Extreme CLI: extremenetwork

Extreme Networks, Inc.
3585 Monroe Street
Santa Clara, California 95051
(888) 257-3000
(408) 579-2800
http://www.extremenetworks.com
Extreme Configuration Fundamentals Rev. 3.0
Published: March 2006
Part number: ECF-200/5
2 Extreme Configuration Fundamentals Rev. 3.0
© 2006 Extreme Networks, Inc. All Rights Reserved.
Alpine, Altitude, BlackDiamond, EPICenter, Ethernet Everywhere, Extreme Ethernet Everywhere, Extreme Networks, Extreme
Turbodrive, Extreme Velocity, ExtremeWare, ExtremeWorks, GlobalPx Content Director, the Go Purple Extreme Solution
Partners Logo, ServiceWatch, Summit, the Summit7i Logo, and the Color Purple, among others, are trademarks or registered
trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and other countries. Other names and marks may
be the property of their respective owners.
© 2006 Extreme Networks, Inc. All Rights Reserved.
Specifications are subject to change without notice.
The ExtremeWare XOS operating system is based, in part, on the Linux operating system. The machine-readable copy of the
corresponding source code is available for the cost of distribution. Please direct requests to Extreme Networks for more
information at the following address:
Software Licensing Department
3585 Monroe Street
Santa Clara CA 95051
NetWare and Novell are registered trademarks of Novell, Inc. Merit is a registered trademark of Merit Network, Inc. Solaris
and Java are trademarks of Sun Microsystems, Inc. F5, BIG/ip, and 3DNS are registered trademarks of F5 Networks, Inc. see/
IT is a trademark of F5 Networks, Inc.
sFlow® is a registered trademark of InMon Corporation.
All other registered trademarks, trademarks and service marks are property of their respective owners.
Extreme Configuration Fundamentals Rev. 3.0 1
Contents
Module 1 Introduction and Orientation.............................................................................................. 1
Extreme Configuration Fundamentals ............................................................................................2
Introductions ..............................................................................................................................4
Facilities ...................................................................................................................................6
Student Kit ...............................................................................................................................8
Administrative ..........................................................................................................................10
Course Prerequisite ...................................................................................................................12
High-level Student Objectives.....................................................................................................14
Agenda ...................................................................................................................................16
Agenda Continued.....................................................................................................................18
Agenda Continued.....................................................................................................................20
Introduction to the Extreme Networks Certification Program ..........................................................22
Extreme Networks Associate (Level 1) .........................................................................................24
Extreme Networks Specialist (Level 2).........................................................................................26
ENA Certification Curriculum .....................................................................................................28
ENS Certification Curriculum .....................................................................................................30
Supportive Curriculum...............................................................................................................32
Summary.................................................................................................................................34
Module 2 Extreme Networks® Product Overview............................................................................... 1
Student Objectives ......................................................................................................................2
Extreme Networks Switch Family ..................................................................................................4
Extreme Networks History of ASIC Innovation ................................................................................6
Non-Blocking Switch Fabrics........................................................................................................8
Packet Flow for i-Series Switches ...............................................................................................10
Unified Access Architecture .......................................................................................................12
Summit 200 Edge Switches.......................................................................................................14
Summit 300-24 and Summit 300-48.........................................................................................16
Altitude 300............................................................................................................................18
Summit 400-24 Switches..........................................................................................................20
Summit 400-48t Edge Switch....................................................................................................22
Summit Stacking ......................................................................................................................24
Summit Wireless Mobility ..........................................................................................................26
Summit i-Series Switches ..........................................................................................................28
Summit 48Si Edge Switch .........................................................................................................30
Alpine Chassis-based Switches ...................................................................................................32
Alpine 3800 Management Module - SMMi ..................................................................................34
Alpine 3800 Fast Ethernet Modules............................................................................................36
Alpine 3800 Power over Ethernet ...............................................................................................38
Alpine 3800 Gigabit Ethernet Modules .......................................................................................40
Alpine 3800 WAN Modules........................................................................................................42
Contents
2 Extreme Configuration Fundamentals Rev. 3.0
BlackDiamond 6816TM, 6808, and 6804 Chassis-based Switches ...............................................44
BlackDiamond 6800 Management Modules.................................................................................46
BlackDiamond 6800 Fast Ethernet and Gigabit Ethernet Modules .................................................48
BlackDiamond 6800 Gigabit Ethernet Modules with the Triumph Chip Set .....................................50
BlackDiamond 6800 Packet over SONET Modules .......................................................................52
BlackDiamond 6800 10 Gigabit Ethernet Module ........................................................................54
BlackDiamond 6800 MPLS and ARM Modules ............................................................................56
BlackDiamond 10808 4GNSS Switch .........................................................................................58
BlackDiamond 8800-series Switches ..........................................................................................60
BlackDiamond 8800 I/O Modules and Architecture ......................................................................62
Summit X450...........................................................................................................................64
SentriantTM .............................................................................................................................66
ExtremeWare ............................................................................................................................68
ExtremeWare Features ...............................................................................................................70
ExtremeWare e-Series Licensing .................................................................................................72
ExtremeWare i-Series and Triumph Licensing...............................................................................74
ExtremeWare XOS .....................................................................................................................76
ExtremeWare XOS Features ........................................................................................................78
Comparing ExtremeWare XOS and ExtremeWare...........................................................................80
ExtremeWare XOS Architecture...................................................................................................82
ExtremeWare XOS Licensing.......................................................................................................84
Extreme Networks Management Software ....................................................................................86
ExtremeWare Vista ....................................................................................................................88
Enterprise Manager EPICenter....................................................................................................90
EPICenterTM Continued ............................................................................................................92
Summary.................................................................................................................................94
Module 3 CLI Switch Management and Security................................................................................ 1
Student Objectives ......................................................................................................................2
CLI Access ................................................................................................................................4
CLI Organization .........................................................................................................................6
Virtual Routers...........................................................................................................................8
Switch Login ............................................................................................................................10
CLI - Command Prompt .............................................................................................................12
Syntax Helper ...........................................................................................................................14
CLI Abbreviated Syntax and History ............................................................................................16
Unique Name Identifiers............................................................................................................18
Management Accounts ..............................................................................................................20
Creating User Accounts .............................................................................................................22
Failsafe Login ...........................................................................................................................24
Limiting CLI Sessions and Failed Logins......................................................................................26
Restricting Telnet Access...........................................................................................................28
Displaying Switch Status ...........................................................................................................30
Displaying the Management Configuration ...................................................................................32
ExtremeWare XOS Image File Names ..........................................................................................34
ExtremeWare XOS Version Strings...............................................................................................36
Contents
Extreme Configuration Fundamentals Rev. 3.0 3
ExtremeWare Software Versions ..................................................................................................38
Software Image File Extensions ..................................................................................................40
Software Image Files in the Switch .............................................................................................42
Software Configuration Files.......................................................................................................44
Selecting Image and Configuration Files for the Next Reboot.........................................................46
File System Commands .............................................................................................................48
Copying, Renaming, and Removing Files .....................................................................................50
Assigning an IP Address to a VLAN .............................................................................................52
Upgrading the Software Image....................................................................................................54
Backing up ExtremeWare XOS Configuration Files ........................................................................56
Retrieving the Configuration .......................................................................................................58
BootStrap and BootROM............................................................................................................60
Upgrading the BootROM ............................................................................................................62
Returning the Switch to Factory Defaults.....................................................................................64
Identifying the Busiest Process...................................................................................................66
Displaying Processes .................................................................................................................68
Monitoring Process Heartbeat.....................................................................................................70
Terminating a Process ...............................................................................................................72
Starting a Process .....................................................................................................................74
Monitoring System Memory ........................................................................................................76
Monitoring Protocol Memory.......................................................................................................78
Additional Switch Management Tools ..........................................................................................80
Using Secure Shell....................................................................................................................82
Using SNMP............................................................................................................................84
SNMP Configuration Parameters.................................................................................................86
Configuring SNMP ....................................................................................................................88
Using SNTP.............................................................................................................................90
Authenticating Switch Management Users ...................................................................................92
Logging Features.......................................................................................................................94
Configuring Logging ..................................................................................................................96
Summary.................................................................................................................................98
Module 4 Layer 1 Configuration ....................................................................................................... 1
Student Objectives ......................................................................................................................2
Configuring Slot Parameters .........................................................................................................4
Switch Ethernet Port Types ..........................................................................................................6
Configurable Port Parameters .......................................................................................................8
Auto-negotiation, Speed, and Duplex ..........................................................................................10
Enabling Jumbo Frames.............................................................................................................12
Link Aggregation .......................................................................................................................14
Link Aggregation Algorithms.......................................................................................................16
Dynamic Link Aggregation..........................................................................................................18
Switch Specific Link Aggregation Support ...................................................................................20
Configuring Address-based Link Aggregation................................................................................24
Configuring Dynamic Link Aggregation ........................................................................................26
Verifying Link Aggregation..........................................................................................................28
Contents
4 Extreme Configuration Fundamentals Rev. 3.0
Port-Mirroring ...........................................................................................................................30
Extreme Discovery Protocol ........................................................................................................32
LLDP ......................................................................................................................................34
Configuring LLDP......................................................................................................................36
Summary.................................................................................................................................38
Module 5 Layer 2 Forwarding........................................................................................................... 1
Student Objectives ......................................................................................................................2
ISO Seven-layer Reference Model .................................................................................................4
Collision Domains in a Shared Medium .........................................................................................6
Carrier Sense Multiple Access with Collision Detection ...................................................................8
Transparent Bridges Used for LAN Segmentation .........................................................................10
Ethernet Frames .......................................................................................................................12
Bridge Functions......................................................................................................................14
Flooding..................................................................................................................................16
Forwarding ...............................................................................................................................18
Filtering Example ......................................................................................................................20
Forwarding Database .................................................................................................................22
FDB Entry Types .......................................................................................................................24
Configuring the FDB..................................................................................................................26
FDB Configuration Examples ......................................................................................................28
Displaying the FDB Table...........................................................................................................30
Layer-2 Security Features ..........................................................................................................32
Limiting Dynamic MAC Addresses...............................................................................................34
Locking Down MAC Addresses ....................................................................................................36
Configuring Port-based Security..................................................................................................38
Verifying and Troubleshooting Port-based Security........................................................................40
Disabling MAC Address Learning ................................................................................................42
Controlling Egress Flooding ........................................................................................................44
Summary.................................................................................................................................46
Module 6 Introduction to VLANs ....................................................................................................... 1
Student Objectives ......................................................................................................................2
Traditional LANs .........................................................................................................................4
Virtual LANs ...............................................................................................................................6
Benefits of VLANs .......................................................................................................................8
System VLANs ..........................................................................................................................10
Types of VLANs.........................................................................................................................12
Port-based VLANs .....................................................................................................................14
Verifying Port-based VLANs........................................................................................................16
Common Error Configuring Port-based VLANs ..............................................................................18
Extending VLANs Across Multiple Switches .................................................................................20
Summary.................................................................................................................................22
Contents
Extreme Configuration Fundamentals Rev. 3.0 5
Module 7 Tagged VLANs.................................................................................................................. 1
Student Objectives ......................................................................................................................2
Port-based VLANS Extended Across Multiple Switches ...................................................................4
VLAN Tagging Overview ...............................................................................................................6
Tagged VLANs on Extreme Networks Switches ...............................................................................8
Tagged Ethernet Frames ............................................................................................................10
Configuring Tagged VLANs .........................................................................................................12
Tagged VLANs on Multiple Switches Example ..............................................................................14
Examples of Bad Configuration...................................................................................................16
Summary.................................................................................................................................18
Module 8 Protocol-based and vMAN VLANs ...................................................................................... 1
Student Objectives ......................................................................................................................2
Protocol-Based VLANs .................................................................................................................4
Creating Custom Protocol Filters...................................................................................................6
Configuring Protocol-based VLANs ................................................................................................8
Protocol-based VLAN Example Configuration................................................................................10
Notes on Protocol-Based VLANs .................................................................................................12
Defining the Requirement for the vMAN Feature ..........................................................................14
The vMAN Solution ...................................................................................................................16
Configuring vMAN Tunnels.........................................................................................................18
Configuring vMan Tunnels on ExtremeWare .................................................................................20
Example vMan Configuration ......................................................................................................22
Summary.................................................................................................................................24
Module 9 Spanning Tree.................................................................................................................. 1
Student Objectives ......................................................................................................................2
Introducing the Spanning Tree Protocol.........................................................................................4
Network Redundancy...................................................................................................................6
Identifying the Solution ...............................................................................................................8
Spanning Tree Algorithm ...........................................................................................................10
Spanning Tree Port States..........................................................................................................12
How Spanning Tree Works..........................................................................................................14
Spanning Tree Protocol Building Blocks ......................................................................................16
Selecting the Root Bridge ..........................................................................................................18
Selecting the Root Port..............................................................................................................20
Selecting the Designated Bridge and Designated Port ...................................................................22
Forwarding and Blocking Ports ...................................................................................................24
Detecting Topology Changes.......................................................................................................26
Re-Calculating Port States .........................................................................................................28
Planning a Spanning Tree Topology.............................................................................................30
Configuring a Single STPD in dot1d Mode ...................................................................................32
Configuring STP Parameters.......................................................................................................34
Verifying STP............................................................................................................................36
Notes on Configuring STP ..........................................................................................................38
Spanning Tree Enhancements ....................................................................................................40
Contents
6 Extreme Configuration Fundamentals Rev. 3.0
Multiple Spanning Tree Domains ................................................................................................42
PVST+ Per VLAN Spanning Tree .................................................................................................44
Multiple STPDs Per Physical Port ...............................................................................................46
VLANs Spanning Multiple STPDs................................................................................................48
Multiple EMISTP STPDs Per VLAN .............................................................................................50
Summary.................................................................................................................................52
Module 10 IP Unicast Routing.......................................................................................................... 1
Student Objectives ......................................................................................................................2
Layer-2 versus Layer-3 Operations ................................................................................................4
Layer-2 Operations Review ...........................................................................................................6
Layer-3 IP Forwarding Operations .................................................................................................8
Layer-3 IP Forwarding Examples.................................................................................................10
Router Interfaces ......................................................................................................................12
IP Route Table..........................................................................................................................14
Types of IP Route Table Entries..................................................................................................16
Permanent Routes.....................................................................................................................18
Dynamic Route Entries ..............................................................................................................20
Multiple Entries in the Route Table.............................................................................................22
Relative Route Priorities ............................................................................................................24
Configuring IP Forwarding..........................................................................................................26
Virtual Routers in the Command Line..........................................................................................28
Configuring Router Interfaces .....................................................................................................30
Configuring Permanent Routes ...................................................................................................32
Additional IP Routing Configuration ............................................................................................34
IP Forwarding Configuration Example..........................................................................................36
Verifying the IP Route Table.......................................................................................................38
Verifying the Unicast Routing Configuration .................................................................................40
Additional Show Commands.......................................................................................................42
Unexpected Switch Behavior ......................................................................................................44
Additional IP Unicast Features ...................................................................................................46
Additional IP Unicast Features Continued....................................................................................48
Summary.................................................................................................................................50
Module 11 Configuring RIP .............................................................................................................. 1
Student Objectives ......................................................................................................................2
Limitations of Manual Configuration..............................................................................................4
RIP - A Distance Vector Routing Protocol.......................................................................................6
Limitations of RIP Version 1.........................................................................................................8
RIP Version 2 ...........................................................................................................................10
Routing Table For Routers Using RIP ..........................................................................................12
Routing Loops ..........................................................................................................................14
Counting to Infinity Problem ......................................................................................................16
Split Horizon ............................................................................................................................18
Poison Reverse .........................................................................................................................20
Triggered Updates.....................................................................................................................22
Contents
Extreme Configuration Fundamentals Rev. 3.0 7
RIP Limitations........................................................................................................................24
Configuring RIP ........................................................................................................................26
RIP Specific Configuration Commands ........................................................................................28
RIP Configuration Example ........................................................................................................30
RIP Timer and Cost Configuration Commands ..............................................................................32
Additional RIP Configuration Commands .....................................................................................34
Verifying the RIP-specific Configuration ......................................................................................36
Verifying IP Forwarding and VLAN Interface.................................................................................38
Verifying the Route Source.........................................................................................................40
Additional Show Commands.......................................................................................................42
Summary.................................................................................................................................44
Module 12 Configuring OSPF ........................................................................................................... 1
Student Objectives ......................................................................................................................2
Defining OSPF ............................................................................................................................4
OSPF Routing Hierarchy ..............................................................................................................6
OSPF Areas ...............................................................................................................................8
Identifying OSPF Components ....................................................................................................10
OSPF Router Types ...................................................................................................................12
Designated Router Types ...........................................................................................................14
Designated Router Election ........................................................................................................16
Link State Advertisement ...........................................................................................................18
OSPF LSA Types .......................................................................................................................20
How OSPF Operates ..................................................................................................................22
OSPF Router Neighbor Discovery ................................................................................................24
OSPF Hello Packets ..................................................................................................................26
LSDB Initial Synchronization......................................................................................................28
LSDB Synchronization ...............................................................................................................30
Identifying When OSPF Routing Occurs.......................................................................................32
Basic IP Configuration Review ....................................................................................................34
The OSPF Router ID ..................................................................................................................36
Configuring a Single OSPF Area..................................................................................................38
OSPF Configuration Example......................................................................................................40
Configuring Multiple OSPF Areas ................................................................................................42
Advanced OSPF Configuration ....................................................................................................44
Advanced OSPF Configuration Continued ....................................................................................46
Verifying the Basic IP Configuration ............................................................................................48
Verifying the Global OSPF Configuration......................................................................................50
Verifying OSPF Interface Configuration and Neighbor State ...........................................................52
Monitoring the LSDB .................................................................................................................54
Summary.................................................................................................................................56
Contents
8 Extreme Configuration Fundamentals Rev. 3.0
Module 13 Advanced Features ......................................................................................................... 1
Student Objectives ......................................................................................................................2
Advanced OSPF Features .............................................................................................................4
Intermediate System - Intermediate System...................................................................................6
Border Gateway Protocol ..............................................................................................................8
IP Multicasting .........................................................................................................................10
Network Address Translation ......................................................................................................12
IP Multinetting .........................................................................................................................14
Multiprotocol Label Switching ....................................................................................................16
Extreme Standby Router Protocol................................................................................................18
ESRP Continued .......................................................................................................................20
Virtual Router Redundancy Protocol ............................................................................................22
Extreme Multiple Instance Spanning Tree....................................................................................24
Ethernet Automatic Protection Switching.....................................................................................26
Software Controlled Redundant Port............................................................................................28
Net Login ................................................................................................................................30
Access Control Lists ..................................................................................................................32
Secure Protocols .......................................................................................................................34
CPU Denial of Service Protection................................................................................................36
CLEAR-Flow .............................................................................................................................38
sFLOW Statistics Sampling ........................................................................................................40
Policy-Based QoS......................................................................................................................42
Web Cache Redirection..............................................................................................................44
Server Load Balancing ...............................................................................................................46
Summary.................................................................................................................................48
Module 14 Lab Exercises................................................................................................................. 1
Lab 1 Switch Management and Security........................................................................................2
Lab 2 Configuring Layer 1..........................................................................................................12
Lab 3 Configuring Layer 2 Forwarding .........................................................................................16
Lab 4 Configuring Port-based VLANs...........................................................................................20
Lab 5 Configuring Tagged VLANs................................................................................................24
Lab 6 Configuring Protocol-based VLANs (Optional) .....................................................................28
Lab 7 Configuring vMAN VLANs .................................................................................................32
Lab 8 Configuring Spanning Tree................................................................................................38
Lab 9 Configuring Static Routing................................................................................................43
Lab 10 Configuring RIP .............................................................................................................49
Lab 11 Configuring OSPF ..........................................................................................................54
Extreme Configuration Fundamentals Rev. 3.0 1
1Module 1
Introduction and Orientation
Module 1 Introduction and Orientation
2 Extreme Configuration Fundamentals Rev. 3.0
Extreme Configuration Fundamentals
The Extreme Configuration Fundamentals training class is designed to provide students with the ability
to identify, describe, and use the features available with ExtremeWare XOSTM release 11.3 ExtremeWare
version 7.4.
Target Audience
The primary audiences for this class are end-users, partners, and Extreme Networks® technical
personnel that are seeking ENA certification.
Module Content
Module one presents an introduction to the course content, training facilities, student objectives, course
prerequisites, agenda, and certification curriculum.
Extreme Configuration Fundamentals
Extreme Configuration Fundamentals Rev. 3.0 3
Figure 1: Module Content
Module 1 Introduction and Orientation
4 Extreme Configuration Fundamentals Rev. 3.0
Introductions
Provide your name, company, job title, and experience. Please share your previous networking
experience as well as any Extreme Networks product exposure. This helps the instructor to adjust the
class according to student skill sets.
Introductions
Extreme Configuration Fundamentals Rev. 3.0 5
Figure 2: Introduction
Module 1 Introduction and Orientation
6 Extreme Configuration Fundamentals Rev. 3.0
Facilities
Familiarize yourself with the facilities, particularly where the Emergency Exits and First Aid Stations
are. Pick up a name badge from the receptionist if available.
Telephones are found near the student lounge (if there are any).
The instructor provides the training site telephone number where messages can be sent. However, only
urgent messages are immediately posted for the attention of the student concerned.
The instructor specifies any special parking considerations when necessary.
Facilities
Extreme Configuration Fundamentals Rev. 3.0 7
Figure 3: Facilities
Module 1 Introduction and Orientation
8 Extreme Configuration Fundamentals Rev. 3.0
Student Kit
The illustration lists the contents of the student kit.
Student Kit
Extreme Configuration Fundamentals Rev. 3.0 9
Figure 4: Student Kit
Module 1 Introduction and Orientation
10 Extreme Configuration Fundamentals Rev. 3.0
Administrative
The instructor circulates a class roster during the student introductions. Each student should check his
or her own information on the Class Roster. When all information is verified, initial your name.
Ensure that your name is spelled correctly the way you want it to be on the certificate at the completion
of this course.
Breaks are typically 15 minutes each and lunch is about an hour. However, the times may vary at the
discretion of the instructor.
Please silence all pagers and cell phones by turning off the audio beeps and/or muting the volume. At
the instructor's discretion, pagers/phones in vibrate mode are permitted. If you need to take a phone
call, go outside the classroom in consideration of the other students.
Questions are encouraged at any time. Lab exercises are performed after each major topic is discussed.
A student completing all the requirements of the Extreme Networks Associate (ENA) is certified and
provided an Extreme Networks Certified Training Certificate.
Administrative
Extreme Configuration Fundamentals Rev. 3.0 11
Figure 5: Administrative
Module 1 Introduction and Orientation
12 Extreme Configuration Fundamentals Rev. 3.0
Course Prerequisite
To be successful in this class, it is recommended that students complete the Extreme Introduction to
Data Networking (EDN) and Extreme Introduction to IP Routing (EIP). Alternately student must have
equivalent knowledge.
Course Prerequisite
Extreme Configuration Fundamentals Rev. 3.0 13
Figure 6: Course Pre-requisite
Module 1 Introduction and Orientation
14 Extreme Configuration Fundamentals Rev. 3.0
High-level Student Objectives
The illustrations list the high-level student objectives for this course.
High-level Student Objectives
Extreme Configuration Fundamentals Rev. 3.0 15
Figure 7: Student Objectives
Figure 8: Student Objectives Continued
Module 1 Introduction and Orientation
16 Extreme Configuration Fundamentals Rev. 3.0
Agenda
Agenda
Extreme Configuration Fundamentals Rev. 3.0 17
Figure 9: Day 1 - Agenda
Figure 10: Day 2 - Agenda
Module 1 Introduction and Orientation
18 Extreme Configuration Fundamentals Rev. 3.0
Agenda Continued
Agenda Continued
Extreme Configuration Fundamentals Rev. 3.0 19
Figure 11: Day 3 - Agenda
Figure 12: Day 4- Agenda
Module 1 Introduction and Orientation
20 Extreme Configuration Fundamentals Rev. 3.0
Agenda Continued
Agenda Continued
Extreme Configuration Fundamentals Rev. 3.0 21
Figure 13: Day 5 - Agenda
Module 1 Introduction and Orientation
22 Extreme Configuration Fundamentals Rev. 3.0
Introduction to the Extreme Networks Certification Program
Career certification is available from many of places. But we're talking about Extreme Networks
certification, an innovative, comprehensive approach to certification.
Our lab-intensive learning environments and hands-on exam requirements mean that you become
Extreme Networks-certified with proven experience and skills to successfully deploy and manage
Extreme Networks products in a variety of network environments.
The Extreme Networks certification program authenticates your skill set and supercharges your IT
career, bringing measurable benefits to you, your department, and your company.
Certification Levels:
● Level 1 Extreme Networks Associate (ENA)
● Level 2 Extreme Networks Specialist (ENS)
Introduction to the Extreme Networks Certification Program
Extreme Configuration Fundamentals Rev. 3.0 23
Figure 14: Introduction to Extreme Networks Certification Program
Figure 15: Extreme Networks Certification Program
Module 1 Introduction and Orientation
24 Extreme Configuration Fundamentals Rev. 3.0
Extreme Networks Associate (Level 1)
The Extreme Networks Associate (ENA) certification confirms your knowledge of the Extreme
Networks product portfolio and configuring and managing Extreme Networks switches in layer-2 and
layer-3 environments. The certification is intended for individuals responsible for the installation,
configuration, and management of Extreme Networks products.
Receive your ENA Certification
The ENA Certification level establishes the foundation for all Extreme Networks certification program
levels.
Successful completion of the ECF training course in full provides ENA certification.
A certificate with a unique certification number is issued immediately. ENA certification is valid for 2
years.
Alternatively, an 80-question exam can be taken to validate the candidates' knowledge of basic Extreme
Networks hardware configuration using the ExtremeWare command line interface (CLI).
Extreme Networks Authorized Training Partners (ATP) administer the ENA certification tests. The cost
of the exam is equal to one day of training or one training voucher.
Candidates who achieve a score of 75% or greater are awarded the distinction of Extreme Networks
Associate.
Follow these steps to register for the ECF training class or the stand-alone Extreme Networks Associate
exam:
1 Direct your web browser to www.extremenetworks.com.
2 From the web page you can select an Extreme Networks ATP test center in your region.
3 Be sure to bring valid, government issued photo identification to the testing location.
Extreme Networks Associate (Level 1)
Extreme Configuration Fundamentals Rev. 3.0 25
Figure 16: Extreme Networks Associate (Level 1)
Module 1 Introduction and Orientation
26 Extreme Configuration Fundamentals Rev. 3.0
Extreme Networks Specialist (Level 2)
The Extreme Networks Specialist (ENS) certification represents a solid foundation of networking skills
for individuals responsible for advanced configuring, managing, maintaining, and troubleshooting of
Extreme Networks products. The pre-requisite for this certification is completion of the ENA
certification level.
ENS certified skills include:
● Configure Extreme Networks advanced redundancy features.
● Configure Extreme Networks advanced multicast routing features.
● Configure Extreme Networks switches in complex routing environments.
● Configure Extreme Networks switches advanced security features.
● Troubleshoot Extreme Networks switches for layer-2 and layer-3 networking problems.
ENS certification is valid for 2 years.
The exam is administered by selected Extreme Networks Authorized Training Partners.
First-Level TAC Bypass with ENS Certification
ENS certified customers with a valid service contract have direct access to Tier 2 Technical Assistance
Center (TAC) support. They are able to bypass Level 1 TAC.
ENS Exam
Scheduling this exam is similar to scheduling the ENA exam. Direct your web browser to
www.extremenetworks.com.
From the web page you can select an Extreme Networks ATP test center in your region.
The ENS exam is a 4-hour hands-on exam performed at and guided by one of Extreme Networks ATP
test centers.
The exam is comprised of four parts. One part consists of 30 multiple choice questions. The other three
parts consists of hands-on practical exams based on three of the four training classes in the ENS
curriculum. Candidates must achieve a score of 75% to be certified. The price for this exam is a single
one-day training voucher.
Successful candidates receive an ENS certificate with a unique certification number immediately upon
passing the exam.
Be sure to bring a valid, government issued, photo identification to the testing location.
Extreme Networks Specialist (Level 2)
Extreme Configuration Fundamentals Rev. 3.0 27
Figure 17: Extreme Networks Specialist (Level 2)
Figure 18: Extreme Networks Specialist (Level 2) Continued
Module 1 Introduction and Orientation
28 Extreme Configuration Fundamentals Rev. 3.0
ENA Certification Curriculum
The curriculum consists of instructor led courses, which provide students with the skill level described
in the certification overview. The courses are grouped so you can easily determine which courses are
needed for a certain certification level.
Extreme Introduction to Data Networking (EDN-100/3)
This training is intended for people who are new to networking, or those that want to refresh their
knowledge. This course does not include specific Extreme Networks features, but covers the basic
concepts and principles of Data Networking. Topics include: History of Networking, The OSI model,
Ethernet, Ethernet devices (NIC, repeater, hub, bridge, switch). The knowledge gained from this course
is prerequisite for attending ECF-200/5.
Extreme Introduction to IP Routing (EIP-100/2)
This course is intended for people that need to have a foundation on IP and IP-routing protocols. The
content of this course is a prerequisite for attending the ECF-200 course and includes: TCP/IP overview,
IP-addressing, IP-subnetting, TCP/IP applications, the principles of routing, and an overview of the RIP
and OSPF routing protocols. The knowledge gained from this course is prerequisite for attending ECF-
200/5.
Extreme Configuration Fundamentals (ECF-200/5)
This course is designed for people responsible for the installation, configuration, management, support,
and troubleshooting of the Extreme Networks family of switch products. Students receive an overview
of Extreme Networks software, the switch command line interface, the hardware features, and the
software features. Students learn to:
● Login to the switch and create new user accounts.
● Download software updates and backup configuration files.
● Configure layer-2 switching functions.
● Create port-based, protocol-based, and tagged VLANS.
● Create vMan VLAN tunnels.
● Configure the Spanning Tree Protocol.
● Configure basic RIP and OSPF functions.
Students are also introduced to advanced features.
This course is based primarily on ExtremeWare XOS.
ENA Certification Curriculum
Extreme Configuration Fundamentals Rev. 3.0 29
Figure 19: ENA Certification Curriculum
Module 1 Introduction and Orientation
30 Extreme Configuration Fundamentals Rev. 3.0
ENS Certification Curriculum
Extreme Security Fundamentals (ESF-300/3)
This course is tailored for those people who need to implement and maintain security in the network
with features as such ACLs, QoS, DoS protection, network login and NAT. The knowledge that can be
obtained from the ECF-200/5 course is a prerequisite for attending the ESF training.
Extreme Redundancy Fundamentals (ERF-300/2)
This course is intended for people who build and maintain redundant networks using advanced
features such as EMISTP, EAPS, ESRP, and VRRP. The knowledge that can be obtained from the ECF-
200/5 course is a prerequisite for the ERF training.
Extreme Multicast Routing (EMR-300/2)
This course covers multicasting concepts and operation and Extreme Networks Multicast Features
including the IGMP, PIM-DM, and PIM-SM protocols. Additional multicasting protocols are also
presented. The knowledge that can be obtained from the ECF-200/5 course is a prerequisite for
attending the EMR training. This course is based primarily on ExtremeWare XOS.
Extreme Interior Gateway Protocols (EIGP-300/2)
This course is designed for those individuals responsible for the installation, configuration,
management, support, and use of the Extreme Networks switches in a routed environment. This course
is ideal for individuals who are familiar with layer-3 routing but desire a more comprehensive
discussion on how to set up an OSPF network using Extreme Networks products. The knowledge that
can be obtained from the ECF-200/5 course is a prerequisite for the EIGP training. This course is based
primarily on ExtremeWare XOS.
ENS Certification Curriculum
Extreme Configuration Fundamentals Rev. 3.0 31
Figure 20: ENS Certification Curriculum
Module 1 Introduction and Orientation
32 Extreme Configuration Fundamentals Rev. 3.0
Supportive Curriculum
The following courses are currently elective.
Border Gateway Protocol Concepts and Configuration (BGP-220c)
This course is designed for Internet Service Providers (ISP), individuals connecting to ISPs, and those
that want to configure BGP4 on the Extreme Networks family of switch products.
ExtremeWare Unified Access (EUA-310/3)
The course is designed to provide students with the skills to design, configure, manage, support, and
use the Extreme Networks SummitTM 300-48 and the AltitudeTM 300 for both wireless and wired secure
network access.
EPICenter 5.0 Tutorial
This is a task-based interactive tool for learning how to use EPICenter software to efficiently manage,
monitor, and configure your network. The tutorial includes seven modules and is presented using text,
video, demonstrations, quizzes, and interactive scenarios. It is available on CD-ROM.
Supportive Curriculum
Extreme Configuration Fundamentals Rev. 3.0 33
Figure 21: Supportive Curriculum
Figure 22: Certification and Curriculum Updates
Module 1 Introduction and Orientation
34 Extreme Configuration Fundamentals Rev. 3.0
Summary
Summary
Extreme Configuration Fundamentals Rev. 3.0 35
Figure 23: Summary
Module 1 Introduction and Orientation
36 Extreme Configuration Fundamentals Rev. 3.0
Extreme Configuration Fundamentals Rev. 3.0 1
2Module 2
Extreme Networks® Product Overview
Module 2 Extreme Networks® Product Overview
2 Extreme Configuration Fundamentals Rev. 3.0
Student Objectives
Module two provides an overview of the Extreme Networks® switch family, including hardware,
software, and the Extreme Networks switch architecture.
Upon completion of this module, the successful student will be able to:
● Briefly describe the Extreme Networks Switch family.
● Identify the unique features of each switch.
● Describe Extreme Networks Product Hardware and Software Features.
● Describe ExtremeWare XOS® and ExtremeWare Release versions.
● Describe ExtremeWare XOS® and ExtremeWare software licenses.
● Identify Extreme Networks Products Hardware.
■ Summit® switches, chassis-based AlpineTM switches, and BlackDiamond® switches.
● Identify which types of traffic are switched through the fast path and which are forwarded through
the slow path.
● Describe Extreme Networks EPICenterTM management software.
Student Objectives
Extreme Configuration Fundamentals Rev. 3.0 3
Figure 1: Student Objectives
Module 2 Extreme Networks® Product Overview
4 Extreme Configuration Fundamentals Rev. 3.0
Extreme Networks Switch Family
Extreme Networks Summit edge switches, modular Alpine Ethernet service provisioning switches, and
modular BlackDiamond core switches meet evolving business requirements by delivering scalable
speed, bandwidth, network size, and quality of service to today's networks.
Within each Summit, Alpine, and BlackDiamond is a non-blocking switch fabric that provides full wirespeed
layer-3 and layer-2 performance. The backplane capacity of Summit, Alpine, and BlackDiamond
is greater than the aggregation of all its ports, so data is not lost - even when the network load requires
all ports to deliver full bandwidth.
All Extreme Networks switches come pre-installed with either ExtremeWare XOS or ExtremeWare
standards-based software suite. ExtremeWare XOS and ExtremeWare combine industry-standard
protocols to ensure interoperability with legacy switches and routers, plus policy-based Quality of
Service (QoS) for bandwidth management and traffic prioritization in today's networks.
Extreme Networks Switch Family
Extreme Configuration Fundamentals Rev. 3.0 5
Figure 2: Extreme Networks Switch Family
Module 2 Extreme Networks® Product Overview
6 Extreme Configuration Fundamentals Rev. 3.0
Extreme Networks History of ASIC Innovation
Extreme Networks develops their own Application Specific Integrated Circuit (ASIC) chips internally.
The ASIC chip set can examine a packet in greater detail (For example: going into layer-3 IP
information.), than traditional software based routers. ASIC chip sets are comprised of several chips.
Four generations of ASIC chip sets have been developed.
First Generation
The first generation of ASICs developed in 1997 can be found in the early Summit and BlackDiamond
products like the Summit 24, Summit 48, and the BlackDiamond 6800 with MSM-32. This ASIC chip set
introduced the market to the benefits of non-blocking and wire-speed layer-2 and layer-3 performance.
First generation chip set products require ExtremeWare version 4.1.x.
Second Generation
The i-series ASIC chip set, introduced in 2000, leverages the consistent architecture and feature set of the
first-generation chip set, but with four times the density, twice the clock speed, and half the power
consumption per port. In addition, a QoS Manager and Traffic Group Controller are integrated into the
i-series ASIC. Protocol Processing is increased with Dual Processors running 64 bits at 166 MHz.
All Extreme Networks products that end with an "i", from the Summit1i, 5i, 7i, 48i, 48si switches to
BlackDiamond 6800 chassis blades, are based on this 2nd generation ASIC chip set. The i-series chip set
products require ExtremeWare version 6.1 or higher.
Third Generation
The Triumph chip set, introduced in 2003, increases the Gigabit Ethernet density, scalability, and
performance on Extreme Networks modular switches. The Triumph chip set introduces T-Control,
enabling powerful traffic throughput management. Modules with the Triumph chip set are referred to
as the “3” series in documentation.
Fourth Generation
Extreme Network's fourth generation network silicon system (4GNSS) chip set provides a non-stop
architecture with self-healing hardware/software. An architecture that is ready for anything with
programmable ASICs where the network becomes a utility and failure is no option.
Third-party ASICs
Depending on customer requirements there might be (edge) areas in the network that do not need the
capacity, performance, and functionality of the 4GNSS chip set. To meet these demands Extreme
Networks also provides edge switches, like the e-series Summit 200, Summit 300, and Summit 400
switches with an architecture that is based on third-party ASICs. The new BlackDiamond 8800 series and
Summit X450 switches also employ third-party ASICs.
Extreme Networks History of ASIC Innovation
Extreme Configuration Fundamentals Rev. 3.0 7
Figure 3: ASIC Innovation
Module 2 Extreme Networks® Product Overview
8 Extreme Configuration Fundamentals Rev. 3.0
Non-Blocking Switch Fabrics
The architecture of the Summit, Alpine, and BlackDiamond switches have a non-blocking switch fabric
that eliminates the performance penalties associated with slower legacy router environments.
This means that the internal capacity of the switch matches or exceeds the full-duplex bandwidth
requirements of all its ports.
Operating in full-duplex mode on each port, Summit, Alpine, and BlackDiamond switches process a full
gigabit of data in each direction.
The result is that the hardware architecture never causes packet loss due to over subscription.
There are exceptions to this philosophy due to commercial constraints.
One hundred percent non-blocking capacity is not a demand in all circumstances and therefore price
competitive equipment is also available.
For example;
The BlackDiamond 6800 F96Ti I/O module provides 96 * 10/100 Ethernet ports.
Assuming that all ports are occupied and generating maximum traffic with a speed of 100 Mbps then
the total theoretical load is 9.6 Gbps.
If all this traffic is destined for egress ports on other modules it is greater than the 8 Gbps connection
between the I/O module and the switch backplane.
Non-Blocking Switch Fabrics
Extreme Configuration Fundamentals Rev. 3.0 9
Figure 4: Non-Blocking Switch Fabrics
Module 2 Extreme Networks® Product Overview
10 Extreme Configuration Fundamentals Rev. 3.0
Packet Flow for i-Series Switches
A switch fabric is essentially an extremely high-speed data path called a packet bus (P-Bus) connecting
multiple ports and using a set of ASICs and storage to make intelligent forwarding decisions.
The illustration shows the packet flow for i-series and Triumph-based switches.
Fast Path Switching
Fast path switching is also referred to as switching in hardware.
1 Packets typically enter the switch through the PHY ports and the MAC device layers. This is where
Ethernet CRC checking and IP checksum validation occur.
2 Through the PBUS the packet is transferred into the switch fabric and temporarily stored in packet
memory by the direct memory access controller (DMAC).
3 In the switch fabric the content of the packet is compared with the entries in the Forwarding
Database (FDB).
4 If there is a match, the packet is transferred from the temporary buffer, through the PBUS towards
the MAC device layer.
This MAC device layer modifies time to live (TTL) and recalculates the Ethernet checksum and
transmits the packet into the correct hardware que of the physical (egress) port.
Slow Path Switching
Sometimes also referred to as switching in software because slow path switching involves the CPU.
Step 1, 2 and 3 are identical to the fast path description, but the outcome of the FDB check is negative.
In other words there is no match.
At this point the CPU examines the packet and makes a forwarding decision. This forwarding decision
can be:
● Based on L2, this means that the packet is flooded out to all the ports in that broadcast domain
(VLAN) to locate the unknown destination MAC address.
● Based on L3 when the packet is destined for another subnetwork. The switch uses the IP routing
table to make the forwarding decision.
Once the forwarding decision is made, the packet is removed from the buffer and sent over the PBUS
towards the MAC device layer and physical port.
The next step for the CPU is to add this information as a new entry into the FDB ensuring that future
traffic to this address is forwarded in the fast path.
For L3 traffic the routing table is consulted once only. After the next hop IP router or the ultimate IP
destination address responds to an ARP request, the subsequent packets are switched through the fast
path.
For layer-2 traffic, the CPU learns which port is connected to the destination address. The destination
port is learned when the destination replies to the flooded packet.
Packet Flow for i-Series Switches
Extreme Configuration Fundamentals Rev. 3.0 11
Figure 5: Switch Packet Flow
Figure 6: Fast Path and Slow Path Switching
Module 2 Extreme Networks® Product Overview
12 Extreme Configuration Fundamentals Rev. 3.0
Unified Access Architecture
Unified Access from Extreme Networks provides switches capable of delivering wired and wireless
applications across a completely integrated enterprise infrastructure.
Modular, hot-swappable load-sharing power supplies, as well as integrated 802.3af Power over Ethernet
(PoE), provide the reliability required for enterprise-class services, including voice-over-IP (VoIP) and
other PoE applications.
The combination of a Summit 300, Summit 400-24, Alpine 3800, or BlackDiamond 8800 switch and the
Altitude 300 wireless port set the standard for secure, scalable, and manageable wireless switching.
The Altitude 300 wireless access point (AP) inherits software and configuration information as soon as
it is connected to a Summit 300-48.
If stolen, the Altitude 300 is immediately rendered inoperable.
The Altitude 300 handles encryption directly in hardware, outperforming access points that rely on
software-based encryption. The wireless port implements the Advanced Encryption Standard (AES) and
Wi-Fi Protected Access (WPA) to ensure superior security.
The Altitude 300 and Unified Access switches work together to authenticate users, employing IEEE
802.1x and a Remote Authentication Dial-In User Service (RADIUS) server to grant or deny wireless
network access running 802.11a/b/g.
Unified Access extends the centralized network management of EPICenter and the unparalleled policy
management of Extreme Networks switches to wired and wireless users.
Unified Access Architecture
Extreme Configuration Fundamentals Rev. 3.0 13
Figure 7: Unified Access Architecture
Module 2 Extreme Networks® Product Overview
14 Extreme Configuration Fundamentals Rev. 3.0
Summit 200 Edge Switches
The Summit 200-24 and 200-48 edge switches share the following characteristics:
● Fixed configuration
● 24 or 48 10/100BASE-T interface
● 2 mini Gigabit Interface Connectors (GBIC) and 2 1000BASE-T (2 active gigabit uplinks)
● Non-blocking fabric
■ 13.6 Gbps for the 200-48 and 8.8 Gbps for the 200-24
● Edge and Advanced Edge ExtremeWare software licenses
■ Edge license includes basic ExtremeWare with RIP, QoS, ACLs, Spanning Tree, EAPS Edge
Support
■ Advanced Edge features include OSPF, Network Login, Extreme Automatic Protection Switching
version 1 (EAPSv1), Extreme Standby Router Protocol (ESRP)-aware
● e-series chip set
● Single AC PSU
● 1 Rack Unit, 12.2"/8.3" deep
● 4 QoS queues
● 256 Virtual Local Area Networks (VLANs) (port, 802.1Q)
Summit 200-24 and 200-48 Uplink Redundancy
The Summit 200 supports an automatic failover from an active fiber port to a copper back up or from
an active copper port to a fiber port. If one of the uplink connections fails, then the Summit 200 uplink
connection automatically fails over to the second connection. On the Summit 200-24, ports 25 and 26 are
the Gigabit Ethernet ports that have the redundant PHY interfaces. On the Summit 200-48 switch ports
49 and 50 are the Gigabit Ethernet ports that have redundant PHY interfaces.
Summit 200 Edge Switches
Extreme Configuration Fundamentals Rev. 3.0 15
Figure 8: Summit 200 Edge Switches
Module 2 Extreme Networks® Product Overview
16 Extreme Configuration Fundamentals Rev. 3.0
Summit 300-24 and Summit 300-48
The Summit 300-24™, Summit 300-48™, and Altitude 300-2™ support wireless and Power over Ethernet
(PoE) networks.
Summit 300-24 Switch
The Summit 300-24 has the following characteristics:
● Fixed configuration
● 24 autosensing 10BASE-T/100BASE-TX ports using RJ-45 connectors.
● Two 10/100/1000BASE-T Gigabit Ethernet uplink ports or two optical Small Form-factor pluggable
(SFP) GBICs using LC optical fiber connectors. (1000BASE-SX, 1000BASE-LX, or 1000BASE-ZX)
● Non-blocking switch fabric
■ 8.8 Gbps
● Edge or Advance Edge ExtremeWare licenses
● e-series chip set
● One rack unit high
● Single AC power supply
● 370W of available power for PoE devices, supporting up to 24 IEEE 802.3af Class 3 (15.4W) devices
● External redundant power supply available optionally
Summit 300-48 Switch
The Summit-48 has many of the same features as the Summit-24. The Summit 300-48 also has the
following characteristics:
● 48 10/100 Ethernet ports and four copper and GBIC ports
● Non-blocking switch fabric
■ 12 Gbps
● Two rack units high.
● Advanced Edge ExtremeWare software license
● Hot-swappable redundant power supplies.
● 802.3af PoE compliant on all 10/100 ports for wireless networks and VoIP deployments.
Summit 300-24 and Summit 300-48
Extreme Configuration Fundamentals Rev. 3.0 17
Figure 9: Summit 300-24 and Summit 300-48
Figure 10: Summit 300-24 and Summit 300-48 Switch Front Views
RVN24001A
10/100 Mbps ports Console
port
Mini-GBIC
port status LEDs
Management
LED
PSU LEDs
Fan LED
Mini-GBIC/
1000-baseX ports
10/100/1000-baseT ports
LB48001
10/100 Mbps ports with PoE
Expansion module slot
Console port
Mini-GBIC ports
10/100/1000 Mbps ports
Module 2 Extreme Networks® Product Overview
18 Extreme Configuration Fundamentals Rev. 3.0
Altitude 300
The Altitude 300-2 dual-band wireless access point provides transparent, high-speed data
communications between the Summit 300 family of wired LAN products and wireless mobile devices
equipped with 802.11a, and 802.11b/g adapters. The altitude receives it’s power from a POE port on the
switch.
The Altitude 300-2 wireless access point comes in two models. The first, the Altitude-2i™, is a unit with
integrated, dual band antennas and the second, the Altitude-2d™, is a unit with external antenna
connectors.
The Altitude 300 can inherit software and configuration information as soon as it is connected through a
PoE port to a Summit 300. Encryption supports the following:
■ Wired Equivalent Privacy (WEP), 802.11i draft, Wi-Fi Protected Access (WPA)
■ Advanced Encryption Standard (AES), The Temporal Key Integrity Protocol (TKIP)
Authentication for legacy devices using for 802.1x compliant devices supports the following:
■ PEAP
■ EAP-TLS, EAP-TTLS, EAP-MD5
Ceiling-mount, wall-mount, tabletop mounting options.
Fixed and detachable antenna options.
Altitude 300
Extreme Configuration Fundamentals Rev. 3.0 19
Figure 11: Altitude 300
Module 2 Extreme Networks® Product Overview
20 Extreme Configuration Fundamentals Rev. 3.0
Summit 400-24 Switches
The Summit 400-24t or 400-24p switch is a compact enclosure.
The Summit 400-24 has the following characteristics:
● Fixed configuration
● 24 autosensing 10/100/1000BASE-T ports using RJ-45 connectors. (Summit 400-24t)
● 24 autosensing 10/100/1000BASE-T ports supporting POE. (Summit 400-24p)
● 4 fiber SFP (mini-GBIC 1000BASE-SX, 1000BASE-LX, and 1000BASE-ZX) The fiber ports share a PHY
with the last four copper ports.
● 2 dedicated stacking ports (10 Gigabit)
● Non-blocking switch fabric
■ 80 Gbps
● Edge and Advanced Edge ExtremeWare licenses
● e-series chip set
● One rack unit high
● Single AC power supply
● Support for redundant power using the optional EPS 160 External Power Supply (Summit 400-24t)
or the EPS-LD External Power Supply (Summit 400-24p)
Summit 400-24 Switches
Extreme Configuration Fundamentals Rev. 3.0 21
Figure 12: Summit 400-24t Front Panel
Figure 13: Summit 400-24t Rear Panel
STACK NO.
MGMT
FAN
PSU-I
PSU-E
Shared Ports
Stack
Port
St-1
St-2
Solid ON - Link
Blinking - Activity
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
21X 22X 23X 24X
ES4K032
10/100/1000 Mbps ports
Console
Mini-GBIC ports port
Shared ports
Stack Number
LED
ES4K035A
10 Gigabit
stacking ports
External power
supply connection
Power socket
Module 2 Extreme Networks® Product Overview
22 Extreme Configuration Fundamentals Rev. 3.0
Summit 400-48t Edge Switch
The Summit 400-48t has the following characteristics:
● Fixed configuration
● 48 autosensing 10/100/1000BASE-T ports using RJ-45 connectors
● 4 Fiber gigabit SFP uplink ports shared with 1000BASE-T.
● Optional two modular 10 Gigabit Ethernet uplink ports. ZR XENPAK and LX4 XENPAK
● 10/100/1000 out-of-band management port
● 2 dedicated stacking ports (10 Gigabit)
● Non-blocking switch fabric
■ 160 Gbps
● Advance Edge ExtremeWare licenses
● e-series chip set
● One rack unit high
● Single AC power supply
● 370W of available power for PoE devices, supporting up to 24 IEEE 802.3af Class 3 (15.4W) devices
● External redundant power supply option
Summit 400 Uplink Redundancy
The four fiber ports and the last four of the 10/100/1000BASE-T ports are designed as combination
ports for uplink redundancy. When a pair of ports is shared, only the fiber port or only the copper port
can be active at the same time. For example, if copper port 21 goes down while transmitting packets,
fiber port 21X activates and becomes the primary link.
Summit 400 Optional Features
The Summit XEN Card is an additional card that adds one or two 10 Gigabit uplink modules through
the back of the Summit 400-48t. The modular 10 Gigabit Ethernet design can be quickly upgraded in the
field making this an ideal switch for both wiring closet implementations and enterprise branch offices.
The Extreme Networks External Power System (EPS) allows you to add a redundant power supply to
the Summit 400 switch to protect against a power supply failure.
The Summit 400 10 Gigabit uplink supports the following features:
● 4 ports of SFP Mini GBICs (logically shared with the 1000BASE-T ports)
■ SR XENPAK for the 850 nm range
■ LR XENPAK for the 1310 nm range
■ ER XENPAK for the 1550 nm range
Summit 400-48t Edge Switch
Extreme Configuration Fundamentals Rev. 3.0 23
Figure 14: Summit 400-48t Front View
Figure 15: Summit 400-48t Rear View
ES4K001
10/100 Mbps ports
Console
Mini-GBIC ports port
ES4K018A
10 Gigabit
uplink option
Mgmt port
Compact flash
(reserved for future)
10 Gigabit stacking ports
(reserved for future)
Power socket
External power
supply connection
Module 2 Extreme Networks® Product Overview
24 Extreme Configuration Fundamentals Rev. 3.0
Summit Stacking
The Summit 200, 300, and 400 e-series switches can be installed in a stacked configuration that is
managed as one switching entity. The Summit 200 and 300 series switches use the Gigabit Ethernet
ports on the front of the switches as the stacking connectors for interconnecting to other switches in a
stacked configuration. The Summit 400 series switches use dedicated stacking ports on the back of the
switch.
In a mixed-platform stack, the 1-gigabit Ethernet ports on the front panel can be used to connect the
Summit 400-24 switch to a Summit 200-series or 300-series switch.
Although software supports up to eight switches in a stack, certain hardware restrictions do not allow
stacking eight units of some types. Each switch type is assigned a platform weight or slot budget to be
used in determining the total number of switches allowed in the stack. The Summit 400 series switches
also have an assigned platform weight for installed 10-gigabit dual uplink ports.
The sum of all platform weights in the stack must be no greater than 32. The total number of switches
must be no greater than 8.
A Unit Stacking ID Number LED is available on the Summit 300-24, 200-24, and 400-24/48 switches.
When several Summit 200-24 switches are interconnected (stacked), each switch is assigned a unique
stacking ID number that is visible in the unit stacking ID number LED. The switch acting as the stack
master is usually assigned the number 1.
Table 1: Stacking ports on Summit “e” series switches
Switch Model Ports
Summit 200-24 25, 26
Summit 200-48 49, 50
Summit 300-24 25, 26
Summit 400-24t/24p Stacking ports 25, 26 on the back, or any Gigabit Ethernet port on the front
Summit 400-48t Stacking ports 52, 53 on the back, or any Gigabit Ethernet port on the front
Table 2: Summit switch platform weights for stacking
Platform Platform Weight
Summit 200-24 1
Summit 200-48t 2
Summit 300-24 1
Summit 400-24 2
Summit 400-48 4
10-gigabit uplink module 2
Summit Stacking
Extreme Configuration Fundamentals Rev. 3.0 25
Figure 16: Summit Stacking
Figure 17: Mixed Summit Stack Configuration
Rear View of
Summit 400-48s
EW74003C
Module 2 Extreme Networks® Product Overview
26 Extreme Configuration Fundamentals Rev. 3.0
Summit Wireless Mobility
The Summit® Wireless Mobility (WM) series of switches deliver a high-performance wireless LAN
solution that is easy to use and secure.
The Summit WM has the capability to support high-speed, cross-subnetwork roaming. Each switch can
support up to 200 access points while providing centralized management for remote branch office
installations.
Administration
Summit Wireless Mobility Access Domains (WM-AD) help administrators easily define profiles for
different categories of users, groups, devices or applications.
QoS is easy to configure for different classes of users through the WM-ADs.
At the radio level, the AutoCell feature will detect AP failures and boost the power output of the
neighboring APs to compensate for the gap in coverage.
Security
The Summit WM series simplifies setup and operation through its extensive dynamic RF management
capabilities. Dynamic radio Out-of-the-box AP installation is easy.
Each WM-AD specifies how the wireless user or device should authenticate.
The Summit WM series offers privacy options ranging from unencrypted communication for guests,
shared key for phones and PDAs, to WPAv1, and WPA–v2.
The Summit WM Spy capability provides intrusion detection by scanning multiple bands and channels
to locate unauthorized rogue access points.
Altitude 350-2
The Altitude 350-2 is a dual-radio Access Point capable of supporting 802.11a/b/g standards. It requires
a Summit WM series switch for operation.
Internal or external antenna options are available.
Summit Wireless Mobility
Extreme Configuration Fundamentals Rev. 3.0 27
Figure 18: Summit Wireless Mobility
Figure 19: Altitude 350-2 Access Point
Module 2 Extreme Networks® Product Overview
28 Extreme Configuration Fundamentals Rev. 3.0
Summit i-Series Switches
The Summit fixed-configuration switches deliver high-performance multilayer Ethernet switching to
wiring-closets, aggregation points, and the network edge in an affordable compact form factor. Ideally
suited for networks where space and costs are a concern, Summit switches are capable of delivering the
advanced routing, security, and quality of service features normally found in chassis-based switches.
All three switches support:
● Basic and Full layer-3 ExtremeWare software license
● i-series chip set
● Optional redundant power supplies
Summit1i
● Fixed configuration
● Either 6 1000SX or 6 autosensing 100/1000BASE-TX ports using RJ-45 connectors
● 2 1000BaseX GBIC Ports
● Non-blocking switch fabric
■ 17.5 Gbps
● Two rack units high.
Summit5i
● 4 1000BaseX GBIC Ports
● Any one of the following:
■ 12 fixed 100/1000BASE-T ports
■ 12 fixed 1000BASE-SX ports
■ 12 fixed 1000BASE-LX ports
● Non-blocking switch fabric
■ 32 Gbps
● Two rack units high.
Summit7i
● 4 1000BaseX GBIC Ports
● Either 28 1000SX or 28 100/1000TX Ports
● Non-blocking switch fabric
■ 64 Gbps
● Four rack units high.
Summit i-Series Switches
Extreme Configuration Fundamentals Rev. 3.0 29
Figure 20: Summit i-Series Switches
Module 2 Extreme Networks® Product Overview
30 Extreme Configuration Fundamentals Rev. 3.0
Summit 48Si Edge Switch
The Summit 48si has the following characteristics:
● Fixed configuration
● 48 autosensing 10BASE-T/100BASE-TX ports using RJ-45 connectors.
● 2 active Mini-GBIC Gigabit Ethernet ports
● Non-blocking switch fabric
■ 17.5 Gbps
● Basic and Full layer-3 ExtremeWare software licenses
● i-series chip set
● One rack unit high.
● Dual hot-swappable power supplies
Summit 48Si Edge Switch
Extreme Configuration Fundamentals Rev. 3.0 31
Figure 21: Summit 48-Si Edge Switch
Module 2 Extreme Networks® Product Overview
32 Extreme Configuration Fundamentals Rev. 3.0
Alpine Chassis-based Switches
This section describes the chassis-based Alpine 3802 switch, the Alpine 3804 switch, and the Alpine 3808
switch. All three switches support:
● Basic and Full layer-3 ExtremeWare software license
● i-series chip set
● Fully redundant, load-sharing, hot-swappable power supplies
● Hot swappable fan tray
● Active Backplane
Alpine 3802 Switch
● 3-slot chassis with an active backplane
● One integrated SMMi management module
● Three I/O module slots, slot 3 is intended for Wide Area Network (WAN) modules.
● Non-blocking switch fabric
■ 16 Gbps
● Four rack units high
CAUTION
The Alpine 3802 switch has an integrated Switch Management Module (SMMi). This integrated SMMi is not hot
swappable or user removable. Do not attempt to remove the integrated Switch Management Module.
Alpine 3804 Switch
● One 5-slot chassis with an active backplane
● 4 I/O module slots
● One SMMi switch management module slot
● Non-blocking switch fabric
■ 32 Gbps
● Six rack units high
Alpine 3808 Switch
● One 9-slot chassis with an active backplane
● One SMMi switch management module slot
● 8 I/O module slots
● Non-blocking switch fabric
■ 64 Gbps
● 12 rack units high
Alpine Chassis-based Switches
Extreme Configuration Fundamentals Rev. 3.0 33
Figure 22: Alpine Chassis-based Switches
Module 2 Extreme Networks® Product Overview
34 Extreme Configuration Fundamentals Rev. 3.0
Alpine 3800 Management Module - SMMi
The Switch Management Module (SMMi) is responsible for upper-layer protocol processing and switch
management functions.
The SMMi can store two ExtremeWare software images and two switch configurations.
The SMMi has the following out-of-band management ports:
● Console port (used to connect a terminal to perform local management or a modem for remote
management)
● 10/100BASE-TX Ethernet port
● Modem port (not used)
Personal Computer Memory Card International Association (PCMCIA) slot (not used for normal
operation)
Active Backplane
Alpine switches have an active backplane that uses the same basic set of ASICs (the switch engine ASIC
and the address filtering and queue management ASIC) and memory (packet memory for storing
packets) that are used on the BlackDiamond 6800 MSMs and I/O modules.
Unlike the BlackDiamond 6800 MSM, the Alpine backplane has no CPU and no MAC.
Alpine 3800 Management Module - SMMi
Extreme Configuration Fundamentals Rev. 3.0 35
Figure 23: Alpine 3800 Management Module
Module 2 Extreme Networks® Product Overview
36 Extreme Configuration Fundamentals Rev. 3.0
Alpine 3800 Fast Ethernet Modules
This page describes I/O modules available on the Alpine switch. All modules are hot-swappable and
can be pre-configured.
FM-32Ti module
The FM-32Ti module has 32 10/100 Mbps autonegotiating Ethernet ports, using standard RJ-45
connectors.
The FM-32Ti module supports 10BASE-T and 100BASE-TX.
FM-24Ti module
24-port 10/100BASE-TX module with auto-negotiation.
This module has two RJ-21 telco connectors. The telco connector allows easier cable maintenance.
Instead of connecting/disconnecting each individual cable, as on a RJ-45 based module, the technician
can disconnect cables in bulk, saving time and reducing confusion of tracking individual cables.
FM-24MFi Module
This is a 24-port 100BASE-FX module with a multi-mode fiber transceiver. Port connector is MT-RJ.
With a range of 2 Km, this module provides an alternative to Category 5 (10/100BASE-TX) cabling for
connecting Extreme Networks switches across medium range.
In addition, the fiber link provides higher immunity from electronic noise, making this module ideal for
use in large manufacturing plants.
FM-24SFi Module
This 24-port 100BASE-FX module is build with single mode fiber transceivers. Port connector is MT-RJ.
With a range of 15 Km, this module has a longer range than the FM-24MFi multi-mode module.
Alpine 3800 Fast Ethernet Modules
Extreme Configuration Fundamentals Rev. 3.0 37
Figure 24: Alpine 3800 Fast Ethernet Modules
Module 2 Extreme Networks® Product Overview
38 Extreme Configuration Fundamentals Rev. 3.0
Alpine 3800 Power over Ethernet
The FM-32Pi module has 32 powered 10/100 Mbps autonegotiating Ethernet ports using standard RJ-45
connectors. The FM-32Pi module supports autonegotitation of 10BASE-T and 100BASE-TX.
The FM-32Pi module supports powered ports according to the IEEE 802.3AF specification and is
suitable for use in intra-building applications.
NOTE
The FM-32Pi module ports must be connected within the same building.
The 48 VDC supplied to the powered ports is generated from the 3.3V supply on the backplane, which
eliminates the need for external cables or power modules. The total power available from the ports on
the FM-32Pi module is 32 watts. This provides 2 ports at full power (15.4W, class 3), 4 ports at medium
power (7.0W, class 2), or 8 ports at low power (4.0W, class 1).
External Power Supply
For additional power at the ports the FM-32Pi module must be attached to an external 48 volt power
supply, the EPS-LD (45019).
WARNING!
The EPS-LD is the only external power supply that should be used with the FM-32Pi module.
A connector provided on the front panel of the FM-32Pi module, allows more ports to be powered by
attaching a cable to the EPS-LD.
When connected to the EPS-LD external power supply, the FM-32Pi module can provide 334 W for PoE
devices.
Alpine 3800 Power over Ethernet
Extreme Configuration Fundamentals Rev. 3.0 39
Figure 25: FM-32Pi Module
Figure 26: Auxiliary Power Connector for EPS-LD
Figure 27: EPS-LD
EWUG001
Port status
LEDs 10/100 Mbps ports
EWUG002
Connector
EPSLD02
Slot for key
Keyed end of
redundant power cable
To AC
FM-32Pi
EPS-LD
Redundant
power cable
Module 2 Extreme Networks® Product Overview
40 Extreme Configuration Fundamentals Rev. 3.0
Alpine 3800 Gigabit Ethernet Modules
This page describes the Alpine 3800 gigabit Ethernet I/O modules.
GM-4Xi Module
This 4-port Gigabit Ethernet module uses standard GBICs. The GBIC provides flexibility in the types of
interfaces that are supported.
GM-4Si Module
The GM-4Si module has four Gigabit Ethernet ports, using standard MT-RJ connectors. The GM-4Si
module supports 1000BASE-SX.
GM-4Ti Module
The GM-4Ti module has four Gigabit Ethernet ports, using standard RJ-45 connectors. The GM-4T
module supports autonegotiation of 100BASE-TX/1000BASE-T.
GM-16X3
The GM-16X3 is a 16 port Gigabit (1000BASE-X) module built on the Triumph chip set and supports:
● Separate mini GBIC SFP, single and multimode fiber for distance ranging from 550 meters to 70
kilometers.
GM-16T3
The GM-16T3 is a 16 port 10/100/1000BASE-T (RJ45) module built on the Triumph chip set and
supports:
● Increases Gigabit density on the Alpine platform to a maximum of 128 ports per Alpine 3808.
● All the ports can burst to 1 Gbps throughput with T-control providing advanced traffic management.
● The following embedded cable diagnostics for troubleshooting the copper wire infrastructure:
■ Shows distances of wires down to the meter.
■ Gives diagnostics if a pair is short/open or improperly terminated.
■ Gives detailed information upon reboot or link transition.
● Both the GM-16T and GM-16X support a maximum of 128 Gigabit ports per Alpine 3808 and all
ports can burst to 1 Gbps throughput with T-control providing advanced traffic management.
NOTE
The Alpine 3802 only supports one GM-16T3 or GM-16X3 at a time. The two other Alpine chassis can be fully
populated with Triumph I/O modules.
Alpine 3800 Gigabit Ethernet Modules
Extreme Configuration Fundamentals Rev. 3.0 41
Figure 28: Alpine 3800 i-Series Gigabit Ethernet Modules
Figure 29: Alpine 3800 Gigabit Ethernet Modules with The Triumph Chip Set
Module 2 Extreme Networks® Product Overview
42 Extreme Configuration Fundamentals Rev. 3.0
Alpine 3800 WAN Modules
This page describes the WM-4T1i, WM-4E1i, and WM-1T3i I/O modules.
WM-4T1i
The WM-4Ti module provides 4 1.544 Mbps T1 ports using RJ-48 connectors. This module also supports
two additional 10/100BASE-TX ports and a Channel Service Unit/Data Service Unit (CSU/DSU).
WM-4E1i
The WM-4E1i module provides 4 2.044 Mbps E1 ports using RJ-48 connectors. This module also
supports two additional 10/100BASE-TX ports.
WM-1T3i
The WM-1T3 module has one T3 port providing 44.736 Mbps using a Bayonet Neill-Concelman (BNC)
connector. This module has two additional 10/100BASE-TX ports. The WM-1T3i does not support
channelization.
Alpine 3800 VDSL Module
FM-8Vi
The FM-8Vi is an 8-port 10BASE-T Ethernet over Very High-speed Digital Subscriber Line (VDSL)
module.
This module uses one RJ-21 connector as an alternative to in-building cabling when Cat5 (10/100BASETX)
or fiber (100BASE-FX) are not available or too expensive.
This module uses a VDSL to carry Ethernet traffic over standard phone lines, Category 1/2/3. In
addition, VDSL has a range of 1 Km making it ideal for use in Multi Tenant Units or campus networks.
Mogul-100
Each port on the FM-8Vi must be terminated with a Mogul 100 VDSL CPE, which bridges the VDSL to
a subscriber facing 10BASE-T interface.
The Mogul-100 VDSL CPE has 1-port 10BASE-TX RJ-45, 1-port VDSL RJ-11, and a detachable AC
electrical supply cable. The Mogul-100 can be attached to a wall.
NOTE
Unlike Asymmetrical Digital Subscriber Line (ADSL), this technology currently does not allow both DSL and Plain
Old Telephone Service (POTS) to be supported on the same physical line.
