1 Spanning Tree Algorithm Configuration The Spanning Tree Algorithm STA can be used to detect and disable network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link fails The spanning tree algorithms supported by this switch include these versions m SIP Spanning Tree Protocol IEEE 802 1D m RSTP Rapid Spanning Tree Protocol IEEE 802 1w RSTP is a general replacement for the slower legacy STP RSTP achieves must faster reconfiguration around one tenth of the time required by STP by reducing the number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and retaining the forwarding database for p
144. ables Associated With Filtering Traffic to the Management Port 3 137 Monitoring Port and Management Traffic 3 139 3 9 1 3 5 2 3 9 3 3 5 4 Configuring Port Mirroring 3 139 3 5 1 1 Web Interface Configuring Port Mirroring 3 139 3 5 1 2 Command line Interface Configuring Port Mirroring 3 140 3 5 1 3 MIB Variables Associated With Port Mirroring 3 141 Showing Port Statistics 3 141 3 0 21 Web Interface Viewing Port Statistics 3 145 3 5 22 Command line Interface Viewing Port Statistics 3 147 SR MIB Variables Associated With Port Statistics 3 148 Showing SNMP Statistics 3 152 3 5 3 1 Web Interface Viewing SNMP Statistics 3 153 3 5 3 2 Command line Interface Viewing SNMP Statistics 3 155 3 90 30 MIB Variables Associated With SNMP Statistics 3 156 Configuring Message Logs 3 156 3 5 4 1 Web Interface Configuring Message Logs 3 157 3 5 4 2 Command line Interface Configuring Message Logs 3 158 Contents ix 3 5 4 3 MIB Variables Associated With Message Logs 3 159 4 Command Line Reference 4 1 4 1 Using the Command Line Interface 4 2 4 1 1 Accessing the CLI 4 2 4 1 1 1 Console Connection 4 2 4 1 1 2 Telnet Connection 4 3 4 1 2 Entering Commands 4 4 4 1 2 1 Keywords and Arguments 4 4 4122 Minimum Abbreviation 4 5 4 1 2 3 Command Completion 4 5 4 1 2 4 Getting Help on Commands 4 5 4 1 2 5 Showing Commands 4 6 4 1 2 6 Partial Keyword Lookup 4 7 4 1 2 7 Negating the Effect of Commands 4 7 4 1 2 8 Using Command History
145. acacs server port 0 l line console line vty I Console Related Commands show running config 4 40 4 3 3 12 show running config 4 40 Use this command to display the configuration information currently in use Default Setting None Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Command Mode Privileged Exec Command Usage a Use this command in conjunction with the show startup config command to compare the information in running memory to the information stored in non volatile memory m This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information System description host name location contact information SNMP community strings Users names access levels and encrypted passwords VLAN database VLAN ID name and state VLAN configuration settings for each interface IP address of the management VLAN User authentication sequence along with remote authentication server address and UDP port Any configured settings for the console port and Telnet Example Console show running config building running config please wait l hostname R amp D 5 snmp server location WC 9 snmp server contact Charles l snmp server community private rw snmp server community public ro l username admin access level 15 userna
146. aces switchport Use this command to display advanced interface configuration settings 4 96 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Syntax show interfaces switchport interface interface ethernet port name port name down link SNPO 15 up link NETPO 7 mgt NETMGT port channel channel id Range 1 6 Default Setting Shows all interfaces Command Mode Normal Exec Privileged Exec Command Usage If no interface is specified information on all interfaces is displayed The items displayed by this command include Broadcast threshold Shows if broadcast storm suppression is enabled or disabled if enabled it also shows the threshold level page 4 91 Lacp status Shows if Link Aggregation Control Protocol has been enabled or disabled page 4 168 VLAN membership mode Indicates membership mode as Trunk or Hybrid page 4 123 Ingress rule Shows if ingress filtering is enabled or disabled page 4 125 Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only page 4 124 Native VLAN Indicates the default Port VLAN ID page 4 126 Priority for untagged traffic Indicates the default priority for untagged frames page 4 151 Gvrp status Shows if GARP VLAN Registration Protocol is enabled or disabled page 4 132 Allowed Vlan Shows the VLANs this interface has joined where u indicates untagged
147. ad write tftpMgt tftpAction SUNL ag Read write tftpMgt tftpStatus Siess Read write restartMgt restartOpCodeFile sun Read write restartMgt restartControl String size 0 127 notDownloading 1 downloadToPROM 2 downloadToRAM 3 not supported upload 4 tftpSuccess 1 tftpStatusUnknown 2 tftpGeneralError 3 tftp NoResponseFromServer 4 tftp DownloadChecksumError 5 tftp DownloadIncompatible Image 6 tftpTftp FileNotFound 7 tftpTftp Access Violation 8 Display String Size 0 127 running 1 warmBoot 2 coldBoot 3 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Cane 3 2 5 1 Saving or Restoring Configuration Settings You can upload and download configuration settings to and from a TFTP server The configuration file can later be downloaded to restore the switch s settings When downloading configuration files note the following points m The destination file name should not contain slashes or m The leading character of the file name should not be a period a The maximum length for file names on the TFTP server is 127 characters m The maximum length for file names on the switch is 32 characters m Valid characters are A Z a z 0 9 and _ a The maximum number of user defined configuration files is limited by available memory Downloading Configuration Settings From a Server You can download t
148. address table is cleared and the port begins learning addresses a Forwarding The port forwards packets and continues learning addresses Priority The priority used for the port in the Spanning Tree Algorithm If the path cost for all ports on a switch is the same the port with the highest priority lowest value is configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Algorithm is detecting network loops Where more than one port is assigned the highest priority the port with lowest numeric identifier is enabled Path Cost This parameter is used by the STA to determine the best path between devices Therefore assign lower values to ports attached to faster media and higher values to ports with slower media Path cost takes precedence over port priority Designated Cost The cost for a packet to travel from the port to the root in the current Spanning Tree configuration The slower the media the higher the cost Designated Bridge The priority and MAC address of the device through which this port must communicate to reach the root of the Spanning Tree Designated Port The priority and number of the port on the designated bridging device through which the switch must communicate with the root of the Spanning Tree Chapter 3 General Management of the Switch 3 125 3 126 m Link Type Admin Link type The link type connected to t
149. age copy Copies a code image or a switch configuration to or from PE 4 20 Flash memory or a TFTP server delete Deletes a file or code image PE 4 22 dir Displays a list of files in Flash memory PE 4 23 whichboot Displays the files booted PE 4 25 boot system Specifies the file or image used to start up the system GC 4 26 4 3 2 1 copy Use this command to move upload download a code image or configuration file between the switch s Flash memory and a TFTP server When you save the system code or configuration settings to a file on a TFIP server that file can later be downloaded to the switch to restore system operation The success of the file transfer depends on the accessibility of the TFTP server and the quality of the network connection 4 20 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Syntax copy file file running config startup config tftp copy running config file startup config tftp copy startup config file running config tftp copy tftp file running config startup config copy tftp https certificate file Keyword that allows you to copy to from a file running config Keyword that allows you to copy to from the current running configuration startup config The configuration used for system initialization tftp Keyword that allows you to copy to from a TFTP server https certificate This option allows you to specify a certificate private key a
150. age ip dhcp client Specifies the DHCP client identifier for the switch VC 4 72 identifier Note that the System Controller assigns the client identifier for the switch each time either it or the switch boots Therefore we do not recommend you specify a client identifier ip default gateway Defines the default gateway through which an in GC 4 74 band management station can reach this device show ip interface Displays the IP settings for this device PE 4 75 show ip redirects Displays the default gateway configured for this PE 4 75 device ping Sends ICMP echo request packets to another node on NE 4 76 the network PE IP Packet Filtering ip filter Blocks specified IP packets from entering the internal GC 4 77 management port NETMGT from other switch ports show ip filter Displays filter rules or captured packets PE 4 81 4 3 7 1 ip address Use this command to set the IP address for this device Use the no form to restore the default IP address Syntax ip address ip address netmask bootp dhcp no ip address a ip address The IP address a netmask The network mask for the associated IP subnet This mask identifies the host address bits used for routing to specific subnets a bootp Obtains an IP address using BOOTP dhcp Obtains an IP address using DHCP Default Setting The default setting is dhcp 4 70 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Command Mode Interface
151. agement station has an IP address in the same subnet as the management VLAN The management station is connected to a switch port that is a member of the management VLAN The ports connecting intermediate switches in the network are tagged ports and are a member of the management VLAN m If there are one or more Layer 3 switches between the management station and system chassis make sure that The switch s management VLAN is configured with a valid IP address subnet mask and default gateway The management station has valid IP address subnet mask and default gateway The management station is connected to a switch port that is a member of the management VLAN The ports connecting intermediate switches and the Layer 3 switch es in the network are tagged ports and are a member of the management VLAN a If you cannot connect using Telnet you may have exceeded the maximum number of concurrent Telnet sessions permitted Try connecting again at a later time If you cannot access the command line interface through a serial port connection check the following m Use the DB 9 to RJ 45 cable supplied with the Sun Fire B1600 blade system chassis to connect your terminal or computer to the serial port on the SSC module m Be sure you have set the terminal emulator program to VT100 compatible 8 data bits 1 stop bit no parity and 9600 bps Appendix B Troubleshooting B 3 B 4 B 4 1 Using System Logs If a fault does
152. agent enables the switch to be managed from any system in the management network using management software such as Solstice Domain Manager software The system configuration program and the SNMP agent support management functions such as m Enable disable any port m Set the speed duplex mode for any port m Configure SNMP parameters Add ports to network VLANs m Display system information or statistics m Configure the switch to join a Spanning Tree m Download system firmware 22 Ziel Enabling SNMP Management Access The switch can be configured to accept management commands from Simple Network Management Protocol SNMP v1 v2c or v3 applications such as Soltice Domain Manager You can configure the switch to respond to SNMP requests and or generate SNMP traps When SNMP management stations send requests to the switch either to return information or to set a parameter the switch provides the requested data or sets the specified parameter The switch can also be configured to send information to SNMP managers without being requested by the managers through trap messages which inform the manager that certain events have occurred Community Strings Community strings are used to control management access to SNMP stations as well as to authorize SNMP stations to receive trap messages from the SSC You therefore need to assign community strings to specified users or user groups and set the access levels Chapter 2
153. al RJ 45 e 10 100 1000Base T Ports NETPO 7 RJ 45 connector auto negotiation auto MDI MDI X e Cabling 1OBASE T 100 ohm UTP cable Categories 3 4 5 100BASE TX 100 ohm UTP cable Category 5 1000BASE T 100 ohm UTP cable Category 5 or 5e Up link and down link ports 1 Mbyte shared 48 Gbps 32K MAC address entries e SSC Active Service Required Ready to Remove e Ethernet Ports Link Active Speed Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 C2 Management Features TABLE C 2 Management Features Item In Band Management Out of Band Management Software Loading MIB Support RMON Support Additional Features C 3 Physical Specifications Telnet Web based HTTP or SNMP RS 232 signaling over RJ 45 console port TFTP in band or XModem out of band e SNMP v1 v2 RFC 1215 1907 MIB II RFC 2863 Bridge MIB RFC 1493 Etherlike MIB RFC 1643 2665 RMON RFC 2819 groups 1 2 3 9 IEEE 802 10 VLAN RFC 2674 IEEE 802 3ad LACP private MIB Groups 1 2 3 9 Statistics History Alarm Event Aggregated links Static and LACP Port Mirroring Port Security RADIUS Authentication Client TABLE C 3 Physical Specifications Item Weight Size Specifications 2 08 kg 4 59 lbs 27 5 x 20 3 x 4 3 cm 10 8 x 8 0 x 1 7 in Appendix C Specifications C 3 C 4 Power TABLE C 4 Power Specifications Item Specifications Operating Voltage 12 VDC Maxi
154. al STA settings followed by settings for each port Console tshow spanning tree Spanning tree information Spanning tree mode Spanning tree enable disable Priority Bridge Hello Time sec Bridge Max Age sec Bridge Forward Delay sec Root Hello Time sec Root Max Age sec Root Forward Delay sec 1 5 Designated Root gt 32768 0000F8666672 Current root port 0 Current root cost Number of topology changes 0 Last topology changes time sec 9142 Transmission limit 3 Path Cost Method 24308020 Note The current root port and current root cost display zero when the switch is not connected to the network The following example sets the spanning tree mode to RSTP enables the spanning tree and then sets the indicated attributes Console config spanning tree mode rst Console config spanning tree Console config spanning tree priority 40000 Console config spanning tree hello time 5 Console config spanning tree max age 40 Console config spanning tree forward time 20 Console config 3 74 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 MIB Variables Associated With Basic STA Settings TABLE 3 19 MIB Variables Associated With Basic STA Settings Field Name STA System Status STA Protocol Type Bridge ID Designated Root Root Port Root Cost Hello Time Maximum Age Forward Delay Priority Bridge Hello Time MIB Variable
155. allation Guide and the Sun Fire B1600 Blade System Chassis Software Setup Guide How This Book Is Organized Chapter 1 provides an overview of the switch including management options hardware features switching features and default settings Chapter 2 describes how to connect to the switch console and to the alternative web interface xix Chapter 3 describes all of the key switch features and shows you how to configure these features through both the web interface and the console interface It also provides a list of comparable MIB variables used by SNMP management applications Chapter 4 provides a detailed listing of all the console interface commands and parameters Appendix A lists the Management Information Bases MIB and traps supported by this switch Appendix B provides basic troubleshooting information including how to interpret the system and port LEDs how to solve problems that might prevent you from accessing the management interface and how to use the system logs Appendix C provides detailed specifications of the switch s features The Glossary is a list of words and phrases and their definitions The Index provides page references to all of the key topics discussed in this manual xx Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Typographic Conventions Typeface Meaning AaBbCc123 The names of commands and files on screen computer output Examples AaBbCc123 W
156. alues DSCP sje Benees eine DSCF 1 cos 0 DSCF 2 cos U DSF 3 Los U DSEF 4 Cos O DSCP 5 cos 0 OSCP Cos 0 Class of Service Value 0 7 4 FIGURE 3 30 The Switch Config Class of Service Window for Mapping DSCP to COS Values Command line Interface Mapping DSCP Priority The following example maps DSCP value 0 to COS value 1 on port SNP5 and then displays all the DSCP Priority settings for that port Console config interface ethernet SNP5 Console config if map ip dscp 0 cos 1 Console config if end Console show map ip dscp ethernet SNP5 DSCP mapping status disabled DSCP COS SNP1 SNP1 Console 16 Mapping specific values for IP DSCP is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Chapter 3 General Management of the Switch 3 91 3 3 6 3 3 6 1 MIB Variables Associated With Mapping DSCP to CoS Values TABLE 0 1 MIB Variables Associated With Mapping DSCP to COS Values Field Name MIB Variable Access Value Range Default Value IP DSCP Value sun Not Integer 0 63 priorityMgt accessible priolpDscpTable priolpDscpEntry priolpDscpValue IP DSCP CoS Sess Read write Integer 0 7 page 3 90 priorityMgt priolpDscpTable priolpDscpEntry priolpDscpCos Address Table Settings Switches store the addresses for all known devices This information is used to route traffic directly between the inboun
157. amp Multicast Window Multicast Router Ports selected Chapter 3 General Management of the Switch 3 61 Command line Interface Specifying Interfaces Connected to Multicast Routers The following example configures port NETPO as a multicast router port within VLAN 1 and then displays a confirmation of this configuration Console config ip igmp snooping vlan 1 mrouter ethernet NETPO Console config exit Console tshow ip igmp snooping mrouter vlan 1 VLAN M cast Router Port Type 1 NETPO Static MIB Variables Associated With Interfaces Connected to Multicast Routers TABLE 3 16 MIB Variables Associated With Interfaces Connected to Multicast Routers Field Name MIB Variable Access Value Range Snooping Suny 3 Index Integer Multicast Router igmpSnoopMgt Current VLAN igmpSnoopRouterCurrentTable igmpSnoopRouterCurrentEntry dotigVlanIndex VLAN Name Mibi Read create Octet string dot1dBridge size 0 32 qBridgeMIB qBridgeMIBObjects dotigVlan dotigqVlanStaticTable dotliqVlanStaticEntry dotigVlanStaticName Snooping SUIS Read only Octet string Multicast Router igmpSnoopMgt port list Current Ports igmpSnoopRouterCurrentTable i1gmpSnoopRouterCurrentEntry igmpSnoopRouterCurrentPorts Snooping Sunen Index Integer Multicast Router igmpSnoopMgt Static Vlan Index igmpSnoopRouterStaticTable igmpSnoopRouterStaticEntry dotigVlanIndex 3 62 Sun Fire B1600 Blade System Chassis Switch Administration Guide
158. anning Tree gt Advanced Configuration 2 Modify the required parameters 3 Click Save 3 76 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 f switch Config I r g r I Security Communication VLANs Broadcast amp Multicast Spanning Tree Class of Service Addres I spanning Tree Basic Configuration Advanced Configuration MST Instance Configuration MST WLAN Configuration Path Cost Method a Long Short H Transmission Limit 1 103 4 al FIGURE 3 24 The Switch Config Spanning Tree Advanced Configuration Window Note If you receive an error saying that the data you have entered is invalid check that you have specified a transmission limit within the specified range Command line Interface Configuring Advanced STA Settings This example sets the spanning tree path cost method and transmission limit Console config spanning tree pathcost method long Console config spanning tree transmission limit 4 Console config MIB variables Associated With Advanced STA Settings TABLE 3 20 MIB Variables Associated With Advanced STA Settings Field Name MIB Variable Access Value Range Default Value RSTP Path Cost sun Read write short 1 long Method staMgt long 2 staPathCostMethod RSTP sun Read write Integer 1 10 3 Transmission staMgt Hold Count staTxHoldCount Chapter 3 General Management of the Switch 3 77 Ra DDI Class of Service Config
159. ansmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors Frame too longs 0 Carrier sense errors 0 RMON stats Drop events 0 Octets 4422579 Packets 31552 Broadcast pkts 238 Multi cast pkts 17033 Undersize pkts 0 Oversize pkts 0 Fragments 0 Jabbers 0 CRC align errors 0 Collisions 0 Packet size lt 64 octets 25568 Packet size 65 to 127 octets 1616 Packet size 128 to 255 octets 1249 Packet size 256 to 511 octets 1449 Packet size 512 to 1023 octets 802 Packet size 1024 to 1518 octets 871 Console Chapter 3 General Management of the Switch 3 147 D200 MIB Variables Associated With Port Statistics TABLE 3 44 MIB Variables Associated With Port Statistics Field Name Interface Statistics e In Octets e In Unicast Packets e In Multicast Packets e In Broadcast Packets e In Discards e In Unknown Protocols e In Errors e Out Octets e Out Unicast Packets e Out Multicast Packets e Out Broadcast Packets 3 148 MIB Variable MIB IL interfaces ifNumber ifTable ifEnt ry ifInOctets MIB IL interfaces ifNumber ifTable ifEnt ry ifInUcastPkts MIB II i fMIB ifMIBObjects ifXTable ifXEn try ifInMulticastPkts MIB II i fMIB ifMIBObjects ifXTable ifXEn try ifInBroadcastPkts MIB II interfaces ifTable ifEntry ifInDi scards MIB II interfaces ifTable ifEntry ifInUn knownProtos MIB II interfa
160. ara California 95054 Etats Unis Tous droits r serv s Ce produit est prot g par les brevets U S Brevets en cours Cette distribution peut comprendre des composants d velopp s pardes tierces parties Sun Sun Microsystems le logo Sun Java Solaris Sun Fire et le logo 100 Pure Java sont des marques de fabrique ou des marques d pos es de Sun Microsystems Inc aux Etats Unis et dans d autres pays Toutes les marques SPARC sont utilis es sous licence et sont des marques de fabrique ou des marques d pos es de SPARC International Inc aux Etats Unis et dans d autres pays Les produits protant les marques SPARC sont bas s sur une architecture d velopp e par Sun Microsystems Inc Les produits qui font l objet de ce manuel d entretien et les informations qu il contient sont r gis par la l gislation am ricaine en mati re de contr le des exportations et peuvent tre soumis au droit d autres pays dans le domaine des exportations et importations Les utilisations finales ou utilisateurs finaux pour des armes nucl aires des missiles des armes biologiques et chimiques ou du nucl aire maritime directement ou indirectement sont strictement interdites Les exportations ou r exportations vers des pays sous embargo des Etats Unis ou vers des entit s figurant sur les listes d exclusion d exportation am ricaines y compris mais de mani re non exclusive la liste de personnes qui font objet d un ordre de ne pas participer
161. ass from the down link ports to the management port When configuring filtering for the management port through the web interface or CLI the following parameters can be configured m Rule The rule number between 1 and 128 A filter rule can be inserted at the specified position in the table pushing any existing patterns at or below that location down in the table A rule number cannot exceed the next available number in the table If the rule number is not specified a new pattern is appended to the end of the rule table m Action The control that blocks or allows packets passing from the down link ports into the management port Select permit or deny m Protocol The protocol either TCP UDP or Any or protocol number between 0 and 255 m Keyword Flags Code Sequence A flag in byte 14 of the TCP header You can specify a sequence of codes ON if selected and OFF if not selected The symbolic name and corresponding bit include these items a fin 1 Finish a syn 2 Synchronize a rst 4 Reset a psh 8 Push m ack 16 Acknowledgement a urg 32 Urgent pointer m Code The decimal number between 0 and 63 representing a bit string that specifies flag bits in byte 14 of the TCP header m Bitmask The decimal number representing a bit mask that is applied to the code Enter a decimal number where the equivalent binary bit 1 means to match a bit and 0 means to ignor
162. assis Switch Administration Guide June 2003 4 3 6 2 Default Setting There is no default line Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as Vty in screen displays such as show users Example To enter console line mode enter the following command Console config line console Console config line Related Commands show line 4 68 show users 4 44 login Use this command to enable password checking at login Use the no form to disable password checking and allow connections without a password Syntax login local no login local Selects local password checking Authentication is based on the user name specified with the username command Chapter 4 Command Line Reference 4 63 4 3 6 3 Default Setting login local Command Mode Line Configuration Command Usage There are three authentication modes provided by the switch itself at login login selects authentication by a single global password as specified by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication using the user name and password specified by the username command the default setting When using this method the management interface starts in Normal Exec NE or Privileged Exec PE mode depending on the user s privilege level 0 or 15 r
163. atibility with the three precedence bits so that non DSCP compliant ToS enabled devices will not conflict with the DSCP mapping Based on network policies different kinds of traffic can be marked for different kinds of forwarding The DSCP default values are defined in the following table Note that all the DSCP values that are not specified in the following table are mapped to COS value 0 TABLE 3 29 Default DSCP to COS Mapping IP DSCP Value COS Value 0 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 48 N DB a AeA WO N e O 46 56 When mapping DSCP values to COS values through the web interface or CLI the following parameters can be configured m DSCP The current DSCP Priority to COS map m Class of Service Value The COS value that is mapped to the selected DSCP Priority value Note that 0 represents low priority and 7 represents high priority Web Interface Mapping DSCP Priority Open Switch Config Class of Service gt Layer 3 4 Traffic Prioritisation Scroll to Mapping DSCP to Class of Service Values Select an entry from the DSCP table Select a value from the Class of Service Value menu Click Save 3 90 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 f switch Contig d T r f J Security Communication VLANs Broadcast amp Multicast Spanning Tree Class of Service Addres Mapping DSCP to Class of Service V
164. aultGateway Chapter 3 General Management of the Switch 93 15 o WAIA Using DHCP BOOTP By default the switch uses DHCP BOOTP services to find its IP configuration information Web Interface Using Dynamic IP Configuration Services Open Switch Setup gt Network Identity Specify the management VLAN interface Specify the IP Address Mode by selecting DHCP or BOOTP By default the System Controller in the chassis provides a client identifier to the switch The client identifier is SUNW SWITCH_ID serial number of chassis 0 or SUNW SWITCH_ID serial number of chassis 1 depending on whether the switch is in SSCO or SSC1 You can specify a client identifier in the Enable Client ID checkbox but it will be overwritten the next time the System Controller resets or boots Do not do this The Enable Client ID field will be removed from future versions of the firmware Switch Status System Identity Network Identity Software 10 1 0 1 Current IP Address 00 00 E8 66 66 T2 2 MgtVlan MAC Address Management VLAN Use the radio buttons to select whether the switch IP address is manually configured or dynamically configured by a DHCP or BOOTP Server on your network The switch will broadcast a request for IP configuration settings on the next power Cancel Otherwise you can dick the Request Address button to immedistely request a new address Select IP Address Mode DHCP Client W Enable Cliant ID
165. ber of frames including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets The total number of frames including bad packets received and transmitted where the number of octets fall within the specified range excluding framing bits but including FCS octets 3 144 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Joad Web Interface Viewing Port Statistics 1 Open Monitoring gt Statistics 2 Select the required interface 3 Click Select You can also use the Refresh button at the bottom of the page to update the screen Monitoring Port Mirroring Port Statistics SNMP Statistics Logs Sun Fire B1800 gt Monitoring gt Port Statistics Port Statistics Physical Port NETPO Interface Statistics Property Received Octets 232957 Received Unicast Packets 110 Received Multicast Packets 2671 Received Broadcast Packets 28 Received Discarded Packets O Peceived Unknown Packets o Received Errors o Transmit Octets 1 Transmit Unicast Packets o Transmit Multicast Packets 2 Transmit Broadcast Packets O Transmit Discarded Packets O Transmit Errors E Etherlike Statistics Property Alignment Errors Late Collisions FOS Errors Excessive Collisions Single Collision Frames Internal MAC Transmit Errors Multiple Collision Frames Carrier Sense Errors SOE Test Errors Frames
166. blades 1 2 1 4 Simple Network Management Protocol See SNMP SNMP 2 3 community string 2 3 3 34 4 55 configuring 3 33 4 54 enabling traps 3 36 4 59 trap receiver 2 4 3 36 4 57 Index 2 Sun Fire B1600 Blade System Chassis Switch Administration Guide January 2003 traps supported A 3 version 2 3 3 36 4 58 software downloads 3 21 4 20 software version displaying 3 18 4 44 Spanning Tree Algorithm See STA Spanning Tree Protocol See STP specifications C 1 SSC O xix 1 1 1 3 STA 3 70 4 105 4 106 configuring interfaces 3 129 4 105 description 3 70 edge port 3 126 3 130 4 115 interface settings 3 125 4 118 link type 3 126 3 130 4 117 path cost 3 125 3 129 priority 3 125 3 129 4 114 protocol migration 3 132 4 116 startup configuration file creating 3 25 4 21 startup files displaying 3 21 4 38 setting 3 21 4 25 static address setting 3 121 4 99 statistics SNMP 3 152 4 60 statistics switch 3 141 4 95 status LEDs 1 5 STP 3 70 4 106 Switch and System Controller See SSC switch port mode 3 114 4 124 switch specifications C 1 system logs 3 156 4 34 B 4 system software 3 18 4 20 downloading from server 3 21 4 20 upload or download 3 21 4 20 T TACACS 3 28 4 46 Telnet 4 3 Terminal Access Controller Access Control System See TACACS trap receiver 2 4 3 36 4 57 troubleshooting B 1 management interface B 2 port connections B 2 switch indicators B 2 us
167. ble Disable FIGURE 3 34 The Up Links gt Status Window showing attribues of NETP0O Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 SE WA Command line Interface Configuring Interface Connections Select the interface and then enter the required settings Console Console config interface ethernet NETP1 Console config if description RD SW 17 Console config if shutdown Console config if no shutdown Console config if negotiation Console config if capabilities 1000full Console config if capabilities 1000full Console config if capabilities flowcontrol Console config if no negotiation Console config if speed duplex 100half Console config if lowcontrol Console config if 3 4 2 3 MIB Variables Inspecting or Configuring Interface Connections TABLE 3 33 MIB Variables for Interface Connections Default Field Name MIB Variable Access Value Range Value Port Name SUN xs Read write Display String page portMgt Size 0 64 3 102 portTable portEnt Ly portName Administrative MIB II Read write up 1 up Status interfaces down 2 ifTable ifEntry testing 3 ifAdminStatus Port Auto S et Read write enabled 1 enabled negotiation portMgt disabled 2 portTable portEnt Eya portAutonegotiati on Chapter 3 General Management of the Switch 3 105 3 106 TABLE 3 33 MIB Variables for Interface Connections Continued Field Name Port Capabilities
