博科交换机配置指导手册PPT课件.ppt

FastTrackTraining Agenda SessionOneLayer2SwitchesAdministrationEssentials Connection commandlineandGUIessentialsNetworkConfiguration DefaultVLAN VLANsTrunksandLAGRedundantConnections Spanningtree RSTP MSTPBaseLayer3 VE sandVLANs RoutingPorts StaticRoutesSessionTwoLayer3SwitchesDynamicRouting RIPandOSPFRedundantRoutinginterfaces VRRPandVRRP EISPBorderrouting BGPTrafficControl ACL sAdditionalSlidesAdditionalTheorySlides Ifrequired AdditionalMaterialusefulforsomestudentsbutoutsidetheBCNEsubjects egRate Limiting THANKYOU Section1 1Layer2SwitchesAdministrationEssentials DB 9maleinterface VT 100terminal straight throughcable femaletofemalenotanull modem TheVT 100configurationis 9600Baud8DataBitsParity NoneStopBits 1FlowControl NoneForMODEMCross Overcable typicallyaDB 9FtoDB 9Fcable ConsolePort SW FastIron enableNopasswordhasbeenassignedyet SW FastIron showchassisSW FastIron configureterminalSW FastIron config showchassisInterfaceLevelFixedConfigurationproductsspecifythePortnumber FastIronSimulator SW FastIron config inteth1 eth1 ethernetport 1 SW FastIron config if 1 ChassisproductsspecifytheSlot Port BigIronSimulator SW FastIron config inteth2 1 eth2 1 Chassisslot 2 ethernetport 1 StackableproductsspecifytheStack Number Unit Number PortSW FastIron config inteth1 2 1 eth1 2 1 Stack number 1 Unit number 2 ethernetport 1 CLIBasics Part1 2 Movebackupthemenutreeusing exit SW ServerIron config rs c1 exitSW ServerIron config exitSW ServerIron exitSW ServerIron Use end orCntl Ztoreturnto promptDisplaytherunning configandsavedstartup configSW ServerIron writeterminalSW ServerIron showrunning configSW ServerIron showconfigErasetheStartup ConfigSW ServerIron erasestartup configTheCLIsupports up downarrow foraccesstothelastcommandsenteredSW ServerIron config ping10 1 1 1Invalidinput ping10 1 1 1Type foralistSW ServerIron config exitSW ServerIron CLIBasics Part2 2 TwoImageStorageAreasPrimaryandSecondaryViewTheFlash BigIronRouter shversionBigIronRouter shflashActivemanagementmodule CodeFlashType AMD29F032B Size 64 65536 4194304 Unit 2BootFlashType AMD29F040 Size 8 65536 524288CompressedPriCodesize 3485205 Version07 5 01T53 b2r07501 bin CompressedSecCodesize 3494253 Version07 5 02T53 b2r07502 bin MaximumCodeImageSizeSupported 3866112 0 x003afe00 BootImagesize 149324 Version07 02 01 m2b07201 bin FileManagement Part1 3 Specifywheretobootfrom PrimaryFlashSecondaryFlashTFTPServerBootPServerWhereyouenterthecommandalsodictateswhentoloadPRIVELEDGEDlevel INTERMEDIATEreboot reloadConfigLevel LoadatnextscheduledrebootOrBigIron config boosyfsBigIron config wrimemBigIron reloadat06 00 0001 19 04 System TFTPServer FlashPrimaryFlashSecondary ImageCode ManagementModule abbreviatedbutuniquecommandline FileManagement Part2 3 From ToTFTPServersFrom ToPrimaryorSecondaryFlashExecPrivilegedLevel NetIron copytftpflash192 22 33 44vm1r07501 binsecondaryCopiesfromtheTFTPserverthefile vm1r07501 bin andstoresittothesecondaryflashareaNetIron copyflashtftp192 22 33 44vm1r07501 binsecondaryCopiesthesystemimagefromthesecondaryflashareaandstoresittotheTFTPserverasfilename vm1r07501 binTurboIron copyflashflash primaryCopysecondarytoprimarysecondaryCopyprimarytosecondaryTurboIron copyflashflashprimaryCopiesthesystemimagefromthesecondaryflashareatotheprimary SW FastIron copyrunning configtftp192 22 33 44new cfgCopiesfromthecurrentrunningconfig notthestoredconfig andwritesittotheTFTPserverasfilename new cfg NetIron copytftpflash192 22 33 44nib06007 binbootCopiesthebootimagefromtftpservertothebootmemorylocationofflash boot isahiddenparameter ManagementModule FlashPrimaryFlashSecondary