Extreme Networksメーカー300-48の使用説明書/サービス説明書
ページ先へ移動 of 198
Extreme N etworks , Inc. 3585 Mo nroe Stre et Santa Cl ara, Ca lif ornia 9505 1 (888) 257-3000 http://www .e xtremen etworks. com Summit 300-48 Switch Softw are User Guide Soft ware V ersion 6.2a Publishe d: September 2 003 P ar t number : 12300 7-00 Rev .
2 ©2003 Extreme Networks, Inc. All rights reserved. Extr eme Networks, ExtremeW are, Alpine, and BlackDiamond are register ed trademarks of Extreme Networks, Inc.
Summit 300-48 Switch Software User Gu ide 3 Contents Pref ace Introductio n 15 Conventions 15 Related Publi cations 16 Chapter 1 Extreme W are Overview Summary of Featu res 17 Unified Access 18 V irtu.
4 Summit 300-48 Switch Software User Guide Contents Configuring Management A ccess 28 User Account 29 Administrator Account 29 Default Accounts 29 Creating a M anagement Account 30 Domain Name S ervic.
Summit 300-48 Switch Software User Gu ide 5 Contents Port Number ing 55 Enabling and Di sabling Switch Po rts 55 Configuring Switch Port Speed and Duplex Setting 56 Switch Port Commands 56 Load Shar i.
6 Summit 300-48 Switch Software User Guide Contents Configuring W ireless Port Interf aces 79 Managing W ireless Clients 80 Show Commands 80 Event Logging and Re porting 81 Chapter 7 Unifie d Access S.
Summit 300-48 Switch Software User Gu ide 7 Contents Chapter 10 Acces s P olicies Overview of Access Policies 107 Access Control Lists 107 Rate Limits 107 Using Access Control Lists 107 Access Masks 1.
8 Summit 300-48 Switch Software User Guide Contents Port Statisti cs 135 Port Errors 136 Port Monitorin g Display Keys 137 Setting th e System Recovery Lev el 137 Logging 138 Local Log ging 139 Remote.
Summit 300-48 Switch Software User Gu ide 9 Contents Resetting a nd Disabling Route r Settings 163 Configuring DHCP/BOOTP Re lay 1 64 V erifying the DHCP/B OOTP Relay Con figuration 165 UDP-For wardi .
10 Summit 300-48 Switch Software User Guide Contents Debu g T rac ing 187 TOP Command 187 Contacting Ext reme T echnical Support 187 Index Index of Commands.
Summit 300-48 Switch Software User Gu ide 11 Figures 1 Example of a port-bas ed VLAN on t he Summit 300 -48 swit ch 64 2 Single port -based VLAN spanni ng two swit ches 65 3 T wo port- based VL ANs sp.
12 Summit 300-48 Switch Software User Guide Figure s.
Summit 300-48 Switch Software User Gu ide 13 Ta b l e s 1 Notice Icons 15 2 Te x t C o n v e n t i o n s 1 6 3 Extr emeW are Summi t 300-48 F actory Defa ults 20 4 Command Syntax Sy mbols 25 5 Line-Ed.
14 Summit 300-48 Switch Software User Guide Ta b l e s 34 Security Profile Command Pr operty V a lues 90 35 Per-Port LEDs 98 36 Power Over Ethernet Configuration Commands 98 37 PoE S how Comm ands 101.
Summit 300-48 Switch Software User Gu ide 15 Pref ace This preface pr ovides an overview of this guide, describes guide co nventions, and lists other publ ica tions tha t may b e us eful.
16 Summit 300-48 Switch Software User Guide Preface Related Publications The publications related t o this one are: • Extr emeW are R elease No tes • Summit 30 0-48 Swi tch Release Notes Documentation for Extreme Networks products is availabl e on the W orld W ide W eb at t he following location: • http://w ww .
Summit 300-48 Switch Software User Gu ide 17 1 ExtremeW are Ov er vie w This chapter describes the fol lowing topi cs: • Summar y of Fe atures on p age 17 • Security Licensin g on page 20 • Softwar e Factory De faults on page 20 ExtremeW are is the full-feature d software operating system that is designed to run on the Summit 300-48 switch.
18 Summit 300-48 Switch Software User Guide Extr emeW are Ov ervie w • SSH 2 conn ect ion • Simpl e Netwo rk Manage ment Protocol ( SNMP) supp ort • Remo te Moni toring (R MON) • T raffic mirr.
Software Lice nsing Summit 300-48 Switch Software User Gu ide 19 Quali ty of Servic e Extr emeW are ha s Quality o f Service (QoS) fea tures that support IEEE 802.1 p, MAC QoS, and four queues. These feature s enable you to specify service levels for different tr affic gr oups.
20 Summit 300-48 Switch Software User Guide Extr emeW are Ov ervie w Secur ity Licensin g Certain additional Extr emeW are security feature s, such as the use of Secur e Shell (SSH2) encryption, may be under United States export r estriction control. Extrem e Networks ships these security features in a disabled state.
Sof tw are F actory D ef ault s Summit 300-48 Switch Software User Gu ide 21 NO TE F or default settin gs of indi vidual E xtremeWare f eatures, see th e applic able individu al chapters in this guide.
22 Summit 300-48 Switch Software User Guide Extr emeW are Ov ervie w.
Summit 300-48 Switch Software User Gu ide 23 2 Accessing the Switch This chapter describes the fol lowing topi cs: • Understand ing the Com mand Synta x on page 23 • Line-Editi ng Keys on page 25 .
24 Summit 300-48 Switch Software User Guide Accessing the Switch Syntax Hel per The CLI has a built-in s yntax hel per . If you ar e unsur e of the complete synt ax for a particu lar comman d, enter as much of the command as possible and pres s [Return].
Line-Editing K eys Summit 300-48 Switch Software User Gu ide 25 Names All na med c ompo nent s of th e swi tch c onfig urat ion mu st h ave a uniqu e name . Na mes mu st b egin with an alphabetica l character and are delimited by whites pace, unless enclosed in quotatio n marks.
26 Summit 300-48 Switch Software User Guide Accessing the Switch Comma nd Hist or y ExtremeW are “r em embers” the last 49 commands you enter ed. Y ou can dis play a list of these commands by using the f ollowing com mand: history Common Comma nds T a ble 6 describes comm on commands used to manage the switch.
