博科交换机配置指导手册.ppt

1、FastTrack Training,Agenda,Session One Layer 2 Switches Administration Essentials: Connection, command line and GUI essentials Network Configuration: Default VLAN, VLANs Trunks and LAG Redundant Connections: Spanning tree, RSTP, MSTP Base Layer 3: VEs and VLANs, Routing Ports, Static Routes Session T

2、wo Layer 3 Switches Dynamic Routing: RIP and OSPF Redundant Routing interfaces: VRRP and VRRP-E ISP Border routing: BGP Traffic Control: ACLs Additional Slides Additional Theory Slides (If required) Additional Material useful for some students but outside the BCNE subjects (eg Rate-Limiting),THANK Y

3、OU,Section 1.1 Layer 2 Switches Administration Essentials,DB-9 male interface. VT-100 terminal - straight-through cable (female to female not a null-modem). The VT-100 configuration is:9600 Baud 8 Data Bits Parity = NoneStop Bits = 1 Flow Control = None For MODEM Cross-Over cable (typically a DB-9F

4、to DB-9F cable),Console Port,SW-FastIron enable No password has been assigned yet. SW-FastIron# show chassis SW-FastIron# configure terminalSW-FastIron(config)# show chassis Interface Level Fixed Configuration products specify the Port number (FastIron Simulator) SW-FastIron(config)# int eth 1 (eth

5、1 = ethernet port #1)SW-FastIron(config-if-1)# Chassis products specify the Slot/Port (BigIron Simulator) SW-FastIron(config)# int eth 2/1 (eth 2/1 = Chassis slot #2, ethernet port #1) Stackable products specify the Stack-Number/Unit-Number/Port SW-FastIron(config)# int eth 1/2/1 (eth 1/2/1 = Stack-

6、number #1, Unit-number #2, ethernet port #1),CLI Basics (Part 1 / 2),Move back up the menu tree using “exit” SW-ServerIron(config-rs-c1)# exit SW-ServerIron(config)# exit SW-ServerIron# exit SW-ServerIron Use “end” or Cntl-Z to return to “#” prompt Display the running-config and saved startup-config

7、 SW-ServerIron# write terminal SW-ServerIron# show running-config SW-ServerIron# show config Erase the Startup-Config SW-ServerIron# erase startup-config The CLI supports up / down arrow for access to the last commands entered SW-ServerIron(config)# ping Invalid input - ping Type ?

8、 for a list SW-ServerIron(config)#exit SW-ServerIron#,CLI Basics (Part 2 / 2),Two Image Storage Areas Primary and Secondary View The Flash: BigIron Router#sh version BigIron Router#sh flash Active management module: Code Flash Type: AMD 29F032B, Size: 64 * 65536 = 4194304, Unit: 2 Boot Flash Type: A

9、MD 29F040, Size: 8 * 65536 = 524288 Compressed Pri Code size = 3485205, Version 07.5.01T53 (b2r07501.bin) Compressed Sec Code size = 3494253, Version 07.5.02T53 (b2r07502.bin) Maximum Code Image Size Supported: 3866112 (0 x003afe00) Boot Image size = 149324, Version 07.02.01 (m2b07201.bin),File Mana

10、gement (Part 1 / 3),Specify where to boot from: Primary Flash Secondary Flash TFTP Server BootP Server Where you enter the command also dictates when to load PRIVELEDGED level INTERMEDIATE reboot/reload Config Level Load at next scheduled reboot Or BigIron# (config) # boo sy f s BigIron# (config) #

11、wri mem BigIron# reload at 06 : 00 : 00 01-19-04,System,TFTP Server,Flash Primary Flash Secondary,Image Code,Management Module,abbreviated but unique command line,File Management (Part 2 / 3),From/To TFTP Servers From/To Primary or Secondary Flash Exec Privileged Level: NetIron# copy tftp flash 192.

