Escolar Documentos
Profissional Documentos
Cultura Documentos
slide 3
Course Objectives
Labs session during both days to configure most of the protocol covered during the
training
Agenda
Day 1 Day 2
STP/RSTP POE
VLAN SNMP
slide 6
Before Starting
slide 7
Hardware Overview
Certified Allied Telesis Technician / Enterprise (CAT-ENT)
Allied Telesis portfolio
Connectivity
Switching
Firewall
Multiple Services
Wireless
Management
Services
Services
NetCover and Professional Service
slide 9
Connectivity
Network Interface Cards Media Conversion
Copper Fiber Non-managed Manageable
Fast Ethernet Fast Ethernet Single channel Single channel
Gigabit Gigabit Multiple channels Multiple channels
Desktop and Desktop and VDSL conversion
Laptop options Laptop options
slide 10
Switching
Small Business Enterprise Networks
Broad choice of unmanaged High-performance, future-proof products to meet
or Websmart FastEthernet and requirements for Enterprise, Campus, Branch and
Gigabit switches Data Center networks
SwitchBlade x8106/x8112
X930 DC2552XS/L3 SwitchBlade x908
FS750/16-24-48 FS750/28PS
slide 11
Routers
SMB and Firewall
AR770 AR2010V/AR2050V
AR415
1 x 10/100 WAN interfaces 4 x 10/100/1000 Mbps AR3050/AR4050
4 x 10/100 Mbps Ethernet Ethernet switched LAN Next Generation
switched LAN ports Ports Firewall (NGFW)
WAN slot (PIC) 10/100/1000T x 2 SFP Series. 2 x GE WAN
VPN capability with IPsec combo
2 WAN slot (PIC)
and 8 x 10/100/1000
Stateful inspection firewall
IPSEC VPN / firewall LAN
Integrated encryption engine
supporting DES, 3DES and AES Advanced QoS
slide 12
Multi Services Access Platform : iMAP, IMG, NMS
xDSL Ethernet GbE 10GbE E1
slide 13
Wireless Solutions
UWC Wireless Switch
slide 14
Operations
Certified Allied Telesis Technician / Enterprise (CAT-ENT)
Table of Contents
Initial connection
Start-up
The Command line modes (CLI)
AlliedWare Plus CLI Overview, Basic Operations
Port management
Feature licensing
Web Management - Graphical User Interface (GUI) (Appendix)
slide 16
Certified Allied Telesis Technician
Initial Connection
How to Connect
To configure or manage an AlliedWare+ switch, you must use one of the following
connection methods:
Via serial port (also called console port)
Console cable (provided with switch)
Terminal emulator software (e.g. Hyper-terminal under Windows)
Via the network using an IP-based network protocol
Command Line Interface (CLI) (Telnet / SSH)
Multi-vendor network management systems (SNMP)
Web browser (GUI) based Management (HTTP, Java)
These three latter methods need an IP address to be assigned to the switch
slide 18
Connection via DB9 Serial Console Port
slide 19
Connection via DB9 Serial Console Port
Connect one of the serial ports (COM ports) from the PC to the switch's serial port using the
cable supplied.
Run a Terminal Emulator software (shown: HyperTerminal)
Serial Interface
(USB Adapter, etc.)
Baud Rate
9600 bits/sec
8 data bits
Parity none 4) By default the
AlliedWare PlusTM
1 stop bit
OS supports VT100
Flow control compatible terminals
none
on the console port.
This means that the
terminal size is 80
3) The default baud rate is 9600 columns by 24 rows.
(Range is 9600 to 115200 bps)
slide 21
Connection via DB9 Serial Console Port
slide 22
Certified Allied Telesis Technician
Start-up
Start-up: Status, System Messages
At the beginning of the boot process typically internal hardware components (memory,
etc.) are tested and the results reported
Many systems allow the administrator to interrupt the start-up sequence for
maintenance and file operations (like choosing a different boot image).
slide 24
Start-up: Bootloader
The Bootloader menu:
Boot Menu:
0. Restart
------------------------------------------------------
1. Perform one-off boot from alternate source
2. Change the default
3. Update Bootloader
4. Adjust the console baud rate
5. Special boot options
6. System information
7. Restore Bootloader factory settings
------------------------------------------------------
9. Quit and continue booting
slide 25
Start-up: Bootloader
1. Perform one-off boot from alternate source
This option allows the system to boot up (loading the AlliedWare Plus system) from a
number of sources:
Flash
SD Card
TFTP
YMODEM
This allows several options for updates and debugging equipment.
When the equipment has started up from an alternative source, after login there is an
automatic option of copying the booted SW version to Flash memory, and to select it as the
default boot version.
2. Change the default boot source (for advanced users)
One of the following 4 possible options can be selected as the default.
ONLY RECOMMENDED METHOD: FLASH (activated by default)
slide 26
Start-up: Bootloader
3. Update Bootloader
Allows the equipment bootloader to be updated (if requested by technical support).
4. Adjust the console baud rate
Allows you to alter the baud rate of console port.
Default value is 9600
Range is 9600 to 115200
5. Special boot options
Usually use to skip loading the startup configuration, and instead using a default blank
configuration, to recover the switch if the password is lost (for recovering the
manager/friend account)
0. Return to previous menu
------------------------------------------------------
1. Skip startup script (Use system defaults)
slide 27
Start-up: Bootloader
6. System information
Displays system information on the hardware: CPU, memory, MAC
address, etc.
7. Restore Bootloader factory settings
Resets the Bootloader to factory settings
slide 28
Start-up: Boot Process
slide 29
Loading AlliedWare Plus
Initialising ECC Memory... Done
Reading filesystem...
Loading flash:r6-5.3.4-0.5.rel...
Verifying release... OK
Booting...
Starting base/first... [ OK ]
______________ ____
/\ \ / /______\
/ \ \_ __/ /| ______ |
/ \ | | / | ______ |
/ \ \ / / \ ____ /
/______/\____\ \/ /____________/
slide 30
Security Level
Boot Menu:
WARNING: The bootloader is not currently password protected.
------------------------------------------------------
B. Boot backup software
-----------------------------------------------
S. Security Level ----------------------
The Security Level option enables you to configure how accessible the
bootloader is to users.
slide 31
Security Level
slide 32
Security Level
slide 33
Security Level
The next level of security enables a password for access to the
menu.
1. Set security Level to 2 (Password Protected)
If the user types CRTL+B at boot-up, they will need to enter the password
before being able to access the following menu items in the bootloader menu:
Perform one-off boot from alternate source
Change the default boot source (for advanced users)
Update bootloader
Special boot options (which accesses the Skip startup script option)
Developer menu
Configure protected mode
slide 34
Security Level
except that there is no longer any access to the Skip startup script option and to the Special
Boot Options section of the bootloader menu, even of the user knows the password.
Once you have chosen security level 3, the only way to return to a lower
security level is to completely erase flash and NVS.
So, if, in the menu above, you type 1, to go back to security level 1
slide 35
Default Settings of an AlliedWare Plus Switch
slide 36
Certified Allied Telesis Technician
slide 38
User Exec Mode
User Exec mode is the mode you log into on the switch
In this mode, the user has access to a restricted set of
commands that do not affect the operation of the switch, but
are used to perform some diagnostics
Show commands, ping, trace route, telnet/ssh from the switch to
another device, etc.
The prompt appears on screen as follows:
awplus>
slide 39
Privileged Exec Mode
awplus#
slide 40
Global Configuration Mode
awplus(config)#
slide 41
AlliedWare Plus Command Modes
User Exec Command mode User Exec
Command used to mode mode
enter the next Command used to
command mode enable disable return to this
Privileged Privileged command mode
Exec mode end Exec mode
or Ctrl+Z
Configure terminal exit
Global Global
Configuration Configuration
mode mode
interface router exit exit
(interface name) (routing protocol)
exit
slide 42
Help System
slide 43
Remote Access
As stated earlier, an IP address needs to be configured on the switch in order to
access it remotely over Ethernet such as with Telnet or SSH.
The simplest way to accomplish this with a switch with factory default settings is
to assign an IP address to the VLAN 1 (one) interface.