Common Commands Summit 300-48 Switch Software User Gu ide 27 confi g sys- reco very- level [non e | c rit ical | al l] Config ures a recov ery option for instance s where a n excepti on occurs in ExtremeW are. Specify one of t he follow ing: • none — Reco very withou t system reboot.
28 Summit 300-48 Switch Software User Guide Accessing the Switch Configur ing Management Access ExtremeW are supports the following two levels of management: • User • Admini strat or In addition to the man agement levels, you can optional ly use an external RADIUS server to provide CLI comman d authori zation che cking for each co mmand.
Config uring Mana gement Access Summit 300-48 Switch Software User Gu ide 29 User Account A user -level account has viewing access to all manageable parameters, with the exception of: • User account database.
30 Summit 300-48 Switch Software User Guide Accessing the Switch Changing the Def ault P asswor d Default a ccounts do no t have passw ords assigned to them. Passwords must h ave a minim um of f our characte rs and can have a m aximum of 1 2 characters.
Domain Name Ser vice Client Services Summit 300-48 Switch Software User Gu ide 31 Viewin g Accounts T o view the accounts that have been created, you must have administrator privileges. Use the following command to see the accounts: show accounts Deleting an Account T o delete a account, you m ust have admini strator privileges.
32 Summit 300-48 Switch Software User Guide Accessing the Switch Chec king Basic Connectivity The switch offers the following commands for checking basic connectivity: • ping • traceroute Ping The ping com mand enables you to send Interne t Control Messa ge Protocol (ICMP) echo me ssages to a rem ot e I P d ev ic e .
Checking Basic Con nectivity Summit 300-48 Switch Software User Gu ide 33 • from uses the specified source address in the ICMP packet. If not specified, the addr ess of the transmitting i nterface is used. • ttl configures the switch to trace up to the time-to-live n umber of the switch.
34 Summit 300-48 Switch Software User Guide Accessing the Switch.
Summit 300-48 Switch Software User Gu ide 35 3 Managing the Switch This chapter describes the fol lowing topi cs: • Overview on page 3 5 • Using the Con sole Interface o n page 36 • Using T eln .
36 Summit 300-48 Switch Software User Guide Managi ng the Switch Using the Console In terf ace The CLI built into the switch is a ccessible by way of the 9-pin, RS -232 port labeled cons ole , located on the front of the Summit 300-48 sw itch. After the connection h as been establ ished, you will see the switch prompt an d you can lo g in.
Using T elnet Summit 300-48 Switch Software User Gu ide 37 Y ou can enab le BOOTP on a per -VLAN ba sis by using t he following command: enable bootp vlan [<name> | all] By default, BOOTP is disabled on the de fault VLAN.
38 Summit 300-48 Switch Software User Guide Managi ng the Switch When you have successfully logged in to the switch, th e command-lin e prompt displays th e name of the switch in its prompt.
Using Secure Shell 2 (SSH2) Summit 300-48 Switch Software User Gu ide 39 Contr olling T elnet Access By default, T e lnet services are ena bled on the switch.
40 Summit 300-48 Switch Software User Guide Managi ng the Switch Y ou can specify a list of predefined clients that are allowed SSH2 access to the switch. T o do this, you must create an acce ss profile that con tains a l ist of allow ed IP addresses.
Using SNMP Summit 300-48 Switch Software User Gu ide 41 Suppor ted MIBs In addition to priv ate MIBs, the switch supports the standa rd MIBs listed in Appendix B.
42 Summit 300-48 Switch Software User Guide Managi ng the Switch Displa ying SNMP Settings T o display t he SNMP setting s configured on the sw itch, use the follo wing comm and: show management This .
Authenticating User s Summit 300-48 Switch Software User Gu ide 43 A uth enticating Us ers ExtremeW are provides a Radius client to authenticate sw itch admin us ers who login to the switch: RADIUS Cl.
44 Summit 300-48 Switch Software User Guide Managi ng the Switch RADIUS RFC 2138 Attri butes The RADIUS R FC 2138 opti onal attr ibutes suppo rted ar e as fol lows: • User -Name • User-Passw ord .
Authenticating User s Summit 300-48 Switch Software User Gu ide 45 eric Password = "", Service-Type = Administrative Filter-Id = "unlim" albert Password = "password", Ser.
46 Summit 300-48 Switch Software User Guide Managi ng the Switch Filter-Id = "unlim" admin Password = "", Service-Type = Administrative Filter-Id = "unlim" eric Password .
Using Extre meWare Vista Summit 300-48 Switch Software User Gu ide 47 Using ExtremeW are Vista The ExtremeW are V i sta™ device-management software that runs on the switch allows you to access the switch over a T CP/IP netw ork using a sta ndard web browser .
48 Summit 300-48 Switch Software User Guide Managi ng the Switch • After downloading a newer version of the switch image, clear the browser disk and memory cache to see the updated menu screen s. Y ou must clear the cache while at the main ExtremeW are V ista Logon scr een, so that all underl ying .
Using Extre meWare Vista Summit 300-48 Switch Software User Gu ide 49 T ask Frame The task fram e has two section s: menu buttons and submenu lin ks. The four task m enu buttons a re: • Configuratio n • Statisti cs • Support • Logout Below the task buttons are options.
50 Summit 300-48 Switch Software User Guide Managi ng the Switch Status Messages Status messages ar e displayed at the top of the content frame. The four types of status messages are: • Inf orm ati on —Dis plays in formati on that is usefu l to kno w prior to, o r as a r esult of, chan ging conf igur ation opti ons.
Using th e Simple N etwork Time P rotocol Summit 300-48 Switch Software User Gu ide 51 Do a GET When Co nfiguring a VLAN When configuri ng a VLAN using ExtremeW a re V ista , prior to editing th e VLAN configura tion, you must first cl ick the get button to ens ure that subsequent edits are applied to the correct VLAN.
52 Summit 300-48 Switch Software User Guide Managi ng the Switch Once enabled, the switch sends out a periodic query to the NTP servers defined later (if configured) or listens to b roadcast NTP updates from the network. The netw ork time inf ormation is automat ically saved in to the on- board real-time clock.
