Guia de Configuração do DmSwitch

Indice
1. Roteiro para atualizao de firmware ............................................ 2

1.1. Upload de Firmware via CLI ................................................................................... 2
1.2. Upload de firmware via Web .................................................................................. 2
2. Configuraes iniciais.................................................................... 3
2.1. Geral ...................................................................................................................... 3
2.2. Clock...................................................................................................................... 3
2.2.1. SNTP ..............................................................................................................................................3
2.2.2. Manual............................................................................................................................................3
3. Gerenciamento .............................................................................. 4
3.1. Arquivos de Configurao ...................................................................................... 4
3.2. Atualizao de Firmware ........................................................................................ 4
3.3. Configurao IP ..................................................................................................... 5
3.3.1. Static...............................................................................................................................................5
3.3.2. DHCP .............................................................................................................................................5
3.4. SNMP/Traps Manager............................................................................................ 5

3.5. SSH ....................................................................................................................... 5
3.6. Usurio local .......................................................................................................... 5
3.7. Servidor Radius...................................................................................................... 5
3.8. ACLs ...................................................................................................................... 5
3.9. 802.1x .................................................................................................................... 6
4. Interface ........................................................................................ 6
4.1. Speed / Duplex / Autonegotiation ........................................................................... 6
4.2. Storm Control ......................................................................................................... 7
4.3. Rate Limit............................................................................................................... 7
4.4. Security .................................................................................................................. 7
5. Layer 2 .......................................................................................... 7
5.1. Link Aggregation .................................................................................................... 7
5.1.1. Static PortChannel..........................................................................................................................7
5.1.2. LACP ..............................................................................................................................................8
5.2. xSTP ...................................................................................................................... 8

5.3. EAPS ..................................................................................................................... 9
5.4. VLAN ................................................................................................................... 10
5.4.1. Static.............................................................................................................................................10
5.4.2. GVRP ...........................................................................................................................................10
5.4.3. Q-in-Q...........................................................................................................................................11
5.5. L2 Address Table ................................................................................................. 11

5.5.1. Static Address ..............................................................................................................................11
5.5.2. Address Aging ..............................................................................................................................11
5.6. Monitor ................................................................................................................. 11

5.7. Protocol Tunneling ............................................................................................... 11
6. layer 3 ......................................................................................... 12
6.1. IGMP.................................................................................................................... 12
7.
8.
9.
10.
Batch ........................................................................................... 12
CoS ............................................................................................. 12
Filters .......................................................................................... 13
Roteiro de testes ......................................................................... 13
10.1. EAPS ................................................................................................................. 13

10.2. VLAN.................................................................................................................. 16
10.3. Resilincia.......................................................................................................... 17
10.4. Q-in-Q ................................................................................................................ 18
10.5. Port Security....................................................................................................... 18
DmSwitch
1. ROTEIRO PARA ATUALIZAO DE FIRMWARE

1.1. Upload de Firmware via CLI
A atualizao de firmware deve ser realizada atravs de um servidor TFTP. Caso seja necessrio instalar este servio no
seu computador, recomendamos a utilizao do PumpKin (http://www.klever.net/kin/canned/PumpKIN.exe).
Supondo que o endereo IP do servidor TFTP seja 192.168.0.1 e o nome do arquivo de firmware seja 0201.im, o
exemplo abaixo mostra como realizar o upload do firmware via CLI. O arquivo ser armazenado em uma posio diferente
daquela que est sendo usada pelo firmware corrente. O novo firmware ser configurado como startup firmware, significa que
aps o reboot do equipamento, o novo firmware ser o firmware corrente.
Por default, o endereo IP do DmSwitch 192.168.0.25/24
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
DmSwitch3000#copy tftp 192.168.0.1 0201.im firmware

DmSwitch3000#show firmware
Running firmware:
Firmware version: 2.0-pre
Stack version:
1
Compile date:
Mon Mar 20 14:37:18 UTC 2006
Flash
ID
1
2
firmware:
Version
2.0-pre
2.0-pre
Date
20/02/2006 11:37:27
20/03/2006 11:37:27
Flag
R
S
Size
7148432
7148432
Flags:
R - Running firmware.
S - To be used upon next startup.
E - Empty/Error
DmSwitch3000#reboot
1.2. Upload de firmware via Web

A partir da verso 2 de firmware do DmSwtich, a atualizao pode ser feita via Web. A figura abaixo mostra a
tela do browser onde realizado o upload do arquivo de firmware.
DmSwitch
2. CONFIGURAES INICIAIS
2.1. Geral
#
#
#
#
DmSwitch3000#configure
DmSwitch3000(config)#hostname SWA
SWA(config)#ip snmp-server location DATACOM
SWA(config)#ip snmp-server contact Suporte
2.2. Clock
2.2.1. SNTP
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
SWA(config)#sntp client
SWA(config)#sntp poll 3600
SWA(config)#sntp server 200.20.186.75
SWA(config)#clock timezone Brasilia -3
SWA(config)#show sntp
Current time: Fri Mar 31 11:34:37 2006
SNTP Status: enabled
SNTP poll interval: 3600
SNTP server 1: 200.20.186.75
Last successful update: 14 m, 36 s ago.
Server used: 200.20.186.75
Next attempt: in 45 m, 24 s.
2.2.2. Manual
#
#
#
#
#
#
#
SWA#clock set 10:44:30 18 05 2006

SWA#sh clock
Thu May 18 10:44:38 2006
Timezone is BRASILIA -0300
DmSwitch
3. GERENCIAMENTO
3.1. Arquivos de Configurao
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
SWA#copy
SWA#copy
SWA#copy
SWA#copy
SWA#show
default-config running-config
running-config tftp 192.168.0.229 Minima.bin
tftp 192.168.0.229 Minima.bin flash-config 1
running-config startup-config 2 config_teste
flash
BootLoader version: 1.1.2-1