Alpine 3800 WAN Modules
Extreme Configuration Fundamentals Rev. 3.0 43
Figure 30: Alpine 3800 WAN Modules
Figure 31: Alpine 3800 VDSL Module
Module 2 Extreme Networks® Product Overview
44 Extreme Configuration Fundamentals Rev. 3.0
BlackDiamond 6816TM, 6808, and 6804 Chassis-based Switches
The BlackDiamond 6800 series chassis-based switches are designed to be placed in the core of your
network. The BlackDiamond 6800 series switches are flexible and scalable. The BlackDiamond 6800
series switches support the following common features:
● Chassis-based configuration with a passive backplane
● Redundant, hot-swappable, load-sharing Management Modules.
● Basic and Full layer-3 ExtremeWare software licenses.
The BlackDiamond 6804TM
● 6-slot chassis
● 4 I/O module slots
● 2 MSM64i or MSM-3 Management Switch Module (MSM) slots
● Non-blocking switch fabric
■ 64 Gbps
● 11 rack units high
● Dual hot-swappable power supplies
The BlackDiamond 6808TM
● 10-slot chassis
● 8 I/O module slots
● 2 MSM64i or MSM-3 Management Switch Fabric module slots
● Non-blocking switch fabric
■ 128 Gbps
● 15 rack units high
● Dual hot-swappable power supplies
The BlackDiamond 6816TM
● 20-slot chassis
● 16 I/O module slots
● 4 MSM64i or MSM-3 Management Switch Fabric module slots
● Non-blocking switch fabric
■ 256 Gbps
● 35 rack units high
● 4 hot-swappable power supplies
BlackDiamond 6816TM, 6808, and 6804 Chassis-based Switches
Extreme Configuration Fundamentals Rev. 3.0 45
Figure 32: BlackDiamond 6816, 6808, and 6804 Chassis-based Switches
Module 2 Extreme Networks® Product Overview
46 Extreme Configuration Fundamentals Rev. 3.0
BlackDiamond 6800 Management Modules
The MSM-3 is a replacement for the older BlackDiamond MSM 64i management switch fabric. The
MSM-3 runs at twice the clock speed (480 MHz) of the MSM64i.
The MSM must be installed in one of the center slots of the BlackDiamond 6800 chassis. Multiple MSM
modules may be used in the chassis for fully fault tolerant operation and non-blocking performance.
Each MSM has two management CPUs on the module to handle protocol processing and management.
The MSM has the following ports:
● Console port (used to connect a terminal and perform local out-of-band management)
● 10BASE-T/100BASE-TX Ethernet management port
● PCMCIA slot (not used for normal operation)
With two MSM modules, one is active and the other the backup. An LED on the front panel of the
MSM module indicates whether it is a active or a backup. The active MSM guarantees that management
operations occur in a synchronized and coordinated manner.
For example, when you make a configuration change and need to save it, the active MSM module
makes sure that the configuration is saved to Non-volatile Random Access Memory (NVRAM) on both
MSM modules at the same time.
Additionally, when a new ExtremeWare software image is loaded, the active MSM module writes it to
FLASH memory on both MSM modules.
If an MSM module fails and a new one is inserted, a single synchronize command allows you to
duplicate the contents of NVRAM and FLASH onto the new MSM module.
Compared to the MSM64i, the MSM-3 offers the following additional benefits:
● Hitless failover and hitless upgrade as part of the Extreme Networks T-Sync functionality, increasing
the high availability of the BlackDiamond 6800 chassis even further.
● Cross module link aggregation (trunking).
● Higher CPU performance significantly improving:
■ System boot time
■ Configuration save time
■ Network Address Translation (NAT) performance
■ Server Load Balancing (SLB) performance
■ Support of up to 850,000 BGP routes (if memory is increased from 256MB to 512 MB)
● Support of up to 10,000 Access Control Lists (ACLs)
The MSM-3 is fully compatible with the BlackDiamond 6800 i-series installations, provided that
ExtremeWare 7.1.1 or higher is installed. Within one chassis however, an MSM64i cannot be mixed with
the MSM-3.
BlackDiamond 6800 Management Modules
Extreme Configuration Fundamentals Rev. 3.0 47
Figure 33: BlackDiamond 6800 Management Module
Module 2 Extreme Networks® Product Overview
48 Extreme Configuration Fundamentals Rev. 3.0
BlackDiamond 6800 Fast Ethernet and Gigabit Ethernet Modules
This page describes I/O modules available on the BlackDiamond 6800 switches. All modules are hotswappable
and can be pre-configured.
F96Ti
The BlackDiamond 6800 series F96Ti module supports up to 96 10/100BASE-TX ports through eight RJ-
21 (Telco) connectors to simplify cable management through the use of standard RJ-21 connectors.
F48Ti
The F48Ti module supports 48 auto sensing 10/100BASE-TX RJ-45 ports.
F32Fi
The F32Fi module provides 32 100BASE-FX ports with MT-RJ connectors supporting a maximum
distance of 2 km using multimode fiber.
G8Xi
8-port GBIC-based switch module with 8 unpopulated 1000BASE-X GBIC ports.
G8Ti
8-port Gigabit Ethernet module with 8 auto-negotiating 100/1000BASE-T ports (RJ-45)
G12SXi
12-port MT-RJ-based switch module with 12 1000BASE-SX ports
BlackDiamond 6800 Fast Ethernet and Gigabit Ethernet Modules
Extreme Configuration Fundamentals Rev. 3.0 49
Figure 34: BlackDiamond 6800 Fast Ethernet and Gigabit Ethernet Modules
Figure 35: BlackDiamond 6800 i-Series Gigabit Ethernet Modules
Module 2 Extreme Networks® Product Overview
50 Extreme Configuration Fundamentals Rev. 3.0
BlackDiamond 6800 Gigabit Ethernet Modules with the Triumph Chip Set
This page describes the BlackDiamond gigabit Ethernet I/O modules built using the Triumph chip set.
G16X3
Extreme Networks BlackDiamond G16X3 module is a 16-port 1000BASE-X module with miniature
Gigabit Ethernet Interface Card (mini-GBIC) SFP Interfaces and based on the 3rd generation Triumph
chip technology. The available mini-GBIC interfaces are:
● SX GBIC: 550 Meters over multi-mode fiber
● LX GBIC: 10 Kilometers over single-mode fiber
● ZX GBIC: 70 Kilometers over single-mode fiber
● 100FX/1000LX
● UTP
The BlackDiamond G16X3 module supports high Gigabit Ethernet density along with sophisticated
traffic management features, which enables efficient bandwidth utilization for high bandwidth
applications.
G24T3
The G24T3 is a 24-port 10/100/1000BASE-T copper Gigabit Ethernet module also based on Triumph
technology. The G24T3 supports the following:
● T-Control that enables the network administrator to track and control the amount of bandwidth each
port receives.
● Physical cable testing functionality in the switch port simplifying troubleshooting and shortening
cable infrastructure-based outages.
BlackDiamond 6800 Gigabit Ethernet Modules with the Triumph Chip Set
Extreme Configuration Fundamentals Rev. 3.0 51
Figure 36: BlackDiamond 6800 Gigabit Ethernet I/O Modules with the Triumph Chip Set
Module 2 Extreme Networks® Product Overview
52 Extreme Configuration Fundamentals Rev. 3.0
BlackDiamond 6800 Packet over SONET Modules
This page describes the P3cMi, P3cSi Optical Carrier-3 Concatenated (OC-3c)/ Synchronous Transfer
Mode-1 (STM-1), and the P12cMi, and P12cSi OC-12c/STM-4, I/O modules.
These modules connect the switch to a Synchronous Optical Network (SONET) or Synchronous Digital
Hierarchy (SDH) infrastructure that is used by metropolitan area service providers and operators of
server co-location networks.
In the first application, the metropolitan area network service provider can build service network sites
in various cities, then use Packet over SONET (PoS) modules in a BlackDiamond 6800 series switch to
connect those cities to a carrier’s SONET infrastructure.
In the second application, operators of server co-location networks can use PoS modules to create a
SONET-based connection between server co-location sites. The result is that their network is simpler to
manage and problems can be isolated and resolved faster.
P3cMi and P3cSi OC-3c/STM-1 Modules
These 4-port OC-3c packet-over-SONET/SDH (PoS) modules support the Ethernet over SONET/SDH
protocol (RFC 2878), extending Ethernet over traditional SONET/SDH networks in a transparent
manner, without the need for protocol termination and/or translation and with absolutely no
disruption in services.
The following SONET and SDH standards are supported:
● Low Latency (14 ms) SONET Automatic Protection Switching (APS) and SDH Multiplex Section
Protection (MSP)
● Point-to-Point Protocol (PPP, RFC 2615) for link control
● Native Ethernet over SONET/SDH (RFC 2878)
● Native IP over SONET/SDH (RFC 1332)
● Bi-directional rate shaping capability
● Enhanced QoS services (802.1p mapping/replacement, 802.1Q mapping/nesting, DiffServ Code
Point mapping/replacements, support for Per Hop Behavior RFCs and egress Weighted Random
Early Discard (WRED))
● Multi-protocol Label Switching (MPLS) over SONET/SDH (support for MPLSCP with ability to
recognize/use the MPLS encapsulation)
P12cMi and P12cSi OC-12c/STM-4 Modules
These 2-port OC-12c packet-over-SONET/SDH modules deliver the same functionality as the OC-3c/
STM-1 module. The bandwidth capacity increases from 155 Mbps to 622 Mbps.
NOTE
The “c” in the names of the modules indicates that the optical interfaces on these modules operate in concatenated
mode, which enables all the bandwidth to be devoted to a single payload stream.
BlackDiamond 6800 Packet over SONET Modules
Extreme Configuration Fundamentals Rev. 3.0 53
Figure 37: Packet over SONET Modules
Module 2 Extreme Networks® Product Overview
54 Extreme Configuration Fundamentals Rev. 3.0
BlackDiamond 6800 10 Gigabit Ethernet Module
The 10GX3 module is another 10 Gigabit Ethernet I/O module for the BlackDiamond 6800 switch using
pluggable XENPAK optics.
This module is based on the Triumph chip set.
Extreme Networks qualifies the following versions of the XENPAK modules:
● The LR-version covers 10 km over single mode fiber.
● The ER version covers 40 km over single mode fiber.
● The SR XENPAK
● The ZR XENPAK
● The LX4 XENPAK
The benefits are:
● Flexible XENPAK compatible pluggable optics, to allow you to select the appropriate module in
your configuration
● 100% compatibility with all, i-series and Triumph-based modules of your existing BlackDiamond
6800 installation.
● Jumbo frame support
NOTE
XENPAK is the name of a Multi Source Agreement (MSA) that defines a standard for 10GbE pluggable optics.
See http://www.xenpak.org for more details.
NOTE
The 10GX3 module is programmed to only accept Extreme Networks approved XENPAK optics. Extreme Networks
has an extensive qualification program for XENPAK pluggable modules and can only warranty and guarantee
performance of the 10GX3 module if it is used with an Extreme Networks supplied XENPAK pluggable.
BlackDiamond 6800 10 Gigabit Ethernet Module
Extreme Configuration Fundamentals Rev. 3.0 55
Figure 38: BlackDiamond 6800 10 Gigabit Ethernet Module
Module 2 Extreme Networks® Product Overview
56 Extreme Configuration Fundamentals Rev. 3.0
BlackDiamond 6800 MPLS and ARM Modules
This page describes the Multiprotocol Label Switching (MPLS) and Accounting and Routing Module
(ARM) I/O modules.
MPLS Module
The MPLS module offers an advanced carrier-class MPLS solution.
The module can operate as both the Label Edge Router (LER) or core Label Switch Router (LSR). The
module supports Ethernet and PoS interfaces.
The BlackDiamond 6800 chassis supports up to 4 MPLS modules.
Accounting and Routing Module
The ARM supports the following destination sensitive accounting capabilities.
● Enables billing based on destination of IP unicast traffic
● Up to 8 billing rates per customer
● IP route lookup is based on a Longest Prefix Match (LPM) algorithm
● Support for up to 245K IP prefixes with 6 equal-cost routes for each
● 4 Gbps of throughput
● Accounting statistics retrieval using SNMP or the command line interface
The BlackDiamond 6800 chassis supports up to 2 ARM modules.
BlackDiamond 6800 MPLS and ARM Modules
Extreme Configuration Fundamentals Rev. 3.0 57
Figure 39: BlackDiamond MPLS and ARM Modules
Module 2 Extreme Networks® Product Overview
58 Extreme Configuration Fundamentals Rev. 3.0
BlackDiamond 10808 4GNSS Switch
The BlackDiamond 10808 is a chassis-based modular core switch. Designed with 4GNSS ASICs, a nextgeneration
hardware design, and the sophisticated ExtremeWare XOS® software architecture, the
BlackDiamond 10808 offers the reliability, flexibility, scalability, and security needed for today's largest
and most demanding networks.
BlackDiamond 10808 has the following characteristics:
● 10 slots chassis
● 2 MSM-1 or MSM-1XL management module slots
● 8 I/O module slots
● 10/100/1000 out-of-band management port
● Non-blocking switch fabric
■ 1.28 Tbps
● Core and Advance Core ExtremeWare XOS licenses
● 4GNSS ASICs chip set
● 22 rack units high
● 6 100-240V hot-swappable AC power supply unit slots
The MSM-1 supports up to 128,000 FDB entries, while the MSM-1XL supports 256,000 FDB entries.
Secondly, the MSM-1 and MSM-1XL have functional differences. Only the MSM-1XL supports advanced
routing functionality such as BGP-4, IS-IS, and MPLS.
The currently supported I/O modules for this 4th generation switch are:
● G60X 60-port 1000BASE-X (mini GBIC) module
● G60T 60-port 10/100/1000BASE-T RJ-45 module
● 10G6X 6-port 10GBASE-X (XENPAK) module
● 10G2X 2-port 10GBASE-X (XENPAK) module
● 10G2H Hybrid module with
■ 2-port 10GBASE-X XENPAK
■ 20-port 1000BASE-X SFP
■ 20-port 10/100/1000BASE-T RJ-45
BlackDiamond 10808 4GNSS Switch
Extreme Configuration Fundamentals Rev. 3.0 59
Figure 40: BlackDiamond 10808 Switch
Module 2 Extreme Networks® Product Overview
60 Extreme Configuration Fundamentals Rev. 3.0
BlackDiamond 8800-series Switches
The BlackDiamond 8810 and BlackDiamond 8806 are high-density Gigabit Ethernet and 10-Gigabit
Ethernet modular aggregation switches.
BlackDiamond 8810
The BlackDiamond 8810 switch supports the following:
● 10 slot chassis with a passive backplane
■ 8 slots dedicated for I/O Modules
■ 1 slot dedicated for an MSM module
■ 1 slot can accept an MSM or an I/O module
● Dual redundant MSM-G8X management modules, each with 8 SFP gigabit Ethernet ports and 1 10/
100/1000 out-of-band management port
● Non-blocking 800 Gbps switch fabric
■ 48 Gbps per slot (with 2 management modules)
■ 24 Gbps per slot (with 1 management module)
● Advanced Edge and Core ExtremeWare XOS licenses
● Third-party chip set
● Up to 6 100-240V SSI hot-swappable AC power supply unit slots for redundancy and POE support.
● 14 rack units high.
● Easy-access hot-swappable fan tray.
● Switching on I/O cards and management modules for high performance.
BlackDiamond 8806
The BlackDiamond 8806 switch supports the following:
● 6 slot chassis with a passive backplane
■ 4 slots dedicated for I/O Modules
■ 1 slot dedicated for an MSM module
■ 1 slot can accept an MSM or an I/O module
● Dual redundant MSM-G8X modules
● Non-blocking 800 Gbps switch fabric
■ 48 Gbps per slot (with 2 management modules)
■ 24 Gbps per slot (with 2 management module)
● Advanced Edge and Core ExtremeWare XOS licenses
● Third-party chip set
● Easy-access hot-swappable fan tray.
● Up to 6 100-240V SSI hot-swappable AC power supply unit slots.
● 10 rack units high.
● Switching on I/O cards and management modules.
BlackDiamond 8800-series Switches
Extreme Configuration Fundamentals Rev. 3.0 61
Figure 41: BlackDiamond 8800 Series Switches
Figure 42: BlackDiamond 8810 Switch
Module 2 Extreme Networks® Product Overview
62 Extreme Configuration Fundamentals Rev. 3.0
BlackDiamond 8800 I/O Modules and Architecture
The BlackDiamond 8800 series switches support the following I/O Modules:
● I/O modules
■ G48T 48-port 10/100/1000BaseT
■ G48P 48-port 10/100/1000BaseT with POE
■ G24X 24-port 1000BaseX
■ 10G4X 4-Port 10Gig (XENPAK)
Data Switch Fabric
The illustration shows the architecture of the BlackDiamond 8800 series and Summit X450 switches.
Switching on the MSM takes place within the data switch fabric. The same type of switch fabric chips
exists on the I/O module. Each switch fabric has eight 12 Gbps ports.
Each I/O module has two 12 Gbps data paths to each MSM. The switch fabric on the I/O module
determines which path to use.
The following information should be noted about the data switch fabric:
● The I/O subsystem on the MSM operates like an I/O module.
● The main processors controls switch fabrics over a dedicated PCI interface.
● The MSM contains several data switch fabric ASICs.
● There is one high-speed data link between MSM slots.
● Switch fabric path between MSMs allows switching between MSM based Ethernet ports and also
facilitates the dual-purpose slot.
Main CPU Subsystem
The main CPU subsystem consists of the CPU, error correcting SDRAM, NVRAM, and a management
control Field Programmable Gate-Array (FPGA).
Control Switch Fabric
The MSM CPU distributes all I/O module configuration information and queries the status of the I/O
modules over an out-of-band Ethernet control fabric. The following information should be noted about
the control switch fabric.
● The control switch fabric connects to all I/O modules and the other MSM slot across Fast Ethernet
links
● 1 Gbps Ethernet for control plane communication with other MSM
● 1 Gbps Ethernet to local CPU
● Eight 100 Mbps Ethernet ports for communication between MSM and dedicated I/O slots
● One 100 Mbps Ethernet for communication with MSM-resident logical I/O blade
● 100 Mbps Ethernet port for control plane communication with I/O blade in dual purpose slot
BlackDiamond 8800 I/O Modules and Architecture
Extreme Configuration Fundamentals Rev. 3.0 63
Figure 43: BlackDiamond 8800 Series I/O Modules
Figure 44: BlackDiamond 8800 Series and Summit X450 Architecture
Module 2 Extreme Networks® Product Overview
64 Extreme Configuration Fundamentals Rev. 3.0
Summit X450
The Summit® X450 series is a fixed-configuration switch that runs ExtremeWare XOS. The Summit
X450 series uses the same high-performance, non-blocking hardware technology used on the
BlackDiamond 8800 Series.
The X450 can be used in the following applications:
● As an edge switch providing gigabit to the desktop
● As the single or redundant core of a small network
● As an aggregation switch in a traditional three-tiered network
● As a highly available fixed switch providing server connectivity
The Summit X450 switch supports the following:
● Fixed configuration
● 24 autosensing 10/100/1000BASE-T ports with auto-polarity (X450t)
● 4 ports mini-GBIC SFP (shared PHY with 4 10/100/1000BASE-T ports) (X450t)
● 24 mini-GBIC SFP ports (X450x)
● 4 ports 10/100/1000BASE-T with auto-speed and auto-polarity (X450x)
● 1 out-of-band management Ethernet port
● 1 XGM dual 10 gigabit option module slot
● Non-blocking switch fabric
■ 160 Gbps
● Auto-ranging 90-240VAC, 50-60 Hz power supply
● 1 rack unit high.
● Advanced Edge and Core ExtremeWare XOS licenses
● Third-party chip set
● External Power System connector
External Power System EPS-160 Module
The Extreme External Power System (EPS) allows you to add a redundant power supply to a Summit
450 or Summit 400 switch to protect against a power supply failure. It consists of a tray (EPS-T) that
holds one or two EPS-160 power supplies. Each EPS-160 provides one-to-one redundancy to an attached
Extreme switch.
Summit X450
Extreme Configuration Fundamentals Rev. 3.0 65
Figure 45: Summit X450
Figure 46: EPS-160 Redundant Power Connection
S450_008
To AC
Slot for plug
Redundant
power cable
Keyed end of
redundant power cable
Module 2 Extreme Networks® Product Overview
66 Extreme Configuration Fundamentals Rev. 3.0
SentriantTM
The Sentriant appliance is an internal LAN security appliance that is designed to detect the most
behaviorally common and damaging attacks known as Rapidly Propagating Threats (RPTs).
While it is possible to deploy the Sentriant appliance in non-Extreme switch networks, maximum
security capabilities are achieved when used with ExtremeWare XOS enabled switches. With a CLEARFlow
enabled BlackDiamond 10808, the Sentriant appliance can detect and mitigate RPTs at multigigabit
speeds.
Threat Detection
The Sentriant appliance threat detection is behavior based, it does not used predetermined signature
files to detect threats therefore eliminating the need for periodic database updates to recognize threats.
● The Sentriant appliance detects threats by noticing abnormal packet exchange patterns and artifacts
associated with common RPTs.
● The Sentriant appliance is shipped with 16 default threat detection behavior rules that you can
modify to fit your needs.
Threat Mitigation
The Sentriant appliance provides three major threat mitigation methods:
● Active Deception is a method of presenting vulnerable decoy systems to oncoming RPTs to lure
them into being snared or captured. This method deceives the RPTs about the real network
configuration, the RPTs can not differentiate legitimate hosts from decoys.
● Hyper Detection delays RPTs by occupying the RPTs resources.
● Cloaking is layer 2 mitigation method only available on the Sentriant appliance. It forces RPT attack
packets away from vulnerable targets into virtual decoys or cloaking streams.
SentriantTM
Extreme Configuration Fundamentals Rev. 3.0 67
Figure 47: The Sentriant Appliance
Module 2 Extreme Networks® Product Overview
68 Extreme Configuration Fundamentals Rev. 3.0
ExtremeWare
The ExtremeWare Operating System drives the hardware on Extreme Networks e-series, i-series, and
Triumph switch products. ExtremeWare is developed to be a reliable, resilient operating system
software
ExtremeWare can set up and manage thousands of VLANs for each switch. This provides plenty of
room to scale infrastructure to meet demand while identifying and facilitating secure traffic across the
network. ExtremeWare also accommodates all commonly implemented VLAN types, ensuring
maximum flexibility. These include VLANs based on protocol, port, and media access control (MAC)
addresses, as well as 802.1Q tagging and generic VLAN registration protocol (GVRP).
The latest ExtremeWare release and release notes are available through the support login portion of the
Tech Support web site at:
http://www.extremenetworks.com/
ExtremeWare
Extreme Configuration Fundamentals Rev. 3.0 69
Figure 48: ExtremeWare
Module 2 Extreme Networks® Product Overview
70 Extreme Configuration Fundamentals Rev. 3.0
ExtremeWare Features
ExtremeWare is the full-featured software operating system that is designed to run on the
BlackDiamond 6800, Alpine, and Summit families of Gigabit Ethernet switches. The main features of
ExtremeWare include:
• Virtual local area networks (VLANs) including support for IEEE 802.1Q and IEEE 802.1p
• Spanning Tree Protocol (STP) (IEEE 802.1D) with multiple Spanning Tree Protocol Domains (STPDs)
• Quality of Service (QoS) including support for IEEE 802.1P, MAC QoS, and Diffserv support
• Policy-based Quality of Service (PB-QoS)
• Wire-speed Internet Protocol (IP) routing
• Network Address Translation (NAT)
• Dynamic Host Configuration Protocol/Bootstrap Protocol (DHCP/BOOTP) Relay
• Extreme Standby Router Protocol (ESRP)
• Virtual Router Redundancy Protocol (VRRP)
• Routing Information Protocol version 1 and 2 and Open Shortest Path First (OSPF) routing protocol
• Access-policies for routing protocols and Access lists for packet filtering
• Internet Group Management Protocol (IGMP) snooping to control IP multicast traffic
• Protocol Independent Multicast-Sparse Mode (PIM-SM) and PIM-Dense Mode (PIM-DM) multicast
routing
• Load sharing on multiple ports, across all blades (modular switches only)
• Remote Authentication Dial In User Service (RADIUS) client, per-command authentication support
and Terminal Access Controller Access Control System Plus (TACACS+)
• Console, telnet, and Secure Shell Version 2 (SSH2) command line interface (CLI) connections
• ExtremeWare Vista Web-based management interface
• Simple Network Management Protocol (SNMP), Remote Monitoring (RMON), Switch Network
Monitoring (SMON), Traffic mirroring, and sFlow
• Network Login
• Link Access Control Protocol (LACP), Link Layer Discovery Protocol (LLDP)
The following ExtremeWare features are available only on i-series and Triumph switches:
• IP multinetting, VLAN aggregation, and Server Load Balancing (SLB) support
• Border Gateway Protocol (BGP) version 4
• Wire-speed IPX, IPX/RIP, and IPX/SAP support
• vMAN VLAN Tunneling (i-series only)
The following ExtremeWare features are available only on BlackDiamond switches:
• Accounting and Routing Module (ARM) support (BlackDiamond 6800 switches only)
• Asynchronous Transfer Mode Module (ATM) support (BlackDiamond 6800 series switches only)
• Packet over Synchronous Optical Network (SONET) (PoS) Module (BlackDiamond 6800 only)
• MultiProtocol Label Switching (MPLS) support (BlackDiamond 6800 switches only)
ExtremeWare Features
Extreme Configuration Fundamentals Rev. 3.0 71
Figure 49: ExtremeWare Features
Module 2 Extreme Networks® Product Overview
72 Extreme Configuration Fundamentals Rev. 3.0
ExtremeWare e-Series Licensing
In ExtremeWare for “e” series switches, software licensing for different levels of router functionality is
separated into two sets: Edge and Advanced Edge. Edge is a subset of Advanced Edge.
Edge Functionality
Edge functionality requires no license key. Extreme Networks e-series switches that ship with an Edge
license do not require a license key. Edge functionality includes all switching functions, as well as all
available layer-3 QoS, access list, and ESRP functions. Layer-3 routing functions include support for:
● IP routing using RIP version 1 and/or RIP version 2
● IP routing between directly attached VLANs
● IP routing using static routes
● Layer-3 QoS
● Access Lists, except rate limiting
● Network Login, both web-based and 802.1X
● EAPS-Edge
● ESRP-aware
Advanced Edge Functionality
The Advanced Edge license enables support of additional routing protocols and functions, including:
● IP routing using OSPF
● IP multicast routing using PIM (Sparse Mode)
● NAT
● VRRP
● Rate Limiting
● ESRP/ELRP
● Cable Diagnostics
● Wireless
Summit “e” series switches are enabled and shipped with an Edge license. The Advanced Edge license
is available as a separate option.
ExtremeWare e-Series Licensing
Extreme Configuration Fundamentals Rev. 3.0 73
Figure 50: ExtremeWare e-Series Edge Licensing
Figure 51: ExtremeWare e-Series Advanced Edge Licensing
Module 2 Extreme Networks® Product Overview
74 Extreme Configuration Fundamentals Rev. 3.0
ExtremeWare i-Series and Triumph Licensing
The i-series and Triumph-based switches support software licensing for different levels of router
functionality. Routing protocol support is separated into two sets: Basic and Full layer 3. Basic is a
subset of Full L3. A separate security license and software image is required for SSH support.
Basic Functionality
Basic functionality requires no license key. All Extreme Networks i-series switches have basic layer-3
functionality, without the requirement of a license key. Basic functionality includes all switching
functions, as well as all available layer-3 QoS, access list, and ESRP functions. Layer-3 routing functions
include support for:
● IP routing using RIP version 1 and/or RIP version 2
● IP routing between directly attached VLANs
● IP routing using static routes
● Network Login
● VRRP
● EAPS
● VLAN Translation
Full L3 Functionality
On “i” series switches that support router licensing, the Full L3 license enables support of additional
routing protocols and functions, including:
● Bidirectional rate shaping on Triumph modules
● IP routing using OSPF
● IP multicast routing using DVMRP
● IP multicast routing using PIM (Dense Mode or Sparse Mode)
● IP routing using BGP
● IPX routing (direct, static, and dynamic using IPX/RIP and IPX/SAP)
● Server load balancing
● Web cache redirection
● NAT
● IS-IS
● MPLS
● ARM
● PoS
● ATM
Summit “i” series switches, BlackDiamond 6800 series switches, and Alpine 3800 series are enabled and
shipped with a basic license. Full L3 functionality is available as an additional option.
ExtremeWare i-Series and Triumph Licensing
Extreme Configuration Fundamentals Rev. 3.0 75
Figure 52: ExtremeWare Basic License Functionality
Figure 53: ExtremeWare Full L3 License Functionality
Module 2 Extreme Networks® Product Overview
76 Extreme Configuration Fundamentals Rev. 3.0
ExtremeWare XOS
Extreme Networks is excited to introduce a new distributed software architecture. ExtremeWare XOS is
a platform independent network switch operating system designed from the ground up. Reliability and
extensibility are the central theme in the design.
Capabilities
ExtremeWare XOS is a Portable Operating System (POSIX)-compliant UNIX-like operating system built
from multiple subsystems. The ExtremeWare XOS architecture supports the following capabilities:
● Distributed Software Architecture - The architecture enables the system to scale to very large levels
and makes the capabilities listed below possible.
● Process Control - The ExtremeWare XOS kernel monitors subsystem processes. If the kernel detects a
problem such as a loop condition it can take preemptive control over the process. Users can also stop
and restart a process without affecting other processes.
● Software Modularity - ExtremeWare XOS is divided into multiple subsystems to isolate the
complexity of the system. It provides the ability to have multiple software instances running
simultaneously. Software modularity enhances redundancy by supporting hitless failover.
● Memory Protection - Each function can be bundled into a single application module, running as a
memory protected process under real-time scheduling. Each process is protected from every other
process. If one process is experiencing a memory fault, it cannot affect the memory space of another
process.
● Multiprocessor Support - ExtremeWare XOS is designed to take advantage of Symmetric
Multiprocessing (SMP) architectures.
● Hardware Abstraction - The ExtremeWare XOS separates the functionality of the software from the
specific hardware it is running on. This allows the software to be device and system independent.
● Hitless Failover - The ExtremeWare XOS architecture supports multiple instances of a process and
multiple copies of internal databases operating in a Primary and Secondary relationship. If the
kernel process running on one MSM experiences a problem, the standby MSM can immediately take
over control because it is already running a redundant kernel process.
● Extensibility - Virtually any UNIX program can be used as a starting point to rapidly and reliably
develop extensions to the CLI. ExtremeWare XOS supports the capability to write your own
program extensions and connect them directly into the network in real-time. The support allows an
external CPU to interact directly with the ExtremeWare XOS. This allows one processor to handle a
function such as layer-3 forwarding while another processor is handling network management
requests. Standard Application Programmable Interfaces (APIs) can be used to write custom
applications to interface with ExtremeWare XOS. Applications might automate configuration tasks or
monitor specific types of traffic. The extensibility of ExtremeWare XOS is a capability that is not
currently being used.
ExtremeWare XOS
Extreme Configuration Fundamentals Rev. 3.0 77
Figure 54: ExtremeWare XOS
Module 2 Extreme Networks® Product Overview
78 Extreme Configuration Fundamentals Rev. 3.0
ExtremeWare XOS Features
The ExtremeWare XOS software supports the following switch features:
● Virtual local area networks (VLANs) including support for IEEE 802.1Q and IEEE 802.1p
● Spanning Tree Protocol (STP) (IEEE 802.1D) with multiple STP domains
● Policy-Based Quality of Service (PB-QoS)
● Wire-speed Internet Protocol (IP) routing
● IP multinetting
● DHCP/BOOTP Relay
● Extreme Standby Router Protocol (ESRP)
● Ethernet Automatic Protection Switching (EAPS)
● Extreme Loop Recovery Protocol (ELRP) and Virtual Router Redundancy Protocol (VRRP)
● Routing Information Protocol (RIP) version 1 and RIP version 2
● IP version 6 (IPv6) and Routing Information Protocol Next Generation (RIPng)
● Open Shortest Path First (OSPF) Version 2 and OSPF Version 3 Routing Protocols
● Border Gateway Protocol (BGP) version 4
● DiffServ support
● Access-policy support for routing protocols
● Access list support for packet filtering
● IGMP snooping to control IP multicast traffic
● Protocol Independent Multicast-Dense Mode (PIM-DM)
● Protocol Independent Multicast-Sparse Mode (PIM-SM)
● Load sharing on multiple ports, across all blades
● RADIUS client and per command authentication support
● TACACS+ support
● Console command line interface (CLI) connection
● Telnet CLI connection
● Secure Shell (SSH2) connection
● Simple Network Management Protocol (SNMP) support
● Remote Monitoring (RMON)
● sFlow
● Traffic mirroring
● Network Login support
● CLEAR-Flow
● Link Layer Discovery Protocol (LLDP) and Link Access Control Protocol (LACP)
● vMan VLAN tunneling
● NetLogin
ExtremeWare XOS Features
Extreme Configuration Fundamentals Rev. 3.0 79
Figure 55: ExtremeWare XOS Features
Module 2 Extreme Networks® Product Overview
80 Extreme Configuration Fundamentals Rev. 3.0
Comparing ExtremeWare XOS and ExtremeWare
The following features are supported in ExtremeWare XOS 11.3 and not in ExtremeWare 7.4.
● Virtual Routers
● XML-based Configuration Management
● Open Shortest Path First (OSPF) Version 3 Routing Protocol
● Internet Protocol version 6 (IPv6)
● Routing Information Protocol Next Generation (RIPng)
● CLEAR-Flow
The following features are supported in ExtremeWare 7.4 and not in ExtremeWare XOS 11.3.
● Network Address Translation (NAT)
● ExtremeWare Vista Web-based management interface
● Switch Network Monitoring (SMON)
● Server Load Balancing (SLB)
• Accounting and Routing Module (ARM)
• Asynchronous Transfer Mode Module (ATM)
• Packet over Synchronous Optical Network (SONET) (PoS) Module
● MultiProtocol Label Switching (MPLS)
NOTE
Common features are described throughout this training class. Advanced features are described in Module 13.
Comparing ExtremeWare XOS and ExtremeWare
Extreme Configuration Fundamentals Rev. 3.0 81
Figure 56: Unique ExtremeWare Features
Module 2 Extreme Networks® Product Overview
82 Extreme Configuration Fundamentals Rev. 3.0
ExtremeWare XOS Architecture
ExtremeWare XOS is divided into multiple subsystems to isolate the complexity of the system. For
example, software and system infrastructures, configuration management, network services, layer-2
control protocols, and layer-3 routing protocols.
Configuration Management Subsystem
The configuration management subsystem defines the ways ExtremeWare XOS interfaces with external
management entities. Those management entities include the command line interface from various
types of shells, SNMPv2/v3, XML, WEB and various file transfer protocols like FTP/TFTP/SCP. Each
management interface is independent of each other and can be omitted from the ExtremeWare XOS
system. The saved configuration database is based on XML and it can be viewed in any XML editor.
Network Services Subsystem
Advanced networking traffic support is provided by the network services subsystem. The network
services subsystem handles the traffic related jobs for both layer-2 switching and layer-3 routing. That
includes layer-2 MAC address table management, IPv4 routine table handling, and IGMP and multicast
cache processing. In addition to traffic related tasks, the network service subsystem also keeps track of
the main switching organization database. The switch fabric is programmed independent of VLAN
participation.
Layer-2 Control Protocols Subsystem
The layer-2 control protocols subsystem includes protocols such as EDP, EAPS, and various spanning
tree protocols. In addition, it also includes protocols like ESRP and VRRP and services like network
login. Each protocol is an individual application and does not interact with others except through the
network service subsystem. The layer-2 control protocols do not interact with the hardware directly, all
the hardware related operations are accessed through the network service layer.
Layer-3 Routing Protocols Subsystem
The layer-3 routing protocols subsystem includes both IPv4 unicast and IPv4 multicast protocols. Like
the layer-2 control protocols, the layer-3 routing protocols do not address the hardware directly but
through the services provided by the network services subsystem.
Hardware Abstraction
The ExtremeWare XOS accesses the switching hardware through the hardware abstraction layer (HAL)
interface and each switching platform has a hardware dependent application to connect the high level
ExtremeWare XOS operations to the underlying system hardware and switching ASICs.
The hardware abstraction layer is used to abstract all hardware access into a set of interfaces so the
upper layer applications do not need to change for each switching platform. Only the system
infrastructure and the network services subsystem interface with HAL.
ExtremeWare XOS Architecture
Extreme Configuration Fundamentals Rev. 3.0 83
Figure 57: ExtremeWare XOS Architecture
Module 2 Extreme Networks® Product Overview
84 Extreme Configuration Fundamentals Rev. 3.0
ExtremeWare XOS Licensing
The BlackDiamond 10808 and BlackDiamond 8810 switches run the ExtremeWare XOS software.
Three levels of software licensing apply to ExtremeWare XOS: the Advanced Edge, Core, and Advanced
Core. Additionally, the U.S. government requires a security licensing to enable certain features.
BlackDiamond 8810
The BlackDiamond 8800 switches and the Summit X450 switch ships with the Advanced Edge license.
With ExtremeWare XOS on the BlackDiamond 8800 switches and the Summit X450 switch, you can
obtain a Core license. The Core license provides additional functionality for some features. The
BlackDiamond 8800 switches and the Summit X450 switch cannot be upgraded to Advanced Core.
BlackDiamond 10808
The BlackDiamond MSM 1 ships with a Core license. The Advanced Core license is hard-coded into the
MSM 1XL module on the BlackDiamond 10808 switch. The only way to obtain an Advanced Core
license is to purchase an MSM-1XL.
NOTE
You do not need any other licenses to run all features completely on the BlackDiamond 10808 switch.
NOTE
Refer to the specific chapter of the ExtremeWare XOS Concepts Guide to determine if the Core license is required
for some functionality. If not noted, all functionality is available, and a license is not required.
To verify the current license level, enter the following command:
show licenses
ExtremeWare XOS Licensing
Extreme Configuration Fundamentals Rev. 3.0 85
Figure 58: ExtremeWare XOS Licensing
Module 2 Extreme Networks® Product Overview
86 Extreme Configuration Fundamentals Rev. 3.0
Extreme Networks Management Software
Using ExtremeWare or ExtremeWare XOS, you can manage the switch locally using the CLI, or
remotely by using Telnet or Secure Shell (SSH2).
The CLI is accessed by connecting a terminal, (or workstation with terminal-emulation software) to the
console port.
Remote access to the switch uses Telnet or SSH through one of the switch ports or through the
dedicated 10/100 unshielded twisted pair (UTP) Ethernet management port (on switches that are
equipped with one). Remote access includes the following:
● Telnet using the CLI interface
● SSH2 using the CLI interface
● ExtremeWare Vista Web access using a standard Web browser
● Simple Network Management Protocol (SNMP) access using EPICenter or another SNMP manager
Extreme Networks Management Software
Extreme Configuration Fundamentals Rev. 3.0 87
Figure 59: Extreme Networks Management Software
Module 2 Extreme Networks® Product Overview
88 Extreme Configuration Fundamentals Rev. 3.0
ExtremeWare Vista
ExtremeWare Vista is device management software running in a switch. ExtremeWare Vista provides a
web interface to the switch over a TCP/IP network from a properly configured standard web browser
that supports frames and JavaScript (such as NetScape Navigator 3.0 or higher, or MS Internet Explorer
3.0+).
Like most Web Browser Management (WBM) implementations, ExtremeWare Vista contains a subset of
the available CLI commands. Some of the features not incorporated in ExtremeWare Vista are:
● Configuration upload/download
● Port load-sharing
● Port mirroring
● Clearing counters
● Show OSPF interface
● PIM-SM
● ESRP
● IPX
● BGP
● Access lists and profiles
To enable or disable web access to the switch, enter the following command.
enable web
disable web
Reboot the switch for the changes to take place.
Prior to release EW7.0SR1 web access on the switch was enabled by default. In later releases the feature
is disabled.
NOTE
To use ExtremeWare Vista, at least one VLAN on the switch must be assigned an IP address.
NOTE
ExtremeWare Vista is not supported by ExtremeWare XOS.
ExtremeWare Vista
Extreme Configuration Fundamentals Rev. 3.0 89
Figure 60: Introducing ExtremeWare Vista
Module 2 Extreme Networks® Product Overview
90 Extreme Configuration Fundamentals Rev. 3.0
Enterprise Manager EPICenter
Extreme Networks EPICenter management suite is a full-featured network management tool that
simplifies configuration, troubleshooting, and status monitoring of IP-based networks. Offering a
comprehensive set of network management applications including the ability to configure, monitor,
troubleshoot, and mange the network and its elements, EPICenter delivers the basic requirements of
network management while adding valuable and intuitive features that help save time by streamlining
common tasks. Features built into EPICenter include the following:
Topology Views
The EPICenter software Topology feature allows you to view your network (EPICenter-managed
devices and the links between Extreme Networks devices) as a set of maps. These maps are organized
as a tree of submaps that allow you to represent your network as a hierarchical system of campuses,
buildings, floors, closets, or whatever logical groupings you want.
Visual Device Manager
The visual device status is integrated with the Inventory Manager. Edge port information can be
displayed for operational FDB entries, including flags, and for permanent FDB entries. Polling can be
enabled or disabled for individual devices or for individual ports. Any EPICenter user can view status
information about the network devices.
Inventory Manager
The Inventory Manager applet keeps a database of all the network devices managed by EPICenter.
EPICenter can discover any devices running MIB-2 compatible agents. It can discover Extreme
Networks switches, and Avaya media servers, gateways, and telephones.
VLAN Manager
The VLAN Manager creates and manages VLANs for Extreme Networks devices. EPICenter can create
and delete VLANS, add and remove ports from existing VLANs, modify a VLAN IP address, enable or
disable IP forwarding, and create or modify the protocol filters used to filter VLAN traffic.
Real-Time Statistics
The Real-Time Statistics feature of the EPICenter software enables you to view a graphical presentation
of utilization and error statistics for Extreme Networks switches in real time.
Enterprise Manager EPICenter
Extreme Configuration Fundamentals Rev. 3.0 91
Figure 61: Enterprise Manager EPICenter
Module 2 Extreme Networks® Product Overview
92 Extreme Configuration Fundamentals Rev. 3.0
EPICenterTM Continued
Additional features built into EPICenter include the following:
IP/MAC Address Finder
Using the IP/MAC Address Finder applet you can specify a set of MAC or IP addresses and a set of
network devices to query for those addresses. The applet returns a list of the devices and ports
associated with those addresses.
Administration Tool
The EPICenter server and its RADIUS server can be used for user authentication, both for EPICenter
server access and Extreme Networks switch access.
EPICenter also includes a Configuration Manager, Grouping Manager, Firmware Manager, ESRP
monitor, and STP monitor.
EPICenter and AIM VoIP Support
EPICenter supports integration with Avaya Integrated Management (AIM) tools to provide the
following extensions for Voice over IP (VoIP):
● Real-time VoIP Network Monitoring
● Simplifying converged systems
● Discovery and management of both Avaya and Extreme Networks devices
■ Media servers, gateways, phones
■ Ethernet switches, routers
● Consolidated Extreme Networks and Avaya aware network topology
● Invocation of appropriate element managers from either interface
● Application level tools
● EPICenter report for Avaya phones provides mapping of extension, port, IP and MAC
NOTE
EPICenter is covered in detail in the self-paced EPICenter 5.0 Tutorial.
EPICenterTM Continued
Extreme Configuration Fundamentals Rev. 3.0 93
Figure 62: EPICenter Continued
Figure 63: EPICenter VoIP Support
Module 2 Extreme Networks® Product Overview
94 Extreme Configuration Fundamentals Rev. 3.0
Summary
Module two has provided an overview of the Extreme Networks Product family, the hardware and
software architecture, and ExtremeWare features.
You should now be able to:
● Briefly describe the Extreme Networks Switch family.
● Identify the unique features of each switch.
● Describe Extreme Networks Product Hardware and Software Features.
● Describe ExtremeWare XOS® and ExtremeWare Release versions.
● Describe ExtremeWare XOS® and ExtremeWare software licenses.
● Identify Extreme Networks Products Hardware.
■ Summit® switches, chassis-based AlpineTM switches, and BlackDiamond® switches.
● Identify which types of traffic are switched through the fast path and which are forwarded through
the slow path.
● Describe Extreme Networks EPICenterTM management software.
Summary
Extreme Configuration Fundamentals Rev. 3.0 95
Figure 64: Summary
Module 2 Extreme Networks® Product Overview
96 Extreme Configuration Fundamentals Rev. 3.0
Module 2 Review Questions
1 Match the following switch name with the correct description:
a Summit 200-48 ___ 20-slot chassis, 4 i-series or triumph-based management modules with 10/
100 management ports, passive backplane, redundant load-sharing power
supplies.
Modules for 10/100/1000 copper or fiber, advanced traffic management, PoS,
ATM, WDM, 10 Gbps Ethernet, MPLS, and ARM.
b Summit 300-48 ___ 48 10/100/1000BASE-T ports, 4 SFP Mini GBICs shared uplink ports, 2 10
Gbps modular XENPAK optional uplink ports, 10/100/1000 management port, 1
Rack Unit, Redundant external power supply option.
c Summit 400-48t ___ Eight I/O module slots, 64 Gbps switch fabric, one management module
with one 10/100 management port, active backplane, one or two power
supplies.
Modules for 10/100/1000 copper or fiber, PoE, advanced traffic management,
T1, E1, T3, WDM, and VDSL.
d Summit 48Si ___ 24 10/100/1000BASE-T or 24 mini-GBIC SFP ports 4 mini-GBIC ports. 1
XGM dual 10 gigabit option module slot. 160 Gbps. Edge and Advanced Edge
ExtremeWare XOS licenses. Third-party chip set.
e Summit 7i ___ 10 slot chassis, 1 or 2 management modules with 8 one gigabit Ethernet
ports, passive backplane, redundant power supplies, 48 Gig per slot bandwidth,
switching on I/O cards and management modules, up to 6 redundant loadsharing
power supplies. ExtremeWare XOS Advanced Edge and Core licenses.
Modules for 10/100/1000 copper or fiber, PoE, and 10 Gbps XENPAX.
f Alpine 3808 ___ 48 10/100BASE-T ports, 2 mini GBIC and 2 1000BASE-T shared uplink
ports, 1 Rack Unit, Single AC PSU, 13.6 Gbps switch fabric, 4 QoS queues,
Edge and Advanced Edge ExtremeWare licenses.
g BlackDiamond
6816
___ 10 slot chassis, 2 management modules. ExtremeWare XOS Core and
Advanced Core licenses.
Modules for 10/100/1000BASE-T, 1000BASE-X, and 10GBASE-X
h BlackDiamond
10808
___ 28 1000SX or 28 100/1000TX ports, 4 1000BaseX GBIC ports, 64 Gbps
Switch Fabric, optional redundant power supplies, Basic and Full ExtremeWare
licenses
i BlackDiamond
8810
___ 48 10/100BASE-T 802.3af PoE compliant ports, 4 mini GBIC and 4
1000BASE-T shared uplink ports, 2 Rack Units, Hot-swappable redundant
power supplies, 12Gbps nonblocking backplane, Advanced Edge ExtremeWare
license
j Summit X450 ___ 48 10/100BASE-T ports, 2 active mini GBIC ports, 1 Rack Unit, Dual hotswappable
power supplies, 17.5 Gbps fabric, 8 hardware queues, Basic and Full
ExtremeWare licenses
Summary
Extreme Configuration Fundamentals Rev. 3.0 97
2 Match the following switch or module name with the chip set:
a e-series and other
third-party silicon
___ Summit 200-24 and 200-48
b i-series ___ Summit 300-24 and 48
c Triumph 3-series ___ Summit 400-48t
d 4GNSS ___ Summit 48Si, Summit 1i, 5i, 7i
___ ___ Alpine 3800 series
___ Alpine FM32Ti, FM-24Ti, FM24MFi, FM-24SFi, GM-4Xi, GM-4Si, GM-4Ti,
WM-4Ti, WM-4Ei, WM-1T3i, GM-WDMi, and FM-8Vi modules
___ Alpine GM-16X3, GM-16T3 modules.
___ BlackDiamond 6800 MSM64i
___ BlackDiamond 6800 MSM-3
___ BlackDiamond 6800 F96Ti, F48Ti, F32Ti, G8Xi, G8Ti, G12SXi, P3cMi,
P12cMi, A3cSi, A3cMi, WDMi, and 10GLRi modules.
___ BlackDiamond 6800 G16X3, G24T3, and 10GX3 modules
___ BlackDiamond 10808 MSM-1, MSM-XL, G60X, G60T, and 10G6X
modules.
___ BlackDiamond 8810 MSM, G48T, G48P, G24X, and 10G4X modules.
Module 2 Extreme Networks® Product Overview
98 Extreme Configuration Fundamentals Rev. 3.0
3 Match the following software licenses with the correct feature list:
a ExtremeWare Edge ___ Supported on i-series and Triumph
• IP routing using RIP version 1 and/or RIP version 2
• IP routing between directly attached VLANs
• IP routing using static routes
• Network Login
• VRRP, EAPS
• VLAN Translation
b ExtremeWare
Advanced Edge
___ Supported on BlackDiamond 10808 with MSM-1XL
• Virtual Routers
• BGP4
• sFLOW remote statistics reporting
• vMAN VLAN tunneling
• Enhanced multicast
• IP Multinetting
• XML-based configuration management
c ExtremeWare Basic ___ Supported on e-series
• IP routing using RIP version 1 and/or RIP version 2
• IP routing between directly attached VLANs
• IP routing using static routes
• Layer-3 QoS
• Access Lists, except rate limiting
• Network Login, both web-based and 802.1X
• EAPS-Edge
• ESRP-aware
d ExtremeWare Full ___ Supported on BlackDiamond 8810 and BlackDiamond 10808
• sFLOW remote statistics reporting
• vMAN VLAN tunneling
• Enhanced multicast
• IP Multinetting
• XML-based configuration management
e ExtremeWare XOS
Advanced Edge
___ Supported on e-series
• IP routing using OSPF
• IP multicast routing using PIM (Sparse Mode)
• NAT, VRRP, ESRP/ELRP
• Rate Limiting
• Cable Diagnostics
• Wireless
Summary
Extreme Configuration Fundamentals Rev. 3.0 99
4 Match the following switching path with the type of traffic that use that path in an i-series switch:
f ExtremeWare XOS
Core
___ Supported on BlackDiamond 8810
• sFLOW remote statistics reporting
• vMAN VLAN tunneling
• Enhanced multicast
• IP Multinetting
• XML-based configuration management
g ExtremeWare XOS
Advanced Core
___ Supported on i-series and Triumph
• Bidirectional rate shaping on Triumph modules
• IP routing using OSPF
• IP multicast routing using DVMRP
• IP multicast routing using PIM (Dense Mode or Sparse Mode)
• IP routing using BGP
• IPX routing (direct, static, and dynamic using IPX/RIP and IPX/SAP)
• Server load balancing
• Web cache redirection
• NAT, IS-IS, MPLS, ARM, PoS, ATM
a Fast path ___ Packet with a destination MAC address that is unknown in the FDB.
b Slow Path ___ Packet with a destination IP address that is an interface on the switch.
___ Packet with a destination MAC address that is known in the FDB.
___ Packet with a destination IP address that is unknown in the IPFDB (route table).
___ Packet with a destination IP address that is known in the IPFDB (route table).
___ EAPS, OSPF, or Spanning Tree control packets. (BPDU, LSA, hello)
Module 2 Extreme Networks® Product Overview
100 Extreme Configuration Fundamentals Rev. 3.0
Extreme Configuration Fundamentals Rev. 3.0 1
3Module 3
CLI Switch Management and Security
Module 3 CLI Switch Management and Security
2 Extreme Configuration Fundamentals Rev. 3.0
Student Objectives
Module three presents a structured examination of the Extreme Networks® Switch Management and
Security architecture. The Command Line Interface (CLI) is presented along with the syntax and basic
commands.
Upon completion of this module, the successful student will be able to:
● Login to the switch.
● Interpret the system prompt.
● Assign a name to the switch.
● Use the syntax help function.
● Create a new user account.
● Identify switch software images and configuration files.
● Save the switch configuration.
● Copy, rename, and remove configuration files.
● Assign an IP address to a VLAN.
● Backup the switch configuration.
● Download a software image.
● Describe the Simple Network Management Protocol (SNMP), Simple Network Time Protocol
(SNTP), and Logging management features.
Student Objectives
Extreme Configuration Fundamentals Rev. 3.0 3
Figure 1: Student Objectives
Figure 2: Student Objectives Continued
Module 3 CLI Switch Management and Security
4 Extreme Configuration Fundamentals Rev. 3.0
CLI Access
The Extreme Networks switch product family is accessible through the Command Line Interface (CLI)
using either of the following three connection types:
● The console port
● A Telnet session
● A Secure Shell (SSH) session.
The ExtremeWare Vista web-based management application, is another way of managing the switch
products.
NOTE
Not all configuration is possible using the ExtremeWare Vista interface.
The console can be used for direct local management, and the port settings are as follows:
Baud rate - 9600, Data bits - 8, Stop bit - 1, Parity - None, Flow Control - XON/XOFF
The PC/Terminal connected to the switch's console port must be configured with the same settings. The
CLI console port connection requires a serial crossover cable (a.k.a. Null modem) with DB9 female
connectors.
NOTE
The 9-pin serial port labeled as modem on some switches does not allow any connectivity to the device.
Any workstation with a Telnet facility should be able to communicate with the switch over a TCP/IP
network. Up to eight active Telnet sessions can access the switch concurrently. With idle-timeout
enabled the Telnet and console connection times out after twenty minutes of inactivity.
If a connection to a Telnet session is lost inadvertently, the switch terminates the session within two
hours.
Nested Telnet sessions are also supported.
Some Extreme Networks switches provide a dedicated 10/100 UTP management port. This port
provides dedicated remote access to the switch using TCP/IP. Management through this port can be
Telnet using the CLI interface, ExtremeWare Vista Web access, or SNMP access using ExtremeWare
EPICenter or another SNMP management application. The management port is a DTE port, and is not
capable of supporting switching or routing functions. The TCP/IP configuration for the management
port is done using the same syntax as is used for VLAN configuration. The VLAN mgmt comes preconfigured
with only the 10/100 UTP management port as a member.
CLI Access
Extreme Configuration Fundamentals Rev. 3.0 5
Figure 3: CLI Access
Module 3 CLI Switch Management and Security
6 Extreme Configuration Fundamentals Rev. 3.0
CLI Organization
As shown in the illustration the CLI provides commands that are nested five to six layers deep. Most of
the CLI commands take effect immediately.
CLI Organization
Extreme Configuration Fundamentals Rev. 3.0 7
Figure 4: CLI Organization
Module 3 CLI Switch Management and Security
8 Extreme Configuration Fundamentals Rev. 3.0
Virtual Routers
ExtremeWare XOS supports Virtual Routers (VRs). A virtual router is an emulation of a physical router.
This feature allows a single physical switch to be split into multiple virtual routers. This feature
separates the traffic forwarded by a virtual router from the traffic on a different virtual router. Each
virtual router maintains a separate logical forwarding table, which allows the virtual routers to have
overlapping address spaces.
Each virtual router is capable of running any combination of routing protocol modules such as RIP,
OSPF, BGP, or PIM.
NOTE
Only the BlackDiamond 10808 supports the creation of new virtual routers.
System Virtual Routers
In ExtremeWare XOS the following three system VRs exist by default:
• VR-Default - The default VR created by the system. All data ports in the switch are assigned to this
VR by default. Any port or VLAN can be added. One instance of each routing protocol is spawned
for this VR during boot up. These routing instances cannot be deleted. (called VR-2 in XOS release
10.2)
• VR-Mgmt - The switch management port is owned by this VR. The Mgmt VLAN is created in this
VR during boot up. No other ports or VLANS can be added. Used for default access for Telnet,
SNMP, SSH2, TACACS, and RADIUS. (called VR-0 in release 10.2)
• VR-Control - Has no external port and no VLAN interface. No port, VLAN, or routing protocol can
be added. Used internally by the switch for inter-process communication. (called VR-1 in release
10.2)
NOTE
System VRs cannot be deleted.
The VR Command Argument
In ExtremeWare XOS many system commands require the VR argument. For example:
tftp 10.0.4.106 -v vr-mgmt -p -l primary.cfg -r bd11_3.cfg
ping vr VR-default 10.0.4.106
If you do not specify a virtual router, VR-Mgmt is the default for most commands. If there is no default
VR the system prompts for the VR name.
NOTE
Virtual Routers are discussed in more detail in the Extreme Interior Gateway Protocol (EIGP) training class.
Virtual Routers
Extreme Configuration Fundamentals Rev. 3.0 9
Figure 5: Virtual Routers
Figure 6: The VR Command Argument
Module 3 CLI Switch Management and Security
10 Extreme Configuration Fundamentals Rev. 3.0
Switch Login
The switches support the following two access privileges levels:
● User
● Administrator
The switches can have a total of sixteen management accounts. You can use the default accounts names
(admin and user), or you can create new accounts with different names and passwords.
Passwords must have a minimum of four characters and can have a maximum of twelve characters.
However, names can be entered that are between one and thirty-one characters. User names and
passwords are case sensitive.
You can create two admin accounts, and they are identical in their capabilities.
Using ExtremeWare, if you change the password for your only remaining Administrator Account and
then forget it, the password can only be recovered in one of the following three ways:
● Provide dial-up, modem access to the switch console port and contact Extreme Networks Technical
Support to provide a remote reset of the password.
● Contact your Extreme Networks Systems Engineer to provide an on-site reset of the Administrator
password.
● Return the switch to Extreme Networks, where the password can be recovered and returned at your
cost.
ExtremeWare XOS provides a special Fail Safe account that can be used to recover from a lost
Administrator account password. However, if the Fail Safe account password is lost, the switch must be
returned to Extreme Networks.
Switch Login
Extreme Configuration Fundamentals Rev. 3.0 11
Figure 7: Switch Log-in
Module 3 CLI Switch Management and Security
12 Extreme Configuration Fundamentals Rev. 3.0
CLI - Command Prompt
The CLI Command prompt is primarily comprised of three or four components:
1 The asterisk "*" that precedes the actual command prompt
If an asterisk (*) appears in front of the command-line prompt, it indicates that you have outstanding
configuration changes that have not been saved.
2 The SNMP Sysname and colon ":" as a separator.
The sysname is user configurable with a maximum of 32 characters allowed. By default, the switch
SNMP Sysname is the model name. For example, for a Summit1iTM desktop switch, the command
prompt sysname displays Summit1i.
To change the switch SNMP sysname from the default to "Training_Switch", enter the following
command:
configure snmp sysname Training_Switch
When executed, the following prompt appears:
*Training_Switch:7#
The prompt identifies the following:
3 The number of the next CLI command to be entered.
4 The user account privilege level.
# - The hash symbol represents an administrator privilege level.
> - The greater than symbol represents a user privilege level.
When entering a command at the prompt, ensure that you have the appropriate privilege level. Most
configuration commands require the administrator privilege level.
CLI - Command Prompt
Extreme Configuration Fundamentals Rev. 3.0 13
Figure 8: CLI - Command Prompt
Module 3 CLI Switch Management and Security
14 Extreme Configuration Fundamentals Rev. 3.0
Syntax Helper
If you are unsure of the complete syntax for a particular command, enter as much of the command as
possible. The syntax helper provides a list of options for the remainder of the command.
Tab Key Completion
If you enter a partial command and press the [Tab] key, the system displays any additional options,
then repeats the command on a new line and places the cursor at the end of this new command line.
The use of the Tab key is very valuable.
CLI Space Completion
ExtremeWare XOS also allows you to complete a command automatically with the spacebar.
To enable CLI space completion, enter the following command:
enable cli space-completion
To disable CLI space completion, enter the following command:
disable cli space-completion
NOTE
Command completion is enabled on a per-session basis. The command completion setting is not saved in the
configuration file.
Syntax Helper
Extreme Configuration Fundamentals Rev. 3.0 15
Figure 9: Syntax Helper
Module 3 CLI Switch Management and Security
16 Extreme Configuration Fundamentals Rev. 3.0
CLI Abbreviated Syntax and History
Abbreviated syntax is the shortest, unambiguous abbreviation of a command, parameter, or value. This
can be as short as the first letter of the command, but by convention is typically the first three letters.
Avoid misspelled words, as the parser is not be able to recognize these.
Here is an example, using abbreviation, where you can reduce the command string by typing the
following:
co defa ad po 1-9 t n
The full command string is actually:
configure vlan default add ports 1-9 tag nobroadcast
Entering Port Values
When entering the ports within a CLI command, you have the choice to:
● List the ports separated by commas, i.e. 1,2,4
● Specify a range of ports, i.e. ports 1-9
● Specify all ports (i.e. ports all)
CLI History
The Extreme Networks switch stores the last 49 commands entered in the command history buffer. The
contents of this buffer can be displayed by entering the history command.
You can scroll through the command history buffer with the <Up> and <Down> arrow keys. Using
these keys echo the next or previous command in the buffer and place the cursor at the end of the
command string.
To edit the command displayed on the command line use the left and right arrow keys.
To display the last 49 commands entered, enter the following command:
history
CLI Abbreviated Syntax and History
Extreme Configuration Fundamentals Rev. 3.0 17
Figure 10: Abbreviated Syntax
Figure 11: CLI History
Module 3 CLI Switch Management and Security
18 Extreme Configuration Fundamentals Rev. 3.0
Unique Name Identifiers
The Unique Name Identifier function supports unique, user-friendly names for VLANs, and Spanning
Tree Domains.
Each VLAN, user account, and Spanning Tree Domain name is unique.
After naming a VLAN you can specify the VLAN name in commands without preceding the name with
the VLAN keyword. For example, if you configure a VLAN with the name of purple, you only need to
specify purple in any further commands.
The switch allocates some words for system use these are called reserved words. Reserved words can be
abbreviated.
ExtremeWare
Starting with ExtremeWare version 6.2.2 it is possible for unique name identifiers to be abbreviated like reserved
words.
Do not use reserved words or the abbreviated forms of the reserved word for name identifiers.
Unique Name Identifiers
Extreme Configuration Fundamentals Rev. 3.0 19
Figure 12: Unique Name Identifiers
Module 3 CLI Switch Management and Security
20 Extreme Configuration Fundamentals Rev. 3.0
Management Accounts
This page describes the two account levels supported.
User Level Account
A user level account has viewing access to all manageable parameters, with the exception of the
following:
● Showing the switch configuration
● Showing switch management details
● User account database
● SNMP community strings
A user-level account can use the ping command to test if a device is reachable, and change the
password assigned to the account name. If you have logged on with user capabilities, the command-line
prompt ends with a (>) sign.
Administrator Level Account
An administrator level account has both read and write access to all manageable parameters.
If you have logged on with administrator capabilities, the command-line prompt ends with a (#) sign.
An administrator can perform the following functions:
● View and change all switch parameters
● Add and delete accounts, and change the password associated with any account name.
● Disconnect a management session that has been established by way of a Telnet connection. If this
happens, the user logged on by way of the Telnet connection is notified that the session has been
terminated.
To terminate a user CLI session, enter the following command:
clear session <user_id>
To log out of a session, enter one of the following commands:
exit
logout
Management Accounts
Extreme Configuration Fundamentals Rev. 3.0 21
Figure 13: Switch Management Accounts
Module 3 CLI Switch Management and Security
22 Extreme Configuration Fundamentals Rev. 3.0
Creating User Accounts
To create a user account, enter the following command:
create account [admin | user] <name> {encrypted} {<password>}
Only users with admin level authority can create new accounts.
The encrypted option is reserved for use by the switch. It is a system option for the switch TFTP server
uploads and downloads and not for users.
If the encrypted option is used while creating a new account through the CLI, the switch assumes that
the username and password are in its encrypted form and not in clear text. A login for this account with
the clear text name and password is not possible.
Show Accounts
To display user account information, enter the following command:
show account
The command displays the following:
● Account names
● Access level
● Number of successful and failed login attempts per account
Creating User Accounts
Extreme Configuration Fundamentals Rev. 3.0 23
Figure 14: Creating User Accounts
Module 3 CLI Switch Management and Security
24 Extreme Configuration Fundamentals Rev. 3.0
Failsafe Login
The failsafe account is the account of last resort to access the switch. This account is never displayed by
the show account command, but is always present on the switch.
To configure the failsafe account, enter the following command:
configure failsafe-account
You are prompted for the failsafe account name, and prompted twice to specify the password for the
account. The failsafe account is immediately saved to NVRAM.
For example:
BD-10808.1 # configure failsafe-account
enter failsafe user name: adminzilla
enter failsafe password:
enter password again:
BD-10808.2
To access the switch using the failsafe account, you must be connected to the serial console port of the
switch. You cannot access the failsafe account through any other port.
At the switch login prompt, carefully enter the failsafe account name.
After you enter the failsafe account name, you are prompted to enter the password.
After you are successfully logged in to the failsafe account, you will see the following prompt:
failsafe>
From here, you have four command choices:
• Login—Use this command to access the switch CLI. You will have full administrator capabilities.
• Reboot—Use this command to reboot the current MSM.
• Help—Use this command to display a short help text.
• Exit—Use this command to exit the failsafe account and return to the login prompt.
Typically, you use the Login command to correct the problem that required you to use the failsafe
account.
NOTE
The information that you use to configure the failsafe account cannot be recovered by Extreme
Networks. Technical support cannot retrieve passwords or account names for this account. Protect this
information carefully.
Failsafe Login
Extreme Configuration Fundamentals Rev. 3.0 25
Figure 15: The Failsafe Login
Module 3 CLI Switch Management and Security
26 Extreme Configuration Fundamentals Rev. 3.0
Limiting CLI Sessions and Failed Logins
The ExtremeWare XOS software introduces support for session control.
Up to eight active shell sessions can access the switch concurrently.
An administrator-level account can limit the number of simultaneous CLI sessions on the switch. If you
configure a new limit, only new incoming ExtremeWare XOS shell sessions are affected. Shell sessions
that are already connected, are not disconnected as a result of decreasing the limit.
To limit the number of sessions, enter the following command:
configure cli max-sessions <num-of-sessions>
Where:
num-of-sessions - Specifies the maximum number of concurrent sessions permitted in the range of 1 to
16. The value must be greater than 0. The default is eight sessions.
For example:
configure cli max-sessions 4
An administrator-level account can limit the maximum number of failed logins permitted before the
session is terminated.
To limit the number of login attempts, enter the following command:
configure cli max-failed-logins <num-of-logins>
Where:
num-of-logins - Specifies the maximum number of failed logins permitted in the range of 1 to 10. The
value must be greater than 0. The default is three login attempts.
For example:
configure cli max-failed-logins 2
Limiting CLI Sessions and Failed Logins
Extreme Configuration Fundamentals Rev. 3.0 27
Figure 16: Limiting CLI Sessions and Failed Logins
Module 3 CLI Switch Management and Security
28 Extreme Configuration Fundamentals Rev. 3.0
Restricting Telnet Access
The ExtremeWare XOS software introduces the concept of virtual routers.