Using th e Simple N etwork Time P rotocol Summit 300-48 Switch Software User Gu ide 53 -9:00 -540 YST - Yuk on Standard -10:00 -6 00 AHST - Alaska-Hawaii Standard CAT - Central Alaska HST - Hawaii Sta.
54 Summit 300-48 Switch Software User Guide Managi ng the Switch SNTP Configuration Commands T a ble 1 4 describes SNTP configuratio n commands. SNTP Example In this exam ple, the switch queries a specif ic NTP server and a b ackup NTP serv er . The swi tch is located in Cupertino, CA, and an update occurs every 20 minutes.
Summit 300-48 Switch Software User Gu ide 55 4 Configur ing P or t s on a Switch This chapter describes the fol lowing topi cs: • Por t Numb erin g on p age 55 • Enabling a nd Disablin g Switch Po.
56 Summit 300-48 Switch Software User Guide Conf igu ring P orts on a Sw itch Configuring Swit ch P or t Sp eed and Duplex Setting By default, the switch is co nfigured to use autonegotiatio n to determine the port speed a nd duplex setting for each port.
Load Sh aring on th e Switch Summit 300-48 Switch Software User Gu ide 57 Load Shar in g on the Switch Load sharin g with s witches allows you to i ncrease bandwidth an d resiliency by us ing a group of ports to carry traffic in parallel between switches.
58 Summit 300-48 Switch Software User Guide Conf igu ring P orts on a Sw itch Y ou can conf igure the address-based load- sharing algo rithm on the Su mmit 300-48 switch.
Switch P or t-Mirroring Summit 300-48 Switch Software User Gu ide 59 • P o r t s o n t h e s w i t c h a r e d i v i d e d i n t o a m a x i m u m o f f i v e g r o u p s . • Port -based and roun d-robi n load s har ing algo rit hms do n ot ap pl y .
60 Summit 300-48 Switch Software User Guide Conf igu ring P orts on a Sw itch Up to eight mirroring filters and one monitor port can be configured. Af ter a port has been specified as a monitor port, it cannot be used for any other function. NO TE F rame s that contain errors ar e not mirr ored.
Extreme Discov er y Protocol Summit 300-48 Switch Software User Gu ide 61 P or t-Mirr oring Example The following example selects port 1:3 as the mirror port and sends all traf fic coming into or out .
62 Summit 300-48 Switch Software User Guide Conf igu ring P orts on a Sw itch.
Summit 300-48 Switch Software User Gu ide 63 5 Vir tual LANs (VLANs) This chapter describes the fol lowing topi cs: • Overview of V irtual LANs on page 63 • T ypes of VLANs on page 64 • VLAN Nam.
64 Summit 300-48 Switch Software User Guide Virtual LANs ( VLANs) • VLANs ease the cha nge and movement of devices. W ith tradit ional netw orks, network administrators spend much o f their tim e dealing with moves and changes. If users move to a dif fer ent subnetwork, the addr esses of each endstation must be updated manual ly .
T ype s of VLANs Summit 300-48 Switch Software User Gu ide 65 Spanning Switches wi th P or t-Based VLANs T o create a port-b ased VLAN that span s two sw itches, you must do t wo things: 1 A s s i g n t h e p o r t o n e a c h s w i t c h t o t h e V L A N .
66 Summit 300-48 Switch Software User Guide Virtual LANs ( VLANs) Figure 3 illu strates two VL ANs spanni ng two switches. On system 1, ports 1:12 through 1:24, and port 1:51 are p art o f VL AN Accounting ; ports 1 :37 thro ugh 1:48, a nd port 1:52 ar e part of VLAN Engin eering .
T ype s of VLANs Summit 300-48 Switch Software User Gu ide 67 NO TE The use of 802.1Q tag ged packets ma y lead t o the appe arance of pa ck ets slight ly bigge r than the curre nt IEEE 802 .3/Ether net ma ximum of 1,518 bytes. This may aff ect p ack et error coun ters in o ther devices, and may also lead to connecti vity pr oblems if non- 802.
68 Summit 300-48 Switch Software User Guide Virtual LANs ( VLANs) Figure 4: Physical d iagram of tagged and untag ged traffic Figure 5 is a logical dia gram of the sam e network.
VLAN Names Summit 300-48 Switch Software User Gu ide 69 • The server con nected to port 1 :16 on sys tem 1 has a NIC t hat supports 802.1Q taggi ng. • The server connected to port 1:16 on sys tem 1 is a member of both VLAN Marketin g and VLA N Sales .
70 Summit 300-48 Switch Software User Guide Virtual LANs ( VLANs) Renaming a VLAN T o ren ame an existing VLAN, use the followin g command: config vlan <old_name> name <new_name> The follow ing rules ap ply to renaming VLA Ns: • After you change the name o f the default VLAN, it cann ot be changed back to de fault .
Displaying VLAN Settings Summit 300-48 Switch Software User Gu ide 71 VLAN Configuration Examples The followin g Summit 30 0-48 swit ch example creates a tag-based VLAN named video . It assign s the VLANid 10 00. Po rts 1:4 th ro ugh 1:8 ar e added as tagged port s to the VLAN .
72 Summit 300-48 Switch Software User Guide Virtual LANs ( VLANs).
Summit 300-48 Switch Software User Gu ide 73 6 Wireless Netw or king This ch apter describes w ire less net working u sing th e Summit 3 00-48 sw itch and th e Altitude 3 00 wireless port and includ e.
74 Summit 300-48 Switch Software User Guide Wireless Networking Figure 6: Sa mple integrate d wired and wireless n etwork This arrangement is part of the Extr eme Unified Access Ar chitecture, which is designed to support both wired and wireless netw orks from a single network switch.
Bridging Summit 300-48 Switch Software User Gu ide 75 Y ou can set network policies at Layers 2 and 3 to cover both the w ir ed and wireless networks . In this way you can bl ock access to i ndividuals suspected of in trusion across the entire network infrastructure.
76 Summit 300-48 Switch Software User Guide Wireless Networking 7 Configure a specif ic channel (d etermined from a s ite survey), i f desired, on each int erface. If you do not configure a specific cha nnel, the switch a uto-selects the chann el with the lea st interference.
