Brocade TurboIron 24X Series Configuration Guide User Manual
Brocade turboiron 24x series, Configuration guide
Table of contents
Document Outline
- About This Document
- Feature Highlights
- Getting Familiar with Management Applications
- Configuring Basic Software Features
- Configuring basic system parameters
- Entering system administration information
- Configuring Simple Network Management Protocol (SNMP) parameters
- Disabling Syslog messages and traps for CLI access
- Configuring an interface as the source for all Telnet packets
- Cancelling an outbound Telnet session
- Specifying a Simple Network Time Protocol (NTPv4) server
- Setting the system clock
- Limiting broadcast, multicast, and unknown unicast traffic
- Configuring basic port parameters
- Assigning a port name
- Modifying port speed and duplex mode
- Auto speed detect
- Modifying port duplex mode
- Disabling or re-enabling a port
- Disabling or re-enabling flow control
- Auto-negotiation and advertisement of flow control
- TurboIron X SeriesConfiguring the Interpacket Gap (IPG)
- Changing the Gbps fiber negotiation mode
- Modifying port priority (QoS)
- Configuring port flap dampening
- Port loop detection
- Configuring basic system parameters
- Operations, Administration, and Maintenance
- Overview
- Determining the software versions installed and running on a device
- Image file types
- Upgrading software
- Using SNMP to upgrade software
- Changing the block size for TFTP file transfers
- Rebooting
- Displaying the boot preference
- Loading and saving configuration files
- Replacing the startup configuration with the running configuration
- Replacing the running configuration with the startup configuration
- Logging changes to the startup-config file
- Copying a configuration file to or from a TFTP server
- Dynamic configuration loading
- Maximum file sizes for startup-config file and running-config
- Scheduling a system reload
- Diagnostic error codes and remedies for TFTP transfers
- Securing Access to Management Functions
- Securing access methods
- Restricting remote access to management functions
- Using ACLs to restrict remote access
- Defining the console idle time
- Restricting remote access to the device to specific IP addresses
- Restricting access to the device based on IP or MAC address
- Specifying the maximum number of login attempts for Telnet access
- Restricting remote access to the device to specific VLAN IDs
- Designated VLAN for Telnet management sessions to a Layer 2 Switch
- Device management security
- Disabling specific access methods
- Setting passwords
- Setting up local user accounts
- Configuring TACACS/TACACS+ security
- How TACACS+ differs from TACACS
- TACACS/TACACS+ authentication, authorization, and accounting
- TACACS authentication
- TACACS/TACACS+ configuration considerations
- Enabling TACACS
- Identifying the TACACS/TACACS+ servers
- Specifying different servers for individual AAA functions
- Setting optional TACACS/TACACS+ parameters
- Configuring authentication-method lists for TACACS/TACACS+
- Configuring TACACS+ authorization
- Configuring TACACS+ accounting
- Configuring an interface as the source for all TACACS/TACACS+ packets
- Displaying TACACS/TACACS+ statistics and configuration information
- Configuring RADIUS security
- RADIUS authentication, authorization, and accounting
- RADIUS configuration considerations
- RADIUS configuration procedure
- Configuring Brocade-specific attributes on the RADIUS server
- Enabling SNMP to configure RADIUS
- Identifying the RADIUS server to the device
- Specifying different servers for individual AAA functions
- Configuring a RADIUS server per port
- Mapping a RADIUS server to individual ports
- Setting RADIUS parameters
- Configuring authentication-method lists for RADIUS
- Configuring RADIUS authorization
- Configuring RADIUS accounting
- Configuring an interface as the source for all RADIUS packets
- Displaying RADIUS configuration information
- Configuring authentication-method lists
- Configuring SSH2 and SCP
- SSH version 2 support
- AES encryption for SSH2