Here are the steps to assign 192.168.1.1 255.255.255.0 to the switchs VLAN 1
interface:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan1
awplus(config-if)# ip address 192.168.1.1/24
awplus(config-if)# end
awplus# show ip interface
Interface IP-Address Status Protocol
vlan1 192.168.1.1 admin up down
slide 44
Remote Access
Now telnet is possible
from a PC in the same
IP network
slide 45
Entering Privileged Exec Commands in a Configuration Mode
As you configure the switch you will be constantly entering various show
commands to confirm your configuration.
This requires constantly changing between configuration modes and
Privileged Exec mode.
However, you can run Privileged Exec commands without changing
mode, by using the command:
slide 46
Creating Users
Additional users can be added and removed from the switch using the username
command
The username command can also be used to change the manager password
from the default of friend
This is a configuration command so you must start in Global Configuration mode:
awplus> enable
awplus# configure terminal
Syntax:
awplus(config)# username <name> privilege <1-15> password <password>
Only users with privilege 15 have access to Privileged Exec and Configuration
modes.
The 'no form of the command removes a user:
awplus(config)# no username <name>
slide 47
User Privilege Levels
slide 48
Managing Users
slide 49
Managing Users
The configuration Web interface (GUI) is accessed by any created user.
The graphical interface file (.jar file) has to be present in the equipment's Flash
memory.
Show connected users:
awplus#show users
Line User Host(s) Idle Location Priv Idletime
Timeout
slide 50
Certified Allied Telesis Technician
Basic Operations
Configuration Management
slide 53
Startup Configuration Management
To show the start-up configuration (the saved configuration in flash):
Privileged Exec mode:
awplus> enable
Display configuration:
awplus# show startup-config <module>
module=access-list, interface, stack, etc..
(full list with show running-config ?)
Partial display of configuration containing a particular word:
awplus# show startup-config|include <word>
Partial display of configuration from particular word:
awplus# show startup-config|begin <word>
slide 54
Startup Configuration Management
Save configuration (Privileged Exec mode):
Save to startup configuration file
awplus# copy running-config startup-config
startup-config is an alias that points to the file default.cfg in the flash
filesystem
The command is commonly abbreviated as copy run start
write memory also saves the configuration and can be shortened to just wr
You can also save the configuration to another file:
awplus# copy running-config newfile.cfg
slide 55
Startup Configuration Management
Show the boot settings (Privileged Exec mode):
The default alias startup-config is associated with the default.cfg file
Display:
awplus# show boot
Boot configuration
----------------------------------------------------
Current software : r1-5.3.4-0.5.rel
Current boot image: flash:/r1-5.3.4-0.5.rel
Backup boot image: Not set
Default boot config: flash:/default.cfg
Current boot config: flash:/default.cfg (file exists)
slide 56
Startup Configuration Management
Changing the boot startup script (Configuration mode):
The file associated with the alias startup-config can be change via:
awplus(config)# boot config-file test.cfg
awplus(config)# end
awplus#show boot
Boot configuration
----------------------------------------------------
Current software : r1-5.3.4-0.5.rel
Current boot image: flash:/r1-5.3.4-0.5.rel
Backup boot image: Not set
Default boot config: flash:/default.cfg
Current boot config: flash:/test.cfg (file exists)
From then on, the command:
awplus# copy running-config startup-config
will save to the file test.cfg
slide 57
Startup Configuration Management
Restore to factory configuration
Reset the startup-config alias to its default value default.cfg
(Mode Config):
awplus(config)# no boot config-file
awplus(config)# do sh boot
slide 58
Basic Operations Show Version
The commands show version and show system display global information
(Privileged Exec):
Modules installed & hardware version
Memory state
Software version
awplus#show version
slide 61
Basic Operations Show System
Show the serial number:
awplus# show system serialnumber
Show pluggable SFPs, XFPs:
awplus# show system pluggable [<port-list>]
slide 63
Pluggable Diagnostics
awplus# show system pluggable diagnostics
System Pluggable Information Diagnostics
Port1.0.21 Status Alarms Warnings
Reading Alarm Max Min Warning Max Min
Temp: (Degrees C) 29.387 - 100.00 -40.00 - 85.000 -10.00
Vcc: (Volts) 3.339 - 3.465 3.135 - 3.400
3.200
Tx Bias: (mA) 10.192 - 37.020 3.260 - 34.520
5.760
Tx Power: (mW) 17.872 - 35.643 8.953 - 28.313 11.271
Rx Power: (mW) 0.006 Low 15.849 0.025 Low 12.589 0.040
Rx LOS: Rx Down
Port1.0.22 Status Alarms Warnings
Reading Alarm Max Min Warning Max Min
Temp: (Degrees C) 29.387 - 100.00 -40.00 - 85.000 -10.00
Vcc: (Volts) 3.378 - 3.630 2.970 - 3.465
3.135
Tx Bias: (mA) 2.802 - 6.000 1.000 - 5.000
1.000
Tx Power: (mW) 2.900 - 11.000 0.600 - 10.000 0.850
Rx Power: (mW) 1.739 - 18.000 0.000 - 10.000 0.200
Rx LOS: Rx Up
slide 64
System Banners
Apply a banner (Global Configuration):
Apply a banner:
awplus(config)#banner motd Welcome to Main Distributor
Removal of banner
awplus(config)#no banner motd
Multi-line banners can also be added using the banner login command.
slide 65
Clock Management
Display time:
awplus#show clock
UTC Time: Wed, 17 Nov 2010 10:36:07 +0000
Timezone: UTC
Timezone Offset: +00:00
Summer time zone: None
Configure time zone:
awplus(config)# clock timezone <timezone name> <plus/minus> <offset>
Set time and date:
awplus# clock set <hh:mm:ss> <day> <month> <year>
Configuration of NTP:
awplus(config)# ntp server <serveraddress>|<servername>}
[prefer] [key <key>] [version <version>]
awplus(config)# no ntp server
slide 66
"Summer time" configuration
slide 67
File System Management
Show File list (Privilege mode):
awplus#dir
534 -rw- Nov 16 2010 16:31:16 default.cfg
3610612 -rwx Nov 16 2010 11:20:42 gui_534_07.jar
15499001 -rwx Nov 16 2010 11:18:05 r6-5.3.4-0.5.rel
slide 68
File System Management
Managing directories
Create a directory mkdir <url>
Remove a directory rmdir [force] <url>
Change a directory cd <url> or cd..
Display running directory pwd
Change media cd flash:/ or cd card:/
Managing files
Copy a file copy <Src-url> <Dest-url>
Delete a file del <url>
Types of URL permitted:
filename
tftp://10.0.0.1/filename to or from 10.0.0.1 by tftp
sftp:// 10.0.0.1/filename to or from 10.0.0.1 by sftp
scp:// 10.0.0.1/filename to or from 10.0.0.1 by scp
flash:/filename to or from Flash
card:/filename to or from SD position
slide 69
Copy Assistant
A copy assistant has been included to simplify file transfer between
the switch and other equipment.
To use it, you define the source medium and destination medium,
then answer the assistant's questions.
Examples:
copy tftp flash copy from a tftp server to flash
copy flash tftp copy from flash to tftp server
Back up a test.cfg file to a tftp server at address 10.0.0.1
awplus# copy flash tftp
Enter source file name []:test.cfg
Enter destination host name []:10.0.0.1
Enter destination file name [test.cfg]:test.cfg
Copying..
slide 70
TFTP Firmware Upgrade Process
Request
DATA
Ethernet
192.168.1.2 192.168.1.1
TFTP Firmware Upgrade Requirements
slide 73
Setting a Backup Image
It is possible to set a second software image
This image will be used to reboot the switch if the first one cannot be loaded into the
memory (missing, corrupted, etc.).
This image may be the same version as the main image.
This image may be a different version of the main image.