Configuring RF Proper ties Summit 300-48 Switch Software User Gu ide 77 frag-leng th 2345 256-23 45 Identif ies fragme nt size in bytes . This val ue should remain at i ts defa ult setting of 2345 . It specif ies the maximu m siz e for a pack et befo re data is f ragmen ted into multi ple pa ckets.
78 Summit 300-48 Switch Software User Guide Wireless Networking Configur ing Wireless Sw itch Proper ties T able 21 lists the wireless confi guration comm and that a pplies to the sw itch as a whole, indepen dent of individual ports or port interfaces.
Configuring Wireless P or ts Summit 300-48 Switch Software User Gu ide 79 Configur ing Wire less P or t s The configure wireless ports c o m m a n d s a l l o w y o u t o c o n f i g u r e p r o p e r t i e s s u c h a s t h e I P a d d r e s s and the location of the port.
80 Summit 300-48 Switch Software User Guide Wireless Networking T able 25 lists the configura tion comma nds for wireless ports. Managing Wirel ess Clients T able 26 lists the comman ds for configuri ng interactions w ith client statio ns.
Event Logging and Repor ting Summit 300-48 Switch Software User Gu ide 81 Ev en t Loggin g and Re por tin g The Summit 30 0-48 switch s upports th e following enh ancements fo r wireless event logging.
82 Summit 300-48 Switch Software User Guide Wireless Networking.
Summit 300-48 Switch Software User Gu ide 83 7 Unified Access Secur ity This chapt er describes t he securit y featur es of the Summit 3 00-48 sw itch an d includes i nformati on on the following to p.
84 Summit 300-48 Switch Software User Guide Unified Access Security User Access Secur ity Effective user se curity meets the follo wing objectives: • Authenticatio n — Assuring that only approved users are connected to the network a t permitted locations and tim es.
User Access Security Summit 300-48 Switch Software User Gu ide 85 then extends or denies access as instructed, and passes along configuration information such as VLAN and p riorit y .
86 Summit 300-48 Switch Software User Guide Unified Access Security incorporate each of these suites, and the Altitude 300 wir eles s port supports har dware-ba sed AES and RC4 enc ryptio n. WP A-Only Support T o support WP A client s, the Summit 300 -48 switch p ort sets the privacy bit in the beacon frames it advertises.
Network S ecurity P olicies Summit 300-48 Switch Software User Gu ide 87 Network Secur ity P olicies Network security pol icy r ef ers to a set of network rule s that apply to user access. Y ou can base the rules on a variety of factors, in cluding user identificati on, time and location, a nd method of authenticatio n.
88 Summit 300-48 Switch Software User Guide Unified Access Security P ol icy Ex amp le s The followin g examples sugg est typical uses of network s ecurity polici es. Examp le. Y ou want to gi ve employees compl ete network access bu t limit access t o visitors.
CLI Comm ands for Security o n the Switch Summit 300-48 Switch Software User Gu ide 89 T a ble 3 1 lists t he attributes incl uded in the RADIUS response. V endor- Specific Att rib utes T able 32 lists the s upported vendor -specific attributes (VSAs).
90 Summit 300-48 Switch Software User Guide Unified Access Security T a ble 34 lists the properties for the security profile configuration command. Ta b l e 3 4 : Security Profile Command Pr oper ty V alu es Case Default Ranges Ac tion ssid-i n-beacon <v alue> on off | on Turns o n whethe r the SSID is pub lishe d in the bea con or not.
Examp le Wireless Conf iguration Pr ocess Summit 300-48 Switch Software User Gu ide 91 Example Wirele ss Configuration Proce ss This section provides an exam ple of the configu ration process. First, the wireless managem ent VLAN is configured , IP addresses ar e assign ed, and RF pr ofiles are cr eate d and configur ed.
92 Summit 300-48 Switch Software User Guide Unified Access Security T o configure the VLAN, address es, and RF pro files, follow these steps: 1 Create the wir eless manage ment VLAN. create vlan w ireless-mgmt 2 R e m o v e t h e w i r e l e s s p o r t f r o m t h e d e f a u l t V L A N .
Examp le Wireless Conf iguration Pr ocess Summit 300-48 Switch Software User Gu ide 93 If you enter the wrong number of ch aracters for the code, a mess age similar to the follo wing appea rs. Invalid number of bytes in key. Expected 10 bytes, got 15 bytes.
94 Summit 300-48 Switch Software User Guide Unified Access Security.
Summit 300-48 Switch Software User Gu ide 95 8 P o wer Ov er Ether net This chapt er explains h ow to config ure th e Summit 3 00-48 swit ch to supply pow er to devices usin g the Power over Ethe rnet (PoE) capabilit y .
96 Summit 300-48 Switch Software User Guide P ower Over Ethern et P or t Power Ma nagement When you con nect PDs, the Summit 3 00-48 switch auto matically di scovers and classifies those that are AF-complaint.
P or t P ower Managemen t Summit 300-48 Switch Software User Gu ide 97 Common P ower P ool The common power pool repr esents the total amount of power available on a per -slot basis, less any power re served or a llocated to curr ently powered devi ces.
98 Summit 300-48 Switch Software User Guide P ower Over Ethern et Ports are powered based upon their priority and discovery ti me. Higher priority ports w ith the oldest discovery time are powered first. If a device cons umes more power than it is allocated by class type, it is consider ed a class violation.
Configur ing Pow er Over Eth ernet Summit 300-48 Switch Software User Gu ide 99 enable i nline -power port s <portlis t> dis able i nline -po wer po rts < port lis t> Enables PoE for the lis ted ports. Disa ble s PoE for t he lis ted port s.
100 Summit 300-48 Switch Software User Guide P ower Over Ethern et unconfi g inline-p ower disco nnect-p recedenc e [lowest-pri ority | deny-po rt] Returns the disconnect-precedence to the defa ult s tate of deny-port .
Configur ing Pow er Over Eth ernet Summit 300-48 Switch Software User Gu ide 101 unc onfig inlin e- powe r ope rato r-li mit po rts < port lis t> Res ets the op erator li mit back to the default. unconfi g inli ne-power vio lation -precedenc e ports <po rtlist> Resets th e violatio n prece dence back to the defau lt.