168. ble portEntry portFlowCtrlStatus sun lacpMgt lacpPortTable lacpPortEntry lacpPortStatus sun portMgt portTable portEntry portAutonegotiation sun bcastStormMgt bcastStormTable bcastStormEntry bcastStormStatus Chapter 3 General Management of the Switch Access Read only Read write Read only Read write Read write Read write Default Value Range Value error 1 halfDuplex10 2 fullDuplex10 3 halfDuplex100 4 fullDuplex100 5 halfDuplex1000 6 fullDuplex1000 7 Bits portCap10half 0 portCap10full 1 portCap100half 2 portCap100full 3 portCap1000half 4 portCap1000full 5 reserved6 13 6 13 portCapSym 14 portCapFlowCtrl 15 error 1 backPressure 2 dot3xFlowControl 3 none 4 enabled 1 disabled 2 none disabled enabled 1 enabled disabled 2 enabled 1 enabled disabled 2 3 101 3 4 2 3 102 Configuring Interface Connections You can use the Port Setup page to enable disable an interface set auto negotiation and the interface capabilities to advertise or manually fix the speed duplex mode and flow control When configuring interface connections through the web interface or CLI the following parameters are displayed or can be configured Port s The port or aggregate link up links NETPO to NETP7 and down links SNPO to SNP15 Port Description The label between 1 and 64 charac
169. ces ifTable ifEntry ifInEr rors MIB II interfaces ifTable ifEntry ifOuto ctets MIB II interfaces ifTable ifEntry ifOutU castPkts MIB II i fMIB ifMIBObjects ifXTable ifXEn try ifOutMulticastPkts MIB II 1 MIB ifMIBObjects ifXTable ifXEn try ifOutBroadcastPkts Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Access Read only Read only Read only Read only Read only Read only Read only Read only Read only Read only Read only Range Integer Integer Integer Integer Integer Integer Integer Integer Integer Integer Integer TABLE 3 44 MIB Variables Associated With Port Statistics Continued Field Name e Out Discards e Out Errors Ether like Statistics e Alignment Errors e Late Collisions e FCS Errors e Excessive Collisions e Single Collision Frames e Internal Mac Transmit Errors e Multiple Collision Frames e Carrier Sense Errors MIB Variable MIB II interfaces ifTable ifEntry ifOutD iscards MIB II interfaces ifTable ifEntry ifOutE rrors MIB II transmission dot3StatsTable dot3sS tatsEntry dot3StatsAlignmentErrors MIB II transmission dot3StatsTable dot3S tatsEntry dot3StatsLateCollisions MIB II transmission dot3StatsTable dot3sS tatsEntry dot3StatsFCSErrors MIB II transmission dot3StatsTable dot3S tatsEntry dot3Stats ExcessiveCollisions MIB II transmi
170. cess through the console port Web browser or Telnet These access options must be configured on the authentication server m RADIUS and TACACS logon authentication assigns a specific privilege level for each user name password pair The user name password and privilege level must be configured on the authentication server m You can specify one to three authentication methods for any user to indicate the authentication sequence For example if you select 1 RADIUS and 2 Local the user name and password on the RADIUS server are verified first If the RADIUS server is not available then the local user name and password are checked When configuring user authentication using the web interface or CLI the following parameters are displayed or can be configured m Authentication Mechanisms Require User Authentication The operating status of user authentication a Preference The switch attempts to authenticate the user based on the specified sequence m Authentication Server Settings a Server IP Address The address of the authentication server The default is 10 1 0 1 Server Port Number The UDP or TCP network port between 1 and 65 535 of the authentication server used for authentication messages The default is 1812 a Encryption Key The password between 1 and 20 characters used to authenticate logon access for the client Do not use blank spaces in the string a No of Retries The number of t
171. ch over a serial connection to the console port or though Telnet For more information about using the CLI see Chapter 4 Command Line Reference To access the switch from a web browser perform the following tasks 1 Configure the switch with a valid IP address subnet mask and default gateway using an out of band serial connection BOOTP or DHCP protocol For information on how to do this refer to the Sun Fire B1600 Blade System Chassis Software Setup Guide 2 Set a user name and password using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the command line interface For information on how to do this refer to the Sun Fire B1600 Blade System Chassis Software Setup Guide Note If the path between your management station and the switch does not pass through any device that uses the Spanning Tree Algorithm you can set the switch port connected to your management station to use fast forwarding to improve the switch s response time to management commands issued through the web interface See Admin Edge Port on page 3 129 3 Type the IP address of the switch into the address bar of your web browser A login dialog box opens 4 Type a user name and password in the appropriate text fields 5 Click OK If the user name and password are accepted the System Identity page home page opens and you have access to switch configuration Note You ar
172. client is considered to have left the multicast group Example The following shows how to configure the query count to 10 Console config ip igmp snooping query count 10 Console config Related Commands ip igmp snooping query max response time 4 146 4 3 14 8 ip igmp snooping query interval Use this command to configure the snooping query interval Use the no form to restore the default Chapter 4 Command Line Reference 4 145 4 3 14 9 Syntax ip igmp snooping query interval seconds no ip igmp snooping query interval seconds The frequency at which the switch sends IGMP host query messages Range 60 125 Default Setting 125 seconds Command Mode Global Configuration Example The following shows how to configure the query interval to 100 seconds Console config ip igmp snooping query interval 100 Console config ip igmp snooping query max response time Use this command to configure the snooping report delay Use the no form of this command to restore the default Syntax ip igmp snooping query max response time seconds no ip igmp snooping query max response time seconds The report delay advertised in IGMP queries Range 5 25 Default Setting 10 seconds 4 146 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Command Mode Global Configuration Command Usage a The switch must be using IGMPv2 for this command to take effect This command
173. command is only valid for the name of a single port This command is not supported for management port in current release Trunk ID trunk is out of range Trunk trunk does not exist Trunk trunk is a normal trunk Trunk with no members cannot be displayed Type show for a list of Ssubcommands Unknown error Unrecognized command 1 Indicates the value specified for a command Description Line mode vty can not use console parameter commands Only one port can be added to an aggregated link with this command When setting the port description multi port selection is not accepted The no switchport allow vlan command cannot be used for the management port Trunk id is not allowed This trunk does not exist This trunk is a normal trunk Trunk member cannot be configured or displayed You only input the show command Unknown error Unrecognized command Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 B 5 4 TABLE B 4 Menu Switch Setup System Identity Network Identity Software Switch Config Security Communication Web Interface Errors The error messages generated by this switch for the Web interface are listed in the following table Note that these messages are not written to the log file Web Interface Error Messages Message User privileges are not enough to perform this operation Current IP Address Mode is not
174. config 4 3 14 4 show ip igmp snooping Use this command to show the IGMP snooping configuration Default Setting None Command Mode Privileged Exec Command Usage See Configuring IGMP Snooping Parameters on page 3 55 for a description of the displayed items Example The following shows the current IGMP snooping configuration Console show ip igmp snooping Service status Enabled Querier status Enabled Query count 2 Query interval 125 sec Query max response time 10 sec Query time out 300 sec IGMP snooping version Version 2 Console 4 142 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 14 5 show mac address table multicast Use this command to show known multicast addresses Syntax show mac address table multicast vlan vlan id user igmp snooping a vlan id VLAN ID 1 to 4094 a user Display only the user configured multicast entries igmp snooping Display only entries learned through IGMP snooping Default Setting None Command Mode Privileged Exec Command Usage Member types displayed include IGMP or USER depending on selected options Example The following shows the multicast entries learned through IGMP snooping for bridge group 1 VLAN 1 Console show mac address table multicast vlan 1 igmp snooping VLAN M cast IP addr Member ports Type 224 0 0 12 NETPO USER 224 1 2 3 NETP1 IGMP Console Chapter 4 C
175. config interface ethernet NETMGT Console config if switchport allowed vlan add 2 Console config if switchport native vlan 2 Console config if switchport allowed vlan remove vlan id where vlan id is the number of a VLAN other than VLAN 2 to which you have added NETMGT Repeat the last command for every VLAN other than VLAN 2 for which NETMGT is still a member Default Setting a All ports except NETMGT are assigned to VLAN 1 by default a NETMGT is assigned to VLAN 2 by default The default frame type is untagged Command Mode Interface Configuration Ethernet Port Channel Command Usage a If switchport mode is set to trunk then you can only assign an interface to VLAN groups as a tagged member a Frames are always tagged within the switch The tagged or untagged parameter used when adding a VLAN to an interface tells the switch whether to keep or remove the tag from a frame on egress m If none of the intermediate network devices nor the host at the other end of the connection supports VLANs the interface should be added to these VLANs as an untagged member Otherwise it is only necessary to add at most one VLAN as untagged and this should correspond to the native VLAN for the interface Ifa VLAN on the forbidden list for an interface is manually added to that interface the VLAN is automatically removed from the forbidden list for that interface 4 128 Sun Fire B1600 Blade System Chassis Switch Administ
176. ct the ports before removing a static ageregated link using the configuration interface r f up tints F i r l Connection Status Link Aggregation WLANs Static Addresses Spanning Tree Ports statically configured in selected Trunk Select the trunk that you wish to create or add ports to then select the ports to be added to that trunk and press the add button Mote only trunks mot being used for LACP can be used for statically configured ports The trunk will take on the properties of the added ports You will need to make sure that the ports all have the same properties Select Trunk Trunk 1 Available Ports Aggregated Ports NETPO NETP2 ais NETPZ i E a NETPS Remove NETP6 FIGURE 3 36 The Up Links gt Link Aggregation Window Chapter 3 General Management of the Switch 93 111 3 112 Command line Interface Statically Configuring an Aggregated Link This example creates port channel 2 using ports NETP2 and NETP3 These ports can be connected to two ports on another switch to form an aggregated link Console config interface port channel 2 Console config if exit Console config interface ethernet NETP2 Console config if channel group 2 Console config if exit Console config interface ethernet NETP3 Console config if channel group 2 Console config if end Console tshow interfaces status port channel 2 Information of Trunk 2 Basic information Port type 1000t Mac add
177. cted to exactly one other bridge or a shared link if it can be connected to two or more bridges When automatic detection is selected the switch derives the link type from the duplex mode A full duplex interface is considered a point to point link while a half duplex interface is assumed to be on a shared link RSTP only works on point to point links between two bridges If you designate a port as a shared link RSTP is forbidden Example Console config interface ethernet SNP5 Console config if spanning tree link type point to point Console config if Chapter 4 Command Line Reference 4 117 4 3 11 14 show spanning tree Use this command to show the configuration for the spanning tree Syntax show spanning tree interface interface a ethernet port name port name down link SNPO 15 up link NETPO 7 mgt NETMGT m port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Command Usage a Use the show spanning tree command with no parameters to display the spanning tree configuration for the switch and for every interface in the tree Use the show spanning tree interface command to display the spanning tree configuration for an interface For a description of the items displayed under Spanning tree information see Configuring Basic STA Settings on page 3 70 For a description of the items displayed for specific interfaces see Managing Interfaces fo
178. d Line Reference 4 35 4 3 3 9 Command Mode Global Configuration Command Usage The message level specified for Flash memory must be a higher priority numerically lower than that specified for RAM Example Console config logging history ram 0 Console config clear logging Use this command to clear messages from the log buffer Syntax clear logging flash ram a flash The event history stored in Flash memory permanent memory ram The event history stored in temporary RAM memory flushed on power reset Default Setting Flash and RAM Command Mode Privileged Exec Example Consoletclear logging Console 4 36 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 3 10 Related Commands show logging 4 37 show logging Use this command to display the current logging configuration along with any system and event messages stored in memory Syntax show logging flash ram flash Event history stored in Flash memory permanent memory ram Event history stored in temporary RAM memory flushed on power reset Default Setting None Command Mode Privileged Exec Command Usage This command shows the following information a Syslog logging Whether or not system logging has been enabled using the logging on command a History logging in FLASH RAM The message level s that are reported based on the logging history command
179. d and outbound ports All the addresses learned by monitoring traffic are stored in the dynamic address table You can also manually configure static addresses that are bound to a specific port Displaying the Address Table The Address Table contains the MAC addresses dynamically learned by monitoring the source address for traffic entering the switch When the destination address for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports The Address Table also includes static MAC addresses that are tied to a specific port See Configuring Static Addresses on page 3 121 When viewing the Address Table through the web interface or CLI the following parameters are displayed Port ID Interface The port or aggregated link Up link ports NETPO to NETP7 or down link ports SNPO to SNP15 You cannot display the MAC address table for NETMGT VLAN ID The VLAN identifier between 1 and 4094 This field includes the VLAN ID and name MAC Address The MAC address associated with this interface 17 CLI displays Interface 3 92 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 m Address Type Whether an address was learned or statically configured Web Interface Viewing the Address Tables 1 Open Switch Config Address Tables 2 Specify an interface VLAN MA
180. d to enable ingress filtering for an interface Use the no form to restore the default Syntax Switchport ingress filtering no switchport ingress filtering Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Chapter 4 Command Line Reference 4 125 Command Usage Ingress filtering only affects tagged frames If ingress filtering is disabled the interface accepts any VLAN tagged frame if the tag matches a VLAN known to the switch except for VLANs explicitly forbidden on this port If ingress filtering is enabled incoming frames tagged for VLANs that do not include this ingress port in their member set are discarded Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STP However they do affect VLAN dependent BPDU frames such as GMRP Example The following example shows how to set the interface to port SNP1 and then enable ingress filtering Console config interface ethernet SNP1 Console config if switchport ingress filtering Console config if 4 3 12 7 switchport native vlan Use this command to configure the PVID default VID for an interface Use the no form to restore the default Syntax Switchport native vlan vlan id no switchport native vlan vlan id The default VLAN ID for an interface Range 1 4094 no leading zeroes Default Setting VLAN 1 Command Mode Interface Configuration Ethernet Port Channel
181. dTpFdbTable dot1 dTpFdbEntry dot1idTpFdbAddress VLAN MIB I1 Not dotidBridge qBridgeMIB accessible gqBridgeMIBObjects dotigVlan dotigqVlanStaticTable dotlqVlanStaticEntry dotigVlanIndex Type MiB iT Read only dotlidBridge dot1dTp dotldTpFdbTable dot1ldTpFdbEntry dotldTpFdbStatus 3 3 6 2 Changing the Aging Time 3 94 You can set the aging time for entries in the dynamic address table Value Range not learned 0 Port list 1 24 MAC address Integer other 1 invalid 2 learned 3 self 4 mgmt 5 When setting the address table aging time the following parameter can be configured m Aging Time The time between 18 and 2184 seconds after which a learned entry is discarded The default is 300 seconds Web Interface Changing the Aging Time 1 Open Switch Config Address Tables 2 Type the new aging time in the text field 3 Click Save Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 F switch Config p r ii I Security Communication VLANs Broadcast amp Multicast Spanning Tree Class of Service Addres Aging time for dynamically learned MAC Addresses 18 2194 secs 300 seconds ET FIGURE 3 32 The Switch Config Address Tables Window showing aging time option Command line Interface Changing the Aging Time This example sets the aging time to 400 seconds Console config mac address table aging time 400 Cons
182. ddress 1 0 14 Gateway IP Address a FIGURE 3 5 Open Switch Setup Network Identity Window Note If you receive an error message saying that the data you have entered is invalid confirm that you have specified each of the IP addresses correctly 3 14 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Command line Interface Specifying the Management VLAN and IP Details Specify the management interface IP address and default gateway Console tconfig Console config interface vlan 2 Console config if ip address 10 1 0 2 255 255 255 0 Console config if exit Console config ip default gateway 10 1 0 254 Console config MIB Variables Specifying the Management VLAN and IP Details TABLE 3 4 MIB Variables for Specifying the Management VLAND and IP Details Field Name MIB Variable Access Value Range Default Value Management Suis cc Read write Integer 1 4094 1 VLAN SswitchMgt SwitchManagementVla n IP Address Mode sun Read write user 1 user vlanMgt bootp 2 vlanTable vlanEntry dhcp 3 vlanAddressMethod IP Address MIB II Read write IP address Configuration ip ipAddrTable ipAddrEntry 1pAdEntAddr Subnet Mask MIB II Read write IP address Configuration ip 1 pAddrTable ipAddrEntry i1pAdEntNetMask Broadcast MIB II Read only Integer 0 1 1 Address ip ipAddrTable i1pAddrEntry ipAdEntBcastAddr Default Gateway sun Read write IP address Configuration ipMgt netDef
183. delete VLANs vian Configures a VLAN including VID name and state VC 4 121 Configure VLAN Interfaces interface vlan Enters interface configuration mode for a specified GC 4 123 VLAN switchport mode Configures VLAN membership mode for an interface IC 4 123 switchport Configures frame types to be accepted by an interface IC 4 124 acceptable frame types swicthport ingress Enables ingress filtering on an interface IC 4 125 filtering switchport native Configures the PVID native VLAN of an interface IC 4 126 vlan switchport allowed Configures the VLANs associated with an interface IC 4 127 vlan switchport gvrp Enables GVRP for an interface IC 4 132 switchport forbidden Configures forbidden VLANs for an interface IC 4 129 vlan Display VLAN Information show vlan Shows VLAN information NE 4 130 PE show interfaces Displays status for the specified VLAN interface NE 4 93 status vlan PE show interfaces Displays the administrative and operational status of NE 4 96 switchport an interface PE 4 120 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 12 1 4 3 12 2 vlan database Use this command to enter VLAN database mode All commands in this mode will take effect immediately Default Setting None Command Mode Global Configuration Command Usage m Use the VLAN database command mode to add change and delete VLANs After finishing configuration changes you can display the VL
184. e 6 CLI only The value of Unit ID has no significance in the current version of the switch in the Sun Fire B1600 blade system chassis 3 18 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 WAS D Switch Status r f System Identity Network Identity Software Sun Fire 81600 gt Switch Status gt Software E Versions Loader version 0 0 6 7 Boot ROM wersion 1 0 0 7 Operation Code Version 0 0 5 9 sj FIGURE 3 7 Open Switch Setup Software Window showing version information Comand line Interface Displaying Switch Software Version Information Use the following command to display version information Console tshow version Uniti Serial number Service tag Hardware version ROB Number of ports 25 Main power status Up Redundant power status not present Agent master Unit id Loader version Boot rom version Operation code version Console Chapter 3 General Management of the Switch 3 19 oA e TABLE 3 6 Field Name Switch Serial Number Switch Hardware Version Switch Port Number Switch Unit Index Switch Loader Version Switch Boot Rom Version Switch Operation Code Version MIB Variable SUN switchMgt switchInfoTable switchInfoEntry swSerialNumber SUN SwitchMgt switchinftoTable SswitchiInfoEntry swHardwareVer SUN SwitchMgt switchinftoTable switchInfoEntry swPortNumber SUN switchMgt sw
185. e Class of Service Addres Sun Fire B1600 gt Switch Config gt Class of Service view Layer 3 4 Traffic Proritisation M Enable Priority Services IP Precedence C Differentiated Services Code Point Mapping DSCP FIGURE 3 28 The Switch Config Class of Service Window for Enabling Priority Services Command line Interface Enabling Priority Services The following example enables IP Precedence service on the switch Console config map ip precedence Console config 3 86 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 9 9 9 To disable layer 3 4 traffic prioritization completely use the following commands Console config no map ip precedence Console config no map ip dscp MIB Variables Associated With Traffic Prioritisation TABLE 3 26 MIB Variables Associated With Traffic Prioritization Field Name MIB Variable Access Value Range Default Value IP Precedence sun Read write disabled 1 disabled DSCP Status priotityMgt precedence 2 priolpPrecDscpStatus dscp 3 Mapping IP Precedence The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic The default IP Precedence values are mapped one to one to Class of Service values Precedence value 0 maps to COS value 0 and so forth Bits 6 and 7 a
186. e Viewing SNMP Statistics This example shows SNMP statistics for the switch Console show snmp SNMP traps Authentication enable Link up down enable SNMP communities 1 private and the privilege is read write 2 public and the privilege is read only 11 SNMP packets input Bad SNMP version errors Unknown community name Illegal operation for community name supplied Encoding errors Number of requested variables Number of altered variables Get request PDUS Get next PDUs Set request PDUs 11 SNMP packets output Too big errors No such name errors 0 0 8 0 0 1 0 0 3 Bad values errors General errors Response PDUs Trap PDUs SNMP logging disabled Console Chapter 3 General Management of the Switch 3 155 3 9 3 3 3 9 4 3 156 MIB Variables Associated With SNMP Statistics TABLE 3 46 MIB Variables Associated With SNMP Statistics Field Name SNMP packets input In Packets In Bad Versions In Bad Community Names In Bad Community Uses In ASN Parse Errors In Total Request Variables In Total Set Variables In Get Requests In Get Nexts In Set Requests Silent Drops Proxy Drops SNMP packets output Out Packets Out Too Bigs Out No Such Names Out Bad Values Out General Errors Out Get Responses Out Traps MIB Variable MIB I1l snmp snmpiInPkts MIB I1L snmp snmpInBadVersions MIB II snmp snmpInBadCommunityNames MIB II snmp snmpInBadCommunityUses MIB II MIB II
187. e System Chassis Switch Administration Guide June 2003 Example Console config hostname Server _Chassis_35 Console config 4 3 3 2 username Use this command to add named users require authentication at login specify or change a user s password or specify that no password is required or specify or change a user s access level Use the no form to remove a user name Syntax username name access level level nopassword password 0 7 password no username name a name The name of the user Maximum length 8 characters maximum number of users 5 access level level Specifies the user level The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec Levels 1 14 are not used nopassword No password is required for this user to log in 0 7 0 means input plain password 7 means input encrypted password password password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting a The default access level is Normal Exec a The default passwords are guest in Normal Exec mode and admin in Privileged Exec mode Factory defaults for the user names and passwords are TABLE 4 7 Default User Names and Passwords username access level password guest 0 guest admin 15 admin Chapter 4 Command Line Reference 4 29 Command Mode Global Configuration Command Usage There is no
188. e a bit Specify 32 urg 16 ack 8 psh 4 rst 2 syn or 1 fin Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 4 7 1 m Source The frame s TCP UDP source address netmask and port range between 0 and 65 535 m Destination The frame s TCP UDP destination address netmask and port range between 0 and 65 535 m Fragment The rule will only match packets with the More Fragments MEF bit set or with a fragment offset greater than zero If fragment is not set the rule will match both fragments and non fragmented packets m Log Logs any matching packets in the log buffer The maximum number of entries stored in the log buffer is 64 When the buffer fills it will wrap around and overwrite the oldest entries Note that the log is stored in RAM and is lost when the switch is reset Web Interface Filtering Traffic to the Management Port Open Management Port Packet Filtering Specify the required rules Click Add The rule in the following example permits TCP traffic from source address 10 7 1 1 to destination address 10 8 1 1 using TCP ports 10 to 30 Management Ports Connection Status VLANs Packet Filtering 4 Management Port Packet filtering Rules Table Rulel permit tcp none 10 7 1 1 0 0 0 0 10 30 10 8 1 1 0 0 0 0 10 30 Log disabled Fragment disabled Ren Rule Action Protocol Ar 2 permit i tcp e Represent code using keyw
189. e allowed three attempts to enter the correct password After the third failed attempt the current connection is terminated 3 2 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 1 1 3 1 1 1 Navigating the Web Browser Interface To access the web browser interface you must first enter a user name and password The administrator has read write access to all configuration parameters and statistics The default administrator user name and password is admin Home Page When your web browser connects with the switch s web agent the home page is displayed The configuration options are displayed in the menu tabs and corresponding menu items listed in the row beneath the menu tabs at the top of the page The menu tabs and subordinate menu items are used to access the configuration menus and display configuration parameters and statistics Switch Status f r r f r System Identity Network Identity Software Sun Fire B1600 gt Switch Status gt System Identity Port Link Status This view shows images of the switch ports and indicates operational status that is whether a link is up or down Click on the image of an Up Link Management Port or a Blade for a Down Link port to edit the link capabilities External E Link Up Link Down Internal pl FIGURE 3 1 Web GUI Home Page Chapter 3 General Management of the Switch 3 3 3 1 1 2 3 1 2 Configuration Options Configurable parame
190. e dynamically discovered by the switch or statically assigned to an interface on the switch Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to an interface port or aggregated link on your switch you can manually configure the interface and a specified VLAN to join all the current multicast groups supported by the connected router This can ensure that multicast traffic is passed on to all the appropriate interfaces within the switch Chapter 3 General Management of the Switch 3 59 3 60 When specifying interfaces connected to multicast routers through the web interface or CLI the following parameters are displayed or can be configured m All known ports in VLAN connected to multicast routers a VLAN The VLAN on the switch The pull down menu includes the VLAN ID and name Interface The interfaces connected to a multicast router and the whether the assignment was static Static or dynamic IGMP m Ports in the VLAN statically connected to multicast routers a Available Ports The interfaces that have not been assigned to the selected VLAN as multicast router ports Current Static Ports The interfaces that have already been assigned to the selected VLAN as multicast router ports Web Interface Specifying Interfaces Connected to Multicast Routers Op
191. e ethernet SNP5 Console config if map ip dscp 1 cos 0 Console config if 4 3 15 10 show map ip precedence Use this command to show the IP precedence priority map Syntax show map ip precedence interface interface a ethernet port name port name down link SNPO 15 up link NETPO 7 mgt NETMGT m port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Chapter 4 Command Line Reference 4 161 Example Console show map ip precedence ethernet SNP5 Precedence mapping status disabled Precedence COS O 0 1 1 2 2 3 3 4 4 5 5 6 6 7 a Console Related Commands map ip precedence Global Configuration 4 157 map ip precedence Interface Configuration 4 158 4 3 15 11 show map ip dscp Use this command to show the IP DSCP priority map Syntax show map ip dscp interface interface a ethernet port name port name down link SNPO 15 up link NETPO 7 mgt NETMGT m port channel channel id Range 1 6 Default Setting None 4 162 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Command Mode Privileged Exec Example Console tshow map ip dscp ethernet SNP1 DSCP mapping status disabled DSCP COS SNP1 SNP1 Console Related Commands map ip dscp Global Configuration 4 159 map ip dscp Interface Configuration 4 160 Chapter 4 Command Line Reference 4 163 4 3 16 Mirror Port Commands This section d