Example: Use of the same version of main image and back-up
awplus# copy r1-5.3.4-0.5.rel r1-5.3.4-0.5.back.rel
awplus# configure terminal
awplus(config)# boot backup r1-5.3.4-0.5.back.rel
awplus(config)# do show boot
slide 74
Firmware Upgrade via USB/SD
slide 75
Certified Allied Telesis Technician
Port Management
Port Management Overview
slide 77
Port Numbering
slide 78
Enabling / Disabling Switch Ports
Disabling switch ports:
Not available for packet reception and transmission
Will not send or receive any frames
Incoming STP BPDU packets are discarded
Administrative status in the Interfaces MIB is DOWN
awplus# configure terminal
awplus(config)# interface port1.0.20
awplus(config-if)# shutdown
Re Enabling switch ports
Available for packet reception and transmission
Administrative status in the Interfaces MIB is UP
Participates in STP
awplus# configure terminal
awplus(config)# interface port1.0.20
awplus(config-if)# no shutdown
slide 79
Autonegotiation
slide 80
Autonegotation Parallel Detection
If only one of the two devices is autonegotiation compliant, the
protocol is designed to use Parallel Detection
Parallel Detection, on the compliant device senses the link speed, but
configures its port as Half Duplex
COLLISIONS
slide 81
Autonegotiation Interface Configuration
slide 82
MDI/MDIX Switchports
slide 83
MDI-X Interface Configuration
slide 84
Displaying Port Information
slide 85
Interfaces list
To get a summary of all the Ethernet ports:
awplus#show int status
slide 86
Certified Allied Telesis Technician
Feature Licensing
Licensing Overview
Products ship with the base software release enabled for use
Licensing system is only for additional feature licenses
For example, the Advanced Layer 3 feature bundle includes:
BGP
OSPF
PIM
VLAN Double Tagging
UDLD (from 5.4.5)
Feature licenses are obtained from authorized distributor or reseller.
If a license key expires or a proper key is not installed, some software
features will not be available.
slide 88
Activate software feature license
These commands enable the specified licensed software feature set.
Note that if the feature license contains a license for a protocol, then
that protocol will restart. This action may result in the loss of
network traffic.
We advise that you should only install licenses during scheduled
maintenance for devices operating in a live environment.
When you add a feature license you are warned on the console
before that feature restarts.
slide 89
Certified Allied Telesis Technician
Autoboot
The Autoboot Feature
slide 91
Autoboot
slide 93
Autoboot
slide 94
Autoboot
slide 95
Certified Allied Telesis Technician
Web management
Web management Introduction
Graphical User Interface (GUI)
This following slides describe how to install, configure and use the Graphical User Interface
(GUI) on switches running the AlliedWare Plus OS
slide 97
Graphical User Interface (GUI) - Introduction
slide 98
Graphical User Interface (GUI) - Introduction
slide 99
Graphical User Interface (GUI) - Introduction
slide 100
Graphical User Interface (GUI)
slide 101
Graphical User Interface (GUI)
An IP address
can be added or
deleted.
slide 102
Graphical User Interface (GUI)
The MAC
addressed table
can be checked.
slide 103
Graphical User Interface (GUI)
Vlans can be
created and Tagged
& Untagged port
can assigned.
slide 104
Graphical User Interface (GUI)
Static Link
Aggregation and
port association
can be managed.
slide 105
Graphical User Interface (GUI)
Dynamic Link
Aggregation and
port association
can be managed.
slide 106
Graphical User Interface (GUI)
File management tab
permit to manage the
file present on the
switch flash. As for
example set up the new
boot file or the new
firmware.
slide 107
Layer 2 Switching
Certified Allied Telesis Technician / Enterprise (CAT-ENT)
Table of Contents
L2 Switching Basics
MAC Address Table / Forwarding Database
Broadcast Storm Control / Broadcast Limiting
Port Mirroring
slide 109
Certified Allied Telesis Technician
L2 Switching Basics
L2 Switching Basics
slide 111
Introduction
Every device on the Ethernet must have a unique individual address. This includes
switches.
This individual address is called the Hardware MAC Address and is usually stored
in the devices ROM.
These (globally administered) unique addresses are allocated in address blocks to
organizations in a centralized manner. A block is identified by the first 3 bytes, called
the OUI (Organizationally Unique Identifier). Allied Telesis, for example, has the
following ranges of addresses (besides others) assigned to it:
00-A0-D2-xx-xx-xx 00-00-CD-xx-xx-xx
00-09-41-xx-xx-xx 00-15-77-xx-xx-xx
slide 112
Forwarding Frames
slide 113
Switching Chips & CPU
slide 114
Certified Allied Telesis Technician
On Ethernet networks, all the L2 frames include a source MAC address and
a destination MAC address.
Switches should be able to receive a frame from the source device and
quickly forward it toward the destination device.
To do this switches create the MAC address table or FDB (Forwarding
Database)
The MAC Address Table is a local table that tells the switch where to
forward each frame.
The entry on the MAC table are dynamic and are kept for 300 sec.
slide 116
Address Learning Process
PC A needs to know PC Bs MAC address
An ARP packet is generated by PC A (Broadcast)
The L2 switch learns PC A MAC address from the source MAC field
ARP Packet
D.MAC S.MAC L2 Switch MAC Table
FF-FF 00-0A D.MAC Port
D.IP S.IP 00-0A 1
ARP 1 20
1.11 1.10
PCB ARP Table
PCB ARP Table A B MAC IP
MAC IP 00-0B 1.11
00-0A 1.10 00-0A 1.10
slide 117
Address Learning
The L2 switch broadcasts the ARP request out other ports
PC B recognizes its own IP address; the other hosts discard these ARP requests
PC B learns PC A MAC address
ARP Packet
D.MAC S.MAC L2 Switch MAC Table
FF-FF 00-0A D.MAC Port
D.IP S.IP 00-0A 1
ARP 1 20
1.11 1.10
PCB ARP Table
PCB ARP Table A B MAC IP
MAC IP 00-0B 1.11
00-0A 1.10 00-0A 1.10
slide 118
Address Learning
PC B answers to PC A, communicating its MAC address (unicast)
The switch learns PC B MAC address into its MAC table
A learns PC B MAC
ARP Packet
L2 Switch MAC Table
D.MAC S.MAC
D.MAC Port
00-0A 00-0B
00-0A 1
D.IP S.IP
20 00-0B 20
1.10 1.11 1
PCA
A ARP B PCB
MAC IP MAC IP
00-0A 1.10 00-0B 1.11
00-0B 1.11 00-0A 1.10
slide 119
Address Learning
Traffic is generated by PC A destined to PC B (unicast) will egress only port 20
Data Packets
D.MAC S.MAC L2 Switch MAC Table
00-0B 00-0A D.MAC Port
D.IP S.IP 00-0A 1
1.11 1.10 00-0B 20
data
PCA PCB
MAC IP A B
MAC IP
00-0A 1.10 00-0B 1.11
00-0B 1.11 00-0A 1.10
slide 120
Frame Forwarding
slide 121
The Forwarding Database (FDB)
The switches FDB determines whether frames are forwarded or discarded, based on the
destination MAC address.
A dynamic entry is automatically deleted from the forwarding database when its aging timer
expires.
Default aging timer is 300 seconds
Use show mac address-table to see the MAC table:
slide 122
Frame Forwarding DLF
slide 123
Certified Allied Telesis Technician
Forwarding Techniques
Forwarding Techniques
Store-and-Forward
An entire frame must be received before it is forwarded and
a cyclic redundancy check (CRC) for errors is computed.
This means that the latency through the switch is relative to
the frame size - the larger the frame size, the longer the
delay through the switch
slide 125
CRC
slide 126
Forwarding Techniques
Cut-Through
Allows the switch to begin forwarding the frame when
enough of the frame is received to make a forwarding
decision.
This reduces the latency through the switch
Frame are not checked against error
slide 127
Certified Allied Telesis Technician
Forwarding or Filtering
Forwarding or Filtering
Queuing
Port-security
slide 129
Queuing
slide 130
Port-Security
slide 131
Certified Allied Telesis Technician
slide 133
Broadcast Consideration
slide 134
Broadcast Storm Control
Broadcast Storm Control limits the amount of flooding that occurs on a switch
Broadcast Storm
Control enabled
Broadcast
Storm
Switch
slide 135
Broadcast Storm Control
slide 136
Configuring Broadcast Storm Control
The port storm-control broadcast enable interface Configuration
(Ethernet) mode command enables broadcast storm control.
awplus(config)# interface port1.0.1
awplus(config-if)# storm-control
{broadcast|multicast|dlf} level <level>
Port Mirroring
Port Mirroring Overview
This feature allows traffic flowing through a switch port to be sent to another switch
port (mirror port)
It can be used to capture data with a protocol analyzer
Either traffic received from, traffic transmitted on a port or both can be mirrored
Analyzer
slide 139
Port Mirroring Overview
One mirror port for traffic monitoring is supported system-
wide.