102 Summit 300-48 Switch Software User Guide P ower Over Ethern et.
Summit 300-48 Switch Software User Gu ide 103 9 F orw arding Database (FDB) This chapter describes the fol lowing topi cs: • Overview of the FDB on page 10 3 • Configurin g FDB Entrie s on page 10.
104 Summit 300-48 Switch Software User Guide Forwarding Databas e (FDB) interface a re s tor ed as permanent . The Summi t 300-48 sw itches support a maxim um of 128 permanent entries. Once created , permanent entries stay the same as when they were cr eated.
Configuring FDB Entr i es Summit 300-48 Switch Software User Gu ide 105 Configur ing FDB Entr ies T o configure entries in the FDB, use the commands listed in T able 38.
106 Summit 300-48 Switch Software User Guide Forwarding Databas e (FDB) FDB Configuration Examples The following example adds a permanent entry to the FDB: create fdbentry 00:E0:2B:12:34:56 vlan marketing port 1:4 The permanent entry has the following characteristics: • MAC addr ess is 00:E0:2B :12:34: 56.
Summit 300-48 Switch Software User Gu ide 107 10 Access P olicies This chapter describes the fol lowing topi cs: • Overview of Access Policies on page 1 07 • Using Access Control Lists on p age 10.
108 Summit 300-48 Switch Software User Guide Access P olicies shared multiple a ccess control lists, usin g differe nt lists o f values to exam ine packets.
Using Access Co ntrol Lists Summit 300-48 Switch Software User Gu ide 109 Rate Limits Each entry that m akes up a rate limit conta ins a unique nam e and specifies a previously created access mask. Like an access list, a rate limit in cludes a list of values to co mpar e with the incom ing packets and an action to take for packets that match.
110 Summit 300-48 Switch Software User Guide Access P olicies Access Mask Pr ecedence Number s The access mask prece dence number is optional, and determines the orde r in which each rule is examined by the switch. Access control list entries ar e evaluated fr om highest precedence to lowest preceden ce.
Using Access Co ntrol Lists Summit 300-48 Switch Software User Gu ide 111 The permit-established Keyword The permit-established keywo rd is used to directionally con trol attempts to open a TCP session . Session in itiation can be explicitly blo cked using this keyword.
112 Summit 300-48 Switch Software User Guide Access P olicies The maxim um number of access lis t allo wed by th e hard war e is 254 f or each block of eight 10/100 Etherne t ports and 1 26 for each G igabit Eth ernet port, fo r a total of 10 14 ru les (254 *3+126* 2).
Using Access Co ntrol Lists Summit 300-48 Switch Software User Gu ide 113 Ta b l e 3 9 : Access Contro l List Config uration Co mmands Command Description create ac cess-li st <nam e> acces s-ma.
114 Summit 300-48 Switch Software User Guide Access P olicies crea te access -mask <a ccess-mask n ame> {dest-mac} {source- mac} {vlan } {ethertyp e} {tos | code -poin t} {ipprotoc ol} {dest- ip.
Using Access Co ntrol Lists Summit 300-48 Switch Software User Gu ide 115 create rat e-limit <rule_nam e> acces s-mask <a ccess-m ask nam e> {dest- mac <des t_mac>} {source-m ac <.
116 Summit 300-48 Switch Software User Guide Access P olicies Access Contr ol List Examples This section presents thr ee access contr ol list examples: • Using the p ermit-establi sh keywo rd • Fi.
Using Access Co ntrol Lists Summit 300-48 Switch Software User Gu ide 117 Step 1 – Deny IP T raff ic. First, crea te an access-mask that examines the IP protocol field for each packet. Then create two access-list s, one that blocks a ll TCP , one that blocks UDP .
118 Summit 300-48 Switch Software User Guide Access P olicies Figure 9: Access list allo ws TCP tr aff ic Step 3 - Permit-Establish ed Acces s List. When a TCP session begins, there is a thr ee-way handshake that includes a sequence of a SYN, SYN/ACK, an d ACK packets.
Using Access Co ntrol Lists Summit 300-48 Switch Software User Gu ide 119 Figure 1 1 shows the final outcom e of this a ccess list. Figure 11: Permit-e stablished ac cess lis t filters out SYN packet to dest inatio n Example 2: Fil ter ICMP P ackets This example creates an access list that filters out ping (ICMP echo) packets.
120 Summit 300-48 Switch Software User Guide Access P olicies.
Summit 300-48 Switch Software User Gu ide 121 11 Quality of Ser vice (QoS) This chapter describes the fol lowing topi cs: • Overview of Policy -Based Qual ity of Service on pa ge 1 21 • Applicati .
122 Summit 300-48 Switch Software User Guide Quality o f Serv i ce (QoS ) Summit 300-48 switches support up to four phys ical queues per port. NO TE As with al l Extreme switch prod ucts, QoS has no impac t on switch performanc e. Using ev en the most complex traffic gro upings ha s no co st in ter m s of switch perfor mance.
Configur ing QoS f or a Port or VLAN Summit 300-48 Switch Software User Gu ide 123 W eb B ro wsing Applications QoS needs for W eb browsing applicat ions cannot be g eneralized i nto a sing le category . For exam ple, ERP applica tions that use a browser front-end may be more important th an retrieving dail y news informatio n.
124 Summit 300-48 Switch Software User Guide Quality o f Serv i ce (QoS ) T raffic Groupings After a QoS profile has been modifi ed for bandwidth and priority , you assign traffic a grouping to th e prof ile. A traffic grouping is a classification of traffic that has one or mor e attributes in common.
T raffic G roupings Summit 300-48 Switch Software User Gu ide 125 prescribe the bandwidth ma nagement and prio rity handling f or that traffic grouping. This level of packet filtering h as no impact o n performance. MA C-Based T raffic Gr oupings QoS profiles can be a ssigned to d estination MAC addresses.
126 Summit 300-48 Switch Software User Guide Quality o f Serv i ce (QoS ) Explicit Cla ss of Service (802.1p and DiffServ) T raffic Gr oupings This category of tra ff ic groupings describes w hat is s.
T raffic G roupings Summit 300-48 Switch Software User Gu ide 127 supports four hardwar e queues. The transmitting har dware queue determines the bandwidth manageme nt and priority characteristics used when transmi tting packets. T o control the mapping of 802.