12、22.33.44 vm1r07501.bin secondary Copies from the TFTP server the file “vm1r07501.bin ” and stores it to the secondary flash area NetIron# copy flash tftp 4 vm1r07501.bin secondary Copies the system image from the secondary flash area and stores it to the TFTP server as filename “vm1r07501

13、.bin TurboIron# copy flash flash ? primary Copy secondary to primary secondary Copy primary to secondary TurboIron# copy flash flash primary Copies the system image from the secondary flash area to the primary. SW-FastIron# copy running-config tftp 4 new.cfg Copies from the current runnin

14、g config (not the stored config) and writes it to the TFTP server as filename “new.cfg”. NetIron# copy tftp flash 4 nib06007.bin boot Copies the boot image from tftp server to the boot memory location of flash.(“boot” is a hidden parameter),Management Module,Flash Primary Flash Secondary,

15、File Management (Part 3 / 3),Show commands: NetIron# show arpRP cache NetIron# show ip interfaceip interface information NetIron# show ip cacheIP host/MAC table NetIron# show ip ospfOSPF information NetIron# show ip routeIP routes and their status NetIron# show ip trafficIP (ICMP, UDP, TCP, RIP) tra

16、ffic statistics NetIron# show ip dvmrpDVMRP information Many of the above commands have several branches An example is: NetIron# show ip ospf neighbor Neighbor router information Reference the manual for a complete list of all commands,Show Commands,Clear forwarding and route tables Switch/Router cl

17、ear commands:(SW-FastIron,TurboIron,BigIron) TurboIron# clear arpClears ARP table TurboIron# clear mac-addressClears the MAC forwarding tables TurboIron# clear statisticsClears all statistic counters. NetIron# clear loggingClears the system log Router-only clear commands :(NetIron, TurboIron, BigIro

18、n) NetIron# clear ip routeClears IP route tables. NetIron# clear ip cacheClears IP host/MAC tables Clearing Individual Entries The mac parameter clears only the entries that match the specified address and mask. The vlan parameter clears only the entries that match the specified VLAN. clear mac-addr

19、ess Removes learned MAC address entries from the MAC address table. EXAMPLE: BigIron# clear mac-address ethernet 1/1,Clear Commands,Helpful when trying to verify connectivity Cannot be entered when in “configure” mode A few ping commands: SW-FastIron ping 0 SW-FastIron# ping

20、0 count 100 SW-FastIron ping 0 size 1200 SW-FastIron# ping 0 ttl 5 c 10 s 200 Issues 10 pings with a time to live of 5 and each ping is 200 bytes long Use “?” after the address for other optionsSyntax: ping | source count timeout ttl size quiet numeric no-fragment verify data

21、 brief,Ping Commands,Show CPU Statistics,FastIron(config)#show process cpu Process Name 5Sec(%) 1Min(%) 5Min(%) 15Min(%) Runtime(ms) ACL 0.00 0.00 0.00 0.00 0 ARP 0.15 0.20 0.19 0.20 134792 BGP 0.00 0.00 0.00 0.00 0 DOT1X 0.00 0.00 0.00 0.00 0 GVRP 0.00 0.00 0.00 0.00 0 ICMP 0.00 0.00 0.00 0.00 3721

22、 IP 0.00 0.00 0.00 0.00 1271 L2VLAN 9.10 12.17 11.12 10.81 8220839 NAT 0.00 0.00 0.00 0.00 0 OSPF 0.00 0.00 0.00 0.00 0 RIP 0.00 0.00 0.00 0.00 129 STP 0.01 0.01 0.01 0.01 11588 VRRP 0.00 0.00 0.00 0.00 0,BigIron Router# show cpu 2 percent busy, from 81 sec ago 1 sec avg: 1 percent busy 5 sec avg: 1

23、 percent busy 60 sec avg: 1 percent busy 300 sec avg: 3 percent busy,Allocating Additional Memory for VLANS and VEs,System maximum number depends on: Product and Management Module BigIron(config)# system-max vlan 2048 BigIron(config)# system-max virtual-interface 2048 BigIron(config)# write memory B

24、igIron(config)# end BigIron# reload,Management IP Address and Default-Gateway,LAN,IP Add: 5,FastIron# con t FastIron # (Config) ip address 5 FastIron # (Config) ip default-gateway BigIron Router# con t BigIron Router# (Config) int eth 1/1 BigIron Rou