FileManagement Part3 3 Showcommands NetIron showarpRPcacheNetIron showipinterfaceipinterfaceinformationNetIron showipcacheIPhost MACtableNetIron showipospfOSPFinformationNetIron showiprouteIProutesandtheirstatusNetIron showiptrafficIP ICMP UDP TCP RIP trafficstatisticsNetIron showipdvmrpDVMRPinformationManyoftheabovecommandshaveseveralbranchesAnexampleis NetIron showipospfneighborNeighborrouterinformationReferencethemanualforacompletelistofallcommands ShowCommands ClearforwardingandroutetablesSwitch Routerclearcommands SW FastIron TurboIron BigIron TurboIron cleararpClearsARPtableTurboIron clearmac addressClearstheMACforwardingtablesTurboIron clearstatisticsClearsallstatisticcounters NetIron clearloggingClearsthesystemlogRouter onlyclearcommands NetIron TurboIron BigIron NetIron cleariprouteClearsIProutetables NetIron clearipcacheClearsIPhost MACtablesClearingIndividualEntriesThemacparameterclearsonlytheentriesthatmatchthespecifiedaddressandmask ThevlanparameterclearsonlytheentriesthatmatchthespecifiedVLAN clearmac addressRemoveslearnedMACaddressentriesfromtheMACaddresstable EXAMPLE BigIron clearmac addressethernet1 1 ClearCommands HelpfulwhentryingtoverifyconnectivityCannotbeenteredwhenin configure modeAfewpingcommands SW FastIron ping192 190 10 10SW FastIron ping192 190 10 10count100SW FastIron ping192 190 10 10size1200SW FastIron ping192 190 10 10ttl5c10s200Issues10pingswithatimetoliveof5andeachpingis200byteslongUse aftertheaddressforotheroptionsSyntax ping source count timeout ttl size quiet numeric no fragment verify data brief PingCommands ShowCPUStatistics FastIron config showprocesscpuProcessName5Sec 1Min 5Min 15Min Runtime ms ACL0 000 000 000 000ARP0 150 200 190 20134792BGP0 000 000 000 000DOT1X0 000 000 000 000GVRP0 000 000 000 000ICMP0 000 000 000 003721IP0 000 000 000 001271L2VLAN9 1012 1711 1210 818220839NAT0 000 000 000 000OSPF0 000 000 000 000RIP0 000 000 000 00129STP0 010 010 010 0111588VRRP0 000 000 000 000 BigIronRouter showcpu2percentbusy from81secago1secavg 1percentbusy5secavg 1percentbusy60secavg 1percentbusy300secavg 3percentbusy AllocatingAdditionalMemoryforVLANSandVE s Systemmaximumnumberdependson ProductandManagementModuleBigIron config system maxvlan2048BigIron config system maxvirtual interface2048BigIron config writememoryBigIron config endBigIron reload ManagementIPAddressandDefault Gateway LAN IPAdd 192 22 33 45 FastIron contFastIron Config ipaddress192 168 33 45255 255 255 0FastIron Config ipdefault gateway192 168 33 1BigIronRouter contBigIronRouter Config inteth1 1BigIronRouter Config ipaddress192 168 33 45255 255 255 0 Passwords FactoryDefault noEnablepasswordsPasswordscanbeupto32characterslongMultiplelevelsof Enable passwordaccessAccessdependsonwhichpasswordyouuseSuperUser Unlimitedaccess canchangeallparametersConfigurePort ChangeinterfacelevelparametersReadOnly Viewonly nochangingallowedBigIron config enablesuper user passwordSuPswdBigIron config enableport config passwordPCPswdBigIron config enableread only passwordROPswdBigIron enablePCPswdorBigIron enablePassword Ifthesystempasswordisnotyetset thesystemwarnsyouBigIron enableNopasswordhasbeenassignedyet Passwords recovering YoucanrecoverfromaforgottenpasswordsRequiresdirectaccesstotheSerialPortandaSystemResetHaveterminalsessionpluggedintoserialport then RebootthesystemWithin2seconds enter b toinitiatethebootmonitorBOOTMONITOR nopassword cannotbeabbreviated BOOTMONITOR bootsystemflashprimaryThisbypassesthesystempasswordcheckSW FastIron enableNopasswordhasbeenassignedyet SW FastIron ReassignSuper Userpassword saveconfigSW FastIron config