128 Summit 300-48 Switch Software User Guide Quality o f Serv i ce (QoS ) Configuring DiffServ Contained in the header of every IP packet is a field for IP T ype of Service (TOS), n ow also called the Diff Serv field. The TOS field is used by the switch to determine the type of service provided to the packet.
T raffic G roupings Summit 300-48 Switch Software User Gu ide 129 Observing DiffServ Inf ormation When a packet arrives at the switch on an ingress port, the switch examines the first six of eight TOS bits, called the c ode po int . The switch can assign th e QoS profile used to subseq uently transmit the packet based on the co de point.
130 Summit 300-48 Switch Software User Guide Quality o f Serv i ce (QoS ) DiffServ Examples For information on the access list and access mask commands in the following examples, see Chapter 10, “Access Polici es”.
V er ifying Config uration and P erfor mance Summit 300-48 Switch Software User Gu ide 131 The same info rmation is also ava ilable for ports or VLANs using o ne of the follow ing comman ds: show port.
132 Summit 300-48 Switch Software User Guide Quality o f Serv i ce (QoS ) Displaying Qo S Profile Informatio n The QoS monitor can also be used to verify the QoS configuration and monitor the use of the QoS policies that are in place.
Summit 300-48 Switch Software User Gu ide 133 12 Status Monitor ing and Statistics This chapter describes the fol lowing topi cs: • S t a t u s M o n i t o r i n g o n p a g e 1 3 3 • P o r t S t .
134 Summit 300-48 Switch Software User Guide Status M onitoring and Statistics T able 47 des cribes comm ands that ar e used to mo nitor t he status of t he swi tch. Ta b l e 4 7 : Status Monitor ing Com mands Command Descript ion show log {< priority>} Displ ays the c urrent sn apshot of the log.
Po r t S ta t is t i cs Summit 300-48 Switch Software User Gu ide 135 Po r t S t a t i s t i c s ExtremeW a re pr ovides a facility for viewing port statistic i nformation . The summary informa tion lists values for the curr ent counter against each port on each operational module in the system, and it is refr eshed approximately every 2 seco nds.
136 Summit 300-48 Switch Software User Guide Status M onitoring and Statistics • Re ceived Byte Count (RX Byte C ount) — The total nu mber of bytes that wer e received by the port, including ba d or lost fram es. This number includes bytes contain ed in the Frame Check S equence (FCS), but excludes bytes in the preamble.
P or t Monitor ing Display K eys Summit 300-48 Switch Software User Gu ide 137 • Receiv e Fragmented Frames (RX Frag) — The total number of frames received by the port wer e of incorr ect length and co ntained a bad FCS value.
138 Summit 300-48 Switch Software User Guide Status M onitoring and Statistics NO TE Extrem e Networks rec ommen ds that you set the sy stem recovery lev el to critical . Th is al lows Extrem eW ar e to lo g an error to the sy slog an d autom aticall y rebo ot the sy stem after a criti cal exception .
Loggin g Summit 300-48 Switch Software User Gu ide 139 • Message — The message co ntains the log i nformation with text tha t is specific to the problem.
140 Summit 300-48 Switch Software User Guide Status M onitoring and Statistics — ipaddress — The IP addr ess of the syslog host. — facility — The syslog faci lity level for local use. Options in clude local0 through local7 . — priority — Filters the log to display messag e with th e selected priority or higher (more critical).
Loggin g Summit 300-48 Switch Software User Gu ide 141 config s yslog {add} <h ost name/ ip> {<port>} <facili ty> {<pri ority>} Con figures th e sys log host ad dress and filters messa ges sent to the sysl og hos t. Up to 4 syslog ser vers can be confi gure d.
142 Summit 300-48 Switch Software User Guide Status M onitoring and Statistics RMON Using the Re mote Monitoring (RMON) capa bilities of the sw itch allow s network adm inistrators to improve system ef ficiency and reduce the load on the network.
RMON Summit 300-48 Switch Software User Gu ide 143 History The Histo ry group provid es histori cal vie ws of netw ork p erforma nce by tak ing peri odic sam ples of the counters supplied by the Statistics group. The group fea tures user -defined sample in tervals and buck et counters for complete customization of trend analysis.
144 Summit 300-48 Switch Software User Guide Status M onitoring and Statistics Event Actions The action s that y ou can defin e for each alarm ar e sh own in T able 52. T o be notified of events using SNMP traps, yo u must configure o ne or more trap receivers, as described in Chapter 3, “Mana ging th e Switch ”.
Summit 300-48 Switch Software User Gu ide 145 13 Spanning T ree Protocol (STP) This chapter describes the fol lowing topi cs: • Overview of the Spanning T ree Pr otocol on page 145 • Spannin g T r.
146 Summit 300-48 Switch Software User Guide Spanning T ree Pro tocol (STP ) A p o r t c a n b e l o n g t o o n l y o n e S T P D . I f a p o r t i s a m e m b e r o f m u l t i p l e V L A N s , t h e n a l l t h o s e V L A N s must belong to the same S TPD.
STP Configurations Summit 300-48 Switch Software User Gu ide 147 • Market ing is d efined on al l switches (switch A, switch B, sw itch Y , sw itch Z, and sw itch M). T w o STPDs ar e defined: • STPD1 cont ains VLANs Sale s and Personne l. • STPD2 cont ains VLANs Manufactu ring and Enginee ring.
148 Summit 300-48 Switch Software User Guide Spanning T ree Pro tocol (STP ) Figure 16: T ag -based S TP conf iguration The tag-based netw ork in F igure 16 has the foll owing config uration: • Switc h 1 co ntain s VLA N Marketin g and VLAN Sales . • Switc h 2 co ntain s VLA N E ngin eering and VLAN Sales .
Configuring STP on the Switch Summit 300-48 Switch Software User Gu ide 149 3 Enable STP for o ne or more STP doma ins using th e following co mmand: enable stpd { <stpd_name>} NO TE All VLAN s belong to the def aul t STPD (s0). If you do not want to r un STP on a VLAN , y ou must add the VLAN to a STPD tha t is disa bled.
150 Summit 300-48 Switch Software User Guide Spanning T ree Pro tocol (STP ) config s tpd <s tpd_na me> maxa ge <val ue> Specifie s the m aximum age of a BP DU in this STPD.