An administrator-level account can restrict which virtual router interfaces listen for Telnet connection
requests.
To limit which virtual router interfaces listen for Telnet connection requests, enter the following
command:
configure telnet vr [all | default | <vr_name>
Where:
all - Specifies to use all virtual routers for Telnet connections.
default - Specifies to use the default virtual router for Telnet connections. The default router is VRMgmt.
vr_name - Specifies the name of the virtual router to use for Telnet connections.
For example:
configure telnet vr all
Restricting Telnet Access
Extreme Configuration Fundamentals Rev. 3.0 29
Figure 17: Restricting Telnet Access
Module 3 CLI Switch Management and Security
30 Extreme Configuration Fundamentals Rev. 3.0
Displaying Switch Status
To display the current switch information, enter the following command:
show switch
The display shows:
● System name, system location, system contact
● MAC address
● Current date and time, and system boot time
● Scheduled reboot information
● NVRAM image (primary/secondary image, version)
● NVRAM configuration (primary/secondary configuration, date, time, size)
From this display, you can determine the software image file that the switch booted from. It is
identified as Image Booted.
The software image file that the switch boots from next is identified as the Image Selected.
You can also determine the configuration file the switch used to boot. It is identified as Config Booted.
The configuration file that the switch uses during the next boot is identified as the Config Selected.
In the example shown, the software image selected and booted is taken from the primary location. The
configuration selected and configuration booted is also taken from the primary location.
Displaying Switch Status
Extreme Configuration Fundamentals Rev. 3.0 31
Figure 18: Displaying Switch Status
Module 3 CLI Switch Management and Security
32 Extreme Configuration Fundamentals Rev. 3.0
Displaying the Management Configuration
To display the network management configuration, statistics, and SNMP settings, enter the following
command:
show management
The display includes:
● Enable/disable states for Telnet, and SNMP
● Authorized SNMP station list
● SNMP trap receiver list
● RMON polling configuration
● SNMP statistics
Displaying the Management Configuration
Extreme Configuration Fundamentals Rev. 3.0 33
Figure 19: Displaying the Management Configuration
Module 3 CLI Switch Management and Security
34 Extreme Configuration Fundamentals Rev. 3.0
ExtremeWare XOS Image File Names
ExtremeWare XOS software is available on the BlackDiamond 10808TM, BlackDiamond 8810TM
BlackDiamond 8806TM, and Summit X450TM switches.
NOTE
Although all of the switches listed above run ExtremeWare XOS 11.3.0 the binary image files are unique for
different switches.
Every switch loads a user-selected software operating system image file when it boots.
The current release being shipped on newly manufactured switches is 11.3.0.
The image name identifies the compatible switch type. For example:
● For BlackDiamond 8810 and 8806 the current file name is:
bd8800-11.2.3.3.xos
● For BlackDiamond 10808 the current file name is:
bd10K-11.2.3.3.xos the current file name is:
● For Summit X450
summitX450-11.3.1.3.xos
NOTE
Prior to release 11.3 the file name for BlackDiamond 8810 images began with the word aspen.
For example: aspen-11.2.3.3.xos.
NOTE
Frequently the image file name downloaded from Extreme Networks web site contains square brackets. For example:
bd10K-11[1][1].2.3.3.xos. A TFTP server cannot interpret the square brackets. Therefore the file must be renamed
before it can be downloaded to the switch.
ExtremeWare XOS Image File Extensions
The ExtremeWare XOS uses the following file extensions:
● .xos - The core image file
● .xmod - A software module that adds functionality to supplement a core image.
● .xbr - A bootrom image.
NOTE
The version number of a modular software package must match the version number of the core image that it will be
running with.
ExtremeWare XOS Image File Names
Extreme Configuration Fundamentals Rev. 3.0 35
Figure 20: ExtremeWare XOS Image File Names
Figure 21: ExtremeWare XOS Image File Extensions
Module 3 CLI Switch Management and Security
36 Extreme Configuration Fundamentals Rev. 3.0
ExtremeWare XOS Version Strings
The image version string contains build information for each version of ExtremeWare XOS. You can use
either the show version or show switch command to display the version running on your switch.
Depending on the CLI command, the output is structured as follows:
show version
ExtremeWare XOS version 11.3.1.1
ExtremeWare XOS Version <major>.<minor>.<patch>.<build>
show switch
11.3.1.1
<major>.<minor>.<patch>.<build>
Table 1 describes the image version fields.
A software module version string contains the following:
<SWITCH PLATFORM>-<GLOBAL VERSION>-><PACKAGE NAME>.XMOD
example: bd10K-11.3.1.1-ssh.xmod
Where:
<Switch Platform> is the name of the platform (e.g. bd10K)
<Package Name> is an abbreviated name for the content of the package.
<Global Version> is the overall version of ExtremeWare XOS in the format
<major>.<minor>.<patch>.<build>
Table 1: Image version fields
Field Description
major Specifies the ExtremeWare XOS Major version number.
minor Specifies the ExtremeWare XOS Minor version number.
patch Identifies a specific patch release.
build Specifies the ExtremeWare XOS build number. This value is reset to zero for each new
Major and Minor release.
ExtremeWare XOS Version Strings
Extreme Configuration Fundamentals Rev. 3.0 37
Figure 22: ExtremeWare XOS Version Strings
Module 3 CLI Switch Management and Security
38 Extreme Configuration Fundamentals Rev. 3.0
ExtremeWare Software Versions
ExtremeWare is a full-featured software operating system that is designed to run on the BlackDiamond
6800TM, AlpineTM, and Summit families of Gigabit Ethernet switches.
The current release being shipped on newly manufactured switches is: ExtremeWare release 7.4.0
ExtremeWare Image File Names
The image version string contains build information for each version of ExtremeWare. You can use
either the show version or show switch command to display the version running on your switch.
The image file name identifies the major release, minor release, patch, and build numbers. For example:
v740b12.xtr.
Table 2: Image version fields
Field Description
7 Specifies the ExtremeWare Major version number.
4 Specifies the ExtremeWare Minor version number.
0 Identifies a specific patch release.
b12 Specifies the ExtremeWare build number. This value is reset to zero for each new Major
and Minor release.
ExtremeWare Software Versions
Extreme Configuration Fundamentals Rev. 3.0 39
Figure 23: ExtremeWare Image File Names
Module 3 CLI Switch Management and Security
40 Extreme Configuration Fundamentals Rev. 3.0
Software Image File Extensions
This page describes the information contained in the software image file extensions.
For ExtremeWare the file extension identifies the type of switch that the software is compatible with.
NOTE
Certain hardware modules and software modules have their own software images with different file extensions. Refer
to the release notes for more information.
File Extension Software Switch
.xtr ExtremeWare Alpine and BlackDiamond 6804/6808
.Sxtr ExtremeWare with Secure Shell
support
Alpine and BlackDiamond 6804/6808
.Bxtr ExtremeWare
No Unified Access, Power over
Ethernet, or SSH support
Summit i-series systems with at least 128 MB memory
Summit 1i, Summit 5i, Summit 7i Summit 48Si
.SBxtr ExtremeWare with Secure Shell
support
Summit i-series systems with at least 128 MB memory
.Gxtr ExtremeWare BlackDiamond 6816
.SGxtr ExtremeWare with Secure Shell
support
BlackDiamond 6816
.Fxtr ExtremeWare Summit 200-24, Summit 200-48, Summit 300-24
.SFxtr ExtremeWare with Secure Shell
support
Summit 200-24, Summit 200-48, Summit 300-24
.Lxtr ExtremeWare Summit 300-48
.SLxtr ExtremeWare with Secure Shell
support
Summit 300-48
.Cxtr ExtremeWare Summit 400-48t
.SCxtr ExtremeWare with Secure Shell
support
Summit 400-48t
Software Image File Extensions
Extreme Configuration Fundamentals Rev. 3.0 41
Figure 24: ExtremeWare Image File Extensions
Module 3 CLI Switch Management and Security
42 Extreme Configuration Fundamentals Rev. 3.0
Software Image Files in the Switch
Every Extreme Networks switch loads a user-selected software operating system image when it boots.
The image file contains executable code in a compressed format.
The switches can store two software operating system images:
● Primary
● Secondary
When downloading a new image, select which image space (primary or secondary) the new image is to
be placed into.
The primary and secondary software images are stored in Flash RAM. You may find it useful to use
both primary and secondary image files, especially when upgrading software. If something goes wrong
with an upgrade, you have a fallback image to boot from.
These containers, although called primary and secondary, are just placeholders.
To display which software is running on the switch and which software is set to be used after the next
reboot, enter the following command:
show switch
The show switch command display the following:
● Which software image is selected, and which image that is used when the switch boots.
● The configuration that is selected and the configuration that is used when the switch boots.
Software Image Files in the Switch
Extreme Configuration Fundamentals Rev. 3.0 43
Figure 25: Software Images on the Switch
Module 3 CLI Switch Management and Security
44 Extreme Configuration Fundamentals Rev. 3.0
Software Configuration Files
The software configuration is the customized set of parameters that the administrator has selected to
run on the individual switch. If you make configuration changes, the new settings are stored in runtime
memory.
Settings stored in run-time memory are not retained by the switch when it reboots.
To retain settings, and have them loaded when the switch reboots, save the configuration to nonvolatile
storage by issuing the save command. To save the configuration to the primary configuration file, enter
the following command:
save primary
To save the configuration to a configuration file named lab1, enter the following command:
save configuration lab1
Using ExtremeWare XOS you can TFTP transfer any existing configuration file. ExtremeWare XOS
configuration files are saved in XML format on the TFTP server. ExtremeWare XOS uses an internal
XML interface between the SNMP and CLI interfaces and the rest of the software sub-systems.
NOTE
The configuration files are not backwards compatible with the software image files. You should not run a
configuration file created with, for example, 11.3 with software 11.1.
To display the active configuration file, enter the following command:
show configuration
ExtremeWare XOS can display the active configuration for a specific configuration module. For example
to display the configuration for the Routing Information Protocol (RIP), enter the following command:
show configuration rip
ExtremeWare Text-based Configuration Files
Using ExtremeWare you can only save the configuration to the primary or secondary file names.
Using ExtremeWare, you can only TFTP transfer the active configuration, and the ExtremeWare
configuration files are stored as plain ASCII text on the TFTP server.
Software Configuration Files
Extreme Configuration Fundamentals Rev. 3.0 45
Figure 26: Software Configuration Files
Figure 27: Displaying Configuration Files
Module 3 CLI Switch Management and Security
46 Extreme Configuration Fundamentals Rev. 3.0
Selecting Image and Configuration Files for the Next Reboot
To select which image the switch loads on the next reboot, enter the following command:
use image partition [primary | secondary]
CAUTION
Make sure that your software image is compatible with the BootROM Master Release Version for the ExtremeWare or
ExtremeWare XOS version being used.
To use a particular configuration on the next reboot, enter the following command:
use configuration [ primary | secondary | filename]
The configuration file name must already exist on the switch.
NOTE
The use configuration command does not select the active configuration. The command selects which configuration
is going to be used after the next reboot.
NOTE
ExtremeWare can only use the primary or secondary configuration files.
Selecting Image and Configuration Files for the Next Reboot
Extreme Configuration Fundamentals Rev. 3.0 47
Figure 28: Selecting Image and Configuration Files
Module 3 CLI Switch Management and Security
48 Extreme Configuration Fundamentals Rev. 3.0
File System Commands
ExtremeWare XOS supports UNIX-like file system commands for listing, renaming, and removing files.
To list all current configuration and policy files in the system, enter the following command:
ls {memorycard}
The memorycard argument lists files on the removable compact flash memory card.
For example:
ls
For each file the display is similar to the following:
-rw-rw-rw- 1 root 0 68297 Dec 8 02:03 primary.cfg
The first column displays the file permission using the following ten place holders.
• The first place holder displays d for a directory and - for a file.
• The next three placeholders display r for read access, w for write access, and x for execute
permission for the file owner.
• The next three placeholders display r for read access, w for write access, and x for execute
permission for members of the file owner’s group.
• The last three placeholders display r for read access, w for write access, and x for execute permission
for every user that is not a member of the file owner’s group.
The second column shows how many links the file has to other files or directories.
The third column shows the file owner. The fourth column is the owner’s group.
The remaining columns show the file size, date it was last modified, and the file name.
File System Commands
Extreme Configuration Fundamentals Rev. 3.0 49
Figure 29: The List Command Display
Module 3 CLI Switch Management and Security
50 Extreme Configuration Fundamentals Rev. 3.0
Copying, Renaming, and Removing Files
To copy a file, enter the following command:
cp filename newfile
For example:
cp primary.cfg foo.cfg
Copy config primary.cfg to config foo.cfg on switch? (y/n) Yes
To rename a file, enter the following command:
mv source destination
The system prompts:
Rename source to destination on switch? (y/n)
Enter y to rename the file. Enter n to cancel.
For example:
mv hughtest.cfg roytest.cfg
Rename config hughtest.cfg to config roytest.cfg on switch? (y/n) Yes
Make sure the renamed file uses the same file extension as the original file. If you change the file
extensions, the file may be unrecognized by the system.
• Configuration files use the .cfg file extension
• Policy files use the .pol file extension
This command also replicates the action from the primary MSM to the backup MSM. For example, if
you rename a file on the primary MSM, the same file on the backup MSM is renamed. A message
appears that asks you to confirm this action.
To remove a file, enter the following command:
rm <filename>
The system prompts:
Remove filename on switch? (y/n)
Enter y to rename the file. Enter n to cancel.
For example:
rm oldtest.cfg
Remove oldtest.cfg on switch? (y/n) Yes
This command also replicates the action from the primary MSM to the backup MSM. For example, if
you delete a file, the file is deleted on both the active on the backup MSM. A message appears that asks
you to confirm this action.
Copying, Renaming, and Removing Files
Extreme Configuration Fundamentals Rev. 3.0 51
Figure 30: Copying, Renaming, and Removing Files
Module 3 CLI Switch Management and Security
52 Extreme Configuration Fundamentals Rev. 3.0
Assigning an IP Address to a VLAN
The switch comes with pre-configured VLANs named Mgmt and Default. The management VLAN has
the management Ethernet port configured in it. This port provides out-of-band management access to
an Extreme Networks switch.
The default VLAN comes configured with all data ports assigned to it.
For lab exercise purposes, we need to assign an IP address to one of the pre-configured VLANs and
assign an IP address to the PC-laptop that is connected to the switch.
Assigning an IP address creates a router interface within that VLAN. The default VLAN router interface
is in the corresponding VR-Default virtual router. The mgmt VLAN router interface is in the
corresponding VR-Mgmt virtual router.
To assign an IP address and optional subnetwork mask to the named VLAN, enter the following
command:
configure vlan <vlan name> ipaddress <ipaddress> {<netmask>}
The subnetwork mask notation can take either of two forms:
● full dotted-decimal notation For example: 255.255.255.0
● Slash # notation which indicates the network portion in binary bits. For example, /24
Examples:
configure vlan mgmt ipaddress 10.0.0.1 255.255.255.0
configure vlan default ipaddress 10.0.0.1/24
To remove an IP address and optional mask from the named VLAN, enter the following command:
unconfigure vlan <vlan name> ipaddress
Assigning an IP Address to a VLAN
Extreme Configuration Fundamentals Rev. 3.0 53
Figure 31: Assigning an IP Address to a VLAN
Module 3 CLI Switch Management and Security
54 Extreme Configuration Fundamentals Rev. 3.0
Upgrading the Software Image
The image is upgraded by using a download procedure from either a Trivial File Transfer Protocol
(TFTP) server on the network or a PC connected to the serial port using the XMODEM protocol. The
serial download is very slow and can only be done from the BootROM menu.
Downloading a new image involves the following steps after IP connectivity has been properly set up:
● Load the image onto a TFTP server
● Verify IP connectivity between the switch and the TFTP server
● Download the image to the switch
● Select which image to use on the next reboot
● Reboot the switch
NOTE
90% of the time, changes in the configuration of the switches does not require a reboot. However, the download
image command does require a reboot.
To download a new software image from a TFTP server to the primary or secondary location, enter the
following command:
download image [[<hostname> | <ipaddress>] <filename> {{vr} <vrname>}
| memorycard <filename>] {<partition>} {msm <slotid>}
Syntax Description
If no parameters are specified, the image is saved to the location selected for the next reboot.
To verify that the image downloaded to the correct location, enter the following command:
show log
hostname Specifies the hostname of the TFTP server from which the image should be obtained.
ipaddress Specifies the IP address of TFTP server from which the image should be obtained.
memorycard Specifies that the image should be obtained from the external compact flash memory card.
NOTE: This parameter is available only on modular switches.
filename Specifies the filename of the new image.
vrname Specifies the name of the virtual router.
partition Specifies which partition the image should be saved to: primary or secondary.
slotid Specifies the MSM where the software image should be downloaded. MSM A or MSM B.
NOTE: This parameter is available only on chassis-based switches.
Upgrading the Software Image
Extreme Configuration Fundamentals Rev. 3.0 55
Figure 32: Upgrading the Software Image
Module 3 CLI Switch Management and Security
56 Extreme Configuration Fundamentals Rev. 3.0
Backing up ExtremeWare XOS Configuration Files
It is always recommended to have a backup of the switch configuration. You can upload the current
ExtremeWare XOS configuration to a TFTP server on your network. The uploaded configuration file
retains your system configuration and is saved in XML format.
You are unable to view ExtremeWare XOS configuration files with a text editor. To view your current
switch configuration, use the show configuration command.
To upload the configuration, enter the following command:
tftp [<host_name> | <ip_address>] {-v <vr_name>} [-g | -p] [{-l
[<local_file> | memorycard <local-file-memcard>]} {-r <remote_file>} | {-r
<remote_file>} {-l [<local_file> | memorycard <local-file-memcard]}]
Syntax Description
Example:
tftp 10.0.4.106 -v vr-mgmt -p -l bdversion10_1_2_16.cfg
Uploading /root/config/bdversion10_1_2_16.cfg to 10.0.4.106 ..........
Backing Up ExtremeWare Configuration Files
The upload command transfers the ExtremeWare current runtime configuration to the specified TFTP
server. To save the switch configuration, enter the following command:
upload configuration [ cancel | <host name/ip> <filename> ] {every <hour>
<minute>}
If every <hour> is specified, the switch automatically saves the configuration to the server once per day,
at the specified time. If no options are specified, the current configuration is uploaded immediately.
host_name Specifies the name of the remote host.
ip_address Specifies the IP address of the TFTP server.
vr_name Specifies the name of the virtual router.
NOTE: The BlackDiamond 8800 family of switches and the Summit X450 switch do not
support user-created VRs.
-g Gets the specified file from the TFTP server and copies it to the local host.
-p Puts the specified file from the local host and copies it to the TFTP server.
local_file Specifies the name of the file (configuration file, policy file) on the local host.
memorycard Specifies the removable external compact flash card.
NOTE: This parameter is available only on modular switches.
remote_file Specifies the name of the file on the remote host. If no name is specified, the file is saved
with the local file name.
Backing up ExtremeWare XOS Configuration Files
Extreme Configuration Fundamentals Rev. 3.0 57
Figure 33: Backing Up the Configuration
Figure 34: Backup Configuration Files
Module 3 CLI Switch Management and Security
58 Extreme Configuration Fundamentals Rev. 3.0
Retrieving the Configuration
An ExtremeWare XOS configuration file can be downloaded to the switch using the tftp command.
For example:
tftp 103.0.0.2 -v vr-default -g -l tested.cfg -r backup.cfg
Where:
● host-name - Is the host name of the TFTP server.
● ip_address - Is the IP address of the TFTP server.
● -g - Gets the specified file from the TFTP server and copies it to the switch.
● -l local_file - Specifies the name of the configuration file on the switch.
● -r remote_file - Specifies the name of the configuration file on the TFTP server.
Restoring an ExtremeWare Configuration File
To download a previously saved ExtremeWare configuration file, enter the following command.
download configuration [ cancel | every <hour><minute> | <hostname/ip> ]
<filename> {incremental}
The configuration file is downloaded using TFTP.
The system prompts:
Would you like to reboot the system? (Y/N)
The downloaded configuration file is stored in an area of switch memory, (not primary or secondary
configuration containers) and is not retained if the switch has a power failure. When the switch is
rebooted, it treats the downloaded configuration file as a script of CLI commands.
Use the incremental keyword to specify an incremental or partial configuration download. In this case,
the commands specified in the incremental download file are executed, but configuration settings not
specified in the file are left intact. No reboot is required.
After the script is executed, save the configuration to the primary or secondary configuration area, to
retain it through a power cycle. If you are connected to the switch through the serial port, the system
prompts to save the configuration.
You must reboot the switch if you made changes to the following default settings:
● enable/disable web access (Default setting is enabled)
● configure dot1Q ethertype <hex number>
To reboot the switch, enter the following command:
reboot
Retrieving the Configuration
Extreme Configuration Fundamentals Rev. 3.0 59
Figure 35: Restoring the Configuration
Module 3 CLI Switch Management and Security
60 Extreme Configuration Fundamentals Rev. 3.0
BootStrap and BootROM
The BootROM of the switch initializes certain important switch variables during the boot process. If
necessary, the BootROM can be upgraded using TFTP. For disaster recovery purposes (i.e. in the event
the switch does not boot properly), some boot option functions can be accessed through a special
BootROM menu.
During a software upgrade the system BootROM checks the software for a unique signature. The
BootROM denies an incompatible software upgrade.
BootStrap Menu Options
The illustration shows the options available from the switch's BootStrap menu after entering the help
command (or "h").
BootRom Menu Options
The illustration shows the options available from the switch's BootRom menu after entering the help
command.
Interaction with the BootROM menu is only required under special circumstances and should be done
only under the direction of Extreme Networks Customer Support. The necessity of using these functions
implies a non-standard problem, which requires the assistance of Extreme Networks Customer Support.
The BootROM Menu can only be accessed when the switch is hard-booted.
NOTE
When asked to depress the <spacebar> remember to press and hold the <spacebar> key.
ExtremeWare
Option p to boot from a PCMCIA card is not used at this time.
BootStrap and BootROM
Extreme Configuration Fundamentals Rev. 3.0 61
Figure 36: The BootStrap Menu
Figure 37: BootROM Menu Options
Module 3 CLI Switch Management and Security
62 Extreme Configuration Fundamentals Rev. 3.0
Upgrading the BootROM
In ExtremeWare XOS the bootrom is upgraded along with the software image. Only in rare cases would
the BootROM be upgraded separately.
Upgrade the BootROM only when asked to do so by an Extreme Networks technical representative. If
this command does not complete successfully it could prevent the switch from booting. In the event the
switch does not boot properly, some boot option functions can be accessed through a special BootROM
menu.
To display the switch BootROM version, enter the following command:
show version
To download the BootROM image from a specified TFTP server, enter the following command:
download bootrom [[<ipaddress> | <hostname>] <filename> {{vr} <vrname>}
| memorycard <filename>] {msm <slotid>}
Reboot the switch after downloading the BootROM.
When upgrading the BootROM separately, upgrade the BootROM and reboot before upgrading the
software image.
Upgrading the BootROM
Extreme Configuration Fundamentals Rev. 3.0 63
Figure 38: Upgrading the BootROM
Module 3 CLI Switch Management and Security
64 Extreme Configuration Fundamentals Rev. 3.0
Returning the Switch to Factory Defaults
To return the switch to its original factory default settings, enter the following command:
unconfigure switch
This command resets the entire configuration, with the exception of user accounts and passwords that
have been configured, and the date and time.
To reset all parameters except date and time, enter the following command:
unconfigure switch all
NOTE
This command deletes the currently selected configuration file. It does not delete saved configuration files.
Initializing the Switch
When the switch is new or the unconfigure switch all command has been used, you must connect to the
console to access the switch. You are prompted with an interactive script that specifically asks if you
want to disable telnet, disable SNMP, and disable the unconfigured ports. The system displays the
following prompts:
This switch currently has all management methods disabled for security reasons. Please
answer these questions about the security settings you would like to use.
Telnet is enabled by default. Telnet is unencrypted and has been the target of
security exploits in the past.
Would you like to disable Telnet? [y/N]
SNMP access is enabled by default. SNMP uses no encryption, SNMPv3 can be
configured to eliminate this problem.
Would you like to disable SNMP? [y/N]:
All ports are enabled by default. In some secure applications, it maybe more
desirable for the ports to be turned off.
Would you like unconfigured ports to be turned off by default? [y/N]:
Returning the Switch to Factory Defaults
Extreme Configuration Fundamentals Rev. 3.0 65
Figure 39: Returning the Switch to Factory Defaults
Module 3 CLI Switch Management and Security
66 Extreme Configuration Fundamentals Rev. 3.0
Identifying the Busiest Process
ExtremeWare XOS consists of a number of cooperating processes running on the switch. The
ExtremeWare XOS process manager monitors all of the XOS processes. The process manager also
ensures that only version-compatible processes are started. The ExtremeWare XOS process level
watchdog uses simple periodic keep-alive messages that flow between the monitored applications and a
process monitor. ExtremeWare XOS is designed to automatically detect application level infinite loops
or general execution problems and take preemptive action.
However, under certain conditions, the administrator may need to stop, start, and examine information
about processes.
The top command shows the percentage of CPU processing devoted to each task, sampled every 5
seconds. Investigate tasks showing consistent or periodic high CPU utilization.
To display the system processes, enter the following command:
top
You can change the display by typing the following characters while the display is active.
N Sort by PID (Numerically)
A Sort by age
P Sort by CPU usage
M Sort by resident memory usage
T Sort by time / cumulative time
Refer to UNIX documentation for additional information about process status displays.
To stop the refresh of the top command display, press Ctrl-c or the letter q.
Identifying the Busiest Process
Extreme Configuration Fundamentals Rev. 3.0 67
Figure 40: Top Process Command Display
Module 3 CLI Switch Management and Security
68 Extreme Configuration Fundamentals Rev. 3.0
Displaying Processes
The show process command displays the status of ExtremeWare XOS processes on the switch, including
how many times a process has been restarted.
To display system processes, enter the following command:
show process {<name>} {detail} {slot <slotid>}
Where:
detail - Specifies more detailed process information.
slotid - Specifies the MSM slot. (A or B)
name - Specifies the name of the process.
Using this command without the optional keywords, displays summary process information. If you
specify the slot keyword, summary information is displayed for that particular slot only. The show
process and show process slot <slotid> commands display the following information in a tabular
format:
• Card—The name of the card where the processes are running
• Process Name—The name of the process
• Version—The version number of the process
• Restart—The number of times the process has been restarted
• State—The current state of the process
• Start Time—The date and time the process began
If you specify the detail keyword, more specific and detailed process information is displayed. The
show process detail and show process slot <slotid> detail commands display the following
information in a multi-tabular format:
• Detailed process information
• Memory usage configurations
• Recovery policies
• Process statistics
• Resource usage
If you specify the version keyword, information about the version of the process is displayed. The show
process version command displays the following information in a tabular format:
• Card—The name of the card where the processes are running
• Process Name—The name of the process
• Version—The version number of the process
• BuiltBy—The name of the software build manager
• Link Date—The date the executable was linked
Displaying Processes
Extreme Configuration Fundamentals Rev. 3.0 69
Figure 41: Displaying Processes
Figure 42: Displaying Process Details
Module 3 CLI Switch Management and Security
70 Extreme Configuration Fundamentals Rev. 3.0
Monitoring Process Heartbeat
ExtremeWare XOS supports the ability to monitor the health of the processes.
The switch process manager uses two algorithms to collect process health information: polling and
reporting. Each process is monitored using either polling or reporting. Both polling and reporting count
the heartbeat of the process.
Polling occurs every 10 seconds on the BlackDiamond 8800 and Summit X450 switches when a HELLO
message is sent and a HELLO_ACK message is received. The two counts remain the same. For example
the ESRP process in the illustration.
Reporting occurs every 2 seconds on the BlackDiamond 8800 and Summit X450 switches when only a
HELLO_ACK message is sent, no HELLO messages are sent, and the HELLO count remains at zero. For
example the BGP process in the illustration.
To display the health of the ExtremeWare XOS processes, enter the following command:
show heartbeat process {<name>}
Where:
name - Specifies the name of the process.
The show heartbeat process command displays the following information in a tabular format:
• Card—The name of the card where the process is running
• Process Name—The name of the process
• Hello—The number of hello messages sent to the process
• HelloAck—The number of hello acknowledgement messages received by the process manager
• Last Heartbeat Time—The timestamp of the last health check received by the process manager
(Unknown specifies kernel modules which do not participate in heartbeat monitoring)
This status information may be useful for your technical support representative if you have a
ExtremeWare XOS problem.
The heartbeat process information can also be displayed for a single process.
For example:
show heartbeat process tftpd
Monitoring Process Heartbeat
Extreme Configuration Fundamentals Rev. 3.0 71
Figure 43: Displaying the Process Heartbeat
Module 3 CLI Switch Management and Security
72 Extreme Configuration Fundamentals Rev. 3.0
Terminating a Process
ExtremeWare XOS introduces the ability to terminate a process. This is useful if a process is stuck in a
loop and is using excessive CPU or memory resources.
To terminate a process, enter the following command:
terminate process <name> [forceful | graceful] {msm <slot>}
Where:
name - Specifies the name of the process to terminate. You can terminate the following processes:
• lldp - 802.1AB; Station and Media Access Control Connectivity Discover
• netLogin - Network Login includes MAC, Web-Based and 802.1X authentication
• ospf - Open Shortest Path First Routing Protocol
• telnetd - The telnet daemon.
• tftpd - The TFTP daemon.
• thttpd - The Web Server daemon.
graceful - Specifies a graceful termination. The graceful option terminates the process by allowing it to
close all opened connections, notify peers on the network, and other types of process cleanup. After this
phase, the process is finally terminated.
forceful - Specifies a forceful termination. The forceful option quickly terminates a process on demand.
Unlike the graceful option, the process is immediately shutdown without any of the normal process
cleanup.
slot - Specifies the MSM where the process should be terminated. A specifies the MSM installed in slot
A, and B specifies the MSM installed in slot B.
For example:
terminate process “tftpd” graceful a
To get a description of what each process does, enter the following command:
show process description
Terminating a Process
Extreme Configuration Fundamentals Rev. 3.0 73
Figure 44: Terminating a Process
Module 3 CLI Switch Management and Security
74 Extreme Configuration Fundamentals Rev. 3.0
Starting a Process
The start process command can be used to restarts a process that has been terminated by the
administrator or failed.
To start a system process, enter the following command:
start process , enter the following command:
start process <name> {msm <slot>}
Where:
name - Specifies the name of the process to start. You can terminate the following processes:
• lldp - 802.1AB; Station and Media Access Control Connectivity Discover
• netLogin - Network Login includes MAC, Web-Based and 802.1X authentication
• ospf - Open Shortest Path First Routing Protocol
• telnetd - The telnet daemon.
• tftpd - The TFTP daemon.
• thttpd - The Web Server daemon.
slot - Specifies the MSM where the process should be terminated. A specifies the MSM installed in slot
A, and B specifies the MSM installed in slot B.
For example:
start process tftpd
Restarting Processes
To terminate and restart a specified process, enter the following command:
restart process [class <cname> | <name> {msm <slot>}]
Where:
class_name - Specifies the name of a class of processes to restart. With this parameter, you can terminate
and restart all instances of the processes associated with a specific routing protocol on all VRs.
Supported process classes are OSPF.
name - Specifies the name of a single process to restart.
Starting a Process
Extreme Configuration Fundamentals Rev. 3.0 75
Figure 45: Starting a Process
Module 3 CLI Switch Management and Security
76 Extreme Configuration Fundamentals Rev. 3.0
Monitoring System Memory
ExtremeWare XOS introduces the ability to monitor memory use.
To monitor memory use, enter the following command:
show memory {slot [a | b]} | {process name}
Where:
a - Specifies the MSM module installed in slot 9 of the BlackDiamond 10808 switch or slot 5 of the
BlackDiamond 6800 switch.
b - Specifies the MSM module installed in slot 10 of the BlackDiamond 10808 switch or slot 6 of the
BlackDiamond 6800 switch.
name - Specifies a single process name
The show memory command displays the following information in a tabular format:
• The card letter and slot number of the MSM.
• The name of each process.
• Current memory (both free and allocated memory) used by the individual processes system and the
users.
If you issue the command with out any parameters, information about all of the MSMs installed in your
system is displayed.
Examples:
Examples:
show memory
show memory slot a
show memory process tftpd
Monitoring System Memory
Extreme Configuration Fundamentals Rev. 3.0 77
Figure 46: Displaying System Memory
Module 3 CLI Switch Management and Security
78 Extreme Configuration Fundamentals Rev. 3.0
Monitoring Protocol Memory
ExtremeWare XOS introduces the ability to monitor the memory of a specific protocol application. This
information can be sent to Extreme Networks technical support to help diagnose a protocol process
problem.
To monitor the memory used by the OSPF process, enter the following command:
show ospf memory {detail | <memoryType}
Where:
detail - Displays detail information.
memoryType - Specifies the memory type usage to display. The exact type varies depending on the
protocol process. Use command completion to display the list of arguments.
Examples:
show ospf memory
show ospf memory detail
show ospf memory ospfArea
To monitor the memory used by the RIP process, enter the following command:
show rip memory {detail | <memoryType}
Where:
detail - Displays detail information.
memoryType - Specifies the memory type usage to display. The exact type varies depending on the
protocol process. Use command completion to display the list of arguments.
Examples:
show rip memory
show rip memory detail
show rip memory peer
To monitor the memory used by the BGP process, enter the following command:
show bgp memory {detail | <memoryType}
Where:
detail - Displays detail information.
memoryType - Specifies the memory type usage to display. The exact type varies depending on the
protocol process. Use command completion to display the list of arguments.
Examples:
show bgp memory
show bgp memory detail
show bgp memory aggroute
Monitoring Protocol Memory
Extreme Configuration Fundamentals Rev. 3.0 79
Figure 47: Displaying Protocol Memory
Module 3 CLI Switch Management and Security
80 Extreme Configuration Fundamentals Rev. 3.0
Additional Switch Management Tools
Additional management features provide enhanced management of the Extreme Networks switch
family.
These tools include:
● Secure Shell (SSH2)
● Simple Network Management Protocol (SNMP)
● Authenticating Users
■ RADIUS
■ TACACS+
● Simple Network Time Protocol (SNTP)
● Remote Monitoring (RMON)
● Logging Features
■ Local Logging
■ Remote Logging
Additional Switch Management Tools
Extreme Configuration Fundamentals Rev. 3.0 81
Figure 48: Additional Switch Management Tools
Module 3 CLI Switch Management and Security
82 Extreme Configuration Fundamentals Rev. 3.0
Using Secure Shell
The ExtremeWare Secure Shell Two (SSH2) switch application is based on the Data Fellows™ SSH2
server implementation. It is highly recommended that you use the F-Secure SSH client products from
Data Fellows corporation. These applications are available for most operating systems. For more
information, refer to the Data Fellows web site at: http://www.datafellows.com.
For details about SSH2 and how to configure this feature, reference the ExtremeWare 7.4 Users Guide
or the ExtremeWare XOS Concepts Guide.
Using Secure Copy
The Secure Copy function is bundled with the Secure Shell in ExtremeWare XOS.
Using Secure Shell
Extreme Configuration Fundamentals Rev. 3.0 83
Figure 49: Using Secure Shell
Module 3 CLI Switch Management and Security
84 Extreme Configuration Fundamentals Rev. 3.0
Using SNMP
Any Network Management application supporting SNMP can manage the switch as long as the correct
(Management Information Base (MIB) is properly installed on the management console.
EPICenter is an integrated application suite that simplifies configuration, troubleshooting, and status
monitoring of IP-based networks. EPICenter offers a comprehensive set of network management
applications, including the ability to configure, monitor, troubleshoot, and manage the network and its
elements.
NOTE
To have access to the SNMP agent residing in the switch, at least one VLAN must have an IP address assigned to it.
Access to one VLAN, gives you access to the entire switch.
The switch is managed as a single device since it only has one MAC address that is shared.
NOTE
Ensure that the SNMP Management Information Base (MIB) is installed correctly.
Using SNMP
Extreme Configuration Fundamentals Rev. 3.0 85
Figure 50: Using SNMP
Module 3 CLI Switch Management and Security
86 Extreme Configuration Fundamentals Rev. 3.0
SNMP Configuration Parameters
To configure SNMP, enter the following command:
configure snmp
The following SNMP parameters can be configured on the switch:
Authorized Trap Receivers
An authorized trap receiver can be one or more network management stations on your network. The
switch sends SNMP traps to all trap receivers. You can have a maximum of sixteen trap receivers
configured per switch.
Authorized Managers
Read and read/write SNMP information can be restricted through the use of an access profile. An
access profile permits or denies a named list of IP addresses.
Standard Community Strings
This allows a simple method of authentication between the switch and the remote Network Manager.
There are two community strings available on the switch, read/write and read only.
private = default read/write community string
public = default read-only community string
System Contact (optional)
This is a text field used to identify the name of the person(s) responsible for managing the switch.
System Name
This is the name that is assigned to this switch. The default name is the model name of the switch (for
example, Summit48i).
System Location (optional)
This is a text field used to identify the location of the switch.
NOTE
To configure additional SNMP version 3 parameters, enter configure snmpv3.
SNMP Configuration Parameters
Extreme Configuration Fundamentals Rev. 3.0 87
Figure 51: SNMP Configuration Parameters
Module 3 CLI Switch Management and Security
88 Extreme Configuration Fundamentals Rev. 3.0
Configuring SNMP
The SNMP related CLI commands are listed below.
To enable SNMP access to the switch, enter the following command
enable snmp access
To enable SNMP GetNext responses for the dot1dTpFdbTable in the BRIDGE-MIB.
enable snmp dot1dTpFdbTable
To enable SNMP Trap support, enter the following command:
enable snmp traps
To add the IP address of a specified trap receiver, enter the following command:
configure snmp add trapreceiver <ip_address> community <string>
The address can be a unicast, multicast, or broadcast. A maximum of 16 trap receivers can be specified.
To delete the IP address of a specified trap receiver or all authorized trap receivers, enter the following
command:
configure snmp delete trapreceiver [<ip_address> community <string> | all]
To add an SNMP read or read/write community string, enter the following command:
configure snmp add community [readonly | readwrite] <string>
Each community string can have up to 126 characters, and can be enclosed by double quotation marks.
To configure the name of the system contact, enter the following command:
configure snmp syscontact <string>
A maximum of 255 characters are allowed.
To configure the SNMP system name of the switch, enter the following command:
configure snmp sysname <string>
A maximum 32 characters are allowed. The default sysname is the model name of the device (for
example, Summit4). The sysname appears in the CLI prompt.
To configure the SNMP location name of the switch, enter the following command:
configure snmp syslocation <string>
A maximum of 255 characters are allowed.
Configuring SNMP
Extreme Configuration Fundamentals Rev. 3.0 89
Figure 52: Configuring SNMP
Module 3 CLI Switch Management and Security
90 Extreme Configuration Fundamentals Rev. 3.0
Using SNTP
ExtremeWare and ExtremeWare XOS support the client portion of the Simple Network Time Protocol
(SNTP) Version 3.
When enabled, the switch sends out a periodic query to the NTP server, or the switch listens to
broadcast NTP updates. In addition, the switch supports the configured setting for Greenwich Mean
time (GMT) offset and the use of Daylight Saving Time.
To configure the switch to update and synchronize its internal clock from an NTP server, enter the
following command:
configure sntp-client [pri | sec] server [<ip address> | <host name>]
Queries are sent first to the primary server.
If the primary server does not respond within 1 second, or if it is not synchronized, the switch queries
the second server.
If the switch cannot obtain the time, it restarts the query process. Otherwise, the switch waits for the
sntp-client update interval before querying again. To configure the interval between SNTP queries,
enter the following command:
configure sntp-client update-interval <seconds>
To enable the SNTP client, enter the following command:
enable sntp-client
To disable the SNTP client, enter the following command:
disable sntp-client
To display configuration and statistics information of the SNTP client, enter the following command:
show sntp-client
NOTE
SNTP is based on RFC1769.
If no time server is available, the system time can be set using a command similar to the following:
configure time 10 10 2005 17 29 00
Using SNTP
Extreme Configuration Fundamentals Rev. 3.0 91
Figure 53: Using SNTP
Module 3 CLI Switch Management and Security
92 Extreme Configuration Fundamentals Rev. 3.0
Authenticating Switch Management Users
ExtremeWare and ExtremeWare XOS provide two methods to authenticate users who login to the
switch:
● RADIUS Client
● TACACS+
NOTE
You cannot use RADIUS and TACACS+ at the same time.
Authenticating Switch Management Users
Extreme Configuration Fundamentals Rev. 3.0 93
Figure 54: Authenticating Users
Module 3 CLI Switch Management and Security
94 Extreme Configuration Fundamentals Rev. 3.0
Logging Features
With ExtremeWare and ExtremeWare XOS the switch log tracks all configuration and fault information
pertaining to the device. Each entry in the log contains the following information:
Timestamp
The timestamp records the month and day of the event, along with the time (hours, minutes, and
seconds) in the form HH:MM:SS. If a user caused the event, the user name is also provided.
Fault Level
Describes the four levels of importance that the switch can assign to a fault. Critical, Warning,
Informational and Debug. By default, log entries that are assigned a critical or warning level remain in
the log after a switch reboot. Issuing a clear log command does not remove these entries.
Subsystem
The facility flags one of seven specific functional areas of the switch to which the error refers.
Message
The message contains the log information with text that is specific to the problem.
To remove the log entries of all levels (including warning or critical), enter the following command:
clear log {diag-status | static }
Logging Features
Extreme Configuration Fundamentals Rev. 3.0 95
Figure 55: Logging Features
Module 3 CLI Switch Management and Security
96 Extreme Configuration Fundamentals Rev. 3.0
Configuring Logging
This page describes how to configure logging.
Remote Logging
In addition to maintaining an internal log, the switches support remote logging using the UNIX Syslog
host facility. To enable remote logging, configure the Syslog host to accept and log messages, and
enable remote logging.
To enable remote logging, enter the following command:
enable syslog
To configure remote logging and telnet logging, enter the following command:
configure log target <ipaddress> {vr <vr_name>}
To display a snapshot of the log at any time, enter the following command:
show log {<priority>}
The priority parameter filters the log to display messages with selected priority or higher (more critical).
Priorities include (in order) critical, emergency, alert, error, warning, notice, info, and debug. If not
specified, debug priority messages, and higher, are displayed. The switch maintains 1,000 messages in
its internal log.
To display a real-time running log on the console, enter the following command:
enable log display
To configure the priority of the messages that get displayed from the log, enter the following command:
configure log display {<priority>}
If a priority is not specified, only messages of critical priority are displayed.
To enable logging of any configuration changes, enter the following command:
enable cli-config-logging
NOTE
Although you can enable the real time log display using a Telnet session, the real time logging is only displayed on
the local console.
Configuring Logging
Extreme Configuration Fundamentals Rev. 3.0 97
Figure 56: Configuring Logging
Module 3 CLI Switch Management and Security
98 Extreme Configuration Fundamentals Rev. 3.0
Summary
Module three has provided an introduction to the Extreme Networks switch management functions and
configuration procedures.
You should now be able to:
● Login to the switch.
● Interpret the system prompt.
● Assign a name to the switch.
● Use the syntax help function.
● Create a new user account.
● Identify switch software images and configuration files.
● Save the switch configuration.
● Copy, rename, and remove configuration files.
● Assign an IP address to a VLAN.
● Backup the switch configuration.
● Download a software image.
● Describe the SNMP, SNTP, and Logging management features.
Summary
Extreme Configuration Fundamentals Rev. 3.0 99
Figure 57: Summary
Figure 58: Summary Continued
Module 3 CLI Switch Management and Security
100 Extreme Configuration Fundamentals Rev. 3.0
Module 3 Review Questions
1 What are the three connection types used to access the command line interface?
______________
______________
______________
2 What key is used to display the second tier of the CLI or to complete a command?
_______________
3 Is it necessary to enter the entire command name in the CLI?
_______________
4 What is the command to reset all configuration parameters except date and time?
__________________________________________________
5 Which two authentication mechanisms are supported by Extreme Networks switches?
______________ and _________________
Extreme Configuration Fundamentals Rev. 3.0 1
4Module 4
Layer 1 Configuration
Module 4 Layer 1 Configuration
2 Extreme Configuration Fundamentals Rev. 3.0
Student Objectives
Module four provides an introduction to the Extreme Networks® switch port types, port parameters,
and port and load sharing configuration commands.
Upon completion of this module, the successful student will be able to:
● Configure port speed and duplex.
● Define the Link Aggregation feature and its benefits.
● Describe the different Link Aggregation Algorithms.
● Configure static and dynamic Link Aggregation.
● Verify the Link Aggregation configuration.
● Describe the Extreme Discovery Protocol.
● Enable the Link Layer Discovery Protocol.
Student Objectives
Extreme Configuration Fundamentals Rev. 3.0 3
Figure 1: Student Objectives
Module 4 Layer 1 Configuration
4 Extreme Configuration Fundamentals Rev. 3.0
Configuring Slot Parameters
The configure slot, clear slot, and show slot commands are applicable for chassis-based switches.
If the type of module used in a slot changes, the slot configuration must be cleared or configured for the
new module type. To clear the slot 5 configuration, enter the following command:
clear slot 5
All configuration information related to the slot and the ports on the module is erased.
To unassign the type of module in slot 5, enter the following command:
unconfigure slot 5
To configure slot 5 for the new module type, enter the following command:
configure slot 5 module 10G4X
Chassis-based Port Numbering
For ports on the chassis-based BlackDiamond and Alpine switches, the port number is a combination of
the slot number and the port number. An example might be: port 4 of an I/O module installed in slot 2
which would be identified as port number 2:4.
You can also use wildcards (*) to specify multiple slot and port combinations.
To enable one or more ports, enter the following command:
enable ports [<portlist> | all ]
The syntax for the port number is slot: port
For example:
enable ports 1:1-4
enable ports 1:6,7,11
By default, all ports are enabled.
To disable one or more ports.
disable ports [<portlist> | all |{vlan} <vlan name>]
Even though a port is disabled, the link remains enabled for diagnostic purposes. The port status LEDs
flash green when a link is present and the port is disabled.
Configuring Slot Parameters
Extreme Configuration Fundamentals Rev. 3.0 5
Figure 2: Configuring Slot Parameters
Module 4 Layer 1 Configuration
6 Extreme Configuration Fundamentals Rev. 3.0
Switch Ethernet Port Types
Depending on the switch configuration, a Summit®, AlpineTM, or BlackDiamond® switch is capable of
supporting a variety of Ethernet port types based on copper or fiber.
Single Mode Fiber Versus Multimode Fiber
Single mode (SM) fiber carries only one mode of light, while multimode (MM) can carry several modes
of light. Mode is a term used to describe an independent light path through a fiber - as in multimode or
single mode.
This difference in function coincides with a difference in form.
To carry multiple light modes, multimode fiber was designed with a core diameter of 50 or 62.5
microns, while the core diameter of single mode fiber is only 8.3 microns.
The physical differences between single mode and multimode are dictated by the different light sources
with which the fibers were developed to work. The large core of multimode fiber is designed to capture
a broad spray of photons from a Light Emitting Diode (LED). Each photon that is transmitted at a
different angle from the LED is a different mode of light. Each mode of light carries part of the optical
signal and capturing many modes of light is necessary to transport the optical signal with no loss of
integrity.
While multimode fiber typically is used with LEDs, single mode fiber is used in conjunction with lasers.
Instead of transmitting optical information in several different modes of light, a laser transmits all of the
optical signal information in a single, axial mode. The narrower core of single mode fiber is large
enough to transmit this single, axial mode of light, but too small to accept any radial light modes that
might be emitted.
These fundamental technical differences between Single and Multi Mode translate to differences in
distance capability, in price, in ease of installation, in equipment used with them and in performance.
In addition to 10Mb, 100Mb, and 1000Mb Ethernet, Extreme Networks supports the following interface/
protocol types:
● On the BlackDiamond 6800:
■ SONET/SDH OC12/STM-4 POS and OC3/STM-1 Packet over SONET/SDH (POS) on MM and
SM fiber
■ SONET/SDH OC3/STM-1 Asynchronous Transfer Mode (ATM) on MM and SM fiber
■ Multiprotocol Label Switching (MPLS) and Wave Division Multiplexing (WDM)
● On the Alpine:
■ WDM, Very high bit-rate Digital Subscriber Line (VDSL), T1, T3 and E1.
● On the BlackDiamond 10808 and BlackDiamond 8810:
■ 10Gig (XENPAK)
■ Short Reach (SR) 300 Meters
■ Long Reach (LR) 10K Meters
■ Extended Reach (ER) 40K Meters
Switch Ethernet Port Types
Extreme Configuration Fundamentals Rev. 3.0 7
Figure 3: Switch Ethernet Port Types
Module 4 Layer 1 Configuration
8 Extreme Configuration Fundamentals Rev. 3.0
Configurable Port Parameters
This page describes configurable port parameters.
Port Parameters
Ports on the switch can be configured in the following ways:
● Enabling and disabling individual ports
● Configuring the port speed
● Configuring half- or full-duplex mode
● Enabling and disabling auto-negotiation
● Enabling and disabling auto polarity
● Creating link aggregation groups on multiple ports
● Configuring QoS on a port-by-port basis
Configurable Port Parameters
Extreme Configuration Fundamentals Rev. 3.0 9
Figure 4: Configurable Port Parameters
Module 4 Layer 1 Configuration
10 Extreme Configuration Fundamentals Rev. 3.0
Auto-negotiation, Speed, and Duplex
By default, the switch is configured to use auto-negotiation to determine the port speed and duplex
setting for each port.
● Fast Ethernet ports can be manually configured for either 10 Mbps or 100 Mbps
● Fast Ethernet ports can be configured for half- or full-duplex operation
● 100/1000 Mbps copper ports can be manually configured for duplex and speed
● 100BASE-FX ports operate in full-duplex only and the speed cannot be modified
● Gigabit fiber Ethernet ports are statically set to 1 Gbps. The speed and duplex mode cannot be
modified.
● Flow control for Gigabit Ethernet ports is supported, and is enabled or disabled as part of autonegotiation:
■ disabled if auto-negotiation is turned off
■ enabled if auto-negotiation is turned on
To configure port duplex and speed, enter the following command:
configure ports <port_list> auto off speed [10 | 100 | 1000 | 10000] duplex
[half | full]
For example:
configure ports 9 auto off speed 100 duplex full
Turning Off Auto-Negotiation - Gigabit Ethernet
In certain interoperability situations, it is necessary to turn auto-negotiation off on a Gigabit Ethernet
port. Even though a Gigabit fiber port only runs at full duplex and gigabit speeds, the command to turn
off auto-negotiation must still include the duplex setting. To turn off auto-negotiation for port 49 (a
Gigabit fiber port), enter the following command:
configure ports 49 auto off duplex full
Disabling Auto Polarity in ExtremeWare XOS
The BlackDiamond 8800 and Summit X450 support automatic detection of the copper Ethernet cable
polarity. The cable could be straight through or cross-over. To turn off auto polarity detection for port
19, enter the following command:
configure ports 19 auto-polarity off
ExtremeWare Link Detection
An ExtremeWare-capable switch sends an interrupt when a link transitions from up to down or from
down to up. To configure the link detecting level, enter the following command:
configure ports <portlist> link-detection-level <link detection level>
Auto-negotiation, Speed, and Duplex
Extreme Configuration Fundamentals Rev. 3.0 11
Figure 5: Speed and Duplex Auto-negotiation
Module 4 Layer 1 Configuration
12 Extreme Configuration Fundamentals Rev. 3.0
Enabling Jumbo Frames
Ethernet frames that are larger than 1522 bytes, (1514 + 4 bytes 802.1Q tag + 4 bytes CRC) are called
Jumbo Frames. This support of larger frame sizes increases efficiency of bulk data transfers.
Extreme network switches, other than e-series, support switching and routing of jumbo frames at wirespeed
on all ports.
Some network interface cards (NICs) have an MTU size that does not include the 4-byte CRC. You must
ensure that the NIC MTU size is at or below the maximum MTU size configured on the switch. Frames
that are larger than the MTU size configured are dropped at the ingress port.
To enable support for jumbo frames, enter the following command:
enable jumbo-frame ports [all | <ports list>]
To configure the maximum MTU size of the jumbo frame allowed by the switch (ranges from 1523 -
9216), enter the following command:
configure jumbo-frame size <jumbo_frame_mtu>
Using path MTU discovery, a source host assumes that the path MTU is the MTU of the first hop. The
host sends all datagrams on that path with the “don’t fragment” (DF) bit set, which restricts
fragmentation. If any of the datagrams must be fragmented by an Extreme Networks switch along the
path, the Extreme Networks switch discards the datagrams and returns an ICMP Destination
Unreachable message to the sending host, with a code indicating fragmentation needed and DF set.
When the source host receives the Datagram Too Big message, the source host reduces its assumed path
MTU and retransmits.
NOTE
The BlackDiamond 8800 and the Summit X450 switches do not support the router specification for path MTU
discovery. Also, they do not support fragmentation of any IP packets they forward and jumbo frames can only be
enabled on all ports.
IP Fragmentation with Jumbo Frames
If an IP packet originates in a local network that allows large packets and those packets traverse a
network that limits packets to a smaller size, the packets are fragmented instead of discarded. Frames
that are fragmented are not processed at wire-speed. To configure VLANs for IP fragmentation, follow
these steps:
1 Enable jumbo frames on the incoming port.
2 Add the port to a VLAN, assign an IP address to the VLAN, and Enable IP forwarding on the
VLAN.
3 Set the MTU size for the VLAN, by entering the following command:
configure ip-mtu <mtu_size> vlan <vlan name>
The ip-mtu size can be 1500 or 9194. The default is 1500. To set the MTU size greater than 1500, all ports
in the VLAN must have jumbo frames enabled.
Enabling Jumbo Frames
Extreme Configuration Fundamentals Rev. 3.0 13
Figure 6: Enabling Jumbo Frames
Module 4 Layer 1 Configuration
14 Extreme Configuration Fundamentals Rev. 3.0
Link Aggregation
ExtremeWare XOS uses the term Link Aggregation. ExtremeWare uses the term Load Sharing. The two
features are essentially the same thing.
If there is only a single link between switches, it presents network challenges resulting from the
following:
● Over subscription
● Single point of failure
Link aggregation allows you to increase bandwidth and resilience between Extreme Networks
BlackDiamond 10808, BlackDiamond 8800, Summit X450, i-series, and e-series switches by using a
group of ports to carry traffic in parallel between switches.
The sharing algorithm allows the switch to use multiple ports as a single logical port. For example,
VLANs treat a load-sharing group as a single logical port. Most load sharing algorithms guarantee
packet sequencing between clients.
If a port in a load-sharing group fails, traffic is redistributed to the remaining ports in the load-sharing
group. If the failed port becomes active again, traffic is redistributed to include that port.
The load-sharing feature is supported between all Extreme Networks switches, and may also be
compatible with third-party trunking or sharing algorithms.
Load sharing is most useful in cases where the traffic transmitted from the switch to the load-sharing
group is sourced from an equal or greater number of ports on the switch. For example, traffic
transmitted to a two-port load-sharing group should originate from a minimum of two other ports on
the same switch.
NOTE
Load sharing must be enabled on both ends of the link, or a network loop results.
Link Aggregation
Extreme Configuration Fundamentals Rev. 3.0 15
Figure 7: Link Aggregation and Port Load Sharing
Figure 8: Link Aggregation Continued
Module 4 Layer 1 Configuration
16 Extreme Configuration Fundamentals Rev. 3.0
Link Aggregation Algorithms
This page describes the link aggregation algorithms.
Address-based
The address-based link aggregation algorithm examines a specific place in the packet to determine
which egress port to use for forwarding traffic.
● For Layer 2 load sharing, the switch uses the MAC source address and destination addresses.
● For Layer 3 load sharing, the switch uses the IP source address and destination addresses. If the
packet is not IP, the switch applies the Layer 2 algorithm.
● For Layer 4 load sharing, the switch uses the TCP source and destination port number.
(BlackDiamond 10808 only)
● Layer 3/4 plus CHK SUM Examines the IP check sum in addition to the other parameters and
produces a random traffic pattern on the egress of the load-sharing links. (BlackDiamond 10808
only)
NOTE
Beginning with ExtremeWare XOS software version 11.2, the switch can use IPv6 addresses.
Port-based
Port-based load sharing uses the ingress port to determine which load-sharing member port to forward
traffic out of. This is a static mapping between ingress port and load-share port.
The address-based algorithm has a more even distribution than the port-based algorithm.
ExtremeWare and Round Robin
ExtremeWare supports the round robin algorithm. Using the round-robin load-sharing algorithm the
switch receives a stream of packets and forwards one packet out of each physical port in the loadsharing
group using a round-robin scheme. ExtremeWare XOS does not support the round robin
algorithm.
ExtremeWare also supports IPX address-based load sharing groups.
Link Aggregation Algorithms
Extreme Configuration Fundamentals Rev. 3.0 17
Figure 9: Address-based Link Aggregation
Figure 10: Port-based Link Aggregation
Module 4 Layer 1 Configuration
18 Extreme Configuration Fundamentals Rev. 3.0
Dynamic Link Aggregation
Dynamic load sharing is a grouping of ports that use the Link Aggregation Control Protocol (LACP).
LACP is part of the IEEE 802.3ad standard.
LACP allows the switch to:
● dynamically determine if link aggregation is possible.
● automatically enable and configure link aggregation.
● dynamically reconfigure the sharing groups.
The group is only enabled when LACP detects that the other end is also using LACP, and the ports are
configured to be in a group.
NOTE
LACP does not control the packet distribution algorithm. Both ends of the link should be configured to use the same
algorithm.
Dynamic Link Aggregation
Extreme Configuration Fundamentals Rev. 3.0 19
Figure 11: Dynamic Link Aggregation
Module 4 Layer 1 Configuration
20 Extreme Configuration Fundamentals Rev. 3.0
Switch Specific Link Aggregation Support
The following identifies some of the switch specific capabilities:
● BlackDiamond 10808 and BlackDiamond 8800 switches support Cross-module Link Aggregation
(CMLA). The Link Aggregation group can span I/O modules
● On the BlackDiamond 8800 and Summit X450 switches, any broadcast, multicast, or unknown
unicast packets are transmitted on the logical port of a load-sharing group.
● Port-based load sharing is not supported on the BlackDiamond 8800 and Summit X450 switches.
Only the address-based algorithm is supported.
● A static Link Aggregation Group (LAG), or load-sharing group, can include a maximum of 8/16
ports.
● An LACP (dynamic) LAG can include a maximum of 16/32 ports; out of these up to 8/16 can be
active links and the remaining 8 will be standby links.
● The maximum number of LAGs is 32/128.
NOTE
The first LAG limitation number applies to BlackDiamond 8800 and Summit X450. The second number applies to
the BlackDiamond 10808.
ExtremeWare
● BlackDiamond 6800 switch load share groups using the MSM64i's cannot span I/O modules. The
ports in the group must be on the same module.
● BlackDiamond 6800 load share groups using the MSM3 module support Cross-Module Link
Aggregation (CMLA) and can span I/O modules.
● The e-series switches only support address-based load sharing.
● On the i-series switches port-based is the default algorithm.
ExtremeWare supports load sharing (link aggregation) across a stacked set of switches. This feature is
very useful in a linear stack of switches where there are two Gigabit ports on either end of the stack
that are available as uplink ports. These ports can be tied together into a load share group.
Switch Specific Link Aggregation Support
Extreme Configuration Fundamentals Rev. 3.0 21
Figure 12: Link Aggregation Capabilities
Figure 13: Link Aggregation Capabilities Continued
Module 4 Layer 1 Configuration
22 Extreme Configuration Fundamentals Rev. 3.0
Enabling Link Aggregation
Link aggregation, is disabled by default. To enable link aggregation, enter the following command:
enable sharing <port> grouping <port_list> {algorithm [port-based |
address-based {L2|L3}]} {lacp}
For example:
enable sharing 8 grouping 8-12 algorithm address-based lacp
Syntax Description
All ports in an LAG must have at the same speed and duplex settings. Each port can belong to only one
LAG.
After link aggregation is enabled the LAG can be modified using the configure command. ExtremeWare
XOS allows the following configuration without deleting the LAG:
● Change the address layer for address-based groups.
● Add ports to or delete ports from the LAG.
Switch LAGs are defined according to the following rules:
● The software supports control protocols across the LAGs, both static and dynamic. For example,
EAPS, ESRP, LLDP, and STP.
● Although you can only reference the logical port of an LAG in a Spanning Tree Domain (STPD), all
the ports of a load-sharing group actually belong to the specified STPD.
● Always reference the logical port of the LAG when configuring or viewing VLANs. VLANs
configured to use other ports in the LAG will have those ports deleted from the VLAN when link
aggregation becomes enabled.
NOTE
Load sharing must be enabled on both ends of the link, or a network loop may result.
port Specifies the logical port for a load-sharing group or link aggregation group (LAG).
port_list Specifies one or more ports or slots and ports to be grouped to the logical port.
port-based Specifies link aggregation by port-based algorithm.
NOTE: This parameter is available only on the BlackDiamond 10808 switch.
address-based Specifies link aggregation by address-based algorithm.
L2 | L3 Specifies address-based link aggregation by either Layer 2 or Layer 3; Layer 2 is the
default value.
NOTE: This parameter is available only on the BlackDiamond 8800 series and the Summit
X450 switches.
lacp Specifies dynamic link aggregation, or load sharing, using the LACP.
Switch Specific Link Aggregation Support
Extreme Configuration Fundamentals Rev. 3.0 23
Figure 14: Enabling Link Aggregation
Module 4 Layer 1 Configuration
24 Extreme Configuration Fundamentals Rev. 3.0
Configuring Address-based Link Aggregation
You must create an link aggregation group before you can configure the LAG. To change the
configuration of an LAG, enter the following command:
configure sharing address-based [L2 | L2_L3 | L2_L3_L4 |L2_L3_CHK_SUM |
L2_L3_L4_CHK_SUM]
Syntax Description
This command specifies the part of the packet header that the switch examines to select the egress port
for address-based load-sharing trunks. The address-based load-sharing setting is global and applies to
all load-sharing trunks, or LAGs, that are address-based.
Because the algorithms L2_L3__CHK_SUM and L2_L3_L4_CHK_SUM use the IP check sum as part of
the decision for the egress port selection, these algorithms do not guarantee packet sequencing between
the clients.
ExtremeWare
Using ExtremeWare, the load sharing group is created and configured using the following commands:
enable sharing <port> grouping <portlist> {dynamic | algorithm {port-based |
address-based | round-robin}}
configure sharing address-based <L2 | L2_L3 | L2_L3_L4>
L2 Indicates that the switch should examine the MAC source and destination address.
L2_L3 Indicates that the switch should examine the MAC source and destination address plus
the IP source and destination address.
L2_L3_L4 Indicates that the switch should examine the MAC source and destination address, the
IP source and destination, plus the TCP source and destination port number.
BlackDiamond 10808 only.
L2_L3_CHK_SUM Indicates that the switch should examine the MAC source and destination address, the
IP source and destination address, plus the IP check sum. BlackDiamond 10808 only.
NOTE: This variable applies only to IPv4 addresses.
L2_L3_L4_CHK_SUM Indicates that the switch should examine the MAC source and destination address, the
IP source and destination, the TCP source and destination port number, plus the IP
check sum. BlackDiamond 10808 only.
NOTE: This variable applies only to IPv4 addresses.
Configuring Address-based Link Aggregation
Extreme Configuration Fundamentals Rev. 3.0 25
Figure 15: Configuring Address-based Link Aggregation
Module 4 Layer 1 Configuration
26 Extreme Configuration Fundamentals Rev. 3.0
Configuring Dynamic Link Aggregation
Beginning with ExtremeWare XOS 11.3, you can configure the priority used by LACP for each LAG to
establish the end that assumes control in determining which LAG ports are moved to the collecting/
distributing state of the protocol. If you do not configure this parameter, LACP uses the system MAC
address to determine priority. To configure the LACP priority, enter the following command:
configure sharing <port> lacp system-priority <priority>
Syntax Description
To change the LACP priority for a specific LAG, enter the following command:
configure sharing 8 lacp system-priority 5
To remove the assigned priority entirely enter 0.
Adding and Deleting Ports
To dynamically add ports to a link aggregation group, enter the following command:
configure sharing <logical_port> add ports <port_list>
To dynamically delete ports from a link aggregation group, enter the following command:
configure sharing <logical_port> delete ports <port_list>
port Specifies the logical port for the LAG you are setting the priority for.
priority Enter the value you want for the priority of the system for the LACP. The range
is 1 to 65535; there is no default. Lowest priority controls LACP.
Configuring Dynamic Link Aggregation
Extreme Configuration Fundamentals Rev. 3.0 27
Figure 16: Configuring Dynamic Link Aggregation
Figure 17: Adding ports to an LAG
Module 4 Layer 1 Configuration
28 Extreme Configuration Fundamentals Rev. 3.0
Verifying Link Aggregation
To displays an LAG, enter the following command:
show ports sharing
The display shows the following:
● The configured logical port
● Current logical port
● The load-sharing algorithm used
● The load-share member ports
● The link status
● Number of link transitions
To verify if a port is part of an LAG, enter the following command:
show ports configuration
Disabling Link Aggregation
When sharing is disabled, the logical port retains all configuration including VLAN membership. All
other member ports are removed from all VLANs to prevent loops and their configuration is reset to
default values. To disable sharing, enter the following command:
disable sharing <logical_port>
Verifying Link Aggregation
Extreme Configuration Fundamentals Rev. 3.0 29
Figure 18: Verifying Link Aggregation
Figure 19: Verifying Link Aggregation Continued
Module 4 Layer 1 Configuration
30 Extreme Configuration Fundamentals Rev. 3.0
Port-Mirroring
Port mirroring configures the switch to copy all traffic associated with one or more ports to a monitor
port on the switch. The monitor port can be connected to a network analyzer, RMON probe, or
Sentriant appliance for packet analysis. The switch uses a traffic filter that copies traffic to the monitor
port.
The traffic filter can be defined based on one of the following criteria:
● Physical port - All data that traverses a port, regardless of VLAN configuration, is copied to the
monitor port
● VLAN - All data to and from a particular VLAN, regardless of the physical port, is copied to the
monitor port. Up to 8 VLANs can be mirrored.
● Virtual port - All data for a specific VLAN on a specific port is copied to the monitor port.
● Up to 16 mirroring filters, and one monitor port can be configured on the switch. Once a port is
specified as a monitor port, it cannot be used for any other function.
NOTE
Frames that contain errors are not mirrored.
To configure a mirror output port, enter the following command:
enable mirroring to port <port> [tagged | untagged]
To add a single mirroring filter definition for a VLAN, physical port or a specific VLAN/port
combination, enter the following command:
configure mirroring add [port <port_number> | vlan <vlan_name> | vlan <vlan
name> port <port number>] {ingress | egress | ingress-and-egress}
NOTE
The ingress and egress parameters are available only on the BlackDiamond 8800 switches and the Summit X450.