enabsuper userNewPassword assignsanewpassword SW FastIron config writememory Alsospecifypasswordsfor TelnetAccessSW FastIron config enabletelnetpasswordTelNetPswdWherePasswordscanbechangedfromSW FastIron config password changeserial port onlyoptions Usernames PasswordcombinationsSpecifyUsername PasswordandPrivilegeLevel config usernameBigKahunapriv0passwordBKpswdPrivilegelevel 0 Super User 4 Port Config 5 Read onlyASuper Useraccount orSuper Userenablepassword mustbesetPasswordsarestoredinConfigFileENCRYPTED default oryoucanturnoffencryption config noservicepassword encryptionUsernameListsareappliedwithAAAcommands Passwords AuthenticationforthefollowingaccesstypesSyntax aaaauthenticationdefault aaaauthentication whattypeofaccess default howtovalidate aaaauthenticationsnmp server applications IronView HPOV Spectrum etc aaaauthenticationweb server WebBrowsertoBrocadeSwitchesandRoutersaaaauthenticationenable enable commandtogainPrivilegedandCONFIGlevelaccessaaaauthenticationlogin TELNETaccesstotheBrocadeSwitch Router Passwords aaaauthenticationtypes AuthenticationmethodsSyntax aaaauthenticationdefault IfavalidationmethodisNOTconfigured usenextmethodTACACS TACACS RADIUSQueryaTACACS TACACS orRADIUSserverforusername passwordLocalUselocallydefinedusername passwordcombinationsLineUsetheTELNETaccesspasswordEnableUsethe enable passwords super user port config read only Passwords aaaauthenticationmethods Syntax aaaauthentication whattypeofaccess default howtovalidate ExamplesaaaauthenticationlogindefaultlocalForTELNETaccess login usethelocallydefinedusernamesaaaauthenticationenabledefaultradiuslocalTogainprivileged CONFIGaccess enable command queryaconfiguredRADIUSserver ifnotconfigured fallbacktolocallydefinedusernamesaaaauthenticationwebdefaultradiuslocalenableTheWebBrowserwillfirstlookat1 RADIUSusernames ifnotconfigured 2 locallydefinedusernames ifnotconfigured3 usethe enable super user port config andread onlypasswords Passwords aaaauthenticationexamples SNMPrequiredinformation SW FastIron config ipaddress192 22 33 45255 255 255 0SW FastIron config ipdefault gateway192 22 33 1SW FastIron config snmp servercontact BillClinton SW FastIron config snmp serverlocationthe white houseSW FastIron config snmp serverhost192 22 33 55publicSW FastIron config snmp servercommunitynotsaferoSW FastIron config snmp servercommunitysaferwNote Thefirsttwocommandsarevalidforswitchesonly RouterswouldassignanIPaddressattheinterfacelevel notatthegloballevel BigIron config interfaceethernet1 2BigIron config if 1 2 ipaddress192 22 33 45255 255 255 0 SNMPConfigurations EnabledwithwebbrowserUsername PasswordAccessUserNamePasswordReadOnlygetpublicRead WritesetOnlyonesessioncanbeRead WriteMultipleRead onlysessions passwordprotectedaccess WebBrowserGUIConfig YoucanrestrictWeb TelnetandSNMPaccesstoasinglemanagementaddress BigIron config webclient209 157 22 39BigIron config snmp client209 157 22 14BigIron config telnetclient209 157 22 26BigIron config all client209 157 22 69forallthreetypesTodisableManagementcompletely BigIron config noweb managementBigIron config notelnetserverBigIron config nosnmp server ControllingAccess THANKYOU Section1 2Layer2SwitchesPortConfigurationandLinkAggregation SpecificattributesofeachportSpeedAuto negotiate default Forcedto10or100Mbps FullDuplex HalfDuplexExamples NetIron enablepasswordhereNetIron configtermNetIron config interfacee8NetIron config if 8 speed duplex100 halfNetIron config if 8 speed10 fullNetIron config if 8 speedautoNetIron config if 8 interfacee12NetIron config if 12 speed100 fullNetIron config if 12 endNetIron writemem InterfaceConfiguration