Flash
ID
1
2
firmware:
Version
2.0-pre
2.0-pre
Date
20/02/2006 10:15:00
20/03/2006 11:37:27
Flags
Flash
ID
1
2
3
4
config:
Name
Minima.bin
config_teste
Date
31/03/2006 14:06:58
03/04/2006 09:50:15
Flags
RS
S
E
E
Size
7148432
7148432
Size
596
596
Flags:
E - Empty/Error
SWA#select firmware 1
swA#select Startup-config 1
SWA#show flash
BootLoader version: 1.1.2-1
Flash
ID
1
2
firmware:
Version
2.0-pre
2.0-pre
Date
20/02/2006 10:15:00
20/03/2006 11:37:27
Flags
S
R
Size
7148432
7148432
Flash
ID
1
2
3
4
config:
Name
Minima.bin
config_teste
Date
31/03/2006 14:06:58
03/04/2006 09:50:15
Flags
S
Size
596
596
E
E
Flags:
E - Empty/Error
3.2. Atualizao de Firmware

#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
SWA#copy tftp 192.168.0.229 0201.bin firmware

SWA#show firmware
Running firmware:
Firmware version: 2.0-pre
Stack version:
1
Compile date:
Mon Mar 20 14:37:18 UTC 2006
Flash
ID
1
2
firmware:
Version
2.0-pre
2.0-pre
Date
20/02/2006 10:15:00
20/03/2006 11:37:27
Flag
R
S
Size
7148432
7148432
Flags:
E - Empty/Error
DmSwitch
SWA#reboot
3.3. Configurao IP
3.3.1. Static
#
#
#
#
SWA(config)#ip default-gateway 192.168.0.1

SWA(config)#ip dns-server 192.168.0.254
SWA(config)#interface vlan 1
SWA(config-if-vlan-1)#ip address 192.168.0.241/24
3.3.2. DHCP
#
#
#
#
SWA(config)#ip default-gateway 192.168.0.1

SWA(config)#interface vlan 1
SWA(config-if-vlan-1)#ip address dhcp
3.4. SNMP/Traps Manager

#
#
#
#
#
#
#
#
#
#
#
#
SWA(config)#ip snmp-server community private rw

SWA(config)#ip snmp-server host 192.168.0.229 private version 2c
SWA(config)#show ip snmp-server
SNMP status: Enable
SNMP Community:
public(Read-Only)
private(Read/Write)
Trap Manager:
IP
192.168.0.229
COMMUNITY
private
VERSION
2c
3.5. SSH
#
#
#
#
#
#
#
#
SWA(config)#ip ssh host-key generate rsa

Generating rsa keys...
Fingerprint: ...
SWA(config)#ip ssh host-key generate dsa
Generating rsa keys...
Fingerprint: ...
SWA(config)#fetch tftp public-key 192.168.0.229 PublicKey.bin admin
SWA(config)#ip ssh server
3.6. Usurio local

#
#
#
SWA(config)#username operador access-level 0

SWA(config)#username operador password 7 ********
3.7. Servidor Radius

#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
SWA(config)#authentication login local radius

SWA(config)#radius-server key ********
SWA(config)#radius-server host 1 address 192.168.0.229
SWA(config)#show radius-server
RADIUS authentication configuration:
Default Key:
********
Default Port: 1812
Timeout:
5
Retries:
2
Host 1:
Address:
192.168.0.229
Host 2:
Host 3:
Host 4:
Host 5:
3.8. ACLs
#
#
SWA(config)#management all-client 192.168.0.0/24

SWA(config)#management http-client 192.168.0.229/32
DmSwitch
#
#
3.9. 802.1x
#
#
#
#
SWA(config)#dot1x system-auth-control
SWA(config)#interface ethernet 1
SWA(config-if-eth-1/1)#dot1x port-control auto
SWA(config-if-eth-1/1)#dot1x re-authentication
4. INTERFACE
4.1. Speed / Duplex / Autonegotiation
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
SWA(config-if-eth-1/1)#speed-duplex 100full
SWA(config-if-eth-1/1)#no negotiation
SWA(config-if-eth-1/1)#mdix force-auto
SWA(config-if-eth-1/1)#show interfaces status ethernet 1
Information of Eth 1/1
Basic information:
Port type:
100TX
MAC address:
00:04:DF:00:08:2D
Configuration:
Name:
Port admin:
Up
Speed-duplex:
100M full
Capabilities:
10M half, 10M full, 100M half, 100M full
Flow-control:
Disabled
MDIX:
Force-Auto
LACP:
Disabled
Current status:
Link status:
Up
Operation speed-duplex: 100M full
Flow control:
Disabled
MDIX:
Normal
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
SWA(config-if-eth-1/1)#show interfaces table configuration

Port
Link
Auto
Speed
Duplex
Flow
Port
State
Status Neg
Cfg Actual Cfg Actual Ctrl
Pvid
================================================================================
1/ 1
ENABLE
DOWN
OFF
100
FULL FULL
NONE
100
1/ 2
ENABLE
DOWN
ON
100
AUTO HALF
NONE
100
1/ 3
ENABLE
DOWN
ON
100
AUTO HALF
NONE
200
1/ 4
ENABLE
UP
ON
100
100
AUTO FULL
NONE
200
1/ 5
ENABLE
DOWN
ON
100
AUTO HALF
NONE
1
1/ 6
ENABLE
DOWN
ON
100
AUTO HALF
NONE
1
1/ 7
ENABLE
UP
ON
100
100
AUTO FULL
NONE
1
1/ 8
ENABLE
DOWN
ON
100
AUTO HALF
NONE
1
1/ 9
ENABLE
DOWN
ON
100
AUTO HALF
NONE
1
1/10
ENABLE
UP
ON
100
100
AUTO FULL
NONE
1
1/11
ENABLE
DOWN
ON
100
AUTO HALF
NONE
1
1/12
ENABLE
DOWN
ON
100
AUTO HALF
NONE
1
1/13
ENABLE
DOWN
ON
100
AUTO HALF
NONE
1
1/14
ENABLE
DOWN
ON
100
AUTO HALF
NONE
1
1/15
ENABLE
DOWN
ON
100
AUTO HALF
NONE
1
1/16
ENABLE
DOWN
ON
100
AUTO HALF
NONE
1
1/17
ENABLE
DOWN
ON
100
AUTO HALF
NONE
1
1/18
ENABLE
DOWN
ON
100
AUTO HALF
NONE
1
1/19
ENABLE
DOWN
ON
100
AUTO HALF
NONE
1
================================================================================
spacebar->toggle screen U->page up D->page down ESC->exit
DmSwitch
4.2. Storm Control