To delete a particular mirroring filter definition, enter the following command:
configure mirroring delete [ports <port number> | vlan <vlan name> | vlan
<vlan name> ports <port number>]
To disables port-mirroring.
disable mirroring
To verify the parameter settings, enter the following command:
show mirroring
ExtremeWare
Only 8 mirroring filters are supported in ExtremeWare.
Port-Mirroring
Extreme Configuration Fundamentals Rev. 3.0 31
Figure 20: Port-Mirroring
Module 4 Layer 1 Configuration
32 Extreme Configuration Fundamentals Rev. 3.0
Extreme Discovery Protocol
The Extreme Discovery Protocol (EDP) is a layer-2 protocol and is Extreme Networks proprietary. EDP
uses an Ethernet Sub-Network Address Protocol (SNAP) encapsulation and has a destination MAC
address of 00-E0-2B-00-00-00. EDP is enabled by default.
EDP is used by the switches to exchange topology information with each other. Information
communicated using EDP includes the following:
● Switch MAC address (Switch ID)
● Switch software version information
● Switch IP Address
● Switch VLAN-IP information
● Switch port number
To enable the generation and processing of EDP messages on one or more ports, enter the following
command:
enable edp ports [all | <port number>]
To disable the generation and processing of EDP messages on one or more ports, enter the following
command:
disable edp ports [all | <port number>]
To verify the EDP parameter settings, enter the following command:
show edp {ports [all | <ports>] {detail}}
Extreme Encapsulation Protocol
In ExtremeWare 7.x proprietary Extreme Networks protocols such as EAPS and ESRP are encapsulated
within Extreme Discovery Protocol (EDP). This requires EDP to be enabled to support the other
protocols. With ExtremeWare XOS 11.1 the proprietary protocols are encapsulated within Extreme
Encapsulation Protocol (EEP). So, EDP does not need to be enabled to support the other protocols.
Extreme Discovery Protocol
Extreme Configuration Fundamentals Rev. 3.0 33
Figure 21: Extreme Discovery Protocol
Module 4 Layer 1 Configuration
34 Extreme Configuration Fundamentals Rev. 3.0
LLDP
Beginning with ExtremeWare XOS version 11.2 and ExtremeWare 7.4 the software supports the Link
Layer Discovery Protocol (LLDP). LLDP is a Layer 2 protocol (IEEE standard 802.1ab) that is used to
determine the capabilities of devices such as repeaters, bridges, access points, routers, and wireless
stations. LLDP enables devices to advertise their capabilities and media-specific configuration
information and to learn the same information from the devices connected to it.
The LLDP supports discovery of network topologies in a multivendor environment.
LLDP transmits periodic advertisements containing device information and media-specific configuration
information to attached neighbors. The type length value (TLV) within link layer control frames is used
to communicate with other LLDP agents. LLDP agents receive link layer control frames, extract the
information in the TLVs, and store them in LLDP Management Information Base (MIB) objects.
LLDP is configured on a per-port basis. Each port can store information for a maximum of four
neighbors. All LLDP configurations are saved when you issue the save configuration command.
LLDP can work concurrently with EDP or independently of EDP.
The LLDP multicast address is defined as 01:80:C2:00:00:0E, and the EtherType is defined as 0x88CC.
NOTE
The LLDPDU has a maximum of 1500 bytes, even with jumbo frames enabled. TLVs that exceed this limit are
dropped. Extreme Networks recommends that you advertise information regarding only one or two VLANs on the
LLDP port, to avoid dropped TLVs.
The following information, when configured, can be sent at regular intervals:
● Chassis ID (mandatory)
● Port ID (mandatory)
● Time-to-live (mandatory)
● Port description
● System name
● System description (system name, hardware version, OS, networking software)
● System capabilities (WLAN access point, router, IP phone, etc.)
● Management address (addresses of local LLDP agent)
● 802.1-specific information
■ VLAN name
■ Port VLAN ID
■ Port and protocol VLAN ID (protocol/port based VLAN support and VLAN tag)
● 802.3-specific information
■ MAC/PHY (duplex and bit rate. auto-negotiation or manual configuration)
■ Power via MDI (power support capabilities of the LAN device)
■ Link aggregation (can be aggregated or is currently aggregated)
● Maximum frame size
LLDP
Extreme Configuration Fundamentals Rev. 3.0 35
Figure 22: LLDP
Module 4 Layer 1 Configuration
36 Extreme Configuration Fundamentals Rev. 3.0
Configuring LLDP
LLDP information is transmitted periodically and stored for a finite period. Once you enable LLDP, you
can set a variety of time periods for the transmission and storage of the LLDP messages (or you can use
the default values), as follows:
● Reinitialization period (default is 2 seconds)
● Delay between LLDP transmissions (default is 2 seconds)—applies to triggered updates, or updates
that are initiated by a change in the topology
● Transmit interval (default is 30 seconds)—applies to messages sent periodically as part of the
protocol
● Time-to-live (TTL) value (default is 2 minutes)—time that the information remains in the recipient’s
LLDP database. Configure the Transmit Hold time and Transmit Interval to determine the TTL. The
TTL is equal to the Transmit Interval X Transmit Hold.
LLDP is disabled by default. To enable the transmitting or receiving of LLDP TLVs, enter the following
command:
enable lldp ports [all | <port_list>] {receive-only | transmit-only}
To modify the LLDP transmit interval, hold timer, or transmit delay, enter the following commands:
configure lldp transmit-interval <seconds>
configure lldp transmit-hold <hold>
configure lldp transmit-delay [ auto | <seconds>]
To enable or disable the advertisement of specific TVLs, enter the following command:
configure lldp ports [all | <port_list>] [advertise | no-advertise] [
management-address | port-description | system-capabilities | systemdescription
| system-name | vendor-specific <TVL_name>
Additional commands control the advertisement of the management address, port description, system
capabilities, system description, system name, port vlan ID, port VLAN, Power-over-Ethernet, and
similar information.
To verify the configuration of LLDP, enter the following command:
show lldp {port [all | <port_list>]} {neighbors} {statistics} {detailed}
Additional useful commands include:
show process lldp
Configuring LLDP
Extreme Configuration Fundamentals Rev. 3.0 37
Figure 23: Configuring LLDP
Figure 24: Verifying LLDP Configuration
Module 4 Layer 1 Configuration
38 Extreme Configuration Fundamentals Rev. 3.0
Summary
Module four provides an introduction to the Extreme Networks switch port types, port parameters, and
port and load sharing configuration commands.
You should now be able to:
● Configure port speed and duplex.
● Define the Link Aggregation feature and its benefits.
● Describe the different Link Aggregation Algorithms.
● Configure static and dynamic Link Aggregation.
● Verify the Link Aggregation configuration.
● Describe the Extreme Discovery Protocol.
● Enable the Link Layer Discovery Protocol.
Summary
Extreme Configuration Fundamentals Rev. 3.0 39
Figure 25: Summary
Module 4 Layer 1 Configuration
40 Extreme Configuration Fundamentals Rev. 3.0
Module 4 Review Questions
1 What is the link aggregation feature used for?
a To increase bandwidth and resilience between Extreme Networks switches.
b To balance traffic across multiple paths.
c To guarantee packet sequencing.
d To increase delay tolerance.
2 Match the following link aggregation algorithms with the correct description:
3 What does dynamic load sharing do?
a Automatically reconfigures the load sharing group to use the most efficient algorithm.
b Dynamically enables or disable additional ports in the load sharing group as needed.
c Determines if load sharing is possible, and automatically configure load sharing.
d Automatically enables or disables the load sharing group on a configurable schedule.
4 What does port mirroring do?
a Reflects all received traffic on a port back out the transmit side.
b Configures the switch to copy all traffic associated with one or more ports to a monitor port on
the switch.
c Configures the switch to copy all traffic entering the switch to a monitor port on the switch.
d Displays a real time packet analysis on the console port for traffic received on a specified
Ethernet port.
5 What does Extreme Discovery Protocol do?
a Exchanges topology information with other Extreme Networks switches.
b Performs an active search for all IP devices on the network.
c Performs a passive search for all layer-2 devices on the network.
d Seeks out new protocols and adds them to the Protocol Table.
6 What does Link-layer Discovery Protocol do?
a Exchanges topology information in a multivendor environment.
b Performs an active search for all IP devices on the network.
c Performs a passive search for all layer-2 devices on the network.
d Makes discovery information available as SNMP MIB objects.
a Round Robin ___ Uses the ingress port to determine which load-sharing member port to forward
traffic out of.
b Port Based ___ When the switch receives a stream of packets, it forwards one packet out of
each physical port in the load-sharing group in turn.
c Address Based ___ Has a more even distribution than the other algorithms and is the recommended
choice.
Extreme Configuration Fundamentals Rev. 3.0 1
5Module 5
Layer 2 Forwarding
Module 5 Layer 2 Forwarding
2 Extreme Configuration Fundamentals Rev. 3.0
Student Objectives
Module five presents a description of the various functions a bridge performs, how a bridge handles
frames received from the networks, a definition of the forwarding database (FDB), and how to
configure layer-2 forwarding.
Upon completion of this module, the successful student will be able to:
● Describe ExtremeWare® XOS layer-2 features.
● Define Transparent Bridging.
● Define the Flooding and Learning port states.
● Define the Forwarding and Filtering port state.
● Define the Forwarding Database.
● Create Forwarding Database entries.
● Configure and verify the Limit Learning feature.
● Configure and verify the Lock Learning feature.
Student Objectives
Extreme Configuration Fundamentals Rev. 3.0 3
Figure 1: Student Objectives
Module 5 Layer 2 Forwarding
4 Extreme Configuration Fundamentals Rev. 3.0
ISO Seven-layer Reference Model
The International Organization for Standardization or International Standards Organization (ISO)
created a seven-layer Open System Interconnect (OSI) reference model used to describe networking
technologies.
The Data Link layer defines different protocols for exchanging data frames. This layer is the focus of the
discussion on the subject of bridging.
The primary purpose of the Data Link layer is to provide error-free communications across a physical
link.
This layer provides the basic framing and data encapsulation functions and allows for error detection.
ISO Seven-layer Reference Model
Extreme Configuration Fundamentals Rev. 3.0 5
Figure 2: ISO Seven-layer Reference Model
Module 5 Layer 2 Forwarding
6 Extreme Configuration Fundamentals Rev. 3.0
Collision Domains in a Shared Medium
The Ethernet network may be used to provide shared access by a group of attached nodes to the
physical medium that connects the nodes.
These nodes are said to form a Collision Domain.
All receivers physically receive all frames sent on the medium, however the Ethernet frame's Media
Access Control (MAC) header contains a destination address that ensures only the specified destination
actually processes the received frame (the other computers all discard the frames which are not
addressed to them).
Collision Domains in a Shared Medium
Extreme Configuration Fundamentals Rev. 3.0 7
Figure 3: Collision Domains
Module 5 Layer 2 Forwarding
8 Extreme Configuration Fundamentals Rev. 3.0
Carrier Sense Multiple Access with Collision Detection
This page describes the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) physical
media access protocol.
IEEE 802.3 CSMA/CD
The Media Access Control (MAC) protocol is used to provide the data link layer of the 802.3 Ethernet
LAN system and thus control access to the shared Ethernet medium.
Carrier Sense Multiple Access
When a node has data to transmit, the node first listens to the cable (using a transceiver) to see if a
carrier (signal) is being transmitted by another node.
Data is only sent when no carrier is observed (i.e. no signal present) and the physical medium is
therefore idle. Any computer, which does not need to transmit, listens to see if other computers have
started to transmit information to it.
However, this alone is unable to prevent two nodes from transmitting at the same time.
Collision Detection
A second element to the Ethernet access protocol is used to detect when a collision occurs. When there
is data waiting to be sent, each transmitting node monitors its own transmission. If it observes a
collision (excess current above what it is generating, i.e. > 24 mA for coaxial Ethernet), it stops
transmission immediately and instead transmits a 32-bit jam sequence. The purpose of this sequence is
to ensure that any other node, which may currently be receiving this frame, receives the jam signal in
place of the correct 32-bit MAC CRC, this causes the other receivers to discard the frame due to a CRC
error.
When two or more transmitting nodes each detect a corruption of their own data (i.e. a collision), each
responds in the same way by transmitting the jam sequence.
To display received packet errors, enter the following command:
show ports rxerrors
To display transmitted packet errors, enter the following command:
show ports txerrors
To display packet collisions, enter the following command:
show ports collisions
Carrier Sense Multiple Access with Collision Detection
Extreme Configuration Fundamentals Rev. 3.0 9
Figure 4: Carrier Sense Multiple Access with Collision Detection
Module 5 Layer 2 Forwarding
10 Extreme Configuration Fundamentals Rev. 3.0
Transparent Bridges Used for LAN Segmentation
Bridges were widely used to segment Ethernet collision domains with the effect of providing more
bandwidth to the network user, however, they have since been replaced by switches. Bridges operate at
the MAC sub-layer of layer 2 of the OSI Reference Model, and several different types have been
developed to address the needs depending on the topology and the particular network requirements:
● A local bridge, which connects two or more Ethernet LAN segments
● A remote bridge, which connects Ethernet LAN through high-speed serial connection. It is
accomplished with a pair of bridges using a Wide-Area Network (WAN)
A transparent bridge makes the forwarding decisions based on the MAC destination address. This
process is completely transparent to the end-devices.
802.1d Transparent Bridges
Transparent bridges perform segmentation of LANs by building address tables that associate segment
end stations with the segment's port connection. Forwarding decisions are based on the destination
MAC address inside a frame. Because bridges are layer-2 (L2) devices, they are layer-3 (L3) protocolindependent
and are transparent to the end stations in an Ethernet network.
Bridges have often been referred to as plug and play devices because installation is easy and there is no
need for further configuration because the bridge automatically learns about the network topology.
Frames are received by the bridge, in their entirety, prior to the bridge processing them. This type of
bridge operation has been called store and forward.
IEEE 802.1D is the specification for bridging, switching and spanning tree, and most of today's bridges
and switches conform to this specification. One of the important roles of this standard is to specify not
only the functions of the bridge, but also the processes that control bridge behavior in a bridged LAN.
Because transparent bridges are unable to detect duplicate paths in a bridged LAN, the Spanning Tree
Protocol (STP) is implemented on each bridge in the LAN. The spanning tree protocol has the
responsibility of detecting the topology of the network and ensuring that where duplicate paths exist,
they are blocked. This process results in an active topology used to maintain the bridged LAN - that would
otherwise suffer performance problems or constant downtime.
In addition to the various states that a port may transition through, the bridge carries out other
necessary functions in a bridged LAN. These include for example; flooding of frames where required,
filtering of frames that do not need to be re-transmitted, and ageing out of entries in the forwarding
database that have not been used recently.
Transparent Bridges Used for LAN Segmentation
Extreme Configuration Fundamentals Rev. 3.0 11
Figure 5: Transparent Bridges Used for LAN Segmentation
Figure 6: 802.1d Transparent Bridges
Module 5 Layer 2 Forwarding
12 Extreme Configuration Fundamentals Rev. 3.0
Ethernet Frames
All Extreme Networks® switches are fully compliant, 802.1D layer-2 bridges capable of wire-speed
forwarding. Decisions are based on a given destination MAC and port pair.
An Ethernet frame contains:
● Destination Address - Ethernet address of the destination host, 48-bits
● Source Address - Ethernet address of the source host, 48-bits
● Type - Type of data encapsulated for Ethernet v2 and Length for 802.3. 16-bits.
● Data Field - Data area, 46-1500 bytes, which includes the higher layer headers.
● CRC - Cyclical Redundancy Check, used for error detection
Ethernet Frames
Extreme Configuration Fundamentals Rev. 3.0 13
Figure 7: Ethernet Frames
Module 5 Layer 2 Forwarding
14 Extreme Configuration Fundamentals Rev. 3.0
Bridge Functions
The operation of an individual bridge is described in terms of the state of the port and the operations
that provide and support the functions necessary for the operation of the bridge. The state of each port
controls the processing of frames received on that port.
Flooding
The function of the switch is to receive all packets on the networks it is connected to, and make
forwarding decisions based on MAC addresses in the frames and in the switch Forwarding Database
(FDB).
Initially, there are no MAC addresses learned on a port and the forwarding database for that port is
empty. Because the forwarding database is empty, the destination is considered to be unknown, and the
packet must be forwarded to every attached interface in an attempt to reach all the nodes.
This process is referred to as flooding.
Learning
The learning process examines the source addresses of frames received on the port and creates an entry
in the forwarding database associating the port on which the frame was received with the MAC address
in the source address field of the frame. If the source address does not already exist in the FDB when a
packet is received on a port, it is learned and added to the FDB.
Forwarding
A port in this state is now taking part in frame re-transmission. A port in the forwarding state can
forward received frames and make entries into the forwarding database.
● The switch performs a forwarding table lookup on the destination address. If the address is known,
the bridge identifies the port on which the destination address is located.
● If the port is different from the port on which the frame is received, the frame is forwarded to the
destination port.
Filtering
When frames are received and the destination MAC address matches the FDB entry for the inbound
port, the switch drops (filters) the frame at the port. Other packets which match FDB entries for other
ports are forwarded. Unknown addresses and broadcast addresses are still flooded.
Bridge Functions
Extreme Configuration Fundamentals Rev. 3.0 15
Figure 8: Bridge Functions
Module 5 Layer 2 Forwarding
16 Extreme Configuration Fundamentals Rev. 3.0
Flooding
In this example, the operations that take place occur when the port is in the forwarding state.
This is an example of a newly configured network, where host OB is attempting to communicate with
host 1E.
In this situation, host OB transmits an initial packet to host 1E.
The function of the switch is to receive all packets on the networks it is connected to, and make
forwarding decisions based on MAC addresses in the frames and in its own forwarding database.
At this point in time, there are no MAC addresses learned by the switch and the forwarding database is
empty.
Because the forwarding database is empty, the destination is considered to be unknown, and the packet
must be forwarded over every attached interface in an attempt to reach all the nodes.
This process is referred to as flooding.
Host OB is learned on the inbound port and an entry is added to the forwarding database.
When host 1E transmits a packet, its MAC address is also learned.
Flooding
Extreme Configuration Fundamentals Rev. 3.0 17
Figure 9: Flooding
Module 5 Layer 2 Forwarding
18 Extreme Configuration Fundamentals Rev. 3.0
Forwarding
In the example shown, host 1E replies to host 0B, using the following steps:
● The bridge performs a forwarding table lookup on the destination address. If the address is known,
the bridge identifies the port on which the destination address is located
● If the port is different from the port on which the frame is received, the frame is forwarded to the
destination port
● If the source address does not exist in the Forwarding Database (FDB) it is added.
Thus, the packet is forwarded onto the destination port learned for 0B which is port 1.
At the same time, the MAC address for 1E is learned and added to the bridge table.
Forwarding
Extreme Configuration Fundamentals Rev. 3.0 19
Figure 10: Forwarding
Module 5 Layer 2 Forwarding
20 Extreme Configuration Fundamentals Rev. 3.0
Filtering Example
Using the same network configuration but a different operation, host "0B" transmits a frame to host
"0A", and the bridge receives the frame.
Both workstations are attached to the same switch port, and the switch learns the MAC addresses of all
workstations that are active on a single port in the same way it would for a single workstation attached
to a port.
When frames are received and the destination MAC address matches the inbound port, the switch
drops (filters) the frame at the port.
This reduces traffic on the other ports within the broadcast domain (VLAN) and optimizes
performance.
Filtering Example
Extreme Configuration Fundamentals Rev. 3.0 21
Figure 11: Filtering Example
Module 5 Layer 2 Forwarding
22 Extreme Configuration Fundamentals Rev. 3.0
Forwarding Database
The switch-forwarding table is also known as the Bridge Table or the Layer 2 Forwarding Table.
For an Extreme Networks switch, the Forwarding Table is known as the Forwarding Database (FDB).
The switch maintains a database of all Media Access Control (MAC) addresses received on all of its
ports. The information in this database is used to decide whether a frame should be forwarded or
filtered.
The Forwarding Database holds a maximum number L2 entries depending on the product. Refer to the
appropriate User Guide for specific information about switch limitations.
Each entry consists of the MAC address of the device, an identifier for the port on which it was
received, and an identifier for the VLAN to which the device belongs. Frames destined for devices that
are not in the FDB are flooded to all ports within the VLAN.
Forwarding Database
Extreme Configuration Fundamentals Rev. 3.0 23
Figure 12: Forwarding Table
Figure 13: Forwarding Database
Module 5 Layer 2 Forwarding
24 Extreme Configuration Fundamentals Rev. 3.0
FDB Entry Types
This page lists the possible flag values in an FDB display.
Dynamic Entries
Initially, all entries in the database are dynamic. Entries in the database are removed or aged-out if, the
device does not transmit for a period of time defined as the aging time. Aging out entries prevents the
database from becoming full with obsolete entries by ensuring that when a device is removed from the
network, its entry is deleted from the database. Dynamic entries are deleted from the database if the
switch is reset or a power cycle occurs.
Non-aging Entries
If the aging time is set to zero, all entries in the database are defined as static, non-aging entries. This
means that they do not age, but they are still deleted if the switch is reset.
Permanent Entries
Permanent Entries are retained in the database if the switch is reset or a power cycle occurs. Only the
system administrator can make entries permanent. A permanent entry can either be a unicast or
multicast MAC address. All entries entered using the command-line interface are stored as permanent.
Once created, permanent entries stay the same as when they were created. For example, the permanent
entry is not updated when any of the following take place:
● A VLAN is deleted
● A VLAN ID is changed
● A port mode is changed (tagged/untagged)
● A port is deleted from a VLAN or disabled
● A port enters STP blocking state
● A port QoS setting is changed
● A port goes down (link down)
NOTE
Each switch family can support a maximum number of permanent entries. Refer to the appropriate User Guide for
specific information about switch limitations.
Black Hole Entries
Black hole entries configure the switch to discard packets with a specified source and/or destination
MAC address. Black hole entries are useful as a security measure or in special circumstances where a
specific destination address must be discarded. Black hole entries are treated like permanent entries in
the event of a switch reset or power off/on cycle. Black hole entries are never aged out of the database.
FDB Entry Types
Extreme Configuration Fundamentals Rev. 3.0 25
Figure 14: FDB Entry Types
Module 5 Layer 2 Forwarding
26 Extreme Configuration Fundamentals Rev. 3.0
Configuring the FDB
Entries are added into the FDB in the following ways:
● The switch can learn entries dynamically. The system updates its FDB with the source MAC address
from a packet, the VLAN, and the port identifier on which the source packet is received.
● Manually enter and update entries using an SNMP Network Manager or the CLI.
To create a permanent FDB table entry for a specified MAC address, enter the following command:
create fdbentry <mac_addr> vlan <vlan_name> ports <port_list>
Syntax Description
To delete an FDB entry, enter the following command:
delete fdbentry [all | <mac_address> [vlan <vlan name>]
To configure the FDB aging time, enter the following command:
configure fdb agingtime <seconds>
The default is 300 seconds. The range is 15-1,000,000 seconds. A value of 0 indicates that the entry
should never be aged out.
To clear dynamic FDB entries matching the filter, enter the following command:
clear fdb {<mac_address> | blackhole | ports <portlist> | vlan
<vlan name>}
When no options are specified, the command clears all dynamic entries.
ExtremeWare
To create a static FDB entry using ExtremeWare, enter the following command:
create fdbentry [<mac_address> | broadcast-mac | any-mac] vlan <name>
[ blackhole | dynamic | port <port list> ]]
Where:
● broadcast-mac - Specifies the broadcast MAC address. May be used as an alternate to the address
ff:ff:ff:ff:ff:ff.
● any-mac - Specifies the wildcard, permanent FDB entry used to give higher priority to an 802.1p
packet.
● blackhole - Configures the MAC address as a black hole entry.
mac_addr Specifies a device MAC address, using colon-separated bytes.
vlan_name Specifies a VLAN name associated with a MAC address.
port_list Specifies one or more ports or slots and ports associated with the MAC address.
Configuring the FDB
Extreme Configuration Fundamentals Rev. 3.0 27
Figure 15: Configuring the FDB
Figure 16: Configuring the FDB Continued
Module 5 Layer 2 Forwarding
28 Extreme Configuration Fundamentals Rev. 3.0
FDB Configuration Examples
To add a permanent static entry to the FDB, enter the following command:
create fdbentry 00:E0:2B:12:34:56 vlan finance port 3:4
In this example the permanent entry has the following characteristics:
● MAC address is 00:E0:2B:12:34:56.
● VLAN name is finance.
● Port number for this device is 3:4.
If the MAC address 00:E0:2B:12:34:56 is encountered on any port/VLAN other than VLAN finance, port
3:4, it is handled as a black hole entry, and packets from that source are dropped.
To remove a permanent FDB entry, enter the following command:
delete fdbentry 00:E0:2B:12:34:56 vlan default
ExtremeWare
To create a permanent black hole FDB entry using ExtremeWare, enter the following command:
create fdbentry 00:01:30:22:a9:01 vlan default blackhole
The following example associates the QoS profile qp3 with a dynamic entry for the device at MAC
address 00:A0:23:12:34:56 on VLAN net44:
create fdbentry 00:A0:23:12:34:56 vlan net44 dynamic qosprofile qp3
In this example the entry has the following characteristics:
● MAC address is 00:A0:23:12:34:56.
● VLAN name is net44.
● The entry is learned dynamically.
● QoS profile qp3 is applied as an egress QoS profile when the entry is learned.
FDB Configuration Examples
Extreme Configuration Fundamentals Rev. 3.0 29
Figure 17: FDB Configuration Examples
Module 5 Layer 2 Forwarding
30 Extreme Configuration Fundamentals Rev. 3.0
Displaying the FDB Table
To display the FDB table entries that match a specified filter, enter the following command:
show fdb {<mac_addr> {netlogin [all | mac-based]}| permanent {netlogin [all
| mac-based]} | ports <port_list> {netlogin [all | mac-based]}| vlan
<vlan_name> {netlogin [all | mac-based]} | stats | netlogin {all | macbased]}}
Syntax Description
ExtremeWare
To display the FDB table entries using ExtremeWare, enter the following command:
show fdb {<mac_address> | broadcast-mac | permanent | ports <portlist> |
remap | vlan <vlan name>}
Where:
broadcast-mac - Specifies the broadcast MAC address. May be used as an alternate to the colonseparated
byte form of the address ff:ff:ff:ff:ff:ff.
remap - Displays the remapped FDB entries.
NOTE
The broadcast-address and remap options are not available on the e-series switches.
The following MAC addresses are displayed in the ExtremeWare FDB:
ff:ff:ff:ff:ff:ff Broadcast address
00:e0:2b:00:00:00 EDP
00:e0:2b:00:00:02 ESRP (Aware)
01:00:0c:cc:cc:cd, 01:80:c2:00:00:00, 01:80:c2:00:00:02 Multicast addresses used for STP
mac_addr Specifies a MAC address, using colon-separated bytes.
netlogin Displays all FDB entries created as a result of the netlogin process. Not supported on the
BlackDiamond 10808.
permanent Displays all permanent entries, including the ingress and egress QoS profiles.
port_list Displays the entries for one or more ports or ports and slots.
vlan_name Displays the entries for a specific VLAN.
stats Displays the number of static, permanent, dynamic, and dropped FDB entries.
Displaying the FDB Table
Extreme Configuration Fundamentals Rev. 3.0 31
Figure 18: Displaying the FDB Table
Module 5 Layer 2 Forwarding
32 Extreme Configuration Fundamentals Rev. 3.0
Layer-2 Security Features
Port and MAC address security is used to control the way the FDB entries are learned and how the FDB
is populated.
By managing entries in the FDB, you can block or allow packet forwarding on a per-address basis.
Port address security features are used to limit the number of dynamically learned MAC addresses
allowed per port and VLAN. You can also lock the FDB entries for a port and VLAN, so that the
current entries do not change, and no additional addresses can be learned on the port.
Port address security features like limit-learning and lock-learning control the number of MAC
addresses per port.
NOTE
MAC address security is not foolproof because it is possible for end-users to alter their PC's MAC address and
assume the MAC-level identity of another computer (known as spoofing).
Nevertheless, port and MAC address security are powerful protective mechanisms, particularly when
used in conjunction with other security features.
ExtremeWare
The ExtremeWare secure-mac feature supports MAC address security by permitting pre-configured
MAC addresses to be assigned to a certain set of ports. If the MAC address appears in any of the
authorized ports that are specified in the configuration, it is learned and entered into the FDB table. If
the MAC address appears on a non-authorized port, the MAC address is configured as a black hole
entry and a syslog message and a trap are sent.
Layer-2 Security Features
Extreme Configuration Fundamentals Rev. 3.0 33
Figure 19: Layer-2 Security Features
Module 5 Layer 2 Forwarding
34 Extreme Configuration Fundamentals Rev. 3.0
Limiting Dynamic MAC Addresses
You can set a predefined limit on the number of dynamic MAC addresses that can participate in the
network.
After the FDB reaches the defined MAC-address limit, all new source MAC addresses are configured as
a black hole entry at both the ingress and egress points. This prevents these MAC addresses from
responding to Internet control message protocol (ICMP) and address resolution protocol (ARP) packets.
The limit-learning feature lets the network administrator control the number of MAC addresses per
physical port and VLAN.
By limiting the number of MAC addresses per physical port and VLAN, an administrator can block
rogue networks from being added to the corporate backbone, prevent a user from adding their own
devices (e.g., printer, IP phone) to the network, or keep foreign switches or surreptitious wireless
snooping devices off the infrastructure.
Limit learning applies to dynamic FDB entries; permanent FDB entries are not affected by the MAC
limit.
For ports that have a learning limit in place, the following traffic still flows to the port:
● Packets destined for permanent MAC addresses and other mac address that are not black hole
entries.
● Broadcast traffic from MAC addresses that are not black hole entries.
● EDP and LLDP traffic
Dynamically learned entries still get aged, and can be cleared. If entries are cleared or aged out after the
learning limit has been reached, new entries are then able to be learned until the limit is reached again.
Permanent static and permanent dynamic entries can still be added and deleted using the create
fdbentry and delete fdbentry commands. These commands override any dynamically learned entries.
Limiting Dynamic MAC Addresses
Extreme Configuration Fundamentals Rev. 3.0 35
Figure 20: Limiting Dynamic MAC Addresses
Module 5 Layer 2 Forwarding
36 Extreme Configuration Fundamentals Rev. 3.0
Locking Down MAC Addresses
In addition to limiting learning on virtual ports, you can lock down the existing dynamic FDB entries
and prevent (per port per VLAN basis) any additional learning.
This causes all dynamic FDB entries associated with the specified VLAN and ports to be converted to
locked static entries. It also sets the learning limit to zero, so that no new entries can be learned.
Locking learning has the following results:
● All new dynamic source MAC addresses are added to the FDB as black hole entries.
● Locked entries do not get aged, but can be cleared.
● Dynamic entries active at the time of lock learning remain in the FDB after the switch is reset or a
power cycle occurs.
● Permanent static entries can still be added and deleted. Permanent dynamic entries do not override
locked static entries.
For ports that have lock-learning in effect, the following traffic still flows to the port:
● Packets destined for the permanent MAC entries and other MAC addresses that are not black hole
entries
● Broadcast traffic from MAC addresses that are not black hole entries
● EDP traffic
You can either limit dynamic MAC FDB entries per vlan/port, or lock down the current MAC FDB
entries per vlan/port, but not both.
Locking Down MAC Addresses
Extreme Configuration Fundamentals Rev. 3.0 37
Figure 21: Locking Down MAC Addresses
Module 5 Layer 2 Forwarding
38 Extreme Configuration Fundamentals Rev. 3.0
Configuring Port-based Security
To limit the number of dynamic MAC addresses that can participate in the network, enter the following
command:
configure ports <portlist> vlan <vlan name> [limit-learning <number> |
lock-learning | unlimited-learning | unlock-learning]
This command specifies the number of dynamically learned MAC entries allowed for these ports in this
VLAN. The range is 0 to 4294967295 addresses.
For example:
configure ports 2-5 vlan blue limit-learning 1
To remove the learning limit, enter the following command:
configure ports 2-5 vlan blue unlimited-learning
MAC Address Lock-learning
In addition to limiting learning on a specified VLAN and port, you can lock down the existing dynamic
FDB entries and prevent any additional learning.
This command causes dynamic FDB entries associated with the specified VLAN and ports to be
converted to locked static entries. It also sets the learning limit to zero, so that no new entries can be
learned. Traffic from the permanent MAC addresses still flow to and from the port.
For example:
configure ports 2-5 vlan blue lock-learning
To remove MAC address lock down, enter the following command:
configure ports 2-5 vlan blue unlock-learning
When you remove the lock down using the unlock-learning option, the learning-limit is reset to
unlimited, and all associated entries in the FDB are flushed.
Configuring Port-based Security
Extreme Configuration Fundamentals Rev. 3.0 39
Figure 22: Configuring Port-based Security
Module 5 Layer 2 Forwarding
40 Extreme Configuration Fundamentals Rev. 3.0
Verifying and Troubleshooting Port-based Security
To verify the configuration, enter the following command:
show vlan <name> security
To display the MAC security information for the specified port, enter the following command:
show ports <portlist> info detail
This command displays detailed information, including MAC limit learning security information, for
the specified port.
To displays the FDB table entries that match the filter, enter the following command:
show fdb {<mac_addr> | permanent | ports <port_list> | vlan <vlan_name>
When no options are specified, the command displays all FDB entries.
Verifying and Troubleshooting Port-based Security
Extreme Configuration Fundamentals Rev. 3.0 41
Figure 23: Verifying and Troubleshooting
Module 5 Layer 2 Forwarding
42 Extreme Configuration Fundamentals Rev. 3.0
Disabling MAC Address Learning
By default, MAC address learning is enabled on all ports.
You can disable learning on specified ports using the following command:
disable learning port <portlist> | all]
If MAC address learning is disabled, only broadcast traffic, EDP traffic, LLDP, and packets destined to a
permanent MAC address matching that port number, are forwarded. Use this command in a secure
environment where access is granted through permanent FDB entries.
Disabling MAC Address Learning
Extreme Configuration Fundamentals Rev. 3.0 43
Figure 24: Disabling MAC Address Learning
Module 5 Layer 2 Forwarding
44 Extreme Configuration Fundamentals Rev. 3.0
Controlling Egress Flooding
With the BlackDiamond 8800 family of switches and the Summit X450 switch, you can identify the type
of packets to flood on the specified ports. With the BlackDiamond 10808 switch, you can only flood all
packets or no packets.
To disable the flooding of specified packet types, enter the following command:
disable flooding [all_cast | broadcast | multicast | unicast] port
[<port_list> | all]
Use this command to enhance security and to improve network performance by disabling Layer 2, or
egress, flooding of some packets. This is particularly useful when you are working on an edge device in
the network.
To enable the flooding of specific packet types, enter the following command:
enable flooding [all_cast | broadcast | multicast | unicast] port
[<port_list> | all]
Syntax Description
The following guidelines apply to enabling and disabling egress flooding:
● Disabling multicasting egress flooding does not affect those packets within an IGMP membership
group at all; those packets are still forwarded out. If IGMP snooping is disabled, multicast packets
are not flooded.
● Egress flooding can be disabled on ports that are in a load-sharing group. If that is the situation, the
ports in the group take on the egress flooding state of the master port.
● FDB learning is independent of egress flooding; either can be enabled or disabled independently.
● Disabling unicast egress flooding to a port also stops packets with unknown MAC addresses from
being flooded to that port.
● Disabling broadcast egress flooding to a port also stops broadcast packets from being flooded to that
port.
all_cast Specifies enabling egress flooding for all packets on the specified ports.
broadcast Specifies enabling egress flooding only for broadcast packets.
NOTE: Only on the BlackDiamond 8800 switches and the Summit X450 switch.
multicast Specifies enabling egress flooding only for multicast packets.
NOTE: Only on the BlackDiamond 8800 switches and the Summit X450 switch.
unicast Specifies enabling egress flooding only for unicast packets.
NOTE: Only on the BlackDiamond 8800 switches and the Summit X450 switch.
port_list Specifies one or more ports or slots and ports.
all Specifies all ports on the switch.
Controlling Egress Flooding
Extreme Configuration Fundamentals Rev. 3.0 45
Figure 25: Limiting Egress Flooding
Module 5 Layer 2 Forwarding
46 Extreme Configuration Fundamentals Rev. 3.0
Summary
Module five presents a description of the various functions a bridge performs, how a bridge handles
frames received from the networks, and how to configure layer-2 forwarding.
You should now be able to:
● Describe ExtremeWare® XOS layer-2 features.
● Define Transparent Bridging.
● Define the Flooding and Learning port states.
● Define the Forwarding and Filtering port state.
● Define the Forwarding Database.
● Create Forwarding Database entries.
● Configure and verify the Limit Learning feature.
● Configure and verify the Lock Learning feature.
Summary
Extreme Configuration Fundamentals Rev. 3.0 47
Figure 26: Summary
Module 5 Layer 2 Forwarding
48 Extreme Configuration Fundamentals Rev. 3.0
Module 5 Review Questions
1 Match the following switch port states with the correct description.
2 Match the following FDB entry types with the best description.
3 Match the following port-based security features with the best description.
a Flooding __ Examines the source addresses of frames received on the port and creates
an entry in the forwarding database associating the port on which the frame
was received with the MAC address.
b Learning __ Looks up the destination address in the forwarding database. If the
address is known and the port is the same as the port on which the frame is
received, the frame is discarded.
c Forwarding __ Initially, there are no MAC addresses learned on a port and the
forwarding database for that port is empty. Because the forwarding
database is empty, the destination is considered to be unknown, and the
packet must be forwarded to every attached interface.
d Filtering __ Looks up the destination address in the forwarding database. If the address is
known and the port is different from the port on which the frame is received, the
frame is sent to the destination port.
a Dynamic __ Entry is not aged out and packets that match are discarded.
b Permanent __ Entry is aged out to ensure that when a device is removed from the
network, its entry is deleted from the database.
c Black Hole __ Entry is not aged out and is retained in the database if the switch is reset
or a power cycle occurs.
a Lock Learning __ The administrator configures a maximum number of addresses to be
associated with a port. After the FDB reaches the defined maximum, all new
source MAC addresses are configured as a black hole entries.
b Limit Learning __ Existing entries do not get aged out and remain in the FDB after the
switch is reset. New source MAC addresses are added to the FDB as black
hole entries.
Extreme Configuration Fundamentals Rev. 3.0 1
6Module 6
Introduction to VLANs
Module 6 Introduction to VLANs
2 Extreme Configuration Fundamentals Rev. 3.0
Student Objectives
Module 6 introduces Virtual Local Area Networks (VLANs) and defines port based VLANs.
Upon completion of this module, the successful student will be able to:
● Define VLANs.
● Describe VLAN support in Extreme Networks® Switches.
● Define and describe port-based VLANs.
● Configure port-based VLANs.
Student Objectives
Extreme Configuration Fundamentals Rev. 3.0 3
Figure 1: Student Objectives
Module 6 Introduction to VLANs
4 Extreme Configuration Fundamentals Rev. 3.0
Traditional LANs
In traditional LANs, a switch can only participate in a single broadcast domain. All nodes attached to a
switch receive the broadcast packet from any of the other nodes since the switch floods the packet to all
ports.
Once a broadcast domain reaches a certain size, the efficiency of the LAN starts to suffer since every
node is processing a substantial amount of broadcast traffic.
Traditional LANs
Extreme Configuration Fundamentals Rev. 3.0 5
Figure 2: Traditional LANs
Module 6 Introduction to VLANs
6 Extreme Configuration Fundamentals Rev. 3.0
Virtual LANs
Virtual LANs are a feature found in most switches today. VLANs allow the administrator to configure a
switch to participate in multiple broadcast domains. It is possible to put nodes in different broadcast
domains (VLANs) so that only those nodes that need to receive the broadcast packets, received them.
To get traffic from one VLAN to another VLAN, use a layer-3 device such as a router or layer-3 switch.
Virtual LANs are a technology that provides the network administrator with greater control over
network traffic and administration.
● A VLAN is a layer-2 broadcast domain.
● With the use of VLANs, the layer-2 broadcast domain is no longer defined by just a device's physical
location.
● VLANs allow the administrator to define which devices are contained within the same layer-2
broadcast domain.
● Devices configured to be within the same VLAN, communicate as though they were on the same
physical network. (regardless of physical location)
VLANs greatly increase the control available to the administrator. VLANs can enhance network
performance and design flexibility as follows:
● A single switch may be configured to support multiple VLANs.
● A single port on a switch can be a member of more than one VLAN.
Virtual LANs
Extreme Configuration Fundamentals Rev. 3.0 7
Figure 3: Virtual LANs
Figure 4: VLANs Continued
Module 6 Introduction to VLANs
8 Extreme Configuration Fundamentals Rev. 3.0
Benefits of VLANs
This page lists several advantages of implementing VLANs on your networks.
Help Control Traffic
VLANs provide a way of defining the size of layer-2 broadcast domains and which devices are
members of the domain. This is important to network design because controlling layer-2 broadcasts is a
factor in overall network performance. The important issue is that this domain is not controlled by
physical location. If required, each port on the same switch could be configured as a member of a
different VLAN.
Provide Extra Security
Devices within each VLAN can only communicate at Layer 2 with member devices in the same VLAN.
If a device in VLAN Marketing must communicate with devices in VLAN Finance, the traffic must cross
a routing device.
NOTE
When monitoring the traffic on the network using a network analyzer, the analyzer only receives the layer-2
information for the VLAN (broadcast domain) it is connected to.
Ease Changes and Movement of Devices
With traditional networks, network administrators spend much of their time dealing with moves and
changes. If users who were configured to be in a specific layer-2 broadcast domain physically move
location, it can be difficult (or impossible) to reconfigure the network to maintain them as members of
the same broadcast domain.
By implementing VLANs, if an end-station in VLAN Marketing is moved to a port in another part of
the network and needs to retain its original VLAN membership, you only have to specify that the new
port is a member of VLAN Marketing. There is no need to physically reconfigure the network
Benefits of VLANs
Extreme Configuration Fundamentals Rev. 3.0 9
Figure 5: Benefits of VLANs
Module 6 Introduction to VLANs
10 Extreme Configuration Fundamentals Rev. 3.0
System VLANs
The following two VLANs are pre-configured on ExtremeWare XOS® switches:
● Default
● Mgmt
Default VLAN
The default VLAN has the following properties:
● An internal VLAN ID of 1
● Contains all the switch data ports as members
● Ports are defined as untagged
NOTE
The default VLAN cannot be deleted. Although you can rename an existing VLAN, the default and Mgmt VLAN
names should not be changed. VLAN names are not case sensitive.
Mgmt VLAN
The BlackDiamond 8800, BlackDiamond 10808, Summit X450, Summit 5i, Summit7i, BlackDiamond
6800, and Alpine switches have an additional pre-configured VLAN called Mgmt which contains the
dedicated Mgmt Ethernet port.
The Mgmt VLAN has the following characteristics:
● Only exists on switches that have an Ethernet management port
● Only contains the management port
● Is only used for management functions.
● No switching or routing is supported on this VLAN.
You can configure an IP address, subnetwork mask, and a default route for the mgmt VLAN.
The Mgmt VLAN and Mgmt port are connected to the VR-Mgmt virtual router interface.
Management Port
The management port on BlackDiamond 8800, BlackDiamond 10808, Summit X450, Summit 5i,
Summit7i, BlackDiamond 6800, and Alpine switches support access for Telnet, SNMP, and TFTP.
The management port is a DTE port, and is not capable of supporting switching or routing functions.
ExtremeWare
All Extreme Networks i-series switches come pre-configured with a VLAN named MacVlanDiscover.
This VLAN is used as a temporary placeholder for ports prior to the MAC address being learned.
System VLANs
Extreme Configuration Fundamentals Rev. 3.0 11
Figure 6: System VLANs
Figure 7: System VLANs Continued
Module 6 Introduction to VLANs
12 Extreme Configuration Fundamentals Rev. 3.0
Types of VLANs
The following types of user-configurable VLANs can be created on ExtremeWare XOS-capable switches:
● Port-based (Untagged) VLAN
● 802.1Q Tagged VLAN - VLAN tagging is a process that inserts a tag into the Ethernet frame. The tag
contains the identification (ID) number of a specific VLAN. Using tags, multiple VLANs can span
multiple switches using just one trunk.
● Protocol-based VLAN - Protocol-based VLANs enable you to define a packet filter that the switch
uses as the matching criteria to determine if a particular packet belongs to a particular VLAN.
■ Ethernet, LLC SAP, or LLC/SNAP Ethernet protocol type
■ Treated like a Tagged VLAN
● A combination of any of the above
ExtremeWare
In addition to tagged, port-based VLANs, and protocol-based VLANs, MAC-based VLANs can be
created on i-series switches. Use MAC-based VLANs to designate a set of ports that have VLAN
memberships dynamically determined by the MAC address of the end stations connected to the
physical port.
The MAC-to-VLAN database is stored in volatile memory only. When the switch reboots, the database
must to be loaded again. Partial configurations of the MAC to VLAN database can be downloaded to
the switch using the timed download configuration feature.
The MacVlanDiscover system VLAN is used as a temporary placeholder for ports prior to the MAC
address being learned.
Types of VLANs
Extreme Configuration Fundamentals Rev. 3.0 13
Figure 8: Types of VLANs
Module 6 Introduction to VLANs
14 Extreme Configuration Fundamentals Rev. 3.0
Port-based VLANs
In a port-based VLAN, a VLAN is associated with a group of one or more ports on the switch. A port
can be a member of only one port-based VLAN.
NOTE
A port-based VLAN is also known as an untagged VLAN
For the members of different VLANs to communicate, the switch must route the traffic, even if the ports
are physically part of the same I/O module. This means that each VLAN must be configured with a
unique IP address.
Configuring Port-based VLANs
To create a port-based VLAN, enter the following command:
create vlan <vlan name> {vr <vr-name>}
Syntax Description
For example:
create vlan blue
To add ports or a specified range of ports to a VLAN, enter the following command:
configure vlan <vlan name> add ports [ all | <port number> ]
For example:
configure vlan blue add port 1,2
To change the name of a VLAN that already exists, enter the following command:
configure vlan <old_name> name <new_name>
To delete a VLAN, enter the following command:
delete vlan <vlan name>
vlan_name Specifies a VLAN name (up to 32 characters).
vr Specifies a virtual router.
vr-name Specifies in which virtual router to create the VLAN.
NOTE: On the BlackDiamond 8800 switches and the Summit X450 switch, all VLANs are created
in VR-Default.
Port-based VLANs
Extreme Configuration Fundamentals Rev. 3.0 15
Figure 9: Port-based VLANs
Figure 10: Configuring Port-based VLANs
Module 6 Introduction to VLANs
16 Extreme Configuration Fundamentals Rev. 3.0
Verifying Port-based VLANs
To verify the configuration of a specific port-based VLAN, enter the following command:
show vlan {detail | <vlan_name> {stpd}}
To display the configuration information about all VLANs on a switch, enter the following command:
show vlan detail
Verifying Port-based VLANs
Extreme Configuration Fundamentals Rev. 3.0 17
Figure 11: Show Vlan Default Display
Module 6 Introduction to VLANs
18 Extreme Configuration Fundamentals Rev. 3.0
Common Error Configuring Port-based VLANs
Because a port can only be a member of one port-based VLAN, the error detailed in the slide is often
seen when you first attempt to add a port to a port-based VLAN.
The error indicates that port 1 is already a member of a port-based VLAN other than test. To solve this
you can do one of the following:
● Remove port 1 from the original port-based VLAN
● Make VLAN test a tagged VLAN and add port 1 tagged (tagging is discussed later)
● Make VLAN test a protocol-based VLAN (protocol based VLANs are discussed later)
The Problem
Because VLAN Default initially contains all the switch ports as members (port based i.e. untagged), this
error might appear when you try to create a port-based VLAN and add an untagged port.
The Solution
Delete all ports on VLAN Default before attempting to create and configure new port-based VLANs.
To delete all ports from the pre-configured default VLAN, enter the following command:
configure vlan default delete ports all
Common Error Configuring Port-based VLANs
Extreme Configuration Fundamentals Rev. 3.0 19
Figure 12: Common Error Configuring Port-Based VLANs
Module 6 Introduction to VLANs
20 Extreme Configuration Fundamentals Rev. 3.0
Extending VLANs Across Multiple Switches
To create port-based VLANs that span two (or more) switches:
● The switches must be connected together.
● VLAN names must be unique.
● The same VLAN name should be configured on each switch.
● Each switch must have a configured port(s) for each VLAN.
● Each link between the switch ports must connect to a port that is a member of the same VLAN on
the next switch.
The illustration shows one way to extend three VLANs across two switches. The following steps show
the basic process involved in configuring each of the three VLANs:
● Create the VLANs on each switch
create vlan finance
create vlan engineering
create vlan marketing
● Add ports to each VLAN on each switch
configure vlan finance add ports 1-4
configure vlan engineering add ports 9-12
configure vlan marketing add ports 17-24
● Cable the switches together using one port per VLAN on each switch.
NOTE
This type of physical connection uses a lot of physical port resources. To overcome this limitation, implement other
VLAN types such as tagged VLANs.
Extending VLANs Across Multiple Switches
Extreme Configuration Fundamentals Rev. 3.0 21
Figure 13: Extending VLANs Across Multiple Switches
Module 6 Introduction to VLANs
22 Extreme Configuration Fundamentals Rev. 3.0
Summary
Module five describes port-based VLANs. You should now be able to:
● Define VLANs.
● Describe VLAN support in Extreme Networks Switches.
● Define and describe port-based VLANs.
● Configure port-based VLANs.
Summary
Extreme Configuration Fundamentals Rev. 3.0 23
Figure 14: Summary
Module 6 Introduction to VLANs
24 Extreme Configuration Fundamentals Rev. 3.0
Module 6 Review Questions
1 Which types of switches have the Mgmt system VLAN?
a All fixed-configuration switches.
b All chassis-based switches.
c Only switches running ExtremeWare XOS.
d Only switches that have a Mgmt port.
2 What is the most important reason for implementing VLANs?
a To improve network security.
b To assist in traffic monitoring.
c To segment the broadcast domain.
d To make changes to the network easier.
3 Match the following VLAN types with the best description.
VLAN Type Description
a Default System VLAN ___ Is only used for management functions.
b Mgmt System VLAN ___ Initially contains all the switch data ports as members
Extreme Configuration Fundamentals Rev. 3.0 1
7Module 7
Tagged VLANs
Module 7 Tagged VLANs
2 Extreme Configuration Fundamentals Rev. 3.0
Student Objectives
Module seven provides a definition of VLAN tagging and describes the IEEE 802.1Q specification. It
discusses VLAN tagging dependencies and how to configure tagged VLANS in an Extreme Networks®
switch.
Upon completion of this module, the successful student will be able to:
● Define VLAN tagging.
● Describe the IEEE 802.1Q tag.
● Describe VLAN tagging dependencies.
● Configure tagged VLANS.
● Add tagged and untagged ports to tagged VLANs.
Student Objectives
Extreme Configuration Fundamentals Rev. 3.0 3
Figure 1: Student Objectives
Module 7 Tagged VLANs
4 Extreme Configuration Fundamentals Rev. 3.0
Port-based VLANS Extended Across Multiple Switches
In the illustration port-based VLANs are being used and eight ports of the top switch are connected to
eight ports of the lower switch for 8 different VLANs. This approach uses a lot of ports.
The introduction of a different VLAN technique called VLAN tagging solves the problem of having to
use multiple ports for inter-VLAN communications if you have multiple VLANs.
Port-based VLANS Extended Across Multiple Switches
Extreme Configuration Fundamentals Rev. 3.0 5
Figure 2: Port-based VLANS Across Multiple Switches
Module 7 Tagged VLANs
6 Extreme Configuration Fundamentals Rev. 3.0
VLAN Tagging Overview
VLAN tagging is a process that inserts tag into the Ethernet frame. The tag contains the identification
(ID) number of a specific VLAN, called the VLAN ID.
Tagging is most commonly used to create VLANs that span switches. The switch-to-switch connections
are typically called trunks. Using tags, multiple VLANs can span multiple switches using just one trunk.
It is also possible (and common) to use multiple trunks.
VLAN tagging is integral to the operation of all Extreme Networks switches and their ability to support
VLANs.
The IEEE 802.1Q VLAN specification defines Ethernet Tagging.
Another benefit of tagged VLANs is the ability to have a port configured as a member of multiple
VLANs. This is particularly useful if you have a device (such as a server) that must belong to multiple
VLANs. The device must have a Network Interface Card (NIC) that supports IEEE 802.1Q tagging.
A single port can only be a member of one port-based VLAN. Tags must be used for all additional
VLAN membership for that port.
NOTE
The use of 802.1Q tagged packets may lead to the transmission of packets slightly larger than the IEEE 802.3
Ethernet Maximum Transmit Unit (MTU) of 1,518 bytes. This can affect packet error counters in other devices, and
can also lead to connectivity problems if non-802.1Q bridges or routers are placed in the path. (The current version
of IEEE 802.1D specifies that a device can receive up to 1,522 bytes).
VLAN Tagging Overview
Extreme Configuration Fundamentals Rev. 3.0 7
Figure 3: VLAN Tagging Overview
Module 7 Tagged VLANs
8 Extreme Configuration Fundamentals Rev. 3.0
Tagged VLANs on Extreme Networks Switches
As previously discussed, tagging is most commonly used to create VLANs that span switches using
trunks.
The illustration shows a port-based VLAN example, which requires all VLANs spanning the switches to
have a physical connection. The illustration also shows the situation after VLAN tagging is used, with
only one physical cable connecting multiple tagged VLANs.
Each VLAN configured in the switch may be assigned an 802.1Q VLAN tag. As ports are added to a
VLAN with an 802.1Q tag defined, decide whether each port uses tagging for that VLAN.
The default mode of the switch is to have all ports assigned untagged to the default VLAN with an
802.1Q VLAN tag (VLAN ID) of 1 assigned.
Not all ports in the VLAN must be tagged. As traffic from a port is forwarded out of the switch, the
switch determines, in real time, if each destination port should use tagged or untagged frame formats
for that VLAN. The switch adds and strips tags as required.
NOTE
Packets arriving tagged with a VLAN ID that is not configured on the switch are discarded.
NOTE
End stations may not recognize tagged frames coming from the switch port it is connected to. These end
workstations discard the frame because there is a tag value inserted where the type/length field is expected.
NOTE
A single port can be associated with multiple tagged VLANs. So, it is not necessary to delete a port from one VLAN
to be able to add it to another tagged VLAN.
Tagged VLANs on Extreme Networks Switches
Extreme Configuration Fundamentals Rev. 3.0 9
Figure 4: Tagged VLANs on Extreme Networks Switches
Module 7 Tagged VLANs
10 Extreme Configuration Fundamentals Rev. 3.0
Tagged Ethernet Frames
A tag is inserted into the Ethernet frame to allow switches to identify which VLAN the packet belongs
to. This method allows a single link to support multiple VLANs.
When a frame leaves a switch on a tagged port, the switch inserts this tag based on which VLAN the
frame is associated with. At the other end of the link, the receiving switch can compare this tag with the
tags associated with its VLANs to determine to which VLAN the traffic belongs.
The tag used is defined in the IEEE 802.1Q specification. This specification defines the tag as a 12-bit
numerical value called a VLAN Identifier. This supports up to 4,096 possible VLAN IDs.
Ethernet Frame - Before and After Tagging
The diagram shows the Ethernet frame before and after the addition of the 802.1Q fields.
Tag Protocol Identifier Field
The Tag Protocol Identifier (TPI) has a value outside the possible range of Ethernet Type or Length
entries. This allows identification of the field as a TPI and contains these four hex digits: 81 00
Tag Portion
● User Priority field:
■ 3 bits (priorities 0-7) available
■ A higher number means a higher priority
● Canonical Format Indicator (CFI) bit:
■ Specifies the order of significant bits within the data field
■ A CFI setting of 1 in a tagged Ethernet frame is used when a token ring or FDDI frame is
encapsulated within the Ethernet frame
● 12-bit VLAN Identifier field:
■ 4096 possible values
■ 0 entry Null VLAN ID, which is used for STP bridge PDUs, for example. The frame is handled
like an untagged frame, with the possibility of an 802.1p priority setting.
■ VLAN ID 4095 is reserved for the MacVlanDiscover VLAN.
Tagged Ethernet Frames
Extreme Configuration Fundamentals Rev. 3.0 11
Figure 5: Tagged Ethernet Frames
Figure 6: Ethernet Frame - Before and After Tagging
Module 7 Tagged VLANs
12 Extreme Configuration Fundamentals Rev. 3.0
Configuring Tagged VLANs
To configure VLANs with tags and then configure the VLAN with ports that are tagged, use the
following commands:
To create a VLAN with a unique name, enter the following command:
create vlan <vlan name>
To configure the VLAN with a tag value, enter the following command:
configure vlan <vlan_name> tag <tag>
The tag range is 2 - 4094.
To configure a VLAN with member ports as tagged, enter the following command:
configure vlan <vlan_name> add port [ all | <port number> ] tagged
For example:
create vlan blue
configure blue tag 10
configure blue add port 2 tagged
configure blue add port 7 untagged
Verifying the Tagged VLAN Configuration
After all VLAN configuration commands have been entered, it is good practice to verify the switch
settings.
To verify the VLAN configuration and that the ports are now tagged, enter the following command:
show vlan {detail |<vlan_name>}
Configuring Tagged VLANs
Extreme Configuration Fundamentals Rev. 3.0 13
Figure 7: Configuring Tagged VLANs
Figure 8: Show VLAN Display
Module 7 Tagged VLANs
14 Extreme Configuration Fundamentals Rev. 3.0
Tagged VLANs on Multiple Switches Example
Here is another example of how to configure tagged VLANs. In this example there are two switches
with a single link that must support 2 VLANs.
The red VLAN uses a tag of 10 and the green VLAN uses a tag of 20.
Any port that is used by a host connection is usually left untagged, since most NICs are not designed to
support 802.1Q tags and have no real need to detect them anyway. For switch-to-switch connections,
the VLAN ports should be tagged to enable those ports to support more than one VLAN.
Frames from VLAN red contain the 802.1Q tag with a VLAN ID of 10 and frames from VLAN green
contain the 802.1Q tag of 20.
NOTE
When using ExtremeWare the VLAN can not be named red because red is a keyword used by the switch to refer to
Random Early Detection. It is recommended to avoid naming VLANs with names that conflict with the CLI keywords.
Tagged VLANs on Multiple Switches Example
Extreme Configuration Fundamentals Rev. 3.0 15
Figure 9: Tagged VLANs on Multiple Switches
Module 7 Tagged VLANs
16 Extreme Configuration Fundamentals Rev. 3.0
Examples of Bad Configuration
This page describes important details about the operation of a tagged port and tagged VLAN.
Mismatched Tags
When configuring VLANs with tagging, remember the following points:
● Multiple VLANs using a single physical uplink, require tags to differentiate the broadcast domains.
● Tags must match across links for the associated VLANs to be contiguous.
● If the tags are mismatched, datagrams are discarded at the port and the VLANs are partitioned.
Mismatched Names
VLAN names are displayed for the user. When a switch processes a packet the VLAN name is not used.
Only the tag value is used. So, it is possible to have a VLAN with a consistent tag that is identified by
different names in different switches. This situation can cause a lot of confusion.
Mixed Tagged and Untagged Ports
One VLAN on a link can operate untagged. Untagged packets are placed in the one VLAN that is
untagged for that port. In the illustration:
● VLANs with the name Purple and Red are created on all three switches.
● VLAN Purple is assigned a tag value of 10 and VLAN Red is assigned a tag value of 30.
● The packets for VLAN Purple are untagged on the link between switch 1 and 2.
● The packets for VLAN Red are untagged on the link between switch 2 and 3.
This configuration is a bad design and should not be used.
Examples of Bad Configuration
Extreme Configuration Fundamentals Rev. 3.0 17
Figure 10: Mixed Tagged and Untagged Ports
Module 7 Tagged VLANs
18 Extreme Configuration Fundamentals Rev. 3.0
Summary
Module seven provides a definition of VLAN tagging and describes the IEEE 802.1Q specification. It
discusses VLAN tagging dependencies and how to configure tagged VLANS in an Extreme Networks
Switch.
You should now be able to:
● Define VLAN tagging.
● Describe the IEEE 802.1Q tag.
● Describe VLAN tagging dependencies.
● Configure tagged VLANS.
● Add tagged and untagged ports to tagged VLANs.
Summary
Extreme Configuration Fundamentals Rev. 3.0 19
Figure 11: Summary
Module 7 Tagged VLANs
20 Extreme Configuration Fundamentals Rev. 3.0
Module 7 Review Questions
1 What is the IEEE specification for VLAN tagging?
a 802.1Q
b 802.1W
c 802.1D
d 802.1p
2 How are packets identified as belonging to a particular VLAN?
a A tag is inserted into the IP frame that contains the VLAN identification.
b A a tag is inserted into the Ethernet frame that contains the VLAN identification.
c The type field in the Ethernet frame is replaced with a tag that contains the VLAN identification.
d The user priority bits in the Ethernet frame are used as the tag that contains the VLAN
identification.
3 Which of the following suggestions are a good practice?
a Make VLAN tags consistent but name the VLANS differently on each switch.
b Insert bridges that do no support VLAN tagging between switches that are sharing tagged
VLANs.
c Configure the link between switches to be untagged for one VLAN and tagged for others.
d Configure a port for tagging if the attached device does not support tagging.
e Name VLANs with names that are the same as CLI keywords.
f All of the above.
g None of the above.
Extreme Configuration Fundamentals Rev. 3.0 1
8Module 8
Protocol-based and vMAN VLANs
Module 8 Protocol-based and vMAN VLANs
2 Extreme Configuration Fundamentals Rev. 3.0
Student Objectives
Module eight describes the different types of VLANs other than port-based and tagged VLANs that
may be configured on the Extreme Networks® switch product family.
Upon completion of this module, the successful student will be able to:
● Describe protocol-based VLANs.
● Configure protocol-based VLANs.
● Describe vMAN VLAN Tunnels.
● Identify Extreme Networks support for vMAN VLANs.
● Configure vMAN VLAN Tunnels.
Student Objectives
Extreme Configuration Fundamentals Rev. 3.0 3
Figure 1: Student Objectives
Module 8 Protocol-based and vMAN VLANs
4 Extreme Configuration Fundamentals Rev. 3.0
Protocol-Based VLANs
When you configure a protocol-based VLAN on an Extreme Networks switch, it enables filtering by
protocol type in order to match a data stream to a particular VLAN.
Protocol-based VLANs enable the administrator to define a packet filter that the switch uses as the
matching criteria to determine if a particular packet belongs to a particular VLAN.
Protocol-based VLANs are most often used when network segments contain hosts running multiple
protocols. In the illustration an ingress port is configured to receive three different protocol types (for
example IPX, IP, and AppleTalk).
You can also define packet filters that are customized to exact requirements.
Using Pre-defined Protocol Filters
The Extreme Networks switch family provides a range of pre-defined protocol filters for ease of
implementation:
● IP
● IPX
● IPv6
● NetBIOS
● DECNet
● IPX_8022
● IPX_SNAP
● AppleTalk
To display a list of custom and pre-defined protocol filters, enter the following command:
show protocol
Protocol-Based VLANs
Extreme Configuration Fundamentals Rev. 3.0 5
Figure 2: Protocol-Based VLANs
Figure 3: Pre-defined Protocol Filters
Module 8 Protocol-based and vMAN VLANs
6 Extreme Configuration Fundamentals Rev. 3.0
Creating Custom Protocol Filters
If necessary, define a customized protocol filter based on the EtherType field, Logical Link Control
(LLC), and/or Subnetwork Access Protocol (SNAP).
The following commands are used to define and configure a customized protocol filter:
To create a custom protocol filter, enter the following command:
create protocol <protocol_name>
Protocol names can have a maximum of 32 characters.
To configure the protocol filter, enter the following command:
configure protocol <protocol_name> add [ etype | llc | snap] <hex_value>
Where:
etype - Ethernet frame type
llc - LLC Service Advertising Protocol (SAP)
snap - Ethernet frame type inside the IEEE SNAP packet encapsulation
hex_value Specifies a four-digit hexadecimal number between 0 and FFFF that represents:
● The Ethernet protocol type taken from a list maintained by the IEEE.
● The DSAP/SSAP combination created by concatenating a two-digit LLC
● Destination SAP (DSAP) and a two-digit LLC Source SAP (SSAP).
● The SNAP-encoded Ethernet protocol type.
To display the configuration of pre-defined protocol filters, enter the following command:
show protocol <protocol_name>
For example to build a filter for LLC SAP packets, enter the following commands:
create protocol llcsap
configure protocol llcsap add llc 0xfeff
To delete a protocol filter, enter the following command:
delete protocol <protocol_name>
If you delete a protocol that is in use by a VLAN, the protocol associated with that VLAN becomes
None. You can continue to configure the VLAN. However, no traffic is forwarded to the VLAN until a
protocol is assigned to it.
Creating Custom Protocol Filters
Extreme Configuration Fundamentals Rev. 3.0 7
Figure 4: Creating Custom Protocol Filters
Figure 5: Verifying Protocol Filters
Module 8 Protocol-based and vMAN VLANs
8 Extreme Configuration Fundamentals Rev. 3.0
Configuring Protocol-based VLANs
To avoid conflicts when configuring protocol-based VLANs, the protocol filter must be applied to the
VLAN before adding the ports to the VLAN.
Once the filter is applied to the VLAN, only frames with matching protocol types are allowed to join
that VLAN.
If using protocol based VLANs, a port can participate in multiple VLANs since the protocol type
differentiates the traffic.
To configure a VLAN using a protocol filter, enter the following command:
configure vlan <vlan name> protocol <protocol_name>
For example:
configure vlan orange protocol ip
The illustration shows protocol-based VLANs in use in a layer-2 network environment.
VLAN Blue - IPX based VLAN
VLAN Orange - IP based VLAN
In this example the IP server in the orange VLAN is protected from the traffic coming from the blue
VLAN.
To assign ports to a protocol-based VLAN, enter the following command:
configure vlan <vlan name> add ports <portlist>
To remove a protocol filter from a VLAN, enter the following command:
configure vlan <vlan_name> protocol any
Configuring Protocol-based VLANs
Extreme Configuration Fundamentals Rev. 3.0 9
Figure 6: Configuring Protocol-based VLANs
Module 8 Protocol-based and vMAN VLANs
10 Extreme Configuration Fundamentals Rev. 3.0
Protocol-based VLAN Example Configuration
In this example the BlackDiamond 8806 is at the core. Three Protocol-based VLANs are created. One for
each protocol. Some clients only use one protocol. Some clients use mixed protocols.
Each VLAN consists of four ports on the BlackDiamond 8806; three of the ports are connected to the
Summit X450 switches and the remaining one is connected to the appropriate server.