- Configuring SSH2
- Setting optional parameters
- Setting the number of SSH authentication retries
- Deactivating user authentication
- Enabling empty password logins
- Setting the SSH port number
- Setting the SSH login timeout value
- Designating an interface as the source for all SSH packets (Layer 3 code only)
- Configuring the maximum idle time for SSH sessions
- Filtering SSH access using ACLs
- Terminating an active SSH connection
- Displaying SSH connection information
- Using Secure copy with SSH2
- Configuring IPv6 Connectivity
- IPv6 addressing overview
- IPv6 CLI command support
- Configuring an IPv6 host address on a Layer 2 switch
- Configuring the management port for an IPv6 automatic address configuration
- Configuring basic IPv6 connectivity on a Layer 3 switch
- IPv6 management (IPv6 host support)
- Restricting SNMP access to an IPv6 node
- Specifying an IPv6 SNMP trap receiver
- SNMP V3 over IPv6
- SNTP over IPv6
- Secure Shell, SCP, and IPv6
- IPv6 Telnet
- Configuring name-to-IPv6 address resolution using IPv6 DNS resolver
- Defining an IPv6 DNS entry
- Using the IPv6 copy command
- Using the IPv6 ncopy command
- IPv6 ping
- Configuring an IPv6 Syslog server
- Viewing IPv6 SNMP server addresses
- Disabling IPv6 on a Layer 2 switch
- Clearing global IPv6 information
- Displaying global IPv6 information
- Securing SNMP Access
- Enabling the Foundry Discovery Protocol and Reading Cisco Discovery Protocol Packets
- Configuring LLDP
- Terms used in this chapter
- LLDP overview
- General operating principles
- MIB support
- Syslog messages
- Configuring LLDP
- Configuration notes and considerations
- Enabling and disabling LLDP
- Changing a port LLDP operating mode
- Specifying the maximum number of LLDP neighbors
- Enabling LLDP SNMP notifications and syslog messages
- Changing the minimum time between LLDP transmissions
- Changing the interval between regular LLDP transmissions
- Changing the holdtime multiplier for transmit TTL
- Changing the minimum time between port reinitializations
- LLDP TLVs advertised by the device
- Displaying LLDP statistics and configuration settings
- LLDP configuration summary
- LLDP statistics
- LLDP neighbors
- LLDP neighbors detail
- LLDP configuration details
- Resetting LLDP statistics
- Clearing cached LLDP neighbor information
- Monitoring Hardware Components
- Using Syslog
- Overview
- Displaying Syslog messages
- Configuring the Syslog service
- Displaying the Syslog configuration
- Disabling or re-enabling Syslog
- Specifying a Syslog server
- Specifying an additional Syslog server
- Disabling logging of a message level
- Changing the number of entries the local buffer can hold
- Changing the log facility
- Displaying Interface names in Syslog messages
- Displaying TCP or UDP port numbers in Syslog messages
- Clearing the Syslog messages from the local buffer
- Network Monitoring
- Configuring Basic Layer 2 Features
- Enabling or disabling the Spanning Tree Protocol (STP)
- Changing the MAC age time and disabling MAC address learning
- Configuring static MAC entries
- Configuring VLAN-based static MAC entries
- Enabling port-based VLANs
- Defining MAC address filters
- MAC address filter override for 802.1X-enabled ports
- Displaying and modifying system parameter default settings
- Egress buffer thresholds for QoS priorities
- Cut-Through Switching Support
- Default settings for egress buffer thresholds
- Disabling and re-enabling the default settings for egress buffer thresholds
- Setting the egress buffer threshold for all QoS priorities on a port or group of ports
- Setting the egress buffer threshold for a specific QoS priority on a port or group of ports
- Link Fault Signaling (LFS) for 10G
- Jumbo frame support
- Configuring Metro Features
- Configuring Uni-Directional Link Detection (UDLD)
- Configuring Trunk Groups and Dynamic Link Aggregation
- Trunk group overview
- Configuring a trunk group
- CLI syntax
- Example 1: Configuring the trunk groups shown in Figure 75
- Example 2: Configuring a trunk group that spans two Gbps Ethernet modules in a chassis device