#
#
#
#
#
SWA(config-if-eth-1/1)#switchport storm-control broadcast pps 100
SWA(config-if-eth-1/1)#switchport storm-control multicast pps 200
SWA(config-if-eth-1/1)#switchport storm-control unicast pps 300
4.3. Rate Limit

#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
SWA(config-if-eth-1/1)#rate-limit input rate 512 burst 32
SWA(config-if-eth-1/1)#rate-limit output rate 1024 burst 32
SWA(config-if-eth-1/1)#show interfaces switchport ethernet 1
Information of Eth 1/1
Broadcast threshold:
Enabled, 500 packets/second
Multicast threshold:
Unknown-unicast threshold:
MTU:
9198 bytes
Ingress rate limit:
Enabled, 512kbps, 32KB burst
Egress rate limit:
Enabled, 1024kbps, 32KB burst
Ingress Rule:
Disabled
Acceptable frame type:
All frames
Native VLAN:
2
Priority for untagged traffic: 0
GVRP status:
Disabled
Protocol VLAN:
Allowed VLAN:
1(s,u),
2(s,u)
Forbidden VLAN:
QinQ mode:
External
TPID:
0x8100
MAC addresses maximum:
Disabled
4.4. Security
#
#
SWA(config-if-eth-1/1)#switchport port-security maximum 15
5. LAYER 2
5.1. Link Aggregation
5.1.1. Static PortChannel
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
SWA(config)#interface port-channel 1
SWA(config-if-port-ch-1)#load-balance src-dst-ip
SWA(config-if-port-ch-1)#set-member ethernet range 25 26
SWA(config-if-port-ch-1)#interface port-channel 2
SWA(config-if-port-ch-2)#set-member ethernet range 27 28
SWA(config-if-port-ch-2)#show interface status port-channel 1
Information of Port-Channel 1
Basic information:
Port type:
1000T
MAC address:
00:04:DF:00:08:D5
Configuration:
Name:
Port admin:
Up
Speed-duplex:
Auto
Capabilities:
10M half, 10M full, 100M half, 100M full, 1000M full
Flow-control:
Disabled
MDIX:
Auto
Current status:
Created by:
User
Link status:
up
Members:
Eth1/25
DmSwitch
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
Eth1/26
SWA(config-if-port-ch-2)#show interface status port-channel 2
Information of Port-Channel 2
Basic information:
Port type:
1000T
MAC address:
00:04:DF:00:08:D6
Configuration:
Name:
Port admin:
Up
Speed-duplex:
Auto
Capabilities:
10M half, 10M full, 100M half, 100M full, 1000M full
Flow-control:
Disabled
MDIX:
Auto
Current status:
Created by:
User
Link status:
up
Members:
Eth1/27
Eth1/28
5.1.2. LACP
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
SWA(config)#interface ethernet range 25 26

SWA(config-if-eth-1/25-to-1/26)#lacp actor admin-key 1
SWA(config-if-eth-1/25-to-1/26)#interface ethernet range 27 28
SWA(config-if-eth-1/27-to-1/28)#lacp actor admin-key 2
SWA(config-if-eth-1/27-to-1/28)#show lacp internal
Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs
A - Device is in Active Mode
P - Device is in Passive Mode
Port state: A - LACP_Activity
T - LACP_Timeout
S - Synchronization D - Distributing
G - Aggregation
C - Collecting
E - Expired
F - Defaulted
Aggregator id 1 (channel-group 1)
Port
eth 1/25
eth 1/26
Flags
SA
SA
LACP port
Priority
32768
32768
Admin
Key
0x100
0x100
Oper
Key
0x101
0x101
Port
State
AGSCD
AGSCD
Oper
Key
0x101
0x101
Port
State
AGSCD
AGSCD
Aggregator id 2 (channel-group 2)
Port
eth 1/27
eth 1/28
Flags
SA
SA
LACP port
Priority
32768
32768
Admin
Key
0x100
0x100
5.2. xSTP
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
SWA(config)#spanning-tree 1 priority 4096

SWA(config)#interface ethernet 1/1
SWA(config-if-eth-1/1)#spanning-tree edge-port
SWA(config-if-eth-1/1)#show spanning-tree 1
Spanning-tree 1 information
--------------------------------------------------------------Spanning tree mode:
RSTP
Spanning tree state:
Enabled
Priority:
4097 (4096 + 1)
Bridge Hello Time (sec.):
2
Bridge Max Age (sec.):
20
Bridge Forward Delay (sec.):
15
Root Hello Time (sec.):
2
Root Max Age (sec.):
20
Root Forward Delay (sec.):
15
Designated Root:
1.0004df0008bc
Current root port:
257
Current root cost:
20000
Number of topology changes:
42
Last topology changes time (sec.) 105
Members:
VLAN 1
--------------------------------------------------------------DmSwitch
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
Eth 1/ 1 information
--------------------------------------------------------------STA admin state:
Enabled
Role:
Disabled
--More-SWA(config-if-eth-1/1)#show spanning-tree 1 port-channel 1
Port-Channel 1 information
--------------------------------------------------------------STA admin state:
Enabled
Role:
Root
State:
Forwarding
Path cost:
20000
Priority:
128
Designated cost:
0
Designated port:
128.257
Designated Root:
1.0004df0008bc
Designated Bridge:
1.0004df0008bc
Admin edge port:
Disabled
Admin Link type:
auto
Oper edge port:
Disabled
Oper Link type:
point-to-point
SWA(config-if-eth-1/1)#show spanning-tree 1 port-channel 2
Port-Channel 2 information
--------------------------------------------------------------STA admin state:
Enabled
Role:
Alternate
State:
Discarding
Path cost:
20000
Priority:
128
Designated cost:
0
Designated port:
128.258
Designated Root:
1.0004df0008bc
Designated Bridge:
1.0004df0008bc
Admin edge port:
Disabled
Admin Link type:
auto
Oper edge port:
Disabled
Oper Link type:
point-to-point
5.3. EAPS
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
SWA(config)#interface vlan range 4093 4094