Displayin g STP Settings Summit 300-48 Switch Software User Gu ide 151 STP Configuration Example The following Summit 300-48 switch example cr eates and enables an STPD named Backbone_st . It assig ns the M anufacturing VLAN to the STPD. It disabl es STP on ports 1:1 th rou gh 1:7 and port 1: 12.
152 Summit 300-48 Switch Software User Guide Spanning T ree Pro tocol (STP ) Disab ling and Resetting STP T o disable STP or return STP settings to their defaults, use th e commands listed in T able 5 4. Ta b l e 5 4 : STP Disable and Reset Com mands Command Descript ion delete s tpd <st pd_nam e> Remov es an STPD.
Summit 300-48 Switch Software User Gu ide 153 14 IP Unicast Routing This chapter describes the fol lowing topi cs: • Overview o f IP Unic ast Rou ting on pa ge 153 • Proxy ARP on pa ge 15 6 • Re.
154 Summit 300-48 Switch Software User Guide IP Unicast Routing Router Interfa ces The routing softwar e and hardwar e r outes IP traffic between r outer interfaces.
Overview of IP Unicast Routing Summit 300-48 Switch Software User Gu ide 155 — Locally , by way of interface addres ses assigned to the system — By other static routes, a s configured by the admin.
156 Summit 300-48 Switch Software User Guide IP Unicast Routing Pro xy ARP Proxy Address Resol ution Protocol (ARP ) was first invented so th at ARP-ca pable devices co uld respond t o A R P R e q u e s t p a c k e t s o n b e h a l f o f A R P - i n c a p a b l e d e v i c e s .
Relative Route Priorities Summit 300-48 Switch Software User Gu ide 157 Relativ e Route Pr ior ities T a ble 55 li sts the r elative priorities assigned to routes depending upon the learned source of the ro ute.
158 Summit 300-48 Switch Software User Guide IP Unicast Routing V e rifying the IP Unicast Routing Configuration Use the show iproute command to dis play the current configurat ion of IP u nicast routing for the switch, and for each VLAN. The show iproute command displays the curr ently configured routes, and includes how each ro ute was learned.
IP Comm ands Summit 300-48 Switch Software User Gu ide 159 T a ble 57 describes the commands us ed to configure the IP r oute table. disabl e bootp vlan [<nam e> | all] Disables the gene ration a nd proc essing o f BOOTP pa ckets. disabl e bootp relay Disa bles t he fo rward ing of BO OTP requests .
160 Summit 300-48 Switch Software User Guide IP Unicast Routing T able 58 describes the com mands used to configur e IP options and the ICMP protoco l. config i proute add d efault <gateway > {<metric>} Ad ds a def ault gatew ay to the ro uting tabl e.
IP Comm ands Summit 300-48 Switch Software User Gu ide 161 dis able i p-op tion l oos e-sou rce -rout e Disab les the lo ose so urce route IP o ption. disabl e ip-opt ion record-r oute Di sable s th e reco rd rou te IP opti on. disabl e ip-opt ion record-t imestam p Disables the record timestam p IP option.
162 Summit 300-48 Switch Software User Guide IP Unicast Routing Routing C onfiguration Exampl e Figure 1 8 illust rates a Sum mit24e3 switch tha t has two VL ANs defin ed as follows: • Finance — Contain s ports 2 an d 4. — IP ad dress 19 2.2 07.
Displ a ying Rout er S etting s Summit 300-48 Switch Software User Gu ide 163 The example in Figure 18 is configured as follow s: create vlan Finance create vlan Personnel config Finance add port 2,4 config Personnel add port 3,5 config Finance ipaddress 192.
164 Summit 300-48 Switch Software User Guide IP Unicast Routing Configur ing DHCP/BOO TP Rela y Once IP unicast routing is configured, you can configure the switch to forward Dynamic Host Configuratio n Protocol (DHCP) or BOOTP requests comin g from clients on subnets bein g serviced by the switch and go ing to hos ts on different subnets.
UDP-Forw arding Summit 300-48 Switch Software User Gu ide 165 3 Configure the ad d resses to which DHCP or BOOTP requests should be directed, using the following command: config bootprelay add <ipa.
166 Summit 300-48 Switch Software User Guide IP Unicast Routing UDP-Forwarding Ex ample In this example, the VLA N Mark etin g and t he VLA N Op eration s are pointed toward a specific backbone DHCP server (wi th IP addr ess 10.1.1 .1) and a backup server (with IP addr ess 10.
UDP-Forw arding Summit 300-48 Switch Software User Gu ide 167 config v lan <n ame> udp-p rofile < profile_na me> Assigns a UDP-fo rwarding profile to th e source VL AN.
168 Summit 300-48 Switch Software User Guide IP Unicast Routing.
Summit 300-48 Switch Software User Gu ide 169 A Saf ety Inf or mation Impor tant Sa f ety Inf or mation WA R N I N G ! Read the f ollowing sa fety inf ormation thor oughly before ins talling y our Extreme Netw orks switch. F ailure to follow this safety information can lead to personal injury or damag e to the equipment.
170 Summit 300-48 Switch Software User Guide S afe ty I nfo r ma t io n • The appliance coupler ( the connector t o the unit and not the wall plu g) must have a configuratio n for mati ng with a n EN60320/I EC320 appli ance inle t. • France and Peru only This unit cann ot be powered from IT† supplies.
Impor tant Safety Inform ation Summit 300-48 Switch Software User Gu ide 171 Lithium Battery The lithium battery is not user-replaceable. WA R N I N G ! Danger of explosion if batter y is incorrect ly replace d. Replace only with t he same or equivalent type recomm ended by the manufacturer .
172 Summit 300-48 Switch Software User Guide S afe ty I nfo r ma t io n.
Summit 300-48 Switch Software User Gu ide 173 B Suppor ted Standards The followin g is a list o f software standards supported by E xtremeW are for the Summit 3 00-48 sw itch. Standards and Pro tocols RFC 1122 H ost requi rements IEEE 802.1D-199 8 (802.