All three VLANs have three ports in common on the BlackDiamond 8806. Those ports are the ones
serving the Summit X450 switches at the perimeter. To accomplish this, three, protocol-based VLANs
are created in the BlackDiamond 8806 and Summit X450 switches.
The ports for the link between switches is added to each VLAN. The packets can share a common link
because each packet is associated with the correct VLAN by its protocol. This is similar to a tagged
packet.
The configuration for the BlackDiamond 8806 switch is:
create vlan IP_orange
configure vlan IP_orange protocol ip
configure vlan IP_orange add ports 2:17-2:20
create vlan Atalk_green
configure vlan Atalk_green protocol appletalk
configure vlan Atalk_green add ports 2:17-2:19,2:21
create vlan IPX_blue
configure vlan IPX_blue protocol ipx
configure vlan IPX_blue add ports 2:17-2:19,2:22
The protocol filters in this example protect the IP server in the IP_orange VLAN from the traffic coming
from the Atalk_green and IPX_blue VLANs.
Protocol-based VLAN Example Configuration
Extreme Configuration Fundamentals Rev. 3.0 11
Figure 7: Protocol-based VLAN Example
Figure 8: Protocol-based VLAN Example Continued
Module 8 Protocol-based and vMAN VLANs
12 Extreme Configuration Fundamentals Rev. 3.0
Notes on Protocol-Based VLANs
This page lists things to keep in mind when configuring protocol-based VLANs.
● Assign only one protocol filter to a VLAN. The protocol filter is treated like a tag with one tag per
VLAN.
● When a protocol filter is deleted, the VLANs which had the protocol filter assigned are now
assigned a protocol filter of none.
● Precedence of Tagged Packets over Protocol Filters:
■ If a VLAN is configured to accept tagged packets on a particular port, incoming packets that
match the tag configuration take precedence over any protocol filters associated with the VLAN
■ When a packet is received on the port configured as VLAN purple with a Tag = 10 and VLAN
green with an IPX protocol filter. You might ask which the switch services first?
● The tag takes precedence when there is a match.
■ When a new VLAN is created, it is assigned the "any" protocol by default. This means that the
VLAN forwards traffic independent of the protocol type. If you want to remove the protocol filter
from a VLAN, you should assign the "any" protocol to the VLAN
ExtremeWare MAC-based VLANs
ExtremeWare supports one additional type of VLAN. The MAC-based VLAN algorithm to designate a
set of ports that have VLAN memberships dynamically determined by the source MAC address of the
end stations connected to the physical port.
The MAC-to-VLAN database is stored in volatile memory only. When the switch reboots, the database
must to be loaded again. Partial configurations of the MAC to VLAN database can be downloaded to
the switch using the timed download configuration feature.
Enabling ports for MAC-based VLANs automatically adds them to the MacVlanDiscover system VLAN
as untagged ports.
Notes on Protocol-Based VLANs
Extreme Configuration Fundamentals Rev. 3.0 13
Figure 9: Notes on Protocol-Based VLANs
Module 8 Protocol-based and vMAN VLANs
14 Extreme Configuration Fundamentals Rev. 3.0
Defining the Requirement for the vMAN Feature
This page describes the need for Virtual Metropolitan Area Networks (vMANs). The vMAN feature is
also know as VLAN tunneling.
The Requirement
A typical need is to take the VLANs that are configured on local switches and replicate them on remote
switches using a Metropolitan Area Network (MAN) to interconnect them. In other words, a
transparent connection is required through the MAN, as if the two LANs were interconnected using a
private cable.
MAN Provider
The MAN service provider has a metropolitan network consisting of high performance core switches
linked together with high-speed backbone circuits.
The MAN provider is the administrative authority for the interconnecting network and therefore makes
the determination of VLAN names and tag values on that network.
A vMAN is a feature that permits the tunnelling of any number of IEEE 802.1Q (and/or Cisco ISL)
VLANs into a single VLAN. This traffic can then be switched through an Extreme Networks Ethernet
infrastructure.
The vMAN feature is also useful in building transparent private networks that need point-to-point (or
point-to-multipoint) connectivity across an Ethernet infrastructure.
On the Extreme Networks switch you create tunnels by creating VLANs and configuring member ports
as:
● Tagged on switch-to-switch ports
● Untagged on the tunnel ingress/egress ports
Defining the Requirement for the vMAN Feature
Extreme Configuration Fundamentals Rev. 3.0 15
Figure 10: Defining the Problem
Module 8 Protocol-based and vMAN VLANs
16 Extreme Configuration Fundamentals Rev. 3.0
The vMAN Solution
The solution to the requirement is to configure a Virtual Metropolitan Area Network (vMAN) on the
MAN provider's switches. So, a customer is provided with a transparent tunnel linking local and
remote sites together.
vMAN Packet Modifications
The following list describes the changes that are made to the packet to support vMAN functions.
1 A standard Ethernet frame comes in on an untagged port of an Ethernet switch. The incoming port
is an untagged member of a VLAN with an 802.1Q ID of 40.
2 When the frame leaves the first switch through a tagged port, it is tagged with a normal 802.1Q tag,
with a TPI of hex 8100 and a VLAN id of 40. When this frame reaches the vMAN switch, this switch
does not recognize the frame as a tagged one, because the TPI is not equal to hex 88a8. Therefore it
treats the frame as an untagged frame. The incoming port is an untagged member of a vMAN with
ID 5. This vMAN is used as the vMAN for this customer.
3 Traffic traversing the MAN through tagged ports carries a tag with a TPI of hex 88a8. These frames
are recognized by all vMAN switches as tagged frames. All traffic of the customer in this example is
identified by tag value 5.
4 The frame leaves the MAN-edge switch. The tag (TPI 88a8) is removed because the transmitting port
is untagged. What is left is the standard 802.1Q frame, which is recognized by the customer switch
as a frame for VLAN ID 40.
5 The customer switch treats the frame in a standard way, stripping of the 802.1Q tag for an untagged
port.
NOTE
In some cases the vMAN feature is described as QinQ.
The vMAN Solution
Extreme Configuration Fundamentals Rev. 3.0 17
Figure 11: The vMAN Solution
Figure 12: vMAN Packet Modifications
Module 8 Protocol-based and vMAN VLANs
18 Extreme Configuration Fundamentals Rev. 3.0
Configuring vMAN Tunnels
To configure a vMAN tunnel, perform the following steps.
● Add an IEEE 802.1Q Tag Protocol Identifier (TPI) of hex 88a8. (only on the MAN switches)
● Enable jumbo frames on the MAN switches. (The Ethernet frame size is being extended past the
accepted limit)
● Configure the customer switches with tagged VLANs and tagged ports, as if they were directly
connected.
To configure the 802.1Q Ethertype used by the MAN provider switch to recognize tagged frames, enter
the following command:
configure vman ethertype 0x88a8
To change the MAN provider switch ports MTU size to accept jumbo frames, enter the following
command:
configure jumbo-frame-size <number>
To enable the MAN provider switch ports to accept jumbo frames, enter the following command:
enable jumbo-frame ports [ all | <port_list> ]
The BlackDiamond 8800 switches and the Summit X450 switch only support all ports. The
BlackDiamond 10808 does not have this limitation.
Create and configure the vMAN to use the tag value determined by the MAN administrator.
create vman <vman name>
configure vman <vman name> tag <tag value>
NOTE
You cannot have ports in both VLANs and vMANs on the same module on the BlackDiamond 8800 family of
switches; each module can have ports only in VLANs or vMANs. You cannot have ports in both VLANs and vMANs
on Summit X450 switches. You can have only have ports in VLANs or vMANs. The BlackDiamond 10808 does not
have this limitation.
Delete all ports from the default VLAN.
configure vlan default delete ports all
Add ports tagged towards the core and untagged towards the edge switch.
configure vman <vman name> add ports <port_list> untagged
configure vman <vman name> add ports <port_list> tagged
Configuring the edge switches with tagged VLANs and tagged ports, as if they were directly connected.
configure vlan <vlan name> add ports <port numbers> tagged
Configuring vMAN Tunnels
Extreme Configuration Fundamentals Rev. 3.0 19
Figure 13: Configuring vMAN Tunnels
Figure 14: Configuring vMAN Tunnels Continued
Module 8 Protocol-based and vMAN VLANs
20 Extreme Configuration Fundamentals Rev. 3.0
Configuring vMan Tunnels on ExtremeWare
To configure a vMAN tunnel, perform the following steps.
To configure the 802.1Q Ethertype used by the MAN provider switch to recognize tagged frames, enter
the following command:
configure dot1q ethertype <hex number>
An i-series switch must be rebooted after configuring the dot1q ethertype. The e-series switches do not
support setting the dot1q ethertype.
To change the MAN provider switch ports MTU size to accept jumbo frames, enter the following
command:
configure jumbo-frame size <number>
To enable the MAN provider switch ports to accept jumbo frames, enter the following command:
enable jumbo-frame ports [ all | <port number> ]
Create and configure the VLAN to use the tag value determined by the MAN administrator.
create vlan <vlan name>
configure vlan <vlan name> tag <tag value>
Add ports tagged towards the core and untagged towards the customer switch.
configure vlan <vlan name> add ports <port numbers> untagged
configure vlan <vlan name> add ports <port numbers> tagged
Configuring the customer switches with tagged VLANs and untagged ports, as if they were directly
connected.
Configuring vMan Tunnels on ExtremeWare
Extreme Configuration Fundamentals Rev. 3.0 21
Figure 15: Configuring vMan Tunnels on ExtremeWare
Module 8 Protocol-based and vMAN VLANs
22 Extreme Configuration Fundamentals Rev. 3.0
Example vMan Configuration
To implement the example in the illustration, a tunnel is created that has ingress/egress ports on switch
2 and 4. For switches 2 in the example, the configuration is:
configure vlan default delete ports 2:1-2:48
configure vman ethertype 0x88a8
configure jumbo-frame-size 1530
enable jumbo-frame ports all
create vman tunnel1
configure vman tunnel1 tag 5
configure vman tunnel1 add ports 2:1 untag
configure vman tunnel1 add ports 2:48 tagged
For switch 3 in the example, the configuration is:
configure vlan default delete ports 1:25,1:60
configure vman ethertype 0x88a8
configure jumbo-frame-size 1530
enable jumbo-frame ports 1:25,1:60
create vman tunnel1
configure vman tunnel1 tag 5
configure vman tunnel1 add ports 1:25,1:60 tagged
For switches 4 in the example, the configuration is:
configure vlan default delete ports 7,8
configure vman ethertype 0x88a8
configure jumbo-frame-size 1530
enable jumbo-frame ports all
create vman tunnel1
configure vman tunnel1 tag 5
configure vman tunnel1 add ports 8 untag
configure vman tunnel1 add ports 7 tagged
Example vMan Configuration
Extreme Configuration Fundamentals Rev. 3.0 23
Figure 16: A vMAN Example
Module 8 Protocol-based and vMAN VLANs
24 Extreme Configuration Fundamentals Rev. 3.0
Summary
Module eight has examined the different types of VLANs other than port-based and tagged VLANs that
may be configured.
You should now be able to:
● Describe protocol-based VLANs.
● Configure protocol-based VLANs.
● Describe vMAN VLAN Tunnels.
● Identify Extreme Networks support for vMAN VLANs.
● Configure vMAN VLAN Tunnels.
Summary
Extreme Configuration Fundamentals Rev. 3.0 25
Figure 17: Summary
Module 8 Protocol-based and vMAN VLANs
26 Extreme Configuration Fundamentals Rev. 3.0
Module 8 Review Questions
1 What are Protocol-based VLANS used for?
a To create a dynamic FDB table entry for a specified protocol.
b To dynamically determine if a particular packet belongs to a particular VLAN.
c To dynamically determine if packets are tagged or not.
d To dynamically determine if packets are learned or dropped.
2 Which of the following can be specified as part of a custom protocol filter? (choose all that apply)
a IEEE SNAP packet encapsulation.
b UDP port number.
c LLC Service Advertising Protocol.
d MAC address vendor code.
e VLAN tag value.
f IEEE Ethernet protocol type field.
g TCP port number.
h Source and destination IP address.
i Data link connection identifier.
j Tag protocol identifier.
3 How many protocol filters can you assign to a VLAN?
a One
b Two
c Three
d Four
4 What are vMAN VLAN tunnels used for?
a To create a dynamic FDB table entry for a specified protocol.
b To transparently interconnect existing VLANs in separate locations across a Metropolitan Area
Network.
c To dynamically allow end stations to participate in a VLAN.
d To dynamically configure existing VLANs on new switches across a Metropolitan Area Network.
5 Must all ports associated with a vMAN VLAN tunnel be tagged?
a No
b Yes
Summary
Extreme Configuration Fundamentals Rev. 3.0 27
6 Match the following VLAN types with the best description.
VLAN Type Description
a Port-based VLAN ___ Inserts a VLAN identifier tag into the Ethernet frame. So, multiple VLANs
can span multiple switches using just one trunk.
b Tagged VLAN ___ A VLAN associated with a group of one or more ports on the switch.
c MAC-based VLAN ___ Allows the switch to forward a packet to a particular VLAN based on a
packet filter.
d Protocol-based VLAN ___ Used to designate a set of ports that have VLAN memberships
dynamically determined by the MAC address of the end stations connected to
the physical port.
Module 8 Protocol-based and vMAN VLANs
28 Extreme Configuration Fundamentals Rev. 3.0
Extreme Configuration Fundamentals Rev. 3.0 1
9Module 9
Spanning Tree
Module 9 Spanning Tree
2 Extreme Configuration Fundamentals Rev. 3.0
Student Objectives
Module nine explains what the Spanning Tree Protocol (STP) is used for and how it works. Module
nine identifies the exact building blocks of the spanning tree protocol and how spanning tree is
configured on Extreme Networks® switches. It also discusses the Extreme Networks STP enhancements.
Upon completion of this module, the successful student will be able to:
● Define the spanning tree protocol.
● Explain how spanning tree works.
● Identify the building blocks of STP.
● Describe the relationship between ports, VLANs, and the Spanning Tree Domain.
● Configure STP on Extreme Networks switches.
● Describe Extreme Networks STP enhancements.
Student Objectives
Extreme Configuration Fundamentals Rev. 3.0 3
Figure 1: Student Objectives
Module 9 Spanning Tree
4 Extreme Configuration Fundamentals Rev. 3.0
Introducing the Spanning Tree Protocol
The spanning tree protocol is used to prevent loops in a redundant network topology.
Prior to spanning tree being adopted, the network had to either be carefully designed to ensure that no
loops were present in the network configuration, or use a proprietary algorithm provided by the bridge
vendor to prevent loops.
The spanning tree protocol, originally developed by the Digital Equipment Corporation (DEC) is
described in the original documents as a bridge-based mechanism for providing fault tolerance on
networks. Spanning tree allows you to implement parallel paths for network traffic, and ensure that:
● Redundant paths are disabled when the main paths are operational
● Redundant paths are enabled if the main path fails
Spanning tree has been adopted by the IEEE committees to run on any LAN topology.
Spanning tree is a protocol that performs the task of providing fault tolerance on networks and should
not be confused with the functions of a transparent bridge. Most transparent bridges support the
spanning tree protocol.
NOTE
STP is a part of the 802.1D bridge specification defined by the IEEE. In this module STP is explained using terms
used by the 802.1 specification. So, the Extreme Networks switches are referred to as bridges.
Introducing the Spanning Tree Protocol
Extreme Configuration Fundamentals Rev. 3.0 5
Figure 2: Introducing the Spanning Tree Protocol
Module 9 Spanning Tree
6 Extreme Configuration Fundamentals Rev. 3.0
Network Redundancy
It is often required to design a network with redundancy at layer-2 to ensure that frames always have
an active path to their destination.
Any one of the switch links in the illustration can fail and the 2 PCs can still exchange frames with each
other.
Identifying the Requirement for Spanning Tree
When two or more layer-2 switches connect two network segments, a circular path is formed and
physical loops are created.
Bridges and switches are designed to flood Ethernet broadcast packets and unknown traffic (where the
destination is unknown and so must be sent out on each port). This causes the potential for traffic to
loop around the network.
When a broadcast frame is received on a switch port, the frame is re-transmitted out of every switch
port (unless the switch ports are assigned to different VLANs). If the LAN network contains multiple
paths, it can result in the broadcast frame being sent back and forth between the switches. This is often
referred to as a broadcast storm. Broadcast storms grow exponentially and can bring a network down.
Network Redundancy
Extreme Configuration Fundamentals Rev. 3.0 7
Figure 3: Network Redundancy
Figure 4: The Requirement for Spanning Tree
Module 9 Spanning Tree
8 Extreme Configuration Fundamentals Rev. 3.0
Identifying the Solution
To prevent broadcast storms, the spanning tree protocol eliminates redundant paths by placing one
switch port in forwarding state and placing all other ports connected to the same segment in blocking
state.
NOTE
Ports in the blocking state still participate in the Spanning Tree Protocol.
The spanning tree protocol solutions support the following:
● Bridged networks must allow for redundancy.
● Only one path should be enabled to any destination on the network.
Identifying the Solution
Extreme Configuration Fundamentals Rev. 3.0 9
Figure 5: Spanning Tree Solution
Module 9 Spanning Tree
10 Extreme Configuration Fundamentals Rev. 3.0
Spanning Tree Algorithm
The Spanning Tree Algorithm (STA) dynamically configures a loop-free active topology from the
connected components of a bridged LAN.
Spanning tree uses the STA to calculate the best switch path through the network. The spanning tree
protocol shares this information with all switches on the network using frames called Bridge Protocol
Data Units (BPDUs). These management control frames are used to exchange STA calculations between
the switches. Using the information provided by the BPDUs, the spanning tree protocol can then prune
redundant paths.
Reconfiguration due to Link Failure
Spanning tree maintains an active topology, which re-configures the network automatically if there is a
topology change caused by, for example, a link up or link down situation.
One of the most important features of any critical network is redundancy. The job of the spanning tree
is to prune all of the redundant links.
Reconfiguration of the active topology is also necessary as a result of the following:
● Network components being removed
● An active bridge failing to forward packets
● Management changes made to the active topology
In the example shown, if one of the other links is lost, the link that was put into the blocking state by
spanning tree, is returned to the forwarding state to restore connectivity.
Spanning Tree Algorithm
Extreme Configuration Fundamentals Rev. 3.0 11
Figure 6: Spanning Tree Algorithm
Figure 7: Reconfiguration due to Link Failure
Module 9 Spanning Tree
12 Extreme Configuration Fundamentals Rev. 3.0
Spanning Tree Port States
The operation of an individual bridge port is described in terms of the state of the port and the
operations that provide and support the functions necessary for the operation of the bridge. The state of
each port controls the processing of frames received on that port and the possible inclusion of the port
in the active topology of the bridged LAN.
Blocking
A port in this state does not participate in frame re-transmission, to prevent frame duplication caused
by multiple paths existing in the active topology of the Bridged LAN. A port enters the blocking state
following initialization of the bridge, or because it has received information that another bridge is the
Designated Bridge for the LAN to which the port is attached. A port in blocking state can transition to
the listening state or be disabled by a management command.
Listening
A port in this state is preparing to participate in frame re-transmission, it makes no entries into the
forwarding database. In the listening state, frame re-transmission is temporarily disabled to prevent
temporary loops, which can occur as the active topology of the bridged LAN changes. A port in the
listening state normally transitions to the learning state, but may transition back to the blocking state or
be disabled by a management command.
Learning
A port in this state is also preparing to participate in frame re-transmission. In the learning state, frame
re-transmission is still temporarily disabled, however, learning is now enabled to allow information to
be collected prior to frame re-transmission. The learning process examines the source addresses of
frames received on each port and creates (or updates) an entry in the forwarding database associating
the port on which the frame was received with the MAC Address in the source address field of the
frame. A port in the learning state normally transitions to the forwarding state, but may transition back
to the blocking state or be disabled by a management command.
Forwarding
A port in this state is now taking part in frame re-transmission. A port in the forwarding state can
forward received frames and make entries into the forwarding database. A port in the forwarding state
may transition back to the blocking state or be disabled by a management command.
NOTE
The port states described represent a generic bridge and may not match the exact behavior of any given switch
architecture.
Spanning Tree Port States
Extreme Configuration Fundamentals Rev. 3.0 13
Figure 8: Spanning Tree Port States
Module 9 Spanning Tree
14 Extreme Configuration Fundamentals Rev. 3.0
How Spanning Tree Works
Spanning tree sends out Bridge Protocol Data Unit (BPDU) packets at regular intervals. If there is a
change in the status of a link, the BPDUs report this change, and the spanning tree then recalculates the
best path through the network. The process of placing one active port in forwarding mode and blocking
all other ports is repeated until a stable, active topology is achieved.
A stable active topology is maintained by the root bridge by transmitting configuration messages out on
all of its active ports. The designated bridges receive these BPDUs on their root ports, and the
designated bridges propagate the information out on all of their active ports.
Bridge Protocol Data Unit
A BPDU is a special packet used to maintain the overall spanning tree topology. Bridges constantly
communicate their status and any required configuration of the network with each other. BPDUs are
sent to the bridge group address (01:80:C2:00:00:00). The two types of BPDUs are:
● Configuration BPDUs
● Topology change BPDUs
Configuration BPDU (CBPDU)
A configuration BPDU is sent to all bridges from the root bridge. It is used to determine the least cost
path and determine which bridge is the root bridge. The time-out information is transmitted in the
configuration messages to all bridges. The time-out value accounts for propagation delay through the
bridges in the spanning tree.
Topology Change BPDU
Whenever a designated bridge detects a topology change, such as bridges being added or removed, the
root bridge failing, or manual configuration changes of bridge parameters, it sends out a topology
change BPDU through it's root port.
This information is eventually relayed to the root bridge. The root bridge then sets the topology change
flag in it's CBPDU so that the information is sent to all bridges. It transmits this CBPDU for a fixed
amount of time to ensure that all bridges are informed of the topology change.
As a result the spanning tree is re-calculated. All bridges flush their forwarding database to ensure that
each active port still forwards frames to the right network after a topology change.
Carrier VLAN
A carrier VLAN defines the scope of the STPD, which includes the physical and logical ports that
belong to the STPD and the 802.1Q tag used to transport BPDUs. Only one carrier VLAN can exist in a
given STPD.
The STPD tag must be identical to the VLAN tag of the carrier VLAN for that STPD. Other VLANs in
the STPD are defined as Protected VLANs.
How Spanning Tree Works
Extreme Configuration Fundamentals Rev. 3.0 15
Figure 9: How Spanning Tree Works
Figure 10: Carrier VLANs in ExtremeWare XOS
Module 9 Spanning Tree
16 Extreme Configuration Fundamentals Rev. 3.0
Spanning Tree Protocol Building Blocks
When calculating the active path, there are several building blocks that STP uses to determine the active
path.
The building blocks are:
● Bridge ID
● Bridge Protocol Data Unit
● Root Bridge
● Root Port(s)
● Designated Bridge
● Designated Port
The following slides show how these building blocks are used to determine the optimum single path
throughout the network.
Spanning Tree Protocol Building Blocks
Extreme Configuration Fundamentals Rev. 3.0 17
Figure 11: Spanning Tree Protocol Building Blocks
Module 9 Spanning Tree
18 Extreme Configuration Fundamentals Rev. 3.0
Selecting the Root Bridge
Each Spanning Tree Protocol Domain (STPD) has one Root Bridge, which is the controlling source of all
spanning tree communications. The root bridge is at the top level of the hierarchy (i.e. the root of the
spanning tree) and becomes the designated bridge for it's attached segments.
Determining the Root Bridge
The selection of the root bridge is based on a Bridge ID. The Bridge ID is an 8-octet number, consisting
of a configurable bridge priority and the MAC address. If the bridge priority is not administratively
configured, the MAC address is the determining factor in selecting the root bridge. In other words, the
bridge with the lowest MAC address becomes the root bridge.
The root bridge is determined through the following steps:
1 Initially each bridge in a spanning tree network transmits CBPDUs with a root bridge ID indicating
that it is the root bridge. All directly attached bridges receive this information.
2 When a bridge receives a CBPDU it compares the root bridge ID in the CBPDU to it’s own bridge
ID. If the root bridge ID in the CBPDU has a higher priority than the bridge ID of the receiver, the
receiver saves the new root ID and starts sending CBPDU packets with the new bridge ID identified
as the root bridge ID.
3 If the root ID received in a subsequent CBPDU is a higher priority than the root ID that was saved
and is being sent out, the new root bridge ID is sent out.
4 Eventually all bridges reach agreement on the root ID of the root bridge.
Selecting the Root Bridge
Extreme Configuration Fundamentals Rev. 3.0 19
Figure 12: Selecting the Root Bridge
Figure 13: Selecting the Root Bridge Continued
Module 9 Spanning Tree
20 Extreme Configuration Fundamentals Rev. 3.0
Selecting the Root Port
Every bridge in the bridged LAN, with the exception of the root bridge, has a root port. The root port
has the lowest cumulative cost to reach the root bridge.
In the active topology, other bridges that are not the root bridge select a port with the lowest path cost
toward the root bridge. The definition of the root port is the port on a designated bridge that transmits
to the root bridge.
If a root port fails to receive timely CBPDU updates on it's root port, the spanning tree reconfigures
because either the root bridge has failed, or because an intervening bridge or link has gone down.
The root port is placed in the forwarding state, and there is only one root port per spanning tree per
bridge, regardless of the number of ports in that tree.
Selecting the Root Port
Extreme Configuration Fundamentals Rev. 3.0 21
Figure 14: Selecting the Root Port
Figure 15: Selecting the Root Port Continued
Module 9 Spanning Tree
22 Extreme Configuration Fundamentals Rev. 3.0
Selecting the Designated Bridge and Designated Port
A designated bridge is the bridge attached on each LAN segment that has the lowest cumulative path
cost to the root bridge. If more than one bridge on the segment has the same root path cost, the bridge
with the lowest bridge ID becomes the designated bridge for the LAN.
Each LAN segment has it's own designated bridge offering the lowest path cost to the root bridge from
that individual collision domain.
The port on the designated bridge that provides the best path to the root bridge for the LAN segment is
the designated port.
Designated Ports
The definition of designated ports, are the ports on a designated bridge that attach to the segments for
which that bridge is the designated bridge.
Certain ports are identified as designated ports. These ports are placed in the forwarding state and are
the designated best path to the root bridge.
If two ports offer the same best path to the root bridge, the port connected to the bridge with the lowest
bridge ID becomes the designated port. If the bridge IDs are the same, (i.e. two links to the same
bridge) the port with the lowest port priority is selected. Port priority can be configured or the port
interface number can be used.
Selecting the Designated Bridge and Designated Port
Extreme Configuration Fundamentals Rev. 3.0 23
Figure 16: Selecting the Designated Bridge
Figure 17: Selecting the Designated Port
Module 9 Spanning Tree
24 Extreme Configuration Fundamentals Rev. 3.0
Forwarding and Blocking Ports
The ports on bridges that are not the designated bridge and the ports on other switches that are not the
designated ports are placed in the blocking state.
The blocking state prevents data packets from being forwarded on that port.
These ports still receive and process STP BPDUs.
Active Topology
We can now see the end result of the calculation - there is a single active path through the network. You
can also see that STP has selected the optimum path by giving preference to the links with the higher
bandwidth.
The remaining links are now blocked from one end and are only allowed to forward traffic if a change
in topology occurs.
Forwarding and Blocking Ports
Extreme Configuration Fundamentals Rev. 3.0 25
Figure 18: Forwarding and Blocking Ports
Figure 19: Active Topology
Module 9 Spanning Tree
26 Extreme Configuration Fundamentals Rev. 3.0
Detecting Topology Changes
Failures such as root bridge failure, port failure, link failure, and designated bridge failure cause reconfiguration
changes to occur.
The spanning tree topology is kept active through the transmission of BPDUs, and every two seconds
the root bridge transmits a root bridge topology message (CBPDU) on all its active ports.
The max age timer specifies the maximum time in which a bridge should receive a BPDU:
● The default of this timer of 20 seconds
● Whenever a bridge receives a BPDU, it resets the max age timer
If 20 seconds expire, then the bridge assumes spanning tree has failed and the bridge goes into
convergence state. When this situation occurs, the same process that initially selected the original root
bridge is used again to determine which bridge should now become the new root bridge.
In the case where an active piece of the topology changes, a different BPDU is used to signal the event.
The topology change BPDU is released, forwarded, and repeated by the root ports until it finally
reaches the root bridge. When the root bridge receives this BPDU, it sets a flag in its configuration
BPDU signaling the bridges to re-calculate the active topology.
A Change in Active Topology
In the example, the active link between switches 2 and 4 is broken and switch 4 is now cut off from the
active topology.
Switch 2 can send out a topology change BPDU through its root port which reaches the root bridge
directly. The root bridge then modifies its configuration BPDU triggering a re-calculation to restore an
active topology.
Detecting Topology Changes
Extreme Configuration Fundamentals Rev. 3.0 27
Figure 20: Detecting Topology Changes
Figure 21: A Change in Active Topology
Module 9 Spanning Tree
28 Extreme Configuration Fundamentals Rev. 3.0
Re-Calculating Port States
The example in the illustration shows the original root port for switch 4 fails, the switch elects the next
port with the lowest cost to the root bridge as the root port, and enables the port to forward traffic.
Since the other end is the designated port, this link is now active and can forward the traffic to and
from the switch.
New Active Topology
The new active topology ensures that there is still only a single path for the frames.
In the event that the link between switches 2 and 4 is restored, STP again allows this link to forward
traffic using the same process used when it failed.
Re-Calculating Port States
Extreme Configuration Fundamentals Rev. 3.0 29
Figure 22: Re-Calculating Port States
Figure 23: New Active Topology
Module 9 Spanning Tree
30 Extreme Configuration Fundamentals Rev. 3.0
Planning a Spanning Tree Topology
Before configuring switches to participate in a spanning tree, it is useful to plan the active topology and
determine what happens during a failure.
To plan the active topology, perform the following steps:
● Draw the physical network.
● Identify where loops exist.
● Determine which bridge is the root bridge if default values are used.
● Decide which bridge should be the root bridge.
● Identify which STP parameters need to change to implement the desired root bridge.
● Determine which bridges becomes the designated bridges for each segment if default values are
used.
● Decide which bridges should be the designated bridges.
● Identify which STP parameters need to change to implement the desired designated bridge.
● Determine which ports becomes the designated ports for each segment if default values are used.
● Decide which ports should be the designated ports.
● Identify which STP parameters need to change to implement the desired designated port.
● Label the network diagram with the root bridge, designated bridges, designated ports, and root
ports.
● Create multiple copies of the network diagram.
● Determine how the network re-calculates the port states and topology for each link failure scenario.
● Determine how the network re-calculates the port states and topology for each bridge failure
scenario.
● Decide how the network should re-calculate port states for each port or bridge failure.
● Identify which STP parameters need to change to implement the desired topology for each failure
scenario.
Planning a Spanning Tree Topology
Extreme Configuration Fundamentals Rev. 3.0 31
Figure 24: Planning a Spanning Tree
Module 9 Spanning Tree
32 Extreme Configuration Fundamentals Rev. 3.0
Configuring a Single STPD in dot1d Mode
The switch can be partitioned into multiple virtual bridges. Each virtual bridge can run an independent
Spanning Tree instance. Each Spanning Tree instance is called a Spanning Tree Domain (STPD). This page
describes how to create a single spanning tree topology using 802.1d within the default STPD.
By default one STPD exists on the switch and is named s0.
Multiple instances of spanning tree are discussed later.
To configure the spanning tree protocol on a switch, perform the following steps:
1 Add a VLAN to the 802.1d spanning tree protocol domain, by entering the following command:
configure stpd <stpd_name> add vlan <vlan name> port <portlist>
2 Assign the carrier VLAN tag to the default STP domain, by entering the following command:
configure stpd s0 tag <carrier tag number>
3 If necessary, specify the bridge priority in the spanning tree protocol domain, by entering the
following command:
configure stpd <stpd_name> priority <priority>
Change the priority to control which bridge is the root bridge. The range is 0 - 65535. The default
priority is 32,768. The lower number is the higher priority.
4 If necessary, change the port path cost to control which bridge is the designated bridge and which
port is the designated port, by entering the following command:
configure stpd <stpd_name> ports cost <auto | cost> <portlist>
Specify auto to remove the user-defined port cost value and use the appropriate default port cost.
5 If necessary, specify the priority of the port in this spanning tree protocol domain, by entering the
following command:
configure stpd {<stpd_name>} ports priority <priority> <portlist>
The range is 0 - 31. The default is 16. The lower number is the higher priority.
6 Enable the STP protocol for the STPD, by entering the following command:
enable stpd {<stpd_name>}
An example configuration of STP on a single switch might look like the following:
create vlan blue
configure vlan blue tag 10
configure vlan default delete ports 1-3,6
configure vlan blue add ports 1-3,6 untagged
configure stpd s0 add vlan blue port 1,2,3
configure stpd s0 tag 10
configure stpd s0 priority 4
configure stpd s0 ports cost 15 1
configure stpd s0 ports cost 16 2
configure stpd s0 ports cost 17 3
enable stpd s0
enable ports 1-3
Configuring a Single STPD in dot1d Mode
Extreme Configuration Fundamentals Rev. 3.0 33
Figure 25: Configuring a Single STPD
Figure 26: Configuring STP Continued
Module 9 Spanning Tree
34 Extreme Configuration Fundamentals Rev. 3.0
Configuring STP Parameters
This page describes how to configure the behavior of the spanning tree protocol.
NOTE
You should not configure any STP parameters unless you have considerable knowledge and experience with STP. The
default STP parameters are adequate for most networks.
The parameters that can be configured per STPD are:
● Hello time
● Forward delay
● Max Age
7 Specify the time delay (in seconds) between the transmission of BPDUs from this Root Bridge for
this STPD, by entering the following command:
configure stpd <stpd_name> hellotime <seconds>
The hello time range is 1 through 10 seconds. The default is 2 seconds.
8 Specify the time (in seconds) that the ports in this STPD spend in the listening and learning states
when the switch is the Root Bridge, by entering the following command:
configure stpd <stpd_name> forwarddelay <seconds>
The forwarding delay range is 4 through 30 seconds. The default is 15 seconds.
9 Specify the maximum age of a BPDU in this spanning tree protocol domain, by entering the
following command:
configure stpd <stpd_name> maxage <seconds>
The maximum age range is 6 through 40 seconds. The default is 20 seconds.
10 Verify the configuration settings, by entering the following command:
show configuration stp
NOTE
Spanning Tree Parameters are discussed in more detail in the Extreme Advanced Redundancy training class. (EAR-
300/2)
Configuring STP Parameters
Extreme Configuration Fundamentals Rev. 3.0 35
Figure 27: Configuring STP Parameters
Module 9 Spanning Tree
36 Extreme Configuration Fundamentals Rev. 3.0
Verifying STP
This page describes how to verify the STP configuration and state.
To verify spanning tree protocol information, enter the following command:
show stpd detail
The command displays the following information:
● STPD name
● Bridge ID
● Designated root bridge ID
NOTE
If the Bridge ID and the Designated Root match, then this switch is the root bridge.
To verify the state of the spanning tree ports, enter the following command:
show stpd <stpd_name> ports
The command displays the following information:
● STPD port configuration
● STPD state (the Root Bridge etc.)
● STPD port state (forwarding and blocking etc.)
Unconfiguring STP
To disable the STP protocol, enter the following command:
disable stpd {<stpd_name>}
To restore the default spanning tree protocol values, enter the following command:
unconfig stpd {<stpd_name>}
ExtremeWare
To configure the switch to ignore the STP BPDUs, enter the following command:
enable ignore-bpdu vlan <vlan_name>
This command prevents ports in the VLAN from becoming part of the STPD.
To configure the switch to ignore the STP protocol and not block traffic for the VLAN(s), enter the
following command:
enable ignore-stp vlan <vlan_name>
Verifying STP
Extreme Configuration Fundamentals Rev. 3.0 37
Figure 28: Verifying STP Configuration
Figure 29: Verifying STP Port State
Module 9 Spanning Tree
38 Extreme Configuration Fundamentals Rev. 3.0
Notes on Configuring STP
The key points to remember when configuring VLANs and STP are the following:
● The carrier VLAN must span all ports of the STPD.
● The StpdID must be the VLANid of the carrier VLAN.
● The 802.1D ports must be untagged; and the EMISTP/PVST+ ports must be tagged in the carrier
VLAN.
● The carrier VLAN cannot be partitioned.
● A VLAN and port can belong to only one 802.1d STPD.
● If a port is a member of multiple VLANs then all those VLANs must belong to the same 802.1d
STPD.
Key points of STP Operation are:
● Spanning Tree is designed for a layer-2 environment where you can have redundant paths but only
have one active path at a time to eliminate loops which eventually cause broadcast storms.
● Each VLAN forms an independent broadcast domain.
● STP blocks paths to create a loop-free environment.
● When assigning VLANs to an STPD, pay careful attention to the STP configuration and its effect on
the forwarding of VLAN traffic.
● When STP blocks a path, no data except BPDUs can be transmitted or received on the blocked port.
● Within any given STPD, all VLANs belonging to it use the same spanning tree.
● An STPD with multiple VLANs must contain only VLANs that belong to the same virtual router instance.
● Remove all VLANs associated with the STP before deleting the STPD
● If you delete an STPD, member VLANs are also deleted.
● STP and load-sharing work together.
● STP and the redundant physical port/link work together.
NOTE
Care must be taken to ensure that multiple STPD instances within a single switch do not communicate with each
other in the same broadcast domain. For example, this could happen if another external bridge is used to connect
VLANs belonging to separate STPDs.
Notes on Configuring STP
Extreme Configuration Fundamentals Rev. 3.0 39
Figure 30: Notes on Configuring STP
Figure 31: STP Operation
Module 9 Spanning Tree
40 Extreme Configuration Fundamentals Rev. 3.0
Spanning Tree Enhancements
The Extreme Networks switches support the following modes of operation:
● IEEE 802.1D This mode is used for backward compatibility with previous STP versions and for
compatibility with third-party switches using IEEE standard 802.1D. BPDUs are sent untagged in 1D
mode. Because of this, on any given physical interface there can be only one STPD running in 1D
mode.
● IEEE 802.1w Rapid Spanning Tree (RSTP). RSTP takes advantage of point-to-point links in the
network and actively confirms that a port can safely transition to the forwarding state without
relying on any timer configurations. If a network topology change or failure occurs, RSTP rapidly
recovers network connectivity by confirming the change locally before propagating that change to
other devices across the network. For broadcast links, there is no difference in convergence time
between STP and RSTP. RSTP supersedes legacy STP protocols, supports the existing STP
parameters and configurations, and allows for seamless interoperability with legacy STP.
To configure the operational mode for the specified STP domain, enter the following command:
configure stpd <stpd_name> mode [dot1d | dot1w]
NOTE
802.1w is easy to enable, provides faster switchover, and is compatible with 802.1d.
You can configure ports within an STPD to accept specific BPDU encapsulations. This STP port
encapsulation is separate from the STP mode of operation.
● PVST+ This mode implements Per-VLAN Spanning Tree (PVST)+ for compatibility with third-party
switches running this version of STP. The STPDs running in this mode have a one-to-one
relationship with VLANs, and send and process packets in PVST+ format.
On the e-series of switches, PVST+ is also limited to supporting a single PVST+ domain per physical
port, called Compatibility mode.
● Extreme Multiple Instance Spanning Tree Protocol (EMISTP) This encapsulation mode is an
extension of STP that allows a physical port to belong to multiple STPDs by assigning the port to
multiple VLANs. EMISTP adds significant flexibility to STP network design. BPDUs are sent with an
802.1Q tag having an STPD instance Identifier (StpdID) in the VLAN ID field. EMISTP is the default
encapsulation mode for user-created STPDs.
On the e-series of switches, EMISTP is limited to supporting a single EMISTP domain per physical
port, called Compatibility mode.
When a physical port belongs to multiple STPDs, it is associated with multiple STP ports. It is possible
for the physical port to run in different modes for different domains to which it belongs.
To add one or more VLANs or ports within a VLAN to a specified STPD and set the encapsulation
mode, enter the following command:
configure stpd <spanning tree name> add vlan <vlan name> {ports <portlist>
[dot1d | emistp | pvst-plus]}
NOTE
Spanning Tree Enhancements are discussed in more detail in the Extreme Advanced Redundancy training class.
(EAR-300/2)
Spanning Tree Enhancements
Extreme Configuration Fundamentals Rev. 3.0 41
Figure 32: Spanning Tree Enhancements
Module 9 Spanning Tree
42 Extreme Configuration Fundamentals Rev. 3.0
Multiple Spanning Tree Domains
Extreme Networks switches can be partitioned into multiple virtual bridges (layer-2 interfaces
represented by VLANs).
Each spanning tree instance in the switch is called an Spanning Tree Domain (STPD) or Spanning Tree
Protocol Domain. Each STPD has its own Root Bridge and active path
NOTE
Refer to Extreme Networks documentation for limitations on the number of STPDs for a particular software release
for a particular hardware platform or chip set.
STPD Identifier
An STPD identifier (ID) is used to identify each STP domain.
A STPD ID must be identical to the VLAN ID of one of the member VLANs in that STP domain. When
you assign the STPD ID the VLAN with the matching VLAN ID cannot belong to any other STPD.
NOTE
If an STPD contains at least one port that is not in 1D mode, the STPD must be configured with an STPD ID.
Multiple Spanning Tree Domains
Extreme Configuration Fundamentals Rev. 3.0 43
Figure 33: Multiple Spanning Tree Domains
Module 9 Spanning Tree
44 Extreme Configuration Fundamentals Rev. 3.0
PVST+ Per VLAN Spanning Tree
This page identifies two configuration notes on using PVST+.
STPD VLAN Mapping
Each VLAN participating in PVST+ must be in a separate STPD and the VLAN number must be the
same as the STPD identifier (StpdID). As a result, PVST+ VLANs cannot be partitioned.
Native VLAN
In PVST+, the native VLAN must be peered with the VLAN default on Extreme Networks devices, as
both are the only VLAN allowed to send and receive untagged packets on the physical port. Thirdparty
PVST+ devices send VLAN 1 packets in a special manner. ExtremeWare and ExtremeWare XOS
do not support PVST+ for VLAN 1. Therefore, when the switch receives a packet for VLAN 1, the
packet is dropped.
PVST+ Per VLAN Spanning Tree
Extreme Configuration Fundamentals Rev. 3.0 45
Figure 34: PVST+ Per VLAN Spanning Tree
Module 9 Spanning Tree
46 Extreme Configuration Fundamentals Rev. 3.0
Multiple STPDs Per Physical Port
Traditional 802.1d STP has some inherent limitations when addressing networks that have multiple
VLANs and multiple STPDs. Consider the simple network depicted in the illustration.
Two Summit X450 switches are connected by a direct link. Both switches run two VLANs, Marketing
and Sales. Because VLANs Marketing and Sales share physical ports, they have to be configured in the
same STPD. If the link fails, STP still blocks one of the other links, which causes a disruption in traffic
in one of the VLANs.
To optimize the solution, you can use the Extreme Multiple Instance Spanning Tree Protocol (EMISTP)
mode, which allows a port to belong to multiple STPDs. EMISTP adds significant flexibility to STP
network design. Referring to this example, using EMISTP, you can configure both VLANs in different
STPDs.
An STPD ID must be identical to the VLAN ID of one of the member VLANs in that STP domain. This
VLAN is referred to as the Carrier VLAN.
The following example shows the configuration of switch 1:
create vlan sales
configure sales tag 100
configure sales add ports 1-2 tagged
create vlan marketing
configure marketing tag 200
configure marketing add ports 2-3 tagged
create stpd s1
configure s1 add sales
configure s1 tag 100
configure stpd s1 add sales ports 1-2 emistp
create stpd s2
configure s2 add marketing
configure s2 tag 200
configure stpd s2 add marketing ports 12-3 emistp
enable stpd s1
enable stpd s2
Multiple STPDs Per Physical Port
Extreme Configuration Fundamentals Rev. 3.0 47
Figure 35: Multiple STPDs Per Physical Port
Module 9 Spanning Tree
48 Extreme Configuration Fundamentals Rev. 3.0
VLANs Spanning Multiple STPDs
Traditionally, the mapping from VLANs to STP instances has been one-to-one, or many-to-one. In both
cases, a VLAN is wholly contained in a single STP instance. In practical deployment there are cases in
which a one-to-many mapping is desirable. In a typical large enterprise network, for example, VLANs
span multiple sites and/or buildings. Each site represents a redundant looped area. However, between
any two sites the topology is usually very simple.
Alternatively, the same VLAN may span multiple large geographical areas (because they belong to the
same enterprise) and may traverse a great many nodes. In this case, it is desirable to have multiple STP
domains operating in a single VLAN, one for each looped area.
The justifications include the following:
● The complexity of the STP algorithm increases, and performance drops, with the size and complexity
of the network. The 802.1d standard specifies a maximum network diameter of 7 hops. By
segregating a big VLAN into multiple STPDs, you reduce complexity and enhance performance.
● Local to each site, there may be other smaller VLANs that share the same redundant looped area
with the large VLAN. Some STPDs must be created to protect those VLANs. The ability to partition
VLANs allows the large VLAN to be piggybacked in those STPDs in a site-specific fashion.
Although a VLAN can span multiple domains, any LAN segment in that VLAN must be in the same
STPD. VLANs traverse domains only inside switches, not across links.
The STPD ID must be the VLAN ID of one of its member VLANs. This VLAN is referred to as the
Carrier VLAN and it determines the scope of the EMISTP STPD.
VLANs Spanning Multiple STPDs
Extreme Configuration Fundamentals Rev. 3.0 49
Figure 36: VLANs Spanning Multiple STPDs
Module 9 Spanning Tree
50 Extreme Configuration Fundamentals Rev. 3.0
Multiple EMISTP STPDs Per VLAN
The network in this example has two domains. VLANs Sales and Marketing are local to each domain.
VLAN Engineering spans both domains. Using a VLAN that spans multiple STPDS, you do not have to
create a separate domain for VLAN Engineering. Instead, VLAN Engineering is piggybacked onto those
domains local to other VLANs.
In addition, the configuration in this example has these features:
● A different organization or department within the enterprise can administer each site. Having a sitespecific
STP implementation makes the administration more flexible and convenient.
● Between the sites, the connections usually traverse distribution switches in ways that are known
beforehand to be safe with STP. In other words, the looped areas are already well defined.
When you add a VLAN to an STPD, that VLAN becomes a member of the STPD. The two types of
member VLANs in an STPD are:
● Carrier
● Protected
The StpdID must be identical to the VLANid of the Carrier VLAN in that STPD.
The following lists the example configuration of switch 1:
create vlan sales
configure sales tag 100
configure sales add ports 1-2 tagged
create vlan marketing
configure marketing tag 200
configure marketing add ports 3-4 tagged
create vlan engineering
configure engineering tag 300
configure engineering add ports 1-4 tagged
create stpd s1
configure s1 add sales
configure s1 tag 100
configure s1 add engineering ports 1-2 emistp
create stpd s2
configure s2 add marketing
configure s2 tag 200
configure s2 add engineering ports 3-4 emistp
enable stpd s1
enable stpd s2
Multiple EMISTP STPDs Per VLAN
Extreme Configuration Fundamentals Rev. 3.0 51
Figure 37: Multiple EMISTP STPDs Per VLAN
Module 9 Spanning Tree
52 Extreme Configuration Fundamentals Rev. 3.0
Summary
Module nine presents the IEEE 802.1D Spanning Tree Algorithm and Protocol, and examines the
implementation of the spanning tree protocol on traditional bridge technology. This Module also
provides an explanation of how the spanning tree protocol may be configured on the Extreme
Networks switch product family as well as Extreme Networks enhancements to STP.
You should now be able to:
● Define the spanning tree protocol.
● Explain how spanning tree works.
● Identify the building blocks of STP.
● Describe the relationship between ports, VLANs, and the Spanning Tree Domain.
● Configure STP on Extreme Networks switches.
● Describe Extreme Networks STP enhancements.
Summary
Extreme Configuration Fundamentals Rev. 3.0 53
Figure 38: Summary
Module 9 Spanning Tree
54 Extreme Configuration Fundamentals Rev. 3.0
Module 9 Review Questions
1 What is the spanning tree protocol used for?
a To provide fast protection switching for layer-2 switches interconnected in an Ethernet ring
topology.
b To prevent loops in a redundant network topology.
c To use a group of ports to carry traffic in parallel between switches.
d To guarantee packet sequencing across redundant links.
2 What type of problem is caused by a loop topology in an Ethernet network?
a Slow layer-3 topology convergence.
b Intermittent link flapping.
c A broadcast storm.
d Out-of-sequence packet delivery.
3 How does spanning tree protocol eliminate loops in an Ethernet network topology?
a By disabling certain ports.
b By distributing packets over multiple links using an address-based algorithm.
c By forwarding each packet over the best path for that particular packet.
d By placing certain ports in blocking mode.
4 Match the following port states with the best description.
5 Match the following bridge protocol data unit (BPDU) packet types with the best description.
6 What is the primary value used to determine the root bridge?
a Bridge priority, bridge ID.
b Port priority.
c Bridge cost
d Port cost, path cost.
a Blocking ___ Frame re-transmission is temporarily disabled. Port transitions to another state.
b Listening ___ Takes part in frame re-transmission and make entries into the forwarding
database.
c Learning ___ Frame re-transmission is temporarily disabled. The port examines the source
addresses of frames received on each port and creates FDB entries.
d Forwarding ___ Does not participate in frame re-transmission. Still receives and processes
BPDU packets.
a Configuration
BPDU
___ Sent in response to bridges being added or removed. Results in the spanning
tree topology being re-calculated.
b Topology Change
BPDU
___ Sent to all bridges from the root bridge. It is used to determine the least cost
path and determine which bridge is the root bridge.
Summary
Extreme Configuration Fundamentals Rev. 3.0 55
7 What is the primary value used to determine the designated bridge?
a Bridge priority.
b Port priority.
c Bridge cost.
d Path cost.
8 How does a bridge detect a link failure?
a The CBPDU does not arrive before the max age timer expires.
b The topology change BPDU does not arrive before the max age timer expires.
c The CBPDU does not arrive before the hello timer expires.
d The topology change BPDU does not arrive before the hello timer expires.
9 Match the following features with the best description.
a Rapid Spanning
Tree
___ Allows a physical port to belong to multiple spanning tree domains.
b EMISTP ___ Takes advantage of point-to-point links in the network and actively confirms
that a port can safely transition to the forwarding state without relying on any timer
configurations.
c PVST+ ___ Supports compatibility with third-party switches.
Module 9 Spanning Tree
56 Extreme Configuration Fundamentals Rev. 3.0
Extreme Configuration Fundamentals Rev. 3.0 1
10Module 10
IP Unicast Routing
Module 10 IP Unicast Routing
2 Extreme Configuration Fundamentals Rev. 3.0
Student Objectives
Module ten presents layer-3 unicast routing fundamentals, Internet Protocol (IP) forwarding, IP routing
functionality, and how to configure IP forwarding on the Extreme Networks® switches.
Upon completion of this module, the successful student will be able to:
● Describe the difference between layer-2 (L2) and layer-3 (L3) operation.
● Define routing interface and IP route tables.
● Describe how entries are added to the IP route table.
● Add static entries in the IP route table.
● Configure IP unicast routing.
● Verify IP unicast routing.
Student Objectives
Extreme Configuration Fundamentals Rev. 3.0 3
Figure 1: Student Objectives
Module 10 IP Unicast Routing
4 Extreme Configuration Fundamentals Rev. 3.0
Layer-2 versus Layer-3 Operations
This page presents a brief description of layer-2 and layer-3 forwarding.
Layer-2 Data Forwarding
Forwarding of frames on layer 2 (e.g. Ethernet) is known as bridging or switching. Data can be sent
everywhere inside a broadcast domain (VLAN, LAN), but can not pass its borders. The switching
decision where a frame is sent is based on the layer-2 hardware media access control (MAC) address.
The switch uses tables to determine the destination for a received packet. For layer 2, the FDB is a table
of MAC layer information.
Layer-3 Data Forwarding
Forwarding of datagrams at layer 3 (e.g. IP) is known as routing, the term layer-3 switching is used
because the forwarding operations are done in hardware at wire speed.
Layer-3 gateways (routers, L3 switches) connect broadcast domains (VLANs) by having an interface in
every VLAN they want to connect. The routing decision where a datagram has to be sent is based on
the layer-3 address (IP address).
Layer-2 versus Layer-3 Operations
Extreme Configuration Fundamentals Rev. 3.0 5
Figure 2: Layer-2 versus Layer-3 Operations
Module 10 IP Unicast Routing
6 Extreme Configuration Fundamentals Rev. 3.0
Layer-2 Operations Review
When forwarding within the same VLAN, end-stations have to resolve the layer-3 destination address
to the destination MAC address.
If host A wishes to send an IP packet to host B, host A must determine the host B layer-2 address. This
is accomplished using the address resolution protocol (ARP). Host A sends a broadcast ARP message
asking all devices in the broadcast domain if they are configured with the target IP address. Host B
replies with an ARP response, containing the host B MAC address. This enables host A to build a frame
to send the IP packet to host B.
The IP ARP table is used to cache the mapping of MAC addresses and IP addresses the switch has been
able to reach.
To displays the IP Address Resolution Protocol table, enter the following command:
show iparp {<ip address> | <mac_address> | vlan <vlan name> | permanent}
{vr <vr_name>}
The display can be filtered by IP address, MAC address, VLAN or permanent entries.
When the switch receives a packet with a destination MAC address that is not its own, the switch
performs a layer-2 forwarding function by doing a lookup in the forwarding database. When the switch
receives a packet with a destination MAC address that is its own, it performs layer-3 forwarding
function.
Layer-2 Operations Review
Extreme Configuration Fundamentals Rev. 3.0 7
Figure 3: Layer-2 Operations Review
Module 10 IP Unicast Routing
8 Extreme Configuration Fundamentals Rev. 3.0
Layer-3 IP Forwarding Operations
The layer-3 routing capability provides communication between devices in different broadcast domains
(VLANs).
The switch's routing process consults a routing table to determine where to forward the packets. This
routing table is a collection of all known networks and the local interface used to reach them. It is used
to match the destination address to a network. Depending on this entry, the packet is delivered to the
destination (directly connected) or sent to the next L3 switch (next hop).
L3 routing is used to fill the routing table with valid entries so that an L3 switch can reach all
destinations using the best path through the network. Routing is done to give an L3 switch the ability to
make the right forwarding decisions.
When it is time to do a lookup of an unknown IP destination host address, the protocol's function is to
learn the route to take by comparing the destination address to the list of networks in the routing table.
Traditional Routing
In a traditional router, the forwarding decision is made by the CPU consulting the Route Table to find
the destination network and the interface on which to forward the IP packet. In a traditionally routed
network this action is performed for every packet at every router hop between source and destination.
Layer-3 Forwarding
Within a single switch, communication between two or more directly connected networks is enabled
through the use of the IP Route Table.
L3 forwarding of a datagram through a L3 switch is done by looking up the destination IP address in
the IP Route Table.
In an Extreme Networks switch performing IP forwarding at wire speed, the routing decision is made
in hardware and the IP Route Table is used to perform this function. The routing function works in the
same way as a traditional router but is performed only on the first packet. After the first packet is
routed, an entry is made in the IP Route Table of the switching ASICs and IP forwarding at wire speed
is done for all subsequent packets.
Between switches across a network, packets are moved over multiple boundaries using information in
the IP Route Table.
Layer-3 IP Forwarding Operations
Extreme Configuration Fundamentals Rev. 3.0 9
Figure 4: Layer-3 IP Forwarding Operations
Module 10 IP Unicast Routing
10 Extreme Configuration Fundamentals Rev. 3.0
Layer-3 IP Forwarding Examples
This page present two IP forwarding examples.
Directly Attached Layer-3 IP Forwarding Example
In the illustration the following takes place:
1 Host A sends a packet with the destination IP address of Host C to the MAC address of the L3
switch. (router/gateway)
2 The switch receives the packet, consults the route table, and determines that the packet should be
forwarded out port 2. The switch places it’s own address in the source MAC address field and the
MAC address of Host C in the destination MAC address field. The IP addresses are not changed.
3 The packet arrives at Host C.
Multiple Hop Layer-3 IP Forwarding Example
The illustration shows each switch with a route table configured with all of the reachable networks.
In the illustration the following takes place:
1 Host A sends a packet with the destination IP address of Host E to the MAC address of the L3
switch S2.
2 Switch S2 receives the packet, consults the route table, and determines that the packet should be
forwarded out port 17. Switch S2 places it’s own address in the source MAC address field and the
MAC address of the next hop switch S1 in the destination MAC address field. The IP addresses are
not changed.
3 Switch S1 receives the packet, consults the route table, and determines that the packet should be
forwarded out port 1. Switch S1 places it’s own address in the source MAC address field and the
MAC address of Host E in the destination MAC address field.
4 The packet arrives at Host E.
Layer-3 IP Forwarding Examples
Extreme Configuration Fundamentals Rev. 3.0 11
Figure 5: Layer-3 IP Forwarding Example1
Figure 6: Layer-3 IP Forwarding Example 2
Module 10 IP Unicast Routing
12 Extreme Configuration Fundamentals Rev. 3.0
Router Interfaces
The layer-3 software and hardware function forwards IP traffic between router interfaces for inter-
VLAN communication. IP forwarding needs to be enabled on the VLAN so the switch can perform a
layer-3 function.
To participate in routing, a VLAN must have an IP address assigned to it. This is called a router
interface.
As you create VLANs with IP addresses belonging to different IP subnetworks, you can also choose to
forward between the VLANs. Both the MAC switching and IP forwarding functions occur within the
switch. In other words, both layer-2 and layer-3 functions occur within the switch.
The router interface IP address and mask assigned to the VLAN must represent a unique IP
subnetwork. You cannot configure the same IP subnetwork on different VLANs.
The illustration shows:
● A Summit X450 with two VLANs defined: Green and Purple.
● The Green VLAN participates in IP subnetwork 192.206.35.0 and the router interface (VLAN) for
Green is assigned the IP address of 192.206.35.1.
● The Purple VLAN participates in IP subnetwork 192.207.36.0 and the router interface for Purple is
assigned the IP address of 192.207.36.1.
● Traffic between the two VLANs is forwarded based on the configured network information (IP
address and subnetwork mask).
Router Interfaces
Extreme Configuration Fundamentals Rev. 3.0 13
Figure 7: Inter-VLAN Communication
Figure 8: Router Interfaces
Module 10 IP Unicast Routing
14 Extreme Configuration Fundamentals Rev. 3.0
IP Route Table
The IP Route Table is maintained by the CPU and is used to make forwarding decisions. The entries in
the routing table are:
● IP Network (IP address and subnetwork mask)
● Network Gateway (next hop or router interface)
● Metric (quality)
● Additional entries
The routing table can be filled automatically for directly connected networks, manually by the
administrator, or dynamically by the use of a routing protocol such as RIP, OSPF, IS-IS, or BGP.
The switch performs the following steps to route the first packet and populate the ASIC IP Route Table:
1 The ASIC tries to match the destination IP host address of the packet with the ASIC IP Route Table.
2 If the ASIC finds that there is no match in the ASIC Route Table, the packet is passed to the CPU.
3 The CPU matches the destination IP address with the IP route table and forwards the packet out the
associated router interface.
4 The CPU adds the destination IP host address into the ASIC IP Route Table as a host entry.
5 It then checks the source IP host address and adds it to the IP Route Table.
IP Route Table Example
In the example the remote network is 10.0.0.0/24 for switch S1 and network 40.0.0.0/24 for switch S2.
First Step
A router (L3 switch) automatically learns all its directly connected networks. In the example, the
directly connected networks are 30.0.0.0/24 and 40.0.0.0/24 for switch S1 and 10.0.0.0/24 and 30.0.0.0/
24 for switch S2.
Second Step
Using manual configuration or a dynamic routing protocol, the remote networks are learned. Manual
configuration is in general also considered a routing protocol, information is exchanged and calculated
by the administrator.
IP Route Table
Extreme Configuration Fundamentals Rev. 3.0 15
Figure 9: IP Route Table
Figure 10: IP Route Table Example
Module 10 IP Unicast Routing
16 Extreme Configuration Fundamentals Rev. 3.0
Types of IP Route Table Entries
The switch maintains an IP routing table for both network and host routes. The table is populated either
dynamically or statically.
There are several types of route origins identified in the IP route table:
● Directly-connected networks. When configured, are always in the IP route table.
● Dynamic protocol route entries (RIP, OSPF, BGP)
● Permanent routes are manually configured routes.
The route table further identifies routes as:
● Static
● Black hole
● Dynamic
NOTE
If you define a default route, and subsequently delete the VLAN on the subnetwork associated with the default
route, the invalid default route entry remains. You must manually delete the configured default route.
Types of IP Route Table Entries
Extreme Configuration Fundamentals Rev. 3.0 17
Figure 11: Types of IP Route Table Entries
Module 10 IP Unicast Routing
18 Extreme Configuration Fundamentals Rev. 3.0
Permanent Routes
This page describes types of permanent routes.
Static Routes
Static routes are permanent routes manually entered into the routing table. They are used to reach
networks not normally advertised by dynamic routing protocols. Static routes are never aged out of the
routing table.
Up to 1024 static routes can be configured on Extreme Networks switches.
Static routes can be used for security reasons to control which routes you want advertised by the router.
A static route must be associated with a valid IP subnetwork. An IP subnetwork is associated with a
single VLAN by its IP address and subnetwork mask. If the VLAN is subsequently deleted, the static
route entries using that subnetwork must be deleted manually.
Black Hole Routes
Black hole routes are permanent routes, configured to drop traffic to a specific destination. These are
treated like permanent entries in the event of a switch reset or power cycle, and are never aged out of
the routing table.
Black hole routes are configured as an entry in the IP Route table with a specific IP destination address.
When a packet is received with a destination address matching a black-hole route, the packet is
discarded. This type of route table entry is generally used as a security measure but can also be used in
special circumstances where a specific destination address must be discarded.
Default Routes
The default route is a permanent route, configured to enable all traffic to unspecified destinations to be
sent to the default next hop. This router is also known as the gateway-of-last-resort. These are treated
like permanent entries in the event of a switch reset or power cycle, and are never aged out of the
routing table.
Permanent Routes
Extreme Configuration Fundamentals Rev. 3.0 19
Figure 12: Permanent Routes
Module 10 IP Unicast Routing
20 Extreme Configuration Fundamentals Rev. 3.0
Dynamic Route Entries
Dynamic route table entries are reachable routes learned using a dynamic routing protocol such as RIP,
OSPF, IS-IS, or BGPv4.
The maximum number of entries possible varies depending on the routing protocol and switch type.
Refer to Extreme Networks documentation to identify route table entry limitations for a specific switch.
Dynamic entries are aged out when an update is not received for a period of time. This is a function of
the routing protocol used.
Dynamic Route Entries
Extreme Configuration Fundamentals Rev. 3.0 21
Figure 13: Dynamic Route Entries
Module 10 IP Unicast Routing
22 Extreme Configuration Fundamentals Rev. 3.0
Multiple Entries in the Route Table
Multiple entries can be placed in a route table this may be used for the purposes of redundancy. When
there are multiple, conflicting choices of a route to a particular destination, the router picks the route
with the longest matching network mask.
If these are still equal, the router picks the route using the following criteria, in the order specified:
● Directly attached network interfaces
● Static routes
● ICMP redirects
NOTE
If you define multiple default routes, the route that has the lowest metric is used. If there are multiple default
routes that have the same lowest metric, the system uses the first one in the routing table.
IP Route Sharing
IP route sharing allows multiple equal-cost routes to be used concurrently. IP route sharing can be used
with static routes or with OSPF routes. In OSPF, this capability is referred to as equal cost multipath
(ECMP) routing. To enable IP route sharing, enter the following command:
enable iproute sharing
Next, configure static routes and/or OSPF as you would normally. Extreme Networks switches support
route sharing across static routes and ECMP routes for OSPF.
Route sharing is useful only in instances where you are constrained for bandwidth. This is typically not
the case using Extreme Networks switches. Using route sharing can make router troubleshooting more
difficult because of the complexity in predicting the path over which the traffic travels.
Multiple Entries in the Route Table
Extreme Configuration Fundamentals Rev. 3.0 23
Figure 14: Multiple Entries in the Route Table
Module 10 IP Unicast Routing
24 Extreme Configuration Fundamentals Rev. 3.0
Relative Route Priorities
Relative route priorities are assigned to routes learned by the switch depending upon the source of the
routing information. The table in the illustration lists the relative priorities assigned to different routing
protocol sources. Directly connected networks always get the highest priority.
To change the priority for all routes from a particular routing information origin, enter the following
command:
configure iproute {ipv4} priority [rip | blackhole | bootp | ebgp | ibgp |
icmp | static | ospf-intra | ospf-inter | ospf-as-external | ospf-extern1 |
ospf-extern2] <priority>
NOTE
Do not attempt any manipulation unless you are expertly familiar with the possible consequences.
Relative Route Priorities
Extreme Configuration Fundamentals Rev. 3.0 25
Figure 15: Relative Route Priorities
Module 10 IP Unicast Routing
26 Extreme Configuration Fundamentals Rev. 3.0
Configuring IP Forwarding
Configuring routing on the Extreme Networks switch involves the following steps:
● Create and configure two or more VLANs.
● Assign an IP address to each VLAN that is using routing. Ensure that each VLAN has a unique IP
address in a different subnetwork.
● Enable IP forwarding.
● Add static routes.
NOTE
Although it is possible to enable IP forwarding and an IP routing protocol (such as RIP) with only one VLAN defined,
the switch does not route unless at least two VLANs are created and configured.
Configuring IP Forwarding
Extreme Configuration Fundamentals Rev. 3.0 27
Figure 16: Configuring IP Forwarding
Figure 17: Configuring IP Forwarding Continued
Module 10 IP Unicast Routing
28 Extreme Configuration Fundamentals Rev. 3.0
Virtual Routers in the Command Line
The BlackDiamond 10808 supports user-created virtual routers (VRs). A virtual router is an emulation
of a physical router.
Even on switches that only support system virtual routers, some commands in ExtremeWare XOS
require you to specify to which virtual router the command applies. For example, when you use the
ping command, you must specify from which virtual router the ping packets are generated.
For example:
ping vr vr-default 10.0.0.3
ping vr vr-mgmt 10.209.10.19
The default virtual router is different for different commands.
● tftp, download, telnet and other management related commands default is vr-mgmt
● ping, create vlan, and other routing related commands default is vr-default
Different commands use different keywords to specify the virtual router.
● tftp uses -v
● Telnet, download, ping and all other commands use vr
VR Domain
To simplify the configuration process, the concept of a virtual router configuration domain is supported
in ExtremeWare XOS.
To create a virtual router and enter the virtual router configuration domain, enter the following
commands:
sanjose.11 #create virtual-router routezilla
sanjose.12 #virtual-router routezilla
(vr routezilla)sanjose.13 #
The current VR domain is indicated in the CLI prompt.
After entering a VR domain, any VR wide configuration commands are applied to that local VR only.