The user can choose whether to mirror only Rx traffic, only Tx
traffic, or both.
It is often possible to specify several ports to be monitored by a
single target port. However, in these cases, any excess traffic
will silently be discarded (and user will not know which packets
were discarded).
Port Mirroring is only relevant to physical ports.
slide 140
Port Mirroring Configuration
Before the mirror port can be set, it must be removed from all VLANs except the
default VLAN
The mirror port cannot be part of a aggregated link.
The mirror port is the only switch port that does not belong to a VLAN, and
therefore does not participate in any switching.
Configuration: Mirroring ports 2 & 4 to port 23:
awplus(config)# interface port1.0.23
Outgoing port
awplus(config-if)# mirror interface
port1.0.2,port1.0.4 direction both (capture)
Source ports
slide 141
Port Mirroring Configuration
The direction of captured traffic can be defined:
mirror interface port1.0.2,port1.0.4 direction <Value>
both Mirror traffic in both directions
receive Mirror received traffic
transmit Mirror transmit traffic
End mirror:
awplus(config)# interface port1.0.23
awplus(config-if)# no mirror interface
port1.0.2,port1.0.4
Display mirror:
awplus# show mirror
slide 142
Port Mirroring Configuration
slide 143
Spanning Tree Protocol
Certified Allied Telesis Technician / Enterprise (CAT-ENT)
Table of Contents
slide 145
Certified Allied Telesis Technician
slide 147
Spanning Tree Protocol Introduction
Redundant paths in a network allows the flow of traffic from source to
destination if the link goes down
However, redundant paths introduce loops into the network and loops can
cause severe network problems, particularly in Layer 2 switched networks
The older but widely used STP has been further developed to overcome
most of its shortcomings:
RSTP (Rapid Spanning Tree Protocol)
MSTP (Multiple Spanning Tree Protocol)
slide 148
Example STP Application
slide 149
Spanning Tree Algorithm
The STP algorithm was developed to allow for one and only one path through a
network with redundant paths available but unused.
This is done by creating a logical tree with only one path to an agreed upon
root bridge.
Root Bridge Root Bridge
2 1 2 1
A C A C
1 3 2 1 3 2
2 2
1 2 1 3 1 2 1 3
B D B D
4 3 4 4 3 4
1 1 2 1 1 2
2 3 2 3
F E F E
slide 150
Spanning Tree Algorithm Process
A single switch, called the root bridge, forms a unique root to the
tree.
The root bridge is the bridge with the lowest Bridge ID.
Each switch in an extended LAN is uniquely identified by its Bridge ID, which
comprises the switchs root priority (a spanning tree parameter) and its
MAC address.
Each switch or LAN in the tree, except the root bridge, has a unique
parent, known as the designated bridge.
The designated bridge, connects a LAN segment to the next segment on the
path towards the root bridge.
slide 151
Spanning Tree Algorithm
slide 152
Spanning Tree Port States
Blocking Learning
Discards all data frames. Discards all data frames.
Does not learn station addresses. Learns station addresses and incorporates them into
Receives BPDUs but does not process them. the FDB.
Does not transmit BPDUs. Receives, processes, and transmits BPDUs.
Receives and acts on management messages Receives and acts on management messages.
Listening Forwarding
Discards all data frames. Forwards all data frames.
Does not learn station addresses. Incorporates station addresses into its FDB.
Receives BPDUs and processes them. Receives, processes, and transmits BPDUs.
Does not transmit BPDUs. Receives and acts on management messages.
Receives and acts on management messages. Disabled
Does not participate in frame forwarding or the
operation of Spanning-Tree Protocol.
slide 153
Bridge Priority
slide 154
Root Bridge Election
The first step in the operation of a Spanning Tree is the election of a Root
Bridge. Two parameters determine the Root:
Bridge Priority ( Bridge Identifier)
Bridge MAC address
When STA is initialized all bridges declare themselves to be the Root by
transmitting a BPDU from all ports. When a bridge receives a BPDU with a
lower priority it will stop sending its own BPDU and retransmits the better
BPDU. This process continues until there is only one bridge sending out its own
BPDU that bridge is the Root Bridge.
Once the Root Bridge is elected all other switches stop transmitting their own
BPDUs and forward the BPDU from the Root only, unless there is a topology
change. If there is a topology change the Root must be elected again.
slide 155
Root Ports
slide 156
Path Costs
slide 157
Root Port Election
Root Bridge
A R C Port 1 cost 5
Port costs 0
Port 2 cost 10
R R
B D Port 1 cost 10
Port 1 cost 5
Port 2 cost 10 Port 2 cost 10
Port 3 cost 5 Port 3 cost 5
Port 4 cost 5
R
E
Port 1 cost 15
Port 2 cost 10
slide 158
Designated Ports
Once the Root Ports have been selected the Designated Ports
for each segment must be chosen.
The Designated port is the port that has the lowest Root Cost
for that segment.
slide 159
Designated Ports
Root Bridge
2 1
A D C Port 1 cost 5
Port costs 0
1 D 3 2 Port 2 cost 10
D
2
1 2 1 3
B D Port 1 cost 10
Port 1 cost 5
Port 2 cost 10 4 D 3 4 D Port 2 cost 10
Port 3 cost 5 Port 3 cost 5
Port 4 cost 15 1 1 2 Port 4 cost 5
2 3
F E
Port 1 cost 5 Port 1 cost 15
Port 2 cost 10 Port 2 cost 10
slide 160
Spanning Tree Convergence
A Spanning-Tree is created by forming a loop free topology within the
network. This is done by selecting the ports that are to be members of the
Spanning-Tree and ports which are not to be included. The ports that are to
be members are placed in the forwarding state while non-members are
placed in Blocking mode. Note that the ports that are part of the Spanning-
Tree are:
Interfaces on the Root Bridge
The Root Port
The Designated Port
Ports not connected to a Spanning-Tree device
These ports will forward all data traffic while all other ports will be placed in
blocking mode and will pass no data traffic. A tree is then formed so that
there is one and only one path to for each device to the root.
slide 161
Spanning Tree Timers
slide 162
Hello Timer
slide 163
Max Age Timer
The value can be set at approximately two seconds for every hop
across the network
slide 164
Forward Delay
slide 165
Certified Allied Telesis Technician
slide 167
Rapid Spanning Tree Overview
slide 168
RSTP Port Roles
slide 169
RSTP Port Roles
ROOT
BRIDGE
RP RP
DP BACKUP
DP
PORT
ROOT ALTERNATE
PORT PORT
slide 170
RSTP Port States
State Meaning
DISABLED STP operations are disabled on the port.
DISCARDING The port does not participate in frame relay. The forwarding
process discards received frames and does not submit
forwarded frames for transmission. The port does send and
receive BPDUs. They do not learn MAC addresses.
LEARNING The port is enabled for receiving frames only, and the Learning
Process can add new source address information to the Forwarding Database. The
port does not forward any frames. The port continues to send and receive BPDUs.
They learn MAC addresses, but do not forward user traffic.