SWA(config-if-vlan-4094)#set-member tagged ethernet range 25 26
SWA(config-if-vlan-4094)#exit
SWA(config)#
SWA(config)#no spanning-tree 1
SWA(config)#
SWA(config)#eaps
SWA(config)#eaps DM1
SWA(config)#eaps DM1 mode master
SWA(config)#eaps DM1 port primary ethernet 25
SWA(config)#eaps DM1 port secondary ethernet 26
SWA(config)#eaps DM1 control-vlan id 4093
SWA(config)#eaps DM1 protected-vlans id range 2 2048
SWA(config)#eaps DM1 enable
SWA(config)#
SWA(config)#eaps DM2
SWA(config)#eaps DM2 port primary ethernet 26
SWA(config)#eaps DM2 port secondary ethernet 25
SWA(config)#eaps DM2 control-vlan id 4094
SWA(config)#eaps DM2 protected-vlans id range 2049 4092
SWA(config)#eaps DM2 enable
SWA(config)#show eaps detail
EAPS Enabled:
Yes
Domain Name:
State:
Enabled:
Hello Timer interval:
Fail Timer interval:
Pre-forwarding Timer:
DM1
Complete
Yes
1 sec
3 sec
6 sec (learned)
DmSwitch
Mode:
Master
Remaining:
0 sec
9
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
Last update from:

Primary port:
Secondary port:
Control VLAN ID:
Protected VLANs IDs:
(none)
Eth1/25
Eth1/26
4093
2-2048
Domain Name:
State:
Enabled:
Last update from:
Primary port:
Secondary port:
Control VLAN ID:
DM2
Links-Up
Yes
1 sec
3 sec
6 sec (learned)
(none)
Eth1/26
Eth1/25
4094
2049-4092
Port status: Up
Port status: Blocked
Mode:
Transit
Remaining:
0 sec
Port status: Up
Port status: Up
5.4. VLAN
5.4.1. Static
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
SWA(config)interface vlan 2
SWA(config-if-vlan-2)#name contabilidade
SWA(config-if-vlan-2)#ip address 192.168.2.241/24
SWA(config-if-vlan-2)#set-member untagged ethernet 1
SWA(config-if-vlan-2)#set-member tagged port-channel 1
SWA(config-if-vlan-2)#set-member tagged port-channel 2
SWA(config-if-vlan-2)#interface ethernet 1
SWA(config-if-eth-1/1)#switchport native vlan 2
SWA(config-if-eth-1/1)#switchport ingress-filtering
SWA(config-if-eth-1/1)#interface port-channel 1
SWA(config-if-port-ch-1)#switchport acceptable-frame-types tagged
SWA(config-if-port-ch-1)#switchport ingress-filtering
SWA(config-if-port-ch-2)#switchport acceptable-frame-types tagged
SWA(config-if-port-ch-2)#switchport ingress-filtering
SWA(config-if-port-ch-2)#exit
SWA(config)#spanning-tree 1 vlan 2
SWA(config)#show vlan table
Membership:
(u)ntagged, (t)agged, (d)ynamic, (f)orbidden

uppercase indicates port-channel member
VLAN 1 [DefaultVlan]: static, active

Unit 1
2
u
u
1
4
u
u
3
6
u
u
5
8 10 12 14 16 18 20 22 24 26 28
u u u u u u u u u U U
u u u u u u u u u U U
7 9 11 13 15 17 19 21 23 25 27
VLAN 2 [contabilidade]: static, active

Unit 1
2
.
u
1
4
.
.
3
6
.
.
5
8 10 12 14 16 18 20 22 24 26 28
. . . . . . . . . T T
. . . . . . . . . T T
7 9 11 13 15 17 19 21 23 25 27
SWA(config)#show vlan name contabilidade

VLAN:
2 [contabilidade]
Type:
Static
Status:
Active
IP Address:
192.168.2.241/24
Aging-time:
300 sec.
MAC maximum:
Disabled
Members:
Eth1/1 (static, untagged)
Port-Channel01 (static, tagged)
Port-Channel02 (static, tagged)
5.4.2. GVRP
#
#
SWA(config)#bridge-ext gvrp
SWA(config)#interface port-channel 1
DmSwitch
10
#
#
#
SWA(config-if-port-ch-1)#switchport gvrp
SWA(config-if-port-ch-2)#switchport gvrp
5.4.3. Q-in-Q
#
#
#
SWA(config)#vlan qinq
SWA(config-if-eth-1/1)#switchport qinq internal
5.5. L2 Address Table

5.5.1. Static Address
#
#
#
#
#
#
#
#
SWA(config)#mac-address-table static 00-01-02-03-04-05 ethernet 1/1 vlan 1

SWA(config)#show mac-address-table
Total MAC Addresses for this criterion: 2
Unit
---1
1
Interface
--------Eth 1/ 1
Eth 1/18
MAC Address
----------------00-01-02-03-04-05
00-0f-b0-57-8d-ef
VLAN
---1
1
Type
--------Static
Learned
5.5.2. Address Aging

#
#
#
#
#
SWA(config)#mac-address-table aging-time mode global

SWA(config)#mac-address-table aging-time 60
SWA(config)#show mac-address-table aging-time
Aging mode: global.
Global aging time: 60 sec.
5.6. Monitor
#
#
#
#
#
#
#
#
#
#
SWA(config)#monitor destination 10
SWA(config)#monitor preserve-format
SWA(config)#interface ethernet 1/1
SWA(config-if-eth-1/1)#monitor source rx
SWA(config)#show monitor
Traffic Monitor
------------------------------------------Preserve format:
Enabled
Destination port:
Eth1/10
Source ports:
Eth1/1 (Rx)
5.7. Protocol Tunneling