To return to the default virtual router configuration domain, enter the following command:
(vr routezilla)sanjose.13 #virtual-router vr-default
System commands are the set of commands that perform system wide configuration or monitoring.
These commands are not VR specific. System commands can take optional VR arguments.
NOTE
Even if you are in a VR domain, a system command might still need a VR argument to be applied to
the correct VR.
Virtual Routers in the Command Line
Extreme Configuration Fundamentals Rev. 3.0 29
Figure 18: Virtual Routers in the Command Line
Module 10 IP Unicast Routing
30 Extreme Configuration Fundamentals Rev. 3.0
Configuring Router Interfaces
To create the VLAN on the switch, enter the following command:
create vlan <vlan_name>
To add the ports to the VLAN, enter the following command:
configure <vlan_name> add ports [all | <port number> ]
To assign an IP address to the VLAN, enter the following command:
configure vlan <vlan_name> ipaddress [<ipaddress> {<ipNetmask>} |
ipv6-link-local | {eui64} <ipv6_address_mask>]
The ipv6-link-local, eui64, and ipv6_address_mask only apply to IPv6.
To enable IP forwarding, enter the following command:
enable ipforwarding {ipv4 | broadcast | ignore-broadcast | fast-directbroadcast}{
vlan <vlan_name>}
Syntax Description
If no VLAN is specified, routing is enabled for all VLANs that have been configured with an IP
address.
For Example
enable ipforwarding
NOTE
A common error made during configuration is forgetting to enable IP forwarding after configuring the VLANs. If this
happens, IP Forwarding does not work for that VLAN. IP forwarding should be enabled on every VLAN created.
ipv4 Specifies IPv4 forwarding
broadcast Enables forward and process all subnetwork directed broadcast packets.
ignore-broadcast Upper layers, such as UDP and TCP, ignore broadcast packet processing.
fast-direct-broadcast Enables hardware forwarding of subnetwork directed broadcast IP packets.
vlan_name Specifies a VLAN name.
Configuring Router Interfaces
Extreme Configuration Fundamentals Rev. 3.0 31
Figure 19: Configuring Router Interfaces
Module 10 IP Unicast Routing
32 Extreme Configuration Fundamentals Rev. 3.0
Configuring Permanent Routes
Think of the static route entry as answering the following questions:
● Where is the packet trying to go? (destination subnetwork address and mask)
● How is it going to get there? (next hop gateway)
● How far away is it? What is the cost to get there? (metric)
To add a static route to the routing table, enter the following command:
configure iproute add [<ipNetmask> | <ip_addr> <mask>] <gateway> <metric>
{vr <vrname>} {multicast-only | unicast-only}
A static route can be configured for an entire subnetwork or a single host. To indicate a host entry, use
a value of 255.255.255.255 for the mask.
To add a default gateway to the routing table, enter the following command:
configure iproute add default <gateway> {vr <vrname>} {<metric>}
{multicast-only | unicast-only}
A default gateway must be located on a configured IP interface.
To add a black hole entry to the routing table, enter the following command:
configure iproute add blackhole [<ipNetmask> | <ipaddress> <mask>] {vr
<vrname>} {multicast-only | unicast-only}
All traffic destined for the configured IP address is dropped, and no Internet Control Message Protocol
(ICMP) message is generated.
Removing Permanent Routes
To delete a static address from the routing table, enter the following command:
configure iproute delete [<ipNetmask> | <ipaddress> <mask>] <gateway> {vr
<vrname>}
To delete a default gateway from the routing table, enter the following command:
configure iproute delete default <gateway> {vr <vrname>}
To delete a black hole address from the routing table, enter the following command:
configure iproute delete blackhole [<ipNetmask> | <ipaddress> <mask>] {vr
<vrname>}
Configuring Permanent Routes
Extreme Configuration Fundamentals Rev. 3.0 33
Figure 20: Configuring Permanent Routes
Module 10 IP Unicast Routing
34 Extreme Configuration Fundamentals Rev. 3.0
Additional IP Routing Configuration
It is possible to do the following additional configuration:
● Remove entries in the IPARP and IP Route table
● Enable/disable ICMP messages
■ address-mask ICMP address-mask reply (enabled)
■ parameter-problemICMP parameter-problem message (enabled)
■ port-unreachablesICMP port unreachable messages (enabled)
■ redirects ICMP redirect messages (enabled)
■ time-exceeded ICMP time exceeded messages (enabled)
■ timestamp ICMP timestamp response (enabled)
■ unreachables ICMP unreachable messages (enabled)
■ useredirect Modification of route table information when an ICMP redirect message is
received. (disabled)
To remove dynamic entries from the IP ARP table, enter the following command:
clear iparp {<ip_address> {vr <vr_name>} | vlan <vlan_name>}
Permanent IP ARP entries are not affected.
To enable the generation of ICMP unreachable messages on one or more VLANs, enter the following
command:
enable icmp unreachables vlan [all|<vlan name>]
To disable the generation of ICMP unreachable messages on one or more VLANs, enter the following
command:
disable icmp unreachables vlan [all|<vlan name>]
To reset all ICMP settings to the default values, enter the following command:
unconfigure icmp
ICMP Router Discovery Protocol (IRDP) allows client machines to determine what default gateway
address to use. The switch sends out IP packets at the intervals specified identifying itself as a default
router. IRDP enabled client machines use this information to determine which gateway address to use
for routing data packets to other networks.
To enable the generation of ICMP Router Discovery Protocol advertisement messages on one or more
VLANs, enter the following command:
enable irdp {vlan <vlan name>}
Additional IP Routing Configuration
Extreme Configuration Fundamentals Rev. 3.0 35
Figure 21: Additional IP Routing Configuration
Module 10 IP Unicast Routing
36 Extreme Configuration Fundamentals Rev. 3.0
IP Forwarding Configuration Example
This page shows an example configuration of two of the L3 switches that are represented in the
illustration. The example configuration of the third switch is shown in the illustration.
The example uses static routes.
Configuration of R2
create vlan vlan2ip
configure vlan2ip add ports 2
configure vlan2ip ipaddress 10.2.0.2/24
create vlan vlan0ip
configure vlan0ip add ports 1
configure vlan0ip ipaddress 10.0.0.2/24
enable ipforwarding
configure iproute add 10.1.0.0/24 10.0.0.1 2
configure iproute add default 10.0.0.3
Configuration of R3
create vlan vlan0ip
configure vlan0ip add ports 1
configure vlan0ip ipaddress 10.0.0.3/24
create vlan vlan3ip
configure vlan3ip add ports 2
configure vlan3ip ipaddress 10.3.0.3/24
enable ipforwarding
configure iproute add 10.1.0.0/24 10.0.0.1 2
configure iproute add 10.2.0.0/24 10.0.0.2 2
IP Forwarding Configuration Example
Extreme Configuration Fundamentals Rev. 3.0 37
Figure 22: IP Forwarding Configuration Example
Module 10 IP Unicast Routing
38 Extreme Configuration Fundamentals Rev. 3.0
Verifying the IP Route Table
To verify the IP Route Table, enter the following command:
show iproute {ipv4} {priority | vlan <vlan_name> | permanent | <ip_address>
<netmask> | summary} {multicast | unicast} {vr <vrname>}}
Syntax Description
The display shows:
● The route origin.
● The destination network.
● The gateway being used to reach the destination.
● The VLAN name of the router interface.
● If the interface is up.
● What type of route it is. (Static, Dynamic, Black Hole)
If there are multiple routes to the same destination network and the route is preceded in the display by
an “*”, the “*” indicates that this unicast route is the most preferable route.
If the route is preceded by a # it is the preferred route for both unicast and multicast.
priority Specifies a route priority.
vlan_name Specifies a VLAN name.
permanent Specifies permanent routing.
ip_address Specifies an IP address.
netmask Specifies a subnet mask.
multicast | unicast The route applies to multicast or unicast packets.
vrname The Virtual Router to apply this route to. If you do not specify a virtual router,
the command applies to the default or current virtual router.
Verifying the IP Route Table
Extreme Configuration Fundamentals Rev. 3.0 39
Figure 23: Verifying the IP Route Table
Module 10 IP Unicast Routing
40 Extreme Configuration Fundamentals Rev. 3.0
Verifying the Unicast Routing Configuration
To display the current configuration of IP unicast routing for the switch, and for each VLAN, enter the
following command:
show ipconfig
The display has been separated based on:
● Global Flags
● Global Timers
● VLAN specific information
In the PowerPoint presentation:
● The first arrow points to the global flags segment of the display.
● The second arrow points to the global timers information section.
● The third arrow points to VLAN specific information.
To display configuration information for one or more VLANs, enter the following command:
show ipconfig {vlan <vlan name>} {detail}
Verifying the Unicast Routing Configuration
Extreme Configuration Fundamentals Rev. 3.0 41
Figure 24: Verifying the Unicast Routing Configuration
Module 10 IP Unicast Routing
42 Extreme Configuration Fundamentals Rev. 3.0
Additional Show Commands
To display the IP Address Resolution Protocol (ARP) table, enter the following command:
show iparp {<ip_addr> | <mac> | vlan <vlan_name> | permanent} {vr
<vr_name>}
To determine the best route to reach an IP address or host, enter the following command:
rtlookup {<ipaddress> | <ipv6address>}{vr <vrname>}
To display IP statistics for the CPU of the switch, enter the following command:
show ipstats {ipv4} {vlan <name> | vr <vrname>}
Additional Show Commands
Extreme Configuration Fundamentals Rev. 3.0 43
Figure 25: Verifying the IP ARP Table
Module 10 IP Unicast Routing
44 Extreme Configuration Fundamentals Rev. 3.0
Unexpected Switch Behavior
A common tool used to test IP forwarding or routing is the Ping command. The Ping command sends
an ICMP echo request to the specified IP address and the device with that address responds with an
ICMP echo response.
In a traditional routed environment you can ping the router interface on a different subnetwork to
verify that you can reach that subnetwork.
However, in a layer-3 switched environment using Extreme Networks switches, there is an unexpected
behavior.
If you ping a router interface that is configured on the switch and is active, the router interface
responds with an ICMP echo response even though IP forwarding is not enabled.
NOTE
The router interface may appear to be forwarding packets at Layer 3 even though it is not.
This is caused by the fact that the switch uses the same MAC address for all of the router interfaces.
Unexpected Switch Behavior
Extreme Configuration Fundamentals Rev. 3.0 45
Figure 26: Unexpected Switch Behavior
Module 10 IP Unicast Routing
46 Extreme Configuration Fundamentals Rev. 3.0
Additional IP Unicast Features
This page describes additional IP routing features found in Extreme Networks switches.
Proxy Address Resolution Protocol
Proxy ARP allows the switch to answer ARP requests for other stations. There are two cases where
proxy ARP is needed:
● Devices on a subnetwork are not capable of responding to an ARP request.
● When a station cannot access a default gateway because it is configured with a more general
subnetwork mask than that of the switch.
IP Multinetting
In many legacy IP networks, there is a need to overlap multiple subnetworks into one physical port
with third-party devices that do not support tagging. In normal operation, you can only assign a port
untagged once to a router interface. IP multinetting allows untagged assignment of multiple VLANs to
the same physical port.
DHCP
A DHCP server with limited configuration capabilities is included in the switch to provide IP addresses
to clients. The DHCP server is not supported as a standalone feature. It is used only as part of the
Network Login feature.
DHCP/BOOTP Relay
This feature can be used in various applications, including DHCP services between Microsoft Windows
NT servers and clients running Windows 95/98. It forwards DHCP and BootP requests on behalf of
clients.
Additional IP Unicast Features
Extreme Configuration Fundamentals Rev. 3.0 47
Figure 27: Additional IP Unicast Features
Module 10 IP Unicast Routing
48 Extreme Configuration Fundamentals Rev. 3.0
Additional IP Unicast Features Continued
This page describes additional IP routing features found in Extreme Networks switches.
UDP Forwarding
UDP forwarding is used to handle the directed forwarding of broadcast UDP packets. It allows
applications to be directed to different DHCP servers. Example applications are multiple DHCP relay
services from differing sets of VLANs.
NAT
Network Address Translation (NAT) is a feature that allows one set of IP addresses, typically private IP
addresses, to be converted to another set of IP addresses, typically public Internet IP addresses. This
conversion is done transparently by having a NAT device (any i-series or XOS Extreme Networks
switch) rewrite the source IP address and layer-4 port of the packets.
Multicasting
Extreme Networks switches support two Protocol Independent Multicast (PIM) modes: Dense Mode
(PIM-DM) and Sparse Mode (PIM-SM). IP multicasting enables a host to send IP packets to a group of
hosts anywhere within the IP network. IP multicasting is used to provide video and audio conferencing
and streaming applications.
Additional IP Unicast Features Continued
Extreme Configuration Fundamentals Rev. 3.0 49
Figure 28: Additional IP Unicast Features Continued
Module 10 IP Unicast Routing
50 Extreme Configuration Fundamentals Rev. 3.0
Summary
Module ten presents layer-3 unicast routing fundamentals, Internet Protocol (IP) forwarding, IP routing
functionality, and how to configure IP forwarding in the Extreme Networks switches.
You should now be able to:
● Describe the difference between layer-2 (L2) and layer-3 (L3) operation.
● Define routing interface and IP route tables.
● Describe how entries are added to the IP route table.
● Add static entries in the IP route table.
● Configure IP unicast routing.
● Verify IP unicast routing.
Summary
Extreme Configuration Fundamentals Rev. 3.0 51
Figure 29: Summary
Module 10 IP Unicast Routing
52 Extreme Configuration Fundamentals Rev. 3.0
Module 10 Review Questions
1 What is the primary difference between layer-2 forwarding and layer-3 forwarding?
a Layer-2 forwarding is based on the MAC address and layer-3 forwarding is based on the IP
address.
b Layer-3 forwarding is based on the MAC address and layer-2 forwarding is based on the IP
address.
c Layer-3 forwarding is performed on the first packet only and layer-2 forwarding is performed on
all subsequent packets.
d Layer-2 forwarding is performed on the first packet only and layer-3 forwarding is performed on
all subsequent packets.
2 What is the primary difference between routing and layer-3 forwarding in an Extreme Networks
switch?
a Layer-3 forwarding is performed on the first packet only and routing is performed on all
subsequent packets.
b Routing is performed on the first packet only and layer-2 forwarding is performed on all
subsequent packets.
c Routing is performed on the first packet only and layer-3 forwarding is performed on all
subsequent packets.
d Layer-2 forwarding is performed on the first packet only and routing is performed on all
subsequent packets.
3 Match the following route types with the correct identifier in the show iproute command display.
a Origin __ Static
b Flag __ Dynamic
c Not identified __ Black Hole
__ Permanent
__ Directly connected
__ Default
Extreme Configuration Fundamentals Rev. 3.0 1
11Module 11
Configuring RIP
Module 11 Configuring RIP
2 Extreme Configuration Fundamentals Rev. 3.0
Student Objectives
Module 11 describes how to configure the Routing Information Protocol (RIP) v1 and RIP v2 IP unicast
routing protocols.
Upon completion of this module, the successful student will be able to:
● Describe the RIP routing protocol.
● Identify the limitations of RIP version 1.
● List the benefits of RIP version 2.
● Interpret RIP routing table entries.
● Describe the Split Horizon and Poison Reverse loop resolution protocols.
● Describe the operation of triggered updates.
● Configure the RIP routing protocol.
● Verify the RIP configuration.
● Test RIP operation.
Prerequisites
It is assumed that students are already familiar with IP Unicast routing. If not, it is recommended that
you refer to the following publications for additional information:
● RFC 1058 - Routing Information Protocol (RIP)
● RFC 1256 - ICMP Router Discovery Messages
● RFC 1723 - RIP Version 2
● Book: Interconnections: Bridges and Routers by Radia Perlman ISBN 0-201-56332-0. Published by
Addison-Wesley Publishing Company
Student Objectives
Extreme Configuration Fundamentals Rev. 3.0 3
Figure 1: Student Objectives
Module 11 Configuring RIP
4 Extreme Configuration Fundamentals Rev. 3.0
Limitations of Manual Configuration
As the routed network grows in size and complexity, the problem of manually determining the best
route for information to follow becomes a bigger problem. Some of the issues faced include:
● How to populate a large number of routing tables.
● How to cope with a changing topology.
● How to provide resiliency.
● How to allow for future growth of the network.
To resolve these issues, implement a mechanism to populate the route tables and resolve the other
issues in an automated fashion.
The Extreme Networks® range of switches incorporates this functionality as a separate routing function.
The routing function in the switch is defined by the particular routing protocol it supports.
Supported unicast routing protocols include:
● RIP1 - Routing Information Protocol Version 1
● RIP2 - Routing Information Protocol Version 2
● OSPF - Open Shortest Path First
● IS-IS - Intermediate System - Intermediate System
● BGPv4 - Border Gateway Protocol version 4
Limitations of Manual Configuration
Extreme Configuration Fundamentals Rev. 3.0 5
Figure 2: Limitations of Manual Configuration
Module 11 Configuring RIP
6 Extreme Configuration Fundamentals Rev. 3.0
RIP - A Distance Vector Routing Protocol
RIP is an Interior Gateway Protocol (IGP). Its early predecessor was first used in computer routing in
the Advanced Research Projects Agency Network (ARPAnet) as early as 1969. It is primarily intended
for use in homogeneous networks of moderate size.
To determine the best path for a distant network, a router using RIP always selects the path that has the
least number of hops. Each router that data must traverse is considered to be one hop.
Using a distance-vector protocol, each router creates a unique routing table from summarized
information obtained from neighboring routers. This is based on the Bellman-Ford (distance-vector)
algorithm. The distance-vector algorithm has been in use for many years, and is widely deployed and
understood.
The biggest advantage of using RIP is that it is relatively simple to understand and implement, and it
has been a de-facto routing standard for many years.
The distinction between RIP and other routing protocols like OSPF lies in the fundamental differences
between distance-vector protocols and link-state protocols. These are discussed later in the course.
Route Advertisements
RIP depends upon each router notifying its neighbors when there is a change in its routing table.
However, if a router crashes, it cannot notify its neighbors of a change. To handle these types of
problems, distance-vector protocols must have the ability to remove old routes (not updated) from the
routing table based on a timeout procedure.
All routers participating in RIP send update messages at regular update intervals. The default value is
30 seconds. If a router does not receive an update message within six update cycles (nominally 180
seconds) from the router that was the source of the original routing table entry, it assumes that either
the source router has failed or that the connecting link has become unusable. The router marks the
existing route as invalid and eventually removes the route from its routing table. When the router
learns of a new route from another neighbor, the new route is used to replace the deleted one.
Periodically, each RIP router sends a routing table update message to every neighbor. This update
message contains the information from the device's routing table, as it currently exists. If the
information contained in the routing table is too large to fit into a single RIP update message, it is
divided and placed into as many messages as needed to convey the entire routing table. Each message
can contain 25 route advertisements and can be a maximum of 512 bytes long.
Triggered Updates
Triggered Updates are a way to bypass the 30-second interval between RIP updates. Essentially they
allow a router to inform its neighbors of a change to its routing table immediately after the change
occurs, without having to wait for the next 30-second update interval.
RIP - A Distance Vector Routing Protocol
Extreme Configuration Fundamentals Rev. 3.0 7
Figure 3: RIP - A Distance Vector Routing Protocol
Figure 4: RIP Continued
Module 11 Configuring RIP
8 Extreme Configuration Fundamentals Rev. 3.0
Limitations of RIP Version 1
As previously discussed, RIP is well known and utilized. However, RIP Version 1 does have several
limitations. These include:
● Classfull Addressing: RIP Version 1 only understands class A, B, and C IP addresses.
● Subnet Masks: RIP Version 1 does not propagate subnet mask information.
● Variable Length Subnet Masks: RIP Version 1 does not support variable length subnet masks.
● Generates Broadcasts: RIP Version 1 uses broadcasts to deliver routing updates.
● Security: RIP Version 1 does not support any authentication and routers
sending updates cannot be verified.
Limitations of RIP Version 1
Extreme Configuration Fundamentals Rev. 3.0 9
Figure 5: Limitations of RIP Version 1
Module 11 Configuring RIP
10 Extreme Configuration Fundamentals Rev. 3.0
RIP Version 2
RIP Version 2 (RIPv2) introduces subnet mask information into the Routing Information Protocol to
handle variable-length subnetting that has become prevalent in the IP addressing scheme, due to the
scarcity of IP addresses. Benefits of implementing RIPv2 include:
● Variable-Length Subnet Masks (VLSMs)
● Next-hop address
● Support for next-hop addresses allowing for optimization of routes in certain environments
● Multicasting
RIP Version 2 uses the multicast address 224.0.0.9 for router updates.
RIPv2 uses multicast packets instead of broadcast. This reduces the load on hosts that do not support
routing protocols. Using multicast packets also allows RIP Version 2 routers to share information, which
RIP Version 1 routers cannot receive.
Backward compatibility with existing RIPv1 implementations is an important design criterion. The
implementation allows for different compatibility modes to interoperate with both RIPv1 and RIPv2
implementations.
NOTE
If you are using RIP with supernetting/Classless Inter-Domain Routing (CIDR), you must use RIPv2 only. In addition,
RIP route aggregation must be turned off.
RIP Version 2
Extreme Configuration Fundamentals Rev. 3.0 11
Figure 6: RIP Version 2
Module 11 Configuring RIP
12 Extreme Configuration Fundamentals Rev. 3.0
Routing Table For Routers Using RIP
The routing table in each device using RIP, contains an entry for every known destination network.
Each routing table entry contains the following information:
● Origin of the route
■ Directly connected
■ RIP
■ OSPF
● IP address of the destination network
● IP address of the next router (gateway)
● Metric (hop count) to the destination network
● Flags
● VLAN that contains the router interface that the route is using
● Duration of time since the entry was last updated
The router exchanges an update message with each neighbor every 30 seconds (default value), or if
there is a change to the overall routed topology (also called triggered updates). If a router does not
receive an update message within six update cycles (nominally 180 seconds) from the router that was
the source of the original routing table entry, it assumes that either the source router has failed or that
the connecting link has become unusable. The router marks the existing route as invalid and eventually
removes the route from its routing table. When the router learns of a new route from another neighbor,
the new route is used to replace the deleted one.
The distance-vector routing algorithm waits for six times the update interval before timing out the
route, even though it expects to hear from each neighbor at every update interval. The additional time
is used to avoid invalidating routes based on the loss of a single update message.
Routing Table For Routers Using RIP
Extreme Configuration Fundamentals Rev. 3.0 13
Figure 7: Routing Table For Routers Using RIP
Module 11 Configuring RIP
14 Extreme Configuration Fundamentals Rev. 3.0
Routing Loops
The RIP protocol can have certain situations that cause slow convergence.
The illustration shows how a loop is created between two routers:
1 Router B reaches the target network with a hop count of one using router A.
2 Router C learns, in its regular update from router B, that it reaches the target network using router B
with a hop count of two.
3 In the next router C update, it advertises reachability to the target network back to router B with a
hop count of three.
4 Router B now has two routes to the target network; the first using router A with a hop count of one,
the second using router C with a hop count of three.
5 Router B chooses the route using router A, since router A has the smallest total hop count.
6 The link between router A and router B fails.
7 Router B does not receive an update from router A in the required time and the route times out the
target network through router A.
Remember that router B has a secondary route to the target network using router C with a hop
count of three.
8 Router B now forwards all traffic destined for the target network to router C and router C, in turn,
forwards the traffic back to router B.
9 As a result of this mutual deception, a loop is created.
10 The packet travels back and forth between router B and router C until the time to live field in the IP
header is reduced to zero.
11 The packet is eventually discarded by one of the routers.
Routing Loops
Extreme Configuration Fundamentals Rev. 3.0 15
Figure 8: Routing Loops
Module 11 Configuring RIP
16 Extreme Configuration Fundamentals Rev. 3.0
Counting to Infinity Problem
In a complex network, a particular route is propagated to many routers in the network.
When a subnetwork becomes completely isolated from a complex internetwork the routers continue to
advertise the route even though the network is unreachable. As each router is deceived into thinking
that there is an alternate route the hop count metric being advertised increases slowly until it finally
reaches infinity. This problem is called counting to infinity.
This is why infinity (the maximum hop count) is chosen to be as small as possible. If a network
becomes completely inaccessible, counting to infinity should be stopped as soon as possible. However
infinity must be large enough to accommodate any real route. The choice of infinity is a trade-off
between network size and speed of convergence. The designers of RIP selected a maximum hop count
metric of 15.
The split horizon feature can help prevent the count to infinity problem from happening.
NOTE
The maximum reachable hop count is 15. A hop count of 16 is defined as unreachable.
Counting to Infinity Problem
Extreme Configuration Fundamentals Rev. 3.0 17
Figure 9: Counting to Infinity Problem
Module 11 Configuring RIP
18 Extreme Configuration Fundamentals Rev. 3.0
Split Horizon
A number of modifications can be made to the basic distance-vector routing algorithm to improve
performance in a dynamic environment and to help expedite convergence and eliminate routing loops.
These include:
● Split horizon
● Poison reverse
By default, both are enabled on Extreme Networks switches.
The occurrence of loops between two routers can be greatly reduced by using split-horizon.
The count-to-infinity problem can be overcome if the router is careful about where it sends its routing
information. Split-horizon is a technique whereby a router does not advertise a route over the same port
that supplied the route. In other words, a router does not claim network reachability to a neighbor from
which the route was learned.
The illustration demonstrates the use of split-horizon to break a loop of two hops.
1 Router B reaches the target network with a hop count of one using router A.
2 Router C learns in its regular update from router B that it reaches the target network using router B
with a hop count of two.
3 Router C does not advertise the route to the target network back to router B.
As a result of split-horizon, router B has only one route to the target network.
If the link between router A and router B fails, router B times out the entry and advertises the target
network as unreachable. The possibility of a loop has been eliminated.
Split Horizon
Extreme Configuration Fundamentals Rev. 3.0 19
Figure 10: Split Horizon
Module 11 Configuring RIP
20 Extreme Configuration Fundamentals Rev. 3.0
Poison Reverse
Poison reverse is a technique whereby a router advertises a route over the same port that supplied the
route with a hop count of 16, defining it as unreachable. A router claims that a network is unreachable
over the interface from which the route was learned, preventing any route loops. Poison reverse speeds
up convergence because erroneous routes are eliminated without waiting for a timeout.
The illustration shows a typical exchange of routing information when a router is configured to perform
split-horizon with poison reverse.
In this example:
1 A routing loop is created as described on page 14.
2 Since poison reverse is enabled on switch C and the route for the target network was learned over
the link from switch B. Switch C advertises the route to the target network with a metric of 16 hops.
(Unreachable)
The disadvantage of poison reverse is that it increases the size of the routing update messages. If split
horizon with poisoned reverse is used, the router must mention all poison routes, with a metric of 16. If
the system is large, this can result in a large update message, almost all of whose entries indicate
unreachable networks.
In many cases, the network administrator is willing to accept slower convergence to reduce the
overhead that the increased size of the routing table update messages would cause.
Poison Reverse
Extreme Configuration Fundamentals Rev. 3.0 21
Figure 11: Poison Reverse
Module 11 Configuring RIP
22 Extreme Configuration Fundamentals Rev. 3.0
Triggered Updates
Triggered updates occur whenever a router changes the metric for a route, and it is required to send an
update message immediately, even if it is not yet time for a regular update message to be sent. This
generally results in faster convergence, but also results in more RIP-related traffic.
Triggered updates can cause excessive loads on networks with limited bandwidth or with many routers
on them. A simple solution to this problem is to set a timer to a random number between one and five
seconds after a triggered update is sent. If other changes occur that would trigger another update before
the timer expires, the router must wait until the timer expires before sending the update. A triggered
update may also be suppressed if a regular timed update is due by the time the triggered update would
be sent.
The illustration shows a network in two states:
● Before the triggered update was issued (crossed-out entries)
● After all routers have converged their router tables
In the illustration, router A times out its route to the target network. The timeout forces router A to
issue triggered updates on its ports.
The update propagates backward along all paths that lead to router A, updating the metric for the
target network to infinity (not shown on slide).
The network converges on the new route to the target network based on the route available through
router B.
Triggered Updates
Extreme Configuration Fundamentals Rev. 3.0 23
Figure 12: Triggered Updates
Module 11 Configuring RIP
24 Extreme Configuration Fundamentals Rev. 3.0
RIP Limitations
Distance-vector routing algorithms can quickly determine the shortest route to a distant network.
However, this can be misleading due to potential slow convergence, which may require multiple
updates.
The routes are based on hop count and do not take into account any cost related issues.
Depending on the size and complexity of the network and the speed of the links, the amount of
information exchanged between neighbors can be significant.
Each router periodically transmits all its routing information to its neighbors. The information
transmitted by each router is based on the information that it receives from its immediate neighbors.
Thus, the identification of a router that supplies inaccurate data is quite difficult.
A change in the routing table of a single router can result in a chain of updates. It can take a long time
for this information to reach all other routers in the routing domain.
RIP Limitations
Extreme Configuration Fundamentals Rev. 3.0 25
Figure 13: RIP Limitations
Module 11 Configuring RIP
26 Extreme Configuration Fundamentals Rev. 3.0
Configuring RIP
This page presents the general steps and specific commands to configure RIP on a switch.
To configure RIP, perform the following general steps:
● Create and configure VLANs
● Configure the VLAN with an IP Address. i.e. Create the Router Interface (RIF)
● Enable IP Forwarding
● Enable RIP on the VLANs that do RIP routing and on the VLANs you want to advertise through RIP
● Enable RIP globally
● Verify the configuration and operation using show-commands
IP Configuration Commands
To create the VLAN on the switch, enter the following command:
create vlan <vlan_name>
To add the ports to the VLAN, enter the following command:
configure <vlan_name> add ports [all | <port number>]
To add the IP address to the VLAN, enter the following command:
configure vlan <vlan_name> ipaddress [<ipaddress> {<ipNetmask>} |
ipv6-link-local | {eui64} <ipv6_address_mask>]
To enable IP forwarding, enter the following command:
enable ipforwarding
Configuring RIP
Extreme Configuration Fundamentals Rev. 3.0 27
Figure 14: Configuring RIP
Figure 15: General IP Configuration Commands
Module 11 Configuring RIP
28 Extreme Configuration Fundamentals Rev. 3.0
RIP Specific Configuration Commands
Here are the commands required to ensure that routes are advertised for the VLANs configured for
RIP.
VLANs that are configured with an IP address, but are not configured to forward IP or are not
configured to run RIP, do not have their subnets advertised by RIP. Only those VLANs that are
configured with an IP address, are configured to forward IP, and run RIP, have their subnets
advertised.
When an IP interface is created, per-interface RIP configuration is disabled by default. To configure RIP
on an IP interface, enter the following command:
configure rip add vlan [<vlan_name> | all]
You must specify either a VLAN name or all (i.e. all VLANs).
To enable RIP globally, enter the following command:
enable rip
Removing RIP
To remove RIP from an IP interface, enter the following command:
configure rip delete vlan [<vlan_name> | all]
To disable RIP, enter the following command:
disable rip
When RIP is disabled on the interface, the parameters are not reset to their defaults.
RIP Specific Configuration Commands
Extreme Configuration Fundamentals Rev. 3.0 29
Figure 16: RIP Specific Configuration Commands
Module 11 Configuring RIP
30 Extreme Configuration Fundamentals Rev. 3.0
RIP Configuration Example
The illustration shows an example of a RIP configuration for one switch. Examples of additional RIP
configuration are shown below.
Configuration of R2
create vlan vlan2rip
configure vlan2rip add ports 2
configure vlan2rip ipaddress 10.2.0.2/24
create vlan vlan0rip
configure vlan0rip add ports 1
configure vlan0rip ipaddress 10.0.0.2/24
enable ipforwarding
configure rip add vlan vlan0rip
configure rip add vlan vlan2rip
enable rip
Configuration of R3
create vlan vlan0rip
configure vlan0rip add ports 1
configure vlan0rip ipaddress 10.0.0.3/24
create vlan vlan3ip
configure vlan3rip add ports 2
configure vlan3rip ipaddress 10.3.0.3/24
enable ipforwarding
configure rip add vlan vlan0rip
configure rip add vlan vlan3rip
enable rip
RIP Configuration Example
Extreme Configuration Fundamentals Rev. 3.0 31
Figure 17: RIP Configuration Example
Module 11 Configuring RIP
32 Extreme Configuration Fundamentals Rev. 3.0
RIP Timer and Cost Configuration Commands
Every update timer period, the RIP process sends an unsolicited response message containing the
complete routing table to all neighboring RIP routers.
To specify the time interval in seconds within which RIP sends update packets, enter the following
command:
configure rip updatetime {<seconds>}
The default is 30 seconds. The range is 10 - 180 and must be less than the route timer.
There are two timers associated with each route, a route timeout and a garbage time. Upon expiration of
the timeout, the route is no longer valid; however, it is retained in the routing table for a short time so
that neighbors can be notified that the route has been dropped. Upon expiration of the garbage timer,
the route is finally removed from the tables.
To configure the route timeout period, enter the following command:
configure rip routetimeout {<seconds>}
The default is 180 seconds. The range is 0 - 4294967295 and must be greater than the update timer.
To configure the RIP garbage time, enter the following command:
configure rip garbagetime {<seconds>}
The default is 120 seconds.
To configure the cost metric of the VLAN router interface, enter the following command:
configure rip vlan [<vlan name> | all] cost <cost>
The range is 1 - 14.
RIP Timer and Cost Configuration Commands
Extreme Configuration Fundamentals Rev. 3.0 33
Figure 18: RIP Timer and Cost Configuration Commands
Module 11 Configuring RIP
34 Extreme Configuration Fundamentals Rev. 3.0
Additional RIP Configuration Commands
To modify the received RIP version, enter the following command:
configure rip rxmode [none | v1only | v2only | any] {vlan [vlan name |
all]}
Syntax Description
The default for receiving is any.
To modify the transmitted RIP version, enter the following command:
configure rip txmode [none | v1only | v1comp | v2only] {vlan [vlan name |
all]}
The default for transmitting is v2.
The features for aggregating or summarizing subnetwork routes, exporting updates from other routing
protocols, split horizon, poison reverse, and triggered updates can be enable and disabled individually.
To enable specific RIP features, enter the following command:
enable rip [aggregation | export | exportstatic |originate-default |
poisonreverse | splithorizon | triggerupdates]
To reset all RIP parameters for a VLAN to the default, enter the following command:
unconfig rip {vlan <vlan name>}
none Specifies to drop all received RIP packets.
v1only Specifies to accept only RIP version 1 format packets.
v2only Specifies to accept only RIP version 2 format packets.
any Specifies to accept RIP version 1 and RIP version 2 packets.
vlan-name Specifies to apply settings to specific VLAN name.
all Specifies all VLANs.
Additional RIP Configuration Commands
Extreme Configuration Fundamentals Rev. 3.0 35
Figure 19: Additional RIP Configuration Commands
Module 11 Configuring RIP
36 Extreme Configuration Fundamentals Rev. 3.0
Verifying the RIP-specific Configuration
To verify the RIP-specific configuration for all VLANs, enter the following commands:
show rip
show rip {detail}
The command displays the following:
● The global status of:
■ RIP
■ Split Horizon
■ Poison Reverse
■ Triggered Updates
● RIP protocol timers
Verifying the RIP-specific Configuration
Extreme Configuration Fundamentals Rev. 3.0 37
Figure 20: Verifying the RIP-specific Configuration for all VLANs
Module 11 Configuring RIP
38 Extreme Configuration Fundamentals Rev. 3.0
Verifying IP Forwarding and VLAN Interface
To verify that IP Routing and RIP are enabled, enter the following command:
show ipconfig
The display shows:
● The name of each VLAN.
● The IP address of each router interface.
● If IP forwarding is enabled for each VLAN.
● If the interface is enabled and active.
Verifying IP Forwarding and VLAN Interface
Extreme Configuration Fundamentals Rev. 3.0 39
Figure 21: Verifying IP Forwarding and VLAN Interface
Module 11 Configuring RIP
40 Extreme Configuration Fundamentals Rev. 3.0
Verifying the Route Source
To verify the source of a route entry, enter the following command:
show iproute
The displays shows:
● The origin of the route. (how was the route learned).
● The destination network.
● The next hop gateway.
● The type of route entry.
● The preferred route for unicast and multicast traffic.
● The duration of time this route has been in the routing table.
Verifying the Route Source
Extreme Configuration Fundamentals Rev. 3.0 41
Figure 22: Verifying the Route Source
Module 11 Configuring RIP
42 Extreme Configuration Fundamentals Rev. 3.0
Additional Show Commands
To verify the RIP-specific interface settings, enter the following command:
show rip interface
The display shows:
● The VLAN name.
● The router interface IP address and subnetwork mask.
● The number of RIP packets sent and received.
● The number of triggered updates.
● The interface cost.
To verify the RIP-specific routes in the routing table, enter the following command:
show rip routes
The display shows:
● The route origin.
● The destination network.
● Any rip peers.
● The route metric.
● The VLAN name.
● The route age.
To verify the rip specific configuration commands, enter the following command:
show configuration rip
Additional Show Commands
Extreme Configuration Fundamentals Rev. 3.0 43
Figure 23: Show RIP Interface
Figure 24: Show RIP Routes
Module 11 Configuring RIP
44 Extreme Configuration Fundamentals Rev. 3.0
Summary
Module 11 describes how to configure the RIP v1 and RIP v2 IP unicast routing protocols.
You should now be able to:
● Describe the RIP routing protocol.
● Identify the limitations of RIP version 1.
● List the benefits of RIP version 2.
● Interpret RIP routing table entries.
● Describe the Split Horizon and Poison Reverse loop resolution protocols.
● Describe the operation of triggered updates.
● Configure the RIP routing protocol.
● Verify the RIP configuration.
● Test RIP operation.
Summary
Extreme Configuration Fundamentals Rev. 3.0 45
Figure 25: Summary
Module 11 Configuring RIP
46 Extreme Configuration Fundamentals Rev. 3.0
Module 11 Review Questions
1 What are the advantages of using RIP? (more than one correct answer)
a RIP provides the fastest possible convergence.
b RIP is simple and easy to understand.
c RIP automatically populates the routing tables.
d RIP uses a hop count rather than a cost metric.
2 What are the primary advantages of RIP version 2 compared to RIP version 1? (more than one
answer)
a Version 2 supports classful IP addresses.
b Version 2 supports a routing hierarchy.
c Version 2 supports variable-length subnetwork masks.
d Version 2 supports load sharing.
e Version 2 supports classless IP addresses.
f Version 2 supports broadcasting.
g Version 2 supports multicasting.
h Version 2 supports authentication.
3 What information is in a RIP route table entry? (more than one answer)
a The IP address of the next router.
b The cost metric of the link.
c The Metric (hop count) to the destination network.
d The route hold-down timer value.
e The timer that tracks the amount of time since the entry was last updated.
f The IP address of the destination network.
4 What are the names of the two problems that are addressed by a combination of Split Horizon,
Poison Reverse, and Triggered Updates?
a _______________________________
b _______________________________
5 Match the following feature name with the correct description.
Feature Description
a Split Horizon ___ Whenever a router changes the metric for a route, it sends an update message
immediately.
b Poison Reverse ___ A router does not advertise a route over the same port that supplied the route.
c Triggered
Updates
___ A router claims that a network is unreachable over the interface from which the
route was learned.
Extreme Configuration Fundamentals Rev. 3.0 1
12Module 12
Configuring OSPF
Module 12 Configuring OSPF
2 Extreme Configuration Fundamentals Rev. 3.0
Student Objectives
Module twelve presents the Open Shortest Path First (OSPF) IP routing protocol.
Upon completion of this module, the successful student will be able to:
● Define OSPF as a routing protocol.
● Identify the advantages of OSPF.
● Describe the OSPF hierarchy.
● Define OSPF areas and router types.
● Describe how OSPF operates.
● Define Link State Advertisements (LSA) and hello packets.
● Define Link State Database (LSDB) synchronization.
● Configure OSPF within a single area.
● Verify the configuration and operation of OSPF.
Student Objectives
Extreme Configuration Fundamentals Rev. 3.0 3
Figure 1: Student Objectives
Module 12 Configuring OSPF
4 Extreme Configuration Fundamentals Rev. 3.0
Defining OSPF
The Open Shortest Path First protocol is an IP routing protocol that is classified as an interior gateway
protocol (IGP).
OSPF employs a link-state routing algorithm. The important features of a link-state routing protocol are:
● All routers within a routing domain share information about their interfaces, or links, to directly
connected networks.
● The link information is stored in a database. This topological database contains a complete
description of which routers are connected to which networks in the given domain.
● Following convergence, each router has an identical copy of the link-state database from its own
perspective.
● Each router uses the common link-state database (LSDB) to calculate a shortest-path tree to all
destinations. The shortest-path tree is then used to create the routing table. Where several equal cost
routes exist to a destination, traffic can be distributed among them.
OSPF as a link-state protocol has several advantages over the use of a distance vector protocols like RIP.
Faster Convergence
OSPF quickly responds to topology changes and calculates new loop free routes. This is done by
flooding the information about the topology change through the network and calculating the new
routes immediately.
Fewer Network Resources
OSPF generates less network traffic than RIP as individual packets are smaller and multicasting
technology is utilized. The individual packets only contain update information, not the whole routing
table.
Greater Features
OSPF offers the following:
● OSPF calculates the best route based on a cost factor, which is normally related to the bandwidth of
a link, not a hop count.
● OSPF offers greater scalability than RIP. It is not limited to a maximum hop count and supports a
hierarchical network design.
● OSPF allows for load sharing over routes.
● All OSFP routing exchanges can be authenticated.
OSPF is an IP-only routing protocol, the latest RFC on OSPF is RFC 2328.
Defining OSPF
Extreme Configuration Fundamentals Rev. 3.0 5
Figure 2: Defining OSPF
Module 12 Configuring OSPF
6 Extreme Configuration Fundamentals Rev. 3.0
OSPF Routing Hierarchy
OSPF supports a hierarchical network design. Implementing a hierarchy in the routing topology of a
network, dramatically enhances its support for larger network designs.
OSPF implements a two-level hierarchical routing scheme that consists of an overall Autonomous System
(AS) that contains one or more areas.
An Autonomous System is a collection of routers and networks controlled by a single administration.
In the classic definition an Autonomous System is a set of routers under a single technical
administration, using an interior gateway protocol and a common metric to route packets within the
AS, and using an exterior gateway protocol to route packets to other Autonomous Systems.
After this classic definition was developed, it has become common for a single AS to use several interior
gateway protocols and sometimes several sets of metrics within an AS.
So, for OSPF an Autonomous System is the set of all routers that are running OSPF as their routing
protocol.
An Area consists of one or more physical networks (e.g. several VLANs and/or LANs) connected
together through IP routers.
By creating a hierarchy within the OSPF LSDB, larger inter-networks gain the following benefits:
● The INternal Router LSDB and routing table consume less router memory.
● Uses fewer router resources when computing the routing table. The LSDB contains fewer entries,
resulting in the OSPF algorithm consuming less CPU time to complete.
● Uses less link bandwidth when distributing routing data because any topological change is only sent
within the affected area. (Hides instability)
Overall OSPF saves network resources and bandwidth because not every link-state change is
propagated to all routers in the AS. This limits the number of routers having to perform a recalculation
of the OSPF routing table.
The AS may contain several areas, all of which share a common administration and common design
strategy. The term Domain is often used in place of AS.
OSPF Routing Hierarchy
Extreme Configuration Fundamentals Rev. 3.0 7
Figure 3: OSPF Routing Hierarchy
Module 12 Configuring OSPF
8 Extreme Configuration Fundamentals Rev. 3.0
OSPF Areas
OSPF allows the grouping of contiguous networks (LANs, WANs, Point-to-Point links) and hosts into
an Area. The flooding of detailed information is restricted to the area. The Shortest Path First (SPF) is
computed on a per-area basis, and all intra-area routes are derived from the SPF tree.
Areas are built by assigning the interfaces of each OSPF router to an Area. Each area has its own link
state database consisting of entries called Link State Advertisements (LSA) describing how the area's
routers and segments are connected. This means that routers connected to more than one area have a
LSDB for each area they are connected to.
There are several advantages of OSPF area-routing capabilities:
● The use of areas greatly reduces the amount of routing information traffic that must be propagated
throughout the entire AS.
● Areas allow the development of a hierarchy of routing information, and thus protect each area from
external routing information.
● The area's information is hidden from routers outside the area. This information-hiding technique is
important from a security standpoint, because it prohibits other areas from identifying the physical
topology of an area.
Routing within an area is flat. In intra-area routing the packet is routed solely on information obtained
within the area; no routing information obtained from outside the area can be used. This protects intraarea
routing from the injection of bad routing information from outside the area.
In an Extreme Networks® configuration (and as defined by the OSPF protocol), Area IDs are described
with 'dotted-decimal notation'. This means:
Area 0.0.0.1 can be referred to as Area 1
Area 0.0.1.0 would equate to Area 256
However, an Area ID is not an IP address and bears no relationship to IP addresses.
There are different types of areas, the two basic types are Normal Areas (also called Transit Areas) and
Stub Areas.
The Backbone Area is a special normal area, which is always required when using a hierarchical routing
scheme.
Not-So-Stubby Areas (NSSAs) are comparable to stub areas, but have additional capabilities.
The next example explains the characteristics of the different area types.
OSPF Areas
Extreme Configuration Fundamentals Rev. 3.0 9
Figure 4: OSPF Areas
Module 12 Configuring OSPF
10 Extreme Configuration Fundamentals Rev. 3.0
Identifying OSPF Components
This page describe the different types of OSPF areas.
Area 0 - Backbone Area
Any OSPF network that contains more than one area is required to have only one area configured as
Area 0.0.0.0 (referred to as Area 0), which is also called the Backbone. All areas in an Autonomous
System must be connected to the backbone physically through an Area Border Router (ABR), or logically
through a Virtual Link and the ABR. When designing networks, you often start with Area 0, and then
expand into other areas. The backbone area is always a normal area.
The backbone allows summary information to be exchanged between ABRs. Every ABR hears the area
summaries from all other ABRs. The topology of the backbone is invisible to its attached areas, and the
topology of the other areas is invisible to the backbone.
Within an Extreme Networks environment, when a VLAN is configured to run OSPF, by default it is
automatically joined to the backbone area. If you want a VLAN to be part of a different OSPF area, you
have to configure this.
Normal Area
Normal areas connect to other areas through ABRs. External routes are distributed into and out of
normal areas. These areas support virtual links and Autonomous System Boundary Routers (ASBRs).
Stub Area
OSPF allows certain areas to be configured as Stub Areas. External route information is not distributed
into stub areas. They are useful to reduce memory and computation requirements on OSPF routers.
To take advantage of the OSPF stub area support, default routing must be used on all routers within the
stub area. To accomplish this the area border router advertises a default route into the stub area. These
default route are used for any destination that is not explicitly reachable by an intra- or inter-area path.
If information about other areas is not advertised, the default route is used instead of special inter-area
paths.
The OSPF protocol ensures that, all routers belonging to an area agree on whether the area has been
configured as a stub. The following restrictions apply: virtual links cannot be configured through stub
areas and ASBRs cannot be placed internal to stub areas.
Not-So-Stubby Area
Not-So-Stubby Areas (NSSAs) are similar to the existing OSPF stub area configuration option, but have
the following additional capabilities:
External routes originating from an ASBR connected to the NSSA can be advertised within the NSSA
and these routes can be propagated to other areas.
NSSAs are an enhancement to current OSPF stub area functionality that allows importing external
routes into the stub area and also propagate them out to the rest of the OSPF domain in a limited
fashion.
Identifying OSPF Components
Extreme Configuration Fundamentals Rev. 3.0 11
Figure 5: Identifying OSPF Components
Module 12 Configuring OSPF
12 Extreme Configuration Fundamentals Rev. 3.0
OSPF Router Types
Within the OSPF hierarchy, different types of area are defined. Routers that perform the interconnection
of these areas require additional functionality, which results in 3 types of routers:
Internal Router
Internal routers (IRs) have all of their network interfaces in the same area. IRs run a single copy of the
basic routing algorithm and generate a single LSDB.
Area Border Router
An ABR is an OSPF router that has interfaces connected to more than one area. ABRs maintain a
distinct LSBD for each area and run the SPF algorithm on each area's database.
The ABR must always be connected to area 0. This can be achieved logically through a virtual link if a
physical connection is not possible or impractical.
An ABR is responsible for summarizing the information learned from one area and flooding it
throughout all the areas it belongs to in the form of Summary LSAs.
Autonomous System Boundary Router
An Autonomous System Boundary Router is a router that has interfaces in both an OSPF routing
domain, and a non-OSPF routing domain such as RIP, IS-IS, BGP or static routing information. It acts as
a gateway between OSPF and the other routing protocol. An ASBR is not limited to providing
connectivity between one OSPF domain and another autonomous system. An ASBR may provide
connectivity between an OSPF domain and a non-OSPF domain in the same autonomous system. The
ASBR generates AS-external LSAs, these describe routes to external networks outside the OSPF domain.
OSPF Network Types
OSPF classifies networks according to their characteristics, there are four different types of networks:
● Broadcast networks, for example, Ethernet
● Point-to-Point networks, for example, leased lines and ADSL
● Non-broadcast Multi-access (NBMA) networks, for example X.25, ATM, and Frame Relay (which is
NBMA by default)
● Point-to-Multipoint (PMP) networks, for example, Frame Relay (if it is configured to support PMP)
For Broadcast networks, one of the directly connected routers is elected as the Designated Router. It
represents the network and is responsible for exchanging routing information.
OSPF Router Types
Extreme Configuration Fundamentals Rev. 3.0 13
Figure 6: OSPF Router Types
Module 12 Configuring OSPF
14 Extreme Configuration Fundamentals Rev. 3.0
Designated Router Types
OSPF routers exchange link state information with their adjacent neighbors. Broadcast networks may
have many routers. A great deal of bandwidth is consumed by the routing protocol traffic if all
neighbors are adjacent. Additionally, a broadcast network is able to support the transmission of a single
message that is received by a set of defined destinations (multicast).
To reduce the amount of traffic, every broadcast network has a Designated Router (DR) which represents
the network, and a Backup Designated Router (BDR) to ensure quick failover if the Designated Router is
no longer reachable.
Essentially, a DR is responsible for ensuring that all other routers on a particular broadcast network
have the same LSDB. Therefore the DR (and the BDR) form adjacencies with all neighbors. This means
link state information is exchanged and databases are kept synchronized.
The other routers on the network, called Other Designated Routers (ODRs) exchange link state
information only with the DR and BDR, because they are the only adjacent neighbors. This is performed
with packets using the special All Designated Routers multicast address of 224.0.0.6.
The DR then forwards this information to all other routers, using the special All OSPF Routers multicast
address of 224.0.0.5.
The second task of the Designated Router is to generate a Network LSA, which describes the broadcast
network. It contains information about the IP network address, subnetwork mask, and attached routers.
Point-to-Point links do not elect a DR or BDR. Neighbors on Point-to-Point links immediately form an
adjacency and synchronize their databases.
Point-to-Multipoint links are treated by OSPF like a collection of Point-to-Point links, so there is no
election of a DR or BDR and adjacencies are formed immediately.
NBMA networks are treated like other broadcast networks, so a DR and BDR are elected in the same
way as on broadcast networks, with the same responsibilities for the Designated Router. But because
NBMA networks don't support broadcast/multicast packets, neighbors cannot be found automatically.
Therefore, they have to be configured.
Designated Router Types
Extreme Configuration Fundamentals Rev. 3.0 15
Figure 7: Designated Router Types
Module 12 Configuring OSPF
16 Extreme Configuration Fundamentals Rev. 3.0
Designated Router Election
After initializing the OSPF interfaces, a router transmits Hello packets and listen for Hello packets. For
as long as it's Wait Timer has defined (normally 4 times the Hello interval which in turn is often 10
seconds) the router waits for information about an already active Designated Router.
Typically, this means that the first router initialized on a network becomes the DR and the second
router initialized on a network becomes the BDR.
If the DR fails the BDR immediately becomes the DR and a new BDR is elected.
If an election is required, the router with the highest configured router priority is elected the DR or
BDR. If all routers have the same priority, the router with the highest Router ID is elected.
A router with the priority of 0 is never elected DR or BDR.
NOTE
Router priority is configured on a per-interface basis.
The parameters for each router should be configured to avoid electing a router that is very busy
processing a high volume of IP traffic, or is already acting as an ASBR.
The DR and BDR are elected by the use of the Hello protocol that is discussed later.
Designated Router Election
Extreme Configuration Fundamentals Rev. 3.0 17
Figure 8: Designated Router Election
Module 12 Configuring OSPF
18 Extreme Configuration Fundamentals Rev. 3.0
Link State Advertisement
Each OSPF router is responsible for describing its local piece of the routing topology through the
transmission of link-state advertisements (LSAs). LSAs describe the local state of a router or network.
This includes the state of the router's interfaces and adjacencies. Each link state advertisement is flooded
throughout the area.
Every thirty minutes a router, even in the absence of any change, transmits this self-originating data in
the event it may have been lost or corrupted in a neighbor’s routing tables.
There are several types of Link State Advertisements, each type with its own characteristics. These
characteristics include:
● The router that is the originator of the LSA and is generating this Link State Advertisement.
● The range this LSA is flooded through and whether it stays within an area or is it flooded through
the whole AS.
● The Link ID used to identify this LSA.
● Detail information in this LSA.
The next page gives a short overview about the different LSA types.
Link State Advertisement
Extreme Configuration Fundamentals Rev. 3.0 19
Figure 9: Link State Advertisement
Module 12 Configuring OSPF
20 Extreme Configuration Fundamentals Rev. 3.0
OSPF LSA Types
The LSA can be of several types:
LSA Type 1 - Router-LSAs
● Generated by every OSPF router.
● Describes the set of active interfaces, their associated cost, and any neighbor information.
● Flooded throughout a single area only.
● Link State ID field is the router OSPF Router ID.
LSA Type 2 - Network-LSAs
● Generated by OSPF Designated Routers.
● Describes a broadcast network along with the IDs of all currently attached routers.
● Flooded throughout a single area only.
● Link State ID field lists the IP interface address of the DR.
LSA Type 3 - Summary-LSAs (Network)
● Originated from ABRs.
● Supports hierarchical routing through the use of OSPF areas.
● Describes networks in different areas, reachable through the ABR, with the associated cost.
● Flooded into the next area by the ABR.
● Link State ID field is an IP network number.
LSA Type 4 - Summary-LSAs (ASBR)
● Originated from ABRs.
● Describes the existence of an AS Boundary Router.
● Flooded into the next area by the ABR.
● Link State ID field is the AS boundary router OSPF Router ID
LSA Type 5 - AS-external-LSAs
● Originated by an ASBR.
● Describes destinations external to the AS.
● Flooded through the whole Autonomous System.
● Link State ID field specifies an IP network number.
LSA Type 7 - NSSA-LSAs
● Functionally identical to a Type 5 LSA for a Normal Area. Originated by an ASBR. Allows the
importation of external routes normally not advertised out of the Not So Stubby Area (NSSA).
● Destined for ABRs with the highest Router ID, stays within the NSSA, are transformed by the ABRs
into Type 5 LSAs. Link State ID field specifies an IP network number.
OSPF LSA Types
Extreme Configuration Fundamentals Rev. 3.0 21
Figure 10: OSPF LSA Types
Module 12 Configuring OSPF
22 Extreme Configuration Fundamentals Rev. 3.0
How OSPF Operates
OSPF has been designed to be as resource efficient as possible. One of the ways of achieving this is in
the use of multicast packets where they are supported. Two multicast addresses/groups are used:
● 224.0.0.5 for all OSPF routers to receive
● 224.0.0.6 for only DR/BDR routers to receive
When joining an OSPF network for the first time, the router goes through several stages prior to
actually participating in forwarding/routing of packets. These include:
● The announcement of itself.
● Forming adjacencies with neighbors.
● Exchanging information with other routers about the state of its links.
● Learning about other routers.
● Ensuring that databases are synchronized.
How OSPF Operates
Extreme Configuration Fundamentals Rev. 3.0 23
Figure 11: How OSPF Operates
Module 12 Configuring OSPF
24 Extreme Configuration Fundamentals Rev. 3.0
OSPF Router Neighbor Discovery
A router discovers neighbors by sending OSPF Hello packets out of all of its interfaces using multicast
group 224.0.0.5. By default, a router sends Hello packets out of an interface every 10 seconds. A router
learns the existence of a neighboring router when it receives the neighbor's OSPF Hello in return.
Consider R1 in the diagram: When R1's interface is first initialized, it sends out its Hello packet to both
interfaces in the hope of receiving a Hello packet back from any other listening router (in this case R2,
R3, and R4).
After a neighbor relationship has been established, failure of this neighbor (or a link to it) is detected
when a router does not receive a Hello packet from a neighbor within 40 seconds. This timer is called
the Router Dead Interval and is configurable. It is always 4 times the Hello interval.
The Hello protocol ensures that neighbor routers agree on timing parameters and can aid in link failure
detection. A fault is usually detected way before this time, however, by the data-link protocol, since the
absence of Hello packets is most likely caused by an interface going down.
"Detecting neighbor failures in a timely fashion is crucial to OSPF protocol performance." (RFC 2178)
Note that once a router's LSDB is complete and stable, a router only transmits short, periodic Hello
messages until, generally, it is determined that the database is out of date (a change has been detected).
This is unlike RIP, which periodically broadcasts its entire routing table.
OSPF Router Neighbor Discovery
Extreme Configuration Fundamentals Rev. 3.0 25
Figure 12: OSPF Router Neighbor Discovery
Module 12 Configuring OSPF
26 Extreme Configuration Fundamentals Rev. 3.0
OSPF Hello Packets
The Hello packet contains:
● The router's OSPF Router ID.
● The area ID.
● The Hello interval in seconds at which the router sends Hello packets on the given network and the
corresponding Dead Interval after which a neighbor is declared dead.
● The router's priority value.
● The router's current choice for the DR and the BDR (a value of zero in these fields indicates that one
has not yet been selected).
● A list of routers from which Hello packets have recently been received.
● The password if authentication is used.
● Information identifying if the area is a stub area or a NSSA.
● The subnetwork mask.
Routers examine the values of the received Hello packets and only build a neighbor relationship if
certain values are the same. Neighbors must agree to which area they belong and if this is a normal,
stub, or not-so-stubby area.
The Hello and Dead intervals must match to ensure that the failure of a neighbor is detected in a timely
manner.
Of course, if authentication is used, the passwords must be correct.
By examining the Hello packets received and locating its own Router ID in the neighbor list, a router
can be assured that bidirectional communication has been established with all neighbors.
Concurrently, the DR and BDR are elected, based on the router priority value.
The relationship is now bidirectional and adjacency begins to be set up.
OSPF Hello Packets
Extreme Configuration Fundamentals Rev. 3.0 27
Figure 13: OSPF Hello Packets
Module 12 Configuring OSPF
28 Extreme Configuration Fundamentals Rev. 3.0
LSDB Initial Synchronization
Before bidirectional neighbors can become fully adjacent, they must decide on an initial sequence
number and which router is the master. The router with the largest router ID becomes the master and it
provides the initial sequence number.
After the master/non-master relationship is defined, the master sends database description packets to
the non-master. Database description packets describe the router's link-state database and consist of a
list of abbreviated LSAs in the form of link-state headers. A link-state header supplies all the
information needed to uniquely identify an individual LSA.
The master sends database description packets (polls) that must be acknowledged by database
description packets (responses) from the non-master.
Based on the summary received from its neighbor, each router builds a list of requests for LSAs that it
needs to bring its own database up-to-date. A router builds this list by comparing its link-state database
with the link-state headers received in the neighbor's database description packets.
If the router does not have a particular LSA in its link-state database, or if it determines that its
neighbor has a more recent version of an LSA (e.g. the cost is different), the LSA is added to the request
list. Each router sends this list in a link-state request packet to its neighbor.
Each router responds to a link-state request packet with a link-state update packet containing the LSAs
requested by its neighbor. Neighbors acknowledge the link-state updates with link-state
acknowledgement packets. The neighbors become fully adjacent when each has received and
acknowledged all requested LSAs.
Once the routers become fully adjacent, they run the SPF algorithm on the database and add the OSPF
routes to their routing tables.
LSDB Initial Synchronization
Extreme Configuration Fundamentals Rev. 3.0 29
Figure 14: LSDB Initial Synchronization
Module 12 Configuring OSPF
30 Extreme Configuration Fundamentals Rev. 3.0
LSDB Synchronization
Database synchronization in a link state protocol is crucial. Synchronization protects the network as a
whole from corrupt information. Of the 5 OSPF protocol packet types, 4 are used for database
synchronization with the Hello packet being the 5th type as follows:
● Database Description packet
● Link State Request packet
● Link State Update packet
● Link State Acknowledge packet
Flooding
After a pair of routers becomes fully adjacent, database synchronization is maintained with a flooding
procedure. When an LSA is flooded, it is passed from adjacent router to adjacent router until it has been
distributed throughout the entire routing area. LSAs are flooded when the status of a router's link
changes or when a timer expires, indicating that it is time for another periodic update.
The decision of any router to pass on the LSA to its adjacent neighbor is based on several conditions.
For example, an OSPF router should avoid passing timed-out or self-generated LSAs.
Reliable Updates
OSPF implements a reliable link-state flooding procedure by requiring that the adjacent router
acknowledges the receipt and transfer of an LSA. In the absence of an acknowledgement, the source
router retransmits the LSA until it is acknowledged or until the adjacency is declared down. Whenever
it is determined that there is a change in the link-state database, a new Shortest-path Tree (SPT) is
constructed and the routing table is updated.
Link-State Age
Every LSA also has an age field, which is used internally to maintain the link-state database. An LSA
age is periodically increased as it is flooded throughout the area and while it resides in a router's linkstate
database. An LSA can reach an age where it is no longer used in the flooding procedure and must
be flushed from the link-state database.
Link-State Sequence Numbers
An LSA in a router's link-state database is often replaced by a more recent LSA from its adjacent
neighbor. Each LSA contains a 32-bit sequence number field used by OSPF routers to detect timed-out
or duplicate LSAs. A sequence number space is used for LSA identification. When a router generates a
new LSA, it uses the next available sequence number. All routers keep their link-state databases
synchronized by aging LSAs in their database, and updating it with incoming LSAs.
LSDB Synchronization
Extreme Configuration Fundamentals Rev. 3.0 31
Figure 15: LSDB Synchronization
Module 12 Configuring OSPF
32 Extreme Configuration Fundamentals Rev. 3.0
Identifying When OSPF Routing Occurs
It should now be apparent that routing only occurs after the following:
● OSPF routers establish neighbor adjacencies
● The router LSDBs are fully synchronized
● The routing tables are constructed.
Essentially, this is the only point at which the actual IP routing/forwarding engine is able to use any
indirect routes.
Building the Routing Table
The first step in creating a routing table from the link state database is the creation of a topology map.
Each router builds a topology map by moving the LSAs around and placing them in the proper
position; similar to the way a person would assemble a jigsaw puzzle.
After the topology map is built, each router builds a shortest-path tree to all possible destination
networks. When building the tree, each router places itself at the root position. The tree is constructed
so that the path from the root to each destination network traverses the least-cost path. Directly
connected networks are entered into the routing table with a cost of zero.
Each router constructs a different SPT despite the fact that all routers are building their trees from an
identical link-state database. This is because a router only appears at the root position of its own tree.
After the SPT is constructed, each router builds its local routing table.
Identifying When OSPF Routing Occurs
Extreme Configuration Fundamentals Rev. 3.0 33
Figure 16: Identifying When OSPF Routing Occurs
Module 12 Configuring OSPF
34 Extreme Configuration Fundamentals Rev. 3.0
Basic IP Configuration Review
Before configuring OSPF, make sure the basic IP setup is correct. This includes:
● IP addresses are assigned to all VLANs for which routing should be done.
● IP forwarding is enabled for these VLANs.
● Physical cabling for the router connectivity has been done and the ports are assigned to the correct
VLANs.
Here are the commands to remember for these tasks:
To create a VLAN, enter the following command:
create vlan <vlan name>
To configure a VLAN with member ports, enter the following command:
configure vlan <vlan_name> add port [ all | <port number> ]
To assign an IP address to the VLAN, enter the following command:
configure <vlan_name> ipaddress <ipaddress> [/<netmask>]
To enable IP forwarding, enter the following command:
enable ipforwarding {vlan <name>}
Basic IP Configuration Review
Extreme Configuration Fundamentals Rev. 3.0 35
Figure 17: Basic IP Configuration Review
Module 12 Configuring OSPF
36 Extreme Configuration Fundamentals Rev. 3.0
The OSPF Router ID
The first step to configure OSPF is to assign an identifier to the router. If the router ID is not set the
default setting uses the highest IP interface address on the router as the router ID.
When configuring the router ID follow these recommendations:
● Each router/layer 3 switch that is configured to run OSPF must have a unique Router ID.
● Manually set the router ID of the switches participating in OSPF, instead of having the switch
automatically choose its router ID based on the highest interface IP address. Not performing this
configuration in a larger, dynamic environment could result in an older link state database
remaining in use and a general lack of control.
■ When the OSPF router ID is set to automatic (default), the router ID is determined by the router
every time OSPF is enabled.
■ It is not necessary for OSPF to be configured or for the IP interface to be active on the interface
that is used to automatically set the router ID. There is no requirement for the associated VLAN
to be up or have any ports assigned to it.
■ If a Router ID changes after a reboot or a disable OSPF command, its LSAs could stay in the
LSDB for 30 minutes. This corrupts the LSDB for the whole routing domain unless a manual reset
is performed.
■ Virtual links are defined to connect to a specific Router ID. If this target router changes its Router
ID the link fails, possibly isolating an entire area
To configure the OSPF router ID, enter the following command:
configure ospf routerid [automatic | <routerid>]
The default setting is automatic. If automatic is specified, the switch uses the highest IP interface
address as the OSPF router ID.
For example:
configure ospf routerid 10.1.6.1
NOTE
Do not set the Router ID to 0.0.0.0, this value is reserved.
The OSPF Router ID
Extreme Configuration Fundamentals Rev. 3.0 37
Figure 18: The OSPF Router ID
Module 12 Configuring OSPF
38 Extreme Configuration Fundamentals Rev. 3.0
Configuring a Single OSPF Area
This page presents the steps to complete a basic OSPF configuration in a single area, which is the
backbone area 0.0.0.0. Area 0.0.0.0 does not need to be created. It exists by default. An OSPF network
must have one backbone area 0.0.0.0.
To configure OSPF in a single area, perform the following general steps:
● Perform basic IP configuration.
● Configure the router IDs.
● Enable OSPF for the VLANs and associate them with the OSPF area ID 0.0.0.0.
● Enable OSPF globally on the switch.
In this single area example the area is 0.0.0.0.
To enable OSPF for the VLANs and assign them to an area, enter the following command:
configure ospf add vlan [<vlan name> | all] area <area identifier>
The <area identifier> specifies the area to which the VLAN is assigned.