Part1 2 FastIron config showinterfacebriefFastIron config Inteth5to10FastIron config inf eth5to10 DisableFastIron config showinterfacebriefPortLinkStateDuplexSpeedTagPriorityMACTrunk01DownNoneNoneNoneNoNormal00e0 5200 0385102DownNoneNoneNoneNoNormal00e0 5200 0386103DownNoneNoneNoneNoNormal00e0 5200 0387None04DownNoneNoneNoneNoNormal00e0 5200 0388None05DownNoneNoneNoneNoNormal00e0 5200 0389None06DownNoneNoneNoneNoNormal00e0 5200 038aNone07DownNoneNoneNoneNoNormal00e0 5200 038bNone08DownNoneNoneNoneNoNormal00e0 5200 038cNone09UpListenFull100MYesNormal00e0 5200 038dNone10UpForwardFull100MNoNormal00e0 5200 038eNone11DownNoneNoneNoneNoNormal00e0 5200 038fNone12DownNoneNoneNoneNoNormal00e0 5200 0390None13DownNoneNoneNoneNoNormal00e0 5200 0391None14DownNoneNoneNoneNoNormal00e0 5200 0392None15UpForwardFull100MNoNormal00e0 5200 0393None16DownNoneNoneNoneNoNormal00e0 5200 0394None17UpForwardFull1GNoNormal00e0 5200 0395None InterfaceConfiguration Part2 2 Atrunkisagroupofphysicalportsthatactasonelogicalport AlsocalledEtherchannelinsomequartersStatictrunkshavebeenreplacedbythe802 3addynamicLACPprotocolbymostmanufacturers Trunking LinkAggregation FastIronA config trunkethernet1to4FastIronA config trunk 1 4 writememoryFastIronA config trunk 1 4 exitFastIronA config trunkdeploy NotonSimulator BigIronA config trunkethernet1 1to1 4ethernet4 5to4 8BigIronA config trunk 1 1 4 8 writememoryBigIronA config trunk 1 1 4 8 exitBigIronA config trunkdeploy NotonSimulator Multi SlotTrunkGroupConfiguration A B ShowTrunk Loadsharingisdependenton DeviceFamily Type BigIronChassis FastIronStackTrafficType Layer 2orLayer 3 IPornonIPForexample FastIronXSeriesLayer2Bridgednon IP SourceanddestinationMACaddressesLayer2BridgedTCP UDP SourceanddestinationMACaddresses sourceanddestinationIPaddresses andsourceanddestinationTCP UDPportsLayer2BridgedIP non TCP UDP SourceanddestinationMACaddresses andsourceanddestinationIPaddressesLayer3Routedtraffic SourceanddestinationIPaddressesandprotocolfield TrunkGroupLoadSharing TrunksandLinkAggregationaresynonymsPortsfollowthesamerulesasforStaticTrunksLinkAggregationControlProtocol LACP sendsoutpacketslike802 1dSpanningTreesendsoutBPDUsThesearecalledLinkAggregationControlProtocolDataUnits LACPDULACPpacketsallowbothsidesofatrunktoautomaticallyconfigurethemselves Itisastandardthatissupportedbymultiplemanufacturers 802 3adDynamicLinkAggregation Configfor2porttrunkexampleActivedevice sends receivesLACPpackets BigIron A config interfaceethernet1 1BigIron A config if e1000 1 1 link aggregateactiveBigIron A config interfaceethernet1 2BigIron A config if e1000 1 2 link aggregateactivePassivedevice onlyreceivesLACPpackets BigIron B config interfaceethernet1 1to1 2BigIron B config mif 1 1 1 2 link aggregatepassive 802 3adDynamicTrunks Systempriority specifiesdevice slinkaggregationpriorityrelativetothepartnerdevicePortpriority determinesactiveandstandbylinks Linktype specifieswhetherpartnerisserverortoanothernetworkingdeviceKey identifiesthegroupofpotentialtrunkportstheportbelongsto 802 3adLinkAggregationParameters KeyidentifiesthegroupofpotentialtrunkportsaportbelongstoEveryPortthatis802 3adenabledhasakeyPortswithasamekeyarecalledaKey GroupandareeligibletobeinthesametrunkgroupAdefault keyisautomaticallyassignedtoanuntaggedportwhenlinkedaggregationisenabledYoumustmanuallyconfigurelinkaggregationkeysfortaggedportsNotethatIronStacksupportscrossstackTrunks AggregateLinkKeys Port1 1 Port1 2 Port3 8 Port1 3 Port1 4 Port3 6 Port3 5 Port3 7 Port1 1 Port1 2 Port4 8 Port1 4 Port4 6 Port4 5 Port4 7 Switch1 Switch2 Slot3 Slot4 Key10 Key20 Key30 Key40 