FORWARDING The normal state for a switch port. The Forwarding Process and
the Spanning Tree entity are enabled for transmit and receive
operations on the port. They fully participate in both data
forwarding and MAC learning.
slide 171
Transition form Discarding to Forwarding
Edge ports
All ports connected to servers/workstations should be configured as
edge ports
Alternate Ports
If the Root Port on a switch fails, an alternate port moves to the
Forwarding state and becomes the Root Port
slide 172
Topology Change Notifications (TCN)
slide 173
Path Cost Values
Recommended pathcost
Port Speed Default pathcost
range
Less than 100 Kb/s 200,000,000 20,000,000-200,000,000
1Mbps 20,000,000 2,000,000-20,000,000
10Mbps 2,000,000 200,000-2,000,000
100 Mbps 200,000 20,000-200,000
1 Gbps 20,000 2,000-20,000
10 Gbps 2,000 200-2,000
100 Gbps 200 20-200
1Tbps 20 2-200
10 Tbps 2 2-20
slide 174
RSTP Design Guidelines
slide 175
RSTP Design Guidelines
slide 176
Certified Allied Telesis Technician
To set the priority for an individual switch use the following command:
This command should be applied to the nominated Root Bridge and any
switches that are going to be configured as back up to the root bridge.
slide 178
PortFast
slide 179
Disabling Spanning Tree
This command sets the bpdu-filter feature and applies a filter to any BPDUs
received. Enabling this feature ensures that configured ports will not
transmit any BPDUs and will ignore (filter out) any BPDUs received.
awplus(config)# interface port1.0.5
awplus(config-if)# spanning-tree portfast bpdu-filter
slide 180
Virtual Local Area Networks (VLAN)
Certified Allied Telesis Technician / Enterprise (CAT-ENT)
Table of Contents
VLAN Introduction
802.1q Frame Tagging
Forwarding Process
VLAN Configuration
slide 182
Certified Allied Telesis Technician
VLAN Introduction
VLAN Overview
slide 184
Single Switch Divided into VLANs
Switch
VLAN 1 VLAN 3
Ports 1-8 VLAN 2 Ports 37-48
Ports 9-36
slide 185
Configuring VLANs
VLAN1 Bridging /
VLAN 2 VLAN 3
Switching Engine
192.168.10.0 192.168.12.0
255.255.255.0 192.168.11.0
255.255.255.0 255.255.255.0
slide 186
VLAN Advantage: Flexibility
slide 187
VLAN Trunking (IEEE 802.1Q)
Switch Switch
VLAN 1 VLAN 1
VLAN 2 VLAN 2
slide 188
VLAN Trunking (IEEE 802.1Q)
Trunk Links
VLAN 1 VLAN 1
VLAN 2
slide 189
Tagged & Untagged Ports
Ports can belong to VLANs as:
Untagged (access) ports
Part of only one VLAN
They are utilized by 802.1Q unaware devices; unaware of their VLAN membership (VLAN-
unaware)
These devices now cannot communicate with devices outside their VLAN unless the
packet is routed
An Untagged port does not carry any Tagged frames
slide 190
Tagged & Untagged Ports
slide 191
802.1q Frame Structure
To accommodate VLAN identification within an Ethernet frame, a 4-
byte 802.1q Tag is added to the frame
This increases the maximum Ethernet frame size to 1522 bytes
The format for an Ethernet Tagged frame is shown below. In an
Ethernet Frame, the TPID is 2 bytes long and will contain the value of
81-00
Inserted Fields
2 Byte 2 Byte
Destination Source
TPI TAG Length Data & Padding CRC
Address Address
User
CFI VLAN ID (VID) to identify 4096 possible VLANs
Priority
3 Bits 1 Bit 12 Bits
slide 192
802.1Q Frame Tagging Rules
slide 193
802.1Q Frame Tagging Rules
A port must belong to a VLAN at all times unless the port has
been set as the mirror port for the switch
slide 194
802.1Q Frame Tagging
Port tagged for Port tagged for
VLAN 1 and VLAN 2 VLAN 1 and VLAN 2
Switch Switch
VLAN 1 VLAN 1
VLAN 2 VLAN 2
slide 195
Tagged Server Ports
Port tagged for Port tagged for
Port tagged for VLAN 1 and VLAN 2 VLAN 1, 2, & 3
VLAN 1 and VLAN 2
Server
Switch
NIC Tagged for
Switch VLAN 1, 2, & 3
VLAN 1 VLAN 3
VLAN 2 VLAN 2
slide 196
Interconnecting VLANs with Routers
Port tagged for Port tagged for
Port tagged for VLAN 1 and VLAN 2 VLAN 1, 2, & 3
VLAN 1 and VLAN 2
Router
VLAN 1 VLAN 3
VLAN 2 VLAN 2
slide 197
Interconnecting VLANs with Routers
slide 198
Certified Allied Telesis Technician
Forwarding Process
Fowarding Process
Ingress Egress
The Ingress Rules for the port: check the VLAN tagging in the
frame to determine whether it will be discarded or forwarded
to the Learning Process
Acceptable Frames parameter set to:
Admit All Frames (default)
Admit Only VLAN Tagged Frames
If Ingress Filtering is enabled, frames are admitted only if they
have the VID of a VLAN to which the port belongs
slide 201
Learning Process
All frames admitted by the Ingress Rules on any port are passed
on to the Forwarding Process if they are for destinations within
the same VLAN.
slide 202
Forwarding Process
slide 203
Certified Allied Telesis Technician
VLAN Configuration
VLAN Ports
console# configure
console(config)# interface port1.0.1
console(config-if)# switchport mode access
console(config-if)# switchport mode trunk
slide 205
Creating and Removing VLANs
slide 206
Access Ports
slide 207
Access Ports
slide 208
Trunk Ports
slide 209
Displaying VLANs
awplus# show vlan all
VLAN ID Name Type State Member ports
(u)-Untagged, (t)-Tagged
======= ================ ======= ======= ====================================
1 default STATIC ACTIVE port1.0.2(u) port1.0.3(u) port1.0.4(u)
port1.0.5(u) port1.0.6(u) port1.0.7(u)
port1.0.8(u) port1.0.9(u)
port1.0.10(u) port1.0.11(u)
port1.0.12(u) port1.0.13(u)
port1.0.14(u) port1.0.15(u)
port1.0.16(u) port1.0.17(u)
port1.0.18(u) port1.0.19(u)
port1.0.20(u) port1.0.21(u)
port1.0.22(u) port1.0.23(u)
port1.0.24(u)
2 my2 STATIC ACTIVE port1.0.1(t)
3 my3 STATIC ACTIVE port1.0.1(t)
4 my4 STATIC ACTIVE port1.0.1(u)
slide 210
Native VLAN
A trunk mode port may also have a native VLAN (by default
vlan1), for which it transmits untagged frames, and with which it
associates incoming untagged frames.
In this example port1.0.1 will be configured as Native VLAN (4)
slide 211
Link Aggregation
Certified Allied Telesis Technician / Enterprise (CAT-ENT)
Table of Contents
Introduction
Link Aggregation Types
Link Aggregation Traffic Split Criteria
Static Link Aggregation Configuration
Dynamic Link Aggregation / Trunking
Dynamic Link Aggregation / LACP Configuration
Certified Allied Telesis Technician
slide 216
Certified Allied Telesis Technician
slide 218
Static Link Aggregation
Static advantage
Simple and reliable
Static disadvantages
Not fully standardized.
No Setup information sent via the links, so all administration must be
done manually at both ends.
slide 219
Dynamic Link Aggregation
Dynamic advantage
Standardized via IEEE 802.ad and LACP protocol.
Failover when a link fails and there is (for example) a media
converter between the devices which means that the peer will not see
the link down. With static link aggregation the peer would continue
sending traffic down the link causing it to be lost.
Dynamic disadvantage
All partners in aggregated link must understand the LACP protocol
slide 220
Link Aggregation Traffic Split Criteria
slide 221
Link Aggregation Traffic Split Criteria
Link aggregation hashes the source and destination MAC address, IP
address and UDP/TCP ports to select a link on which to send a
packet. So packet flow between a pair of hosts always takes the same
link inside the Link Aggregation Group (LAG).
The net effect is that the bandwidth for a given packet stream is
restricted to the speed of one link in the LAG.
For example, for a 2 Gbps LAG that is a combination of two 1 Gbps
ports, one flow of traffic can only ever reach a maximum throughput
of 1 Gbps.
However, the hashing algorithm should spread the flows across the
links so that when many flows are operating, the full 2 Gbps can be
utilized.
slide 222
Creating a Static Channel Group
NOTE: The port properties within the group must match e.g. VLAN, speed, duplex
slide 223
Display Static Channel Groups
slide 224
Delete Static Channel Groups
Note: this will also delete the static channel group after the last member is
deleted
slide 225
Static Link Aggregation Configuration
Append the channel number to sa and it is a logical interface for other
commands:
awplus# sho interface sa2
Interface sa2
Scope: both
Link is DOWN, administrative state is UP
Thrash-limiting
Status Not Detected, Action learn-disable, Timeout 1(s)
Hardware is AGGREGATE
index 4502 metric 1 mtu 1500
<UP>
VRF Binding: Not bound
input packets 0, bytes 0, dropped 0, multicast packets 0
output packets 0, bytes 0, multicast packets 0 broadcast
packets 0
slide 226
Display sa group
show static-channel-group
Use this command to display all configured static channel groups and their corresponding
member ports.