#
#
#
#
#
SWA(config)#l2protocol-tunnel dest-mac-address 01-04-df-cd-cd-cd

SWA(config)#interface ethernet range 1 2
SWA(config-if-eth-1/1-to-1/2)#l2protocol-tunnel cdp
SWA(config-if-eth-1/1-to-1/2)#l2protocol-tunnel stp
SWA(config-if-eth-1/1-to-1/2)#l2protocol-tunnel vtp
#
#
#
#
#
#
#
#
#
#
#
#
#
#
SWA(config-if-eth-1/1-to-1/2)#show l2protocol-tunnel
Destination MAC address: 01-04-df-cd-cd-cd
Eth 1/1
CDP packets tunneling:
STP packets tunneling:
VTP packets tunneling:
PVST packets tunneling:
Enabled
Enabled
Enabled
Disabled
Eth 1/2
Enabled
Enabled
Enabled
Disabled
DmSwitch
11
#
#
#
#
#
#
#
#
#
#
Eth 1/3
Disabled
Disabled
Disabled
Disabled
Eth 1/4
--More
Disabled
6. LAYER 3
6.1. IGMP
#
#
#
SWA(config)#ip igmp snooping

SWA(config)#ip igmp snooping querier
SWA(config)#ip igmp snooping ip 192.168.10.1
7. BATCH
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
SWA(config)#batch new 1
SWA(config)#batch 1 start-session
Batch-1#configure
Batch-1(config)#interface ethernet 1
Batch-1(config-if-eth-1/1)#rate-limit input rate 64 burst 32
Batch-1(config-if-eth-1/1)#rate-limit output rate 64 burst 32
Batch-1(config-if-eth-1/1)#exit
Batch-1(config)#batch term-session
Save typed commands? <Y/n> y
SWA(config)#batch 1 disable
SWA(config)#batch 1 date min 00 hour 23
SWA(config)#show batch
Batch 1: disable
Date
: min 00 hour 23 day-of-month all month all day-of-week all
Commands List:
configure
interface ethernet 1
rate-limit input rate 64 burst 32
rate-limit output rate 64 burst 32
exit
SWA(config)#
8. CoS
#
#
#
#
#
#
#
#
SWA(config)#queue sched-mode wfq unit 1 ethernet all min-bw 64 128 256 512 1024 sp sp sp
SWA(config)#queue max-bw 10048 10048 10048 10048 10048 100048 100048 100048 ethernet all
SWA(config)#sho queue config ethernet 1
--------------------------------------------------------Port Queue Mode
Max-Bw
Min-Bw Weight SP-Queue
--------------------------------------------------------1/ 1
0
WFQ
10048
64
-NO
1/ 1
1
WFQ
10048
128
-NO
DmSwitch
12
#
#
#
#
#
#
#
#
1/ 1
2
WFQ
10048
256
-NO
1/ 1
3
WFQ
10048
512
-NO
1/ 1
4
WFQ
10048
1024
-NO
1/ 1
5
WFQ
unlimit
-------YES
1/ 1
6
WFQ
unlimit
-------YES
1/ 1
7
WFQ
unlimit
-------YES
--------------------------------------------------------SWA(config)#
9. FILTERS
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
SWA(config)#filter new remark prioridade action 802.1p-from-tos

SWA(config)#
SWA(config)#filter new remark bloqueio_web match destination-port 80 match vlan 100
ingress ethernet range 1 24 action egress-block ethernet range 25 28
SWA(config)#
SWA(config)#filter new action 802.1p 7 action vlan 200 match vlan 100 match dscp 46
ingress ethernet range 1 24 disable
SWA(config)#
SWA(config)#show filter
Filter 1 (prioridade): enabled, priority 8
Actions:
802.1p-from-tos
Matches:
All packets
Ingress:
Filter 2 (bloqueio_web): enabled, priority 8
Actions:
egress-block
Eth1/25 to Eth1/28
Matches:
vlan 100
destination-port 80
Ingress:
Eth1/1 to Eth1/24
Filter 3: disabled, priority 8
Actions:
802.1p 7
vlan 200
Matches:
vlan 100
dscp 46
Ingress:
Eth1/1 to Eth1/24
SWA(config)#
10.ROTEIRO DE TESTES
10.1. EAPS
A partir da configurao default, habilitar EAPS nos 3 SWs. Criar 2 domnios distintos DM1 e DM2. Configurar SWA como master,
SWB e SWC como transit (default) nos 2 domnios.
#
#
#
#
#
#
#
#
#
swabc(config)#no spanning-tree 1 vlan all

swabc(config)#no spanning-tree 1
swabc(config)#eaps
swabc(config)#eaps DM1
swa(config)#eaps DM1 mode master
swabc(config)#eaps DM1 enable
swabc(config)#eaps DM2
swa(config)#eaps DM2 mode master
swabc(config)#eaps DM2 enable
DmSwitch
13
Configurar em cada SW para o DM1 a porta 25 como primary e a porta 26 como secondary. No domnio DM2 configurar a porta
26 como primary e a 25 como secondary. Isso faz com que ocorra balanceamento de carga.
#
#
#
#
swabc(config)#eaps
swabc(config)#eaps
swabc(config)#eaps
swabc(config)#eaps
DM1
DM1
DM2
DM2
port
port
port
port
primary ethernet 1/25

secondary ethernet 1/26
primary ethernet 1/26
secondary ethernet 1/25
Nos SWs A, B e C criar as VLANs de 2 at 200. As VLANs 2 e 200 com nomes Suporte e P&D respectivamente. Adicionar um IP
nestas duas VLANs para gerncia em cada SW.
#
#
#
#
#
#
#
#
#
#
#
swabc(config)#interface vlan range 2 200

swabc(config-if-vlan-2-to-200)#interface vlan 2
swabc(config-if-vlan-2)#name suporte
swa(config-if-vlan-2)#ip address 192.168.2.1/24
swb(config-if-vlan-2)#ip address 192.168.2.2/24
swc(config-if-vlan-2)#ip address 192.168.2.3/24
swabc(config-if-vlan-2)#interface vlan 200
swabc(config-if-vlan-200)#name P&D
swa(config-if-vlan-200)#ip address 192.168.200.1/24
swb(config-if-vlan-200)#ip address 192.168.200.2/24
swc(config-if-vlan-200)#ip address 192.168.200.3/24
Configurar VLAN de controle id 1001 para DM1 e id 1002 para DM2 . Para o domnio DM1 a protected VLAN deve ser de 1 a 100
e para DM2 a protected VLAN deve ser de 101 a 200.
#
#
#
#
#
#