TheShowCommand Part1 2 TheShowCommand Part2 2 NetIronMLX XMR Version3 7 00andlater andBigIronRX Version2 6 00andlater chassisuseadifferentcommandlineformatforLinkAggregationStaticLAGs Thesetrunkgroupsaremanually configuredaggregatelinkscontainingmultipleports DynamicLAGs ThisLAGtypeusestheLinkAggregationControlProtocol LACP tomaintainaggregatelinksovermultipleport LACPPDUsareexchangedbetweenportsoneachroutertodetermineiftheconnectionisstillactive TheLAGthenshutsdownportswhoseconnectionisnolongeractive KeepAliveLAGs InaKeepAliveLAGasingleconnectionbetweenasingleporton2routersisestablished InakeepaliveLAG LACPPDUsareexchangedbetweenthe2portstodetermineiftheconnectionbetweentheroutersisstillactive Ifitisdeterminedthattheconnectionisnolongeractive theportsareblocked BigIronRXsupports31multi portLAGswithupto97additionalKeepAliveLAGs NetIronMLX XMRcansupportupto2568 porttrunks 12816 porttrunksor6432 porttrunks Setusingthesystem maxtrunk numcommand NetIron BigIronChassisLAG StaticLAGcommandlineNetIron config lagbluestaticid124NetIron config lag blue portsethernet1 2to1 3NetIron config lag blue primary port1 3NetIron config lag blue deployDynamicLAGcommandLineNetIron config lagreddynamicNetIron config lag red primaryport3 1NetIron config lag red portsethernet3 1ethernet7 2NetIron config lag red deployKeepAliveLAGs NetIron config laggreenkeep aliveNetIron config lag green portsethernet4 1NetIron config lag green deploy NetIron BigIronChassisLAG THANKYOU Section1 3Layer2SwitchesVLANConfiguration VLAN 802 1qTagging Port4 Port2 Port1 Port6 Port7 Port9 Port11 Port12 Port16 Port15 Port13 Port10 Port8 Port4 Port3 Port2 Port1 Port5 Port6 Port7 Port8 Port14 Port 14is Tagged sothatitcanbeinmultiplePort basedVLANs Allowstheswitchtodeterminefromthe VLANID whichVLANreceivedpacketsshouldbeforwardedto ChangethedefaultVLANtoVLAN4000Default vlan4000Shvlan4000Shvlan1 Bothsidesofthelinkmustbeconfiguredfor802 1qtaggingOtherwise onesidemayinterpretpacketsincorrectly the802 1qTagfieldgetstreatedincorrectlyasalength typefield Port5 Port3 Port BasedVLANALLL2Broadcasts MulticastsareforwardedtoallportsdefinedinthePORT BasedVLANgroup andnotsenttootherports FastIron config vlan2nameaccountingFastIron config vlan 2 untaggedethe4FastIron config vlan 2 untaggedethe7to12FastIron config vlan 2 taggedethe14FastIron config vlan 2 wrmem VLAN PortBasedCLIcommands Part1 2 Port4 Port3 Port2 Port1 Port5 Port6 Port7 Port8 Port9 Port10 Port11 Port12 Port16 Port15 Port14 Port13 Broadcast Multicast Port4 Port7 Port13 AftercreatingaPort basedVLAN showVLANwillbedisplayitalongwiththe catch all defaultVLAN FastIron config showvlanTotalPORT VLANentries 2MaximumPORT VLANentries 9PORT VLAN1 NameDEFAULT VLAN PriorityNormal SpanningtreeOnUntaggedPorts 1235689101112151617181920UntaggedPorts 212223242526TaggedPorts NonePORT VLAN2 Name None PriorityNormal SpanningtreeOnUntaggedPorts 4713TaggedPorts 14AlsouseShowRunandShowVLAN2 VLANs PortBased Part2 2 VLAN 1 DEFAULT VLAN isallportsnotbelongingtoanyotherPort basedVLAN Here stheVLAN 2thatwejustcreatedonthepreviousslide Configuringataggedportasadual modeportallowsittoacceptandtransmitbothtaggedtrafficanduntaggedtrafficatthesametime PC2inVLAN10 IPphoneinVLAN20 PC1inVLAN10 e6DualPort e34 Untaggedpacket DualMode1 2 Configuringataggedportasadual modeportallowsittoacceptandtransmitbothtaggedtrafficanduntaggedtrafficatthesametime PC2inVLAN10 IPphoneinVLAN20 e6DualPort DualMode2 2 BigIron config vlan10byportBigIron config vlan 10 taggede6BigIron config vlan 10 exitBigIron config vlan20byportBigIron config vlan 20 taggede6BigIron config vlan 20 exitBigIron config in