Note that a static channel group is the same as a static aggregator.
LAG Maximum : 128
LAG Static Maximum: 96
LAG Dynamic Maximum: 32
LAG Static Count : 2
LAG Dynamic Count : 2
LAG Total Count : 4
Static Aggregator: sa2
Member:
port1.0.3
Port1.0.4
slide 227
Certified Allied Telesis Technician
slide 229
LACP Overview
slide 230
Active vs Passive
slide 231
LACP Negotation
slide 233
Display the LACP groups
slide 234
Display the LACP configuration
awplus# sho interface po2
Interface po2
Scope: both
Link is DOWN, administrative state is UP
Thrash-limiting
Status Not Detected, Action learn-disable, Timeout 1(s)
Hardware is AGGREGATE
index 4502 metric 1 mtu 1500
<>
VRF Binding: Not bound
input packets 0, bytes 0, dropped 0, multicast packets 0
output packets 0, bytes 0, multicast packets 0 broadcast
packets 0
slide 235
Display the LACP Configuration
Use this command to display detailed information about all LACP channels.
slide 236
Display the LACP configuration
slide 237
Layer 3 Overview and IP Routing
Certified Allied Telesis Technician / Enterprise (CAT-ENT)
Table of Contents
IP Concepts
IP Addresses, IPv4 Addresses
ARP Mechanism
IP Gateway / Router
IPv4 Classes
Special IPv4 Addresses
IPv4 Configuration
slide 239
Certified Allied Telesis Technician
IP Introduction
IP Introduction
slide 242
IP Version 6
slide 243
IP Subnet Definition
A subnet consists of all systems that can directly communicate with each other using
layer 2 technologies
An Ethernet segment can contain more than one separate subnet but
Often different subnets are placed on individual VLANs, for administration ease.
IPv4 communication between hosts within an Ethernet subnet uses the ARP
(Address Resolution Protocol) mechanism
IPv6 has an improved mechanism for communication inside the Ethernet subnet
called ND (Neighbor Detection)
slide 244
IP Subnet Detection
IPv4 Address is 32 bits and expressed in dotted decimal
The complete entry requires the following data:
Host Address: e.g. 192.168.10.123
Network Mask
Dotted decimal: e.g. 255.255.255.0
Binary bit value: e.g. 192.168.10.123 /24
Defines which packets being processed are considered to be in the host subnet,
or must be forwarded via to a gateway
Defines which parts of the 32 bits are:
Network address part
Host address part
slide 245
IP Network Information
This part of the Host IP address entry is calculated in simple configurations, but will
need to be entered manually when non-standard subnets are used.
Network Address
Is often calculated automatically.
Network part = Network part of Host address + Host part = all zeros
Network Broadcast
Is often calculated automatically
Network part = Network part of Host address + Host part = all ones
slide 246
IPv4 Classes
Classes were defined in the original concept, but are now slowly being replaced by a newer classless
system (CIDR)
slide 247
Loopback and Private Addresses
slide 248
Certified Allied Telesis Technician
IP Routing
IP Data Transfer Within a Subnet
slide 251
IP Data Transfer Between Subnets
IP routing is the process of moving packets from one network to
another network using routers
The route that is taken to the remote network is decided by the
route found in the local router database
The local router only moves the packet to the neighbour which is
marked as the gateway for the destination
The router does not have any knowledge what happens after that
slide 252
IP Data Transfer Between Subnets
slide 253
L3 Switching
Switch Setup Step 2:
Assigning IP Addresses to VLANs
slide 254
Route Entries
Routes from local interfaces/VLANs will be automatically inserted when
they are created.
Routes of networks not directly connected to the local router will need
to be inserted:
Static routes must be inserted manually.
Routes must be inserted for every subnet that should be reachable from
this router this can be a large management overhead
A default route will route any unknown packets to the gateway address,
and can simplify management but be a security risk
Changes in the network will need to be manually entered as new static
routes
slide 255
Dynamic Routes
slide 256
RIB & FIB
The RIB records all the routes that your device has learned
slide 257
RIB & FIB
slide 258
Routing process
slide 259
Certified Allied Telesis Technician
Direct Routing
Direct Routing
Arp Request
Arp Reply
Pc A R1 Pc B
Arp request to identify the MAC address of the default gateway is sent and an ARP reply is
sent from R1 to PcA
slide 261
Routing Process
Packet Transfer
Pc A R1 Pc B
R1 receives the packet and looks at the routing table for the
destination IP address.
slide 262
Routing Process
Arp Reply
Pc A R1 Pc B
slide 263
Direct Routing
Pc A R1 Pc B
slide 264
Certified Allied Telesis Technician
Indirect Routing
Indirect Routing
R1 R2
Pc A
R1 receives the packet and examines the routing table for the
destination IP address.
The routing table has a route to a directly connected network. Pc B
slide 266
Routing Process Step 1
The first part is the same as in direct routing
PcA must determine if the destination IPv4 address is on the same subnet. If not the packet
must be sent to default gateway.
Arp request to identify the MAC address of the default gateway is sent
R1 R2
Pc A
Pc B
slide 267
Routing Process Step 2
R1 receives the packet and looks at the routing table for the
destination IP address.
R1 doesnt have a directly connected interface with that destination so it look at the
routing table
R1 R2
Pc A
A static route exists in the routing table with the right destination so
packet is forwarded to the indicated nexthop (R2)
Pc B
slide 268
Routing Process Step 3
R1 R2
Pc A
slide 269
Routing Process Step 4
R1 R2
Pc A
Now we have to consider how to route a packet from PcB back to PcA
Pc B
slide 270
Routing Process Back to Pc A
Pc B now replies to Pc A
R1 R2
Pc A
The packet is sent to R2 and then onto R1 and is processed against the
same routing rules as were used for the original packet from PcA to
PcB, so the routing tables of both routers must be filled in correctly. Pc B
slide 271
Certified Allied Telesis Technician
IP Routing
IP Data Transfer Between Subnets
slide 273
Certified Allied Telesis Technician
Configuring IP
Setting an IP Address
slide 275
Displaying IP Interface Status
slide 276
ARP Cache
The ARP cache is being continually maintained from information
learnt from the Ethernet interfaces.
Displaying the ARP entries can be very helpful when troubleshooting
Ethernet problems.
Command to display the ARP cache contents.
As can be seen there are two different hosts attached (probably via a
switch) to port 1.0.3
No hosts have been seen on any VLAN1 ports
slide 277
ARP Cache
To clear the ARP cache of dynamic entries, use the command:
awplus# clear arp-cache
The ARP cache will be repopulated by the normal ARP learning
mechanism.
As long as the entries are relearned quickly enough, deleting dynamic
ARP entries does not affect:
Routes
OSPF neighbor status
BGP peer status
TCP/UDP connection status
VRRP status
slide 278
Static Route
IP Routing is enabled by default
awplus# sho ip forwarding
IP forwarding is on
slide 279
Displaying IP Routes
slide 280
Displaying IP Routes
Show all routes, including those on inactive links
slide 281
Checking IP Connections - Ping
slide 282
Trace Route
You can use trace route to discover the route that packets pass
between two systems running the IP protocol.
Trace route sends an initial UDP packets with the Time To Live
(TTL) field in the IP header set starting at 1.
The TTL field is increased by one for every subsequent packet
sent until the destination is reached.