swabc(config-if-vlan-1002)#exit
swabc(config)#eaps DM1 control-vlan id 1001
swabc(config)#eaps DM1 protected-vlans id range 1 100
swabc(config)#eaps DM2 control-vlan id 1002
swabc(config)#eaps DM2 protected-vlans id range 101 200
Configurar nos SWs as portas 23 a 28 como tagged nas VLANs de 2 a 200, 1001 e 1002 e Acceptable frame type tagged.
#
#
#
#
#
#

swabc(config-if-vlan-2-to-200)#set-member tagged ethernet range 1/23 1/28
swabc(config-if-vlan-2-to-200)#interface vlan range 1001 1002
swabc(config-if-vlan-1001-to-1002)#set-member tagged ethernet range 1/23 1/28
swabc(config-if-vlan-1001-to-1002)#interface ethernet range 1/23 1/28
swabc(config-if-eth-1/23-to-1/28)#switchport acceptable-frame-types tagged
No SWA configurar a porta 2 como tagged nas VLAN 2 e 200. Nos SWs B e C, configurar na porta 2 acesso VLAN 2 e na porta 20
acesso VLAN 200
#
#
#
#
#
#
#
#
#
#
#
swabc(config)#interface vlan 2
swa(config-if-vlan-2)#set-member tagged ethernet 1/2
swbc(config-if-vlan-2)#set-member untagged ethernet 1/2
swabc(config-if-vlan-2)#interface vlan 200
swa(config-if-vlan-200)#set-member tagged ethernet 1/2
swbc(config-if-vlan-200)#set-member untagged ethernet 1/20
swabc(config-if-vlan-200)#interface ethernet 1/2
swa(config-if-eth-1/2)#switchport acceptable-frame-types tagged
swbc(config-if-eth-1/2)#switchport native vlan 2
swbc(config-if-eth-1/2)#interface ethernet 1/20
swbc(config-if-eth-1/20)#switchport native vlan 200
Criar um anel fsico fazendo as seguintes conexes: A25-B26, B25-C26, A26-C25.
DmSwitch
14
Figura 1.
Verificar que os SWs reconhecem que o master o SWA no dois domnios. O SWA mostra como ring status complete e as portas
secondary bloqueiam conforme foram configuradas em cada domnio. O SWB e SWC esto no estado de Links-Up.
# swa#show system
#
# Product
# ------#
Model:
DmSwitch3224F1
#
OID:
1.3.6.1.4.1.3709.1.2.13
#
# Factory
# ------#
Serial number:
300134
#
MAC Address:
00:04:DF:00:08:BB
#
# User configurable
# ----------------#
Name:
swa
#
Location:
#
Contact:
#
# swa#show eaps detail
#
# EAPS Enabled:
Yes
#
# Domain Name:
DM1
# State:
Complete
# Enabled:
Yes
Mode:
Master
# Hello Timer interval: 1 sec
# Fail Timer interval: 3 sec
# Pre-forwarding Timer: 6 sec (learned)
Remaining:
0 sec
# Last update from:
00:04:DF:00:08:BB, Thu Jan 1 06:15:46 1970
# Primary port:
Eth1/26
Port status: Up
# Secondary port:
Eth1/25
# Control VLAN ID:
1001
# Protected VLANs IDs: 1-100
#
# Domain Name:
DM2
# State:
Complete
# Enabled:
Yes
Mode:
Master
# Hello Timer interval: 1 sec
# Fail Timer interval: 3 sec
# Pre-forwarding Timer: 6 sec (learned)
Remaining:
0 sec
# Last update from:
00:04:DF:00:08:BB, Thu Jan 1 06:15:46 1970
# Primary port:
Eth1/25
Port status: Up
# Secondary port:
Eth1/26
# Control VLAN ID:
1002
# Protected VLANs IDs: 101-200
#
DmSwitch
15
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
swb#show eaps detail
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
swc#show eaps detail
EAPS Enabled:
Yes
Domain Name:
State:
Enabled:
Last update from:
Primary port:
Secondary port:
Control VLAN ID:
DM1
Links-Up
Yes
Mode:
Transit
1 sec
3 sec
6 sec (learned)
Remaining:
0 sec
00:04:DF:00:08:BB, Thu Jan 1 06:19:22 1970
Eth1/26
Port status: Up
Eth1/25
Port status: Up
1001
1-100
Domain Name:
State:
Enabled:
Last update from:
Primary port:
Secondary port:
Control VLAN ID:
DM2
Links-Up
Yes
Mode:
Transit
1 sec
3 sec
6 sec (learned)
Remaining:
0 sec
00:04:DF:00:08:BB, Thu Jan 1 06:19:22 1970
Eth1/25
Port status: Up
Eth1/26
Port status: Up
1002
101-200
EAPS Enabled:
Yes
Domain Name:
State:
Enabled:
Last update from:
Primary port:
Secondary port:
Control VLAN ID:
DM1
Links-Up
Yes
Mode:
Transit
1 sec
3 sec
6 sec (learned)
Remaining:
0 sec
00:04:DF:00:08:BB, Thu Jan 1 06:20:41 1970
Eth1/26
Port status: Up
Eth1/25
Port status: Up
1001
1-100
Domain Name:
State:
Enabled:
Last update from:
Primary port:
Secondary port:
Control VLAN ID:
DM2
Links-Up
Yes
Mode:
Transit
1 sec
3 sec
6 sec (learned)
Remaining:
0 sec
00:04:DF:00:08:BB, Thu Jan 1 06:20:41 1970
Eth1/25
Port status: Up
Eth1/26
Port status: Up
1002
101-200
10.2. VLAN
Conectar conforme Figura 2: MA-SWA-P2, MB-SWB-P2 e MC-SWC-P20. Configurar MA como tagged (servidor) nas VLANs 2 e
200 com um IP para cada VLAN em redes distintas (ex. 192.168.2.101/24 e 192.168.200.101/24). Configurar MB (cliente) com IP
da VLAN 2 (ex. 192.168.2.102/24). Configurar MC (cliente) com um IP da VLAN 200 (ex. 192.168.200.103/24).
DmSwitch
16
Figura 2.
Verificar que ping MA-MB, MA-MC e NO MB-MC.
10.3. Resilincia
Executar ping flooding taxa de 10pps com pacotes de 64 bytes de MA para MB e de MA para MC.
#
#
root@MA#ping 192.168.2.102 f i 0.1