192. e operation code a filename Name of the file to display If this file exists but contains errors information on the file cannot be displayed Default Setting None Command Mode Privileged Exec Command Usage If you enter the command dir without any parameters the system displays all files File information is shown below TABLE 4 5 File Information Column Heading Description file name The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file is used when the system is started size The length of the file in bytes 4 24 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Example The following example shows how to display all file information Console dir file name file type startup size byte diag_0060 Boot Rom image 111360 run_01642 Operation Code 1074304 run_0200 Operation Code 1083008 Factory_Default_Config cfg Config File 2574 startup Config File Total free space Console 4 3 2 4 whichboot Use this command to display which files were booted when the system powered up Default Setting None Command Mode Privileged Exec Command Usage See TABLE 4 5 on for a description of the file information displayed by this command Chapter 4 Command Line Reference 4 25 Example This example shows the information displayed by the whichboot command Console whichboot file name file type startup size
193. e port to be used by the Web browser GC 4 31 interface ip http server Allows the switch to be monitored or configured from GC 4 32 a browser Jumbo Frame Command jumbo frame Enables support for jumbo frames GC 4 33 Event Logging Commands logging on Controls logging of error messages GC 4 34 logging history Limits syslog messages saved to switch memory based GC 4 35 on severity clear logging Clears messages from the logging buffer PE 4 36 show logging Displays the state of logging PE 4 37 Chapter 4 Command Line Reference 4 27 TABLE 4 6 System Management Commands Continued Command Function Mode Page System Status Commands show startup Displays the contents of the configuration file stored PE 4 38 config in Flash memory that is used to start up the system show running Displays the configuration data currently in use PE 4 40 config show system Displays system information NE 4 42 PE show users Shows all active console and Telnet sessions including NE 4 44 user name idle time and IP address of Telnet clients PE show version Displays version information for the system NE 4 44 PE 4 3 3 1 hostname Use this command to specify or modify the host name for this device Use the no form to restore the default host name Syntax hostname name no hostname name The name of this host The maximum length is 255 characters Default Setting None Command Mode Global Configuration 4 28 Sun Fire B1600 Blad
194. ePortEntry mstInstancePortPriority sun xstMgt mstInstancePortTable mstInstancePortEntry mstInstancePortPathCost sun xstMgt mstInstancePortTable mstInstancePortEntry mstInstancePort DesignatedCost sun xstMgt mstInstancePortTable mstInstancePortEntry mstInstancePort DesignatedBridge sun xstMgt mstInstancePortTable mstInstancePortEntry mstInstancePort DesignatedPort sun staMgt staPortTable staPortEntry staPortAdminPointTo Point sun staMgt staPortTable staPortEntry staPortAdminEdgePort Access Index Read only Read write Read write Read only Read only Read only Read write Read write Default Value Range Value discarding 1 learning 2 forwarding 3 Integer 0 240 128 Integer long 1 200 000 000 short 1 65 535 page 3 129 Integer Octet string Octet string forceTrue 0 auto forceFalse 1 auto 2 true 1 false false 2 3 4 6 2 TABLE 3 38 MIB Variables Associated With a Port s STA Settings Continued Default Field Name MIB Variable Access Value Range Value STA Port Enable sun mstMgt Read write enabled 1 enabled Admin status mstInstancePortTable disabled 2 mstinstancePortEntry mstInstancePortEnable STA Port Role sun mstMgt Read only disabled 1 mstInstancePortTable root 2 mstInstancePortEntry designated 3 mstInstancePortPortRole alternate 4 back
195. eb Either Enabled or Disabled a CLI Port Admin Either up or down m Link Status The state of the connection Either Up or Down Port Operation Status The state of the connection Either Up or Down Displayed only when the link is up m Speed Duplex Shows the current speed and duplex mode m Flow Control The configured state of flow control a Web Either IEEE 802 3x Back Pressure or None a CLI Hither Enabled or Disabled Flow Type shows IEEE 802 3x Back Pressure or None 18 CLI only 3 96 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 a Auto negotiation The configured state of auto negotiation Either enabled or disabled m Protect Status The configured state of broadcast storm control on the interface To set the threshold value see Broadcast Storm Control Global Setting on page 3 67 m MAC Address The physical layer address of the port Port Capabilities2 The capabilities that are advertised for a port during auto negotiation The following capabilities are supported 10half 10 Mbit sec half duplex operation 10full 10 Mbit sec full duplex operation 100half 100 Mbit sec half duplex operation 100full 100 Mbit sec full duplex operation 1000full 1000 Mbit sec full duplex operation Sym The transmitting and receiving of pause frames for flow control FC Flow control LACP Status The configured
196. ed by the connected device Otherwise these settings can be manually configured for any connection Note Autonegotiation must be enabled for automatic MDI MDI X pinout configuration Chapter 1 Introduction 1 3 1 2 1 2 Internal Ports The switch also includes 16 internal 1000BASE X Gigabit Ethernet ports that connect to the blades in the chassis These ports are fixed at 1000 Mbit sec full duplex The internal ports are named SNPO to SNP15 in the configuration interface The switch also includes an internal 10 100BASE TX port called NETMGT which is connected to the SC s network port and to the external management port on the SSC s front panel through an internal hub 1 4 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 L22 Status LEDs Switch level indicators are located on the SSC module The 1000BASE T up link ports and the 10 100BASE TX management port located on the rear panel of the SSC also include indicators for both Link and Speed Ready to Remove ALA Roe Serial Mgt Port Network Mgt Port FIGURE 1 1 SSC Exterior Panel TABLE 1 1 Port LEDs LED Condition SSC
197. egment Example The following example defines a default gateway for this device Console config ip default gateway 10 1 0 254 Console config Related Commands show ip redirects 4 75 4 74 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 7 5 show ip interface Use this command to display the settings of an IP interface Default Setting All interfaces Command Mode Privileged Exec Command Usage This switch can only be assigned one IP address This address is used for managing the switch Example Console tshow ip interface IP address and netmask 10 1 0 54 255 255 255 0 on VLAN 2 and address mode User specified Console Related Commands show ip redirects 4 75 4 3 7 6 show ip redirects Use this command to show the default gateway configured for the switch Default Setting None Chapter 4 Command Line Reference 4 75 Command Mode Privileged Exec Example Console tshow ip redirects ip default gateway 10 1 0 254 Console Related Commands ip default gateway 4 74 4 3 7 7 ping Use this command to send ICMP echo request packets to another node on the network Syntax ping host count count size size a host The IP address of the host count The number of packets to send Range 1 16 default 5 a size The number of bytes in a packet Range 32 512 default 32 The actual packet size will be eight bytes larger
198. eld Name Trunk Maximum ID Trunk Valid Number Trunk Index Trunk Ports Trunk Creation Trunk Status LACP Port Status MIB Variable sun trunkMgt trunkMaxId sun trunkMgt trunkValidNumber sun trunkMgt trunkTable trunkEntry trunkIndex sun trunkMgt trunkTable trunkEntry trunkPorts sun trunkMgt trunkTable trunkEntry trunkCreation sun trunkMgt trunkTable trunkEntry trunkStatus sun lacpMgt lacpPortTable lacpPortEntry lacpPortStatus Access Read only Read only Index Read create Read only Read create Read write Default Value Range Value Integer 6 Integer 1 6 Integer Octet string port list static 1 lacp 2 valid 1 invalid 2 enabled 1 disabled 2 For a description of other CLI variables see Displaying Connection Status on page 3 96 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 4 3 2 Statically Configuring an Aggregated Link Web Interface Statically Configuring an Aggregated Link Click Up Links Down Links gt Link Aggregation Select a trunk from the Select Trunk menu Select the required port Click Add or Remove Note The action buttons take immediate effect To avoid creating a loop in the network be sure you add a static aggregated link using the configuration interface before connecting the ports and also disconne
199. elivered to a higher layer protocol Received Multicast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a multicast address at this sub layer Received Broadcast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a broadcast address at this sub layer Received Discarded Packets The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol One possible reason for discarding such a packet could be to free up buffer space e Received Unknown Packets The number of packets received through the interface which were discarded because of an unknown or unsupported protocol e Received Errors The number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol e Transmit Octets The total number of octets transmitted out of the interface including framing characters e Transmit Unicast Packets The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent e Transmit Multicast Packets The total number of packets that higher level protocols requested be transmitted and which were addressed to a multicast address at this sub layer including those that were discarded or not sent
200. en 2 and 10 for which there has been no response before the querier takes action to drop a client from the multicast group The default is 2 Chapter 3 General Management of the Switch 3 55 Query Interval The frequency between 60 and 125 seconds at which the switch sends IGMP host query messages The default is 125 seconds Query Report Delay The time between 5 and 25 seconds between receiving an IGMP Report for an IP multicast address on a port before the switch sends an IGMP Query out of that port and removes the entry from its list The default is 10 seconds a Router Port Expire Time The time between 300 and 500 seconds the switch waits after the previous querier stops querying before it determines that the interface which had been receiving query packets is no longer attached to a querier The default is 300 seconds Note All systems on the subnet must support the same version Some attributes are only enabled for IGMPv2 including IGMP Report Delay and Router Port Expire Time Web Interface Configuring IGMP Snooping Parameters 1 Open Switch Config gt Broadcast amp Multicast IGMP Parameters 2 Adjust the IGMP settings as required 3 Click Save 3 56 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Pim Switch Config Me ee ae ee ee lt me eee Security Communication VLANS Broadcast amp Multicast Spanning Tree Class of Service Addres 4 Sun Fire
201. en Switch Config Broadcast amp Multicas Multicast Router Ports Select a VLAN Click Query to display all the interfaces in the VLAN that are connected to multicast routers From the Available Ports select an interface that is connected to a multicast router Click Add From Current Static Ports select an interface that is no longer connected to a multicast router Click Remove Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Switch Config Security Communication YLANS Broadcast amp Multicast Spanning Tree Class of Service Addres 4 k Sun Fire 81600 gt Switch Config gt Broadcast amp Multicast View Multicast Router Ports Configuring Ports Attached to Multicast Routers To find all the switch ports which are connected over a specific VLAM to a known IGMP querier please select the VLAN and press the find butto ports will appear in the list to your right All known ports in YLAN attached to multicast routers VLAN 4 Default Vlan cumant Ports l JUnitl NETPO Static IF TGME snooping has mot located the GMO querer you can manually configure a port to join all the current roulticast groups supported by the attached router on the VLAN specified above Ports in LAN statically attached ta multicast routers Available ports Current Static Ports vlani Uniti NETPO SNP i FIGURE 3 20 The Switch Config Broadcast
202. enable or disable broadcast storm control for the selected interface However the specified threshold value applies to the entire switch a Down link ports SNPO 15 are fixed with broadcast storm control enabled Example The following shows how to configure broadcast suppression at 64 packets per second Console config interface ethernet SNP5 Console config if switchport broadcast packet rate 64 Console config if Note The switchport broadcast command enables broadcast storm control on the specified interface but it sets the broadcast threshold for every interface on the switch 4 92 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 8 9 4 3 8 10 clear counters Use this command to clear statistics on an interface Syntax clear counters interface interface ethernet port name port name down link SNPO 15 up link NETPO 7 mgt NETMGT Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However if you log out and back into the management interface the statistics displayed will show the absolute value accumulated since the last power reset Example The following example clears statistics on port SNP5 Console teclear counters ethernet SNP5 Console show interfaces status Use this
203. er IP Address jio 11 12 13 1812 er No of Retries Server Port Number Encryption Key TACACS Setting Server IP Address 192 160 1 25 fas ok ook Server Port Number Encryption Key A Timeout for reply A a a a FIGURE 3 12 The Switch Config Security Window for Use With Authentication Servers To configure authentication parameters for local access Type a user name Select an access level Normal or Privileged Type a password Click Add Chapter 3 General Management of the Switch 3 31 switch Config J r r f i Security Communication VLANs Broadcast amp Multicast Spanning Tree Class of Service Address Local Access Authentication a User Accounts Access Level Privileged Change Password guest Normal User Access Level bot Privileged ac FIGURE 3 13 The Switch Config Security Window Showing Locally Stored Logins 3 2 6 2 Command line Interface Configuring User Authentication 1 Assign a user name and access level Type 0 for Normal access and 15 for Privileged access 2 Specify the password 3 Configure the required settings for RADIUS and TACACS remote client authentication username bob access level 15 username bob password 0 smith tauthentication login local tacacs radius tacacs server host 192 168 1 24 tacacs server port 181 tacacs server key green radius server host 192 168 1 25 radius server port 181 radius server key w
204. er host host addr community string version version number no snmpo server host host addr a host addr Name or Internet address of the host the targeted recipient Maximum host addresses 5 trap destination IP address entries a community string Password like community string sent with the notification operation Though you can set this string using the snmp server host command by itself we recommend you define this string using the snmp server community command prior to using the snmp server host command Maximum length 32 characters a version number 1 2c Indicates if the host is running SNMP version 1 or version 2c Default Setting None Command Mode Global Configuration Command Usage If you do not enter an snmp server host command no notifications are sent In order to configure the switch to send SNMP notifications you must enter at least one snmp server host command In order to enable multiple hosts you must issue a separate snmp server host command for each host The snmp server host command is used in conjunction with the snmp server enable traps command Use the snmp server enable traps command to specify which SNMP notifications are sent globally For a host to receive notifications you must enter at least one snmp server enable traps command and the snmp server host command for that host Some notification types cannot be controlled with the snmp server enable traps command For
205. ernet SNP5 show interfaces and status are keywords ethernet is an argument that specifies the interface type and SNP5 specifies the port You can enter commands as follows m To enter a simple command type the command keyword a To enter multiple commands type each command in the required order For example to enable Privileged Exec command mode and display the startup configuration type Console gt enable Console tshow startup config m To enter commands that require parameters type the required parameters after the command keyword For example to set a password for the administrator type Console config username admin password 0 smith 4 4 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 1 2 2 Minimum Abbreviation The CLI accepts a minimum number of characters that uniquely identify a command For example the command logging history can be entered as logging h If an entry is ambiguous the system prompts for further input 4 1 2 3 Command Completion If you terminate input with a Tab key the CLI prints the remaining characters of a partial keyword up to the point of ambiguity In the Logging history example typing log followed by a tab results in printing the command up to logging 4 1 2 4 Getting Help on Commands You can display a brief description of the help system by entering the help command You can also display command syntax by using the character to list keyword
206. erwise traffic may be dropped from the monitor port a When mirroring port traffic the target port must be included in the same VLAN as the source port Web Interface Configuring Port Mirroring Open Monitoring gt Port Mirror Select the source port Select the monitor port Select the traffic type to be mirrored Click Add Chapter 3 General Management of the Switch 3 139 Monitoring Port Mirroring Port Statistics SNMP Statistics Logs Sun Fire B1600 gt Monitoring gt Port Mirroring Physical Port Monitoring Sessions NETE NETPS Both Monitored Destination Part Port Type of Monitoring smeo smeo Received B 4 P FIGURE 3 44 The Monitoring gt Port Mirroring Window 3 5 1 2 Command line Interface Configuring Port Mirroring Use the interface command to select the monitor port then use the port monitor command to specify the source port Note that default mirroring under the CLI is for both received and transmitted packets Console config interface ethernet NETP7 Console config if port monitor ethernet NETP6 Console config if 3 140 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 99 159 Oper MIB Variables Associated With Port Mirroring TABLE 3 42 MIB Variables Associated With Port Mirroring Field Name MIB Variable Access Value Range Default Value Mirror Source SUs Not Integer Port mirrorMgt accessible mirrorTable mirro
207. ery by setting the required priority level for the designated VLAN The switch uses IGMP Snooping and IGMP to manage multicast group registration Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 1 4 Switch Default Settings TABLE 1 2 Switch Default Settings Function System Settings e Web Met e Secure Web Met e BOOTP e DHCP e SNMP Communities e SNMP Traps e User Name e Password Serial Port IP Settings Port Status e Port Speed e Duplex Mode e Flow Control Port Priority Port Security Spanning Tree Protocol Default Enabled Disabled Enabled Enabled public Read Only private Read Write Authentication traps enabled Link up down events enabled admin for console Telnet Web guest for console Telnet Web logon user admin password admin user guest password guest Change from Normal Exec to Privileged Exec super Baud rate 9600 Data bits 8 Stop bits 1 Parity none Address 0 0 0 0 Subnet mask 255 0 0 0 Port SNPO 15 1000 Mbps Port NETPO 7 10 100 1000 Mbps auto negotiated Port NETMGT 10 100 Mbps auto negotiated Port SNPO 15 full Port NETP0 7 NETMGT half and full duplex auto negotiated Disabled Ingress priority 0 Disabled Enabled Default RSTP Defaults All parameters based on IEEE 802 1w Chapter 1 Introduction 1 9 1 10 TABLE 1 2 Switch Default Settings Continued Function e Edge Port Fast Forwarding
208. es as well as on the core switches in the network a If you want to create a small port based VLAN for devices attached directly to a single switch you can assign ports to the same untagged VLAN However to participate in a VLAN group that crosses several switches you need to create a VLAN for that group and enable tagging on all ports Ports can be assigned to multiple tagged or untagged VLANs Each port on the switch is therefore capable of passing tagged or untagged frames When forwarding a frame from this switch along a path that contains any VLAN aware devices the switch should include VLAN tags When forwarding a frame from this switch along a path that does not contain any VLAN aware devices including the destination host the switch must first strip off the VLAN tag before forwarding the frame When the switch receives a tagged frame it will pass this frame onto the VLAN s indicated by the frame tag However when this switch receives an untagged frame from a VLAN unaware device it first decides where to forward the frame and then inserts a VLAN tag reflecting the ingress port s default VID Displaying Basic VLAN Information When displaying basic VLAN information using the web interface or CLI the following parameters are displayed m VLAN Version Number The VLAN version used by this switch as specified in the IEEE 802 10 standard m Maximum VLAN ID The maximum VLAN ID recognized by this switch m Maximum Number o
209. es parameters for multicast query Assigns ports that are connected to a neighboring multicast router switch Assigns a multicast service to a specific interface Sets the broadcast storm threshold Configures the Spanning Tree Protocol Configures settings for the global spanning tree Configures advanced settings for RSTP See Page 3 8 3 8 3 12 3 18 3 39 3 28 3 34 3 39 3 50 3 54 3 55 3 59 3 64 3 67 3 70 3 70 3 76 Chapter 3 General Management of the Switch 3 5 TABLE 3 2 Menu Up Links Down Links Subordinate Menu Class of Service e Basic Traffic Prioritisation e Layer 3 4 Traffic Prioritisation Address Tables Connection Status e Connection Configuration Link Aggregation VLANs Static Addresses Spanning Tree e Spanning Tree Protocol Connection Status e Connection Configuration Link Aggregation VLANs Summary of Tasks You Can Perform Using the Web Agent Continued Description Configures Class of Service Configures default CoS priorities maps CoS priorities to output queues and configures Weighted Round Robin queueing Selects layer 3 4 priority service maps IP precedence tags to CoS values and maps DSCP tags to CoS values Sets address aging displays entries for the specified interface VLAN or address configures static addresses Port configuration Displays port connection status Configures port connection settings enables broadcast st
210. escribes how to mirror traffic from a source port to a target port TABLE 4 23 Mirror Port Commands Command Function Mode Page port monitor Configures a mirror session IC 4 164 show port monitor Shows the configuration for a mirror port PE 4 165 4 3 16 1 port monitor Use this command to configure a mirror session Use the no form to clear a mirror session It is only possible to monitor one port on the switch at a time Note The integrated switches on the Sun Fire B1600 blade system chassis are each composed of two switch chips linked together It is only possible to mirror the traffic on one port by using another port that is on the same switch chip The ports NETP0O NETP1 NETP4 NETP5 and SNP8 through SNP15 are on one switch chip The ports NETP2 NETP3 NETP6 NETP7 and SNPO through SNP7 are on the other If you look at the rear panel of the SSC all the ports on the right are on one chip and all the ports on the left are on the other Syntax port monitor interface rx tx both no port monitor interface a interface ethernet port name port name down link SNPO 15 up link NETPO 7 mgt NETMGT a rx Mirror received packets a tx Mirror transmitted packets a both Mirror both received and transmitted packets Default Setting No mirror session is defined When enabled the default mirroring is for both received and transmitted packets 4 164 Sun Fire B1600 Blade System Chassis Switch Adminis
211. espectively no login selects no authentication When using this method the management interface starts in Normal Exec NE mode This command controls login authentication through the switch itself To configure user names and passwords for remote authentication servers you must use the RADIUS or TACACS software installed on those servers Example Console config line login local Console config line Related Commands username 4 29 password 4 64 password Use this command to specify the password for a line Use the no form to remove the password 4 64 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Syntax password 0 7 password no password 0 7 0 means input plain password 7 means input encrypted password password Character string that specifies the line password Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting No password is specified Command Mode Line Configuration Command Usage When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state There is no need to specify encrypted passwords on the command line
212. et Console config clear mac address table dynamic Use this command to remove any learned entries from the forwarding database and to clear the transmit and receive counts for any static or system configured entries Default Setting None Command Mode Privileged Exec Example Console tclear mac address table dynamic Console show mac address table Use this command to view classes of entries in the bridge forwarding database Syntax show mac address table address mac address mask interface interface vlan vlan id sort address vlan interface mac address MAC address 4 100 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 mask Bits to ignore in the address a interface ethernet port name port name down link SNPO 15 up link NETPO 7 mgt NETMGT port channel channel id Range 1 6 a vlan id VLAN ID Range 1 4094 sort Sort by address vlan or interface Default Setting None Command Mode Privileged Exec Command Usage The MAC Address Table contains the MAC addresses associated with each interface Note that the Type field may include the following types Learned dynamic address entries a Permanent static entry a Delete on reset static entry to be deleted when system is reset Example Console show mac address table Interface Mac Address Vlan Type SNP11 00 10 b5 62 03 74 1 Learned Console
213. etting Shows counters for all interfaces Command Mode Normal Exec Privileged Exec Chapter 4 Command Line Reference 4 95 Command Usage If no interface is specified information on all interfaces is displayed For a description of the items displayed by this command see Showing Port Statistics on page 3 141 Example Console show interfaces counters ethernet NETP7 NETP7 Iftable stats Octets input 19648 Octets output 714944 Unicast input 0 Unicast output 0 Discard input 0 Discard output 0 Error input 0 Error outp t O0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 10524 Broadcast input 136 Broadcast output 0 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carrier sense errors 0 RMON stats Drop events 0 Octets 734720 Packets 10661 Broadcast pkts 136 Multi cast pkts 10525 Undersize pkts 0 Oversize pkts 0 Fragments 0 Jabbers 0 CRC align errors 0 Collisions 0 Packet size lt 64 octets 9877 Packet size 65 to 127 octets 93 Packet size 128 to 255 octets 691 Packet size 256 to 511 octets 0 Packet size 512 to 1023 octets 0 Packet size 1024 to 1518 octets 0 Console 4 3 8 12 show interf
214. etween this device and management stations that exist on other network segments The default is 0 0 0 0 Manual Configuration Web Interface Specifying the Management VLAN and IP Details Open Switch Setup gt Network Identity Select the management VLAN interface Select the Manual IP Address Mode Specify the IP address subnet mask and default gateway Click Save 5 Web only Chapter 3 General Management of the Switch 3 13 Switch Status System Identity Network Identity Software Sun Fire B1600 gt Switch Status gt Network Identity To change the VLAN used for managing the switch you will need to change the Management YLAN Note To prevent loss of connection to the switch ensure that the Management Port is configured as a member of the new VLAN 10 1 0 2 Current IP Address DU DOU ES 66 68 fF 2 Mgt lan Use the radio buttons to select whether the switch IP address is manually configured or dynamically configured by a DHCP or BOOTP Server on your network The switch will broadcast a request for IP configuration settings on the next power Cancel Otherwise you can click the Request Address button to immediately request a new address MAC Address Management VLAN Select IP Address Mode C DHCP Client Enable Client ID C BOOTP Restart DHCP BOOTP for changes to take effect Save and Restart Manual IP Address 10 1 0 2 Subnet Mask 255 255 255 0 0 Br adcast A
215. f Supported VLANs The maximum number of VLANs that can be configured on this switch Web Interface Displaying Basic VLAN Information Open the Switch Config VLANs window Chapter 3 General Management of the Switch 3 41 Switch Contig Security Communication WLANS Broadcast amp Multicast Spanning Tree Class of Service Address Sun Fire B1600 gt Switch Config gt VLANs Basic VLAN Information VLAN Version Number 1 Maximum VLAN ID 4094 Maximum number of support VLANs 255 Command line Interface Displaying Basic VLAN Information Type the following command Console tshow bridge ext Max support vlan numbers 32 Max support vlan ID 4094 Extended multicast filtering services Static entry individual port Yes VLAN learning IVL Configurable PVID tagging Yes Local VLAN capable Yes Traffic classes Enabled Global GVRP status Disabled GMRP Disabled Console 3 42 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 MIB Variables Associated With Basic VLAN Information TABLE 3 11 Field Name VLAN Version Number Maximum VLAN ID Maximum Number of Supported VLANs Device Capabilities MIB Variable Access MIB I1 dotlidBridge QqBridgeMIB gqBridgeMIBObjects Read only dotligBase dotlqVlanVersion Number MIB II dotldBridge BridgeMIB BridgeMIBObjects dotligBase dotigqMaxVlanId Read only MIB II dotidBridge Qq
216. figures the transmission limit for RSTP Configures the spanning tree path cost of an interface Configures the spanning tree priority of an interface Enables fast forwarding for edge ports Re checks the appropriate BPDU format Configures the link type for RSTP Shows the spanning tree configuration Mode Page GC 4 105 GC 4 106 GC 4 107 GC 4 108 GC 4 109 GC 4 110 GC 4 111 GC 4 112 IC 4 112 IC 4 114 IC 4 115 PE 4 116 IC 4 117 PE 4 118 Use this command to enable the spanning tree algorithm globally for this switch Use the no form to disable it Chapter 4 Command Line Reference 4 105 Syntax spanning tree no spanning tree Default Setting Spanning tree is enabled Command Mode Global Configuration Command Usage The Spanning Tree Algorithm can be used to detect and disable network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down Example The following example enables the spanning tree algorithm for this switch Console config spanning tree Console config 4 3 11 2 spanning tree mode 4 106 Use this command to select the spanning tree mode for this switch Use the no form
217. following example shows how to copy the running configuration to a file Console tcopy running config file destination file name startup Write to FLASH Programming Write to FLASH finish success Console The following example shows how to download a configuration file Consoletcopy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file name startup Write to FLASH Programming Write to FLASH finish Success Console 4 3 2 2 delete Use this command to delete a file or image 4 22 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 2 3 Syntax delete filename filename Name of the configuration file or image name Default Setting None Command Mode Privileged Exec Command Usage a If the file type is boot ROM or is used for system startup then this file cannot be deleted a The file Factory _Default_Config cfg cannot be deleted Example This example shows how to delete the test2 cfg configuration file from Flash memory Console delete test2 cfg Console Related Commands dir 4 23 dir Use this command to display a list of files in Flash memory Syntax dir boot rom config opcode filename Chapter 4 Command Line Reference 4 23 The type of file or image to display includes a boot rom Boot ROM config Configuration file opcode Run tim