To enable OSPF globally on the switch, enter the following command:
enable ospf
Unconfiguring OSPF
To remove a VLAN from the OSPF routing process, enter the following command:
configure ospf delete vlan [<vlan name> | all]
To stop the OSPF process, enter the following command:
disable ospf
Configuring a Single OSPF Area
Extreme Configuration Fundamentals Rev. 3.0 39
Figure 19: Configuring a Single OSPF Area
Module 12 Configuring OSPF
40 Extreme Configuration Fundamentals Rev. 3.0
OSPF Configuration Example
This example shows the basic IP and OSPF configuration for R1 in the example network. R2 and R3 are
configured in the same way.
R2
create vlan v0ospf
configure vlan v0ospf ipaddress 10.0.0.2/24
create vlan v2ospf
configure vlan v2ospf ipaddress 10.2.0.2/24
enable ipforwarding
configure ospf routerid 2.2.2.2
configure ospf add v0ospf area 0.0.0.0
configure ospf add v2ospf area 0.0.0.0
enable ospf
R3
create vlan v0ospf
configure vlan v0ospf ipaddress 10.0.0.3/24
create vlan v3ospf
configure vlan v3ospf ipaddress 10.3.0.3/24
enable ipforwarding
configure ospf routerid 3.3.3.3
configure ospf add v0ospf area 0.0.0.0
configure ospf add v3ospf area 0.0.0.0
enable ospf
OSPF Configuration Example
Extreme Configuration Fundamentals Rev. 3.0 41
Figure 20: OSPF Configuration Example
Module 12 Configuring OSPF
42 Extreme Configuration Fundamentals Rev. 3.0
Configuring Multiple OSPF Areas
This page presents the steps to complete an OSPF configuration in multiple areas. To configure OSPF in
multiple areas:
● Perform basic IP configuration.
● Configure the router IDs.
● Enable OSPF for the VLANs and associate them with the OSPF area IDs.
● Enable OSPF globally on the switch.
To create a new OSPF area, enter the following command:
create ospf area <area identifier>
Where:
● Area IDs are formatted in dotted-decimal notation. (i.e. 10.1.6.1, 3.42.6.2)
● Area 0.0.0.0 does not need to be created. It exists by default.
● An Area ID is not an IP address and bears no relationship to IP addresses.
Configuring Multiple OSPF Areas
Extreme Configuration Fundamentals Rev. 3.0 43
Figure 21: Configuring Multiple OSPF Areas
Module 12 Configuring OSPF
44 Extreme Configuration Fundamentals Rev. 3.0
Advanced OSPF Configuration
In addition to required configuration the following advanced configuration may be necessary:
● Configure the area as a stub or NSSA area.
● Change the priority for one or all OSPF router interfaces.
● Configure the cost metric of one or more interfaces.
OSPF allows certain areas to be configured as Stub Areas or NSSAs. External route information is not
distributed into stub areas. To configure an OSPF area as a stub area, enter the following command:
configure ospf area <area-identifier> stub [summary | nosummary]
stubdefault-cost <cost>
To configure an OSPF area as a NSSA, enter the following command:
configure ospf area <area-identifier> nssa [summary | nosummary]
stubdefault-cost <cost> {translate}
The router with the highest configured router priority is elected the DR for a network. To change the
priority for one or all OSPF router interfaces for DR election, enter the following command:
configure ospf [area <area identifier> | vlan [<vlan name> | all]] priority
<priority>
OSPF calculates the best route based on a cost factor, which is normally related to the bandwidth of a
link. To configure the cost metric of one or all interface(s), enter the following command:
configure ospf [area <area identifier> | vlan [<vlan name> | all]] cost
[automatic | <cost_number>]
Advanced OSPF Configuration
Extreme Configuration Fundamentals Rev. 3.0 45
Figure 22: Advanced OSPF Configuration
Module 12 Configuring OSPF
46 Extreme Configuration Fundamentals Rev. 3.0
Advanced OSPF Configuration Continued
In addition to required configuration the following advanced configuration may be necessary:
● Enable the redistribution other routing protocols into the OSPF domain.
● Configure a range of addresses to be aggregated in the area.
● Configure the ASBR to accept external routes.
● Create a virtual link to connect an area to the backbone through another area.
An Autonomous System Boundary Router is a router that has interfaces in both an OSPF routing
domain, and a non-OSPF routing domain such as RIP, IS-IS, BGP or static routing information. The
ASBR generates AS-external LSAs, these describe routes to external networks outside the OSPF domain
To enable the redistribution of other routing protocols into the OSPF domain, enter the following
command:
enable ospf export [bgp | direct | e-bgp | i-bgp | rip | static]
[cost <cost> type [ase-type-1 | ase-type-2] {tag <number>} | <policy-map>]
To configure a range of IP addresses to be aggregated in an OSPF area, enter the following command:
configure ospf area <area-identifier> add range [<ip-address> <ip-mask> |
<ipNetmask>] [advertise | noadvert] [type-3 | type-7]
To aggregate AS-external routes in a specified address range, enter the following command:
configure ospf ase-summary add [<ip-address> <ip-mask> | <ipNetmask>] cost
<cost> {tag <number>}
All ABRs in an AS must be connected to the backbone physically or logically through a virtual link. To
add a virtual link connected to another ABR, enter the following command:
configure ospf add virtual-link <routerid> <area identifier>
NOTE
Remember that the Virtual Link must be configured at both ends.
Advanced OSPF Configuration Continued
Extreme Configuration Fundamentals Rev. 3.0 47
Figure 23: Advanced OSPF Configuration Continued
Module 12 Configuring OSPF
48 Extreme Configuration Fundamentals Rev. 3.0
Verifying the Basic IP Configuration
To verify which destination networks are in the routing table and the source of the routing entry, enter
the following command:
show iproute
The displays shows:
● The origin of the route. (how was the route learned).
● The destination network.
● The next hop gateway.
● The type of route entry.
● The preferred route for unicast and multicast traffic.
● The duration of time this route has been in the routing table.
To verify that IP forwarding is enabled and the interface is up, enter the following command:
show ipconfig
The display shows:
● The name of each VLAN.
● The IP address of each router interface.
● If IP forwarding is enabled for each VLAN.
● If the interface is enabled and active.
Verifying the Basic IP Configuration
Extreme Configuration Fundamentals Rev. 3.0 49
Figure 24: Verifying the OSPF Configuration
Figure 25: Verifying the OSPF Configuration Continued
Module 12 Configuring OSPF
50 Extreme Configuration Fundamentals Rev. 3.0
Verifying the Global OSPF Configuration
To display the global OSPF configuration, enter the following command:
show ospf
In the example output, notice the following:
● The configured router ID.
● OSPF is enabled, this router is not an ASBR or ABR.
● There is no redistribution to OSPF configured.
● The default cost of the OSPF interfaces.
Verifying a Single Area Configuration
To display information about a particular OSPF area, enter the following command:
show ospf area <area identifier>
The output displays:
● Area ID, Area Type (stub or normal) and Router ID.
● Number of SPF executions, number of ABRs known, number of ASBRs known, number of LSAs in
the LSDB, and the LSA checksum.
● List of router interfaces (VLANs), the link state, their OSPF state, and the IP address for the DR and
BDR.
In our example these values for London are:
● Area ID 0.0.0.0, Area Type normal and Router ID 2.9.7.3.
● No known ABRs or ASBRs, number of LSAs in LSDB is 8.
● There are 4 router interfaces and OSPF is enabled on all. For the first VLAN the router London itself
is the DR, there is no BDR known. This is normal, because London is the only router on this segment
at the moment. For the third VLAN the router London is the BDR, the DR has the IP address
11.0.0.1.
Verifying the Global OSPF Configuration
Extreme Configuration Fundamentals Rev. 3.0 51
Figure 26: Verifying the Global OSPF Configuration
Figure 27: Verifying a Single Area Configuration
Module 12 Configuring OSPF
52 Extreme Configuration Fundamentals Rev. 3.0
Verifying OSPF Interface Configuration and Neighbor State
To display information about one or all OSPF interfaces, enter the following commands:
show ospf interfaces {vlan <vlan name> | area <area identifier>}
show ospf interfaces detail
London has 2 router interfaces configured for OSPF.
● The first displayed router interface is 103.0.0.1/24, VLAN black.
● The Area ID is 0.0.0.0 and the Router ID is 2.9.7.3.
● The cost for this link is 10.
● The priority for the DR election on this interface is 1.
The timers are the default values: Hello 10 seconds, Dead 40 seconds, Retransmit 5 seconds. The
Retransmit Interval is the time the router waits until retransmitting routing information if it does not
get an acknowledge packet.
● Authentication is not used.
● London is the DR on this link.
● There are no neighbors on this interface
The second displayed router interface is 13.0.0.1/24, VLAN brown.
● The Area ID is 0.0.0.0 and the Router ID is 2.9.7.3.
● The cost for this link is 4.
● The priority for the DR election on this interface is 1.
● The timers are the default values: Hello 10 seconds, Dead 40 seconds, Retransmit 5 seconds.
● Authentication is not used.
● London is the DR on this link. The BDR is the router with IP address 13.0.0.2.
To display information about OSPF neighbors, enter the following commands:
show ospf neighbor
The display shows:
● The neighbor router ID.
● The neighbor synchronization state.
● The neighbor IP address.
● The interface that provides the path to the neighbor.
Verifying OSPF Interface Configuration and Neighbor State
Extreme Configuration Fundamentals Rev. 3.0 53
Figure 28: Verifying OSPF Interface Configuration
Figure 29: Verifying the OSPF Neighbor State
Module 12 Configuring OSPF
54 Extreme Configuration Fundamentals Rev. 3.0
Monitoring the LSDB
To display a table of the current LSDB, enter the following command:
show ospf lsdb area [all | <area identfier>] lstype [all | network |
router]
There are 4 router LSAs in London's Link State Database:
● London generated one to describe itself, this has Link ID 2.9.7.3, London’s Router ID.
● Sanjose generated one to describe itself, this has Link ID 2.9.7.1, Sanjose’s Router ID.
● Newyork generated one to describe itself, this has Link ID 2.9.7.2, Newyork’s Router ID.
There are 4 network LSAs in London's Link State Database:
The network LSA for the Broadcast Network 10.0.0.0/24 is generated by the DR, that is router Sanjose
in our example.
Monitoring the LSDB
Extreme Configuration Fundamentals Rev. 3.0 55
Figure 30: Monitoring the LSDB
Module 12 Configuring OSPF
56 Extreme Configuration Fundamentals Rev. 3.0
Summary
Module twelve presents the Open Shortest Path First (OSPF) IP routing protocol.
You should now be able to:
● Define OSPF as a routing protocol.
● Identify the advantages of OSPF.
● Describe the OSPF hierarchy.
● Define OSPF areas and router types.
● Describe how OSPF operates.
● Define Link State Advertisements (LSA) and hello packets.
● Define Link State Database (LSDB) synchronization.
● Configure OSPF within a single area.
● Verify the configuration and operation of OSPF.
Summary
Extreme Configuration Fundamentals Rev. 3.0 57
Figure 31: Summary
Module 12 Configuring OSPF
58 Extreme Configuration Fundamentals Rev. 3.0
Module 12 Review Questions
1 What are the primary differences between RIP and OSPF?
a RIP is a distance-vector routing protocol and OSPF is a link-state routing protocol.
b RIP is a link-state routing protocol and OSPF is a distance-vector routing protocol.
c RIP is a interior gateway protocol and OSPF is a exterior gateway protocol.
d RIP is a exterior gateway protocol and OSPF is a interior gateway protocol.
2 What are the primary advantages of OSPF as compared to RIP? (more than one correct answer)
a OSPF can route IP and IPX packets.
b OSPF consumes fewer resources.
c OSPF converges faster.
d OSPF provides greater control by using a configurable cost metric.
e OSPF is simpler and easier to understand.
f OSPF routing messages can be authenticated.
g OSPF has been in use longer.
h OSPF uses a distance-vector routing algorithm.
i OSPF provides greater scalability by supporting a hierarchy.
j OSPF supports load sharing.
3 How many levels of hierarchy does OSPF support?
a One
b Two
c Three
d Sixteen
4 What is the relationship between Autonomous Systems and Areas.
a One Autonomous Systems can contain multiple Areas.
b One Area can contain multiple Autonomous Systems.
5 Which of the following are correct statements about OSPF Areas?
a Each Autonomous System must contain one backbone area 0.0.0.0.
b Routing between areas requires an Exterior Gateway Protocol.
c Routers are assigned to an area through a dynamic area election protocol.
d Detailed area information is hidden from routers outside the area.
e All areas in an Autonomous System must be connected to the backbone through an Area Border
Router either through a direct link or through a Virtual Link.
f Routing within an area is flat.
g The area ID must match the IP address of one of the designated router interfaces within the area.
h Area 0.0.0.51 is reserved for the University of Mars.
Summary
Extreme Configuration Fundamentals Rev. 3.0 59
6 Match the following OSPF router types with the correct description:
7 What types of networks use an OSPF Designated Router?
a Point-to-Point
b Point-to-Multipoint
c Broadcast.
d Non-broadcast Multi-access.
8 What are the types of OSPF Designated Routers?
a Other Designated Routers.
b Border Designated Routers.
c Designated Routers.
d Backup Designated Routers.
e Master Designated Routers.
f Autonomous System Designated Routers.
g Area Designated Routers.
9 Match the following OSPF Link-state Advertisements types with the router types that generate them.
10 In what order does a router go through the following steps when joining a network?
a ___ Forming adjacencies with neighbors.
b ___ Exchanging information with other routers about the state of its links.
c ___ The announcement of itself.
d ___ Learning about other routers.
e ___ Ensuring that databases are synchronized.
Router Type Description
a Internal ___ Has interfaces in both an OSPF routing domain, and a non-OSPF routing domain
b Area Border ___ Have all of their network interfaces in the same area.
c Autonomous
System
Boundary
___ Has interfaces connected to more than one area.
LSA Type Router Type
a AS-external ___ All routers
b Router ___ Area Border routers
c NSSA ___ Autonomous System Boundary routers
d Network ___ Designated routers
e Summary
Module 12 Configuring OSPF
60 Extreme Configuration Fundamentals Rev. 3.0
11 What do OSPF routers use to discover their neighbors?
a Router Link-state Advertisements.
b Router discovery packets.
c Extreme Discovery Protocol packets.
d LSDB synchronization packets.
e Hello packets.
12 How are Link State Databases synchronized?
a Hello packets are passed from adjacent router to adjacent router.
b LSA update packets are passed from adjacent router to adjacent router.
c Synchronization packets are passed from adjacent router to adjacent router.
d Triggered update packets are passed from adjacent router to adjacent router.
13 Which of the following must occur before OSPF routing takes place? (choose all that apply)
a The route hold-down timer expires.
b The routing tables are constructed.
c Each router sends a routing table update message to every neighbor.
d Routers establish neighbor adjacencies.
e The router LSDBs are fully synchronized.
Extreme Configuration Fundamentals Rev. 3.0 1
13Module 13
Advanced Features
Module 13 Advanced Features
2 Extreme Configuration Fundamentals Rev. 3.0
Student Objectives
Module thirteen presents a general overview of the advanced features of Extreme Networks® products.
Upon completion of this module, the successful student will be able to:
● Identify and describe advanced routing features.
● Identify and describe advanced redundancy features.
● Identify and describe advanced security features.
● Identify and describe advanced traffic management features.
Advanced Routing and Switching
The first section of the lecture describes the following advanced routing and switching features:
● Advanced OSPF
● Intermediate System - Intermediate System
● Border Gateway Protocol
● Network Address Translation
● IP Multinetting
● IP Multicasting
● Multiprotocol Label Switching
Student Objectives
Extreme Configuration Fundamentals Rev. 3.0 3
Figure 1: Student Objectives
Figure 2: Advanced Routing and Switching
Module 13 Advanced Features
4 Extreme Configuration Fundamentals Rev. 3.0
Advanced OSPF Features
The OSPF features described on this page are supported on ExtremeWare XOS and ExtremeWare.
Hierarchical OSPF
Larger OSPF Networks should be built hierarchically. OSPF has two levels of hierarchy, the
autonomous system and the areas. The hierarchical architecture of OSPF provides lower level regular
areas and a higher-level backbone area (0.0.0.0). Hierarchical routing minimizes routing updates and the
scope of topology changes. This is especially true if combined with route summarization.
Route Summarization
In a good routing design the IP address hierarchy must match the area design. To get the benefits of
this concept, routes must be summarized at the Area Border Routers (ABR). Route summarization hides
the detailed intra area routing information from the rest of the network. So, an intra area topology
change only influences the area itself.
Route Redistribution
Routing information learned by one routing protocol can be redistributed into another one. The major
issue is the choice of a good metric during the redistribution. Route Redistribution can also be done
from static routes or directly connected interfaces into dynamic routing protocols.
Virtual Links
Areas not directly connected to the backbone area are not allowed in OSPF, but for geographical,
political, or migration reasons this still might happen. These areas must be connected to the backbone
area using a Virtual Link.
NSSA
Not So Stubby Areas (NSSAs) are similar to OSPF stub area. However, external routes originating from
an ASBR connected to the NSSA are advertised within the NSSA and these routes are propagated to
other areas in a limited fashion.
NOTE
These topics are covered in detail in the Extreme Interior Gateway Protocols (EIGP-300/2) course.
Advanced OSPF Features
Extreme Configuration Fundamentals Rev. 3.0 5
Figure 3: Advanced OSPF Features
Module 13 Advanced Features
6 Extreme Configuration Fundamentals Rev. 3.0
Intermediate System - Intermediate System
Integrated Intermediate System - Intermediate System (IS-IS) is a Link State Routing Protocol defined by
the ISO. The original IS-IS protocol has a three-level hierarchy defined and is used in the OSI sevenlayer
network protocol world with OSI NSAP Addresses.
Integrated IS-IS is a modification that can also be used with IP addresses and is reduced to two levels of
hierarchy. Integrated IS-IS allows a single routing protocol to route both IP and OSI packets. The
ExtremeWare XOS and ExtremeWare integrated IS-IS implementation is IP-only.
IS-IS Hierarchy
Integrated IS-IS partitions the network into routing domains. Routing domain boundaries are defined
by interior and exterior links. Interior links are part of the IS-IS routing domain; exterior links are not.
No IS-IS routing messages are sent on exterior links.
A routing domain is partitioned into areas. IS-IS routing uses two levels of hierarchical routing.
The intra-area routers are called level 1 routers; they share the same link state database. The area
borders are on the links between two routers with different address prefixes.
A backbone is used to connect the areas. The backbone is a contiguous group of level 2 routers. The
backbone can be easily expanded to connect new areas, no matter at what point of the network you add
them. The only restriction is that all level 2 routers have a physical connection to another level 2 router.
Supported Features
An IP-only IS-IS router is a router that uses IS-IS as the routing protocol for IP and does not support
OSI protocols.
In addition to IP-only routing Extreme Networks switches support the following:
● MD5 Authentication
● Supports both levels (level 1 + 2)
● Configurable timers, adjacency control
● Level 1 Route Summarization and Filtering
● Route Redistribution and Filtering
● Originating Default Route
● Setting Overload Bit and Metric Size
● MPLS direct LSPs
● Default Routes to Nearest Level 1/2 Switch for Level 1 Only Switches
● Interfaces:
● Ethernet (Broadcast)
■ POS (Broadcast or Point-to-Point)
Intermediate System - Intermediate System
Extreme Configuration Fundamentals Rev. 3.0 7
Figure 4: Intermediate System - Intermediate System
Figure 5: IS-IS Support
Module 13 Advanced Features
8 Extreme Configuration Fundamentals Rev. 3.0
Border Gateway Protocol
The Border Gateway Protocol (BGP) is supported on the BlackDiamond 10808, BlackDiamond 8800, and
Summit X450 running ExtremeWare XOS and BlackDiamond 6800 running ExtremeWare.
BGP is an Exterior Gateway Protocol (EGP) used to route between Autonomous Systems (AS). It is the
de-facto EGP of the Internet.
The latest version, BGP-4, was deployed in 1993; it is a distance vector type of protocol. BGP uses policy
routing instead of metrics as used in IGPs. With BGP, network reachability information is exchanged
between peers using a reliable TCP connection.
BGP Routing
The policy routing decision is mainly based on the AS-path list.
During the distribution of network information every AS adds its AS number to the AS path list.
In the example both providers A and B are using BGP and customer 1 is running BGP on its Customer
Edge (CE) Router (Gateway to the providers). Customer 1 uses BGP because the network has more than
one connection to the Internet (multi-homed). This customer always wants to use the best exit for
reaching a far AS. Customer 2 is not running BGP because with only a single connection to the Internet
a default route is used.
The CE of Customer 1 has two different routes to the networks of Customer 2 and in the default
behavior it uses the route with the shorter AS path list (65000,2) directly using Provider B.
NOTE
This topic is covered in detail in the Extreme BGP4 Concepts and Configuration (BGP-220c) course.
Border Gateway Protocol
Extreme Configuration Fundamentals Rev. 3.0 9
Figure 6: Border Gateway Protocol
Figure 7: BGP Routing
Module 13 Advanced Features
10 Extreme Configuration Fundamentals Rev. 3.0
IP Multicasting
ExtremeWare XOS and ExtremeWare support Protocol Independent Multicast (PIM) in Dense Mode
and Sparse Mode. ExtremeWare also supports Distance Vector Multicast Routing Protocol. Multicast
technology is an efficient way to deliver the same data stream to multiple receivers. IP multicasting is
typically used for video and audio conferencing and streaming applications. Broadcast or multiple unicast
packets may be used, but both waste network bandwidth and processing resources. IP Multicast
technology is implemented in several parts of the network.
Source and Receivers
A Multicast Source just sends data. The traffic is flooded through the broadcast domain. Routers are
responsible for forwarding or filtering these multicast packets.
A Multicast Receiver reports its interest in multicast traffic using the Internet Group Management
Protocol (IGMP). Routers listen to IGMP Membership Reports and learn that, multicast traffic must be
forwarded to the segment where the client is attached.
Multicasting Protocols
Multicast Routers communicate using Multicast Routing Protocols to exchange information about where
multicast traffic is needed in a routed network. These protocols are used to build distribution trees
along which multicast traffic is forwarded.
The 'Independent' in PIM means that the multicast protocol is independent of the underlying unicast
routing protocol. PIM uses the unicast routing table that is constructed by the unicast routing protocol.
Increasing Layer 2 Multicast Efficiency
IGMP Snooping prevents the layer -2 flooding of multicast packets through the whole broadcast
domain. Switches configured for IGMP Snooping listen to IGMP membership reports from clients and
learn, where multicast traffic is needed and where it is not. Multicast traffic is only forwarded out of
those ports where multicast clients are connected.
Example
In VLAN Green there is a multicast server transmitting a multicast stream. The multicast packets arrive
at R1. The multicast client attached to VLAN Purple gets the multicast packets because it reported its
interest using IGMP. In VLAN Red there are also interested multicast clients. They send an IGMP
membership report to R3. The routers in the network use multicast routing protocols to build the
distribution tree. There is no multicast client in VLAN Blue. So, no multicast traffic is flowing to VLAN
Blue. Because of the use of IGMP snooping in VLAN Red, the multicast traffic is not flooded through
the whole VLAN, but only forwarded out of those ports where multicast clients are connected.
NOTE
This topic is covered in detail in the Extreme Multicast Routing (EMR-300/2) course.
IP Multicasting
Extreme Configuration Fundamentals Rev. 3.0 11
Figure 8: IP Multicasting
Figure 9: Multicasting Example
Module 13 Advanced Features
12 Extreme Configuration Fundamentals Rev. 3.0
Network Address Translation
Network Address Translation (NAT) is an ExtremeWare feature. It is not supported in ExtremeWare
XOS 11.3.
NAT allows private IP addresses to be converted to public Internet IP addresses. This conversion is
done transparently by having a NAT device rewrite the source IP address and Layer 4 port of the
packets.
You can configure NAT to conserve IP address space by mapping a large number of inside (private)
addresses to a much smaller number of outside (public) addresses. In implementing NAT, you must
configure at least two separate VLANs involved. One VLAN is configured as inside, and corresponds to
the private IP addresses you would like to translate into other IP addresses. The other VLAN is
configured as outside, which corresponds to the public (probably Internet) IP addresses you want the
inside addresses translated to. The mappings between inside and outside IP addresses are done using
rules that specify the IP subnets involved and the algorithms used to translate the addresses.
When implementing NAT in an Internet environment, it is recommended to use one of the reserved
private IP address ranges for the internal IP addresses. These ranges have been reserved specifically for
networks not directly attached to the Internet. Using IP addresses within these ranges prevents
addressing conflicts with public Internet sites to which you want to connect. The ranges are as follows:
● 10.0.0.0/8 Reserved Class A private address space
● 172.16.0.0/12 Reserved Class B private address space
● 192.168.0.0/16 Reserved Class C private address space
The behavior of NAT is determined by the rules you create to translate the IP addresses. You must
associate each rule to a specific VLAN. All rules are processed in order. The options specified on the
NAT rule determine the algorithm used to translate the inside IP addresses to the outside IP addresses.
All return packets must arrive on the same outside VLAN on which the session went out.
NAT Modes
There are 4 different modes used to determine how the outside IP addresses and Layer 4 ports are
assigned.
● Static mapping
● Dynamic mapping
● Port-mapping
● Auto-constraining
Network Address Translation
Extreme Configuration Fundamentals Rev. 3.0 13
Figure 10: Network Address Translation
Module 13 Advanced Features
14 Extreme Configuration Fundamentals Rev. 3.0
IP Multinetting
IP Multinetting is an ExtremeWare XOS and ExtremeWare feature.
IP Multinetting is the ability to have multiple IP subnetworks on the same bridging domain (VLAN).
The hosts connected to the same physical segment can belong to any one of the networks. So, multiple
subnets can overlap onto the same physical segment. Any routing between the hosts in different
networks is done through the interface of the router. Typically, different IP networks are on different
physical segments, but IP multinetting eliminates this limit.
Multinetting can be a critical element in a transition strategy, allowing a legacy assignment of IP
addresses to coexist with newly configured hosts. However, due to the additional constraints
introduced in troubleshooting and bandwidth, it is recommended that multinetting be used as a
transitional tactic only, and not as a long-term network design strategy.
.
IP Multinetting
Extreme Configuration Fundamentals Rev. 3.0 15
Figure 11: IP Multinetting
Module 13 Advanced Features
16 Extreme Configuration Fundamentals Rev. 3.0
Multiprotocol Label Switching
Multiprotocol Label Switching (MPLS) is a forwarding algorithm that uses short, fixed-length labels to
make next-hop forwarding decisions for each packet in a stream.
The BlackDiamond 6800 MPLS module contains a powerful set of network processors specifically
programmed to implement the MPLS function. The card has no external ports, but contains four fullduplex
gigabit Ethernet internal ports to the switch fabric. Each internal processor provides media
speed packet processing for two internal full-duplex gigabit Ethernet ports. The MPLS module operates
in a one-armed fashion: receiving frames from the switch fabric, processing the frames, and transmitting
the frames back into the switch fabric to the appropriate I/O module output port.
The MPLS module supports the following features:
● Selective Longest Prefix Match—IP unicast packets are routed in the Accounting and Routing
Module (ARM) hardware using a longest prefix match (LPM) algorithm. This differs from the
BlackDiamond 6800 switch fabric, which uses an exact match algorithm.
● Destination-sensitive accounting—Counts of IP packets and bytes are maintained based on the IP
routes used to forward packets. Destination-sensitive accounting gives you the flexibility to bill your
customers at predetermined and different rates. The rates are based on the customers’ IP unicast
packet destinations.
There are two basic types of Layer-2 VPN services. The first is a VLAN service. This service
transparently interconnects two or more VLAN segments together over an MPLS network. The second
service is a port service. This service transparently interconnects two or more ports together over an
MPLS network. Traffic is transported unmodified between ports.
ExtremeWare supports both services, but only the VLAN service is interoperable with other vendor
implementations.
H-VPLS Support
Hierarchical Virtual Private LAN Service (H-VPLS) defines an architectural bridging model for
interconnecting multiple Ethernet LAN segments over a service provider MPLS network. Unlike VPLS,
which requires a full mesh of Virtual Circuits (VCs), H-VPLS specifies a hierarchical architecture to
extend spoke VCs to the service provider's network edge. The H-VPLS bridging model is based on
standard 802.1D bridging concepts. By implementing standard bridging technology, a protocol agnostic
L2 VPN architecture can be implemented independent of the underlying MPLS IP metro core.
The Hierarchical VPLS implementation includes support for:
● Operation as either an Multi-Tenant Unit (MTU) or Provider Edge Routers (PE) H-VPLS node.
● Both Transparent LAN Service (TLS) and Transparent Port Service (TPS).
● Up to 32 H-VPLS peers per H-VPLS instance.
● Redundant H-VPLS core access by MTU nodes.
● Address withdraw message to remove stale MAC FDB entries mitigating the affects of network misconfiguration
using the VC-FEC TTL field to purge looping packets.
● Increased security provided by LDP peer ACL.
● Support for VC-LSP traffic aggregation across up to four RSVP-TE LSPs.
Multiprotocol Label Switching
Extreme Configuration Fundamentals Rev. 3.0 17
Figure 12: Multiprotocol Label Switching
Module 13 Advanced Features
18 Extreme Configuration Fundamentals Rev. 3.0
Extreme Standby Router Protocol
Extreme Standby Router Protocol (ESRP) is an ExtremeWare XOS and ExtremeWare feature. ESRP
allows multiple switches to provide redundant switching and/or routing services to users.
ESRP works by allowing you to configure a virtual router on two or more Extreme Networks switches
that are part of the same VLAN. Connected hosts are then configured using the IP address of the virtual
router as the default gateway.
ESRP provides both L3 routing and Layer 2 switching redundancy with a single technology. To achieve
a similar level of resilience using traditional techniques requires the configuration of separate layer 2
and layer 3 protocols, such as STP and VRRP, increasing overall system complexity.
From the workstation's perspective, there is only one default gateway (that has one IP address and one
MAC address) regardless of how many switches are providing the ESRP resiliency. This means that
ARP cache entries in client workstations do not need to be refreshed or timed-out, this provides fast
fail-over in the event of a network or hardware problem.
ESRP is primarily used as a technique for providing redundancy towards the core of a network,
however it can also be configured to provide resiliency to end stations, and provide for dual-homed
system design.
These layered redundancy features can be used in combination or independently. You do not have to
configure the switch for routing to make valuable use of ESRP. The L2 redundancy features of ESRP
offers fast failure recovery (usually 4 to 9 seconds).
To have two or more switches participate in ESRP, the following must be true:
● For each VLAN to be protected, the switches must have the ability to exchange packets on the
VLAN i.e. they must be on the same Layer 2 broadcast domain.
● Multiple paths of exchange can be used, and typically exist in most network system designs that
take advantage of ESRP.
● ESRP must be enabled on the desired VLANs for each switch.
● Extreme Discovery Protocol (EDP) or Extreme Encapsulation Protocol (EEP) must be enabled on the
ports that are members of the ESRP VLANs (The default setting is enabled.).
NOTE
ESRP cannot be enabled on the VLAN default.
Extreme Encapsulation Protocol
In ExtremeWare the proprietary Extreme Networks protocols ESRP and EAPS, are encapsulated within
Extreme Discovery Protocol (EDP). This requires EDP to be enabled to support the other protocols.
With ExtremeWare XOS the proprietary protocols are encapsulated within Extreme Encapsulation
Protocol (EEP). So, EDP does not need to be enabled to support the other protocols.
Extreme Standby Router Protocol
Extreme Configuration Fundamentals Rev. 3.0 19
Figure 13: Advanced Redundancy Features
Figure 14: Extreme Standby Router Protocol
Module 13 Advanced Features
20 Extreme Configuration Fundamentals Rev. 3.0
ESRP Continued
The switches exchange keep-alive packets for each VLAN independently. Only one switch can actively
provide layer 3 routing and/or layer 2 switching for each VLAN. The switch performing the
forwarding for a particular VLAN is considered the master or active router for that VLAN. Other
participating switches for the VLAN are in standby mode.
For a VLAN with ESRP enabled, each participating switch uses the same MAC address and must be
configured with the same IP address or IPX NetID. It is possible for one switch to be master for one or
more VLANs while being in standby for others.
Master Switch Behavior
If a switch is the master, it actively provides layer 3 routing services to other VLANs, and layer 2
switching between all the ports of that VLAN. Additionally, the switch exchanges ESRP control packets
with other switches that are in standby mode.
Standby Switch Behavior
If a switch is in standby mode, it exchanges ESRP control packets with other switches on that same
VLAN. When a switch is in standby, it does not perform layer 3 routing or layer 2 switching services
for the VLAN. From a layer 3 routing protocol perspective; when in standby for the VLAN, the switch
marks the router interface associated with the VLAN as down. From a layer 2 switching perspective, no
forwarding occurs between the member ports of the VLAN, this prevents loops and maintains
redundancy.
ESRP-Aware Switches
Extreme Networks switches that are not running ESRP, but are connected on a network that has other
Extreme Networks switches running ESRP are called ESRP-aware. This means that when Extreme
Networks switches are attached to the ESRP-enabled switches, the non-ESRP switches reliably perform
fail-over and fail-back scenarios in the prescribed recovery times.
Using ELRP with ESRP
Extreme Loop Recovery Protocol (ELRP) is an ExtremeWare XOS and ExtremeWare feature that allows
you to prevent, detect, and recover from layer 2 loops in the network. You can use ELRP with other
protocols such as ESRP. With ELRP, each switch, except for the sender, treats the ELRP PDU as a layer
2 multicast packet. The sender uses the source and destination MAC addresses to identify the packet it
sends and receives. When the sender receives its original packet back, that triggers loop detection and
prevention.
NOTE
This topic is covered in detail in the Extreme Redundancy Fundamentals (ERF-300/2) course.
ESRP Continued
Extreme Configuration Fundamentals Rev. 3.0 21
Figure 15: ESRP Continued
Module 13 Advanced Features
22 Extreme Configuration Fundamentals Rev. 3.0
Virtual Router Redundancy Protocol
Virtual Router Redundancy Protocol (VRRP) is an ExtremeWare XOS and ExtremeWare feature.
Like ESRP, VRRP is a protocol that allows multiple switches to provide redundant routing services to
users. VRRP is used to eliminate the single point of failure associated with manually configuring a
default gateway address on each host in a network. VRRP provides a redundant path for the hosts. If
the default gateway fails, the backup router assumes forwarding responsibilities.
The master router is responsible for forwarding packets sent to the virtual router. When the VRRP
network becomes active, the master router broadcasts an ARP request that contains the virtual router
MAC address for each IP address associated with the virtual router. This is a special MAC address of
the format 00 00 5E 00 01 <vrid> (Virtual Router ID). Hosts on the network use the virtual router MAC
address when they send traffic to the default gateway.
The virtual router IP address is configured to be the real interface address of the IP address owner. The
IP address owner is usually the master router. The virtual router IP address is also configured on each
backup router. However, in the case of the backup router, this IP address is not associated with a
physical interface. Each physical interface on each backup router must have a unique IP address. The
virtual router IP address is also used as the default gateway address for each host on the network.
If the master router fails, the backup router assumes forwarding responsibility for traffic addressed to
the virtual router MAC address. However, because the IP address associated with the master router is
not physically located on the backup router, the backup router cannot reply to TCP/IP messages (such
as telnet) sent to the virtual router. However, after a failover, the new master router replies to a ping
requests.
VRRP packets are encapsulated in IP (Protocol Number 112) and use the VRRP Multicast address
224.0.0.18.
VRRP and Spanning Tree can be simultaneously enabled on the same switch and VLAN. VRRP
provides L3 redundancy; therefore STP might be needed to address the need for L2 redundancy.
VRRP and ESRP cannot be simultaneously enabled on the same switch. They perform mostly the same
function, but ESRP generally has more features and scalability when properly designed.
NOTE
This topic is covered in detail in the Extreme Redundancy Fundamentals (ERF-300/2) course.
Virtual Router Redundancy Protocol
Extreme Configuration Fundamentals Rev. 3.0 23
Figure 16: Virtual Router Redundancy Protocol
Module 13 Advanced Features
24 Extreme Configuration Fundamentals Rev. 3.0
Extreme Multiple Instance Spanning Tree
Extreme Multiple Instance Spanning Tree Protocol (EMISTP) is an ExtremeWare XOS and ExtremeWare
feature. EMISTP adds significant flexibility to STP network design. BPDUs are sent with an 802.1Q tag
having an STPD instance Identifier (StpdID) in the VLAN ID field.
Multiple STPDs on a Port
Traditional 802.1d STP has some inherent limitations when addressing networks that have multiple
VLANs and multiple STPDs. Consider the simple network depicted in the example.
Limitations of Traditional STPD
The two BlackDiamond 8806 switches in the example are connected by a direct link. Each switch has
two VLANs, Marketing and Sales. Because VLANs Marketing and Sales share physical ports, they have
to be configured in the same STPD. If the direct link fails, STP still blocks one of the other links, which
causes a disruption in traffic in one of the VLANs.
To optimize the solution, you can use the EMISTP mode, which allows a port to belong to multiple
STPDs. EMISTP ads significant flexibility to STP network design. Using EMISTP, you can configure
both VLANs in the example in different STPDs.
VLAN Spanning Multiple STPDs
Traditionally, the mapping from VLANs to 802.1d STP instances has been one-to-one, or many-to-one.
In both cases, a VLAN is wholly contained in a single instance.
In practical deployment there are cases in which a one-to-many mapping is desirable. In a typical large
enterprise network, for example, VLANs span multiple sites and/or buildings. Each site represents a
redundant looped area. However, between any two sites the topology is usually very simple.
Alternatively, the same VLAN may span multiple large geographical areas (because they belong to the
same enterprise) and may traverse a great many nodes. In this case, it is desirable to have multiple STP
domains operating in a single VLAN, one for each looped area.
The justifications include the following:
● The complexity of the STP algorithm increases, and performance drops, with the size and complexity
of the network. The 802.1d standard specifies a maximum network diameter of 7 hops. By
segregating a big VLAN into multiple STPDs, you reduce complexity and enhance performance.
● Local to each site, there may be other smaller VLANs that share the same redundant looped area
with the large VLAN. Some STPDs must be created to protect those VLAN. The ability to partition
VLANs allows the large VLAN to be piggybacked in those STPDs in a site-specific fashion.
NOTE
This topic is covered in detail in the Extreme Redundancy Fundamentals (ERF-300/2) course.
Extreme Multiple Instance Spanning Tree
Extreme Configuration Fundamentals Rev. 3.0 25
Figure 17: Extreme Multiple Instance Spanning Tree
Module 13 Advanced Features
26 Extreme Configuration Fundamentals Rev. 3.0
Ethernet Automatic Protection Switching
The Ethernet Automatic Protection Switching (EAPS) is an ExtremeWare XOS and ExtremeWare
feature.
The EAPS protocol provides fast protection switching for Layer 2 switches interconnected in an
Ethernet ring topology, such as a Metropolitan Area Network (MAN) or a large campus.
EAPS protection switching is similar to what can be achieved with the Spanning Tree Protocol (STP),
but offers the advantage of converging in less than a second when a link in the ring breaks.
EAPS operates by declaring an EAPS domain on a single ring. Any VLAN that needs to be protected is
configured on all ring ports in the ring, and is then assigned to an EAPS domain. On that ring domain,
one switch, or node, is designated the master node, all other nodes are designated as transit nodes.
One port of the master node is designated the master node's primary port (P) to the ring; another port is
designated as the master node's secondary port (S) to the ring. In normal operation, the master node
blocks the secondary port for all non EAPS control traffic, thereby avoiding a loop in the ring. Layer 2
switching and learning mechanisms operate per existing standards on the ring.
If the master node detects a break in the ring, it unblocks its secondary port and allows data traffic to be
transmitted and received through it. EAPS fault detection on a ring is based on a single control VLAN
per EAPS domain. This EAPS domain provides protection to one or more data-carrying VLANs called
protected VLANs.
EAPS provides a shared-port functionality. With this functionality, you can configure multiple EAPS
domains sharing a common link. This eliminates the need to configure Spanning Tree (STP) to prevent a
super loop from occurring when the common link goes down.
NOTE
This topic is covered in detail in the Extreme Redundancy Fundamentals (ERF-300/2) course.
Ethernet Automatic Protection Switching
Extreme Configuration Fundamentals Rev. 3.0 27
Figure 18: Ethernet Automatic Protection Switching
Figure 19: EAPS Shared Port Operation
Module 13 Advanced Features
28 Extreme Configuration Fundamentals Rev. 3.0
Software Controlled Redundant Port
Software Controlled Redundant Ports and Smart Redundancy are ExtremeWare XOS and ExtremeWare
features.
Using a software-controlled redundant port you can back up a specified Ethernet port with a
redundant, dedicated Ethernet port. If the active port fails, the backup port establishes a link and takes
over for the failed port.
Only one side of the link needs to be configured as redundant, since the redundant port link is held in
standby state on both sides of the link.
Theory of Operation
A software-controlled redundant port is configured to backup a specified primary port. The redundant
port monitors the link state of the associated primary port, and if the link on the primary port fails, the
redundant port establishes a link and becomes active. You must manually configure the primary and
redundant ports identically in terms of VLANs, QoS settings, access lists, and so on.
If auto-negotiation is enabled, a failure of the transmit or receive of the port triggers a link status
change. Because of this, auto-negotiation must be enabled on both the primary and redundant port.
Smart Redundancy and Software Redundant Port
Smart Redundancy is a feature that allows control over how the failover from a backup port to the
primary port is managed. If this feature is enabled, the switch attempts to revert to the primary port as
soon as it can be recovered. If the feature is disabled, the switch only attempts to reset the primary port
to active if the backup port fails.
The primary port only takes over for an active redundant port if the smart redundancy feature is
enabled, which is the default setting. When smart redundancy is enabled, the primary port becomes the
preferred path, provided that the primary port link is active.
If smart redundancy is disabled, the active path remains the first path to establish a link. For example, if
the primary port is active and fails, the redundant port takes over. If the primary is then reconnected
and smart redundancy is disabled, the active path remains on the redundant port.
Software-Controlled Redundant Load-Shared Port Groups
A load-shared group of Ethernet ports (primary group) can be backed up with a set of load-shared
redundant Ethernet ports (backup group) similar to configuring individual redundant ports. If the
primary load-shared group is active and any link in the group fails, the entire group fails over to the
backup group.
Typical configurations of software-controlled redundant ports include dual-homing from a single switch
to two different switches and redundant links between two switches.
Smart Redundancy is not available for software-controlled redundant load-shared groups, so the switch
only attempts to revert to the primary group if a port in the backup group fails and the associated link
in the primary group can be re-established.
Software Controlled Redundant Port
Extreme Configuration Fundamentals Rev. 3.0 29
Figure 20: Software Controlled Redundant Port
Module 13 Advanced Features
30 Extreme Configuration Fundamentals Rev. 3.0
Net Login
Network Login ia an ExtremeWare XOS and ExtremeWare feature.
Network Login is port-based network access control. Network Login requires a user to authenticate
their username and password with a network-wide security mechanism and then places the user port
into a VLAN approved for that username/password combination.
Besides authentication, Network Login can provide administrators with the ability to log user activity
and potentially generate billing information based on network usage. In addition, through the use of
VLANs, network managers can set up different security zones within a network and control the use of
the resources within those zones.
Web-based
In Campus Mode the supplicant sends a DHCP request to get an IP address. Then the supplicant sends
a DNS request for the web server address. Finally the supplicant sends an HTTP connection request.
The switch denies the HTTP request and redirects the supplicant to the web login page. The user enters
their information in the login page. The switch sends an authentication request to the authentication
server.
802.1x-Based
802.1x-based netlogin requires a special 802.1x-based client on the supplicant. The protocol uses the RFC
2284 Extensible Authentication Protocol (EAP) over LAN (EAPOL). EAP is a general protocol that
supports multiple authentication mechanisms.
The switch relays EAP frames between the Supplicant and a RADIUS server.
Netlogin is supported on e-series, i-series, BlackDiamond 10808, and BlackDiamond 8810 switches.
MAC-Based
MAC-based network access control is used for supplicants that do not support a network login mode,
or supplicants that are not aware of the existence of such security measures. For example an IP
telephone.
If a MAC address is detected on a MAC-based NetLogin port, an authentication request is sent once to
the Authentication, Authorization, and Accounting (AAA) process. AAA tries to authenticate the MAC
address from the configured RADIUS server and it's configured parameters (timeout, retries, etc.).
The credentials used for this are the supplicants MAC address in ASCII representation, and a locally
configured password on the switch.
NOTE
This topic is covered in detail in the Extreme Security Fundamentals (ESF-300/3) course.
Net Login
Extreme Configuration Fundamentals Rev. 3.0 31
Figure 21: Advanced Security Features
Figure 22: Network Login
Module 13 Advanced Features
32 Extreme Configuration Fundamentals Rev. 3.0
Access Control Lists
Access Control Lists (ACLs) are an ExtremeWare XOS and ExtremeWare feature.
ACLs consist of IP access rules, and are used to make packet filtering and forwarding decisions on
incoming traffic. Each packet arriving on an ingress port is compared to the access list in sequential
order, and is either forwarded or dropped.
Using access lists has no impact on switch performance.
Access lists are typically applied to packets that cross layer 3 router boundaries, but it is possible to use
access lists within a layer 2 VLAN. ACLs in ExtremeWare XOS apply to all traffic.
When a packet arrives on an ingress port, the packet is compared with the access list rules to determine
a match. When a match is found, the packet is processed. If the access list is of type deny, the packet is
dropped. If the list is of type permit, the packet is forwarded. A permit access list can also apply a QoS
profile to the packet.
ACLs are created in two different ways. One method is to create an ACL policy file and apply that ACL
policy file to a list of ports, a VLAN, or to all interfaces. This first method creates ACLs that can be
persistent across switch reboots, can contain a large number of rule entries, and are all applied at the
same time.
The second method to create an ACL is to use the CLI to specify a single rule, called a dynamic ACL.
Dynamic ACLs do not persist across a reboot and consist of only a single rule.
ExtremeWare does not support ACL policy files.
Access Control Lists
Extreme Configuration Fundamentals Rev. 3.0 33
Figure 23: Access Control Lists
Module 13 Advanced Features
34 Extreme Configuration Fundamentals Rev. 3.0
Secure Protocols
This page describes the Secure Shell, Secure Copy, and Secure Features.
Secure Shell
Secure Shell 2 (SSH2) is a installable feature module of ExtremeWare XOS and ExtremeWare that allows
session data to be encrypted between a network administrator using SSH2 client software and the
switch, or to send encrypted data from the switch to an SSH2 client on a remote system.
Secure Copy
Image and configuration files may be transferred to the switch using the Secure Copy Program 2
(SCP2).
Secure Socket Layer
Secure Socket Layer (SSLv3) is a feature of ExtremeWare XOS and ExtremeWare that allows you to
authenticate and encrypt data over an SSL connection to provide secure communication. The web
server in the switch allows web clients to access the network login page. By using Hyper Text Transfer
Protocol Secure sockets (HTTPS) on the web server, clients securely access the network login page using
an HTTPS enabled web browser. Since SSL encrypts the data exchanged between the server and the
client, the data is protected from unwanted exposure.
HTTPS access is provided through SSL and the Transport Layer Security (TLS1.0). These protocols
enable clients to verify the authenticity of the server to which they are connecting, thereby ensuring that
user data is not compromised by intruders.
NOTE
To use the SSH, SCP, or SSL commands, first download and install the separate Extreme Networks SSH software
module.
NOTE
This topic is covered in detail in the Extreme Security Fundamentals (ESF-300/3) course.
Secure Protocols
Extreme Configuration Fundamentals Rev. 3.0 35
Figure 24: Secure Protocols
Module 13 Advanced Features
36 Extreme Configuration Fundamentals Rev. 3.0
CPU Denial of Service Protection
Denial of Service (DoS) attack protection is an ExtremeWare XOS and ExtremeWare feature.
A DoS attack occurs when a critical network or computing resource is overwhelmed and rendered
inoperative. So, legitimate requests for service cannot succeed. In its simplest form, a DoS attack is
indistinguishable from heavy traffic.
Extreme Network switches are not vulnerable to this simple attack because they are all designed to
process packets in hardware at wire speed (also called fastpath). However, there are some operations in
any switch or router that are more costly than others, and although normal traffic is not a problem,
exception traffic must be handled by the switch's CPU in software (also called slowpath).
Some packets that the switch processes in the CPU software include:
● Learning new traffic
● Routing and control protocols including ICMP and OSPF
● Switch management traffic (switch access by Telnet and SNMP)
● Other packets directed to the switch that must be discarded by the CPU
When any one of these functions is overwhelmed, the CPU may be too busy to service other functions
and switch performance suffers.
DoS Protection is designed to help prevent this degraded performance by attempting to characterize the
problem and filter out the offending traffic so that other functions can continue. When a flood of
packets is received from the switch, DoS Protection counts these packets. When the packet count nears
the alert threshold, packets headers are saved. If the threshold is reached, then these headers are
analyzed, and a hardware access control list is created to limit the flow of these packets to the CPU.
This ACL remains in place to provide relief to the CPU. Periodically, the ACL expires, and if the attack
is still occurring, it is re-enabled. With the ACL in place, the CPU has the cycles to process legitimate
traffic and continue other services.
NOTE
This topic is covered in detail in the Extreme Security Fundamentals (ESF-300/3) course.
CPU Denial of Service Protection
Extreme Configuration Fundamentals Rev. 3.0 37
Figure 25: CPU Denial of Service Protection
Module 13 Advanced Features
38 Extreme Configuration Fundamentals Rev. 3.0
CLEAR-Flow
CLEAR-Flow is a broad framework for implementing security, monitoring, and anomaly detection on
the BlackDiamond 10808TM.
CLEAR-Flow rules are expected to be used to detect anomalous situations for network security
applications. For example:
● TCP SYN floods
● SYN/SYN ACK ratio discrepancies.
CLEAR-Flow rules may be used to assist in QoS control for converged network applications.
The CLEAR-Flow feature provides the following response mechanisms when a threshold reaches a
trigger value:
● Syslog and SNMP trap notification
● Enabling a mirror port
● Applying a deny ACL
● Enable sFlow on a port
Sentriant
With a CLEAR-Flow enabled BlackDiamond 10808, the Sentriant appliance can detect and mitigate
RPTs at multi-gigabit speeds.
CLEAR-Flow
Extreme Configuration Fundamentals Rev. 3.0 39
Figure 26: CLEAR-Flow
Figure 27: CLEAR-Flow Response
Module 13 Advanced Features
40 Extreme Configuration Fundamentals Rev. 3.0
sFLOW Statistics Sampling
sFlow is an ExtremeWare XOS and ExtremeWare feature.
sFLOW is a tool for monitoring traffic in networks containing switches and routers. sFLOW uses
statistical sampling techniques and a periodic gathering of various statistics. The system sends the
gathered information to a remote agent for analysis.
sFlow is a technology for monitoring traffic in data networks containing switches and routers. The
technology relies on statistical sampling of packets from high-speed networks, plus periodic gathering
of the statistics. A UDP datagram format is defined to send the information to an external entity for
analysis. sFlow consists of a MIB and a specification of the packet format for forwarding information to
a remote agent and various counters and statistics.
sFLOW Statistics Sampling
Extreme Configuration Fundamentals Rev. 3.0 41
Figure 28: Advanced Traffic Management Features
Figure 29: sFlow Statistics Sampling
Module 13 Advanced Features
42 Extreme Configuration Fundamentals Rev. 3.0
Policy-Based QoS
Policy-based Quality of Service (QoS) is an ExtremeWare XOS and ExtremeWare feature.
QoS is the ability of a network element (e.g. an application, host, or router) to have some level of
assurance that its traffic and service requirements can be satisfied. To enable QoS requires the
cooperation of all network layers from top to bottom, as well as every network element from end to
end. Any QoS assurances are only as good as the weakest link in the chain between sender and
receiver.
Policy-based QoS allows you to protect bandwidth for important categories of applications or
specifically limit the bandwidth associated with less critical traffic. The switch contains separate
hardware queues on every physical port.
As with all Extreme Networks Switch products, Policy-Based QoS has zero impact on switch
performance. Using even the most complex traffic groupings has no cost in terms of switch
performance.
The switch tracks and enforces the minimum and maximum percentage of bandwidth utilization
transmitted on every hardware queue for every port.
When two or more hardware queues on the same physical port are contending for transmission, the
switch prioritizes bandwidth as long as the respective bandwidth management parameters are satisfied.
In ExtremeWare, Policy-based QoS can be configured to perform per port Random Early Detection
(RED). Using this capability, the switch detects when traffic is filling up in any of the eight hardware
queues, and performs a random discard on subsequent packets, based on the configured RED dropprobability.
Instead of dropping sessions during times when the queue depth is exceeded, RED causes the switch to
lower session throughput. The destination node detects the dropped packet and slows the transmission
from the source node using standard TCP windowing and slow start mechanisms.
Policy-Based QoS
Extreme Configuration Fundamentals Rev. 3.0 43
Figure 30: Policy-Based QoS
Module 13 Advanced Features
44 Extreme Configuration Fundamentals Rev. 3.0
Web Cache Redirection
Web Cache Redirection (WCR) is a special form of Flow Redirection. Flow redirection overrides routing
decisions to transparently redirect client requests to a target device (or group of devices). Unlike Server
Load Balancing, you do not duplicate content on the target device(s).
Web Cache Redirection is an ExtremeWare feature. ExtremeWare XOS does not support WCR.
Flow redirection examines traffic and redirects it based on the following criteria, in order of priority:
1 Destination IP address and mask
2 Layer 4 port
3 Source IP address and mask
Web Cache Redirection operates at line rate to redirect traffic from the requested server to a web cache
server. If the web cache server has a copy of the requested content, it sends the content to the client. If
the web cache server does not have the requested content, it queries the server for the data, stores it
locally, and sends a copy to the client.
When you have WCR enabled, clients connect exclusively to your web cache servers, clients never
connect to the requested server.
The switch automatically load balances your cache servers based on the destination IP address of the
requested content. Thus, subsequent requests for a destination IP address are redirected to the same
cache server, because that web cache server most likely contains the requested content. This load
balancing reduces the amount of content duplication on your web cache servers.
NOTE
This topic is covered in detail in the Extreme Security Fundamentals (ESF-300/3) course.
Web Cache Redirection
Extreme Configuration Fundamentals Rev. 3.0 45
Figure 31: Web Cache Redirection
Module 13 Advanced Features
46 Extreme Configuration Fundamentals Rev. 3.0
Server Load Balancing
Server Load Balancing (SLB) transparently distributes client requests among several servers. The main
use for SLB is for web hosting, using redundant servers to increase performance and reliability of busy
web sites. All content must be duplicated on all physical servers for Server Load Balancing. An SLB
system consists of three components: Nodes, Pools, and Virtual Servers.
SLB is supported on ExtremeWare. SLB is not supported on ExtremeWare XOS.
Nodes
A node is an individual service on a physical server, and consists of an IP address and a port number.
All nodes must have identical content. Nodes cannot belong to the same VLAN as the virtual servers.
Pools
A pool is a group of nodes that are mapped to a corresponding virtual server. You can use pools to
easily scale large networks with many nodes. Each pool contains its own load-balancing instance. A
pool must be associated with a virtual server to be used for load balancing.
Virtual Servers
Virtual servers are the main component of the SLB configuration. A virtual server is a virtual IP address
that points to a group of servers. The switch then load balances those groups of servers. Each virtual
server is associated with a single pool, which can be a group of content server nodes, router nodes, or
cache server nodes. You can configure two different types of virtual servers:
● Standard virtual servers represent a web site or an FTP site and provide load balancing for content.
● Wildcard virtual servers load balance transparent network devices such as routers or cache servers.
Server Load Balancing Methods
Load balancing methods are algorithms that determine which node receives a connection hosted by a
particular virtual server. Individual load balancing methods take into account dynamic factors such as
current connection count. The switch supports the following load balancing methods:
● Round Robin passes each new connection request to the next server in line. Round robin is the
default load balancing method.
● Ratio distributes connections among servers according to settable ratio weights.
● Least Connections creates a new connection to the node having the least number of active sessions.
● Priority is a variant of round robin designed to provide redundant standby nodes within a pool. The
switch uses round robin to distribute traffic among the active nodes with the highest priority.
NOTE
This topic is covered in detail in the Extreme Redundancy Fundamentals (ERF-300/3) course.
Server Load Balancing
Extreme Configuration Fundamentals Rev. 3.0 47
Figure 32: Server Load Balancing
Module 13 Advanced Features
48 Extreme Configuration Fundamentals Rev. 3.0
Summary
Module fourteen presented a general overview of the advanced features of Extreme Networks products.
You should now be able to:
● Identify and describe advance routing features.
● Identify and describe advance switching features.
● Identify and describe advance redundancy features.
● Identify and describe advance security features.
● Identify and describe advance traffic management features.
Summary
Extreme Configuration Fundamentals Rev. 3.0 49
Figure 33: Summary
Module 13 Advanced Features
50 Extreme Configuration Fundamentals Rev. 3.0
Extreme Configuration Fundamentals Rev. 3.0 1
14Module 14
Lab Exercises
Module 14 Lab Exercises
2 Extreme Configuration Fundamentals Rev. 3.0
Lab 1 Switch Management and Security
Labs are designed for one to six switches. Switches are assumed to have 24 or more ports and be
running ExtremeWare XOS 11.3.
The students are divided up into teams and each team is assigned a number.
Lab one tests the student’s ability to use the Command Line Interface (CLI) to provide the switch with a
basic IP and management configuration. In this lab students:
● Login to the switch.
● Assign a name to the switch.
● Use the syntax help function.
● Interpret the system prompt.
● Create a new user account.
● Identify ExtremeWare XOS software, switch boot images, and configuration files.
● Save the switch configuration.
● Assign an IP address to a VLAN.
● Backup the switch configuration.
● Download a software image.
● Monitor system processes.
● Stop and start a system process.
● Monitor system memory.
Table 1 identifies the IP addresses for six student PCs, the default VLAN IP address of six switches, and
the switch names.
Table 1: Lab 1 IP Addresses
Team 1 Team 4
Switch Name Sanjose Switch Name Cairo
PC/TFTP server 10.10.10.12 PC/TFTP server 10.10.10.42
Default VLAN 10.10.10.1 Default VLAN 10.10.10.4
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Team 2 Team 5
Switch Name Newyork Switch Name Beijing
PC/TFTP server 10.10.10.22 PC/TFTP server 10.10.10.52
Default VLAN 10.10.10.2 Default VLAN 10.10.10.5
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Team 3 Team 6
Switch Name London Switch Name Tokyo
PC/TFTP server 10.10.10.32 PC/TFTP server 10.10.10.62
Default VLAN 10.10.10.3 Default VLAN 10.10.10.6
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Lab 1 Switch Management and Security
Extreme Configuration Fundamentals Rev. 3.0 3
For all labs, the PC and switch are physically connected as shown.
Figure 1: Lab 1 Diagram
Material Required for Each Team of Students:
● One PC running VT100 terminal emulation software
● One Extreme Networks® XOS-capable switch with Ethernet interfaces and no existing configuration.
● One PC to switch console cable.
● One PC to switch Ethernet cable connected to port 7 of the switch.
Part 1 Logging In, Initializing, and Configuring the Switch Name
1 Verify that the PC has the correct IP address and is physically connected to the console port using
the serial console cable and to port 7 on the switch using the Ethernet cable.
2 From the PC, start the terminal emulation application and connect to the switch console port.
3 Press the Enter key.
The system displays the login prompt.
4 Enter admin.
The system displays the password prompt.
5 The switch should not have an admin password configured. Press the Enter key.
The system displays the command line prompt.
6 Delete any previous configuration, by entering the following command:
unconfigure switch all
The system displays the following:
Restore all factory defaults and reboot? (y/n)
7 Enter y and press the Enter key.
The switch reboots.
8 Press the Enter key.
The system displays the login prompt.
Module 14 Lab Exercises
4 Extreme Configuration Fundamentals Rev. 3.0
9 Enter admin.
The system displays the password prompt.
10 Press the Enter key.
The system displays the following prompt:
This switch currently has all management methods enabled for security reasons.
Please answer these questions about the security settings you would like to use.
Telnet is enabled by default. Telnet is unencrypted and has been the target of
security exploits in the past.
Would you like to disable Telnet? [y/N]
11 Enter n and press the Enter key.
The system displays the following prompt:
SNMP access is enabled by default. SNMP uses no encryption, SNMPv3 can be
configured to eliminate this problem.
Would you like to disable SNMP? [y/N]:
12 Enter n and press the Enter key.
The system displays the following prompt:
All ports are enabled by default. In some secure applications, it maybe more
desirable for the ports to be turned off.
Would you like unconfigured ports to be turned off by default? [y/N]:
13 Enter y and press the Enter key.
The system displays the following prompt:
Since you have chosen less secure management methods, please remember to
increase the security of your network by taking the following actions:
* change your admin password
* change your SNMP public and private strings
* consider using SNMPv3 to secure network management traffic
* SummitX450-24t.1 #
14 Configure the SNMP system name of the switch, by entering the following command:
configure snmp sysname <string>
Use the name string identified in Table 1.
The system displays the command line prompt.
15 Using the information in the command line prompt, identify the following:
● The number of the next CLI command to be entered. ___________
● The user account privilege level. ________________
● Whether the switch has outstanding configuration changes that have not been saved. Yes__ No__
● The SNMP system name assigned to the switch. __________________
16 Enable CLI space completion, by entering the following command:
enable cli space-completion
17 Type configure and press the space key twice.
18 Did the command completion feature work? ________
Lab 1 Switch Management and Security
Extreme Configuration Fundamentals Rev. 3.0 5
19 Verify that all the data ports are disabled, by entering the following command:
show ports configuration
20 Display the login session, by entering the following command:
show session
Part 2 Adding Users and Saving the Configuration
1 Create a new administrator level user account, by entering the following command:
create account admin <name>
Use the name of one of the students on the team as the new user name.
The system displays:
password:
2 Press the Enter key.
The system displays:
Reenter password:
3 Press the Enter key.
4 Verify the new user account information, by entering the following command:
show accounts
The system displays the user account information.
5 Save the configuration to nonvolatile storage, by entering the following command:
save secondary
The system displays:
The configuration file secondary.cfg already exists.
Do you want to save configuration to secondary.cfg and overwrite it? (y/n)
6 Enter yes.
The system displays the following:
>Saving configuration .... done!
Configuration saved to secondary.cfg successfully.
The current selected default configuration database to boot up the system
(primary.cfg) is different than the one just saved (secondary.cfg).
Do you want to make secondary.cfg the default database? (y/n)
7 Enter yes.
The system displays the following:
The selected configuration will take effect after the next switch reboot.
8 Log out of the switch, by entering the following command:
exit
9 The system displays the login prompt.
10 Login as the new user created in step 1.
11 Display the login session, by entering the following command:
show session
Module 14 Lab Exercises
6 Extreme Configuration Fundamentals Rev. 3.0
Part 3 Verifying the Switch Status and Configuration
1 Display the switch status, by entering the following command:
show switch
The system displays the switch status summary.
2 Identify the following information:
● System name _______________________
● MAC address _______________________
● System boot time _____________________________________________
● Software image selected ______________________
● Software image booted ______________________
● Primary software image version _______________________
● Secondary software image version _______________________
● Configuration selected ______________________
● Configuration booted ______________________
● Date secondary configuration was last saved _______________________________
3 Display the switch management configuration, by entering the following command:
show management
The system displays the switch management configuration.
4 Identify the following information:
● Telnet access - enabled or disabled
● SSH access - enabled or disabled
● SNMP access - enabled or disabled
5 Display the status of the default VLAN, by entering the following command:
show vlan default
The system displays the default VLAN configuration.
Part 4 Configuring IP Access
1 Assign an IP address and subnetwork mask to the default VLAN, by entering the following
command:
configure vlan default ipaddress <ipaddress> {<netmask>}
Use the address and subnetwork mask identified in Table 1 for your team.
2 Verify the IP address and subnetwork mask of the default VLAN, by entering the following
command:
show vlan default
The system displays the default VLAN configuration.
3 Enable port 7, by entering the following command:
enable port 7
4 From the PC, verify IP connectivity to the switch using the ping command.
Lab 1 Switch Management and Security
Extreme Configuration Fundamentals Rev. 3.0 7
5 Enable SNMP access to the switch, by entering the following command:
enable snmp access
6 Display the history of commands for the current session, by entering the following command:
history
The command history is displayed.
7 Use the command recall function to display the switch management configuration.
The system displays the switch management configuration.
8 Is SNMP access enabled or disabled? ______________
9 Save the base lab configuration to nonvolatile storage, by entering the following command:
save configuration lab1
The system displays the following:
>Saving configuration .... done!
Configuration saved to lab1.cfg successfully.
The current selected default configuration database to boot up the system
(primary.cfg) is different than the one just saved (lab1.cfg).
Do you want to make lab1.cfg the default database? (y/n)
10 Enter no.
The system displays the following:
Default configuration database selection cancelled.
Part 5 Limiting CLI Sessions, Failed Logins, and Telnet Access
1 Limit the number of CLI sessions to 2, by entering the following command:
configure cli max-sessions 2
2 Restore the number of CLI sessions to 16, by entering the following command:
configure cli max-sessions 16
3 Limit the number of login attempts to two, by entering the following command:
configure cli max-failed-logins 2
4 Logout and attempt to log back in using an invalid user name or password.
5 What happened after two unsuccessful login attempts? ______________________________
6 Log back in using the correct user name and password.
7 Limit Telnet connections to the default virtual router, by entering the following command:
configure telnet vr vr-default
8 Did the command affect the currently active sessions? ___________
9 Why? _______________________________________________________________
10 Restore Telnet connections to the all virtual routers, by entering the following command:
configure telnet vr all
Module 14 Lab Exercises
8 Extreme Configuration Fundamentals Rev. 3.0
Part 6 Backing Up Configuration Files and Downloading Images
1 Copy the secondary configuration file used in lab 1, by entering the following command:
cp secondary.cfg test.cfg
The system displays the following prompt:
Copy config secondary.cfg to config test.cfg on the switch? (y/n)
2 Enter yes.
3 Verify the file has been created, by entering the following command:
ls
The system displays the list of files.
4 Rename the test file, by entering the following command:
mv test.cfg newname.cfg
The system displays the following prompt:
Rename config test.cfg to config newname.cfg on switch? (y/n)
5 Enter yes.
6 Verify the new file has been created, by entering the following command:
ls
7 Remove the file, by entering the following command:
rm newname.cfg
Remove newname.cfg from switch? (y/n)
8 Enter yes.
9 Verify the file has been removed, by entering the following command:
ls
10 On the PC, start the TFTP service.
The instructor provides the command to start the TFTP service.
11 Backup the current configuration to a TFTP server, by entering the following command:
tftp <PC_ipaddress> -v vr-default -p -l lab1.cfg -r lab1.cfg
Use the PC address identified in Table 1. The instructor can help identify the IP address to use.
The system displays the file transfer progress with a display similar to the following:
Uploading lab1.cfg to 10.0.0.2 ..........