root@MA#ping 192.168.200.103 f i 0.1
Retirar e voltar a conexo entre cada um dos SWs alternadamente, medindo os tempos de proteo da rede em cada domnio.
Verificar que a proteo ocorre em menos de 200ms (2 pacotes perdidos no mximo tanto para MC qto para MB. Esse tempo de
convergncia refere-se aos testes efetuados com enlaces pticos nas portas giga. Com cobre as giga demoram mais para
convergir.
Verificar que a topologia lgica da rede se alterou (ring status failed)
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
swa#show eaps detail

EAPS Enabled:
Yes
Domain Name:
State:
Enabled:
Last update from:
Primary port:
Secondary port:
Control VLAN ID:
DM1
Failed
Yes
Mode:
Master
1 sec
3 sec
6 sec (learned)
Remaining:
0 sec
00:04:DF:00:08:BB, Thu Jan 1 01:08:54 1970
Eth1/26
Port status: Up
Eth1/25
Port status: Down
1001
1-100
Domain Name:
State:
Enabled:
Last update from:
Primary port:
DM2
Failed
Yes
Mode:
Master
1 sec
3 sec
6 sec (learned)
Remaining:
0 sec
00:04:DF:00:08:BB, Thu Jan 1 01:08:54 1970
Eth1/25
Port status: Down
DmSwitch
17
#
#
#
#
Secondary port:
Control VLAN ID:
Eth1/26
1002
101-200
Port status: Up
10.4. Q-in-Q
Habilitar Q-in-Q double tagging global nos trs SWs. As portas 25 e 26 dos SWs A, B e C e porta 2 do SWA, devem estar como
tagged modo internal
#
#
#
#
#
swabc(config)#vlan qinq
swabc(config)#interface ethernet range 25 26
swabc(config-if-eth-1/25-to-1/26)#switchport qinq internal
swa(config)#interface ethernet 2
swa(config-if-eth-1/2)#switchport qinq internal
Colocar MA, MB e MC na porta 2 de seus respectivos SWs e verificar que MB e MC se pingam (trocar IPs para mesma subrede. )
Figura 3.
Gerar broadcast em MB e verificar que chega sem tag em MC e chega com a tag 2 (metro tag) em MA
#
root@MB#ping 192.168.2.255 b
10.5. Port Security

Habilitar Port-Security na porta de acesso dos SWB e SWC para o mximo de 50 macs.
#
#
swbc(config)#interface ethernet 2
swbc(config-if-eth-1/2)#switchport port-security maximum 50
Habilitar Port-Secutity no SWA para a VLAN de acesso 2 em 80 MACs e Trocar o aging time da VLAN 2 para 600 sec
#
#
#
swa(config)#interface vlan 2
swa(config-if-vlan-2)#mac-address-table port-maximum 80
swa(config-if-vlan-2)# mac-address-table aging-time 600
DmSwitch
18
Limpar a tabela MAC dos SWs

#
swabc#clear mac-address-table
Injetar a partir de MC e MB 17.000 MACs (utilizar macof, packETH,etc)e verificar que:

No mximo 50 MACs foram aprendidos nas portas do SWB e SWC:
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
SWB#sh mac-address-table interface e 2

Unit Interface
---- --------1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
--More
MAC Address
----------------00-0f-b0-57-8d-ef
0a-81-2e-4d-5b-aa
16-31-4a-75-1c-da
1c-3e-92-5a-1e-d9
1c-fb-e0-7e-c2-f8
1e-44-6a-7c-96-8a
22-5a-3f-1b-72-30
2c-bf-e8-10-3d-9d
38-63-51-11-4f-00
38-eb-7c-57-e3-f4
3a-10-12-71-58-ac
3a-a7-6a-28-29-ee
3e-fa-ba-4b-ec-eb
40-83-c7-5b-b7-17
40-da-1a-2f-a5-70
44-26-e5-38-74-ad
46-7e-49-3e-e3-d4
4c-a3-2a-2c-a5-77
VLAN
---2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
Type
--------Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
# SWC#sh mac-address-table interface e 2

# Total MAC Addresses for this criterion: 50
#
# Unit Interface MAC Address
VLAN Type
# ---- --------- ----------------- ---- --------# 1
Eth 1/ 2 00-0f-b0-57-8d-ef 2
Learned
# 1
Eth 1/ 2 02-0c-26-0b-0d-a9 2
Learned
# 1
Eth 1/ 2 04-fa-b3-15-ea-d7 2
Learned
# 1
Eth 1/ 2 06-23-8f-13-ea-c7 2
Learned
# 1
Eth 1/ 2 06-77-c8-4e-de-82 2
Learned
# 1
Eth 1/ 2 0a-25-5b-1d-d3-4f 2
Learned
# 1
Eth 1/ 2 0e-0a-86-16-98-bd 2
Learned
# 1
Eth 1/ 2 0e-99-9f-3d-c9-e2 2
Learned
# 1
Eth 1/ 2 10-cd-fd-1d-2e-6f 2
Learned
# 1
Eth 1/ 2 18-c0-d9-16-95-96 2
Learned
# 1
Eth 1/ 2 1e-c3-8a-6e-38-96 2
Learned
# 1
Eth 1/ 2 22-aa-65-6c-ba-8a 2
Learned
# 1
Eth 1/ 2 26-a8-2e-66-8f-0c 2
Learned
# 1
Eth 1/ 2 26-e0-59-12-7d-c3 2
Learned
# 1
Eth 1/ 2 28-fd-e5-12-f4-51 2
Learned
# 1
Eth 1/ 2 2c-0e-d2-14-50-ef 2
Learned
# 1
Eth 1/ 2 3a-59-39-1a-7b-1e 2
Learned
# 1
Eth 1/ 2 3a-b8-48-35-73-cd 2
Learned
--More-No mximo 80 MACs foram aprendidos no SWA
#
#
#
#
#
#
#
#
#
#
SWA#sh mac-address-table vlan 2