218. following restrictions Cannot use port monitoring Cannot be a multi VLAN port Cannot be connected to a network interconnection device Cannot be a trunk port Example The following example enables port security of port SNP5 Console config interface ethernet SNP5 Console config if port security Related Commands mac address table static 499 show mac address table 4 100 4 104 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 11 4 3 11 1 Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm STA for the overall switch and commands that configure STA for the selected interface TABLE 4 16 Spanning Tree Commands Command Sspanning tree Sspanning tree mode Sspanning tree forward time Sspanning tree hello time Spanning tree max age Spanning tree priority spanning tree path cost method spanning tree transmission limit spanning tree cost spanning tree port priority spanning tree edge port spanning tree protocol migration spanning tree link type show spanning tree spanning tree Function Enables the spanning tree protocol Configures STP or RSTP mode Configures the spanning tree bridge forward time Configures the spanning tree bridge hello time Configures the spanning tree bridge maximum age Configures the spanning tree bridge priority Configures the path cost method for RSTP Con
219. g default VLAN identifier PVID accepted frame types ingress filtering GARP VLAN Registration Protocol GVRP status and Group Address Registration Protocol GARP timers Note the following points about GVRP and GARP m GVRP GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network m GARP Group Address Registration Protocol is used by GVRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be changed unless you are experiencing difficulties with GVRP registration deregistration When configuring VLAN behavior for interfaces through the web interface or CLI the following parameters are displayed or can be configured m Port The port or trunk up links NETPO to NETP7 down links SNPO to SNP15 or the management port NETMGT m Default VLAN for Port PVID The VLAN ID assigned to untagged frames received on an interface The default for up down links is 1 and for NETMGT it is 2 Note If an interface is not a member of VLAN 1 and you assign its PVID to VLAN 1 the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before you can assign its PVID to that group
220. gh the console port a Web browser or Telnet These access options must be configured on the authentication server RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user name password and privilege level must be configured on the authentication server You can specify two or three authentication methods in a single command to indicate the authentication sequence For example if you enter authentication login radius local the user name and password on the RADIUS server is verified first If the RADIUS server is not available then the local user name and password is checked Example Console config authentication login radius Console config Related Commands username for setting the local user name and password 4 29 Chapter 4 Command Line Reference 4 47 4 3 4 2 radius server host Use this command to specify the RADIUS server Use the no form to restore the default Syntax radius server host host_ip_address no radius server host host_ip_address The IP address of the server Default Setting 10 11 12 13 Command Mode Global Configuration Example Console config radius server host 192 168 1 25 Console config 4 3 4 3 radius server port Use this command to set the RADIUS server network port Use the no form to restore the default Syntax radius server port port_number no radius server port port_number
221. guration commands on the other hand modify interface parameters or enable certain switching functions These classes are further divided into different modes Available commands depend on the selected mode You can always type a question Chapter 4 Command Line Reference 4 7 4 1 2 10 mark at the prompt to display a list of the commands available for the current mode The command classes and associated modes are displayed in the following table TABLE 4 1 Command Modes Class Mode Exec Normal Privileged Configuration Global Interface Line VLAN Database You must be in Privileged Exec mode to access any of the configuration modes Exec Commands When you open a new console session on the switch with the user name and password guest the system enters the Normal Exec command mode or guest mode displaying the Console gt command prompt Only a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new console session with the user name and password admin The system now displays the Console command prompt You can also enter Privileged Exec mode from within Normal Exec mode by typing the enable command followed by the privileged level password super To enter Privileged Exec mode type the following user names and passwords Username admin Password admin login password CLI ses
222. hat you type when contrasted gt enable with on screen computer output password AaBbCc123 Book titles new words or terms words to be emphasized Replace command line variables with real names or values Display system files Use dir to list all files Read Chapter 6 in the Sun Fire B1600 Installation and Maintenance Guide These are called class options You must be an administrator to do this To delete a file type del filename Related Documentation Application Installation Chassis Software Setup Chassis Administration Accessing Sun Documentation Title Sun Fire B1600 Blade System Chassis Hardware Installation Guide Sun Fire B1600 Blade System Chassis Software Setup Guide Sun Fire B1600 Blade System Chassis Administration Guide Part Number 816 7614 816 3361 816 4765 You can view print or purchase a broad selection of Sun documentation including localized versions at http www sun com documentation Preface xxi Contacting Sun Technical Support If you have technical questions about this product that are not answered in this document go to http www sun com service contacting Sun Welcomes Your Comments Sun is interested in improving its documentation and welcomes your comments and suggestions You can submit your comments by going to http www sun com hwdocs feedback Please include the title and part number of your document with your feedback Su
223. he Type of Service ToS octet If priority bits are used the ToS octet may contain three bits for IP Precedence or six bits for Differentiated Services Code Point DSCP service When these services are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue Because different priority information may be contained in the traffic this switch maps priority values to the output queues in the following manner Chapter 3 General Management of the Switch 3 85 m The precedence for priority mapping is IP Precedence or DSCP Priority and then Default Port Priority m IP Precedence and DSCP Priority cannot both be enabled Enabling one of these priority types automatically disables the other When mapping layer 3 4 priorities to COS values through the web interface or CLI the following parameters can be configured m Enable Priority Services The current operating status for mapping for layer 3 4 priorities to COS values The default is disabled m IP Precedence IP Precedence mapping m Differentiated Services Code Point Mapping DSCP DSCP mapping Web Interface Enabling Priority Services 1 Open Switch Config Class of Service gt Layer 3 4 Traffic Prioritisation 2 Select Enable Priority Services 3 Select IP Precedence or DSCP 4 Click Save Switch Contig Security Communication VLANS Broadcast amp Multicast Spanning Tre
224. he aggregated link will be activated automatically m An aggregated link formed with another switch using LACP will automatically be assigned the next available port channel number m If more than four ports attached to the same target switch have LACP enabled the additional ports will be placed in standby mode and will only be enabled if one of the active links fails m All the ports in an aggregated link have to be treated as a whole when moved from or to or when added to or deleted from a VLAN a SIP VLAN and IGMP settings can only be made for the entire aggregated link Chapter 3 General Management of the Switch 3 107 3 4 3 1 3 108 Dynamically Configuring an Aggregated Link with LACP Web Interface Dynamic Aggregated Links LACP 1 Click Up Links Down Links gt Link Aggregation 2 Locate the required port in the Link Aggregation table 3 Click Enable LACP or Disable LACP Note The action buttons take immediate effect To avoid creating a loop in the network be sure you enable LACP before connecting the ports and also disconnect the ports before disabling LACP Sun Fire B1600 gt Up Links gt Link Aggregation Link Aggregation Table Up Links Connection Status Link Aggregation VLANs Static Addresses Spanning Tree Use link aggregation to combine a set of links into a trunk so that they behave like a single link Select a port and enable LACE Link Aggregation Control Protocol to allow
225. he configuration file under a new file name and then set it as the startup file or you can specify the current startup configuration file as the destination file to overwrite it Note that Factory _Default_Config cfg can be copied to the TFTP server but cannot be used as the destination on the switch it cannot be overwritten Web Interface Downloading a File of Configuration Settings Open the Switch Setup Software window Type the IP address of the TFTP server Type the name of the file to download select a file on the switch to overwrite or specify a new file name Click Download Chapter 3 General Management of the Switch 3 25 3 26 switch Setup r r System Identity Network Identity Software al TFTF Server IF f Download amp Address 10 1 0 19 a Upload pi Mame startup E startup I FIGURE 3 10 The Switch Setup Software Window for downloading a configuration file If you download to a new file name select the new file from the pull down menu and click Save To use the new settings reboot the system by clicking Save and Restart Switch Status System Identity Network Identity Software Files used at Startup Operation Code lriage File used at startup runtime Configuration File used at startup startup Restart switch to apply changes immediately Save and Restart a FIGURE 3 11 The Switch Setup Software Window enabling you to specify the opera
226. he interface a Point to Point A connection to exactly one other bridge a Shared A connection to two or more bridges a Auto The switch automatically determines if the interface is connected to a point to point link or to shared media Edge Port Admin Edge Port You can enable this option if an interface is connected to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However enable Edge Port only for ports connected to an end node device These additional parameters are only displayed for the CLI Admin status Shows if STA has been enabled on this interface m Role Roles are assigned according to whether the port is part of the active topology connecting the bridge to the root bridge root port connecting a LAN through the bridge to the root bridge designated port or is an alternate or backup port that may provide connectivity if other bridges bridge ports or LANs fail or are removed
227. hite radius server retransmit 5 radius server timeout 10 config config config config config config config config config config config config Console Console Console Console Console Console Console Console Console Console Console Console Ne ee ee ee ee ee M M M ee x So S Ne So So NOA NS SN NS TC eer NOA 3 32 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 2 6 3 DA MIB variables Associated With User Authentication TABLE 3 9 Field Name User Name Password Access Level Authenticatio n Sequence RADIUS Server Address RADIUS Server Port Number RADIUS Server Encryption Key RADIUS Server Retransmit RADIUS Server Timeout TACACS Server Address TACACS Server Port Number TACACS Server Encryption MIB Variable Not Defined Not Defined Not Defined Not Defined sun securityMgt radiusMgt radiusServerAddress sun securityMgt radiusMgt radiusServerPortNumber sun securityMgt radiusMgt radiusServerkKey sun securityMgt radiusMgt radiusServerRetransmit sun securityMgt radiusMgt radiusServerTimeout sun securityMgt tacacsMgt tacacsServerAddress sun securityMgt tacacsMgt tacacsServerPortNumber sun securityMgt tacacsMgt tacacsServerKey Access Read write Read write Read write Read always returns 0 Read write Read write Read write Read write Read wri
228. ic Class 2 6 Traffic Class 3 7 Traffic Class 3 Traffic classes Queue oz 0 3 FIGURE 3 26 The Switch Config Class of Service Window for Mapping COS Values to Traffic Classes Command line Interface Mapping COS Values to Traffic Classes The following example shows how to map COS values 0 1 and 2 to COS priority queue 0 value 3 to COS priority queue 1 values 4 and 5 to COS priority queue 2 and values 6 and 7 to COS priority queue 3 Console config interface ethernet NETPO Console config queue cos map 0 0 1 2 Console config queue cos map 1 3 Console config queue cos map 2 4 5 Console config queue cos map 3 6 7 Console config exit Console show queue cos map ethernet NETPO Information of NETPO Queue ID Class of service Console 3 82 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 MIB Variables Associated With Mapping COS Values to Traffic Queues TABLE 3 24 MIB Variables Associated With Mapping COS Values to Traffic Queues Field Name Traffic Class Priority Traffic Class MIB Variable Access MIB II Not dotldBridge accessible pBridgeMIB pBridgeMIBObjects dot1idPriority dotldTrafficClassTable dotldTrafficClassEntry dotldTrafficClassPriority Value Range Default Value Integer 0 7 MIB I1 Read write Integer 0 7 page 3 80 dotidBridge pBridgeMIB pBridgeMIBObjects dotidPriority dotldTrafficClassTable dotldTrafficClassEntry
229. icast service Spanning Tree Algorithm handling data based on specific class of service requirements and displaying the address table or setting static addresses VLAN Configuration In conventional networks with routers broadcast traffic is split up into separate domains Switches do not inherently support broadcast domains This can lead to broadcast storms in large networks that handle traffic such as IPX or NetBEUI By using IEEE 802 1Q compliant VLANs you can organize any group of network nodes into separate broadcast domains thus confining broadcast traffic to the originating group This also provides a more secure and efficient network environment An IEEE 802 1Q VLAN is a group of ports that can be located anywhere in the network but communicate as though they belong to the same physical segment VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical connections VLANs can be organized to reflect departmental groups such as Marketing or R amp D usage groups such as e mail or multicast groups used for multimedia applications such as videoconferencing VLANs provide greater network efficiency by reducing broadcast traffic and enable you to make network changes without having physically change network connections VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN Th
230. idge Shows the IGMP snooping MAC multicast list PE 4 143 multicast IGMP Querier Commands ip igmp snooping Allows this device to act as the querier for IGMP GC 4 144 querier snooping ip gmp snooping Configures the query count GC 4 144 query count 4 138 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 14 1 TABLE 4 19 IGMP Snooping Commands Continued Command Function ip igmp snooping Configures the query interval query interval ip igmp snooping Configures the report delay query max response time ip igmp snooping Configures the query timeout router port expire time show ip igmp Shows the IGMP snooping configuration snooping Multicast Router Commands ip igmp snooping Adds a multicast router port vlan mrouter show ip igmp Shows multicast router ports snooping mrouter ip igmp snooping Mode Page GC 4 145 GC 4 146 GC 4 147 PE 4 142 GC 4 148 PE 4 149 Use this command to enable IGMP snooping on this switch Use the no form to disable it Syntax ip igmp snooping no ip igmp snooping Default Setting Disabled Command Mode Global Configuration Chapter 4 Command Line Reference 4 139 Example The following example enables IGMP snooping Console config ip igmp snooping Console config 4 3 14 2 ip igmp snooping vlan static Use this command to add a port to a multicast group Use the no form to remove the port Syntax ip igmp snooping vlan v
231. ier is supplied by the System Controller in the SSC whenever the System Controller resets the switch Therefore do not change this value from the switch command line interface For information about the DHCP client identifier for the switch and the other components of the system chassis refer to the Sun Fire 1600 Blade System Chassis Software Setup Guide Command Mode Interface Configuration VLAN Command Usage This command is used to include a client identifier in all communications with the DHCP server The data type used will depend on the requirements of your DHCP server a The client identifier specified in this command is overwritten by the System Controller the next time the System Controller is rebooted Example Console config interface vlan 2 Console config if ip dhep client identifier hex 00 00 e8 66 65 72 Console config if Related Commands ip dhcp restart 4 71 Chapter 4 Command Line Reference 4 73 4 3 7 4 ip default gateway Use this command to a establish a static route between the switch and management stations that exist on another network segment Use the no form to remove the static route Syntax ip default gateway gateway no ip default gateway gateway The IP address of the default gateway Default Setting No static route is established Command Mode Global Configuration Command Usage A gateway must be defined if the management station is located in a different IP s
232. ifying Trap Management Stations This example adds a trap manager and enables link up down and authentication traps Console config snmp server host 10 1 0 19 private version 1 Console config snmp server enable traps link up down Console config snmp server enable traps authentication Chapter 3 General Management of the Switch 3 37 3 38 MIB Variables Associated With Trap Management TABLE 3 10 MIB Variables Associated With Trap Management Field Name Trap Destination Address Trap Destination Community Trap Destination Version Trap Destination Status Enable Link up down Traps MIB Variable sun trapDestMgt trapDestTable trapDestEntry trapDestAddress sun trapDestMgt trapDestTable trapDestEntry trapDestCommunity sun trapDestMgt trapDestTable trapDestEntry trapDestStatus sun trapDestMgt trapDestTable trapDestEntry trapDestStatus MIB II ifMIB ifMIBObjects ifXTable ifXEntry ifLinkUpDownTrapEna ble Access No access Read create Read create Read create Read write Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Default Value Range Value IP address String size 0 127 version 1 1 version 2 2 valid 1 invalid 2 enabled 1 enabled disabled 2 D 3 3 1 Configuring Global Network Protocols This section describes how to configure global switch settings for virtual LANs mult
233. imes between 1 and 30 the switch tries to authenticate logon access through the authentication server The default is 2 7 Applies only to RADIUS server authentication Chapter 3 General Management of the Switch 3 29 a Timeout for reply Number of seconds between 1 and 65 535 the switch waits for a reply before resending a request The default is 5 m Local Access Authentication User Account The name between 1 and 8 characters of the user The maximum number of users is 5 Access Level The user level Specify Normal or Privileged Password The user password A plain text string of between 1 and 8 characters that is case sensitive 3 2 6 1 Web Interface Configuring User Authentication 1 Open the Switch Config gt Security window 2 Specify the authentication sequence by selecting local or remote methods for each of the three preferences 3 Type parameter values for the specified authentication methods 4 Click Save 8 Applies only to RADIUS server authentication 3 30 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Switch Contig d T f I Security Communication VLANs Broadcast amp Multicast Spanning Tree Class of Service Address E Authentication Mechanisms W Require User Authentication First preference Second preference RADIUS Third preference Local Authentication Server Settings RADIUS Setting Serv
234. ing system logs B 4 U upgrading software 3 21 4 20 up link ports 1 3 user names setting 3 28 4 45 V VLAN 3 39 3 114 4 120 configuring 3 39 4 120 description 3 39 forbidden 3 115 4 129 member ports 3 115 4 127 tagged 3 115 4 127 untagged 3 115 4 127 W Web interface 3 2 access requirements 3 2 configuration buttons 3 4 home page 3 3 menu list 3 5 panel display 3 4 Index 3 Index 4 Sun Fire B1600 Blade System Chassis Switch Administration Guide January 2003
235. ion 100half Forces 100 Mbit sec half duplex operation m 10fu11 Forces 10 Mbit sec full duplex operation 10half Forces 10 Mbit sec half duplex operation Default Setting a Auto negotiation is enabled by default a When auto negotiation is disabled the default speed duplex setting is 100fu11 for Fast Ethernet ports and 1000fu11 for Gigabit Ethernet ports Note When auto negotiation is disabled you can only set the up link ports to 10 Mbit sec or 100 Mbit sec To force a port to operate at 1 Gbit sec full duplex enable auto negotiation and set the port capabilities to 1000fu11 only Chapter 4 Command Line Reference 4 85 Command Mode Interface Configuration Ethernet Port Channel Command Usage To force operation to the speed and duplex mode specified ina speed duplex command use the no negotiation command to disable auto negotiation on the selected interface However note that auto negotiation cannot be disabled on the down link ports These ports are fixed at 1000 Mbit sec full duplex m When using the negotiation command to enable auto negotiation the optimal settings will be determined by the capabilities command To set the speed or duplex mode under auto negotiation the required mode must be specified in the capabilities list for an interface Example The following example configures port NETP5 to 100 Mbit sec half duplex operation Console config interface ethernet NETP5 Console
236. is recommended to define this string in the SNMP Protocol table as well m Version The SNMP version 1 or version 2c that the host is running m Generate SNMP notification for a Port link up and down events Whenever a port link is established or broken a Authentication traps Whenever an invalid community string is submitted during the SNMP access authentication process Web Interface Specifying Trap Management Stations 1 Open the Switch Setup Communications window 2 Type the IP address and community string for each Trap Manager to receive messages 3 Click Add 4 Select Port link up and link down events or Authentication traps if required 5 Click Save 3 36 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Switch Contig Security Communication VLANs Broadcast amp Multicast Spanning Tree Class of Service Addre i Specify TrapManagers IF Address Community Version 192 168 2 6 private 1 192 168 2 7 private 1 IF Address String Version Specify Trap Types To disable the switch from sending link up link down or authentication traps you should uncheck these check boxes and press the save button to store the changes on the switch Generate SNMP notification for W link up and down events i Authentication traps 4 FIGURE 3 15 The Switch Config Communication Window Listing the Stations That Receive Traps From the Switch Command line Interface Spec
237. is switch supports the following VLAN features m Up to 255 VLANs based on the IEEE 802 10 standard m Distributed VLAN learning across multiple switches using explicit or implicit tagging m Port overlapping allowing a port to participate in multiple VLANs m End stations can belong to multiple VLANs m Passing traffic between VLAN aware and VLAN unaware devices m Priority tagging Before enabling VLANs for the switch you must first assign each port to the VLAN group s in which it will participate By default all ports are assigned to VLAN 1 as untagged ports Add a port as a tagged port if you want it to carry traffic for one or more VLANs and any intermediate network devices or the host at the other end of Chapter 3 General Management of the Switch 3 39 3 40 the connection supports VLANs Then assign ports on the other VLAN aware network devices along the path that will carry this traffic to the same VLAN s either manually or dynamically using GVRP However if you want a port on this switch to participate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then you should add this port to the VLAN as an untagged port Note VLAN tagged frames can pass through VLAN aware or VLAN unaware network interconnection devices but should not be used for any end node host that does not support VLAN tagging Note these points about assigning ports to VLANs
238. itchInfoTable switchInfoEntry swUnitIndex sun switchMgt switchInfoTable switchInfoEntry swLoaderVer sun switchMgt switchInfoTable switchInfoEntry swBootRomVer sun switchMgt switchInfoTable switchInfoEntry Access Read only Read only Read only Not accessible Read only Read only Read only MIB Variables Associated With Software Version Information MIB Versions Associated With Software Version Information Value Range Default Value Display string size 0 80 Display string size 0 20 Integer 25 Integer 1 String size 0 20 String size 0 20 String size 0 20 swOpCodeVer 3 20 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 2 4 3 2 4 1 Managing Firmware You can upload and download firmware to and from a TFTP server By saving runtime code to a file on a TFTP server that file can later be downloaded to the switch to restore operation You can also set the switch to use new firmware without overwriting the previous version When downloading software files note the following points m The destination file name should not contain slashes or m The leading character of the file name should not be a period m The maximum length for file names on the TFTP server is 127 characters m The maximum length for file names on the switch is 32 characters m Valid characters are A Z a z 0 9
239. ith the Connection Status of Ports Default Field Name MIB Variable Access Value Range Value Port Type Sn any Read only _ other 1 portMgt hundredBaseTX 2 portTable hundredBaseFX 3 pOreEntry thousandBaseSX 4 portType thousandBaseLX 5 thousandBaseT 6 thousandBaseMiniGBIC 7 thousandBaseSFP 8 MAC Address MIB II Read only Physical address interfaces LETab Ley LEBEN Ery ifPhysAddress Port sun Index Integer 1 25 portMgt portTable portkEntry Port Name Suns ss Read Display string portMgt write size 0 64 portTable portEntry portName Administrative MIB II Read up 1 up Status interfaces write down 2 ifTable ifEntry testing 3 ifAdminStatus Link Status MIB 1II Read only up 1 interfaces down 2 7 ifTable ifEntry ifOperStatus Operational MIB II Read Only up 1 Status interfaces down 2 ifTable ifEntry testing 3 ifOperStatus unknown 4 dormant 5 notPresent 6 lowerLayerDown 7 3 100 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 TABLE 3 32 MIB Variables Associated With the Connection Status of Ports Continued Field Name Port Speed Duplex Status Port Capabilities Port Flow Control Status LACP Port Status Port Auto negotiation Broadcast Storm Status MIB Variable sun portMgt portTable portEntry portSpeedDpxStatus sun portMgt portTable portEntry portCapabilities sun portMgt portTa
240. k2 docs sun com Sun Fire and Solaris are trademarks or registered trademarks of Sun Microsystems Inc in the U S and in other countries All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International Inc in the U S and in other countries Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems Inc The OPEN LOOK and Sun Graphical User Interface was developed by Sun Microsystems Inc for its users and licensees Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry Sun holds a non exclusive license from Xerox to the Xerox Graphical User Interface which license also covers Sun s licensees who implement OPEN LOOK GUIs and otherwise comply with Sun s written license agreements Use duplication or disclosure by the U S Government is subject to restrictions set forth in the Sun Microsystems Inc license agreements and as provided in DFARS 227 7202 1 a and 227 7202 3 a 1995 DFARS 252 227 7013 c 1 ii Oct 1998 FAR 12 212 a 1995 FAR 52 227 19 or FAR 52 227 14 ALT III as applicable DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS REPRESENTATIONS AND WARRANTIES INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR NON INFRINGEMENT ARE DISCLAIMED EXCEPT TO THE EXTENT THAT SUCH
241. l number of the main board Service Tag Not applicable for this switch Hardware Version The hardware version of the main board Number of Ports The number of ports on the switch Main Power Status The power status for the switch Redundant Power Status Not applicable for this switch Example Console tshow version United Serial number Service tag Hardware version Number of ports Main power status Redundant power status Agent master Unit id Loader version Boot rom version Operation code version Console ROB 25 Up not present 4 3 4 Authentication Commands You can configure the switch to authenticate users logging into the system for management access using local RADIUS or TACACS authentication methods Chapter 4 Command Line Reference 4 45 RADIUS and TACACS are logon authentication protocols that use software running on a central server to control access to RADIUS aware or TACACS aware devices on the network An authentication server contains a database of multiple user name and password pairs with associated privilege levels for each user that requires management access to a switch TABLE 4 9 Authentication Commands Command Function Mode Page Authentication Method authentication Defines logon authentication method and precedence GC 4 46 login RADIUS Client radius server host Specifies the RADIUS server GC 4 48 radius server port Sets the RADIUS server network port
242. lan id static ip address interface no ip igmp snooping vlan vlan id static ip address interface a vlan id VLAN ID Range 1 4094 a ip address IP address for multicast group a interface ethernet port name port name down link SNPO 15 up link NETP0 7 mgt NETMGT port channel channel id Range 1 6 Default Setting None Command Mode Global Configuration 4 140 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 14 3 Example The following shows how to statically configure a multicast group on a port Console config ip igmp snooping vlan 1 static 224 0 0 12 ethernet SNP5 Console config ip igmp snooping version Use this command to configure the IGMP snooping version Use the no form to restore the default Syntax ip igmp snooping version 1 2 no ip igmp snooping version a 1 IGMP Version 1 a 2 IGMP Version 2 Default Setting IGMP Version 2 Command Mode Global Configuration Command Usage All systems on the subnet must support the same version If there are legacy devices in your network that only support Version 1 you will also have to configure this switch to use Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Chapter 4 Command Line Reference 4 141 Example The following configures the switch to use IGMP Version 1 Console config ip igmp snooping version 1 Console