- Example 3: Configuring a multi-slot trunk group with one port per module
- Example 4: Configuring a trunk group of 10 Gbps Ethernet ports
- Additional trunking options
- Displaying trunk group configuration information
- Dynamic link aggregation
- Displaying and determining the status of aggregate links
- Clearing the negotiated aggregate links table
- Configuring single link LACP
- Configuring Virtual LANs (VLANs)
- VLAN overview
- Routing between VLANs
- Virtual routing interfaces (Layer 3 Switches only)
- Routing between VLANs using virtual routing interfaces (Layer 3 Switches only)
- Dynamic port assignment (Layer 2 Switches and Layer 3 Switches)
- Assigning a different VLAN ID to the default VLAN
- Assigning different VLAN IDs to reserved VLANs 4091 and 4092
- Assigning trunk group ports
- Configuring port-based VLANs
- Modifying a port-based VLAN
- Enable spanning tree on a VLAN
- Configuring IP subnet, IPX network andprotocol-based VLANs
- Routing between VLANs using virtual routing interfaces (Layer 3 Switches only)
- Configuring uplink ports within a port-based VLAN
- Configuring the same IP subnet address on multiple port-based VLANs
- Configuring VLAN groups and virtual routing interface groups
- Configuring super aggregated VLANs
- Configuring 802.1Q-in-Q tagging
- Configuring private VLANs
- Dual-mode VLAN ports
- Displaying VLAN information
- Configuring Port Mirroring and Monitoring
- Configuring IP
- Basic configuration
- Overview
- Basic IP parameters and defaults – Layer 3 Switches
- Basic IP parameters and defaults – Layer 2 Switches
- Configuring IP parameters – Layer 3 Switches
- Configuring IP addresses
- Configuring 31-bit subnet masks on point-to-point networks
- Configuring packet parameters
- Changing the router ID
- Specifying a single source interface for Telnet, TACACS/TACACS+, or RADIUS Packets
- Configuring ARP parameters
- Configuring forwarding parameters
- Disabling ICMP messages
- Configuring static routes
- Configuring a default network route
- Configuring IP load sharing
- Configuring IRDP
- Configuring RARP
- Configuring UDP broadcast and IP helper parameters
- Configuring BootP/DHCP relay parameters
- Configuring IP parameters – Layer 2 Switches
- Displaying IP configuration information and statistics
- Configuring Spanning Tree Protocol (STP) Related Features
- Configuring RIP
- Configuring OSPF Version 2 (IPv4)
- Overview of OSPF
- Configuring OSPF
- Configuration rules
- OSPF parameters
- Enable OSPF on the router
- Assign OSPF areas
- Assigning an area range (optional)
- Assigning interfaces to an area
- Modify interface defaults
- Change the timer for OSPF authentication changes
- Block flooding of outbound LSAs on specific OSPF interfaces
- Assign virtual links
- Modify virtual link parameters
- Changing the reference bandwidth for the cost on OSPF interfaces
- Define redistribution filters
- Prevent specific OSPF routes from being installed in the IP route table
- Modify default metric for redistribution
- Enable route redistribution
- Disable or re-enable load sharing
- Configure external route summarization
- Configure default route origination
- Modify SPF timers
- Modify redistribution metric type
- Modify administrative distance
- Configure OSPF group Link State Advertisement (LSA) pacing
- Modify OSPF traps generated
- Modify OSPF standard compliance setting
- Modify exit overflow interval
- Specifying the types of OSPF Syslog messages to log
- Clearing OSPF information
- Displaying OSPF information
- Displaying general OSPF configuration information
- Displaying CPU utilization statistics
- Displaying OSPF area information
- Displaying OSPF neighbor information
- Displaying OSPF interface information
- Displaying OSPF route information
- Displaying OSPF external link state information
- Displaying OSPF link state information
- Displaying the data in an LSA
- Displaying OSPF virtual neighbor information
- Displaying OSPF virtual link information
- Displaying OSPF ABR and ASBR information
- Displaying OSPF trap status
- Configuring BGP4