Unit
---1
1
1
1
1
Interface MAC Address

VLAN Type
--------- ----------------- ---- --------Eth 1/ 25 00-01-02-03-04-05 2
Learned
Eth 1/ 25 00-05-3e-23-ce-28 2
Learned
Eth 1/ 25 00-0c-29-19-8b-6f 2
Learned
Eth 1/ 25 00-0f-b0-57-8d-ef 2
Learned
Eth 1/ 25 00-14-12-35-76-d2 2
Learned
DmSwitch
19
#
#
#
#
#
#
#
#
#
#
#
#
#
#
1
Eth
1
Eth
1
Eth
1
Eth
1
Eth
1
Eth
1
Eth
1
Eth
1
Eth
1
Eth
1
Eth
1
Eth
1
Eth
--More--
1/
1/
1/
1/
1/
1/
1/
1/
1/
1/
1/
1/
1/
25
25
25
25
25
25
25
25
25
25
25
25
25
00-14-f3-0e-85-2d
00-1a-88-c2-4e-fe
00-1b-21-7f-c2-fc
00-2e-2a-64-e9-d2
00-33-56-c4-47-8e
00-35-e3-20-ff-0e
00-3a-a7-83-f8-48
00-3d-f8-e7-d9-44
00-3e-cc-bb-a8-f7
00-47-8e-6b-2c-e8
00-4c-3c-96-3f-27
00-51-54-3c-13-a2
00-55-3b-e4-5a-b0
2
2
2
2
2
2
2
2
2
2
2
2
2
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
No mximo 100 MACs foram aprendidos na VLAN 2 do SWB e SWC
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
SWB#sh mac-address-table vlan 2

Unit Interface
---- --------1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
1
Eth 1/ 2
--More--
MAC Address
----------------00-0c-f1-ac-9b-61
00-03-55-f9-d6-5b
00-04-df-00-08-42
00-0d-01-b0-3e-5a
00-0f-6e-ee-04-7c
00-0f-b0-57-8d-ef
00-10-42-17-f3-ff
00-12-2a-e0-8d-9b
00-18-a0-47-a5-38
00-19-88-23-38-10
00-1a-8d-6b-64-bc
00-1c-e9-e0-73-19
00-20-c2-cd-1b-b1
00-26-64-7b-71-0b
00-26-f4-d4-06-81
00-2c-31-9c-7f-1d
00-2c-34-57-c7-b3
00-35-2b-9b-60-33
VLAN
---1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
Type
--------Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
Learned
DmSwitch
20

Guia de Configuração do DmSwitch

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Guia de Configuração do DmSwitch

Enviado por

Direitos autorais:

Formatos disponíveis

Indice

1. Roteiro para atualizao de firmware ............................................ 2

3.4. SNMP/Traps Manager............................................................................................ 5

5.2. xSTP ...................................................................................................................... 8

5.5. L2 Address Table ................................................................................................. 11

5.6. Monitor ................................................................................................................. 11

10.1. EAPS ................................................................................................................. 13

1. ROTEIRO PARA ATUALIZAO DE FIRMWARE

DmSwitch3000#copy tftp 192.168.0.1 0201.im firmware

1.2. Upload de firmware via Web

SWA#clock set 10:44:30 18 05 2006

BootLoader version: 1.1.2-1

3.2. Atualizao de Firmware

SWA#copy tftp 192.168.0.229 0201.bin firmware

SWA(config)#ip default-gateway 192.168.0.1

SWA(config)#ip default-gateway 192.168.0.1

3.4. SNMP/Traps Manager

SWA(config)#ip snmp-server community private rw

SWA(config)#ip ssh host-key generate rsa

3.6. Usurio local

SWA(config)#username operador access-level 0

3.7. Servidor Radius

SWA(config)#authentication login local radius

SWA(config)#management all-client 192.168.0.0/24

SWA(config-if-eth-1/1)#show interfaces table configuration

4.2. Storm Control

4.3. Rate Limit

SWA(config)#interface ethernet range 25 26

SWA(config)#spanning-tree 1 priority 4096

SWA(config)#interface vlan range 4093 4094

Last update from:

(u)ntagged, (t)agged, (d)ynamic, (f)orbidden

VLAN 1 [DefaultVlan]: static, active

VLAN 2 [contabilidade]: static, active

SWA(config)#show vlan name contabilidade

5.5. L2 Address Table

SWA(config)#mac-address-table static 00-01-02-03-04-05 ethernet 1/1 vlan 1

5.5.2. Address Aging

SWA(config)#mac-address-table aging-time mode global

5.7. Protocol Tunneling

SWA(config)#l2protocol-tunnel dest-mac-address 01-04-df-cd-cd-cd

SWA(config)#ip igmp snooping

SWA(config)#filter new remark prioridade action 802.1p-from-tos

swabc(config)#no spanning-tree 1 vlan all

primary ethernet 1/25

swabc(config)#interface vlan range 2 200

swabc(config)#interface vlan range 1001 1002

swabc(config)#interface vlan range 2 200

Criar um anel fsico fazendo as seguintes conexes: A25-B26, B25-C26, A26-C25.

swb#show eaps detail

swc#show eaps detail

root@MA#ping 192.168.2.102 f i 0.1

swa#show eaps detail

10.5. Port Security

Limpar a tabela MAC dos SWs

Injetar a partir de MC e MB 17.000 MACs (utilizar macof, packETH,etc)e verificar que:

SWB#sh mac-address-table interface e 2

# SWC#sh mac-address-table interface e 2

SWA#sh mac-address-table vlan 2

Interface MAC Address

No mximo 100 MACs foram aprendidos na VLAN 2 do SWB e SWC

SWB#sh mac-address-table vlan 2

Você também pode gostar