174 Summit 300-48 Switch Software User Guide Suppor ted S tandards.
Summit 300-48 Switch Software User Gu ide 175 C Softw are U pg r ade and Boot Options This appendix de scribes the follow ing topics: • Downlo ading a New I mage on page 175 • Savi ng Con figur at.
176 Summit 300-48 Switch Software User Guide Software U pgrade and Boot Options Rebooting the Switch T o rebo ot the switch, use the following command: reboot { time <date> <time> | cancel} where date i s t h e d a t e a n d time is the t ime (using a 2 4-hour clock fo rmat) when th e switch will be rebooted.
Using TFTP to U pload the Co nfiguration Summit 300-48 Switch Software User Gu ide 177 T o erase the curr ently selected configuration image and reset all switch parameters, use the following command: unconfig switch all Using TFTP to Uploa d the Configuration Y ou can upload the current configuration to a TF TP server on your network .
178 Summit 300-48 Switch Software User Guide Software U pgrade and Boot Options Using TFTP to Download th e Configuration Y ou can download ASCII files that con tain CLI commands to the swit ch to modify the switch config uration .
Upgrading a nd Accessing Bo otROM Summit 300-48 Switch Software User Gu ide 179 T o display s cheduled do wnload in formation, us e the follow ing comma nd: show switch T o cancel sch eduled increment.
180 Summit 300-48 Switch Software User Guide Software U pgrade and Boot Options Accessing the Boot loader CLI The Bootloader CLI contains commands that support the selection of image and configuratio n for the switch. T o access the Bootloader CLI, follow these steps: 1 Attach a serial cable to the serial console port of the switch.
Boot Optio n Command s Summit 300-48 Switch Software User Gu ide 181 Boot Op tion C ommand s T able 64 lists the CLI co mmands a ssociated with switch boot option s.
182 Summit 300-48 Switch Software User Guide Software U pgrade and Boot Options use confi gura tion [ prim ary | s econdary ] Config ures the sw itch to use a pa rticular configu ration o n the next re boot. Opti ons includ e the pri mary conf iguration area o r the second ary config uration area.
Summit 300-48 Switch Software User Gu ide 183 D T roub leshooting If you encoun ter pr o blems when using t he switch, this appendix ma y be helpful. If you ha ve a pr oblem not listed here or in the release notes, contact your local tech nical support representative.
184 Summit 300-48 Switch Software User Guide T rou bleshooting • Both ends of the G igabit link are set to the same autone gotiation sta te. Both sides of th e Gigabit lin k must be enabled or dis abled.
Using the Comma nd-Line Inter f ac e Summit 300-48 Switch Software User Gu ide 185 Check that the port through which you are trying to access the device has not been disabled.
186 Summit 300-48 Switch Software User Guide T rou bleshooting The only way to establish a full dupl ex link is to either force it at both sid es, or run auto-neg otiation on both sides (usin g full duplex as an advertised capabil ity , which is th e default setting on the Extreme switch).
Debug T racin g Summit 300-48 Switch Software User Gu ide 187 with a num ber , or contains non -alphabeti cal charact ers, you mus t use quotat ion marks whenever referring to the VLAN name. VLANs, IP Add resses and default routes: T h e s y s t e m c a n h a v e a n I P a d d r e s s f o r e a c h c o n f i g u r e d V L A N .
188 Summit 300-48 Switch Software User Guide T rou bleshooting • support@e xtremenetwor ks.com Y ou can also visit th e support website a t: • http://w ww .extremene tworks .com/extreme /support/te chsupport .asp to downloa d softwa re updates (requires a service contract) and docum entation.
Summit 300-48 Switch Software User Gu ide 189 Inde x Numerics 02.1 x/EA P 84 802.1 1a, 8 02.1 1b, 802.1 1g 74 802.1p co nfigur ation commands (t able) 127 A acces s contr ol lists description 1 07 exa.
190 - Ind e x Summit 300-48 Switch Software User Guide configu ration down loading 178 down loading c omplete 178 down loading in crem ental 178 loggin g 140 primar y and sec ondary 176 savin g change.
Summit 300-48 Switch Software User Gu ide Inde x - 191 DHCP relay 164 disablin g 163 enablin g 157 IP route shari ng 155 proxy ARP 156 reset an d disable comm ands (ta ble) 163 resettin g 163 router i.
192 - Ind e x Summit 300-48 Switch Software User Guide primar y image 175 privacy 85 private c ommunity , SNMP 41 prot ocol analyzers, use with port-mirr oring 60 proxy ARP communicati n g with device.
Summit 300-48 Switch Software User Gu ide Inde x - 193 Greenw ich Mean T ime Offsets (table) 52 NTP servers 51 softwar e licensing secur ity feat ures 2 0 SSH2 pr otocol 20 Spanning T ree Protocol.
194 - Ind e x Summit 300-48 Switch Software User Guide types 64 UDP-Fo rwarding 1 65 voice applicat ions, QoS 122 W W eb access, c ontr olling 47 web br owsi ng appl ications , and Qo S 1 2 3 WEP 84 w.
Summit 300-48 Switch Software User Gu ide 195 Inde x of Commands C clear counters 140 clear fdb 105, 125 clear inline-pow er connection - history slot 99 clear inline-pow er fa ult po rts 100 clear ip.
196 - Ind e x of Comman ds Summit 300-48 Switch Software User Guide config vlan ipaddres s 27, 38, 70, 15 7 conf ig vl an na me 7 0 config vlan priorit y 127 config vlan qos profile 123, 13 0 config v.
Summit 300-48 Switch Software User Gu ide Index of Co mmands - 197 enable inline-po wer 98 enable inline-po wer ports 99 enable inline-po wer slot 98 enable ip forwardi ng 157, 159 enable ipfo rwardin.
198 - Ind e x of Comman ds Summit 300-48 Switch Software User Guide show wire le ss config 80 show wirele ss ports 80 show wirele ss ports interface 80 T teln et 31 , 36 trace rou te 31, 32 U unconfi .
デバイスExtreme Networks 300-48の購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
Extreme Networks 300-48をまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこにはExtreme Networks 300-48の技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。Extreme Networks 300-48の取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。Extreme Networks 300-48で得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
Extreme Networks 300-48を既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又はExtreme Networks 300-48の不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、Extreme Networks 300-48に関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわちExtreme Networks 300-48デバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。