243. lasses Egress Queues Traffic Bitte eee ee weight 16 Class Traffic Class 1 weight 64 Queue Traffic Class 2 weight 128 Traffic Class 3 weight 240 WRR qj Weights p 1 255 FIGURE 3 27 The Switch Config Class of Service Window for Setting Service Weights for Traffic Queues 14 CLI shows Queue ID 3 84 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 3 9 4 Command line Interface Setting the Service Weight for Traffic Classes The following example shows how to assign WRR weights of 1 4 16 and 64 to the COS priority queues 0 1 2 and 3 Console config queue bandwidth 1 4 16 64 Console config exit Console tshow queue bandwidth Queue ID Weight Console MIB Variables Setting the Service Weight for Traffic Classes TABLE 3 25 Setting the Service Weight for Traffic Classes Field Name MIB Variable Access Value Range Default Value WRR Traffic Silat Index Integer 0 7 Class Queue ID priorityMgt prioWrrTable prioWrrEntry prioWrrTrafficClass WRR Weight Sunes Read write Integer 1 255 For queue 0 16 priorityMgt For queue 1 64 prioWrrTable For queue 2 128 prioWrrEntry For queue 3 240 prioWrrWeight Mapping Layer 3 4 Priorities to COS Values The switch supports several common methods of prioritizing layer 3 4 traffic to meet application requirements Traffic priorities can be specified in the IP header of a frame using the priority bits in t
244. ldStaticAddres S MIB I II Read write dotidBridge dot lastatic dotldStaticTable dotldStaticEntry dotidStaticStatus Default Value Range Value Integer MAC address other 1 invalid 2 permanent 3 deleteOnReset 4 deleteOnTimeout 5 permanent Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 4 6 3 4 6 1 Managing Interfaces for Spanning Tree Algorithm You can configure RSTP attributes for specific interfaces including port priority path cost link type and edge port You can use a different priority or path cost for ports of same media type to indicate the preferred path link type to indicate a point to point connection or shared media connection and edge port to indicate if the connected device can support fast forwarding Displaying the Current Interface Settings for STA When viewing STA interface settings through the web interface or CLI the following parameters are displayed Port The interface ports only no aggregated links or members of aggregated links Up link ports NETPO to NETP7 or down link ports SNPO to SNP15 STA Status The current state of the port within the Spanning Tree Discarding The port receives STA configuration messages but does not forward packets Learning The port has transmitted configuration messages for an interval set by the Forward Delay parameter without receiving contradictory information The port
245. le config map ip dscp Console config Chapter 4 Command Line Reference 4 159 4 3 15 9 map ip dscp Interface Configuration Use this command to set IP DSCP priority Differentiated Services Code Point priority Use the no form to restore the default table Syntax map ip dscp dscp value cos cos value no map ip dscp a dscp value 8 bit DSCP value Range 0 255 a cos value Class of Service value Range 0 7 Default Setting The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to COS value 0 TABLE 4 22 Default DSCP to COS Mapping IP DSCP Value COS Value 0 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 48 N DB a A WO N e O 46 56 Command Mode Interface Configuration Ethernet Port Channel Command Usage m The precedence for priority mapping is IP Precedence or IP DSCP and default switchport priority 4 160 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802 1p standard and then mapped to the queue defaults Mapping specific values for DSCP is implemented as an interface configuration command but any changes apply to all interfaces on the switch Example The following example shows how to map IP DSCP value 1 to COS value 0 Console config interfac
246. lete replacement for STP but can still interoperate with switches running the older standard by automatically reconfiguring ports to STP compliant mode if they detect STP protocol messages from connected devices m Virtual LANs The switch supports up to 256 VLANs A virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical locations or connection points in the network The switch supports tagged VLANs based on the IEEE 802 10 standard Members of VLAN groups 1 6 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 can be dynamically learned through GVRP or ports can be manually assigned to a specific set of VLANs This allows the switch to restrict traffic to the VLAN groups to which a user has been assigned By segmenting your network into VLANs you can Eliminate broadcast storms which severely degrade performance in a flat network a Simplify network management for node changes and moves by remotely configuring VLAN membership for any port rather than having to manually change the network connection Provide data security by restricting all traffic to the originating VLAN except where a connection has been configured between separate VLANs using a router or Layer 3 switch Port Mirroring The switch can unobtrusively mirror traffic from any port to a monitor port You can then connect a protocol analyzer or RMON probe to this port to perfo
247. log messages saved to switch memory based on severity Note that the messages saved include the selected level down to level 0 The defaults are level 3 to 0 for Flash memory and level 7 to 0 for RAM TABLE 3 47 Error Levels Level Argument Level debugging 7 informational 6 notifications 5 warnings 4 errors 3 critical 2 alerts ii emergencies 0 Description Debugging messages Informational messages only that is all traps Normal but significant condition such as cold start Warning conditions for example return false unexpected return Error conditions for example invalid input default used Critical conditions for example memory allocation or free memory error resource exhausted Immediate action needed System unusable There are no Level 0 or Level 1 error messages for the current firmware release m Log contents The buttons that allow you to list any system and event messages stored in Flash or RAM as well as to clear the log messages in Flash memory non volatile memory retained after system reboot or RAM random access memory lost after system reboot Web Interface Configuring Message Logs Open Monitoring gt Logs Select Enable logging Click Flash or RAM Click Save Changes Select the message level to log includes selected level down to level 0 Click View Flash or View RAM to update the displayed messages Chapter 3 General Management of the Switch 3 157 T i
248. lticast Spanning Tree Class of Service Addres r I view Multicast Services gt Contiguring Multicast Services To find all the switch ports which propagate a specific multicast address please select the VLAN select an IP address for a multicast service The list of ports will appear in the list to your right All Known ports and muticast Services supported on LAN gt Ports Creation Type VLAN ji Defaultylan IP Address 224 0 1 3 gt m Unti WETPO User o manually assign a multicast service on the selected VLAH to a specific port type the IP address for the multicast service in the text box select the port from the list of switch ports to your left and press the add button The port will then sppear in the list of multicast services fupperted by that VLAN te your nght Ports and multicast services statically configured on VLAN Available Ports Current Static Ports IP Addresses IP Address o 0 0 0 Add VLAN 1 224 0 1 3 Unit 1 NETPO FIGURE 3 21 The Switch Config Broadcast amp Multicast Window Multicast Services selected Note If you receive an error message saying that the data you have entered is invalid check that you have specified each of the IP addresses correctly Chapter 3 General Management of the Switch 3 65 3 66 Command line Interface Configuring Multicast Services The following example assigns a multicast address to port NETPO and then displays all the known
249. lticast Services supported on VLAN a VLAN The VLAN on the switch The pull down menu includes the VLAN ID and name IP Address The IP address for a specific multicast service Interface The interfaces that are connected to multicast routers and whether the assignment was static User or dynamic IGMP m Ports and Multicast Services statically configured on VLAN IP Address The IP address for a specific multicast service a Available Ports The interfaces that have not been assigned to the selected VLAN to support a specific multicast service Current Static Ports IP Addresses The interfaces that have already been assigned to the selected VLAN to propagate a specific multicast service Includes the IP address assigned to the interface Web Interface Configuring Multicast Services Open Switch Config Broadcast amp Multicast gt Multicast Support To display the switch interfaces that propagate a specific multicast service 1 Select the VLAN ID and the IP address for a multicast service from the pull down menus 2 Click Query To manually assign a multicast service to a specific interface 1 Select the VLAN from the pull down menu 3 64 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 2 Type the IP address for the multicast service in the text field 3 Click Add f switch Config f r r I Security Communication VLANs Broadcast amp Mu
250. m Acceptable Frame Types The interface can accept all frame types including tagged or untagged frames or only tagged frames When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Specify all or tagged The default is all m Switch Port Mode The VLAN membership mode for a port The default is Trunk a Trunk The port is an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN Hybrid A hybrid VLAN interface The port can transmit tagged or untagged frames m Ingress Filtering If ingress filtering is enabled incoming frames for VLANs that do not include this ingress port in their member set are discarded at the ingress port The default is disabled Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Ingress filtering only affects tagged frames m If ingress filtering is disabled the interface accepts any VLAN tagged frame if the tag matches a VLAN known on the switch except for those VLANs explicitly forbidden on the port If ingress filtering is enabled the interface discards incoming frames tagged for VLANs that do not include the ingress port in their member set m Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STP However they do affect VLAN dependent BPDU frames such as GMRP a GVRP The configu
251. mand Mode Global Configuration Command Usage a The switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9000 bytes Compared to standard Ethernet frames that run only up to 1 5 KB using jumbo frames significantly reduces the per packet overhead required to process protocol encapsulation fields To use jumbo frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two end nodes must be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames Chapter 4 Command Line Reference 4 33 4 3 3 7 Enabling jumbo frames limits the maximum threshold for broadcast storm control to 64 packets per second See the switchport broadcast command on page 4 91 Example Console config jumbo frame Console config logging on Use this command to control logging of error messages This command sends debug or error messages to switch memory The no form disables the logging process Syntax logging on no logging on Default Setting None Command Mode Global Configuration Command Usage The logging process controls error messages saved to switch memory You can use the Logging history command to control the type of error messages that are
252. mand history buffer Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands 4 16 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Example In this example the show history command lists the contents of the command history buffer Console tshow history Execution command history 2 config 1 show history Configuration command history 4 interface vlan 1 3 exc 2 interface vlan 1 1 end Console The command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode and commands from the Configuration command history buffer when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config Console 2 Console config Console config 4 3 1 5 reload Use this command to restart the system Note When the system is restarted it always runs the Power On Self Test It also retains all configuration information stored in non volatile memory by the copy running config startup config command Default Setting None Chapter 4 Command Line Reference 4 17 4 3 1 6 Command Mode Privileged Exec Command Usage This command resets the entire system Example This example shows how to reset the switch Console reload
253. me admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1 783edd f27q254ca Chapter 4 Command Line Reference 4 41 vlan database vlan 1 name DefaultVlan media ethernet state active vlan 2 name MgtVlan media ethernet state active spanning tree mst configuration l interface ethernet SNPO description Blade Slot 0 flowcontrol switchport allowed vlan add 1 untagged switchport native vlan 1 Sspanning tree edge port spanning tree link type auto interface vlan 2 ip address 0 0 0 0 255 0 0 0 no bridge ext gvrp l l authentication login local tacacs server host 0 0 0 0 tacacs server port 0 l line console line vty l Console Related Commands show startup config 438 4 3 3 13 show system Use this command to display system information 4 42 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Default Setting None Command Mode Normal Exec Privileged Exec Command Usage For a description of the items shown by this command refer to Displaying System Information on page 3 8 m The POST results should all display PASS If any POST test indicates FAIL contact your distributor for assistance Example Console show system System description Sun Fire B1600 System OID string 1 3 6 1 4 1 42 2 24 1 System information System U
254. mum Current 5 2 A Power Consumption 62 Watts maximum Heat Dissipation 211 BTU hr maximum C 5 Environmental TABLE C 5 Environmental Specifications Item Specifications Temperature e Operating 5 to 45 C 41 to 113 F e Storage 40 to 70 C 40 to 158 F Humidity Operating 10 to 90 non condensing C 6 Standards TABLE C 6 Supported Standards Standard Description IEEE 802 3 Ethernet IEEE 802 3u Fast Ethernet IEEE 802 3ab Gigabit Ethernet TEEE 802 1D Spanning Tree Protocol and traffic priorities IEEE 802 1w Rapid Reconfiguration STP IEEE 802 1p Priority tags IEEE 802 10 VLANs IEEE 802 3ac VLAN tagging C 4 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 TABLE C 6 Supported Standards Continued Standard IEEE 802 3x IEEE 802 3ad RFC 1215 1907 RFC 2819 RFC 2863 RFC 1493 RFC 1643 2665 RFC 826 RFC 1112 RFC 792 Description full duplex flow control ISO IEC 8802 3 Link Aggregation Control Protocol SNMP RMON groups 1 2 3 9 MIB I Bridge MIB Etherlike MIB ARP IGMP ICMP Appendix C Specifications C 5 C 6 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Glossary 10BASE T 100BASE TX 1000BASE T 1000BASE X Bandwidth Bandwidth Utilization BOOTP Auto negotiation Collision Collision Domain CSMA CD IEEE 802 3 specification for 10 Mbit sec Ethernet over two pairs of Category 3 4 or 5 UTP cable
255. n to prevent this interface from being added through GVRP To remove an interface from a VLAN Select an entry from the Membership Ports list Click Remove Chapter 3 General Management of the Switch 3 51 Switch Contig Security Communication VLANs Broadcast amp Multicast Spanning Tree Class of Service Address 4 Ports can be assigned to multiple tagged or untagged VLANs To add a port as a tagged port i e attached to a VLAN aware device select the from the list of available ports and press the add tagged button If a port is connected to a device that does not support VLANs but you wish it participate in one or more VLANs then press the add untagged button A port may be also be set up to specifically forbid particular VLAN traffic through that port YLAM K amp L Up Time at Creation OddOh 31min 39 5 Configure Logical Ports on the Selected VLAN ALL Ports Membership parts NETPO teaged FIGURE 3 18 The Switch Config VLANs Window Command line Interface Adding Ports Manually to a VLAN The following example adds two ports to VLAN 3 named R amp D forbids server blade port SNP13 from joining the VLAN dynamically using GVRP and finally displays the VLAN s membership config interface ethernet NETP1 config if switchport allowed vlan add 3 tagged config if exit config interface ethernet NETP2 config if switchport allowed vlan add 3 untagged config if texit Cons
256. n Fire B1600 Blade System Chassis Switch Administration Guide part number 816 3365 01 xxii Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 CHAPTER 1 Introduction The Sun Fire B1600 blade system chassis includes two Switch and System Controller SSC modules The SSC includes a high performance Gigabit Ethernet switch The 16 internal full duplex Gigabit ports on this switch provide high capacity connectivity within the chassis while the eight external full duplex Gigabit ports connect to the wider network This chapter contains the following sections m Section 1 1 Overview on page 1 2 m Section 1 2 Description of Hardware on page 1 3 m Section 1 3 Features of the Switch on page 1 6 m Section 1 4 Switch Default Settings on page 1 9 1 1 1 1 Overview The switches provide Gigabit Ethernet connectivity for the Sun Fire B1600 blade system chassis If a fault develops in one switch operation continues without interruption on the second All components in the chassis blades SSCs and power supply units PSUs plug into a common midplane which provides all interconnection between the components Each of the 16 server blades is connected to a single port on each switch by a Gigabit Ethernet link that provides the blade s principal means of I O The switch within each SSC provides the Gigabit Ethernet fabric that connects all the blades together in addition to eight ex
257. nce 4 107 The minimum value is the higher of 4 or max age 2 1 Default Setting 15 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds the root device will wait before changing states that is discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops might result Example Console config spanning tree forward time 20 Console config 4 3 11 4 spanning tree hello time Use this command to configure the spanning tree bridge hello time globally for this switch Use the no form to restore the default Syntax Spanning tree hello time time no spanning tree hello time time Time in seconds Range 1 10 seconds The maximum value is the lower of 10 or max age 2 1 4 108 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Default Setting 2 seconds Command Mode Global Configuration Command Usage This command sets the time interval in seconds at which the root device transmits a configuration message Example Console config spanning tree hello time 5 Console config 4 3 11 5 spanning tree max age Use this command to configure the spanning
258. nd password from a recognised certification authority Default Setting None Command Mode Privileged Exec Command Usage The system prompts for data required to complete the copy command The destination configuration file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length for file names on the TFTP server is 127 characters or 32 characters for files on the switch Valid characters A Z a z 0 9 _ Due to the size limit of the flash memory the switch supports only two operation code files The maximum number of user defined configuration files depends on available memory You can use Factory_Default_Config cfg as the source to copy from the factory default configuration file but you cannot use it as the destination To replace the startup configuration you can use startup config as the destination The Boot ROM and Loader code cannot be uploaded or downloaded from the TFTP server Changing the Boot ROM or Loader code requires a Sun Service Engineer Chapter 4 Command Line Reference 4 21 Example The following example shows how to upload the configuration settings to a file on the TFTP server Consoletcopy file tftp Choose file type t config 2 opcodes lt l 2 gt T Source file name startup TFTP server ip address 10 1 0 99 Destination file name startup 01 TFTP completed Success Console The
259. nfig ip igmp snooping router port expire time 500 Console config Related Commands ip igmp snooping version 4 141 ip igmp snooping vlan mrouter Use this command to statically configure a multicast router port Use the no form to remove the configuration Syntax ip igmp snooping vlan vlan id mrouter interface no ip igmp snooping vlan vlan id mrouter interface a vlan id VLAN ID Range 1 4094 a interface ethernet port name port name down link SNPO 15 up link NETPO 7 mgt NETMGT port channel channel id Range 1 6 4 148 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 43 14 12 Default Setting No static multicast router ports are configured Command Mode Global Configuration Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your switch you can manually configure that interface to join all the current multicast groups Example The following shows how to configure port 11 as a multicast router port within VLAN 1 Console config ip igmp snooping vlan 1 mrouter ethernet NETPO Console config show ip igmp snooping mrouter Use this command to display information on statically configured and dynamically learned multicast router ports Syntax show ip igmp snooping mr
260. ng a Port s STA Settings Default Field Name MIB Variable Access Value Range Value STA Port sun mstMgt Read write Integer 0 240 128 Priority mstInstancePortTable mstinstancePortEntry mstinstancePortPriority STA Port Path sun mstMgt Read write Integer page Cost mstInstancePortTable long 3 129 mstIinstancePortEntry 1 200 000 000 mstIinstancePortPathCost short 1 65 535 STA Port sun staMgt Read write forceTrue 0 auto Admin Link staPortTable forceFalse 1 Type staPortEntry auto 2 staPortAdmin PointToPoint STA Port sun staMgt Read write true 1 false Admin Edge staPortTable false 2 Port staPortEntry staPortAdminEdgePort 3 4 6 3 Checking the STA Protocol Status for Interfaces If at any time the switch detects STP BPDUs including Configuration or Topology Change Notification BPDUs it automatically sets the selected interface to forced STP compatible mode However you can also use the Protocol Migration button to manually re check the appropriate BPDU format RSTP or STP compatible to send on the selected interfaces Web Interface Checking the STA Protocol Status for Interfaces 1 Open Up Links Down Links gt Spanning Tree gt Spanning Tree Protocol 2 Select the required interfaces 3 Click Protocol Migration 3 132 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 i f Up Links r r T q Status Link Aggregation YLANs Address Filtering Spanning Tree
261. nloading 1 tftpMgt downloadToPROM 2 tf tpAction downloadToRAM 3 upload 4 Chapter 3 General Management of the Switch 3 27 3 2 6 TABLE 3 8 MIB Variables Associated With Downloading Configuration Settings Field Name MIB Variable Access Value Range TFTP Status Suits 2 Read write tftpSuccess 1 tftpMgt tftpStatusUnknown 2 tftpStatus tfttpGeneralError 3 tftp NoResponseFromServer 4 tftp DownloadChecksumError 5 tftp DownloadIncompatibleImage 6 tftp TftpFileNotFound 7 tftp Tftp Access Violation 8 Restart Suns Read write Display string size 0 127 Configuration restartMgt File restartConfigFile Restart Action sun Read write running 1 restart Mgt warmBoot 2 restartControl coldBoot 3 Configuring User Authentication Use the Security menu to restrict management access based on specified user names and passwords You can manually configure access rights on the switch or you can use a remote access authentication server based on RADIUS or TACACS protocols There are two access types Normal and Privileged Normal level only provides access to a limited number of commands while Privileged level provides access to all commands The default administrator account has write access for all of the parameters governing the switch You should therefore assign a password as soon as possible and store it in a safe place Note The default administrator user name is admin with the
262. nmp server enable traps type where type is either authentication or link up down Press Enter Console config snmp server host 10 1 0 9 sun Console config snmp server enable traps link up down Console config 2 4 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 Save the configuration settings by following the instructions in the Sun Fire B1600 Blade System Chassis Software Setup Guide Chapter 2 Initial Configuration 2 5 2 6 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 CHAPTER 3 General Management of the Switch This chapter describes how to perform basic configuration tasks and includes the following sections Section 3 1 Using the Web Interface on page 3 2 Section 3 2 Basic Configuration on page 3 8 Section 3 3 Configuring Global Network Protocols on page 3 39 Section 3 4 Port Configuration on page 3 96 Section 3 5 Monitoring Port and Management Traffic on page 3 139 3 1 3 1 Using the Web Interface The Sun Fire B1600 blade system chassis switch provides an embedded HTTP web agent Using a web browser you can configure the switch and view statistics to monitor network activity The web agent can be accessed by any computer on the network using a standard web browser Internet Explorer 5 0 or above or Netscape Navigator 6 2 or above Note You can also use the command line interface CLI to manage the swit
263. not already configured as part of a static link If ports on another device are also configured as LACP the switch and the other device will negotiate an aggregated link between them If an LACP link consists of more than four ports all other ports will be placed in a standby mode If one link in the aggregated link fails one of the standby ports will automatically be activated to replace it Besides balancing the load across each port in the aggregated link the additional ports provide redundancy by taking over the load if a port in the aggregated link fails However before making any physical connections between devices use the web interface or CLI to specify the aggregated link on the devices at both ends When using aggregated links take note of the following points m Finish configuring aggregated links before you connect the corresponding network cables between switches to avoid creating a loop m You can create up to six aggregated links on the switch with up to four ports per aggregated link m The ports at both ends of a connection must be configured as aggregated links in some device interfaces the word trunk might be used to refer to an aggregated link m The ports at both ends of an aggregated link must be configured in an identical manner including communication mode speed duplex mode and flow control VLAN assignments and COS settings m If the target switch has also enabled LACP on the connected ports t
264. nother network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an isolated network then you can use any IP address that comforms with your site s network policy After you configure the switch with an IP address you can open a Telnet session by performing these steps 1 From the remote host enter the Telnet command and the IP address of the device you want to access 2 At the prompt type the user name and system password The CLI displays the Vty 0 prompt for the administrator to show that you are using privileged access mode Privileged Exec or Vty 0 gt for the guest to show that you are using normal access mode Normal Exec Q Type the necessary commands to complete your desired tasks 4 When finished exit the session with the quit or exit command Chapter 4 Command Line Reference 4 3 4 1 2 ee se After entering the Telnet command the login screen displays Username admin Password CLI session with the Sun Fire B1600 is opened To end the CLI session enter Exit Vty O Note You can open up to four sessions to the switch through Telnet Entering Commands This section describes how to enter CLI commands Keywords and Arguments A CLI command is a series of keywords and arguments Keywords identify a command and arguments specify configuration parameters For example in the command show interfaces status eth
265. ntity for which the error status is bad Value e General errors The total number of SNMP PDUs delivered to the SNMP protocol entity for which the error status is genErr e Response PDUs The total number of SNMP Get Response PDUs which have been generated by the SNMP protocol entity e Trap PDUs The total number of SNMP Trap PDUs which have been generated by the SNMP protocol entity 3 5 3 1 Web Interface Viewing SNMP Statistics Open Monitoring gt SNMP Statistics You can also use the Refresh button at the bottom of the page to update the screen Chapter 3 General Management of the Switch 3 153 3 154 Switch Status Switch Config Up Links Down Links Management Ports Port Mirroring Port Statistics SNMP Statistics Logs Sun Fire B1600 gt Monitoring gt SNMP Statistics SNMP packets input SNMP packets input Bad SNMP version errors Unknown community name Illegal operation for community name supplied Encoding errors Number of requested vanables Number of altered variables Get request PDUs Get next PDUs Set request PDUs SNMP packets output SNMP packets outptut 18 Too big errors No such name errors E Bad values errors E General errors 0 E Response PDUs Trap PDUs oo oO oO a a a aoa ad A FIGURE 3 47 The Monitoring SNMP Statistics Window Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Monitoring DIA Command line Interfac
266. o recommendations in the IEEE 802 1p standard as shown in the following table TABLE 4 21 IEEE 802 1p Default Priority Recommendations Priority Command Mode Interface Configuration Ethernet Port Channel Command Usage COS assigned at the ingress port is used to select a COS priority at the egress port 4 154 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 15 4 Example The following example shows how to map COS values 0 1 and 2 to COS priority queue 0 value 3 to COS priority queue 1 values 4 and 5 to COS priority queue 2 and values 6 and 7 to COS priority queue 3 Console config interface ethernet Console config if queue cos map 0 Console config if queue cos map 1 Console config if queue cos map 2 Console config if queue cos map 3 Console config if Related Commands show queue cos map 4 156 show queue bandwidth Use this command to display the weighted round robin WRR bandwidth allocation for the four class of service COS priority queues Default Setting None Command Mode Privileged Exec Chapter 4 Command Line Reference 4 155 Example Console tshow queue bandwidth Queue ID Weight Console 4 3 15 5 show queue cos map Use this command to show the class of service priority map Syntax show queue cos map interface interface a ethernet port name port name down link SNPO 15 up link NETPO 7 mgt NETMGT
267. ole config MIB Variables Associated With Aging Time TABLE 3 31 MIB Variables Associated With Aging Time Field Name MIB Variable Access Value Range Default Value Aging Time MIB ITI Read write Integer 18 2184 300 dotldBridge dot1dTp seconds seconds dotldTpAgingTime Chapter 3 General Management of the Switch 93 95 3 4 3 4 1 Port Configuration This section includes configuration menus for the down link ports up link ports and management port Most of these menus apply to all port types However the management port only supports a few basic menus and Packet Filtering page 3 134 is only provided for the management port Note The port designations used in the following menus include NETPO to NETP7 for up link ports SNPO to SNP15 for down link ports and NETMGT for the management port Displaying Connection Status You can use the port Status page to display the current connection status including link state speed duplex mode flow control auto negotiation and broadcast storm control When viewing the status of port connections through the web interface or CLI the following parameters are displayed m Port Type The port type LOOOBASE SX 1000BASE T or 10 100BASE TX m Port The port or aggregated link Up link ports NETPO to NETP7 down link ports SNPO to SNP15 or the management port NETMGT m Description The interface label m Admin Status The configured state of the interface a W