12 Verify that the configuration file is in the TFTP directory on the PC.
13 Verify that the current ExtremeWare XOS software image for the switch is in the TFTP directory on
the PC.
14 Identify the software image that is booted on the switch, by entering the following command:
show version
15 Configure the software image selected, by entering the following command:
use image secondary
16 Verify the software image that is selected on the switch, by entering the following command:
show switch
Lab 1 Switch Management and Security
Extreme Configuration Fundamentals Rev. 3.0 9
17 Download the software image into the selected location, by entering the following command.
download image <PC_ipaddress> <filename> vr vr-default secondary
The instructor identifies the correct filename to use. For example summitX450-11.3.1.3.xos.
The system displays the following prompt:
Do you want to install image after downloading? (y - yes, n - no, <cr> - cancel)
18 Enter yes.
The system displays the following:
Downloading to Switch.................................................................
This image will be used only after rebooting the switch!
Installing to secondary partition!
Installing to Switch.....................................
Image installed successfully
19 Verify the software image version that is selected on the switch, by entering the following command:
show switch
20 Display the system log, by entering the following command:
show log
Part 7 Accessing the Bootrom Menu
1 With the PC connected to the console port and the terminal emulation software running, reboot the
switch, by entering the following command:
reboot
The system prompts:
Are you sure you want to reboot the switch (y/n)? y
2 Enter yes.
3 Hold down the space key on the PC terminal emulator.
4 The switch resets and displays the following bootrom prompt:
BootROM>
5 To display the help menu enter h.
6 Boot the switch, by entering the following command:
boot
7 The switch completes a normal boot.
Part 8 Monitoring System Memory
1 For the show memory commands to display correctly when using the Hyperterm terminal emulator,
set the Hyperterm settings by selecting Files>Properties.
The Properties window is displayed
2 Click the Settings tab.
3 Click ASCII Setup.
The ASCII Setup window is displayed
Module 14 Lab Exercises
10 Extreme Configuration Fundamentals Rev. 3.0
4 Uncheck the “Wrap lines that exceed terminal width” box.
5 Click OK in the ASCII Setup window.
6 Click OK in the Properties window.
7 Display the memory use of a process, by entering the following command:
show memory process <name>
Select whichever process is interesting to you.
Where:
name - Specifies a single process name
8 Record the memory allocated for the process. _____________
Part 9 Monitoring Processes
1 Login to the switch with administrator privilege.
2 Display the system processes, by entering the following command:
top
3 Use the information in the training material to determine how to sort the display by CPU usage.
4 Record the process ID and name of the process with the highest CPU utilization.
__________________
5 Spend a few minutes experimenting with the other top sort options.
6 Display system processes, by entering the following command:
show process
7 Display detailed information for a single processes, by entering the following command:
show process {<name>} {detail}
Where:
detail - Specifies more detailed process information.
name - Specifies the name of the process.
8 Display the health of the processes, by entering the following command:
show heartbeat process
Part 10 Terminating and Restarting a Process
1 Display a description of what each process does, by entering the following command:
show process description
1 Terminate the TFTP process, by entering the following command:
terminate process tftpd graceful
The system displays the following:
Successful graceful termination for tftpd
Lab 1 Switch Management and Security
Extreme Configuration Fundamentals Rev. 3.0 11
2 Verify the state of the TFTP process, by entering the following command:
show process
3 Record the TFTP process restart count and state. ______________ ____________
4 Display the health of the TFTP process, by entering the following command:
show heartbeat process tftpd
5 Record the Hello and Hello Ack count for the TFTP process. ________ __________
6 Start the TFTP process, by entering the following command:
start process tftpd
The system displays the following:
Started tftpd successfully
7 Verify the state of the TFTP process, by entering the following command:
show process tftpd
8 Record the TFTP process restart count and state. ______________ ____________
Module 14 Lab Exercises
12 Extreme Configuration Fundamentals Rev. 3.0
Lab 2 Configuring Layer 1
Lab two tests the student’s ability to configure physical port parameters, create a dynamic Link
Aggregation group that uses the address-based aggregation algorithm, and enable LLDP. In this lab
students:
● Login to the switch.
● Create a dynamic Link Aggregation group that uses the address-based algorithm.
● Verify the Link Aggregation operation.
● Enable LLDP.
● Verify LLDP operation.
For this lab, the PCs and switches are physically connected as shown.
Figure 2: Lab 2 Diagram
Switch 3
London
Title:
Version:
ECF Lab 2 Link Aggregation
3.0
Extreme Configuration
Fundamentals
Link Aggregation and LLDP
Switch 4
Cairo
Switch 1
Sanjose
PC4
PC3
default
VLAN
10.10.10.12/24
Switch 6
Tokyo
Switch 5
Beijing
Switch 2
Newyork
PC2 PC6
PC1 PC5
7
10.10.10.32/24
ports
8-11
10.10.10.52/24
default
default
default
VLAN
ports
8-11
default
VLAN
ports
8-11
default default
default default
7 7
7
7
7
10.10.10.22/24 10.10.10.42/24 10.10.10.62/24
Lab 2 Configuring Layer 1
Extreme Configuration Fundamentals Rev. 3.0 13
Part 1 Restoring the Base Lab Exercise Configuration
1 Login to the switch with administrator access.
2 Set the switch to use the primary configuration after the next reboot, by entering the following
command:
use configuration primary
The system prompts:
The selected configuration will take effect after the next switch reboot.
3 Save the configuration to nonvolatile storage, by entering the following command:
save primary
4 Copy the lab1 configuration to the primary configuration, by entering the following command:
cp lab1.cfg primary.cfg
The system displays the following prompt:
Copy config lab1.cfg to config primary.cfg on the switch? (y/n)
5 Enter yes.
6 Reboot the switch, by entering the following command:
reboot
The system prompts:
Are you sure you want to reboot the switch (y/n)?
7 Enter yes.
The system reboots.
8 Login to the switch with administrator access.
9 Verify that ports 8 to 11 are disabled, by entering the following command:
show ports configuration
10 Physically connect the switches as shown in the lab illustration.
Part 2 Configuring Port Parameters
1 Verify that the students configuring your partner switch have completed part 1.
2 Login to the switch with administrator access.
3 Use the ping command to verify that the switch can communicate to the PC.
4 Verify the configuration of port 7, by entering the following command:
show port 7 configuration
5 Turn off auto negotiation, set the speed to 100 Mbps, and set the duplex to full, by entering the
following command:
configure port 7 auto off speed 100 duplex full
6 Verify the configuration of port 7, by entering the following command:
show port 7 configuration
7 Use the ping command to test if the switch can communicate to the PC.
8 Can the switch ping the PC? ______________
Module 14 Lab Exercises
14 Extreme Configuration Fundamentals Rev. 3.0
9 Turn auto negotiation back on, by entering the following command.
configure port 7 auto on
10 Use the ping command to test if the switch can communicate to the PC.
11 Can the switch ping the PC? ______________
Part 3 Configuring Address-based Load Sharing
NOTE
This lab assumes that the switches are already physically connected. Therefore, the ports are enabled and added to
the link aggregation group individually to avoid creating forwarding loops.
1 Verify that the students configuring your partner switch have completed part 2.
2 Login to the switch with administrator access.
3 Enable port 8, by entering the following command:
enable ports 8
4 Create a dynamic link aggregation group that only contains port 8 and uses the address-based
algorithm, by entering the following command:
enable sharing 8 grouping 8 algorithm address-based lacp
5 Configure the link aggregation algorithm to use the layer 2 address, by entering the following
command:
configure sharing address-based L2
6 Verify that the students configuring the partner switch, have created the link aggregation group.
7 Enable port 9, by entering the following command:
enable ports 9
8 Add port 9 to the link aggregation group, by entering the following command:
configure sharing 8 add ports 9
9 Enable port 10 and add it to the LAG, by entering the following command:
enable ports 10
configure sharing 8 add ports 10
10 Enable port 11 and add it to the LAG, using the knowledge you have.
11 Verify the link aggregation configuration, by entering the following command:
show ports configuration
12 Verify the link aggregation configuration by entering the following command
show ports sharing
13 Verify the link aggregation activity by entering the following command:
show ports stats
14 From the PC generate multiple ping packets to the partner switch.
15 Which port in the link aggregation group has the highest transmit (TX) count? ________
16 Which port in the link aggregation group has the highest receive (RX) count? _________
17 Why does this port have higher activity? ___________________________________
Lab 2 Configuring Layer 1
Extreme Configuration Fundamentals Rev. 3.0 15
18 Identify the useful link aggregation information in the output of the following commands.
show ports info
show configuration lacp
show ports packet
Part 4 Enabling the Logical Link Discovery Protocol
1 Verify that the students configuring your partner switch have completed part 3.
2 Login to the switch with administrator access.
3 Enable LLDP on port 8, by entering the following command:
enable lldp ports 8
4 Verify the LLDP configuration, by entering the following command:
show lldp port 8 detailed
5 Enable the advertisement of the system name, by entering the following command:
configure lldp ports 8 advertise system-name
6 Verify the LLDP advertisement of the system name, by entering the following command:
show lldp port 8 detailed
7 Verify the LLDP neighbor information, by entering the following command:
show lldp neighbors detail
8 Enable the advertisement of the link aggregation information, by entering the following command:
configure lldp ports 8 advertise vendor-specific dot3 link-aggregation
9 Verify the LLDP neighbor link aggregation information, by entering the following command:
show lldp neighbors detail
Module 14 Lab Exercises
16 Extreme Configuration Fundamentals Rev. 3.0
Lab 3 Configuring Layer 2 Forwarding
Lab three tests the student’s ability to create FDB entries, enable and verify the lock-learning feature,
and enable and verify the limit-learning feature. In this lab students:
● Login to the switch.
● Display and interpret the FDB table.
● Enable the lock-learning feature.
● Test the operation of the lock-learning feature.
● Enable the limit-learning feature.
● Test the operation of the limit-learning feature.
For this lab, the PCs and switches are physically connected as shown.
Figure 3: Lab 3 Diagram
Switch 3
London
Title:
Version:
Lab 3 Layer-2 Forwarding
3.0
Extreme Configuration
Fundamentals
Layer-2 Forwarding
Switch 4
Cairo
Switch 1
Sanjose
PC4
3
2
PC3
4
10.10.10.12/24
Switch 6
Tokyo
Switch 5
Beijing
Switch 2
Newyork
PC2 PC6
PC1 PC5
VLAN default
white
10.10.10.1/24
10.10.10.2/24
10.10.10.22/24 10.10.10.42/24
4
2
6
3
5
1
10.10.10.3/24
10.10.10.32/24
10.10.10.4/24 10.10.10.6/24
10.10.10.62/24
1
10.10.10.52/24
10.10.10.5/24
VLAN default
7 7 7
7 7 7
Lab 3 Configuring Layer 2 Forwarding
Extreme Configuration Fundamentals Rev. 3.0 17
Part 1 Restoring the Lab Exercise Configuration
1 Set the IP address of your student PC to the address identified in Figure 3.
2 Login to the switch with administrator access.
3 Set the switch to use the primary configuration after the next reboot, by entering the following
command:
use configuration primary
The system prompts:
The selected configuration will take effect after the next switch reboot.
4 Save the configuration to nonvolatile storage, by entering the following command:
save primary
5 Copy the lab1 configuration to the primary configuration, by entering the following command:
cp lab1.cfg primary.cfg
The system displays the following prompt:
Copy config lab1.cfg to config primary.cfg on the switch? (y/n)
6 Enter yes.
7 Reboot the switch, by entering the following command:
reboot
The system prompts:
Are you sure you want to reboot the switch (y/n)?
8 Enter yes.
The system reboots.
Part 2 Enabling Ports
1 Login to the switch with administrator access.
2 Enable the ports used to connect to the other switches, by entering the following command:
enable ports <port_list>
The ports are identified in Figure 3.
3 Use the ping command to verify that you have IP connectivity from you switch to the other student
switches.
4 Use the ping command to verify that you have IP connectivity from you PC to the other student
PCs.
Module 14 Lab Exercises
18 Extreme Configuration Fundamentals Rev. 3.0
5 Display the FDB and identify the MAC addresses of the other student PCs by entering the following
command:
show fdb
Part 3 Locking Learning
1 Lock the MAC address learned on port 7, by entering the following command:
configure ports 7 vlan default lock-learning
2 Verify the configuration, by entering the following command:
show vlan default security
3 Verify that the permanent entry and lock learning flags are set for port 7, by entering the following
command:
show fdb
4 Exchange Ethernet cable connections with another student PC.
5 Try to exchange packets with the new PC, by entering the following command:
ping vr vr-default <PC_IP_address>
6 Identify whether the new PC MAC address is learned on port 7, by entering the following
command:
show fdb
7 Is the new address learned? ______________
8 What is the MAC address of the PC connected to port 7? ________________________________
9 What type of FDB entry is created for the new MAC address? _______________________
10 Return your own PC Ethernet connection to port 7.
11 Remove MAC address lock down, by entering the following command:
configure ports 7 vlan default unlock-learning
Switch PC MAC Address
Team 1 Sanjose
Team 2 Newyork
Team 3 London
Team 4 Cairo
Team 5 Beijing
Team 6 Tokyo
Lab 3 Configuring Layer 2 Forwarding
Extreme Configuration Fundamentals Rev. 3.0 19
Part 4 Limiting Learning
1 Identify and record the port with the most MAC addresses learned.
______________________________
2 Limit the MAC address learning on that port to one entry, by entering the following command:
configure ports <port_list> vlan default limit-learning 1
3 Verify the configuration, by entering the following command:
show vlan default security
4 Display the MAC security information for the specified port, by entering the following command.
show ports <port_list> infomation detail
5 Identify which MAC address is learned on the port and which are black hole entries, by entering the
following command:
show fdb
6 Record the addresses learned ____________________, _____________________, __________________
7 Record a black hole entry MAC address ____________________
8 Remove the learning limit on the port, by entering the following command:
configure ports <port_list> vlan default unlimited-learning
Module 14 Lab Exercises
20 Extreme Configuration Fundamentals Rev. 3.0
Lab 4 Configuring Port-based VLANs
Lab four tests the student’s ability to create port-based VLANs, add ports to the VLANs, and extend the
VLANs across multiple switches. In this lab students:
● Login to the switch.
● Create one port-based VLAN.
● Add ports to the VLAN.
● Interconnect the VLAN across multiple switches.
Table 2 identifies the IP addresses for six student PCs, the blue VLAN IP address of six switches, and
the switch names.
Table 2: Lab 4 IP Addresses
Team 1 Team 4
Switch Name Sanjose Switch Name Cairo
PC/TFTP server 10.0.0.12 PC/TFTP server 10.0.0.42
Blue VLAN 10.0.0.1 Blue VLAN 10.0.0.4
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Team 2 Team 5
Switch Name Newyork Switch Name Beijing
PC/TFTP server 10.0.0.22 PC/TFTP server 10.0.0.52
Blue VLAN 10.0.0.2 Blue VLAN 10.0.0.5
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Team 3 Team 6
Switch Name London Switch Name Tokyo
PC/TFTP server 10.0.0.32 PC/TFTP server 10.0.0.62
Blue VLAN 10.0.0.3 Blue VLAN 10.0.0.6
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Lab 4 Configuring Port-based VLANs
Extreme Configuration Fundamentals Rev. 3.0 21
For this lab, the PC and switch are physically connected as shown.
Figure 4: Lab 4 Diagram
Switch 3
London
Title:
Version:
Lab 4 Port-based VLANs
3.0
Extreme Configuration
Fundamentals
Port-based VLANs
Switch 4
Cairo
Switch 1
Sanjose
PC4
3
2
PC3
4
10.0.0.12/24
Switch 6
Tokyo
Switch 5
Beijing
Switch 2
Newyork
PC2 PC6
PC1 PC5
10.0.0.1/24
10.0.0.2/24
10.0.0.22/24
10.0.0.4/24
10.0.0.42/24
4
2
6
3
5
1
10.0.0.3/24
10.0.0.32/24
10.0.0.6/24
10.0.0.62/24
1
10.0.0.52/24
10.0.0.5/24
VLAN blue VLAN blue
7 7 7
7 7 7
Module 14 Lab Exercises
22 Extreme Configuration Fundamentals Rev. 3.0
Part 1 Restoring the Base Lab Exercise Configuration
1 Set the IP address of your student PC to the address identified in Figure 4 and Table 2.
2 Login to the switch with administrator access.
3 Set the switch to use the primary configuration after the next reboot, by entering the following
command:
use configuration primary
The system prompts:
The selected configuration will take effect after the next switch reboot.
4 Save the configuration to nonvolatile storage, by entering the following command:
save primary
5 Copy the lab1 configuration to the primary configuration, by entering the following command:
cp lab1.cfg primary.cfg
The system displays the following prompt:
Copy config lab1.cfg to config primary.cfg on the switch? (y/n)
6 Enter yes.
7 Reboot the switch, by entering the following command:
reboot
The system prompts:
Are you sure you want to reboot the switch (y/n)?
8 Enter yes.
The system reboots.
Part 2 Creating Port-based VLANs
1 Login to the switch with administrator access.
2 Create a VLAN named blue, by entering the following command:
create vlan blue
3 Verify that the blue VLAN has been created, by entering the following command:
show vlan blue
4 Does the blue VLAN have any ports assigned to it? _________
5 Remove the IP address from the default VLAN, by entering the following command:
unconfigure vlan default ipaddress
6 Assign an IP address and subnetwork mask to the blue VLAN, by entering the following command:
configure vlan blue ipaddress <ipaddress> {<netmask>}
Use the address and subnetwork mask identified in Table 2 for your team.
7 Verify the IP address and subnetwork mask of the blue VLAN, by entering the following command:
show vlan blue
The system displays the blue VLAN configuration.
Lab 4 Configuring Port-based VLANs
Extreme Configuration Fundamentals Rev. 3.0 23
Part 3 Adding Ports to VLANs
1 Delete port 7 from the default VLAN, by entering the following command:
configure vlan default delete ports 7
2 Add port 7 to the blue VLAN, by entering the following command:
configure vlan blue add ports 7
3 Delete the ports connecting to the other switches as shown in Figure 4 from the default VLAN, by
entering the following command:
configure vlan default delete ports <port_list>
4 Add the ports to the blue VLAN, by entering the following command:
configure vlan blue add ports <port_list>
5 Verify the port assignments for the blue VLAN, by entering the following command:
show vlan blue
6 Does the blue VLAN have the correct ports assigned to it? _________
Part 4 Extending VLANs Across Switches
1 Enable the ports connecting to the other switches as shown in Figure 4 using the knowledge you
have.
2 Using the ping command, verify that your PC can communicate with all other student PCs.
3 Using the ping command, verify that your switch can communicate with all the other switches.
4 Verify the configuration of all VLANs, by entering the following command:
show vlan detail
5 Examine how VLAN information is displayed in the forwarding database, by entering the following
command:
show fdb
Module 14 Lab Exercises
24 Extreme Configuration Fundamentals Rev. 3.0
Lab 5 Configuring Tagged VLANs
Lab five tests the student’s ability to create tagged VLANs, add ports to the VLANs, and extend the
VLANs across multiple switches using a single physical link. In this lab students:
● Login to the switch.
● Create the first tagged VLAN.
● Add PC and trunk ports to the VLAN.
● Extend the VLAN across all switches.
● Verify the operation of the VLAN.
● Create a second tagged VLAN.
● Move the PC ports to the new VLAN.
● Extend the VLAN across all switches.
● Verify the operation of the VLAN.
Table 2 identifies the IP addresses for six student PCs, and the switch names.
Table 3: Lab 5 IP Addresses
Team 1 Team 4
Switch Name Sanjose Switch Name Cairo
PC 10.0.0.12 PC 10.0.0.42
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Team 2 Team 5
Switch Name Newyork Switch Name Beijing
PC 10.0.0.22 PC 10.0.0.52
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Team 3 Team 6
Switch Name London Switch Name Tokyo
PC 10.0.0.32 PC 10.0.0.62
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Lab 5 Configuring Tagged VLANs
Extreme Configuration Fundamentals Rev. 3.0 25
For this lab, the PC and switch are physically connected as shown.
Figure 5: Lab 5 Blue VLAN Active Topology Diagram
Figure 6: Lab 6 Green VLAN Active Topology Diagram
Switch 3
London
Title:
Version:
Lab 5 Tagged Blue VLAN
3.0
Extreme Configuration
Fundamentals
Tagged VLANs (Blue)
Switch 4
Cairo
Switch 1
Sanjose
PC4
3
2
PC3
4
10.0.0.12/24
Switch 6
Tokyo
Switch 5
Beijing
Switch 2
Newyork
PC2 PC6
PC1 PC5
10.0.0.22/24 10.0.0.42/24
4
2
6
3
5
1
10.0.0.32/24
10.0.0.62/24
1
10.0.0.52/24
VLAN blue
Tag 10
VLAN blue
Tag 10
7 7
7 7
7
7
Switch 3
London
Title:
Version:
Lab 5 Tagged green VLAN
3.0
Extreme Configuration
Fundamentals
Tagged VLANs (Green)
Switch 4
Cairo
Switch 1
Sanjose
PC4
3
4
PC3
4
10.0.0.12/24
Switch 6
Tokyo
Switch 5
Beijing
Switch 2
Newyork
PC2 PC6
PC1 PC5
10.0.0.22/24 10.0.0.42/24
4
2
6
3
5
1
10.0.0.32/24
10.0.0.62/24
3
10.0.0.52/24
VLAN green
Tag 11
VLAN green
Tag 11
7 7 7
7 7 7
Module 14 Lab Exercises
26 Extreme Configuration Fundamentals Rev. 3.0
Part 1 Restoring the Base Lab Exercise Configuration
1 Set the IP address of your student PC to the address identified in Table 3 and Figure 5.
2 Login to the switch with administrator access.
3 Set the switch to use the primary configuration after the next reboot, by entering the following
command:
use configuration primary
The system prompts:
The selected configuration will take effect after the next switch reboot.
4 Save the configuration to nonvolatile storage, by entering the following command:
save primary
5 Copy the lab1 configuration to the primary configuration, by entering the following command:
cp lab1.cfg primary.cfg
The system displays the following prompt:
Copy config lab1.cfg to config primary.cfg on the switch? (y/n)
6 Enter yes.
7 Reboot the switch, by entering the following command:
reboot
The system prompts:
Are you sure you want to reboot the switch (y/n)?
8 Enter yes.
The system reboots.
Part 2 Creating Tagged VLANs
1 Login to the switch with administrator access.
2 Create a VLAN named blue, by entering the following command:
create vlan blue
3 Verify that the blue VLAN has been created, by entering the following command:
show vlan blue
4 Does the blue VLAN have a tag assigned to it? _________
5 Configure the VLAN with a tag value of 10, by entering the following command:
configure vlan blue tag 10
Part 3 Adding Tagged and Untagged Ports to VLANs
1 Add the ports that interconnect the switches for the blue VLAN as tagged ports, by entering the
following command:
configure vlan blue add ports <port_list> tagged
2 Delete port 7 and the ports that interconnect the switches for the blue VLAN from the default
VLAN, by entering the following command:
configure vlan default delete ports <7,port_list>
Lab 5 Configuring Tagged VLANs
Extreme Configuration Fundamentals Rev. 3.0 27
3 Add port 7 to the blue VLAN as an untagged port, by entering the following command:
configure vlan blue add ports 7 untagged
4 Enable port 7 and the ports that interconnect the switches for the blue VLAN, by entering the
following command:
enable ports <7,port_list>
5 Verify the port assignments for the blue VLAN, by entering the following command:
show vlan detail
6 Can you identify the difference between tagged and untagged ports in the show vlan display? ____
7 Use the ping command to verify that your PC can communicate with the other student PCs on the
blue VLAN.
Part 4 Adding Tagged VLANs
1 Create a second VLAN named green, by entering the following command:
create vlan green
2 Verify that the green VLAN has been created, by entering the following command:
show vlan green
3 Does the green VLAN have a tag assigned to it? _________
4 Configure the VLAN with a tag value of 11, by entering the following command:
configure vlan green tag 11
5 Add the ports that interconnect the switches in the green VLAN as tagged ports, by entering the
following command:
configure vlan green add ports <port_list> tagged
6 Enable the ports that interconnect the switches for the green VLAN, by entering the following
command:
enable ports <port_list>
7 Remove port 7 from the blue VLAN, by entering the following command:
configure vlan blue delete ports 7
8 Add port 7 to the green VLAN as an untagged port, by entering the following command:
configure vlan green add ports 7 untagged
9 Verify the port assignments for the green VLAN, by entering the following command:
show vlan detail
10 Use the ping command to verify that your PC can communicate with the other student PCs on the
green VLAN.
Module 14 Lab Exercises
28 Extreme Configuration Fundamentals Rev. 3.0
Lab 6 Configuring Protocol-based VLANs (Optional)
Lab six tests the student’s ability to enable ports to participate in Protocol-based VLANs, and associate
certain protocols with certain VLANs. In this lab students:
● Login to the switch.
● Create two VLANs.
● Delete ports from the default VLAN.
● Enable ports for Protocol-based VLAN operation.
● Create a custom protocol filter.
● Associate protocols with a VLAN.
● Verify the VLAN configuration.
● Verify Protocol-based VLAN operation.
Table 4 identifies the IPv4 addresses for six student PCs, and the switch names.
Table 4: Lab IP Addresses
Team 1 Team 4
Switch Name Sanjose Switch Name Cairo
IPv4 PC 10.0.0.12 IPv4 PC 10.0.0.42
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Team 2 Team 5
Switch Name Newyork Switch Name Beijing
IPv4 PC 10.0.0.22 IPv4 PC 10.0.0.52
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Team 3 Team 6
Switch Name London Switch Name Tokyo
IPv4 PC 10.0.0.32 IPv4 PC 10.0.0.62
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Lab 6 Configuring Protocol-based VLANs (Optional)
Extreme Configuration Fundamentals Rev. 3.0 29
For this lab, the PC and switch are physically connected as shown.
Figure 7: Lab 6 Diagram
Switch 3
London
Title:
Version:
Lab 6 Protocol-based
VLANs
3.0
Extreme Configuration
Fundamentals
Protocol-based VLANs
Switch 4
Cairo
Switch 1
Sanjose
PC4
3
2
PC3
4
IPv4 10.0.0.12/24
Switch 6
Tokyo
Switch 5
Beijing
Switch 2
Newyork
PC2 PC6
PC1 PC5
IPv4 10.0.0.22/24 IPv4 10.0.0.42/24
4
2
6
3
5
1
IPv4 10.0.0.32/24
IPv4 10.0.0.62/24
1
IPv4 10.0.0.52/24
VLAN white
IPv4
VLAN white
IPv4
VLAN black
IPv6
VLAN black
IPv6
7 7
7 7 7
7
Module 14 Lab Exercises
30 Extreme Configuration Fundamentals Rev. 3.0
Part 1 Restoring the Base Lab Exercise Configuration
1 Set the IPv4 address of your student PC to the address identified in Table 4 and Figure 7.
2 Login to the switch with administrator access.
3 Set the switch to use the primary configuration after the next reboot, by entering the following
command:
use configuration primary
The system prompts:
The selected configuration will take effect after the next switch reboot.
4 Save the configuration to nonvolatile storage, by entering the following command:
save primary
5 Copy the lab1 configuration to the primary configuration, by entering the following command:
cp lab1.cfg primary.cfg
The system displays the following prompt:
Copy config lab1.cfg to config primary.cfg on the switch? (y/n)
6 Enter yes.
7 Reboot the switch, by entering the following command:
reboot
The system prompts:
Are you sure you want to reboot the switch (y/n)?
8 Enter yes.
The system reboots.
Part 2 Creating Custom Filters
1 Login to the switch with administrator access.
2 Create a custom protocol filter named IPv6_test, by entering the following command:
create protocol IPv6_test
3 Verify the new protocol filter has been created, by entering the following command:
show protocol
4 Configure the protocol filter, by entering the following command:
configure protocol IPv6_test add etype 0x86DD
5 Verify the configuration of the new protocol filter, by entering the following command:
show protocol IPv6_test
Part 3 Creating and Assigning Ports to Protocol-based VLANs
1 Create a VLAN named white, by entering the following command:
create vlan white
2 Configure the white VLAN to use the IP protocol filter, by entering the following command:
configure vlan white protocol IP
Lab 6 Configuring Protocol-based VLANs (Optional)
Extreme Configuration Fundamentals Rev. 3.0 31
3 Create a VLAN named black, by entering the following command:
create vlan black
4 Configure the black VLAN to use the IPv6_test protocol filter, by entering the following command:
configure vlan black protocol IPv6_test
5 Verify the protocol to VLAN associations, by entering the following command:
show vlan detail
6 Assign port 7 to the white VLAN, by entering the following command:
configure vlan white add ports 7
7 Assign port 7 to the black VLAN, by entering the following command:
configure vlan black add ports 7
Part 4 Extending Protocol-based VLANs
1 Delete the ports that connect to the other switches from the default VLAN, by entering the following
command:
configure vlan default delete ports <portlist>
2 Configure the white and black VLANs for protocol-based operation over the links between switches
by adding the ports that connect to the other switches to the VLANs using the following commands:
configure vlan white add ports <portlist>
configure vlan black add ports <portlist>
3 Administratively enable the ports that connect to the other switches, by entering the following
command:
enable ports <portlist>
4 Verify the port to VLAN associations, by entering the following command:
show vlan detail
Part 5 Verifying Protocol-based VLAN Operation
1 Use the normal IPv4 ping command to verify that you have IP connectivity from you PC to the other
student PCs.
ping <IPv4_address>
2 If IPv6 is enabled on the student PC, send 100 IPv6 ping packets to another student PC.
3 Send 10 IPv4 ping packets to another student PC.
4 Display the port utilization and verify which VLAN is carrying more traffic.
Module 14 Lab Exercises
32 Extreme Configuration Fundamentals Rev. 3.0
Lab 7 Configuring vMAN VLANs
Lab seven tests the student’s ability to create and configure a vMAN VLAN tunnel between edge
switches across core switches. In this lab students:
● Login to the switch.
● Create three VLANs on the edge switches.
● Create vMAN VLAN tunnels between edge switches across core switches.
● Verify the VLAN configurations.
● Verify the vMAN VLAN operation.
Two Configuration Lab Exercise
To provide each student team with an opportunity to create and configure vMAN VLAN tunnels, this
lab is repeated using two different configurations. In the first configuration switches 2, 3, and 4 are
configured for the network core and switches 1, 5, and 6 are configured for the edge. In the second
configuration switches 1, 5, and 6 are configured for the network core and switches 2, 3, and 4 are
configured for the edge.
The illustration below shows the logical connectivity path for the first configuration.
Figure 8: Lab 7 Configuration 1 Diagram
Switch 3
London
Title:
Version:
Lab 7 Conf 1 vMan VLAN
3.0
Extreme Configuration
Fundamentals
vMan VLANs (Configuration 1)
Switch 4
Cairo
Switch 1
Sanjose
7
2
4
10.0.0.12/24
Switch 6
Tokyo
Switch 5
Beijing
Switch 2
Newyork
PC6
PC1 PC5
4
2
6
3
5
12
10.0.0.62/24
1
10.0.0.52/24
VLAN blue
Tag 10
VLAN blue
Tag 10
vMan VLAN
bbone
Tag 200
12
VLAN green
Tag 11
VLAN purple
Tag 14
VLAN green
Tag 11
VLAN purple
Tag 14
T
T
T
T = Tagged
U = Untagged
U
U
U
T
T
T
T
7
7
Lab 7 Configuring vMAN VLANs
Extreme Configuration Fundamentals Rev. 3.0 33
Part 1 Restoring the Base Lab Exercise Configuration
1 Set the IP address of your student PC to the address identified in Figure 8.
2 Login to the switch with administrator access.
3 Set the switch to use the primary configuration after the next reboot, by entering the following
command:
use configuration primary
The system prompts:
The selected configuration will take effect after the next switch reboot.
4 Save the configuration to nonvolatile storage, by entering the following command:
save primary
5 Copy the lab1 configuration to the primary configuration, by entering the following command:
cp lab1.cfg primary.cfg
The system displays the following prompt:
Copy config lab1.cfg to config primary.cfg on the switch? (y/n)
6 Enter yes.
7 Reboot the switch, by entering the following command:
reboot
The system prompts:
Are you sure you want to reboot the switch (y/n)?
8 Enter yes.
The system reboots.
Part 2 Creating and Configuring the Edge VLANs
If you are configuring edge switches 1, 5, or 6, perform the following steps.
1 Create three VLANs with the names blue, green, and purple.
2 Configure the blue VLAN with a tag value of 10.
3 Configure the green VLAN with a tag value of 11.
4 Configure the purple VLAN with a tag value of 14.
5 Remove the ports connecting to the other switches from the default VLAN.
6 Add the ports connecting to the other switches to the blue VLAN tagged.
7 Add the ports connecting to the other switches to the green and purple VLANs tagged.
8 Add port 7 to the blue VLAN untagged.
Module 14 Lab Exercises
34 Extreme Configuration Fundamentals Rev. 3.0
Part 3 Creating and Configuring the vMAN VLAN Tunnels
If you are configuring core switches 2, 3, or 4, perform the following steps.
1 Delete all ports from the default VLAN, by entering the following command:
configure vlan default delete ports all
2 Configure the vMAN Ethertype to recognize tagged frames, by entering the following command:
configure vman ethertype 0x88a8
3 Change the switch ports MTU size to accept jumbo frames, by entering the following command:
configure jumbo-frame-size 1530
4 Enable the ports connecting to the other switches to accept jumbo frames, by entering the following
command:
enable jumbo-frame ports all
5 Create and configure the bbone vMAN VLAN to use the tag value 200, by entering the following
commands:
create vman bbone
configure vman bbone tag 200
6 Add the ports connecting to the other core switches tagged, by entering the following command:
configure vman bbone add ports <portlist> tagged
7 Add the ports connecting to the edge switches untagged, by entering the following command:
configure vman bbone add ports <portlist> untagged
Part 4 Enabling Ports and Verifying the vMAN VLAN Tunnels
1 Verify that the other students have completed part 2 or part 3 of this lab.
2 Administratively enable the ports connecting to the other switches.
3 If you are configuring edge switches, use the ping command on your PC to verify that you can
communicate with the other student PCs connected to edge switches.
Lab 7 Configuring vMAN VLANs
Extreme Configuration Fundamentals Rev. 3.0 35
Two Configuration Lab Exercise
To provide each student team with an opportunity to create and configure vMAN VLAN tunnels, this
lab is repeated using two different configurations. In the first configuration switches 2, 3, and 4 are
configured for the network core and switches 1, 5, and 6 are configured for the edge. In the second
configuration switches 1, 5, and 6 are configured for the network core and switches 2, 3, and 4 are
configured for the edge.
The illustration below shows the connectivity path for the second configuration.
Figure 9: Lab 7 Configuration 2 Diagram
Switch 3
London
Title:
Version:
Lab 7 Conf 2 vMan VLAN
3.0
Extreme Configuration
Fundamentals
vMan VLANs (Configuration 2)
Switch 4
Cairo
Switch 1
Sanjose
5
2
4 Switch 6
Tokyo
Switch 5
Beijing
Switch 2
Newyork
PC2
10.0.0.22/24
6
6
3
5
12
1
vMan VLAN
bbone
Tag 200
12
VLAN green
Tag 11
VLAN purple
Tag 14
T
T
T
T = Tagged
U = Untagged
U
U
U
T
T T
T
PC3
10.0.0.32/24
PC4
10.0.0.42/24
VLAN blue
Tag 10
VLAN green
Tag 11
VLAN purple
Tag 14
VLAN blue
Tag 10
7
7 7
Module 14 Lab Exercises
36 Extreme Configuration Fundamentals Rev. 3.0
Part 5 Restoring the Base Lab Exercise Configuration
1 Set the IP address of your student PC to the address identified in Figure 9.
2 Login to the switch with administrator access.
3 Set the switch to use the primary configuration after the next reboot, by entering the following
command:
use configuration primary
The system prompts:
The selected configuration will take effect after the next switch reboot.
4 Save the configuration to nonvolatile storage, by entering the following command:
save primary
5 Copy the lab1 configuration to the primary configuration, by entering the following command:
cp lab1.cfg primary.cfg
The system displays the following prompt:
Copy config lab1.cfg to config primary.cfg on the switch? (y/n)
6 Enter yes.
7 Reboot the switch, by entering the following command:
reboot
The system prompts:
Are you sure you want to reboot the switch (y/n)?
8 Enter yes.
The system reboots.
Part 6 Creating and Configuring the Edge VLANs
If you are configuring edge switches 2, 3, or 4, perform the following steps.
1 Create three VLANs with the names blue, green, and purple.
2 Configure the blue VLAN with a tag value of 10.
3 Configure the green VLAN with a tag value of 11.
4 Configure the purple VLAN with a tag value of 14.
5 Remove the ports connecting to the other switches from the default VLAN.
6 Add the ports connecting to the other switches to the blue VLAN tagged.
7 Add the ports connecting to the other switches to the green and purple VLANs tagged.
8 Add port 7 to the blue VLAN untagged.
Lab 7 Configuring vMAN VLANs
Extreme Configuration Fundamentals Rev. 3.0 37
Part 7 Creating and Configuring the vMAN VLAN Tunnels
If you are configuring core switches 1, 5, or 6, perform the following steps.
1 Delete all ports from the default VLAN, by entering the following command:
configure vlan default delete ports all
2 Configure the vMAN Ethertype to recognize tagged frames, by entering the following command:
configure vman ethertype 0x88a8
3 Change the switch ports MTU size to accept jumbo frames, by entering the following command:
configure jumbo-frame-size 1530
4 Enable the ports connecting to the other switches to accept jumbo frames, by entering the following
command:
enable jumbo-frame ports all
5 Create and configure the bbone vMAN VLAN to use the tag value 200, by entering the following
commands:
create vman bbone
configure vman bbone tag 200
6 Add the ports connecting to the other core switches tagged, by entering the following command:
configure vman bbone add ports <portlist> tagged
7 Add the ports connecting to the edge switches untagged, by entering the following command:
configure vman bbone add ports <portlist> untagged
Part 8 Enabling Ports and Verifying the vMAN VLAN Tunnels
1 Verify that the other students have completed part 6 or part 7 of this lab.
2 Administratively enable the ports connecting to the other switches.
3 If you are configuring edge switches, use the ping command on your PC to verify that you can
communicate with the other student PCs connected to edge switches.
Module 14 Lab Exercises
38 Extreme Configuration Fundamentals Rev. 3.0
Lab 8 Configuring Spanning Tree
Lab eight tests the student’s ability to configure, enable, and verify the Spanning Tree Protocol (STP). In
this lab students:
● Login to the switch.
● Create one VLAN.
● Configure the bridge priority and port cost for the default Spanning Tree Protocol Domain (STPD).
● Verify the STPD configurations.
● Verify the STPD operation.
● Test the STPD failure recovery.
For this lab, the PC and switch are physically connected as shown.
Figure 10: Lab 8 Diagram
Switch 3
London
Title:
Version:
Lab 8 Spanning Tree
3.0
Extreme Configuration
Fundamentals
Spanning Tree
Switch 4
Cairo
Switch 1
Sanjose
PC4
3
2
PC3
4
10.0.0.12/24
Switch 6
Tokyo
Switch 5
Beijing
Switch 2
Newyork
PC2 PC6
PC1 PC5
10.0.0.1/24
10.0.0.2/24
10.0.0.22/24
10.0.0.4/24
10.0.0.42/24
4
2
6
3
5
1
10.0.0.3/24
10.0.0.32/24
10.0.0.6/24
10.0.0.62/24
1
10.0.0.52/24
10.0.0.5/24
VLAN blue
STPD S0
VLAN blue
STPD S0
3
4 6
5
7 7 7
7 7 7
Lab 8 Configuring Spanning Tree
Extreme Configuration Fundamentals Rev. 3.0 39
Part 1 Restoring the Base Lab Exercise Configuration
1 Set the IP address of your student PC to the address identified in Figure 10.
2 Login to the switch with administrator access.
3 Set the switch to use the primary configuration after the next reboot, by entering the following
command:
use configuration primary
The system prompts:
The selected configuration will take effect after the next switch reboot.
4 Save the configuration to nonvolatile storage, by entering the following command:
save primary
5 Copy the lab1 configuration to the primary configuration, by entering the following command:
cp lab1.cfg primary.cfg
The system displays the following prompt:
Copy config lab1.cfg to config primary.cfg on the switch? (y/n)
6 Enter yes.
7 Reboot the switch, by entering the following command:
reboot
The system prompts:
Are you sure you want to reboot the switch (y/n)?
8 Enter yes.
The system reboots.
Part 2 Creating and Configuring the Blue VLAN
1 Login to the switch with administrator access.
2 Create a VLAN with the name blue.
3 Assign the IP addresses to the VLAN blue as identified in Figure 10.
4 Configure the blue VLAN with a tag value of 10.
5 Remove the ports connecting to the other switches from the default VLAN.
6 Remove port 7 from the default VLAN.
7 Add port 7 and the ports connecting to the other switches to the blue VLAN untagged.
Module 14 Lab Exercises
40 Extreme Configuration Fundamentals Rev. 3.0
Part 3 Configuring the Default STPD
1 Remove all default VLAN ports from the default STPD, by entering the following command:
configure stpd s0 delete vlan default ports all
2 Add the blue VLAN and the ports interconnecting the switches to the default spanning tree protocol
domain s0, by entering the following command:
configure stpd s0 add vlan blue port <portlist>
3 Assign the carrier VLAN for the default STP domain, by entering the following command:
configure stpd s0 tag 10
4 Specify the bridge priority in the spanning tree protocol domain, by entering the following
command:
configure stpd s0 priority <priority>
Use the following table to determine what value to assign each switch.
5 Specify a path cost of 5 for the lowest number interconnection port, a cost of 6 for the next higher
number port, and a cost of 7 for the highest number port, if there is one, by entering the following
commands:
configure stpd s0 ports cost 5 <lowest port>
configure stpd s0 ports cost 6 <next higher port>
configure stpd s0 ports cost 7 <highest port>
6 Enable the STP protocol for the STPD, by entering the following command:
enable stpd s0
7 Administratively enable the interconnection ports, by entering the following command:
enable ports <portlist>
8 Verify the configuration settings, by entering the following command:
show configuration stp
9 Wait for the other students to complete step 5 and for the topology to converge.
10 Verify spanning tree protocol information for STPD s0, by entering the following command:
show stpd s0
11 Is your switch the root bridge? __________________________
12 Verify the state of the spanning tree ports, by entering the following command:
show stpd s0 ports
13 Which ports are forwarding? ________________________
14 Which ports, if any, are blocking? _______________________
Switch 1 Priority 4
Switch 2 Priority 3
Switch 3 Priority 2
Switch 4 Priority 2
Switch 5 Priority 3
Switch 6 Priority 4
Lab 8 Configuring Spanning Tree
Extreme Configuration Fundamentals Rev. 3.0 41
Part 4 Diagramming the Topology
1 Ask the other students which links are active and highlight the active links on the following
illustration.
Figure 11: Spanning Tree Active Topology
2 If the active link between switch 3 and 4 fails, which link do you expect to become active?
________________
3 If the active link between switch 5 and 6 fails, which link do you expect to become active?
________________
4 If the active link between switch 1 and 2 fails, which link do you expect to become active?
________________
Switch 3
London
Title:
Version:
Lab 8 Spanning Tree
3.0
Extreme Configuration
Fundamentals
Spanning Tree
Switch 4
Cairo
Switch 1
Sanjose
PC4
3
2
PC3
4
10.0.0.12/24
Switch 6
Tokyo
Switch 5
Beijing
Switch 2
Newyork
PC2 PC6
PC1 PC5
10.0.0.1/24
10.0.0.2/24
10.0.0.22/24
10.0.0.4/24
10.0.0.42/24
4
2
6
3
5
1
10.0.0.3/24
10.0.0.32/24
10.0.0.6/24
10.0.0.62/24
1
10.0.0.52/24
10.0.0.5/24
VLAN blue
STPD S0
VLAN blue
STPD S0
3
4 6
5
7 7 7
7 7 7
Module 14 Lab Exercises
42 Extreme Configuration Fundamentals Rev. 3.0
Part 5 Testing Failure Recovery
1 Verify that the other students have completed part 4 of this lab.
2 Remove the cable for the active link between switch 3 and 4.
3 Wait for the topology to converge.
4 Which link became active? _____________________
5 Return the cable for the active link between switch 3 and 4.
6 Wait for the topology to converge.
7 Did the link returned in step 5 become the active link?
8 Remove the cable for the active link between switch 5 and 6.
9 Wait for the topology to converge.
10 Which link became active? _____________________
11 Remove the cable for the active link between switch 1 and 2.
12 Wait for the topology to converge.
13 Which link became active? _____________________
14 Did the link failure recovery work as you predicted? ________________
Lab 9 Configuring Static Routing
Extreme Configuration Fundamentals Rev. 3.0 43
Lab 9 Configuring Static Routing
Lab nine tests the student’s ability to create router interfaces, enable IP forwarding, configure multiple
static routes, and verify the routing functionality. In this lab students:
● Configure the IP address, default gateway, and subnetwork mask on the student PC.
● Login to the switch.
● Create multiple VLANs.
● Add ports to the VLAN.
● Assign IP addresses to the VLANs.
● Enable IP forwarding.
● Configure static routes
● Verify and test the IP forwarding operation.
NOTE
In this lab separate VLANs are created for physical interconnections between switches to be able to demonstrate
how IP Forwarding works. This may not represent a typical network.
Table 5 identifies the IP addresses, default gateway, and subnetwork mask for six student PCs:
Table 5: Lab IP Address
Team 1 Team 4
Switch Name Sanjose Switch Name Cairo
PC/ multicast server 101.0.0.2 PC/ multicast server 104.0.0.2
Default Gateway for PC 101.0.0.1/24 Default Gateway for PC 104.0.0.1/24
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Team 2 Team 5
Switch Name Newyork Switch Name Beijing
PC/ multicast server 102.0.0.2 PC/ multicast server 105.0.0.2
Default Gateway for PC 102.0.0.1/24 Default Gateway for PC 105.0.0.1/24
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Team 3 Team 6
Switch Name London Switch Name Tokyo
PC/ multicast server 103.0.0.2 PC/ multicast server 106.0.0.2
Default Gateway for PC 103.0.0.1/24 Default Gateway for PC 106.0.0.1/24
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Module 14 Lab Exercises
44 Extreme Configuration Fundamentals Rev. 3.0
Lab 9 builds the IP network shown in the following illustration
Figure 12: Lab 9 Diagram
Switch 3
London
Title:
Version:
ECF Lab 9 Static Routes
3.0
Extreme Configuration
Fundamentals
Static Routes
Switch 4
Cairo
Switch 1
Sanjose
PC4
3
2
5
PC3
blue
4
101.0.0.2/24
Switch 6
Tokyo
Switch 5
Beijing
Switch 2
Newyork
green
orange red
PC2 PC6
PC1 PC5
brown
yellow black white
pink
gray plum
101.0.0.1/24
10.0.0.1/24
10.0.0.2/24
102.0.0.1/24
102.0.0.2/24
104.0.0.1/24
104.0.0.2/24
12.0.0.2/24
12.0.0.1/24
4
2 15.0.0.1/24
6 15.0.0.2/24
6
3
3
5
4
11.0.0.1/24 1
11.0.0.2/24
103.0.0.1/24
103.0.0.2/24
13.0.0.1/24
13.0.0.2/24
16.0.0.1/24
16.0.0.2/24
106.0.0.1/24
106.0.0.2/24
14.0.0.1/24 purple
14.0.0.2/24
1
105.0.0.2/24
105.0.0.1/24
gold
7
7
7
7
7
7
Lab 9 Configuring Static Routing
Extreme Configuration Fundamentals Rev. 3.0 45
Part 1 Restoring the Base Lab Exercise Configuration
1 Set the IP address, default gateway, and subnetwork mask of your student PC to the address
identified in Figure 10 and Table 5.
2 Login to the switch with administrator access.
3 Set the switch to use the primary configuration after the next reboot, by entering the following
command:
use configuration primary
The system prompts:
The selected configuration will take effect after the next switch reboot.
4 Save the configuration to nonvolatile storage, by entering the following command:
save primary
5 Copy the lab1 configuration to the primary configuration, by entering the following command:
cp lab1.cfg primary.cfg
The system displays the following prompt:
Copy config lab1.cfg to config primary.cfg on the switch? (y/n)
6 Enter yes.
7 Reboot the switch, by entering the following command:
reboot
The system prompts:
Are you sure you want to reboot the switch (y/n)?
8 Enter yes.
The system reboots.
Module 14 Lab Exercises
46 Extreme Configuration Fundamentals Rev. 3.0
Part 2 Configuring VLANs, Creating Router Interfaces, and Adding
Ports
1 For your switch, create VLANs, assign IP addresses to the VLANs, and add ports to the VLANs
based on Table 6 and Figure 12.
2 Verify the VLAN name, port assignment, and IP address, by entering the following command:
show vlan detail
3 Administratively enable port 7 and the ports connecting to the other switches.
4 Verify that the correct ports are enabled, by entering the following command:
show ports configuration
Part 3 Enabling IP Forwarding and Creating Static Routes
1 Enable IP forwarding for all VLANs, by entering the following command:
enable ipforwarding
2 Determine the correct Next Hop Gateway and fill in Table 7 for your switch.
3 Add the static routes for the subnetworks that are not directly connected to your switch, by entering
the following command:
configure iproute add <ipaddress>/<netmask> <gateway>
Table 6:
Switch
VLAN, IP address, and
Port
VLAN, IP address, and
Port
VLAN, IP address, and
Port
VLAN, IP address, and
Port
Sanjose yellow 101.0.0.1/24
port 7
green 11.0.0.1/24
port 3
blue 10.0.0.1/24
port 2
Newyork pink 102.0.0.1/24
port 7
orange 12.0.0.1/24
port 4
blue 10.0.0.2/24
port 1
London black 103.0.0.1/24
port 7
green 11.0.0.2/24
port 1
brown 13.0.0.1/24
port 4
purple 14.0.0.1/24
port 5
Cairo gray 104.0.0.1/24
port 7
orange 12.0.0.2/24
port 2
brown 13.0.0.2/24
port 3
red 15.0.0.1/24
port 6
Beijing white 105.0.0.1/24
port 7
purple 14.0.0.2/24
port 3
gold 16.0.0.1/24
port 6
Tokyo plum 106.0.0.1/24
port 7
red 15.0.0.2/24
port 4
gold 16.0.0.2/24
port 5
Lab 9 Configuring Static Routing
Extreme Configuration Fundamentals Rev. 3.0 47
Table 7: Static Routes
Switch
Destination Subnetwork
Address Subnetwork Mask Next Hop Gateway
1 - Sanjose 102.0.0.0 (pink)
12.0.0.0 (orange)
103.0.0.0 (black)
13.0.0.0 (brown)
104.0.0.0 (gray)
14.0.0.0 (purple)
15.0.0.0 (red)
105.0.0.0 (white)
16.0.0.0 (gold)
106.0.0.0 (plum)
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
________________
________________
________________
________________
________________
________________
________________
________________
________________
________________
2 - Newyork 101.0.0.0 (yellow)
11.0.0.0. (green)
103.0.0.0 (black)
13.0.0.0 (brown)
104.0.0.0 (gray)
14.0.0.0 (purple)
15.0.0.0 (red)
105.0.0.0 (white)
16.0.0.0 (gold)
106.0.0.0 (plum)
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
________________
________________
________________
________________
________________
________________
________________
________________
________________
________________
3 - London 101.0.0.0 (yellow)
10.0.0.0 (blue)
102.0.0.0 (pink)
12.0.0.0 (orange)
104.0.0.0 (gray)
15.0.0.0 (red)
105.0.0.0 (white)
16.0.0.0 (gold)
106.0.0.0 (plum)
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
________________
________________
________________
________________
________________
________________
________________
________________
________________
4 - Cairo 101.0.0.0 (yellow)
10.0.0.0 (blue)
102.0.0.0 (pink)
11.0.0.0. (green)
103.0.0.0 (black)
14.0.0.0 (purple)
105.0.0.0 (white)
16.0.0.0 (gold)
106.0.0.0 (plum)
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
________________
________________
________________
________________
________________
________________
________________
________________
________________
Module 14 Lab Exercises
48 Extreme Configuration Fundamentals Rev. 3.0
Part 4 Verifying and Testing IP Forwarding
1 Verify that the other students have completed part 3 of this lab.
2 From your student PC use the ping command to send an ICMP echo request to the other student
PCs.
3 Did the PCs respond?
4 Why? __________________________________________________________
5 Verify the IP route table, by entering the following command:
show iproute
6 Verify the IP unicast routing configuration, by entering the following command:
show ipconfig
7 Monitor the IP statistics for the CPU of the switch, by entering the following command:
show ipstats
8 If there is an easier way to configure IP forwarding, would you like to learn about it? _________
5 - Beijing 101.0.0.0 (yellow)
10.0.0.0 (blue)
102.0.0.0 (pink)
11.0.0.0. (green)
12.0.0.0 (orange)
103.0.0.0 (black)
13.0.0.0 (brown)
104.0.0.0 (gray)
15.0.0.0 (red)
106.0.0.0 (plum)
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
________________
________________
________________
________________
________________
________________
________________
________________
________________
________________
6 - Tokyo 101.0.0.0 (yellow)
10.0.0.0 (blue)
102.0.0.0 (pink)
11.0.0.0. (green)
12.0.0.0 (orange)
103.0.0.0 (black)
13.0.0.0 (brown)
104.0.0.0 (gray)
14.0.0.0 (purple)
105.0.0.0 (white)
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
________________
________________
________________
________________
________________
________________
________________
________________
________________
________________
Switch
Destination Subnetwork
Address Subnetwork Mask Next Hop Gateway
Lab 10 Configuring RIP
Extreme Configuration Fundamentals Rev. 3.0 49
Lab 10 Configuring RIP
Lab ten tests the student’s ability to create router interfaces, enable IP forwarding, enable RIP, and
verify the routing functionality. In this lab students:
● Configure the IP address on the student PC.
● Login to the switch.
● Create multiple VLANs.
● Add ports to the VLAN.
● Configure the switch and the student PC to be members of the same IP subnetwork.
● Enable IP forwarding.
● Enable RIP
● Verify and test the IP forwarding operation.
NOTE
In this lab separate VLANs are created for physical interconnections between switches to be able to demonstrate
how IP Forwarding works. This may not represent a typical network.
Table 8 identifies the IP addresses, default gateway, and subnetwork mask for six student PCs:
Table 8: Lab IP Address
Team 1 Team 4
Switch Name Sanjose Switch Name Cairo
PC/ multicast server 101.0.0.2 PC/ multicast server 104.0.0.2
Default Gateway for PC 101.0.0.1/24 Default Gateway for PC 104.0.0.1/24
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Team 2 Team 5
Switch Name Newyork Switch Name Beijing
PC/ multicast server 102.0.0.2 PC/ multicast server 105.0.0.2
Default Gateway for PC 102.0.0.1/24 Default Gateway for PC 105.0.0.1/24
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Team 3 Team 6
Switch Name London Switch Name Tokyo
PC/ multicast server 103.0.0.2 PC/ multicast server 106.0.0.2
Default Gateway for PC 103.0.0.1/24 Default Gateway for PC 106.0.0.1/24
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Module 14 Lab Exercises
50 Extreme Configuration Fundamentals Rev. 3.0
Figure 13: Lab10 Diagram
Switch 3
London
Title:
Version:
ECF RIP Routes
3.0
Extreme Configuration
Fundamentals
RIP Routes
Switch 4
Cairo
Switch 1
Sanjose
PC4
3
2
5
PC3
blue
4
101.0.0.2/24
Switch 6
Tokyo
Switch 5
Beijing
Switch 2
Newyork
green
orange red
PC2 PC6
PC1 PC5
brown
yellow black white
pink
gray plum
101.0.0.1/24
10.0.0.1/24
10.0.0.2/24
102.0.0.1/24
102.0.0.2/24
104.0.0.1/24
104.0.0.2/24
12.0.0.2/24
12.0.0.1/24
4
2 15.0.0.1/24
6 15.0.0.2/24
6
3
3
5
4
11.0.0.1/24 1
11.0.0.2/24
103.0.0.1/24
103.0.0.2/24
13.0.0.1/24
13.0.0.2/24
16.0.0.1/24
16.0.0.2/24
106.0.0.1/24
106.0.0.2/24
14.0.0.1/24 purple
14.0.0.2/24
1
105.0.0.2/24
105.0.0.1/24
gold
7
7
7
7
7
7
Lab 10 Configuring RIP
Extreme Configuration Fundamentals Rev. 3.0 51
Part 1 Restoring the Base Lab Exercise Configuration
1 Set the IP address, default gateway, and subnetwork mask of your student PC to the address
identified in Figure 13 and Table 8.
2 Login to the switch with administrator access.
3 Set the switch to use the primary configuration after the next reboot, by entering the following
command:
use configuration primary
The system prompts:
The selected configuration will take effect after the next switch reboot.
4 Save the configuration to nonvolatile storage, by entering the following command:
save primary
5 Copy the lab1 configuration to the primary configuration, by entering the following command:
cp lab1.cfg primary.cfg
The system displays the following prompt:
Copy config lab1.cfg to config primary.cfg on the switch? (y/n)
6 Enter yes.
7 Reboot the switch, by entering the following command:
reboot
The system prompts:
Are you sure you want to reboot the switch (y/n)?
8 Enter yes.
The system reboots.
Module 14 Lab Exercises
52 Extreme Configuration Fundamentals Rev. 3.0
Part 2 Configuring VLANs, Creating Router Interfaces, and Adding
Ports
1 For your switch, create VLANs, assign IP addresses to the VLANs, and add ports to the VLANs
based on Table 9 and Figure 13.
2 Verify the VLAN name, port assignment, and IP address, by entering the following command:
show vlan detail
3 Administratively enable port 7 and the ports connecting to the other switches.
4 Verify that the correct ports are enabled, by entering the following command:
show ports configuration
Part 3 Enabling IP Forwarding and RIP
1 Enable IP forwarding for all VLANs, by entering the following command:
enable ipforwarding
2 Configure RIP on each IP interface, by entering the following command:
configure rip add vlan all
3 Enable RIP, by entering the following command:
enable rip
Table 9:
Switch
VLAN, IP address, and
Port
VLAN, IP address, and
Port
VLAN, IP address, and
Port
VLAN, IP address, and
Port
Sanjose yellow 101.0.0.1/24
port 7
green 11.0.0.1/24
port 3
blue 10.0.0.1/24
port 2
Newyork pink 102.0.0.1/24
port 7
orange 12.0.0.1/24
port 4
blue 10.0.0.2/24
port 1
London black 103.0.0.1/24
port 7
green 11.0.0.2/24
port 1
brown 13.0.0.1/24
port 4
purple 14.0.0.1/24
port 5
Cairo gray 104.0.0.1/24
port 7
orange 12.0.0.2/24
port 2
brown 13.0.0.2/24
port 3
red 15.0.0.1/24
port 6
Beijing white 105.0.0.1/24
port 7
purple 14.0.0.2/24
port 3
gold 16.0.0.1/24
port 6
Tokyo plum 106.0.0.1/24
port 7
red 15.0.0.2/24
port 4
gold 16.0.0.2/24
port 5
Lab 10 Configuring RIP
Extreme Configuration Fundamentals Rev. 3.0 53
Part 4 Verifying and Testing IP Forwarding
1 Verify that the other students have completed part 3 of this lab.
2 From your student PC use the ping command to send an ICMP echo request to the other student
PCs.
3 Did the PCs respond? _________
4 Verify the IP route table, by entering the following command:
show iproute
5 Verify the RIP specific configuration, by entering the following command:
show rip
show configuration rip
6 Verify the IP unicast routing configuration, by entering the following command:
show ipconfig
7 Monitor the RIP specific statistics, by entering the following command:
show rip stat detail
8 Is configuring routing using RIP easier than building static routes? _________
Module 14 Lab Exercises
54 Extreme Configuration Fundamentals Rev. 3.0
Lab 11 Configuring OSPF
Lab eleven tests the student’s ability to perform basic IP configuration, configure the OSPF router ID,
configure the area ID, enable OSPF on the VLANs, enable OSPF globally, and verify the routing
functionality. In this lab students:
● Configure the IP address on the student PC.
● Login to the switch.
● Create multiple VLANs.
● Add ports to the VLANs.
● Configure the switch and the student PC to be members of the same IP subnetwork.
● Enable IP forwarding.
● Configure the OSPF router ID.
● Enable OSPF on the VLANs and associate the VLANs with the area ID 0.0.0.0.
● Enable OSPF globally.
● Verify and test the IP routing operation.
NOTE
In this lab separate VLANs are created for physical interconnections between switches to be able to demonstrate
how IP Forwarding works. This may not represent a typical network.
Table 10 identifies the IP addresses, default gateway, and subnetwork mask for six student PCs:
Table 10: Lab IP Address
Team 1 Team 4
Switch Name Sanjose Switch Name Cairo
PC/ multicast server 101.0.0.2 PC/ multicast server 104.0.0.2
Default Gateway for PC 101.0.0.1/24 Default Gateway for PC 104.0.0.1/24
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Team 2 Team 5
Switch Name Newyork Switch Name Beijing
PC/ multicast server 102.0.0.2 PC/ multicast server 105.0.0.2
Default Gateway for PC 102.0.0.1/24 Default Gateway for PC 105.0.0.1/24
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Team 3 Team 6
Switch Name London Switch Name Tokyo
PC/ multicast server 103.0.0.2 PC/ multicast server 106.0.0.2
Default Gateway for PC 103.0.0.1/24 Default Gateway for PC 106.0.0.1/24
Subnetwork mask 255.255.255.0 Subnetwork mask 255.255.255.0
Lab 11 Configuring OSPF
Extreme Configuration Fundamentals Rev. 3.0 55
Figure 14: Lab11 Diagram
Switch 3
London
Title:
Version:
ECF Lab 11 OSPF Routes
3.0
Extreme Configuration
Fundamentals
OSPF Routes
Switch 4
Cairo
Switch 1
Sanjose
PC4
3
2
5
PC3
blue
4
101.0.0.2/24
Switch 6
Tokyo
Switch 5
Beijing
Switch 2
Newyork
green
orange red
PC2 PC6
PC1 PC5
brown
yellow black white
pink
gray plum
101.0.0.1/24
10.0.0.1/24
10.0.0.2/24
102.0.0.1/24
102.0.0.2/24
104.0.0.1/24
104.0.0.2/24
12.0.0.2/24
12.0.0.1/24
4
2 15.0.0.1/24
6 15.0.0.2/24
6
3
3
5
4
11.0.0.1/24 1
11.0.0.2/24
103.0.0.1/24
103.0.0.2/24
13.0.0.1/24
13.0.0.2/24
16.0.0.1/24
16.0.0.2/24
106.0.0.1/24
106.0.0.2/24
14.0.0.1/24 purple
14.0.0.2/24
1
105.0.0.2/24
105.0.0.1/24
gold
7
7
7
7
7
7
Module 14 Lab Exercises
56 Extreme Configuration Fundamentals Rev. 3.0
Part 1 Restoring the Base Lab Exercise Configuration
1 Set the IP address, default gateway, and subnetwork mask of your student PC to the address
identified in Figure 14 and Table 10.
2 Login to the switch with administrator access.
3 Set the switch to use the primary configuration after the next reboot, by entering the following
command:
use configuration primary
The system prompts:
The selected configuration will take effect after the next switch reboot.
4 Save the configuration to nonvolatile storage, by entering the following command:
save primary
5 Copy the lab1 configuration to the primary configuration, by entering the following command:
cp lab1.cfg primary.cfg
The system displays the following prompt:
Copy config lab1.cfg to config primary.cfg on the switch? (y/n)
6 Enter yes.
7 Reboot the switch, by entering the following command:
reboot
The system prompts:
Are you sure you want to reboot the switch (y/n)?
8 Enter yes.
The system reboots.
Lab 11 Configuring OSPF
Extreme Configuration Fundamentals Rev. 3.0 57
Part 2 Configuring VLANs, Creating Router Interfaces, and Adding
Ports
1 For your switch, create VLANs, assign IP addresses to the VLANs, and add ports to the VLANs
based on Table 11 and Figure 14.
2 Verify the VLAN name, port assignment, and IP address, by entering the following command:
show vlan detail
3 Administratively enable port 7 and the ports connecting to the other switches.
4 Verify that the correct ports are enabled, by entering the following command:
show ports configuration
5 Verify the VLAN name, port assignment, and IP address, by entering the following command:
show vlan detail
Part 3 Enabling IP Forwarding and OSPF
1 Enable IP forwarding for all VLANs, by entering the following command:
enable ipforwarding
2 Configure the OSPF router ID, by entering the following command:
configure ospf routerid 2.9.7.x
Where x is your switch number.
3 Configure OSPF on each IP interface, by entering the following command:
configure ospf add vlan all area 0.0.0.0
4 Enable OSPF, by entering the following command:
enable ospf
Table 11:
Switch
VLAN, IP address, and
Port
VLAN, IP address, and
Port
VLAN, IP address, and
Port
VLAN, IP address, and
Port
Sanjose yellow 101.0.0.1/24
port 7
green 11.0.0.1/24
port 3
blue 10.0.0.1/24
port 2
Newyork pink 102.0.0.1/24
port 7
orange 12.0.0.1/24
port 4
blue 10.0.0.2/24
port 1
London black 103.0.0.1/24
port 7
green 11.0.0.2/24
port 1
brown 13.0.0.1/24
port 4
purple 14.0.0.1/24
port 5
Cairo gray 104.0.0.1/24
port 7
orange 12.0.0.2/24
port 2
brown 13.0.0.2/24
port 3
red 15.0.0.1/24
port 6
Beijing white 105.0.0.1/24
port 7
purple 14.0.0.2/24
port 3
gold 16.0.0.1/24
port 6
Tokyo plum 106.0.0.1/24
port 7
red 15.0.0.2/24
port 4
gold 16.0.0.2/24
port 5
Module 14 Lab Exercises
58 Extreme Configuration Fundamentals Rev. 3.0
Part 4 Verifying and Testing IP Forwarding
1 Verify that the other students have completed part 3 of this lab.
2 From your student PC use the ping command to send an ICMP echo request to the other student
PCs.
3 Did the PCs respond? ______
4 Verify the IP route table, by entering the following command:
show iproute
5 Verify if IP forwarding is enabled on the VLANs, by entering the following command:
show ipconfig
6 Verify the global OSPF configuration, by entering the following command:
show ospf
7 Verify the area specific configuration, by entering the following command:
show ospf area 0.0.0.0
8 Verify the OSPF interface configuration, by entering the following command:
show ospf interface detail
9 Monitor the LSDB, by entering the following command:
show ospf lsdb
10 Trace the route between your switch and the other switches, by entering the following command:
traceroute <IP_address>
11 Is configuring routing using OSPF easier than building static routes? _________

Extreme CLI

Thursday, May 5, 2011

extremenetwork

No comments:

Post a Comment