- Overview of BGP4
- Basic configuration and activation for BGP4
- BGP4 parameters
- Memory considerations
- Basic configuration tasks
- Optional configuration tasks
- Changing the Keep Alive Time and Hold Time
- Changing the BGP4 next-hop update timer
- Enabling fast external fallover
- Changing the maximum number of paths for BGP4 load sharing
- Customizing BGP4 load sharing
- Specifying a list of networks to advertise
- Changing the default local preference
- Using the IP default route as a valid next hop for a BGP4 route
- Advertising the default route
- Changing the default MED (Metric) used for route redistribution
- Enabling next-hop recursion
- Changing administrative distances
- Requiring the first AS to be the neighbor AS
- Disabling or re-enabling comparison of the AS-Path length
- Enabling or disabling comparison of the router IDs
- Configuring the Layer 3 Switch to always compare Multi-Exit Discriminators (MEDs)
- Treating missing MEDs as the worst MEDs
- Configuring route reflection parameters
- Aggregating routes advertised to BGP4 neighbors
- Modifying redistribution parameters
- Filtering
- Configuring route flap dampening
- Globally configuring route flap dampening
- Using a route map to configure route flap dampening for specific routes
- Using a route map to configure route flap dampening for a specific neighbor
- Removing route dampening from a route
- Removing route dampening from a neighbor routes suppressed due to aggregation
- Displaying and clearing route flap dampening statistics
- Generating traps for BGP
- Displaying BGP4 information
- Displaying summary BGP4 information
- Displaying the active BGP4 configuration
- Displaying CPU utilization statistics
- Displaying summary neighbor information
- Displaying BGP4 neighbor information
- Displaying peer group information
- Displaying summary route information
- Displaying the BGP4 route table
- Displaying BGP4 route-attribute entries
- Displaying the routes BGP4 has placed in the IP route table
- Displaying route flap dampening statistics
- Displaying the active route map configuration
- Updating route information and resetting a neighbor session
- Clearing traffic counters
- Clearing route flap dampening statistics
- Removing route flap dampening
- Clearing diagnostic buffers
- Configuring IP Multicast Traffic Reduction
- IGMP snooping overview
- PIM SM traffic snooping overview
- Configuring IGMP snooping
- Enabling IGMP snooping globally on the device
- Configuring the IGMP mode
- Configuring the IGMP version
- Disabling IGMP snooping on a VLAN
- Disabling transmission and receipt of IGMP packets on a port
- Modifying the age interval for group membership entries
- Modifying the query interval (active IGMP snooping mode only)
- Modifying the maximum response time
- Configuring report control
- Modifying the wait time before stopping traffic when receiving a leave message
- Modifying the multicast cache age time
- Enabling or disabling error and warning messages
- Configuring static router ports
- Turning off static group proxy
- IGMP V3 membership tracking and fast leave
- Fast leave for IGMP V2
- Fast convergence
- Configuring PIM SM snooping
- IGMP snooping show commands
- PIM SM snooping show commands
- Clear commands for IGMP snooping
- Configuring IP Multicast Protocols
- Overview of IP multicasting
- Changing global IP multicast parameters
- PIM Dense
- PIM Sparse
- Passive multicast route insertion
- Multicast Source Discovery Protocol (MSDP)
- Using ACLs to control multicast features
- Tracing a multicast route
- Displaying the multicast configuration for another multicast router
- IGMP V3
- Default IGMP version
- Compatibility with IGMP V1 and V2
- Globally enabling the IGMP version
- Enabling the IGMP version per interface setting
- Enabling the IGMP version on a physical port within a virtual routing interface
- Enabling membership tracking and fast leave
- Setting the query interval
- Setting the group membership time
- Setting the maximum response time
- Displaying IGMP V3 information on Layer 3 Switches
- Clearing IGMP statistics