268. ole config interface ethernet SNP13 Console config if switchport forbidden vlan add 3 Console config if end Console tshow vlan id 3 VLAN Type Status Ports Channel groups Console Console Console Console Console Console ee ee ee M M M 3 Static R amp D Active NETP1 NETP2 Console 3 52 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 MIB Variables Associated With Adding Ports to a VLAN TABLE 3 14 MIB Variables Associated With Adding Ports to a VLAN Field Name VLAN ID VLAN Name Up Time at Creation VLAN Status Tagged Ports Untagged Ports Allowed VLAN MIB Variable MIB II dot1idBridge qBridgeMIB qBridgeMIBObjects dotigVlan dotigqVlanStaticTable dotliqVlanStaticEntry dotigVlanIndex MIB II dotidBridge QqBridgeMIB gqBridgeMIBObjects dotigVlan dotigqVlanStaticTable dotliqVlanStaticEntry dotligVlanStaticName MIB II dot1idBridge qBridgeMIB qBridgeMIBObjects dotigVlan dotigVlanCurrentTable dotliqVlanCurrentEntry dotigqVlanCreationTime MIB II dotlidBridge QqBridgeMIB qBridgeMIBObjects dotigVlan dotigVlanCurrentTable dot1l1qVlanCurrentEntry dotigVlanStatus MIB II dotidBridge QqBridgeMIB qBridgeMIBObjects dotigVlan dotigqVlanTable dotigqVlanEntry dotligqVlanStatic UntaggedPorts Access Index Read create Read only Read only Read create Value Range Default Value Row Octet string
269. om the filter table Chapter 4 Command Line Reference 4 77 Syntax ip filter rule number action protocol source source bitmask destination destination bitmask fragments log The port number is not checked The fragments option is allowed ip filter rule number action protocol source source bitmask source port range destination destination bitmask destination port range 10g The port number is checked that is if either source port range or destination port range is specified the fragments option is not allowed ip filter rule number action tcp source source bitmask source port range destination destination bitmask destination port range code code code bitmask code keyword seq Log Checks for tcp keyword If found the code option is allowed no ip filter all rule number Deletes the specified rule number from the filter table a rule number Inserts a filter rule at the specified position in the table pushing any existing patterns at or below that location down in the table A rule number cannot exceed the next available number in the table If the rule number is not specified a new pattern is appended to the end of the rule table The maximum number of rules is 128 a action deny permit Blocks or allows packets moving between the down link ports and the management port NETMGT protocol any tcp udp number Indicates any protocol TCP UDP or a specific
270. ommand Line Reference 4 143 4 3 14 6 ip igmp snooping querier Use this command to enable the switch as an IGMP snooping querier Use the no form to disable it Syntax ip igmp snooping querier no ip igmp snooping querier Default Setting Disabled Command Mode Global Configuration Command Usage If enabled the switch will serve as querier if elected The querier is responsible for asking hosts if they want to receive multicast traffic Example Console config ip igmp snooping querier Console config 4 3 14 7 ip igmp snooping query count Use this command to configure the query count Use the no form to restore the default Syntax ip igmp snooping query count count no ip igmp snooping query count 4 144 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 count The maximum number of queries issued for which there has been no response before the querier takes action to drop a client from the multicast group Range 2 10 Default Setting 2 times Command Mode Global Configuration Command Usage The query count defines how long the querier waits for a response from a multicast client before taking action If a querier has sent a number of queries defined by this command but a client has not responded a countdown timer is started using the time defined by ip igmp snooping query max response time If the countdown finishes and the client still has not responded then that
271. or security reasons consider removing the default strings When configuring SNMP community strings using the web interface or CLI the following parameters can be configured Community A password between 1 and 32 characters which is case sensitive that permits access to the SNMP protocol The default community strings are public read only access and private read write access m Access Level a Read Only Read only access Authorized management stations are able to only retrieve MIB objects Read Write Read write access Authorized management stations are able to both retrieve and modify MIB objects Web Interface Adding and Removing Community Strings 1 Open the Switch Config Communication window 2 Type the new community string in the String text field 3 Select the access rights from the Access Level pull down menu 4 Click Add 3 34 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Switch Contig Security Communication VLANs Broadcast amp Multicast Spanning Tree Class of Service Addre q F Sun Fire B1600 gt Switch Config gt Communication Confiqure the Access to the SNMP Protocol Uze the ligt boxes to get up to five community strings authorized for management access and up to five management stations that will receive trap messages from the switch Note these changes will take effect immediately Community Access Level private Read Wri
272. ord Flags C Bit Flags amp Mask fin syn rst psh ack urg Sode o 63 Bitmask 0 63 OO O OO OO CD Address Mask Port Range Source 0 Po cr Hy Destination 0 Po i l Fragment T Log 4 FIGURE 3 43 The Management Ports gt Packet Filtering Window Chapter 3 General Management of the Switch 3 135 3 4 7 2 Command line Interface Filtering Traffic to the Management Port The following example allows all packets to pass through the filter by permitting any protocol type and using a null address and network mask for both the source address and destination address For a full list of examples refer to Section 4 3 7 8 ip filter on page 4 77 Console config ip filter permit any 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Console config 3 136 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 4 7 3 MIB Variables Associated With Filtering Traffic to the Management Port TABLE 3 41 MIB Variables Associated With Filtering Traffic to the Management Port Field Name Index Action Protocol Source IP Address amp Bitmask Source IP Port Range Destination IP Address amp Bitmask MIB Variable sun securityMgt packetFilterUnitMgt pfuRuleTable pfuRuleEntry pfuRuleIndex sun securityMgt packetFilterUnitMgt pfuRuleTable pfuRuleEntry pfuRuleAction sun securityMgt packetFilterUnitMgt pfuRuleTable pfuRuleEntry pfuRuleProtocol sun securi
273. orm control Configures ports to dynamically join aggregated links using LACP or specifies ports to group into static aggregated links Specifies port attributes including default PVID switchport mode ingress filtering GVRP GARP timers configures static VLAN members Displays or edits static entries in the Address Table enables and disables learning of permanent entries Configures port settings for the global spanning tree Configures STP port level settings for interface s on the global spanning tree Port configuration Displays port connection status Configures port connection settings enables broadcast storm control Configures ports to dynamically join aggregated links using LACP or specifies ports to group into static aggregated links Specifies port attributes including default PVID switchport mode ingress filtering GVRP GARP timers configures static VLAN members 3 6 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 See Page 3 78 3 78 3 85 3 92 3 96 3 96 3 102 3 107 3 114 3 121 3 125 3 125 3 96 3 96 3 102 3 107 3 114 TABLE 3 2 Menu Management Port Monitoring Subordinate Menu Static Addresses Spanning Tree e Spanning Tree Protocol Connection Status VLANs Packet Filtering Port Mirroring Port Statistics SNMP Statistics Logs Summary of Tasks You Can Perform Using the Web Agent Continued Description
274. orts insensitive to changes in the tree structure when reconfiguration occurs Configuring Basic STA Settings Global settings apply to the entire switch Note the following points about basic STA settings m Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits a STP Mode If the switch receives an 802 1D BPDU STP BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs a RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port When configuring basic STA settings through the web interface or CLI the following global parameters can be configured m Enable Spanning Tree The current operational status of STA on the switch m Spanning Tree Protocol The type of spanning tree used on the switch a SIP Spanning Tree Protocol IEEE 802 1D When this option is selected the switch will use RSTP set to STP forced compatibility mode a RSTP Rapid Spanning Tree Protocol IEEE 802 1w 3 70 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 The following global STA paramters are fixed and cannot be changed m Bridge ID The
275. ot Defined Chapter 3 General Management of the Switch 3 159 3 160 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 CHAPTER 4 Command Line Reference This chapter describes how to use the command line interface CLI and includes the following sections m Section 4 1 Using the Command Line Interface on page 4 2 m Section 4 2 Command Groups on page 4 11 m Section 4 3 Detailed Command Description on page 4 13 4 1 4 1 4 1 1 4 1 1 1 Using the Command Line Interface Accessing the CLI When accessing the management interface for the switch over a direct connection to the switch s console port or through a Telnet connection the switch can be managed by entering command keywords and parameters at the prompt Using the switch s command line interface CLI is very similar to entering commands on a UNIX system Console Connection To access the switch through the console port perform these steps At the console prompt type the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CLI displays the Console prompt and enters privileged access mode Privileged Exec But when the guest user name and password is entered the CLI displays the Console gt prompt and enters normal access mode Normal Exec Type the necessary commands to complete
276. oting with a logic analyzer or RMON probe This allows data on the target port to be studied unobstructively RMON provides comprehensive network monitoring capabilities It eliminates the polling required in standard SNMP and can set alarms on a variety of traffic conditions including specific error types An authentication protocol that uses a central server to control access to RADIUS compliant devices on the network A RADIUS server can be programmed with a database of multiple user name password pairs and associated privilege levels for each user or group that requires management access to this switch A connector for twisted pair wiring Sun Fire B1600 Blade System Chassis Switch Administration Guide April 2003 Shielded Twisted Pair STP Cable Simple Network Management Protocol SNMP Spanning Tree Protocol STP Switched Ports Terminal Access Controller Access Control System TACACS Telnet Transmission Control Protocol Internet Protocol TCP IP Trivial File Transfer Protocol TFTP Unshielded Twisted Pair UTP Cable Virtual LAN VLAN XModem Twisted pair wire covered with an external aluminum foil or woven copper shield designed to reduce excessive noise pick up or radiation The application protocol in the Internet suite of protocols which offers network management services A technology that checks your network for any loops A loop can often occur in complicated or backup linked net
277. outer vlan vlan id vlan id VLAN ID Range 1 4094 Default Setting Displays multicast router ports for all configured VLANs Chapter 4 Command Line Reference 4 149 Command Mode Privileged Exec Command Usage Multicast router port types displayed include Static or Dynamic Example The following shows the ports attached to multicast routers Console tshow ip igmp snooping mrouter VLAN M cast Router Ports Type NETP5 Static NETP6 Dynamic Console 4 3 15 Priority Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion This switch supports COS with four priority queues for each port Data packets in a port s high priority queue are transmitted before those in the lower priority queues You can set the default priority for each interface the relative weight of each queue and the mapping of frame priority tags to the switch s priority queues TABLE 4 20 Priority Commands Command Function Mode Page Layer 2 Priority Commands switchport priority Sets a port priority for incoming untagged frames IC 4 151 default queue bandwidth Assigns round robin weights to the priority queues GC 4 152 queue cos map Assigns class of service values to the priority queues IC 4 153 show queue Shows round robin weights assigned to the priority PE 4 155 bandwidth queues show queue cos map Shows the class of service map
278. owcontrol 4 89 4 3 8 5 capabilities Use this command to advertise the port capabilities of a given interface during auto negotiation Use the no form with parameters to remove an advertised capability or the no form without parameters to restore the default values Chapter 4 Command Line Reference 4 87 Syntax capabilities 1000full 100full 100half 10fu11 10hal flowcontrol symmetric no port capabilities 1000full 100full 100half 10ful1 10half flowcontrol symmetric 1000fu11 Supports 1000 Mbit sec full duplex operation 100ful1 Supports 100 Mbit sec full duplex operation 100half Supports 100 Mbit sec half duplex operation 10full Supports 10 Mbit sec full duplex operation 10half Supports 10 Mbit sec half duplex operation flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits and receives pause frames when not specified the port will auto negotiate to determine the sender and receiver for asymmetric pause frames The current switch ASIC only supports symmetric pause frames Default Setting NETMGT 10half 10fu11 100half 100f u11 NETPO0 7 10half 10full 100half 100full 1000full1 Elowcontrol SNPO 15 1000 u11 Command Mode Interface Configuration Ethernet Port Channel Command Usage a SNPO 15 down link port capabilities are fixed at 1000fu11 a NETPO 7 up link port capabilities include 10half 10full 100half 10
279. own link SNPO 15 up link NETPO 7 mgt NETMGT m port channel channel id Range 1 to 6 vlan vlan id Range 1 to 4094 Default Setting None Command Mode Global Configuration Example To specify the first up link port enter the following command Console config interface ethernet NETPO Console config if description Use this command to add a description to an interface Use the no form to remove the description Syntax description string no description string A comment or a description to help you remember what is attached to the interface Range 1 to 64 characters Default Setting NETPO 7 External RJ 45 connector NETO 7 SNPO 15 Blade Slot 0 15 NETMGT External RJ 45 connector NETMGT 4 84 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 8 3 Command Mode Interface Configuration Ethernet Port Channel Example The following example configures a description for down link port SNP5 Console config interface ethernet SNP5 Console config if description RD SW 3 Console config if speed duplex Use this command to configure the speed and duplex mode of a given interface when auto negotiation is disabled Use the no form to restore the default Syntax speed duplex 1000full 100full 100half 10full 10half no speed duplex 1000fu11 Forces 1000 Mbit sec full duplex operation 100ful1l Forces 100 Mbit sec full duplex operat
280. p See Adding Static Members to VLANs on page 3 50 Switch Config Security Communication WLANs Broadcast amp Multicast Spanning Tree Class of Service Address a Port based Static VLANs z ID ame Status Default lan Enabled 2 Mgt lan Enabled WLAN ID Mame Status 3 rep Enabled All Known YLANS The VLANs registered with the switch are shown in this ligt box For each WLAN the list box shows whether the VLAN ig enabled or disabled and how the VLAN was added te the switch static ar dynamically learned ID Nare Status Creation Type Default lan Enabled Permanent 2 MgtVlan Enabled Permanent FIGURE 3 17 The Switch Config VLANs Window With the Default VLAN Configuration Displayed Chapter 3 General Management of the Switch 3 47 Command line Interface VLAN Configuration The following sample commands create a new VLAN and display all VLAN information Console config vlan database Console config vlan vlan 3 name R amp D media ethernet state active Console config vlan Console show vlan VLAN Type Status Ports Channel groups Static DefaultVlan SNP13 NETP2 NETP7 2 Static Active NETMGT 3 Static Active Console 3 48 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 MIB Variables Associated With VLAN Configuration TABLE 3 13 MIB Variables Associated With VLAN Configuration Field Name VLAN ID VLAN Name VLAN Status MIB Variable MIB
281. p time 0 days 0 hours 55 minutes and 54 91 seconds System Name NONE System Location NONE System Contact NONE MAC address 00 00 e8 00 00 01 Web server enable Web server port 80 Web secure server enable Web secure server port 443 POST result Performing Power On Self Tests POST UART Loopback Test Timer Test DRAM Test I2C Initialization Runtime Image Check PCI Device Check Switch Driver Initialization Console Chapter 4 Command Line Reference 4 43 4 3 3 14 show users Shows all active console and Telnet sessions including user name idle time and IP address of Telnet clients Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The session used to execute this command is indicated by a symbol next to the Line session index number Example Console show users Username accounts Username Privilege Online users Username Idle time h m s Remote IP addr console Console 4 3 3 15 show version Use this command to display hardware and software version information for the system 4 44 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Default Setting None Command Mode Normal Exec Privileged Exec Command Usage See Displaying Switch Software Versions on page 3 18 for detailed information about the software items The meaning of hardware items are as follows Serial Number The seria
282. packets in the log buffer The maximum number of entries stored in the log buffer is 64 When the buffer fills it wraps around and overwrites the oldest entries Note that the log is stored in RAM and is lost when the switch is reset Default Setting None Command Mode General Configuration Command Usage m The system default is to stop all IP packets from passing from the down link ports to the management port NETMGT If you need the blades to access the management network through the management port NETMGT you must set a filter to permit specific frames to pass from the down link ports through the management port Note that traffic is never allowed to pass from the up link ports to the management port A fragment is a packet where MF more fragments 1 or Fragment Offset gt 0 If the fragments keyword is absent in a rule then both fragments and non fragmented packets will be checked by the rule a When specifying a code value and mask the logic is that a packet matches if lt value in header gt amp lt mask gt lt value gt amp lt mask gt For example use the code value and mask shown below to catch packets with the following flags Set Chapter 4 Command Line Reference 4 79 SYN flag valid use code 2 2 Both SYN and ACK valid use code 18 18 SYN valid and ACK invalid use code 2 18 Example Address filters This example allows all packets to pass through the filter by permitting any protocol type
283. password admin Note the following points about configuring user authentication a By default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the authentication sequence and the corresponding parameters for each remote authentication protocol specified Remote Authentication Dial in User Service RADIUS and Terminal Access Controller Access Control System Plus TACACS are logon authentication protocols that use software running on a central server to control access to 3 28 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 RADIUS aware or TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to a switch Note When setting up privilege levels on a RADIUS or TACACS server remember that level 0 allows guest Normal Exec access to the switch Only level 15 allows administrator Privileged Exec access m RADIUS uses UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet m RADIUS and TACACS logon authentication controls management ac
284. protocol number 0 to 255 source source bitmask The frame s source address and netmask source port range number start_number end_number TCP UDP source port or port range Range 0 to 65 535 a destination destination bitmask The frame s destination address and netmask a destination port range number start_number end_number TCP UDP destination port or port range Range 0 65535 code code A decimal number representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 code bitmask A decimal number representing a bit mask that is applied to the code Type a decimal number where the equivalent binary bit 1 means to match a bit and 0 means to ignore a bit The following bits may be specified 4 78 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 1 fin Finish 2 syn Synchronize 4 rst Reset 8 psh Push 16 ack Acknowledgement 32 urg Urgent pointer code keyword seq The following code keywords can be specified but must follow the indicated sequence fin syn rst psh ack urg The code keyword must be ON if specified and OFF if not specified a fragments The rule only matches packets with the More Fragments MF bit set or with a fragment offset greater than zero If fragment is not set the rule matches both fragment and non fragment packets a log Logs any matching
285. ption Sun Fire 81600 Serial Number 1 FIGURE 3 3 Switch Setup gt System Identity Window Chapter 3 General Management of the Switch 3 9 oA Command line Interface Displaying and Specifying Identification Details Console config hostname R amp D 5 Console config snmp server location WC 9 Console config snmp server contact Charles Console show system System description Sun Fire B1600 System OTD string 23 641 4 1 6 7 4210695 4 System information System Up time 0 days 0 hours 55 minutes and 54 91 seconds System Name NONE System Location NONE System Contact NONE MAC address 00 00 e8 00 00 01 Web server enable Web server port 80 Web secure server enable Web secure server port 443 POST result Performing Power On Self Tests POST UART Loopback Test Timer Test DRAM Test T20 Initialization Runtime Image Check PCI Device Check Switch Driver Initialization Console FIGURE 3 4 CLI Commands for Specifying Host Name Location and Contact Information 3 10 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 S23 MIB Variables Identification Details TABLE 3 3 SNMP MIB variables Corresponding to the Switch Setup System Identity Window Field Name MIB Variable Access Value Range Default Value System Name MIB II Read write String size 0 255 Host Name system sysName System Location MIB II Read write String size 0 255 system s
286. r Spanning Tree Algorithm on page 3 125 4 118 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Example Console tshow spanning tree Spanning tree information Spanning tree mode Spanning tree enable disable Priority Bridge Hello Time sec Bridge Max Age sec Bridge Forward Delay sec Root Hello Time sec Root Max Age sec Root Forward Delay sec 15 Designated Root 8 0000E8666672 Current root port Current root cost Number of topology changes Last topology changes time Transmission limit Path Cost Mothod Admin status Role designate State forwarding Path cost 10000 Priority Ze Designated cost Designated port Designated root Designated bridge Forward transitions Admin edge port disable Oper edge port disable Admin Link type point to point Oper Link type point to point al 0000E8666672 0O000E8666672 O CO O Console Chapter 4 Command Line Reference 4 119 4 3 12 VLAN Commands A VLAN is a group of ports that can be located anywhere in the network but communicate as though they belong to the same physical segment This section describes commands used to create VLAN groups add port members specify how VLAN tagging is used and enable automatic VLAN registration for the selected interface TABLE 4 17 VLAN Commands Command Function Mode Page Edit VLAN Groups vlan database Enters VLAN database mode to add change and GC 4 121
287. r T r Monitoring Port Mirroring Port Statistics SNMP Statistics Logs Sun Fire B1800 gt Monitoring gt Logs Logging lw Enable logging Lagaing level Flash C 3 Default PAM C 7 f Default Log contents Error Message Level 3 Module 13 functions 0 error nurmber 0 Information PRI_MGR_InitDefault function fails F FIGURE 3 48 The Monitoring Logs Window 3 5 4 2 Command line Interface Configuring Message Logs This example enables logging sets the recorded messages for Flash memory to level 3 that is errors and then shows the log messages stored in Flash Console config logging on Console config logging history flash 3 Console tshow logging flash Syslog logging Enable History logging in FLASH level errors LOT 07035 37171 PRI _ MGR InitDefault function fails level 3 module 13 function 0 and event no 0 Console 3 158 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 5 4 3 MIB Variables Associated With Message Logs TABLE 3 48 MIB Variables Associated With Message Logs Field Name MIB Variable Access Value Range Default Value Log Status S n es Read write enabled 1 sysLogMgt disabled 2 sysLogStatus History Flash Sule Read write Integer 0 7 Level sysLogMgt sysLogStatus sysLog HistoryFlashLevel History RAM Skt Read write Integer 0 7 Level sysLogMgt sysLogStatus sysLog HistoryRAMLevel Log Messages N
288. r each Port Any broadcast packets exceeding the specified threshold vill be drapped Select a broadcast storm threshold level to change the switch global threshold Broadcast Storm Threshold Leval 256 F rate in packets per second FIGURE 3 22 The Switch Config Broadcast amp Multicast Window Broadcast Storms selected ho po Command line Interface Using Broadcast Storm Control The following example shows how to set the broadcast threshold to 64 packets per second 3 68 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Note Note that the switchport broadcast command enables broadcast storm control on the specified interface and sets the broadcast threshold for every interface on the switch Console config interface ethernet NETP7 Console config if switchport broadcast packet rate 64 Console config if end Console show interfaces status ethernet NETP7 Information of NETP7 Basic information Port type 1000T Mac address 00 00 E8 66 66 83 Configuration Name External RJ 45 connector NET7 Port admin Up Speed duplex Auto Capabilitiri s 10balf LO0tuli L00hatE LOUfuLL L000TuLE Broadcast storm Enabled Broadcast storm limit 64 packets second Flow control Disabled Lacp Disabled Current status Link status Up Port operation status Up Operation speed duplex 1000full Flow control type None Console MIB Variables Associated With Broadcast Storm Control TABLE 3 18 MIB Vari
289. r set communication parameters for an Ethernet port aggregated link or VLAN TABLE 4 13 Interface Commands Command interface description Function Mode Configures an interface type and enters interface GC configuration mode Adds a description to an interface configuration IC speed duplex negotiation capabilities flowcontrol shutdown switchport broadcast packet rate clear counters show interfaces status show interfaces counters show interfaces Configures the speed and duplex operation of a given IC interface when auto negotiation is disabled Enables auto negotiation of a given interface IC Advertises the capabilities of a given interface for use IC in auto negotiation Enables flow control on a given interface IC Disables an interface IC Configures the broadcast storm control threshold IC Clears statistics on an interface PE Displays status for the specified interface NE PE Displays statistics for the specified interface NE PE Displays the administrative and operational status of NE an interface PE Page 4 83 4 84 4 85 4 86 4 87 4 89 4 91 4 91 4 93 4 93 4 95 4 96 switchport interface Use this command to configure an interface type and enter interface configuration mode Syntax interface interface no interface port channel channel id interface Chapter 4 Command Line Reference 4 83 4 3 8 2 a ethernet port name port name d
290. rE ntry mirrorSourcePort Mirror SUs Not Integer Destination Port mirrorMgt accessible mirrorTable mirrorE ntry mirrorDestinationPo FE Mirror Type Stes Read create rx 1 both mirrorMgt tx 2 mirrorTable mirrorE both 3 ntry mirrorType Mirror Status S ri Read create valid 1 mirrorMgt invalid 2 mirrorTable mirrorE ntry mirrorStatus Showing Port Statistics You can display standard statistics on network traffic from the Interfaces Group and Ethernet like MIBs as well as a detailed breakdown of traffic based on the RMON MIB Interfaces and Ethernet like statistics display errors on the traffic passing through each port This information can be used to identify potential problems with the switch such as a faulty port or unusually heavy loading RMON statistics provide access to a broad range of statistics including a total count of different frame types and sizes passing through each port All values displayed have been accumulated since the last system reboot and are shown as counts per second Statistics are refreshed every 20 seconds by default Chapter 3 General Management of the Switch 3 141 Note RMON groups 2 3 and 9 can only be accessed using SNMP TABLE 3 43 Traffic Statistics Statistic Description Interface Statistics e Received Octets The total number of octets received on the interface including framing characters Received Unicast Packets The number of subnetwork unicast packets d
291. ration Guide June 2003 4129 Example The following example shows how to add VLANs 1 2 5 and 6 to the allowed list as tagged VLANs for port SNP1 Console Console Console Console Console Console config interface ethernet SNP1 config if switchport allowed vlan add 1 tagged config if switchport allowed vlan add 2 tagged config if switchport allowed vlan add 5 tagged config if switchport allowed vlan add 6 tagged config if switchport forbidden vlan Use this command to configure forbidden VLANs Use the no form to remove the list of forbidden VLANs Syntax switchport forbidden vlan add vlan remove vlan no switchport forbidden vlan a add vlan VLAN ID to add remove vlan VLAN ID to remove Do not enter leading zeroes Range 1 4094 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage a This command prevents a VLAN from being automatically added to the specified interface through GVRP a Ifa VLAN has been added to the set of allowed VLANs for an interface then you cannot add it to the set of forbidden VLANs for that same interface Chapter 4 Command Line Reference 4 129 Example The following example shows how to prevent port SNP1 from being added to VLAN 3 Console config interface ethernet SNP1 Console config if switchport forbidden vlan add 3 Console config if 4 3 1
292. re check the appropriate BPDU format to send on the selected interface Syntax spanning tree protocol migration interface interface a ethernet port name port name down link SNPO 15 up link NETPO 7 mgt NETMGT m port channel channel id Range 1 6 Command Mode Privileged Exec Command Usage If at any time the switch detects STP BPDUs including Configuration or Topology Change Notification BPDUs it will automatically set the selected interface to forced STP compatible mode However you can also use the spanning tree protocol migration command at any time to manually re check the appropriate BPDU format to send on the selected interfaces RSTP or STP compatible Example Console config interface ethernet SNP5 Console config if Sspanning tree protocol migration Console config if 4 116 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 11 13 spanning tree link type Use this command to configure the link type for Rapid Spanning Tree Use the no form to restore the default Syntax Spanning tree link type auto point to point shared no spanning tree link type auto Automatically derived from the duplex mode setting a point to point Point to point link shared Shared medium Default Setting auto Command Mode Interface Configuration Ethernet Port Channel Command Usage Specify a point to point link if the interface can only be conne