25、ter# (Config) ip address 5 ,Passwords,Factory Default = no Enable passwords Passwords can be up to 32 characters long Multiple levels of “Enable” password access Access depends on which password you use Super User - Unlimited access, can change all parameters Configure Port

26、- Change interface level parameters Read Only - View only, no changing allowed BigIron(config)# enable super-user-password SuPswdBigIron(config)# enable port-config-password PCPswdBigIron(config)# enable read-only-password ROPswd BigIron enable PCPswdorBigIron enable Password: If the system password

27、 is not yet set, the system warns you BigIron enableNo password has been assigned yet.,Passwords, recovering,You can recover from a forgotten passwords Requires direct access to the Serial Port and a System Reset Have terminal session plugged into serial port, then: Reboot the system Within 2 second

28、s, enter b to initiate the boot monitor BOOT MONITOR no password(cannot be abbreviated) BOOT MONITOR boot system flash primary This bypasses the system password check SW-FastIron enableNo password has been assigned yetSW-FastIron# Reassign Super-User password if not configured, fallback to locally d

29、efined usernames aaa authentication web default radius local enable The Web Browser will first look at 1. RADIUS usernames, if not configured, 2. locally defined usernames, if not configured3. use the “enable” super-user, port-config, and read-only passwords,Passwords - aaa authentication examples,S

30、NMP required information: SW-FastIron(config)# ip address 5 SW-FastIron(config)# ip default-gateway SW-FastIron(config)# snmp-server contact “Bill Clinton” SW-FastIron(config)# snmp-server location the_white_house SW-FastIron(config)# snmp-server host

31、5 public SW-FastIron(config)# snmp-server community notsafe ro SW-FastIron(config)# snmp-server community safe rw Note: The first two commands are valid for switches only. Routers would assign an IP address at the interface level, not at the global level. BigIron(config) interface ethernet 1/2 BigIr

32、on(config-if-1/2)# ip address 5 ,SNMP Configurations,Enabled with web browser Username Customer doesnt need to learn Internet routes But the Internet, needs to learn customer(stub AS) routes 3 ways ISPs learn and advertise customers routes: static routes on ISP router, learne

33、d via IGP, or via BGP,3 ways to advertise Stub ASs,Discovery TOI FOS peers initially exchange full BGP routing tables. After, incremental updates TCP stays alive forever or until problems cause termination,Discovery TOI FOS & M-EOS Roadmap,June, 2009,Multi-homed ASs: BGP connectivity to 2 ISPs,Multi

34、-homed ASs with IBGP,Discovery TOI FOS & M-EOS Roadmap,June, 2009,AS100(customer) uses IBGP with an IGP IBGP between customers 2 border routers Border routers speak EBGP to the different ASs (ISP 1 & ISP 2),EBGP vs. IBGP,EBGP: A connection between different Ass (No routes are advertised by default)

35、IBGP: A connection within the same AS (Entire BGP router table is sent to peer),Discovery TOI FOS & M-EOS Roadmap,June, 2009,Common Service Provider - BIG ASs,Advertises exterior routes to other IBGP peers within ISP (AS100) Full IBGP mesh required for AS100 IGP carries ISP local information only,Di

36、scovery TOI FOS & M-EOS Roadmap,June, 2009,Why use Internal BGP ? IBGP,IBGP is like a tunnel through an AS from one EBGP router to another EBGP router Shields IGP internal routers from the load of external routing updates Internet routing table. IBGP allows you to use policies to choose exit IGPs ca

37、nt. Note: IGP is used to establish required reachability. IBGP peers will never become established unless there is IP connectivity between the two peers.,Discovery TOI FOS & M-EOS Roadmap,June, 2009,Internal BGP Update source loopback,IBGP peers use loopbacks - EBGP peers do not update-source loopback command says “use the loopback for peer(neighbor) communication” Loopback interface used for IBGP unties it from relying on the availability of a particular interface for makin