Each hop along the path between two systems responds with a
TTL exceeded packet (ICMP type 11) and from this the path is
determined
awplus# traceroute 10.0.0.1
slide 283
Virtual Chassis Stacking
Certified Allied Telesis Technician / Enterprise (CAT-ENT)
Table of Contents
Stacking vs Redundancy
VCStack Introduction
Connecting switches into a stack
VCStack Configuration
Software and configuration file synchronization
Rolling Reboot
Resiliency Link
Managing Stack Members
Monitoring and troubleshooting
slide 285
Certified Allied Telesis Technician
VCStack Introduction
Definition of a Stack
A switch made of several units
A single IP address to manage the whole stack
High speed stacking link
All functionalities can be configured across the stack
It is what we call Virtual Chassis Stacking
slide 287
Stacking Benefits
Simplified Management
A virtual chassis can be configured /managed via a single IP address
Reduces network administration overhead
Simplified Configuration
Often redundancy protocols like VRRP & STP are not needed
Reduces management traffic on the network, and reduces configuration
complexity
High Availability
Network resources are spread across a number of stacked switches
Reduced impact of any one switch failing
In the core, access to resources guaranteed through resilient connections
Available upstream to servers, and downstream to distribution switches
slide 288
Stacking Benefits
SBx908 core
Hardware redundancy
High-bandwidth
QoS
Stacking
High-availability
Simplified management
Resilient links
Scalability
Future proof
x900 Distribution switches
8000S edge switches
slide 289
Stacking Benefits
Resiliency
Aggregated links configured across different switches in the stack
Full bandwidth from all links available for maximum throughput
In the event of failure, a connection to the network core is maintained
High Speed Stack Recovery
In case of stack failure, recovery typically occurs in less than 3 second
Scalability
Individual switches can be inserted and removed from the stack
Low entry cost
Pay as you grow
slide 290
Stacking Benefits
Complete stacking solution from one vendor
Guarantees straightforward installation
Service and support is simplified
Future Proof
A network solution can grow as required
A number of switches can create a powerful virtual chassis
SBx908
DC2552
X900 X930
X600 X610
X510
X310
slide 291
Certified Allied Telesis Technician
Creating a Stack
Connecting Switches into a Stack
The proprietary high-speed communication protocol that is used over the stacking links
requires multiple twisted pairs and a high level of shielding.
Specialized cables and connections are required.
The types of cables and connections available are dependant on the type of x-Series
switches you are stacking :
Back-port stacking on SwitchBlade x908
DC2552
Front-port stacking using XEM-STKs on x900 series
X930
AT-StackXG slide-in modules on x600 & x610 Series
Front-port stacking on the x510 series
Front-port stacking on the x310 series
slide 293
Stacking on a SBx908
On the rear of the SwitchBlade x908 chassis, there is a pair of fixed stacking ports.
Back port stacking requires a specific cable (AT-HS-STK-CBL1.0)
You have to order the cable separately of the chassis
Two SBx908 can be stacked together
Note that the cables are crossed overport 1 of the top switch is connected to port
2 of the bottom switch, and vice versa
slide 294
Stacking on a SBx908
This provides 80Gbps of stacking bandwidth per stacking port
Total bandwidth between units 160Gbps
Perfect for the enterprise core with very high-bandwidth
slide 295
Stacking on DC2552XS/L3
Front-port stacking
Each stacking port provide 40 Gbps with 4 QSFP+ ports
Stacking Bandwidth 160 Gbps
Up to 2 unit can be stacked
Differently from other x-series switches,
the stacking cables must connect ports of the same number.
slide 296
Stacking on X930
slide 297
Stacking on X930
In addition, Allied Telesis SPF+ modules can be inserted and connected by cables of whatever length
the SFP+ modules can support.
slide 298
Stacking on a x900
Front-port stacking
You can fit the XEM bays on x900 Series switches with a specialized stacking XEM
called the XEM-STK.
The specific cable type that connects these XEMs are purchased individually as either
0.5 or 2 meter long cables
AT-XEM-STK-CBL0.5
AT-XEM-STK-CBL2.0 AT-XEM-STK
slide 299
Stacking on a x900
Each XEM-STK module has 2 x 15Gbps HD stacking
connectors
So, total bandwidth between units is 60Gbps
You can stack up to two 2 switches
You can stack x900-24XS and x900-24XT together
You can stack two x900-12XT/S together
You cant mix x900-12XT/S and x900-24X in
a stack
slide 300
Stacking on a x600
An AT-StackXG module can be inserted on the rear of any non-POE x600
You cant add AT-StackXG in X600 POE, stacking ports are built in the chassis on POE
model (cable must be purchased separately)
The specific cable type that connects the AT-StackXG are purchased as either 0.5 or 1
meter long cables:
AT-STACKXG/0.5
AT-STACKXG/1
Each AT-STACKXG is shipped with one AT-STACKXG/0.5
slide 301
Stacking on a x600 / x610
AT-StackXG slide-in modules on x600
You can stack up to 4 x600 switches (8 x610s)
You can mix any x600 in a stack (POE and non POE)
Each stacking port provide 12 Gbps HD
Total bandwith of the stack is 48 Gbps
slide 302
Stacking on a x610
slide 303
LDS
Using the AT-x6EM/XS2 stacking module you can extend the distance between
stacked units to the maximum distance supported by the particular SFP you are
using. This capability enables you to create a stack of up to 8 geographically
separated x610 switches as a single stack.
slide 304
Stacking on a x510
slide 305
Stacking on X310
slide 306
Stacking on XS900 series
slide 307
Stacking on GS900MX
slide 308
Certified Allied Telesis Technician
VCStack Configuration
How the Stack Communicates
The stack management uses a specific VLAN ID and an IP subnet, default
values are :
VLAN 4094
Subnet 192.168.255.0/28
You may need to change these values if they clash with a VLAN ID or
subnet that is already in use in the network.
stack management subnet <ip-address>
stack management vlan <2-4094>
The management traffic is queued to egress queue 7 on the stack link (no
other traffic should be marked for queue 7)
slide 310
Stack Roles
Each switch in a stack acts in one role
backup member (also called stack member)
stack master (normally as the active master)
The stack members are controlled by the stack master.
The stack master performs a number of tasks that a stack member
does not perform:
It controls all switch management activity
It synchronizes boot release and configuration files with stack members
All routing protocol packets are processed by the stack master. The stack
master then transfers any requisite table updates to the stack members.
slide 311
Stack Master Selection
Master selection is based on two parameters
Firstly - stack members priority setting
Secondly - MAC address
The switch with the lowest priority become Master
Priority default is 128 - can change to select specific master
stack <switch stack ID> priority <0-255>
If several switches have the same priority, the one with the lowest MAC@
become Master
Master selection is not related with unit ID ((ie master does not have to be
1)
Any switches in a stack can potentially be Stack Master
slide 312
Virtual MAC Address
The virtual MAC address can be manually configured by specifying a VCStack virtual
Chassis ID. The ID selected will determine which virtual MAC address the stack will use.
The MAC address assigned to a stack must be unique within its network.
The virtual chassis ID entered will form the last 12 bits of a pre selected
MAC prefix component; that is, 0000.cd370xxx. For example:
slide 313
Stack Member ID
Each switch in a stack has an ID number, which can be an integer
between 1 and 8. The default on each switch is a stack ID of 1.
The stack IDs on each switch within a stack are unique.
The system can automatically assign a unique ID number to each
stack member
Each members configuration is associated with its ID
Allows putting the stack in a pre-defined configuration
In case of conflict, system automatically modifies ID of the unit with the higher
MAC@
slide 314
Assigning Stack IDs
Manual assignment on a switch before stacking
stack(config)#stack 1 renumber <1-8>
Automatic assignment as switches join the stack
The stack master will be assigned stack ID 1, and the other switches will be
automatically assigned other IDs.
Manual renumbering of a switch after stacking
stack(config)#stack 1 renumber <1-8>
slide 315
Stack Maintenance
Adding a stack member
A switch can be added to an existing stack (hot-swapped in)
Power down the new switch
Connect its ports to the stack
Power on
Removing a stack member
A member can be removed from a stack (hot-swapped out)
Power down the member
Disconnect its stacking ports
Reconnect the remaining stack members
slide 316
Stack Maintenance
Replacing a stack member
You can seamlessly swap a switch into the stack to replace another
Configure new switch with the same member ID as its replacement
Optional auto-upgrade
Auto-upgrade will copy the master's software release onto new member
If a new member joins a stack and has a SW release that is different, the masters
software release is copied to the new member
Auto-upgrade works when the master and new-member releases are similar (for
example 5.4.3-0.1 and 5.4.3-0.2)
Auto-upgrade is enabled by default
Disable with (no) stack <1-8> software-auto-synchronization
If disabled, a new member with different SW release cannot join stack
slide 317
Provisioning
Provisioning provides the ability to pre-configure ports that are not yet present in a
switch or in a stack.
Provisioning keeps a 'placeholder' for a XEM or switch which has been hot-swapped
out.