293. re used for network control and the other bits for various application types ToS bits are defined in the following table TABLE 3 27 ToS Octet Traffic Types Priority Level Traffic Type Network Control Internetwork Control Critical Flash Override Flash Immediate Priority O e N WoO Fe A WD N Routine When mapping IP Precedence values to COS values through the web interface or CLI the following parameters can be configured m IP Precedence The current IP Precedence to COS map Chapter 3 General Management of the Switch 3 87 3 88 m Class of Service Value The COS value that is mapped to the selected IP Precedence value Note that 0 represents low priority and 7 represents high priority Web Interface Mapping IP Precedence Open Switch Config Class of Service Layer 3 4 Traffic Prioritisation Scroll to Mapping IP Precedence to Class of Service Values Select an entry from the IP Precedence table Select a value from the Class of Service Value menu Click Save f switch Config r p f Security Cammunication VLANS Broadcast amp Multicast Spanning Tree Class of Service Addres Mapping IP Precedence to Class of Service Values IP Precedence IP Precedence 0 CoS a IPF Precedence 2 CoS 23 IP Precedence 3 Cos 3 i IF Precedence 4 CoS 4 IP Precedence 5 CoS 5 IP Precedence Cos IF Precedence 7 CoS 7 gi Class of Service Value
294. red state of GVRP for the interface GVRP must be globally enabled for the switch before this setting can take effect page 3 45 When disabled any GVRP packets received on this port are discarded and no GVRP registrations are propagated from other ports The default is disabled m GARP Join Timer The interval between 20 and 1000 centiseconds between transmitting requests queries to participate in a VLAN group The default is 20 centiseconds m GARP Leave Timer The interval between 60 and 3000 centiseconds a port waits before leaving a VLAN group Set this time to more than twice the join time This ensures that after a Leave or LeaveAll message has been issued the applicants can rejoin before the port actually leaves the group The default is 60 centiseconds m GARP LeaveAll Timer The interval between 500 and 18 000 centiseconds between sending out a LeaveAll query message for VLAN group participants and the port leaving the group This interval should be considerably larger than the Leave Time to minimize the amount of traffic generated by nodes rejoining the group The default is 1000 centiseconds m VLANs on Selected Port The port is statically assigned to the specified VLAN m Membership Type The port s static VLAN membership type Tagged The interface is a member of the VLAN All packets transmitted by the port on this VLAN are tagged that is carry a tag and therefore carry VLAN or COS information
295. responding network cables between switches to avoid creating a loop An aggregated link can contain up to four up link ports or up to two down link ports The ports at both ends of a connection must be configured as aggregated link ports All ports in an aggregated link must be configured in an identical manner including communication mode that is speed duplex mode and flow control VLAN assignments and COS settings All the ports in an aggregated link have to be treated as a whole when moved from or to or added or deleted from a VLAN through the specified port channel STP VLAN and IGMP settings can only be made for the entire aggregated link through the specified port channel channel group Use this command to add a port to a static aggregated link Use the no form to remove a port from a static aggregated link Chapter 4 Command Line Reference 4 167 Syntax channel group channel id no channel group channel id The port channel index Range 1 6 Default Setting The current port will be added to this aggregated link Command Mode Interface Configuration Ethernet Command Usage When configuring static aggregated links you can only link switches of the same type m Useno channel group to remove a port group from an aggregated link m Useno interfaces port channel to remove an aggregated link from the switch Example The following example creates aggregated link 1 and then adds port NETP2
296. ress 00 00 E8 66 66 83 Configuration Port admin status Up Speed duplex Auto Cap bpilitiss T0halt Lofudl L00haelt 100TaLT gt 1000TULI Flow control status Disabled Current status Created by User Link status Up Port operation status Up Operation speed duplex 1000full Flow control type None Member Ports NETP2 NETP3 Console Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 MIB Variables Associated With Static Aggregated Links TABLE 3 35 MIB Variables Associated With Static Aggregated Links Field Name Trunk Maximum ID Trunk Valid Number Trunk Index Trunk Ports Trunk Creation Trunk Status MIB Variable sun trunkMgt trunkMaxId sun trunkMgt trunkValidNumber sun trunkMgt trunkTable trunkEntry lt trunkindex sun trunkMgt trunkTable trunkEntry trunkPorts sun trunkMgt trunkTable trunkEntry trunkCreation sun trunkMgt trunkTable trunkEntry trunkStatus For a description of other CLI variables see Displaying Connection Status on page 3 96 Default Access Value Range Value Read only Integer 6 Read only Integer 1 6 Index Integer Read create Octet string port list Read only static 1 lacp 2 Read create valid 1 invalid 2 Chapter 3 General Management of the Switch 3 113 3 4 4 3 114 Configuring VLAN Behavior for Interfaces You can configure VLAN behavior for specific interfaces includin
297. ress BOOTP DHCP service 3 16 4 70 manual configuration 3 13 4 70 setting 3 12 4 70 IP Precedence 3 87 4 158 J jumbo frame 4 33 L LACP 3 107 4 168 link aggregation configuration 3 107 dynamic 3 108 4 168 LACP 3 108 4 168 static 3 111 Link Aggregation Control Protocol See LACP link type STA 3 126 3 130 4 117 log messages B 4 logging messages 3 156 4 34 log in Web interface 3 3 logon authentication 3 28 4 45 M main menu 3 5 4 11 management interface console 4 1 interface Web 3 2 Management Information Base See MIB management port filtering traffic 3 134 4 77 management ports 1 4 MIB A 1 supported MIBs A 1 mirror port configuring 3 139 4 164 multicast configuring 3 54 4 138 router 3 59 4 148 P passwords 4 30 4 31 4 65 passwords setting 3 28 4 45 path cost 3 125 path cost method 3 76 4 111 path cost STA 3 129 4 111 4 112 port mirror 3 139 4 164 port priority default ingress 3 78 4 151 port security 3 121 4 103 ports configuring 3 96 4 83 priority default port ingress 3 78 4 151 priority STA 3 125 3 129 4 110 protocol migration 3 132 4 116 PVID 3 114 4 126 default ID 3 114 4 126 R RADIUS 3 28 4 46 Rapid Spanning Tree Protocol See RSTP Remote Authentication Dial in User Service See RADIUS RSTP 3 70 4 107 description 3 70 global configuration 3 76 4 107 S SC 1 2 1 3 serial port configuring 4 62 server
298. resses and then filtering or forwarding traffic based on this information The address table supports up to 8000 addresses m Store and Forward Switching The switch copies each frame into its memory before forwarding it to another port to ensure that all frames are a standard Ethernet size and have been verified for accuracy with the cyclic redundancy check CRC This prevents bad frames from entering the network and wasting bandwidth To avoid dropping frames on congested ports the switch provides 128 Kbytes of frame buffering per port This buffer can queue packets awaiting transmission on congested networks m Spanning Tree Protocol The switch supports these spanning tree protocols Spanning Tree Protocol STP IEEE 802 1D This protocol adds a level of fault tolerance by allowing two or more redundant connections to be created between a pair of LAN segments When there are multiple physical paths between segments this protocol chooses a single path and disables all others to ensure that only one route exists between any two stations on the network This prevents the creation of network loops However if the chosen path fails for any reason an alternate path will be activated to maintain the connection Rapid Spanning Tree Protocol RSTP IEEE 802 1w This protocol reduces the convergence time for network topology changes to about 10 of that required by the older IEEE 802 1D STP standard It is intended as a comp
299. rface changes state and also overcomes other STA related timeout problems However enable Edge Port only for ports connected to an end node device The default for NETPO to NETP7 is disabled The default for SNPO to SNP15 is enabled and fixed at this setting Web Interface Configuring STA Settings for a Port To configure interface settings for STP IEEE 802 1D 1 Open Up Links Down Links gt Spanning Tree gt Spanning Tree Protocol 2 Select the required interfaces 3 Click Configure Modify the required attributes 5 Click Save 3 130 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 r up Links f f Status Link Aggregation VLANs Address Filtering Spanning Tree Port s NETP4 Priority 0 240 ize Path Cost 1 2000000000 10000 Admin Link Type C Point to Point Shared Auto Admin Edge Port C Enabled Disable FIGURE 3 41 The Up Links Spanning Tree Window for NETP4 Command line Interface Configuring STA Settings for a Port This example sets STP attributes for port NETP5 Console config interface ethernet NETP5 Console config if Spanning tree port priority 128 Console config if spanning tree cost 19 Console config if spanning tree link type auto Console config if no spanning tree edge port Chapter 3 General Management of the Switch 3 131 MIB Variables for Configuring a Port s STA Settings TABLE 3 39 MIB Variables for Configuri
300. rm traffic analysis and verify connection integrity Link aggregation Ports can be combined into an aggregate link Aggregate links can be manually set up or dynamically configured using IEEE 802 3ad Link Aggregation Control Protocol LACP The additional ports dramatically increase the throughput across any connection and provide redundancy by taking over the load if a port in the trunk fails The switch supports six aggregated links with up to four up link ports per aggregated link or up to two down link ports per aggregated link Port Security Port security prevents unauthorized users from accessing your network It enables each port to learn or be assigned a list of MAC addresses for devices authorized to access the network through that port Any packet received on the port must have a source address that appears in the authorized list otherwise it will be dropped Port security is disabled on all ports by default but can be enabled on a per port basis Broadcast Suppression Broadcast suppression prevents broadcast traffic from overwhelming the network When enabled on a port the level of broadcast traffic passing through the port is restricted If broadcast traffic rises above a pre defined threshold it is throttled until the level falls back beneath the threshold Flow Control Flow control reduces traffic during periods of congestion and prevent packets from being dropped when port buffers overflow The switch support
301. rotocol GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network GVRP must be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Web Interface Enabling or Disabling GVRP Global Setting 1 Open Switch Config gt VLANs 2 Select Enable or Disable 3 Click Save switch Config f r r r i Security Communication YLANS Broadcast amp Multicast Spanning Tree Class of Service Address d alte The switch supports up to 255 VLANs based on the IEEE 802 16 standard Use the list bow to register static f Configuring YLANS port based VLANs Once a static VLAN has been registered ports should be assigned to the WLAN by preszing the membership button Once ports are assigned the VLAN can be enabled When the WLANs are configured GVRP GARP VLAN Registration Protocol may be enabled to propagate these changes across the network Enable GARP VLAN Registration Protocol GVRP C Enable Disable ia FIGURE 3 16 The Switch Config VLANs Window showing radio buttons for enabling GVRP Command line Interface Enabling GVRP Th following sample command enables GVRP for the switch Console config bridge ext gvrp Console config Chapter 3 General Management of the Switch 9
302. rovided in the last configuration message it received becomes the designated port for the connected LAN If it is a root port a new root port is selected from among the switch ports connected to the network References to ports in this section mean interfaces which include both ports and trunks Specify a value from the higher of 6 or 2 x Hello Time 1 to the lower of 40 or 2 x Forward Delay 1 The default is 20 seconds m Forward Delay The maximum time in seconds the switch waits before changing states for example from discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops might result Specify a value from the higher of 4 or Max Message Age 2 1 to 30 seconds The default is 15 seconds The following global parameters are statistical values and cannot be changed m Number of Topology Changes The number of times the spanning tree has been reconfigured m Last Topology Change The time since the spanning tree was last reconfigured Web Interface Configuring Basic STA Settings 1 Open Switch Config gt Spanning Tree Basic Configuration 2 Modify the required parameters 3 Click Save Sun Fire B1600 Blade System Chassis
303. s show garp timer 4 135 4 134 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 13 4 show garp timer Use this command to show the GARP timers for the selected interface Syntax show garp timer interface interface a ethernet port name port name down link SNPO 15 up link NETPO 7 mgt NETMGT m port channel channel id Range 1 6 Default Setting Shows all GARP timers Command Mode Normal Exec Privileged Exec Example Console tshow garp timer ethernet SNP1 SNP1 GARP timer status Join timer 20 sec Leave timer 60 sec Leaveall timer 1000 sec Console Related Commands garp timer 4 133 4 3 13 5 bridge ext gvrp Use this command to enable GVRP globally for the switch Use the no form to disable it Chapter 4 Command Line Reference 4 135 Syntax bridge ext gvrp no bridge ext gvrp Default Setting Enabled Command Mode Global Configuration Command Usage GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Example Console config bridge ext gvrp Console config 4 3 13 6 show bridge ext 4 136 Use this command to show the configuration for bridge extension commands Default Setting None Command Mode Privileged Exec Sun Fire
304. s snmp server Sets the system contact string GC 4 56 contact snmp server Sets the system location string GC 4 57 location 4 54 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 5 1 TABLE 4 10 SNMP Commands Command Function snmp server host Specifies the recipient of an SNMP notification operation snmp server enable Enables the device to send SNMP traps SNMP traps notifications show snmp Displays the status of SNMP communications snmp server community Mode Page GC 4 57 GC 4 59 NE 4 60 PE Use this command to define the community access string for the Simple Network Management Protocol Use the no form to remove the specified community string Syntax snmp server community string ro rw no snmp server community string a string Community string that acts like a password and permits access to the SNMP protocol Maximum length 32 characters case sensitive maximum number of strings 5 m ro Specifies read only access Authorized management stations are only able to retrieve MIB objects rw Specifies read write access Authorized management stations are able to both retrieve and modify MIB objects Default Setting a public with read only access m private with read write access Command Mode Global Configuration Chapter 4 Command Line Reference 4 55 Command Usage The first snmp server community command you enter enables all versions of SNMP SN
305. s VLAN gt pair for frames received on an interface for an initial training period and then enable port security to stop address learning Enable the learning function long enough to ensure that all valid VLAN members are registered on the selected interface To add new VLAN members at a later time you can manually add static addresses or turn off port security to reenable the learning function long enough for new VLAN members to be registered Learning may then be disabled again if desired for security When configuring static addresses and port security through the web interface or CLI the following parameters are displayed or can be configured Port The interface port or trunk Up link ports NETPO to NETP7 or down link ports SNPO to SNP15 Secure Port The configured state of port security The default is disabled A secure port has the following restrictions a It cannot use port monitoring a It cannot be a multi VLAN interface It cannot be connected to a network interconnection device It cannot be a member of an aggregated link Number of Static Addresses The number of manually configured addresses VLAN The ID of the configured VLAN 1 4094 and its name MAC Address The MAC address associated with the interface 24 Web only Chapter 3 General Management of the Switch 3 121 3 4 5 1 3 122 2 3 4 5 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 200
306. s flow control based on the IEEE 802 3x standard By default flow control is disabled on all ports Traffic Priority This switch provides Quality of Service QoS by prioritizing each packet based on the required level of service using four priority queues with Weighted Round Robin queuing The switch uses IEEE 802 1p and 802 10 tags to prioritize incoming traffic based on input from the end station application These functions can be used to provide independent priorities for delay sensitive data and best effort data Chapter 1 Introduction 1 7 1 8 This switch also supports several common methods of prioritizing layer 3 4 traffic to meet application requirements Traffic can be prioritized based on the priority bits in the IP frame s Type of Service ToS octet When these services are enabled the priorities are mapped to a Class of Service value by the switch and the traffic is then sent to the corresponding output queue Address Filtering This switch provides a packet filter for all traffic entering the CPU port and potentially forwarded or routed to the management network The packet filter is rule pattern based and constitutes a set of patterns that when matched DROPS the packet and a further set of patterns that when matched ACCEPTS the packet Multicast Switching Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfere with normal network traffic and to guarantee real time deliv
307. s for queues 0 to 3 determines the weights used by the WRR scheduler Range 1 255 Default Setting Weights 16 64 128 and 240 are assigned to queue 0 1 2 and 3 respectively 4 152 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 15 3 Command Mode Global Configuration Command Usage WRR allows bandwidth sharing at the egress port by defining scheduling weights Example The following example shows how to assign WRR weights of 1 3 5 and 7 to the COS priority queues 0 1 2 and 3 Console config queue bandwidth 1 3 5 7 Console config Related Commands show queue bandwidth 4 155 queue cos map Use this command to assign class of service COS values to the COS priority queues Use the no form to set the COS map to the default values Syntax queue cos map queue_id cos1 cosn no queue cos map queue_id The queue id of the CoS priority queue Ranges are 0 to 3 where 3 is the highest CoS priority queue a cosl cosn The CoS values that are mapped to the queue id It is a space separated list of numbers The CoS value is a number from 0 to 7 where 7 is the highest priority Chapter 4 Command Line Reference 4 153 Default Setting This switch supports Class of Service by using four priority queues with Weighted Round Robin queuing for each port Eight separate traffic classes are defined in IEEE 802 1p The default priority levels are assigned according t
308. s or parameters Chapter 4 Command Line Reference 4 5 4 1 2 5 Showing Commands If you type a at the command prompt the system displays the first level of keywords for the current command class Normal Exec or Privileged Exec or configuration class Global Interface Line or VLAN Database You can also display a list of valid keywords for a specific command For example the command show displays a list of possible show commands Console show bridge ext garp gvrp history interfaces ip line logging mac address table map port queue radius server running config snmp spanning tree startup config system tacacs server users version vlan Console show counters Bridge extend information Garp property Show gvrp information of interface Information of history Information of interfaces Ip TTY line information Show the contents of logging buffers Set configuration of the address table Map priority Characteristics of the port Information of priority queue Radius server information The system configuration of running SNMP statistics Specify spanning tree The system configuration of starting up Information of system Login by tacacs server Display information about terminal lines System hardware and software status Switch VLAN Virtual Interface The command show interfaces displays the following information Console gt show interfaces Information of interfaces counters status
309. s the following information System description host name location contact information SNMP community strings Users names access levels and encrypted passwords VLAN database VLAN ID name and state VLAN configuration settings for each interface IP address of the management VLAN User authentication sequence along with remote authentication server address and UDP port Any configured settings for the console port and Telnet Example Console tshow startup config building startup config please wait I hostname R amp D 5 snmp server location WC 9 snmp server contact Charles I snmp server community private rw snmp server community public ro l username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7al 783edd 27d254ca vlan database vlan 1 name DefaultVlan media ethernet state active vlan 2 name MgtVlan media ethernet state active Chapter 4 Command Line Reference 4 39 spanning tree mst configuration name XSTP REGION 0 I interface ethernet SNPO description Blade Slot 1 flowcontrol switchport allowed vlan add 1 untagged switchport native vlan 1 spanning tree edge port spanning tree link type auto interface vlan 2 ip address 0 0 0 0 255 0 0 0 I no bridge ext gvrp l authentication login local tacacs server host 0 0 0 0 t
310. sabled P int WETPS Broken 128 10000 0 32768 0 000068666677 128 20 to Disabled Point FIGURE 3 40 The Up Links gt Spanning Tree Window Command line Interface Displaying the Current Interface Settings for STA This example shows the STA attributes for port NETP4 Console tshow spanning tree ethernet NETP4 SNPO information Admin status enable Role designate State forwarding Path cost 10000 Priority 2 128 Designated cost 10000 Designated port 128 1 Designated root 32768 00209C23C267 Designated bridge 32768 0000E8666672 Forward transitions 0 Admin edge port disable Oper edge port disable Admin Link type point to point Oper Link type point to point Console Chapter 3 General Management of the Switch 3 127 MIB Variables Associated With a Port s STA Settings TABLE 3 38 MIB Variables Associated With a Port s STA Settings Field Name Port A Interger 1 25 STA Port State STA Port Priority STA Port Path Cost STA Port Designated Cost STA Port Designated Bridge STA Port Designated Port STA Port Admin Point to Point STA Port Admin Edge Port Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 MIB Variable sun XstMgt mstInstancePortTable mstInstancePortEntry sun xstMgt mstInstancePortTable mstInstancePortEntry mstinstancePortState sun xstMgt mstInstancePortTable mstInstanc
311. sion with the Sun Fire B1600 is opened To end the CLI session enter Exit Console 4 8 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 1 2 11 Username guest Password guest login password CLI session with the Sun Fire B1600 is opened To end the CLI session enter Exit Console gt enable Password privileged level password Console Configuration Commands Configuration commands are privileged level commands used to modify switch settings These commands modify the running configuration only and are not saved when the switch is rebooted To store the running configuration in non volatile storage use the copy running config startup config command The configuration commands are organized into these modes a Global Configuration These commands modify the system level configuration and include commands such as hostname and snmp server community m Interface Configuration These commands modify the port configuration such as speed duplex and negotiation m Line Configuration These commands modify the console port and Telnet configuration and include command such as exec timeout and silent time a VLAN Configuration Includes the command to create VLAN groups To enter the Global Configuration mode type the command configure in Privileged Exec mode The system prompt changes to Console config which gives you access privilege to all Global Configuration commands
312. ssion dot3StatsTable dot3sS tatsEntry dot3StatsSingleCollisionFrames MIB II transmission dot3StatsTable dot3S tatsEntry dot3StatsInternalMacTransmitError S MIB II transmission dot3StatsTable dot3sS tatsEntry dot3StatsMultipleCollisionFrames MIB II transmission dot3StatsTable dot3S tatsEntry dot3StatsCarrierSenseErrors Access Read only Read only Read only Read only Read only Read only Read only Read only Read only Read only Range Integer Integer Integer Integer Integer Integer Integer Integer Integer Integer Chapter 3 General Management of the Switch 3 149 TABLE 3 44 MIB Variables Associated With Port Statistics Continued Field Name e SQE Test Errors e Frames Too Long e Deferred Transmissions e Internal MAC Receive Errors RMON Statistics e Drop Events Jabbers Received Octets Collisions Received Packets e Broadcast Packets 3 150 MIB Variable MIB II transmission dot3StatsTable dot3S tatsEntry dot3StatsSQETestErrors MIB II transmission dot3StatsTable dot3S tatsEntry dot3StatsFrameTooLongs MIB II transmission dot3StatsTable dot3S tatsEntry dot3StatsDeferredTransmissions MIB II transmission dot3StatsTable dot3S tatsEntry dot3StatsInternalMacReceiveErrors MIB IL rmon statistics etherStatsTable e therStatsEntry etherStatsDropEven ts MIB II rmon statistics etherStatsTable e therStatsEn
313. switch software module for example STA VLAN XFER TRAP or RMON 2 Indicates the value specified for a configuration setting 3 The syslog message level See logging history on page 4 35 B 5 3 Command Line Errors The error messages generated by the switch for the command line interface are listed in the following table Note that these messages are not written to the log file TABLE B 3 Command Line Error Messages B 6 Message Ambiguous command string Clear dynamic address error CLI internal error contact your local service provider Copy error Exec timeout could not be disabled for vty session Factory default configuration file cannot be deleted Factory default configuration file cannot be replaced Failed to allocate resource Description Ambiguous command Cannot clear dynamic address CLI command internal error Copy failed Telnet session cannot disable exec timeout Factory default file cannot be deleted Factory configuration file cannot be replaced Not enough resources Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 TABLE B 3 Message Failed to get string Failed to set string Failed to write certificate file to flash Incomplete command Insufficient memory Insufficient memory to display or save running config Invalid file name Invalid input NI Invalid marker input detected at Invalid parameter Invalid
314. ta is invalid Illegal SNMP trap IP address Please select a Community String Please type a Community String Trap Manager table is full or data is invalid User privileges are not enough to perform this operation You must specify an IP trap community string Authentication type doesn t exist Data is invalid Illegal IP address Number of Server Transmits is out of range Password too long Please input username Please select an user RADUIS KEY is invalid Server Port Number is out of range Select a privilege level TACACS PORT is invalid TACACS KEY is invalid Timeout is out of range User privileges are not enough to perform this operation Cannot create VLAN Cannot set VLAN name Cannot set VLAN status Cannot delete VLAN Description General error Illegal IP address format Select a community string to remove Type a community string to add Trap Manager table is full or data is invalid Privileges insufficient Type an IP trap community string to add One of Local TACACS or RADIUS authentication type is not supported General error IP address format is illegal RADIUS retransmits number is out of range Maximum password length exceeded Input a user name to add a new user Select a user to remove or change password RADIUS encryption key is invalid RADIUS port number is out of range Select privilege level to add a user TACACS port is invalid TACACS key is in
315. te Read always MIB Variables Associated With User Authentication Default Value Range Value IP address 10 11 12 13 Integer 1812 1 65535 String size 0 20 Integer 2 1 65535 Integer 5 1 65535 seconds IP address Integer 1 65535 String size 0 20 returns 0 Key Configuring SNMP The Simple Network Management Protocol SNMP is a communication protocol designed specifically for managing devices or other elements on a network Chapter 3 General Management of the Switch 3 33 Dhal Equipment commonly managed with SNMP includes switches routers and host computers SNMP is typically used to configure these devices for proper operation in a network environment as well as to monitor them to evaluate performance or detect potential problems The blade system chassis switch includes an on board SNMP agent that continuously monitors the status of its hardware and the traffic passing through its ports A network management station can access this information using software such as Solstice Domain Manager Access rights to the on board agent are controlled by community strings To communicate with the switch the management station must first submit a valid community string for authentication The options for configuring community strings and related trap functions are described in the following sections Configuring SNMP Access You can configure up to five community strings authorized for management access F
316. te public Read Only Remove String Access level blueberry Read Write Bin FIGURE 3 14 The Switch Config Communication Window for Adding and Removing Community Strings Command line Interface Adding and Removing Community Strings The following example adds the string blueberry with read write access Console config snmp server community blueberry rw Console config MIB Variables Associated With Community Strings Note There are no MIB variables for these functions Chapter 3 General Management of the Switch 3 35 3 2 7 2 Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the switch to specified trap managers You must specify trap managers so that key events are reported by this switch to your management station using network management platforms such as Soltice Domain Manager You can specify up to five management stations that will receive trap messages from the switch The traps supported by this switch are listed under Supported Traps on page A 3 When configuring SNMP trap managers using the web interface or CLI the following parameters can be configured m IP Address The Internet address of the host the targeted recipient The maximum number of host IP addresses is 5 Community The password like string between 1 and 32 characters sent with the notification operation Although you can set this string in the Trap Managers table it
317. ted With Filtering Traffic to the Management Port Continued Default Value Range Value Integer 1 65536 Integer 0 63 Integer 0 63 enabled 1 disabled disabled 2 enabled 1 disabled disabled 2 3 9 ASMI 3 5 1 1 Monitoring Port and Management Traffic This section describes switch monitoring functions including those used to mirror traffic to a monitor port for analysis display detailed network statistics for any port or display key statistics on SNMP traffic passing through the management port Note The integrated switches on the Sun Fire B1600 blade system chassis are each composed of two switch chips linked together It is only possible to mirror the traffic on one port by using another port that is on the same switch chip The ports NETPO NETP1 NETP4 NETP5 and SNP8 through SNP15 are on one switch chip The ports NETP2 NETP3 NETP6 NETP7 and SNPO through SNP7 are on the other If you look at the rear panel of the SSC all the ports on the right are on one chip and all the ports on the left are on the other Configuring Port Mirroring You can mirror traffic from any source port to a target port for real time analysis You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner Note the following points about port mirroring m The monitor port speed must match or exceed source port speed oth
318. ternal links for connection to the network Each blade is also connected to the System Controller SC within each SSC by a simple serial link The SC enables you to manage and monitor the components of the chassis It also gives you access to the switch s command line interface and to the console for each server blade installed in the chassis 1 1 1 Switch Architecture The switch employs a high speed switching fabric that enables simultaneous transport of multiple packets at low latency on all ports The switch also uses store and forward technology to ensure maximum data integrity In this mode the entire packet must be received into a port buffer and checked for validity before being forwarded preventing errors from propagating throughout the network 1 1 2 Ways of Accessing the Switch Management Application There is a serial console port implemented with an RJ 45 jack that provides on site management access to the SC When you apply power to the system chassis the interface for the SC is displayed To access the command line interface for the switch see Configuration Options on page 2 2 or refer to the Sun Fire B1600 Blade System Chassis Software Setup Guide This command line interface can also be accessed directly using telnet through the 100BASE TX RJ 45 management port NETMGT on the SSC The switch can also be managed by connecting to this port over the network with a Web browser or SNMP RMON software 1 2 Sun Fire B16
319. ters of the interface The default for up link ports is External RJ 45 connector NETn The default for down link ports is Blade Slot n The default for the management port is External RJ 45 connector NETMGT Administrative Status The configured state of the interface You can disable an interface due to abnormal behavior for example excessive collisions and then reenable it after the problem has been resolved You may also disable an interface for security reasons Negotiate Link Capabilities Allows auto negotiation to be enabled disabled When auto negotiation is enabled you need to specify the capabilities to be advertised When auto negotiation is disabled you can force the settings for speed mode and flow control The following capabilities are supported a 10half 10 Mbit sec half duplex operation a 10full 10 Mbit sec full duplex operation a 100half 100 Mbit sec half duplex operation m 100full 100 Mbit sec full duplex operation 1000half 1000 Mbit sec half duplex operation 1000full 1000 Mbit sec full duplex operation symmetric Gigabit only The capability to transmit and receive pause frames When disabled the sender and receiver auto negotiate for asymmetric pause frames The switch only supports symmetric pause frames flowcontrol Flow control Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the s
320. ters have a text field or a menu Once a configuration change has been made on a page click the Save button to confirm the new setting The following table summarizes the web page configuration buttons TABLE 3 1 Web Page Configuration Buttons Button Action Cancel Cancels specified values and restores current values Reset Cancels specified values and restores current values Save Sets specified values to the system Note To ensure proper screen refresh confirm that Internet Explorer 5 x is configured as follows From the Tools menu choose Internet Options General gt Temporary Internet Files gt Settings and set Check for newer versions of stored pages to Every visit to the page Note When using Internet Explorer 5 0 you might have to click the web browser s refresh button to manually refresh the screen after making configuration changes Panel Display The web agent displays an image of the switch s up link ports indicating whether each link is active Clicking on the image of a port opens the Port Configuration page which is described in Section 3 4 Port Configuration on page 3 96 E gt pe f 6 R e a 4 CEIT External F Link Up Link Down ME TMa T METP SNP F a 4 3 10 13 12 lt 14 15 j j AAAA Internal FIGURE 3 2 Image of the Switch s Active Uplinks and Downlinks 3 4 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003
321. than the ones in the lists below please include it to the list uzing the dd Button Mote Space is limited and each list can only hold 2 user defined files at a time To add additional files please delete one first Switth Operation Code Image Files TETP Server IP i j Download P Address 10 1 0 19 pi Il Upload he vio o Name ztu E FIGURE 3 8 The Switch Status Software Window for downloading firmware Note If you receive an error message saying that the data you have entered is invalid you might have typed an incorrect IP address or an incorrect file name or you not might have the correct access permissions for TFTP transfer Alternatively it is possible that there is not enough memory available on the switch If you download to a new destination file select the new file from the pull down menu for the operation code used at startup and click Save To start the new firmware reboot the system by clicking Save and Restart Switch Status System Identity Network Identity Software Files used at Startup Operation Code Image File used at startup runtime Configuration File used at startup Factory_Default_Config cfg Restart switch to apply changes immediately Save and Restart T FIGURE 3 9 The Switch Status Software Window at the End of the Download Process Command line Interface Dowloading Switch Firmware 1 Type the IP address of the TF
322. than the size specified because the switch adds header information Default Setting This command has no default for the host Command Mode Normal Exec Privileged Exec 4 76 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Command Usage a Use the ping command to see if another site on the network can be reached The following are some results of the ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond the switch displays timeout Destination unreachable The gateway for this destination indicates that the destination is unreachable Network or host unreachable The gateway found no corresponding entry in the route table m Press lt Esc gt to stop pinging Example Console tping 10 1 0 19 Type Ctrl C to abort PING to 10 1 0 19 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 0 ms response time 0 ms response time 10 ms response time 10 ms response time 10 ms Ping statistics for 10 1 0 19 5 packets transmitted 5 packets received 100 0 packets lost 0 Approximate round trip times Minimum 0 ms Maximum 10 ms Average 6 ms Console 4 3 7 8 ip filter Use this command to block specified IP packets from reaching the internal management port from the down link ports Use the no form to remove a rule fr
323. therwise back pressure jamming signals may degrade overall performance for the segment connected to the hub m Broadcast storm suppression The state of broadcast storm control on the interface For more information on broadcast storm control or information on setting the broadcast threshold level refer to Broadcast Storm Control Global Setting on page 3 67 Web Interface Configuring Interface Connections Open the Up Links Down Links Status window Se ect the interfaces you want to configure Click Configure Modify the required interface settings Click Save 23 Auto negotiation must be disabled on the up link ports before you can configure or force the interface to use a specific speed duplex mode or flow control option Chapter 3 General Management of the Switch 3 103 3 104 f f up uinks fl r r l Status Link Aggregation VLANs Address Filtering Spanning Tree Port s NETPO a Port Description External RJ 45 connect Set Port Administrative Status Enable C Disable Enable port auto negotiation capabilities Auto negotiation enabled Select link parameter capabilities to advertise I 100full W 100half M 1000 full F 1000half 10full M 10half l flowcontrol symmetric C Auto negotiation disable Select link parameters to use 1000 full 1000half 100full 100half 10full 10half Flow control enabled Set Broadcast storm Suppression f Ena
324. tion code and configuration file to use at startup Command line Interface Downloading a File of Configuration Settings Type the IP address of the TFTP server Specify the source file on the server Set the startup file on the switch Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 Restart the switch Consoletcopy tftp startup config TFTP server ip address 192 168 1 19 Source configuration file name startup2 0 Startup configuration file name startup Write to FLASH Programming startup2 0 Write to FLASH finish Success Console reload System will be restarted continue lt y n gt y If you download the startup configuration file under a new file name you can set this file as the startup file at a later time and then restart the switch Console tconfig Console config boot system config Console config exit Console reload System will be restarted startup new continue lt y n gt y MIB Variables Associated With Downloading Configuration Settings TABLE 3 8 MIB Variables Associated With Downloading Configuration Settings Field Name MIB Variable Access Value Range TFTP Server sun Read write IP address IP Address tftpMgt tfitpServer TFTP File Sis Read write opcode 1 Type tftpMgt config 2 tftpFileType TFTP Source sun Read write Display string size 0 127 File Name tftpMgt tftpSrcFile TFTP Action SUs 3 Read write notDow
325. to map a static address to a destination port Use the no form to remove an address Syntax mac address table static mac address interface interface vlan vlan id action no mac address table static mac address vlan vlan id mac address MAC address interface ethernet port name port name down link SNPO 15 up link NETPO 7 mgt NETMGT port channel channel id Range 1 6 vlan id VLAN ID Range 1 4094 action permanent Assignment is permanent delete on reset Assignment lasts until switch is reset Default Setting No static addresses are defined The default mode is permanent Command Mode Global Configuration Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN Use this command to add static addresses to the MAC Address Table Static addresses have the following characteristics Static addresses are not removed from the address table when a given interface link is down Static addresses are bound to the assigned interface and are not moved When a static address is seen on another interface the address is ignored and is not written to the address table Chapter 4 Command Line Reference 4 99 4 392 4 3 9 3 a A static address cannot be learned on another port until the address is removed with the no form of this command Example Console config mac address table static 00 e0 29 94 34 de interface ethernet SNP1 vlan 1 delete on res
326. tration Guide June 2003 Command Mode Interface Configuration Ethernet destination port Command Usage You can mirror traffic from a source port to a destination port for real time analysis You can then attach a logic analyzer or RMON probe to the destination port and study the traffic crossing the source port in a completely unobtrusive manner The destination port is set by specifying an Ethernet interface Example The following example mirrors all packets from port SNP6 to port NETP2 Console config interface ethernet NETP2 Console config if port monitor ethernet SNP6 both Console config if Related Commands show port monitor 4 165 4 3 16 2 show port monitor Use this command to display mirror information Syntax show port monitor interface interface ethernet port name port name down link SNPO 15 up link NETPO 7 mgt NETMGT Default Setting Shows all sessions Chapter 4 Command Line Reference 4 165 Command Mode Privileged Exec Command Usage This command displays the currently configured source port destination port and mirror mode RX TX RX TX Example The following shows mirroring configured from port SNP6 to port NETP2 Console config interface ethernet NETP2 Console config if port monitor ethernet SNP6 Console config if end Console tshow port monitor Port Mirroring Destination port listen port NETP2 Source port monitored port SNP6
327. try etherStatsJabbers MIB IL rmon statistics etherStatsTable we therStatsEntry etherStatsOctets MIB IL rmon Statistics etherStatsTable e therStatsEntry etherStatsCollisio ns MIB IL rmon sStatistics etherStatsTable e therStatsEntry etherStatsPkts MIB II rmon statistics etherStatsTable e therStatsEntry etherStatsBroadcas tPkts Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Access Read Only Read only Read only Read only Read only Read only Read only Read only Read only Read only Range Integer Integer Integer Integer Integer Integer Integer Integer Integer Integer TABLE 3 44 MIB Variables Associated With Port Statistics Continued Field Name e Multicast Packets e CRC Alignment Errors e Undersize Packets e Oversize Packets e Fragments e 64 Bytes Frames e X Y Byte Frames MIB Variable MIB II rmon statistics etherStatsTable e therStatsEntry etherStatsMulticas tPkts MIB II rmon statistics etherStatsTable e therStatsEntry etherStatsCRCAlign Errors MIB II rmon statistics etherStatsTable e therStatsEntry etherStatsUndersiz ePkts MIB I1L rmon statistics etherStatsTable e therStatsEntry etherStatsOversize Pkts MIB II rmon statistics etherStatsTable e therStatsEntry etherStatsFragment S MIB II rmon statistics etherStatsTable e therStatsEntry etherStatsPkts640c tets Mi BAT i rmon
328. ts passing through it picks out the group registration information and configures multicast filters accordingly m IGMP Querier A router or multicast enabled switch can periodically ask their hosts if they want to receive multicast traffic If there is more than one router switch on the LAN performing IP multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It then propagates the service requests on to any upstream multicast switch router to ensure that it will continue to receive the multicast service Note Multicast routers use this information along with a multicast routing protocol such as DVMRP to support IP multicasting across the Internet When configuring IGMP snooping through the web interface or CLI the following parameters are displayed or can be configured m IGMP Snooping The operating status of IGMP When enabled the switch will monitor network traffic to determine which hosts want to receive multicast traffic The default is Disabled m IGMP Protocol Version The protocol version Specify 1 or 2 for compatibility with other devices on the network The default is 2 m IGMP Querier The operating status of IGMP querier When enabled the switch can serve as the querier which is responsible for asking hosts if they want to receive multicast traffic The default is Disabled Query Count The maximum number of queries issued betwe
329. ty levels to the switch s output queues in any way that benefits application traffic for your own network TABLE 3 23 IEEE 802 1p Traffic Types Priority Level Traffic Type Background Spare default Best Effort Excellent Effort Video less than 100 milliseconds latency and jitter 1 2 0 3 4 Controlled Load 5 6 Voice less than 10 milliseconds latency and jitter 7 Network Control When mapping COS queues to port egress queues through the web interface or CLI the following parameters can be configured m Class of Service Values The COS value Specify a value between 0 and 7 where 7 is the highest priority m Traffic Classes Queue The output queue buffer Specify 0 1 2 or 3 Web Interface Mapping COS Values to Traffic Classes Open Switch Config Class of Service gt Basic Traffic Prioritisation Scroll to Mapping CoS Values to Traffic Classes Egress Queues Select a priority from the Class of Service Values list Select an output queue from the Traffic Classes menu Click Save 13 CLI shows Queue ID Chapter 3 General Management of the Switch 3 81 Switch Config Security Communication VLANs Broadcast amp Multicast Spanning Tree Class of Service Addres lapping CoS Values to Traffic Classes Egress Queues Class of Service Values iO Traffic Class 1 1 Traffic Class 0 2 Traffic Class O 3 Traffic Class 1 4 Traffic Class 2 E Traff
330. ty Commands Command Function Mode Page port security Configures a secure port IC 4 103 mac address table Maps a static address to a port ina VLAN GC 4 99 static show mac address Displays entries in the bridge forwarding database PE 4 100 table port security Use this command to configure a secure port Use the no form to disable port security Syntax port security no port security Default Setting All port security is disabled Chapter 4 Command Line Reference 4 103 Command Mode Interface Configuration Ethernet Command Usage If you enable port security the switch stops dynamically learning new addresses on the specified port Only incoming traffic with source addresses already stored in the dynamic or static address table are accepted a To use port security first allow the switch to dynamically learn the lt source MAC address VLAN gt pair for frames received on a port for an initial training period and then enable port security to stop address learning Be sure you enable the learning function long enough to ensure that all valid VLAN members have been registered on the selected port To add new VLAN members at a later time you can manually add secure addresses with the mac address table static command or turn off port security to reenable the learning function long enough for new VLAN members to be registered Learning may then be disabled again if desired for security A secure port has the
331. tyMgt packetFilterUnitMgt pfuRuleTable pfuRuleEntry pfuRuleSrcIpAddr amp pfuRuleSrcIpBitmask sun securityMgt packetFilterUnitMgt pfuRuleTable pfuRuleEntry pfuRuleSrcPortRangel amp pfuRuleSrcPortRange2 sun securityMgt packetFilterUnitMgt pfuRuleTable pfuRuleEntry pfuRuleDstIpAddr amp pfuRuleDstIpBitmask Access No access Read create Read create Read create Read create Read create Default Value Range Value Integer 1 128 permit 1 deny 2 Integer 0 256 256 means any protocol IP address Integer 1 65536 IP address Chapter 3 General Management of the Switch 3 137 TABLE 3 41 Field Name Destination IP Port Range TCP Code TCP Code Bitmask Fragments Log 3 138 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 MIB Variable sun securityMgt packetFilterUnitMgt pfuRuleTable pfuRuleEntry pfuRuleDstPortRangel amp pfuRuleDstPortRange2 sun securityMgt packetFilterUnitMgt pfuRuleTable pfuRuleEntry pfuRuleTcpCode sun securityMgt packetFilterUnitMgt pfuRuleTable pfuRuleEntry pfuRuleTcpCodeBitmask sun securityMgt packetFilterUnitMgt pfuRuleTable pfuRuleEntry pfuRuleFragments sun securityMgt packetFilterUnitMgt pfuRuleTable pfuRuleEntry pfuRuleLog Access Read create Read create Read create Read create Read create MIB Variables Associa
332. ually configured as a static entry a All Ports The port or port channel identifier m Membership Ports The interfaces added to the selected VLAN as tagged or untagged or restricted from being automatically added through GVRP Default Value Range Value other 1 permanent 2 dynamicGvrp 3 Octet string port list m Membership Type Specify VLAN membership by highlighting the required interface and clicking the appropriate Add button 10 CLI only 3 50 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 Add Tagged The interface is a member of the VLAN All packets transmitted by the port on this VLAN will be tagged that is carry a tag and therefore carry VLAN or COS information Add Untagged The interface is a member of the VLAN All packets transmitted by the port will be untagged that is not carry a tag and therefore not carry VLAN or COS information Add Forbidden The interface is forbidden from automatically joining the VLAN through GVRP See Automatic VLAN Registration on page 3 40 a Remove Removes the selected interface from the VLAN Web Interface Adding Ports Manually toa VLAN To add an interface to a VLAN Open Switch Config VLANs Highlight a VLAN in the static list and click Membership From the port membership page select an interface from the All Ports list port or port channel Click Add Tagged Add Untagged or Add Forbidde
333. up 5 STA Port sun mstMgt Read only Octet string Designated Root mstInstancePortTable mstinstancePortEntry mstinstancePort DesignatedRoot STA Port sun mstMgt Read only Counter Forward mstInstancePortTable Transitions mstInstancePortEntry mstInstancePort ForwardTransitions Configuring Interface Settings for STA These settings apply to the selected interface s when the switch is set to STP forced compatibility mode page 3 70 and RSTP When configuring STA interface settings through the web interface or CLI the following parameters can be configured Priority The priority between 0 and 240 in steps of 16 used for the port in the Spanning Tree Algorithm STA If the path cost for all ports on a switch is the same the port with the highest priority lowest value is configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the STA is detecting network loops Where more than one port is assigned the highest priority the port with lowest numeric identifier is enabled The default is 128 Path Cost This parameter is used by the STA to determine the best path between devices Therefore assign lower values to ports connected to faster media and higher values to ports connected to slower media Path cost takes precedence over port priority a The range of values for Ethernet connections is between 200 000 and 20 000 000 for Fast Ethernet 20 00
334. uration Class of Service COS enables you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion The switch supports COS with four priority queues for each port Data packets in a port s high priority queue are transmitted before those in the low priority queues You can set the default priority for each interface and configure the mapping of frame priority tags to the switch s priority queues Setting the Default Priority for Interfaces You can specify the default port priority for each interface on the switch All untagged packets entering the switch are tagged with the specified default port priority and then sorted into the appropriate priority queue at the output port Note the following points about setting the default priority for interfaces m The switch provides four priority queues for each port and uses Weighted Round Robin to prevent head of queue blockage m The default priority applies for an untagged frame received on a port set to accept all frame types that is receives both untagged and tagged frames This priority does not apply to IEEE 802 10 VLAN tagged frames If the incoming frame is an IEEE 802 10 VLAN tagged frame the IEEE 802 1p User Priority bits will be used a If the output port is an untagged member of the associated VLAN these frames are stripped of all VLAN tags prior to transmission When setting the default priority for interfaces through the
335. valid RADIUS timeout is out of range Privileges insufficient VLAN ID invalid or maximum number of supported VLANs has been exceeded VLAN name invalid Cannot disable VLAN 1 or the VLAN defined as the native VLAN PVID for the mangement port Cannot delete VLANs with members or any VLAN defined as the native VLAN PVID for an interface B 10 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 TABLE B 4 Menu Membership Web Interface Error Messages Continued Message Data is invalid User privileges are not enough to perform this operation Data is invalid User privileges are not enough to perform this operation Broadcast amp Multicast Broadcast Parameters IGMP Parameters Multicast Router Ports Multicast Services Spanning Tree Basic Configuration Threshold is out of range User privileges are not enough to perform this operation Please enter a valid version Query count is out of range Query interval is out of range Query timeout is out of range Report delay is out of range User privileges are not enough to perform this operation Data is invalid Please select a port User privileges are not enough to perform this operation Data is invalid Igmp group member is null Illegal IP address Select a port or aggregated link User privileges are not enough to perform this operation Data is invalid Priority is out of range
336. vileged access mode Example Console gt enable Password privileged level password Console Related Commands disable 4 14 enable password 4 30 disable Use this command to return to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or Ethernet statistics To gain access to all commands you must use the privileged mode See Understanding Command Modes on page 4 7 Default Setting None 4 14 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 3 1 3 Command Mode Privileged Exec Command Usage The gt character is appended to the end of the prompt to indicate that the system is in normal access mode Example Console disable Console gt Related Commands enable 4 13 configure Use this command to activate Global Configuration mode You must enter this mode to modify any settings on the switch You must also enter Global Configuration mode prior to enabling some of the other configuration modes including Interface Configuration Line Configuration and VLAN Database Configuration See Understanding Command Modes on page 4 7 Default Setting None Command Mode Privileged Exec Chapter 4 Command Line Reference 4 15 Example Console configure Console config Related Commands end 4 18 4 3 1 4 show history Use this command to show the contents of the com
337. witch when its buffers fill When enabled back pressure is used for half duplex operation and IEEE 802 3x for full duplex operation 22 Auto negotiation cannot be disabled on the down link ports These ports are fixed at 1000 Mbit sec full duplex Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 3 4 2 1 Note The integrated switches on the Sun Fire B1600 blade system chassis are each composed of two switch chips linked together It is only possible to enable flow control between two ports that are on the same switch chip The ports NETPO NETP1 NETP4 NETP5 and SNP8 through SNP15 are on one switch chip The ports NETP2 NETP3 NETP6 NETP7 and SNPO through SNP7 are on the other If you look at the rear panel of the SSC all the ports on the right are on one chip and all the ports on the left are on the other m Speed Duplex The port speed and duplex mode When auto negotiation is disabled you can manually configure the port speed and duplex mode Note When auto negotiation is disabled you can only set the up link ports to 10 Mbit sec or 100 Mbit sec To force a port to operate at 1 Gbit sec full duplex enable auto negotiation and set the port capabilities to 1000full only Flow Control When auto negotiation is disabled you need to enable or disable flow control Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem O
338. word thresh threshold The number of allowed password attempts Range 1 120 0 no threshold Default Setting The default value is three attempts Command Mode Line Configuration Command Usage m When the login attempt threshold is reached on the console port the system interface becomes silent for a specified amount of time before allowing the next login attempt Use the silent time command to set this interval When this threshold is reached for Telnet the Telnet logon interface closes a This command applies to both the local console and Telnet connections Example To set the password threshold to five attempts enter this command Console config line password thresh 5 Console config line Related Commands silent time 4 67 4 3 6 6 silent time Use this command to set the amount of time the management console is inaccessible after the number of unsuccessful login attempts exceeds the threshold set by the password thresh command Use the no form to remove the silent time value Chapter 4 Command Line Reference 4 67 Syntax Silent time seconds no silent time seconds The number of seconds to disable console response Range 0 65535 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Console config line silent time 60 Console config line
339. work systems Spanning Tree detects and directs data along the shortest available path maximizing the performance and efficiency of the network Ports that are on separate collision domains or LAN segments An authentication protocol that uses a central server to control access to TACACS compliant devices on the network A TACACS server can be programmed with a database of multiple user name password pairs and associated privilege levels for each user or group that requires management access to this switch Defines a remote communication facility for interfacing to a terminal device over TCP IP Protocol suite that includes TCP as the primary transport protocol and IP as the network layer protocol A TCP IP protocol commonly used for software downloads Cable composed of two insulated wires twisted together to reduce electrical interference used in common telephone cord A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as though located on the same LAN A protocol used to transfer files between devices Data is grouped in 128 byte blocks and error corrected Glossary 5 Glossary 6 Sun Fire B1600 Blade System Chassis Switch Administration Guide April 2003 Index A acceptable frame types 3 114 4 12
340. your desired tasks When finished exit the session with the quit or exit command After connecting to the system through the console port the login screen displays User Access Verification Username admin Password CLI session with the Sun Fire B1600 is opened To end the CLI session enter Exit Console 4 2 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003 4 1 1 2 Telnet Connection Telnet operates over the IP transport protocol In this environment your management station and any network device you want to manage over the network must have a valid IP address Valid IP addresses consist of four numbers 0 to 255 separated by periods Each address consists of a network portion and host portion For example the IP address 10 1 0 1 consists of a network portion 10 1 0 and a host portion 1 Note The IP address for the switch is unassigned by default The management port NETMGT is assigned to VLAN 2 This port cannot be assigned to a VLAN that contains up link or down link ports To access the switch through a Telnet session you must first set the IP address for the switch and set the default gateway if you are managing the switch from a different IP subnet For example Console config interface vlan 2 Console config if ip address 10 1 0 1 255 255 255 0 Console config if exit Console config ip default gateway 10 1 0 254 If your corporate network is connected to a
341. ysLocation System Contact MIB II Read write String size 0 255 system sysContact System Up Time MIB II Read only Timeticks system in centiseconds sysUpTime System MIB II Read only String size 0 255 Description system sysDescr System Object MIB II Read only Object identifier Identification system sysObjectID MAC Address MIB II Read only Physical address interfaces ifTable ifEntry ifPhysAddress HTTP State Suyos Read write enabled 1 enabled Web Server ipMgt disabled 2 ipHttpState HTTP Port Suru 24 Read write Integer 1 65535 80 Web Server ipMgt Port ipHttpPort HTTPS State sun Read write enabled 1 enabled Secure Server ipMgt disabled 2 ipHttpsState HTTPS Port sun Read write Integer 1 65535 443 Secure Server ipMgt Port ipHttpsPort Chapter 3 General Management of the Switch 3 11 J22 Setting the IP Address By default the switch searches for its IP address default gateway and netmask using DHCP You can manually configure a specific IP address or direct the device to obtain an address from a BOOTP or DHCP server Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Any other format will not be accepted by the software Note The IP address of the switch is in fact the IP address of the VLAN containing the management port NETMGT By default the management port is on VLAN 2 Therefore by assigning an IP address to VLAN 2 you set up network access to
Download Pdf Manuals
Related Search