- Configuring VRRP and VRRPE
- Overview
- Comparison of VRRP and VRRPE
- VRRP and VRRPE parameters
- Configuring basic VRRP parameters
- Configuring basic VRRPE parameters
- Note regarding disabling VRRP or VRRPE
- Configuring additional VRRP and VRRPE parameters
- Forcing a Master router to abdicate to a standby router
- Displaying VRRP and VRRPE information
- Configuration examples
- Configuring Rule-Based IP Access Control Lists
- ACL overview
- How hardware-based ACLs work
- Configuration considerations
- Configuring standard numbered ACLs
- Configuring standard named ACLs
- Configuring extended numbered ACLs
- Configuring extended named ACLs
- Preserving user input for ACL TCP/UDP port numbers
- Managing ACL comment text
- Applying an ACL to a virtual interface in a protocol- or subnet-based VLAN
- Enabling ACL logging
- Enabling strict control of ACL filtering of fragmented packets
- Enabling ACL support for switched traffic in the router image
- Enabling ACL filtering based on VLAN membership or VE port membership
- Filtering on IP precedence and ToS values
- QoS options for IP ACLs
- ACL-based rate limiting
- Using ACLs to control multicast features
- Enabling and viewing hardware usage statistics for an ACL
- Displaying ACL information
- Troubleshooting ACLs
- Configuring Traffic Policies
- Configuring 802.1X Port Security
- IETF RFC support
- How 802.1X port security works
- Configuring 802.1X port security
- Configuring an authentication method list for 802.1X
- Setting RADIUS parameters
- Configuring dynamic VLAN assignment for 802.1X ports
- Dynamically applying IP ACLs and MAC filters to 802.1X ports
- Enabling 802.1X port security
- Setting the port control
- Configuring periodic re-authentication
- Re-authenticating a port manually
- Setting the quiet period
- Specifying the wait interval and number of EAP-request/ identity frame retransmissions
- Specifying the wait interval and number of EAP-request/ identity frame retransmissions from the RADIUS server
- Specifying a timeout for retransmission of messages to the authentication server
- Initializing 802.1X on a port
- Allowing access to multiple hosts
- Configuring VLAN access for non-EAP-capable clients
- Displaying 802.1X information
- Sample 802.1X configurations
- Using multi-device port authentication and 802.1X security on the same port
- Using the MAC Port Security Feature
- Configuring Multi-Device Port Authentication
- How multi-device port authentication works
- Using multi-device port authentication and 802.1X security on the same port
- Configuring multi-device port authentication
- Enabling multi-device port authentication
- Specifying the format of the MAC addresses sent to the RADIUS server
- Specifying the authentication-failure action
- Generating traps for multi-device port authentication
- Defining MAC address filters
- Configuring dynamic VLAN assignment
- Dynamically applying IP ACLs to authenticated MAC addresses
- Enabling denial of service attack protection
- Clearing authenticated MAC addresses
- Disabling aging for authenticated MAC addresses
- Changing the hardware aging period for blocked MAC addresses
- Specifying the aging time for blocked MAC addresses
- Specifying the RADIUS timeout action
- Multi-device port authentication password override
- Limiting the number of authenticated MAC addresses
- Displaying multi-device port authentication information
- Displaying authenticated MAC address information
- Displaying multi-device port authentication configuration information
- Displaying multi-device port authentication information for a specific MAC address or port
- Displaying the authenticated MAC addresses
- Displaying the non-authenticated MAC addresses
- Displaying multi-device port authentication information for a port
- Displaying multi-device port authentication settings and authenticated MAC addresses
- Protecting Against Denial of Service Attacks
- Configuring Rate Limiting and Rate Shaping
- Configuring Quality of Service
- Syslog messages
- Software Specifications
- NIAP-CCEVS Certification