Switch provisionning
awplus(config)#switch 2 provision x900-24
XEM provisionning
awplus(config)#switch 2 bay 2 provision xem-12
slide 318
Certified Allied Telesis Technician
Resiliency Link
Resiliency Link
In this network scenario when
the stack link breaks, the edge
switches will continue to use
their uplink ports. This is a
problem because the two
switches elect themselves as
master and a duplicate ip issue
occur.
The optional Resiliency Link
feature provide a solution to
this problem.
slide 320
Resiliency Link
With a Resiliency Link, the stack members all listen for periodic
(one per second) Health Check messages from the master
slide 321
Resiliency Link
Stack Master
High-Speed
Resiliency Link
Chassis Stack Connectors
Stack Member
slide 322
Resiliency Link Configuration
The out-of-band Ethernet port is configured as a resiliency port with the
command:
awplus(config)# stack resiliencylink eth0
Note that even if you configure the eth0 port as a resiliency port, you can still
use it for out of-band management.
A VLAN, and switch port are configured for resiliency link connection with
the commands:
awplus(config)# stack resiliencylink vlan1000
awplus(config)# interface port1.0.1
awplus(config-if)# switchport resiliencylink
This VLAN is dedicated to the resiliency link function and must not be the
stack management VLAN or a customer data VLAN.
slide 323
Certified Allied Telesis Technician
Fast Failover
Fast Failover
All of the other VCStack members are in active standby, also having
learnt routing and forwarding information for the network to ensure
that if the Master were to fail, another member is able to seamlessly
assume control of the virtual chassis with absolutely minimal network
downtime.
slide 325
Fast Failover
slide 326
Certified Allied Telesis Technician
slide 328
Rolling Reboot
This command allows a stack to be rebooted in a rolling sequence so that
no more than one unit of the stack is in reboot at any given time.
First, the stack master is rebooted causing the remaining stack members to
failover and elect a new master.
As soon as the rebooted Active Master has reloaded, it becomes the Active
Master again.
Immediately after the Active Master has reloaded and assumed its role
again, all of the other switches in the stack are rebooted at the same time.
slide 329
Rolling Reboot
awplus#reboot rolling
The stack master will reboot immediately and boot up with the
configuration
file settings. The remaining stack members will then reboot
once the master
has finished re-configuring.
Continue the rolling reboot of the stack? (y/n):y
awplus#22:11:07 awplus VCS[995]: Automatically rebooting stack
member-4 (MAC: 00.15.77.c9.73.cb) due to Rolling reboot
URGENT: broadcast message:
System going down IMMEDIATELY!
... Rebooting at user request ...
slide 330
Remote - Login
slide 331
Monitoring and troubleshooting
slide 332
Show Stack
awplus#show stack
Virtual Chassis Stacking summary information
slide 333
Counters
You can obtain detailed counters relating to stack events and signaling packets with
the command:
show counter stack
The event counters make it possible to see if unexpected events have been occurring
on the stack.
slide 334
Certified Allied Telesis Technician
VCStacking Plus
VCStack Plus Introduction
slide 336
VCStack Plus Feature
slide 337
VCStack Plus
slide 338
VCStack Plus
slide 339
VCStack Plus Capable Switches
slide 340
VCStack Plus stacking modules, cables, and connections
slide 341
VCStack Plus Card
slide 342
VCStack Plus Modules
slide 343
Two Chassis Stack Configuration
slide 344
Licensing
slide 345
POE (AlliedWare+)
Certified Allied Telesis Technician / Enterprise (CAT-ENT)
Table of Contents
slide 347
Certified Allied Telesis Technician
slide 349
Advantages of PoE
slide 350
PoE Technology
The PSE can also determine the power class of the device
slide 351
PoE Standards
The PoE IEEE 802.3af standard was formally approved by the IEEE
Standards Board in June 2003
slide 352
PoE Standards
The PSE will check for the presence of PDs on connected ports at
regular intervals
slide 354
Certified Allied Telesis Technician
Once the PDs power class is detected, the PSE manages power allocation
by subtracting the PDs class maximum value from the overall power
budget
This allows for management of power allocation when there is not enough
power available from the PSE to supply maximum power to all ports
slide 356
Power Classes
slide 357
Power Delivery
An Ethernet cable (CAT5) has four twisted pairs, but only two
of these are used for data transfer in 10/100 Mbps networks
slide 358
Power Delivery
Different vendors PSE equipment may use either the data or
spare wire pairs to supply power, depending on their PoE
implementation
slide 360
Power Delivery
1.
. RJ 45 Connector
.
. (Ethernet 10/100)
.
.
8
slide 361
Power Delivery
PoE Configuration
PoE Configuration
awplus(config-if)#power-inline enable
slide 364
Port Prioritization
If there is not enough power to support all the ports set for a
given priority level, power is provided to the ports based on
port number, in ascending order.
slide 365
Port Prioritization
slide 366
Priority Command
slide 368
Power Threshold
slide 369
Threshold Command
slide 370
Trap Command
slide 373
What Is SNMP?
slide 374
SNMP Versions
SNMP V1
SNMP V2c (typically referred to as SNMP V2)
Uses UDP protocol not guaranteed transfer
Minimal security community string in clear text (password)
Management data described in MIBs (Management Information Base). Language used is
ASN.1
V2c has added functions for improved efficiency (GET-BULK)
Simple to use
SNMP V3
Uses UDP not guaranteed transfer
Strong authentication possible
Strong encryption possible
Complex to use
slide 375
SNMP Architecture
The SNMP architecture is composed of three major elements:
slide 376
SNMP Architecture
SNMP agents reside in the firmware of the device.
SNMP agents control information through MIBs.
SNMP applications (managers) request information from device SNMP
agents.
slide 377
MIB - Management Information Base
slide 378
Public MIBs
Examples
RFC 1213 (MIB-II) set of standard objects used for TCP/IP networks
e.g. sysObjectID.
RFC 1643 set of standard objects for statistical metrics for ethernet
interfaces.
slide 379
Enterprise MIBs
Created and maintained by enterprises
E.g. Allied Telesis, etc.
Examples
Atrouter.mib (ATR)
Atil2.mib (ATI-US)
slide 380
SNMP Introduction
Elements
Network Management
System
GET / SET / GET-NEXT
Agent Manager
TRAP / RESPONSE
slide 381
SNMP Messages
The SNMP protocol is termed simple because it has only six operations, or
messagesget, get-next, get-response, set, and trap, and SNMPv2c
also has the get-bulk-request message.
The replies from the managed device are processed by the NMS and
generally used to provide a graphical representation of the state of the
network.
slide 382
SNMP GET and SET Messages
slide 383
SNMP Messages
Get: retrieve value
get-request sent by an NMS to an agent, to retrieve the value of an object.
slide 384
SNMP Traps
SNMP TRAP
Agent setup via management commands
Unsolicited event on the agent
Agent sends UDP TRAP
MIB value
Community string
Such events include the restarting or re-initialization of a device, a change in the status of a
network link (up or down), or an authentication failure.
slide 385
Polling versus Event Notification
slide 387
SNMP Configuration
Create a read-only access community called example2ro for use by the regional network
management station at 192.168.16.1.
Use an ACL to give the regional NMS SNMP access to the switch using that community name.
slide 388
SNMP Configuration
Additional Support Information
Extra info that can be used by the manager NMS system to identify switches
slide 389
Configure trap hosts
Specify the IP address or addresses that the traps will get sent to. In this example, traps will be sent
to both NMSes.
awplus(config)# snmp-server host 192.168.11.5 version 2c example1rw
awplus(config)# snmp-server host 192.168.16.1 version 2c Example2ro
Check that the current configuration of the SNMP communities matches the desired configuration:
awplus# show snmp-server
awplus# show snmp-server community
awplus# show run snmp
slide 390
snmp-server enable trap
slide 391
Thank you
Americas Headquarters | 19800 North Creek Parkway | Suite 100 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895
Asia-Pacific Headquarters | 11 Tai Seng Link | Singapore | 534182 | T: +65 6383 3832 | F: +65 6383 3830
EMEA Headquarters | Via Motta 24 | 6830 Chiasso | Switzerland | T: +41 91 69769.00 | F: +41 91 69769.11
2011 Allied Telesis Inc. All rights reserved. Information in this document is subject to change without notice. All company names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners.