CAT Enterprise2016 1

Certified Allied Telesis Technician / Enterprise (CAT-ENT)
Editor: Roberto Cassinerio - roberto_cassinerio@alliedtelesis.com

Introduction
Course Objectives
This 2 day technical training course gives the core knowledge

to work with Allied Telesis products running the AlliedWare
Plus operating system.
Course participants should have a basic knowledge of
networking fundamentals before attending this course.
slide 3
Course Objectives
Upon completion of this course, the attendees will be able to:

Have a good basic knowledge of the command structure and operations of
products based on AlledWare Plus, which are standards based.
Have an equivalent background understanding of the standard based CLI.
Design and configure a basic but fully functional example of enterprise
network using L2 and L3 switches with AlliedWare Plus.
The configuration include Vlan, IP routing, VCS and Link Aggregation.
Modules List
Hardware Overview Link Aggregation
Basic Operations Basic IP Routing
Layer 2 Switching VCStacking
Spanning-Tree / Rapid POE
Spanning-Tree SNMP
VLAN
Labs session during both days to configure most of the protocol covered during the
training
Agenda
Day 1 Day 2
Hardware Overview Link Aggregation
Operations Basic IP Routing
Layer 2 Switching Stacking
STP/RSTP POE
VLAN SNMP
Lab sessions spread Lab sessions spread

throughout the days throughout the days
slide 6
Before Starting
Breaks and lunch schedule

Rest rooms
Emergency exit(s) and procedures
Fill forms in
Course material.
slide 7
Hardware Overview
Allied Telesis portfolio
Connectivity
Switching
Firewall
Multiple Services
Wireless
Management
Network Media Cell Based & Channel

Interface Cards Converters Switches Routers NSP Blanket SNMP
Services
Services
NetCover and Professional Service
slide 9
Connectivity
Network Interface Cards Media Conversion
Copper Fiber Non-managed Manageable
Fast Ethernet Fast Ethernet Single channel Single channel
Gigabit Gigabit Multiple channels Multiple channels
Desktop and Desktop and VDSL conversion
Laptop options Laptop options
slide 10
Switching
Small Business Enterprise Networks
Broad choice of unmanaged High-performance, future-proof products to meet
or Websmart FastEthernet and requirements for Enterprise, Campus, Branch and
Gigabit switches Data Center networks
SwitchBlade x8106/x8112
X930 DC2552XS/L3 SwitchBlade x908
FS750/16-24-48 FS750/28PS
GS950/8POE GS950/16-24-48 X610 X510 x210/x230/x310
GS950/10-16-28-48PS FS980M GS900MX XS900MX
slide 11
Routers
SMB and Firewall
AR770 AR2010V/AR2050V
AR415
1 x 10/100 WAN interfaces 4 x 10/100/1000 Mbps AR3050/AR4050
4 x 10/100 Mbps Ethernet Ethernet switched LAN Next Generation
switched LAN ports Ports Firewall (NGFW)
WAN slot (PIC) 10/100/1000T x 2 SFP Series. 2 x GE WAN
VPN capability with IPsec combo
2 WAN slot (PIC)
and 8 x 10/100/1000
Stateful inspection firewall
IPSEC VPN / firewall LAN
Integrated encryption engine
supporting DES, 3DES and AES Advanced QoS
slide 12
Multi Services Access Platform : iMAP, IMG, NMS
xDSL Ethernet GbE 10GbE E1
Mulitple services chassis-based solution

Available in 3, 7 or 17 slot configurations
xDSL (ADSL,VDSL2, SDSL), Ethernet, GbE, 10GbE, E1
Created and optimized for IP converged networks
Multiple services CPE with Lan, pots, wireless
SNMP based Element Manager Software for Provisioning
slide 13
Wireless Solutions
UWC Wireless Switch
Appliance or software based Extricom Wireless Switch

controller with AP Provide high throughput and zero
Unified Wireless Controller roaming wireless connectivity for
Wireless clients, seamless roaming enterprise customers.
Across sites, floors solution
slide 14
Operations
Table of Contents
Initial connection
Start-up
The Command line modes (CLI)
AlliedWare Plus CLI Overview, Basic Operations
Port management
Feature licensing
Web Management - Graphical User Interface (GUI) (Appendix)
slide 16
Certified Allied Telesis Technician
Initial Connection
How to Connect
To configure or manage an AlliedWare+ switch, you must use one of the following
connection methods:
Via serial port (also called console port)
Console cable (provided with switch)
Terminal emulator software (e.g. Hyper-terminal under Windows)
Via the network using an IP-based network protocol
Command Line Interface (CLI) (Telnet / SSH)
Multi-vendor network management systems (SNMP)
Web browser (GUI) based Management (HTTP, Java)
These three latter methods need an IP address to be assigned to the switch
slide 18
Connection via DB9 Serial Console Port
The Serial Interface : RS-232 Connectors / Adapters
USB to RS-232 DB9 to RJ45
slide 19
Connect one of the serial ports (COM ports) from the PC to the switch's serial port using the
cable supplied.
Run a Terminal Emulator software (shown: HyperTerminal)
Serial Interface
(USB Adapter, etc.)
1) Give it a name and click OK 2) Select the Com port to use

slide 20
Connection via DB9 Serial Port
Baud Rate
9600 bits/sec
8 data bits
Parity none 4) By default the
AlliedWare PlusTM
1 stop bit
OS supports VT100
Flow control compatible terminals
none
on the console port.
This means that the
terminal size is 80
3) The default baud rate is 9600 columns by 24 rows.
(Range is 9600 to 115200 bps)
slide 21
The defaults are:

Username manager
Password friend
slide 22
Start-up
Start-up: Status, System Messages
At the beginning of the boot process typically internal hardware components (memory,
etc.) are tested and the results reported
Many systems allow the administrator to interrupt the start-up sequence for
maintenance and file operations (like choosing a different boot image).
The AlliedWare Plus Bootloader allows a number of operations to be performed

before loading the operating system.
The user can access the bootloader when the following message appears:
Bootloader 1.1.0 loaded
Press <Ctrl+B> for the Boot Menu
slide 24
Start-up: Bootloader
The Bootloader menu:
Boot Menu:
0. Restart
------------------------------------------------------
1. Perform one-off boot from alternate source
2. Change the default
3. Update Bootloader
4. Adjust the console baud rate
5. Special boot options
6. System information
7. Restore Bootloader factory settings
------------------------------------------------------
9. Quit and continue booting
Enter selection ==>
slide 25
1. Perform one-off boot from alternate source
This option allows the system to boot up (loading the AlliedWare Plus system) from a
number of sources:
Flash
SD Card
TFTP
YMODEM
This allows several options for updates and debugging equipment.
When the equipment has started up from an alternative source, after login there is an
automatic option of copying the booted SW version to Flash memory, and to select it as the
default boot version.
2. Change the default boot source (for advanced users)
One of the following 4 possible options can be selected as the default.
ONLY RECOMMENDED METHOD: FLASH (activated by default)
slide 26
3. Update Bootloader
Allows the equipment bootloader to be updated (if requested by technical support).
4. Adjust the console baud rate
Allows you to alter the baud rate of console port.
Default value is 9600
Range is 9600 to 115200
5. Special boot options
Usually use to skip loading the startup configuration, and instead using a default blank
configuration, to recover the switch if the password is lost (for recovering the
manager/friend account)
0. Return to previous menu
------------------------------------------------------
1. Skip startup script (Use system defaults)
slide 27
6. System information
Displays system information on the hardware: CPU, memory, MAC
address, etc.
7. Restore Bootloader factory settings
Resets the Bootloader to factory settings
slide 28
Start-up: Boot Process
The switch starts up in this sequence:

Bootloader is loaded
A brief pause to give the user the option to press Ctrl+B to access the
Bootloader menu
AlliedWare Plus operating system is loaded
slide 29
Loading AlliedWare Plus
Initialising ECC Memory... Done
Bootloader 1.1.0 loaded

Press <Ctrl+B> for the Boot Menu
Reading filesystem...
Loading flash:r6-5.3.4-0.5.rel...
Verifying release... OK
Booting...
Starting base/first... [ OK ]
______________ ____
/\ \ / /______\
/ \ \_ __/ /| ______ |
/ \ | | / | ______ |
/ \ \ / / \ ____ /
/______/\____\ \/ /____________/
Allied Telesis Inc.

AlliedWare Plus (TM) v5.3.4
Original release filename: r6-5.3.4-0.5.rel
Built: Tue Nov 2 19:08:21 NZDT 2010 by: maker@awpmaker01-dl
Mounting virtual filesystems... [ OK ]

Mounting static filesystems... [ OK ]
Checking flash filesystem... [ OK ]
Mounting flash filesystem... [ OK ]
Checking NVS filesystem... [ OK ]
Mounting NVS filesystem... [ OK ]
Starting base/dbus... [ OK ]
Starting base/syslog... [ OK ]
slide 30
Security Level
Boot Menu:
WARNING: The bootloader is not currently password protected.
------------------------------------------------------
B. Boot backup software
-----------------------------------------------
S. Security Level ----------------------
The Security Level option enables you to configure how accessible the
bootloader is to users.
slide 31
Security Level
To use this Security Level menu item, proceed as follows:
Enter selection ==> s

Security Settings menu: The security Level is currently set to 1 (None)
------------------------------------------------------
0. Return to previous menu
1. Set security Level to 2 (Password Protected)
2. Set security Level to 3 (Locked Down)
Enter selection ==>
slide 32
Security Level
The first level is the default level.

The security Level is currently set to 1 (None)
By default, there is no protection on the bootloader menu.
Anyone who has physical access to the switch can connect a

terminal to the console port, reboot the switch, and type CRTL+B
at startup to access the bootloader menu.
slide 33
Security Level
The next level of security enables a password for access to the
menu.
1. Set security Level to 2 (Password Protected)
If the user types CRTL+B at boot-up, they will need to enter the password
before being able to access the following menu items in the bootloader menu:
Perform one-off boot from alternate source
Change the default boot source (for advanced users)
Update bootloader
Special boot options (which accesses the Skip startup script option)
Developer menu
Configure protected mode
slide 34
Security Level
The next level of security is equivalent to the second one,

2. Set security Level to 3 (Locked Down)
except that there is no longer any access to the Skip startup script option and to the Special
Boot Options section of the bootloader menu, even of the user knows the password.
Once you have chosen security level 3, the only way to return to a lower
security level is to completely erase flash and NVS.
So, if, in the menu above, you type 1, to go back to security level 1
slide 35
Default Settings of an AlliedWare Plus Switch
Passwords are encrypted

Logs are activated
Telnet access is activated (but no IP address)
Rapid Spanning Tree (RSTP) is activated (ports are not in Portfast mode)
All ports are in access mode (untagged) in VLAN 1
All RJ45 ports support auto-negotiation and auto MDI/X
Switching is enabled, allowing Layer 2 traffic to be forwarded without further
configuration
slide 36
The Command line modes (CLI)

AlliedWare Plus Command Line Interface
After successfully logging into an AlliedWare Plus switch you

are placed at a command prompt
By default the command prompt shows awplus>

awplus is the default hostname of the switch
The > (greater-than) symbol indicates that you are in User Exec
Mode
slide 38
User Exec Mode
User Exec mode is the mode you log into on the switch
In this mode, the user has access to a restricted set of
commands that do not affect the operation of the switch, but
are used to perform some diagnostics
Show commands, ping, trace route, telnet/ssh from the switch to
another device, etc.
The prompt appears on screen as follows:
awplus>
slide 39
Privileged Exec Mode
Privileged Exec mode is main mode for monitoring

Show commands and debugging
You can do all the commands from User Exec plus many more
Enter the command " enable" from user mode to change to
this mode from User Exec.
Although not commonly done, you can use "disable" to change back to
User Exec mode
The prompt for Privileged Exec mode is as follows:
awplus#
slide 40
Global Configuration Mode
This mode gives access to all configuration commands for the

equipment.
Enter the command "configure terminal" from privilege
mode to activate this mode.
Use "exit" to quit this mode.
The prompt appears on screen as follows:
awplus(config)#
slide 41
AlliedWare Plus Command Modes
User Exec Command mode User Exec
Command used to mode mode
enter the next Command used to
command mode enable disable return to this
Privileged Privileged command mode
Exec mode end Exec mode
or Ctrl+Z
Configure terminal exit
Global Global
Configuration Configuration
mode mode
interface router exit exit
(interface name) (routing protocol)
exit
Interface Router Interface Router

mode Other mode mode Other mode
sub-modes sub-modes
slide 42
Help System
Help is available from all 3 operating modes using:

?
To display the options for a command, enter the command + ?

show ?
The system has a command completion module:

Enter the start of the command then <TAB> to use this
sh + <TAB> = show
The up/down arrow keys recall the last commands used.
slide 43
Remote Access
As stated earlier, an IP address needs to be configured on the switch in order to
access it remotely over Ethernet such as with Telnet or SSH.
The simplest way to accomplish this with a switch with factory default settings is
to assign an IP address to the VLAN 1 (one) interface.
Here are the steps to assign 192.168.1.1 255.255.255.0 to the switchs VLAN 1
interface:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan1
awplus(config-if)# ip address 192.168.1.1/24
awplus(config-if)# end
awplus# show ip interface
Interface IP-Address Status Protocol
vlan1 192.168.1.1 admin up down
slide 44
Remote Access
Now telnet is possible
from a PC in the same
IP network
slide 45
Entering Privileged Exec Commands in a Configuration Mode
As you configure the switch you will be constantly entering various show
commands to confirm your configuration.
This requires constantly changing between configuration modes and
Privileged Exec mode.
However, you can run Privileged Exec commands without changing
mode, by using the command:
awplus(config)# do show ip int brief

vlan1 unassigned admin up running
vlan2 unassigned admin up running
slide 46
Creating Users
Additional users can be added and removed from the switch using the username
command
The username command can also be used to change the manager password
from the default of friend
This is a configuration command so you must start in Global Configuration mode:
awplus> enable
Syntax:
awplus(config)# username <name> privilege <1-15> password <password>
Only users with privilege 15 have access to Privileged Exec and Configuration
modes.
The 'no form of the command removes a user:
awplus(config)# no username <name>
slide 47
User Privilege Levels
AlliedWare Plus now supports 15 privilege levels, divided into 3

groups:
Levels 1-6 provide access to most show commands, in User Exec

mode
Levels 7-14 provide access to some more show commands, in

Privileged Exec mode
Level 15 provides access to some additional show commands and all

configuration commands, in Privileged Exec mode
slide 48
Managing Users
List all configured users
awplus# show running-config |include username

username manager privilege 15 password 8 $1$bJoVec4D
$JwOJGPr7YqoExA0GVasdE0
username Bob privilege 15 password 8 $1$gXJLY8dw
$iqkMXLgQxbzSOutNUa5E2.
The 'no form of the command removes a user:

awplus(config)# no username <name>
slide 49
Managing Users
The configuration Web interface (GUI) is accessed by any created user.
The graphical interface file (.jar file) has to be present in the equipment's Flash
memory.
Show connected users:
awplus#show users
Line User Host(s) Idle Location Priv Idletime
Timeout
con 0 manager idle 00:00:00 ttyS0 15

10 N/A
vty 0 guiuser idle 00:00:02 192.168.1.64 15
10 N/A
slide 50
Basic Operations
Configuration Management
Commands input from the command line interface (CLI) are

parsed and executed immediately
Commands entered are stored in the running configuration
and are not saved automatically
The running configuration must be stored to flash (saved) so it
can be recalled during the switchs boot sequence
This configuration file is then called the startup configuration
Several versions of the configuration can be stored in the
switch's flash file system, each as their own file
slide 52
Running Configuration Management
To show the running configuration (the configuration stored in DRAM):
Ensure you are in Privileged Exec mode:

awplus> enable
Display the configuration:
awplus# show running-config <module>
module=access-list, interface, stack, etc..
(full list with show running-config ?)
Partial display of configuration containing a particular word:
awplus# show running-config|include <word>
Partial display of configuration beginning with a particular word:
awplus# show running-config|begin <word>
slide 53
Startup Configuration Management
To show the start-up configuration (the saved configuration in flash):
Privileged Exec mode:
awplus> enable
Display configuration:
awplus# show startup-config <module>
module=access-list, interface, stack, etc..
(full list with show running-config ?)
Partial display of configuration containing a particular word:
awplus# show startup-config|include <word>
Partial display of configuration from particular word:
awplus# show startup-config|begin <word>
slide 54
Save configuration (Privileged Exec mode):
Save to startup configuration file
awplus# copy running-config startup-config
startup-config is an alias that points to the file default.cfg in the flash
filesystem
The command is commonly abbreviated as copy run start
write memory also saves the configuration and can be shortened to just wr
You can also save the configuration to another file:
awplus# copy running-config newfile.cfg
slide 55
Show the boot settings (Privileged Exec mode):
The default alias startup-config is associated with the default.cfg file
Display:
awplus# show boot
Boot configuration
----------------------------------------------------
Current software : r1-5.3.4-0.5.rel
Current boot image: flash:/r1-5.3.4-0.5.rel
Backup boot image: Not set
Default boot config: flash:/default.cfg
Current boot config: flash:/default.cfg (file exists)
slide 56
Changing the boot startup script (Configuration mode):
The file associated with the alias startup-config can be change via:
awplus(config)# boot config-file test.cfg
awplus(config)# end
awplus#show boot
Boot configuration
----------------------------------------------------
Current software : r1-5.3.4-0.5.rel
Current boot image: flash:/r1-5.3.4-0.5.rel
Backup boot image: Not set
Default boot config: flash:/default.cfg
Current boot config: flash:/test.cfg (file exists)
From then on, the command:
awplus# copy running-config startup-config
will save to the file test.cfg
slide 57
Restore to factory configuration
Reset the startup-config alias to its default value default.cfg
(Mode Config):
awplus(config)# no boot config-file
awplus(config)# do sh boot
Remove start-up file (Privilege mode):

awplus# erase startup-config
Reboot (Privilege mode):
awplus# reload
awplus# reboot
slide 58
Basic Operations Show Version
The commands show version and show system display global information
(Privileged Exec):
Modules installed & hardware version
Memory state
Software version
awplus#show version
AlliedWare Plus (TM) 5.4.2 12/12/11 12:13:19

Build name : x610-5.4.2.rel
Build date : Wed Dec 2 12:13:19 NZDT 2011
Build type : RELEASE
NET-SNMP SNMP agent software
(c) 1996, 1998-2000 The Regents of the University of California.
All rights reserved;
(c) 2001-2003, Networks Associates Technology, Inc. All rights reserved;
(c) 2001-2003, Cambridge Broadband Ltd. All rights reserved;
(c) 2003, Sun Microsystems, Inc. All rights reserved.

slide 59
Basic Operations Show System
awplus# show system
Switch System Status Thu Sep 22 14:00:13 2011

Board ID Bay Board Name Rev Serial number
-----------------------------------------------------------------------------
---
Base 289 x600-24Ts X2-0 G1Q67B002
Expansion 306 Bay1 AT-StackXG A-0 N/A
-----------------------------------------------------------------------------
---
RAM: Total: 513388 kB Free: 419212 kB
Flash: 63.0MB Used: 58.0MB Available: 5.0MB
-----------------------------------------------------------------------------
---
Environment Status : Normal
Uptime : 24 days 06:04:58
Bootloader version : 1.1.0-rc12
Current software : x610-5.4.2.rel
Software version : 5.4.2
Build date : Wed Dec 8 12:13:19 NZDT 2010
slide 60 (file exists)
Current boot config: flash:/backup.cfg
Show power & fan status:
Status
Voltage
Temperatures
awplus# show system environment
Environment Monitoring Status
Overall Status: Normal
Resource ID: 1 Name: RPS ()
ID Sensor (Units) Reading Low Limit High Limit Status
1 Primary Power Output Yes - - Ok
2 RPS Present No - - Ok
3 RPS Power Output No - - Ok
4 RPS Fan 1 Good No - - Ok
5 RPS Fan 2 Good No - - Ok
Resource ID: 2 Name: x600-24Ts
ID Sensor (Units) Reading Low Limit High Limit Status
1 Fan: Fan 1 (Rpm) 6888 5000 - Ok
2 Fan: Fan 2 (Rpm) 6818 5000 - Ok
3 Voltage: 2.5V (Volts) 2.474 2.344 2.865 Ok
4 Voltage: Battery (Volts) 3.150 2.700 3.586 Ok

slide 61
Show the serial number:
awplus# show system serialnumber
Show pluggable SFPs, XFPs:
awplus# show system pluggable [<port-list>]
System Pluggable Information

Port Manufacturer Device Serial Number Datecode
Type
-----------------------------------------------------------------------------
---
1.0.21 AGILENT HFBR-5710L 0401312315461272 040131 1000BASE-SX
1.0.22 AGILENT QBCU-5730R AK0614GKF7 060408 1000BASE-T
1.0.23 AGILENT HFBR-5710L 0305130112182696 030513 1000BASE-SX
1.0.24 AGILENT HBCU-5710R AK051300SM 050402 1000BASE-T
-----------------------------------------------------------------------------
--- slide 62
Pluggable Diagnostics
Digital Diagnostics Monitoring (DDM) for SFPs, SFP+s and XFPs
You can trouble-shoot fiber cable and pluggable issues with

diagnostic information about installed pluggable transceivers:
SFP pluggable transceivers, for SFPs and SFP+s that support DDM
(Digital Diagnostic Monitoring)
XFP pluggable transceivers, for XFPs that support DOM (Digital Optical
Monitoring)
slide 63
Pluggable Diagnostics
awplus# show system pluggable diagnostics
System Pluggable Information Diagnostics
Port1.0.21 Status Alarms Warnings
Reading Alarm Max Min Warning Max Min
Temp: (Degrees C) 29.387 - 100.00 -40.00 - 85.000 -10.00
Vcc: (Volts) 3.339 - 3.465 3.135 - 3.400
3.200
Tx Bias: (mA) 10.192 - 37.020 3.260 - 34.520
5.760
Tx Power: (mW) 17.872 - 35.643 8.953 - 28.313 11.271
Rx Power: (mW) 0.006 Low 15.849 0.025 Low 12.589 0.040
Rx LOS: Rx Down
Port1.0.22 Status Alarms Warnings
Reading Alarm Max Min Warning Max Min
Temp: (Degrees C) 29.387 - 100.00 -40.00 - 85.000 -10.00
Vcc: (Volts) 3.378 - 3.630 2.970 - 3.465
3.135
Tx Bias: (mA) 2.802 - 6.000 1.000 - 5.000
1.000
Tx Power: (mW) 2.900 - 11.000 0.600 - 10.000 0.850
Rx Power: (mW) 1.739 - 18.000 0.000 - 10.000 0.200
Rx LOS: Rx Up
slide 64
System Banners
Apply a banner (Global Configuration):
Apply a banner:
awplus(config)#banner motd Welcome to Main Distributor
Setting up a default banner:

awplus(config)#banner motd default
Outputs a banner of the form: AlliedWare Plus (TM) 5.3.4 10/29/10 12:44:12
Removal of banner
awplus(config)#no banner motd
Multi-line banners can also be added using the banner login command.
slide 65
Clock Management
Display time:
awplus#show clock
UTC Time: Wed, 17 Nov 2010 10:36:07 +0000
Timezone: UTC
Timezone Offset: +00:00
Summer time zone: None
Configure time zone:
awplus(config)# clock timezone <timezone name> <plus/minus> <offset>
Set time and date:
awplus# clock set <hh:mm:ss> <day> <month> <year>
Configuration of NTP:
awplus(config)# ntp server <serveraddress>|<servername>}
[prefer] [key <key>] [version <version>]
awplus(config)# no ntp server
slide 66
"Summer time" configuration
The switch can apply summer time and winter time

automatically.
You have to define a geographical zone, giving the times and
dates of the changeover.
awplus(config)# clock summer-time ZONENAME recurring
START-WEEK START-DAY START-MONTH START-TIME END-WEEK
END-DAY END-MONTH END-TIME <1-180>
awplus(config)# clock summer-time <timezone name>
recurring 5 Sun Mar 02:00 5 Sun Oct 03:00 60
slide 67
File System Management
Show File list (Privilege mode):
awplus#dir
534 -rw- Nov 16 2010 16:31:16 default.cfg
3610612 -rwx Nov 16 2010 11:20:42 gui_534_07.jar
15499001 -rwx Nov 16 2010 11:18:05 r6-5.3.4-0.5.rel
Show file list, including hidden files (Privilege mode):

awplus#dir all
0 drwx Nov 17 2010 11:10:32 .configs/
534 -rw- Nov 16 2010 16:31:16 default.cfg
0 drwx Nov 16 2010 16:30:51 ./
13 -rw- Nov 16 2010 11:23:21 .backup
17 -rw- Nov 16 2010 11:21:51 .release
3610612 -rwx Nov 16 2010 11:20:42 gui_534_07.jar
15499001 -rwx Nov 16 2010 11:18:05 r6-5.3.4-0.5.rel
303 drwx Nov 2 2010 07:08:22 ../
84 -rw- Nov 10 2009 17:02:03 .ash_history
0 drwx Nov 10 2009 15:46:06 .home/
slide 68
File System Management
Managing directories
Create a directory mkdir <url>
Remove a directory rmdir [force] <url>
Change a directory cd <url> or cd..
Display running directory pwd
Change media cd flash:/ or cd card:/
Managing files
Copy a file copy <Src-url> <Dest-url>
Delete a file del <url>
Types of URL permitted:
filename
tftp://10.0.0.1/filename to or from 10.0.0.1 by tftp
sftp:// 10.0.0.1/filename to or from 10.0.0.1 by sftp
scp:// 10.0.0.1/filename to or from 10.0.0.1 by scp
flash:/filename to or from Flash
card:/filename to or from SD position
slide 69
Copy Assistant
A copy assistant has been included to simplify file transfer between
the switch and other equipment.
To use it, you define the source medium and destination medium,
then answer the assistant's questions.
Examples:
copy tftp flash copy from a tftp server to flash
copy flash tftp copy from flash to tftp server
Back up a test.cfg file to a tftp server at address 10.0.0.1
awplus# copy flash tftp
Enter source file name []:test.cfg
Enter destination host name []:10.0.0.1
Enter destination file name [test.cfg]:test.cfg
Copying..
slide 70
TFTP Firmware Upgrade Process
Request
DATA
Ethernet
192.168.1.2 192.168.1.1
TFTP Firmware Upgrade Requirements
A TFTP Server or computer running TFTP server software

The firmware file (.rel) saved to the TFTP server
An IP address attached to a VLAN interface on the switch
Typically VLAN 1 is used if the switch is set to factory defaults
awplus(config-if)# end
awplus# show ip interface
vlan1 192.168.1.1 admin up up
slide 72
TFTP Firmware Upgrade
Transfer the image
awplus# copy tftp flash
awplus# enter source host name[]:192.168.1.254
awplus# enter source file name[]:r1-5.3.4-0.5.rel
awplus# enter destination file name[r1-5.3.4-0.5.rel]:r1-
5.3.4-0.5.rel
Check the file is in the flash:

awplus# dir
Set the release file as start-up image (Configuration mode):

awplus(config)# boot system r1-5.3.4-0.5.rel
awplus(config)# do show boot
Reboot the switch and verify with a show sys
slide 73
Setting a Backup Image
It is possible to set a second software image
This image will be used to reboot the switch if the first one cannot be loaded into the
memory (missing, corrupted, etc.).
This image may be the same version as the main image.
This image may be a different version of the main image.
Example: Use of the same version of main image and back-up
awplus# copy r1-5.3.4-0.5.rel r1-5.3.4-0.5.back.rel
awplus(config)# boot backup r1-5.3.4-0.5.back.rel
awplus(config)# do show boot
slide 74
Firmware Upgrade via USB/SD
Firmware upgrade can be done also without a TFTP server or

an IP address assigned to the switch.
An Usb key or SD card can be easily used.
copy usb:/x510-5.4.4-3.5.rel flash:
Copying...
Successful operation
awplus#dir
24310828 -rwx Dec 29 2014 13:53:57 [32mx510-5.4.4-3.5.rel
slide 75
Port Management
Port Management Overview
Each port in the operating system is associated with one of the

physical interfaces on the switch
Switch ports are uniquely identified by a number
slide 77
Port Numbering
Within the AlliedWare Plus operating system

switch ports are designated by
portx.y.z (e.g.: port1.0.1)
x indicates the switch number in a stack XEM ID for AT-x900

(x=1 if the switch is not stacked).
y indicates the XEM ID.
(y=0 for native ports of the x600 series
or x900 series).
z indicates the port number in the module.
port1.0.1 = switch port 1 on an x900
XEM ID for AT-SBx908
slide 78
Enabling / Disabling Switch Ports
Disabling switch ports:
Not available for packet reception and transmission
Will not send or receive any frames
Incoming STP BPDU packets are discarded
Administrative status in the Interfaces MIB is DOWN
awplus(config)# interface port1.0.20
awplus(config-if)# shutdown
Re Enabling switch ports
Available for packet reception and transmission
Administrative status in the Interfaces MIB is UP
Participates in STP
awplus(config-if)# no shutdown
slide 79
Autonegotiation
Autonegotiation allows the ports to adjust their speed and

duplex mode to accommodate devices connected to them
If another autonegotiating device is connected to the switch,
they will negotiate the highest possible common speed and
duplex mode
Speed-duplex capabilities to be advertised can be any
combination of the following: 10h, 10f, 100h, 100f, 1000f
slide 80
Autonegotation Parallel Detection
If only one of the two devices is autonegotiation compliant, the
protocol is designed to use Parallel Detection
Parallel Detection, on the compliant device senses the link speed, but
configures its port as Half Duplex
Configured: AUTONEG 100M FULL
COLLISIONS
Actual: 100M HALF 100M FULL
slide 81
Autonegotiation Interface Configuration
To change speed and duplex mode of a switch port:

awplus(config-if)# interface port1.0.2
awplus(config-if)# duplex (auto | full | half)
awplus(config-if)# speed (10 | 100 | 1000 | auto)
slide 82
MDI/MDIX Switchports
The device can automatically correct errors in cable selection,

and make the distinction between a "straight through" cable
and a "crossover" cable irrelevant. This capability is known as
Auto-MDI/MDIX.
Auto MDI/MDIX works only on copper ports.
Port can be set to either MDI, MDIX or Auto
Auto is the default setting for all ports.
slide 83
MDI-X Interface Configuration
The polarity command in Interface Configuration (Ethernet)

mode enables cable crossover on a given interface.
By default, switch ports set the polarity automatically (auto).
awplus(config-if)# polarity {auto|mdi|mdix}
slide 84
Displaying Port Information
To get full information about Ethernet ports:

show interface port1.0.1
Interface port1.0.1
Scope: both
Link is UP, administrative state is UP
Hardware is Ethernet, address is 0000.cd24.daeb (bia 0000.cd24.daeb)
VRRP Master of : VRRP is not configured on this interface.
index 5001 metric 1 mtu 1500
duplex-full speed 1000 polarity auto
<UP,BROADCAST,RUNNING,MULTICAST>
VRF Binding: Not bound
Bandwidth 1g
input packets 2396, bytes 324820, dropped 0, multicast packets 2370
output packets 73235, bytes 4906566, multicast packets 73218 broadcast packets 7
slide 85
Interfaces list
To get a summary of all the Ethernet ports:
awplus#show int status
Port Name Status Vlan Duplex Speed Type

port1.0.1 connected 1 a-full a-1000 1000BASE-T
port1.0.2 notconnect 1 auto auto 1000BASE-T
port1.0.10 connected 1 a-full a-1000 1000BASE-
slide 86
Feature Licensing
Licensing Overview
Products ship with the base software release enabled for use
Licensing system is only for additional feature licenses
For example, the Advanced Layer 3 feature bundle includes:
BGP
OSPF
PIM
VLAN Double Tagging
UDLD (from 5.4.5)
Feature licenses are obtained from authorized distributor or reseller.
If a license key expires or a proper key is not installed, some software
features will not be available.
slide 88
Activate software feature license
These commands enable the specified licensed software feature set.
license <name> <key>
Note that if the feature license contains a license for a protocol, then
that protocol will restart. This action may result in the loss of
network traffic.
We advise that you should only install licenses during scheduled
maintenance for devices operating in a live environment.
When you add a feature license you are warned on the console
before that feature restarts.
slide 89
Autoboot
The Autoboot Feature
The Autoboot feature enables your switch to automatically load

a specific release file and/or configuration file from external
media, such as SD card, into Flash memory.
This feature is enabled only the first time the device is powered
up in the field.
Subsequently, the Autoboot feature is disabled by default.
To re-enable Autoboot media on a specific switch in the future, use the
following command:
Awplus#(conf)autoboot enable
slide 91
Autoboot
The Autoboot feature minimizes network downtime by

avoiding the need for manual configuration of a replacement
device.
If you use prepared external media for the first time boot, the
Autoboot feature gives you the ability to easily ensure the
device boots with your desired release and configuration files.
You must prepare the external media for this purpose using an
initiation file, autoboot.txt, and accompanying release and
configuration files.
slide 92
Autoboot
Use the create autoboot command to create an autoboot.txt

file on external media.
This command will automatically ensure that the keys and
values that are expected in this file are correct.
After the file is created the command will copy the current
release and configuration files across to the external media.
slide 93
Autoboot
When the Autoboot feature is enabled, the device on boot-up:

checks for a special file called autoboot.txt on external media,
and if this file exists,
checks in the file for the key=value pair
Copy_from_external_media_enabled=yes, and if this enable
flag is set,
loads the release file and/or configuration file from external
media.
slide 94
Autoboot
If external media is not present, cannot be read, or the internal

enable flag is not set to yes in the switch, the switch will boot
as normal.
Incompatible release files are prevented from loading onto the
switch, even if the enable flag is set on the switch.
slide 95
Web management
Web management Introduction
Graphical User Interface (GUI)
This following slides describe how to install, configure and use the Graphical User Interface
(GUI) on switches running the AlliedWare Plus OS
slide 97
Graphical User Interface (GUI) - Introduction
The GUI functionality is provided via a Java applet file. Before

you can use the GUI to manage your switches, you must
download the Java applet file, and install it to your switchs flash
file system.
Step 1: Download a GUI Java applet file from the from the Support area
of the Allied Telesis Website.
The version number of the software applet file (.jar) gives the earliest version
of the software file (.rel) that the GUI can operate with.
Step 2: Copy the GUI applet.jar file onto a switchs flash
Copy the GUI applet .jar to the switch using a TFTP server or using an USB
od SD card.
slide 98
Step 3: Assign the IP addresses:

awplus(config-if)# ip address <address>/<prefix-
length>
Step 4: Configure the Default Gateway if needed

awplus(config-if)# exit
awplus(config)# ip route 0.0.0.0/0 <gateway address>
Step 5: Add the Java security exception on Java security configuration
slide 99
Step 6: Logging into the GUI

Start a browser then enter the IP address
you configured in step 3 as the URL. You
will then be presented with a login screen
after the GUI Java applet has started.
slide 100
From the GUI can be

viewed also the status of
the power supply
slide 101
An IP address
can be added or
deleted.
slide 102
The MAC
addressed table
can be checked.
slide 103
Vlans can be
created and Tagged
& Untagged port
can assigned.
slide 104
Static Link
Aggregation and
port association
can be managed.
slide 105
Dynamic Link
Aggregation and
port association
can be managed.
slide 106
File management tab
permit to manage the
file present on the
switch flash. As for
example set up the new
boot file or the new
firmware.
slide 107
Layer 2 Switching
Table of Contents
L2 Switching Basics
MAC Address Table / Forwarding Database
Broadcast Storm Control / Broadcast Limiting
Port Mirroring
slide 109
L2 Switching Basics
L2 Switching Basics
Layer 2 switches are used to connect multiple Local Area

Network (LAN) segments together to form an extended LAN.
Layer 2 switches appear transparent to higher layer protocols

such as TCP/IP, transferring frames between the data link layers
of the networks to which they are attached.
slide 111
Introduction
Every device on the Ethernet must have a unique individual address. This includes
switches.
This individual address is called the Hardware MAC Address and is usually stored
in the devices ROM.
These (globally administered) unique addresses are allocated in address blocks to
organizations in a centralized manner. A block is identified by the first 3 bytes, called
the OUI (Organizationally Unique Identifier). Allied Telesis, for example, has the
following ranges of addresses (besides others) assigned to it:
00-A0-D2-xx-xx-xx 00-00-CD-xx-xx-xx
00-09-41-xx-xx-xx 00-15-77-xx-xx-xx
slide 112
Forwarding Frames
Frames are received and switched by the switch chip, which is

directly connected to the ports.
The switch chip decides what to do with these packets based on
a series of dynamic tables in the chip.
Some packets (like broadcasts, and those addressed to the
switch itself) are sent up to the CPU, but the vast majority of
packets are dealt with inside the switch chip.
slide 113
Switching Chips & CPU
Many of the packets sent

to the CPU are packets
belonging to networking
protocols, like ARP,
OSPF, IGMP, LACP etc.
The CPU processes these
protocol packets. Based
on current protocol
states, it will configure the
dynamic tables in the
switch chip that control
switching and routing.
slide 114
The Forwarding Database

MAC Address Table / Forwarding Database
On Ethernet networks, all the L2 frames include a source MAC address and
a destination MAC address.
Switches should be able to receive a frame from the source device and
quickly forward it toward the destination device.
To do this switches create the MAC address table or FDB (Forwarding
Database)
The MAC Address Table is a local table that tells the switch where to
forward each frame.
The entry on the MAC table are dynamic and are kept for 300 sec.
slide 116
Address Learning Process
PC A needs to know PC Bs MAC address
An ARP packet is generated by PC A (Broadcast)
The L2 switch learns PC A MAC address from the source MAC field
ARP Packet
D.MAC S.MAC L2 Switch MAC Table
FF-FF 00-0A D.MAC Port
D.IP S.IP 00-0A 1
ARP 1 20
1.11 1.10
PCB ARP Table
PCB ARP Table A B MAC IP
MAC IP 00-0B 1.11
00-0A 1.10 00-0A 1.10
slide 117
Address Learning
The L2 switch broadcasts the ARP request out other ports
PC B recognizes its own IP address; the other hosts discard these ARP requests
PC B learns PC A MAC address
ARP Packet
FF-FF 00-0A D.MAC Port
D.IP S.IP 00-0A 1
ARP 1 20
1.11 1.10
PCB ARP Table
PCB ARP Table A B MAC IP
MAC IP 00-0B 1.11
00-0A 1.10 00-0A 1.10
slide 118
Address Learning
PC B answers to PC A, communicating its MAC address (unicast)
The switch learns PC B MAC address into its MAC table
A learns PC B MAC
ARP Packet
L2 Switch MAC Table
D.MAC S.MAC
D.MAC Port
00-0A 00-0B
00-0A 1
D.IP S.IP
20 00-0B 20
1.10 1.11 1
PCA
A ARP B PCB
MAC IP MAC IP
00-0A 1.10 00-0B 1.11
00-0B 1.11 00-0A 1.10
slide 119
Address Learning
Traffic is generated by PC A destined to PC B (unicast) will egress only port 20
Data Packets
00-0B 00-0A D.MAC Port
D.IP S.IP 00-0A 1
1.11 1.10 00-0B 20
data
PCA PCB
MAC IP A B
MAC IP
00-0A 1.10 00-0B 1.11
00-0B 1.11 00-0A 1.10
slide 120
Frame Forwarding
The destination address of the frame and its associated egress

port is found in the MAC address table.
The switch can now forward frames between these source and
destination devices without flooding because it has entries in
the MAC address table that identify the associated ports.
Each switch port offers dedicated bandwidth across a switching
fabric to another switch port. (These connections change
dynamically.)
slide 121
The Forwarding Database (FDB)
The switches FDB determines whether frames are forwarded or discarded, based on the
destination MAC address.
A dynamic entry is automatically deleted from the forwarding database when its aging timer
expires.
Default aging timer is 300 seconds
Use show mac address-table to see the MAC table:
awplus# sho mac addr

VLAN port mac type
1 CPU 0000.cd27.c147 forward static
1 port1.0.1 0004.615f.cd8b forward dynamic
1 port1.0.1 0009.6be3.d55f forward dynamic
1 port1.0.1 000e.a690.7c5d forward dynamic
1 port1.0.1 0015.0c52.54ff forward dynamic
slide 122
Frame Forwarding DLF
If there is no entry for the destination address, the frame, called

DLF (destination lookup failure) is transmitted on all ports,
except the port on which the frame was received.
This process is referred to as flooding.
If VLANs are configured frames are only forwarded out all ports in the
same VLAN except the port the frame was received.
slide 123
Forwarding Techniques
Store-and-Forward
An entire frame must be received before it is forwarded and
a cyclic redundancy check (CRC) for errors is computed.
This means that the latency through the switch is relative to
the frame size - the larger the frame size, the longer the
delay through the switch
slide 125
CRC
CRC is an error-checking method that uses a mathematical

formula, based on the number of bits (1s) in the frame, to
determine whether the received frame has an error.
If a CRC error is found, the frame is discarded.
A frame with error isnt propagated all over the network
slide 126
Cut-Through
Allows the switch to begin forwarding the frame when
enough of the frame is received to make a forwarding
decision.
This reduces the latency through the switch
Frame are not checked against error
slide 127
Forwarding or Filtering
Forwarding or Filtering
Several types of intelligent forwarding or filtering become possible

like:
Queuing
Port-security
slide 129
Queuing
Because switch ports can sometimes receive frames faster than

it can forward them, the switch buffers frames in outbound
queues in which frames await transmission.
Such a situation could occur where data enters a number of input ports
all destined for the same output port.
Switches have multiple outbound queues per physical port,
allowing frames to be ordered by pre-assigned priority.
This is referred to as Quality of Service (QoS)
QoS is covered in detail in the CAE QoS training
slide 130
Port-Security
The port security features provide control over the stations

connected to each switch port.
Port-Security can be implemented specifying the number of

MAC-Address that a specific port can learn before trigger a
violation
Port-Security is explained in detail in the CAE Security training
slide 131
Broadcast Storm Control / Broadcast Limiting

Broadcast Consideration
Broadcasts are necessary for locate other devices and network

services, but they can also reduce network efficiency.
If in a network there are too many broadcasts and a heavy
traffic load the result could be a congestion: a slowdown in the
network performance.
LAN switches have special characteristics to reduce the
network congestion.
slide 133
Broadcast Consideration
Segmentation of a LAN into separate collision domains

Provide full-duplex communication between devices.
A full-duplex connection can carry transmitted and received signals at the same
time. Full-duplex connections have dramatically increased LAN network
performance and are required for 1 Gb/s Ethernet speeds and higher.
Broadcast can be limited to a volume threshold
slide 134
Broadcast Storm Control
Broadcast Storm Control limits the amount of flooding that occurs on a switch
Broadcast Storm
Control enabled
Broadcast
Storm
Switch
slide 135
Broadcast Storm Control
The switch can measure the rate of incoming broadcast frames

on each port separately, and discard frames when the rate
exceeds a user-set threshold.
Storm control feature is enabled/disabled separately for each
port. It can be applied separately to broadcast, multicast or
DLF (Destination Lookup Failure) traffic.
The desired rate threshold is applied separately to each port.
The threshold is set as a percentage of the ports bandwidth.
slide 136
Configuring Broadcast Storm Control
The port storm-control broadcast enable interface Configuration
(Ethernet) mode command enables broadcast storm control.
awplus(config-if)# storm-control
{broadcast|multicast|dlf} level <level>
<level> <0-100> Specifies the threshold as a percentage of

the maximum port speed.
broadcast Applies the storm control to broadcast
frames.
multicast Applies the storm control to multicast frames.
dlf Applies the storm control to destination lookup
failure traffic.
slide 137
Port Mirroring
Port Mirroring Overview
This feature allows traffic flowing through a switch port to be sent to another switch
port (mirror port)
It can be used to capture data with a protocol analyzer
Either traffic received from, traffic transmitted on a port or both can be mirrored
Analyzer
slide 139
Port Mirroring Overview
One mirror port for traffic monitoring is supported system-
wide.
The user can choose whether to mirror only Rx traffic, only Tx
traffic, or both.
It is often possible to specify several ports to be monitored by a
single target port. However, in these cases, any excess traffic
will silently be discarded (and user will not know which packets
were discarded).
Port Mirroring is only relevant to physical ports.
slide 140
Port Mirroring Configuration
Before the mirror port can be set, it must be removed from all VLANs except the
default VLAN
The mirror port cannot be part of a aggregated link.
The mirror port is the only switch port that does not belong to a VLAN, and
therefore does not participate in any switching.
Configuration: Mirroring ports 2 & 4 to port 23:
Outgoing port
awplus(config-if)# mirror interface
port1.0.2,port1.0.4 direction both (capture)
Source ports
slide 141
The direction of captured traffic can be defined:
mirror interface port1.0.2,port1.0.4 direction <Value>
both Mirror traffic in both directions
receive Mirror received traffic
transmit Mirror transmit traffic
End mirror:
awplus(config-if)# no mirror interface
port1.0.2,port1.0.4
Display mirror:
awplus# show mirror
slide 142
awplus# show mirror interface port1.0.2

Mirror Test Port Name: port1.0.23
Mirror option: Enabled
Analyzer Mirror Port
Mirror direction: both
Monitored Port Name: port1.0.2 Port1.0.23
Outgoing port
Source ports (capture)
Data being mirrored

Port1.0.2
Port1.0.4
slide 143
Spanning Tree Protocol
Table of Contents
Spanning Tree Protocol (STP) Introduction

Spanning Tree Algorithm
Spanning Tree Port States
Spanning Tree Parameters
Rapid Spanning Tree Protocol (RSTP)
Spanning Tree Configuration
slide 145
Spanning Tree Introduction

Spanning Tree Protocol Introduction
The Spanning Tree Protocol (STP) automatically disables

redundant paths in a network to avoid loops
STP can then enable them when a fault in the network means
they are needed to keep traffic flowing
This is accomplished through the exchange of Bridge Protocol
Data Units (BPDUs) between the bridges (switches) in the LAN
Using information in the BPDUs, bridges create a spanning
tree, which describes a loop-free path through the LAN.
slide 147
Spanning Tree Protocol Introduction
Redundant paths in a network allows the flow of traffic from source to
destination if the link goes down
However, redundant paths introduce loops into the network and loops can
cause severe network problems, particularly in Layer 2 switched networks
The older but widely used STP has been further developed to overcome
most of its shortcomings:
RSTP (Rapid Spanning Tree Protocol)
MSTP (Multiple Spanning Tree Protocol)
By default RSTP is enabled on all currently produced Allied Telesis switches
slide 148
Example STP Application
slide 149
The STP algorithm was developed to allow for one and only one path through a
network with redundant paths available but unused.
This is done by creating a logical tree with only one path to an agreed upon
root bridge.
Root Bridge Root Bridge
2 1 2 1
A C A C
1 3 2 1 3 2
2 2
1 2 1 3 1 2 1 3
B D B D
4 3 4 4 3 4
1 1 2 1 1 2
2 3 2 3
F E F E
slide 150
Spanning Tree Algorithm Process
A single switch, called the root bridge, forms a unique root to the
tree.
The root bridge is the bridge with the lowest Bridge ID.
Each switch in an extended LAN is uniquely identified by its Bridge ID, which
comprises the switchs root priority (a spanning tree parameter) and its
MAC address.
Each switch or LAN in the tree, except the root bridge, has a unique
parent, known as the designated bridge.
The designated bridge, connects a LAN segment to the next segment on the
path towards the root bridge.
slide 151
Each port connecting a switch to a LAN has an associated cost.

The root path cost is the sum of the costs for each port
between the switch and the root bridge.
The designated bridge for a LAN is the switch on the LAN with the
lowest root path, and therefore logically closer to the root bridge.
If two switches on the same LAN have the same lowest root path cost,
the switch with the lowest bridge ID is elected the designated bridge
slide 152
Spanning Tree Port States
Blocking Learning
Discards all data frames. Discards all data frames.
Does not learn station addresses. Learns station addresses and incorporates them into
Receives BPDUs but does not process them. the FDB.
Does not transmit BPDUs. Receives, processes, and transmits BPDUs.
Receives and acts on management messages Receives and acts on management messages.
Listening Forwarding
Discards all data frames. Forwards all data frames.
Does not learn station addresses. Incorporates station addresses into its FDB.
Receives BPDUs and processes them. Receives, processes, and transmits BPDUs.
Does not transmit BPDUs. Receives and acts on management messages.
Receives and acts on management messages. Disabled
Does not participate in frame forwarding or the
operation of Spanning-Tree Protocol.
slide 153
Bridge Priority
Root Bridge is the bridge with the lowest Bridge ID (Bridge

Priority + MAC address)
Hello messages are initiated at regular intervals by the root

bridge and propagated through the LAN
MAC cannot be modified, but bridge priority can, so that you

are able to select the root bridge
slide 154
Root Bridge Election
The first step in the operation of a Spanning Tree is the election of a Root
Bridge. Two parameters determine the Root:
Bridge Priority ( Bridge Identifier)
Bridge MAC address
When STA is initialized all bridges declare themselves to be the Root by
transmitting a BPDU from all ports. When a bridge receives a BPDU with a
lower priority it will stop sending its own BPDU and retransmits the better
BPDU. This process continues until there is only one bridge sending out its own
BPDU that bridge is the Root Bridge.
Once the Root Bridge is elected all other switches stop transmitting their own
BPDUs and forward the BPDU from the Root only, unless there is a topology
change. If there is a topology change the Root must be elected again.
slide 155
Root Ports
The next step in the Spanning-Tree process is the

determination of the Root Port for each switch in the network.
All switches except the Root Bridge will need to determine

their Root Port. The Root Port is the interface on the switch
that receives the BPDU with the lowest cumulative cost.
slide 156
Path Costs
Cost is incremented by adding the cost assigned to the

receiving interface to the Root Path field within the BPDU.
Switch D receives a BPDU from Root and adds the cost of its P3
interface and sends it out all ports; switch E receives the BPDU on its
P2 interface and adds the P2 cost totaling out to 15 this is lower than
the other BPDUs received on P2. The BPDUs received on its P1
interface range from 20-40 so P2 is chosen as the Root Port.
slide 157
Root Port Election
Root Bridge
A R C Port 1 cost 5
Port costs 0
Port 2 cost 10
R R
B D Port 1 cost 10
Port 1 cost 5
Port 2 cost 10 Port 2 cost 10
Port 4 cost 5
R
E
Port 1 cost 15
Port 2 cost 10
slide 158
Designated Ports
Once the Root Ports have been selected the Designated Ports
for each segment must be chosen.
The Designated port is the port that has the lowest Root Cost
for that segment.
In this example, the designated port for Switch E would be

Switch D Port 4 and for Switch F it would be Switch B port 4.
slide 159
Designated Ports
Root Bridge
2 1
A D C Port 1 cost 5
Port costs 0
1 D 3 2 Port 2 cost 10
D
2
1 2 1 3
B D Port 1 cost 10
Port 1 cost 5
Port 2 cost 10 4 D 3 4 D Port 2 cost 10
Port 4 cost 15 1 1 2 Port 4 cost 5
2 3
F E
slide 160
Spanning Tree Convergence
A Spanning-Tree is created by forming a loop free topology within the
network. This is done by selecting the ports that are to be members of the
Spanning-Tree and ports which are not to be included. The ports that are to
be members are placed in the forwarding state while non-members are
placed in Blocking mode. Note that the ports that are part of the Spanning-
Tree are:
Interfaces on the Root Bridge
The Root Port
The Designated Port
Ports not connected to a Spanning-Tree device
These ports will forward all data traffic while all other ports will be placed in
blocking mode and will pass no data traffic. A tree is then formed so that
there is one and only one path to for each device to the root.
slide 161
Spanning Tree Timers
The time intervals of STP information on which the dynamic

STP topology depends is determined by the HELLOTIME,
MAXAGE, and FORWARDDELAY parameters
The parameter values actually used by each switch are those

sent by the root bridge, and forwarded to all other switches by
the designated bridges
slide 162
Hello Timer
The HELLOTIME (default 2 sec) determines how often the

switch sends Hello messages containing spanning tree
configuration information if it is the root bridge, or is trying to
become the root bridge in the network
A shorter value makes the network more robust; setting a

longer time uses less processing overhead
slide 163
Max Age Timer
The MAXAGE parameter (default 20 sec) determines the maximum

time that dynamic STP configuration information is stored in the
switch, before it is considered too old, and discarded
The value can be set at approximately two seconds for every hop
across the network
Too small values may cause the STP to reconfigure unnecessarily
Too long may cause delays in adapting to a change in the topology

(e.g: when a fault occurs)
slide 164
Forward Delay
The FORWARDDELAY (default 15 sec) parameter is used to

prevent temporary loops in the network while a topology
change is propagated
The FORWARDDELAY parameter determines how long the

port remains in intermediate states (Listening and Learning)
when changing from Blocking to Forwarding state
slide 165
Rapid Spanning Tree Protocol (RSTP)

Rapid Spanning Tree
STP can run in Standard or Rapid mode
In Standard mode, it can take up to one minute to rebuild after a

topology or configuration change
In Rapid mode, this is reduced to a few seconds
The main difference is convergence time!
slide 167
Rapid Spanning Tree Overview
Allows for rapid convergence of the spanning tree
RSTP Algorithm provides for rapid recovery of connectivity following

the failure of a switch, switch port, or a LAN
Provides rapid recovery by including port roles in the computation of

port states
Therefore, under RSTP, a port should be referred to in terms of both

its state and its role
slide 168
RSTP Port Roles
In regular STP, switch ports have three "port roles:

Root port - port closest metrically to the Root
Designated port - used to forward the best BPDU on each segment
Disabled port
RSTP adds two more port roles:

Alternate ports alternative path to the Root Bridge
Backup ports shared connection to the Designated Ports LAN
slide 169
RSTP Port Roles
ROOT
BRIDGE
RP RP
DP BACKUP
DP
PORT
ROOT ALTERNATE
PORT PORT
slide 170
RSTP Port States
State Meaning
DISABLED STP operations are disabled on the port.
DISCARDING The port does not participate in frame relay. The forwarding
process discards received frames and does not submit
forwarded frames for transmission. The port does send and
receive BPDUs. They do not learn MAC addresses.
LEARNING The port is enabled for receiving frames only, and the Learning
Process can add new source address information to the Forwarding Database. The
port does not forward any frames. The port continues to send and receive BPDUs.
They learn MAC addresses, but do not forward user traffic.
FORWARDING The normal state for a switch port. The Forwarding Process and
the Spanning Tree entity are enabled for transmit and receive
operations on the port. They fully participate in both data
forwarding and MAC learning.
slide 171
Transition form Discarding to Forwarding
Which Ports can make the rapid transition from Discarding to

Forwarding?
Edge ports
All ports connected to servers/workstations should be configured as
edge ports
Alternate Ports
If the Root Port on a switch fails, an alternate port moves to the
Forwarding state and becomes the Root Port
slide 172
Topology Change Notifications (TCN)
The originator of the TCN directly

floods this information through the ROOT
network
slide 173
Path Cost Values
Recommended pathcost
Port Speed Default pathcost
range
Less than 100 Kb/s 200,000,000 20,000,000-200,000,000
1Mbps 20,000,000 2,000,000-20,000,000
10Mbps 2,000,000 200,000-2,000,000
100 Mbps 200,000 20,000-200,000
1 Gbps 20,000 2,000-20,000
10 Gbps 2,000 200-2,000
100 Gbps 200 20-200
1Tbps 20 2-200
10 Tbps 2 2-20
slide 174
RSTP Design Guidelines
Following are general rules how to design RSTP in order to

avoid future trouble:
Usually Servers and Routers are centralized in the Data Center.
Therefore, its important to minimize the number of RSTP hops to
both groups.
Plan the way redundant links are organized. Take into account that
LAGs are recommended to be defined as main links.
Minimize the number of blocked ports.
slide 175
RSTP Design Guidelines
Set all ports connected to the workstations as edge ports
Keep RSTP always enabled in order to avoid potential broadcast

storming in the network
Keep dedicated VLAN for management
Avoid tuning RSTP/STP parameters
slide 176
Spanning Tree Configuration

Spanning Tree Priority
To set the priority for an individual switch use the following command:
awplus(config)# spanning-tree priority xx
This command should be applied to the nominated Root Bridge and any
switches that are going to be configured as back up to the root bridge.
The priority is configurable within the range of 0 to 61440 in steps of

4096 ( so a priority of 100 has the same effect as setting a priority of
4000)
slide 178
PortFast
The spanning-tree portfast Interface Configuration mode command enables

PortFast mode. In PortFast mode, the interface is immediately put into the
forwarding state upon linkup without waiting for the standard forward time
delay. To disable PortFast mode, use the no form of this command.

awplus(config-if)# spanning-tree portfast
To disable portfast on a port use the no form of the command

awplus(config-if)# no spanning-tree portfast
slide 179
Disabling Spanning Tree
This command sets the bpdu-filter feature and applies a filter to any BPDUs
received. Enabling this feature ensures that configured ports will not
transmit any BPDUs and will ignore (filter out) any BPDUs received.
awplus(config-if)# spanning-tree portfast bpdu-filter
To re-enable spanning tree on a port use the no form of the command

awplus(config-if)# no spanning-tree bpdu-filter
l
slide 180
Virtual Local Area Networks (VLAN)
Table of Contents
VLAN Introduction
802.1q Frame Tagging
Forwarding Process
VLAN Configuration
slide 182
VLAN Introduction
VLAN Overview
A VLAN is a logical grouping of network users and resources

connected to administratively defined ports on a switch
A VLAN is a method of dividing a switch into multiple
broadcast domains.
Devices in one VLAN may not communicate to devices in another VLAN without passing through a
Layer 3 device.
slide 184
Single Switch Divided into VLANs
Broadcast Broadcast Broadcast

Domain Domain Domain
Switch
VLAN 1 VLAN 3
Ports 1-8 VLAN 2 Ports 37-48
Ports 9-36
slide 185
Configuring VLANs
VLAN1 Bridging /
VLAN 2 VLAN 3
Switching Engine
MAC 1 MAC 2 MAC 3 MAC 4 MAC 5 MAC 6 MAC 7 MAC 8 Physical

Ports
192.168.10.0 192.168.12.0
255.255.255.0 192.168.11.0
255.255.255.0 255.255.255.0
slide 186
VLAN Advantage: Flexibility
VLANs also allow a Network Administrator to logically group

users regardless of their physical location.
These logical groupings will have access to all needed resources regardless of location. Additionally,
users can be added or subtracted via software without having to physically change the wiring plant.
When a VLAN gets too big, additional VLANs can be created to

keep the broadcasts from consuming too much bandwidth less
VLAN users, the fewer users affected by the broadcasts
slide 187
VLAN Trunking (IEEE 802.1Q)
Switch Switch
VLAN 1 VLAN 1
VLAN 2 VLAN 2
slide 188
VLAN Trunking (IEEE 802.1Q)
Trunk Links
VLAN 1 VLAN 1
VLAN 2
slide 189
Tagged & Untagged Ports
Ports can belong to VLANs as:
Untagged (access) ports
Part of only one VLAN
They are utilized by 802.1Q unaware devices; unaware of their VLAN membership (VLAN-
unaware)
These devices now cannot communicate with devices outside their VLAN unless the
packet is routed
An Untagged port does not carry any Tagged frames
Tagged (trunk) ports

Carry multiple VLANs
A point-to-point link between two switches, between a switch and router, or between a
switch and server
Tagged frames allows single ports to belong to multiple VLANs at the same time
slide 190
Tagged & Untagged Ports
VLANs can consist of:

Groups of untagged ports, in which the ports receive and transmit
untagged packets
Or include tagged ports, which add VLAN tags to packets they transmit
In order to carry multiple VLANs across a single physical link,

each packet must be tagged with a VLAN identifier so that the
switches can identify which packets belong in which VLANs
slide 191
802.1q Frame Structure
To accommodate VLAN identification within an Ethernet frame, a 4-
byte 802.1q Tag is added to the frame
This increases the maximum Ethernet frame size to 1522 bytes
The format for an Ethernet Tagged frame is shown below. In an
Ethernet Frame, the TPID is 2 bytes long and will contain the value of
81-00
Inserted Fields
2 Byte 2 Byte
Destination Source
TPI TAG Length Data & Padding CRC
Address Address
User
CFI VLAN ID (VID) to identify 4096 possible VLANs
Priority
3 Bits 1 Bit 12 Bits
slide 192
802.1Q Frame Tagging Rules
A port can transmit either untagged packets or VLAN tagged

packets to a VLAN of which it is a member, but not both (because
in that VLAN the port is tagged or untagged, not both)
A port can be tagged for more than one VLAN, so that a single
port can be used to uplink several VLANs to another compatible
switch
A VLAN can contain a mixture of VLAN tagged and untagged
ports
slide 193
802.1Q Frame Tagging Rules
By assigning a port to two different VLANs, to one as an

untagged port and to another as a tagged port, it is possible for
the port to transmit both VLAN-tagged and untagged frames
A port can be untagged for zero or one VLAN, and can be

tagged for zero or more different VLANs
A port must belong to a VLAN at all times unless the port has
been set as the mirror port for the switch
slide 194
802.1Q Frame Tagging
Port tagged for Port tagged for
VLAN 1 and VLAN 2 VLAN 1 and VLAN 2
Switch Switch
VLAN 1 VLAN 1
VLAN 2 VLAN 2
slide 195
Tagged Server Ports
Port tagged for VLAN 1 and VLAN 2 VLAN 1, 2, & 3
VLAN 1 and VLAN 2
Server
Switch
NIC Tagged for
Switch VLAN 1, 2, & 3
VLAN 1 VLAN 3
VLAN 2 VLAN 2
slide 196
Interconnecting VLANs with Routers
Port tagged for VLAN 1 and VLAN 2 VLAN 1, 2, & 3
VLAN 1 and VLAN 2
Router
Port tagged for

Switch VLAN 1, 2, & 3
Switch
VLAN 1 VLAN 3
VLAN 2 VLAN 2
slide 197
Interconnecting VLANs with Routers
Traffic is switched between (Identical VID) VLANs using Layer

2 protocols (MAC)
Access to shared resources can be achieved by implementing

Tagged VLANs
Traffic is routed between different VLANs using Layer 3

protocols (IP)
slide 198
Forwarding Process
Fowarding Process
Received Frame Transmitted Frame
Ingress Egress
VLAN Ingress Forwarding Egress

Clasification Filtering Process / Filtering
Decision
slide 200
Ingress Rules
The Ingress Rules for the port: check the VLAN tagging in the
frame to determine whether it will be discarded or forwarded
to the Learning Process
Acceptable Frames parameter set to:
Admit All Frames (default)
Admit Only VLAN Tagged Frames
If Ingress Filtering is enabled, frames are admitted only if they
have the VID of a VLAN to which the port belongs
slide 201
Learning Process
The Learning Process uses an adaptive learning algorithm,

sometimes called backward learning to discover the location of
each station on the extended LAN.
All frames admitted by the Ingress Rules on any port are passed
on to the Forwarding Process if they are for destinations within
the same VLAN.
slide 202
Forwarding Process
The destination address is looked up in the Forwarding

Database for the VLAN.
If the destination address is not found, the switch floods the
frame on all ports in the VLAN except the port on which the
frame was received.
This process can be modified by the action of static switch
filters.
slide 203
VLAN Configuration
VLAN Ports
VLAN ports have two mode options:

Access allows only untagged frames i.e. a normal untagged port
Trunk This is normal 802.1Q ports where you add the VLANs to the
port tagged and then set the native VLAN as the untagged VLAN.
console# configure
console(config)# interface port1.0.1
console(config-if)# switchport mode access
console(config-if)# switchport mode trunk
slide 205
Creating and Removing VLANs
To create or delete a VLAN

awplus(config)# vlan database
awplus(config-vlan)# vlan 2 name test1 state enable
awplus(config-vlan)# vlan 3
awplus(config-vlan)# vlan 4-6
slide 206
Access Ports
To add untagged port(s) to a VLAN go to config mode for the

port and set those ports to access mode for that VLAN:
awplus(config-if)# switchport access vlan 2
To delete untagged ports from a VLAN

awplus(config)#interface port1.0.2
awplus(config-if)#no switchport access vlan
slide 207
Access Ports
To add a list of ports (note the format of the port list):

awplus(config)# interface port1.0.1, port1.0.3-port1.0.6
slide 208
Trunk Ports
Using Trunk mode:

In this example port1.0.1 is set up with VLAN 2 and 3 tagged.

awplus(config-if)# switchport mode trunk
awplus(config-if)# switchport trunk allowed vlan add 2,3
slide 209
Displaying VLANs
awplus# show vlan all
VLAN ID Name Type State Member ports
(u)-Untagged, (t)-Tagged
======= ================ ======= ======= ====================================
1 default STATIC ACTIVE port1.0.2(u) port1.0.3(u) port1.0.4(u)
port1.0.5(u) port1.0.6(u) port1.0.7(u)
port1.0.8(u) port1.0.9(u)
port1.0.10(u) port1.0.11(u)
port1.0.12(u) port1.0.13(u)
port1.0.14(u) port1.0.15(u)
port1.0.16(u) port1.0.17(u)
port1.0.18(u) port1.0.19(u)
port1.0.20(u) port1.0.21(u)
port1.0.22(u) port1.0.23(u)
port1.0.24(u)
2 my2 STATIC ACTIVE port1.0.1(t)
3 my3 STATIC ACTIVE port1.0.1(t)
4 my4 STATIC ACTIVE port1.0.1(u)
slide 210
Native VLAN
A trunk mode port may also have a native VLAN (by default
vlan1), for which it transmits untagged frames, and with which it
associates incoming untagged frames.
In this example port1.0.1 will be configured as Native VLAN (4)

awplus(config-if)# switchport trunk native vlan 4
To remove the native Vlan from that port use the command
awplus(config-if)# switchport trunk native vlan none
slide 211
Link Aggregation
Table of Contents
Introduction
Link Aggregation Types
Link Aggregation Traffic Split Criteria
Static Link Aggregation Configuration
Dynamic Link Aggregation / Trunking
Dynamic Link Aggregation / LACP Configuration
Link Aggregation Overview

Link Aggregation Overview
Link Aggregation allows a number of ports to be configured to

join together to make a single logical connection providing:
Higher Bandwidth
Redundancy
Load Sharing
The bundled links must be point-to-point, parallel active links
between switches or between a switch and a server
This can be accomplished either statically or by dynamically
negotiation between the two switches.
slide 215
Link Aggregation Requirements
Links aggregated into a channel group must:

Originate and terminate on same device
Be members of same VLAN
Have same data rate
Have same admin port key (channel-group mode command)
Be limited to maximum supported by the device
slide 216
Static Link Aggregation

Link Aggregation Types
Static Link Aggregation.
Not standardized.
Ports bundled into a static channel group (also called static aggregator)
Static group numbers from 1-31
Dynamic Link Aggregation (LACP)

Link Aggregation Control Protocol
IEEE 802.3ad
Ports bundled into a LACP channel group (also called a ether-channel, an
LACP aggregator, or a dynamic channel group)
Automatically creates Ether-channels and assigns links to them.
Monitors the groups and dynamically adds or removes links as necessary
slide 218
Static Link Aggregation
Static advantage
Simple and reliable
Static disadvantages
Not fully standardized.
No Setup information sent via the links, so all administration must be
done manually at both ends.
slide 219
Dynamic Link Aggregation
Dynamic advantage
Standardized via IEEE 802.ad and LACP protocol.
Failover when a link fails and there is (for example) a media
converter between the devices which means that the peer will not see
the link down. With static link aggregation the peer would continue
sending traffic down the link causing it to be lost.
Dynamic disadvantage
All partners in aggregated link must understand the LACP protocol
slide 220
Hashing of information in the L2, 3, and 4 packet headers

divides data between the trunk group ports
DEST SOURCE SOURCE DEST

MAC MAC IP IP SOURCE DEST
PORT PORT
PAYLOAD DATA
L2 L3 L4
slide 221
Link aggregation hashes the source and destination MAC address, IP
address and UDP/TCP ports to select a link on which to send a
packet. So packet flow between a pair of hosts always takes the same
link inside the Link Aggregation Group (LAG).
The net effect is that the bandwidth for a given packet stream is
restricted to the speed of one link in the LAG.
For example, for a 2 Gbps LAG that is a combination of two 1 Gbps
ports, one flow of traffic can only ever reach a maximum throughput
of 1 Gbps.
However, the hashing algorithm should spread the flows across the
links so that when many flows are operating, the full 2 Gbps can be
utilized.
slide 222
Creating a Static Channel Group
Use the following commands to create a static link aggregation
awplus(config)# interface port1.0.3-1.0.4

awplus(config-if)# static-channel-group 2
NOTE: The port properties within the group must match e.g. VLAN, speed, duplex
slide 223
Display Static Channel Groups
Display all static channel groups
awplus# show static-channel-group

% Static Aggregator: sa2
% Member:
port1.0.3
port1.0.4
awplus#
slide 224
Delete Static Channel Groups
Delete a port from group

awplus(config-if)# no static-channel-group
Note: this will also delete the static channel group after the last member is
deleted
slide 225
Static Link Aggregation Configuration
Append the channel number to sa and it is a logical interface for other
commands:
awplus# sho interface sa2
Interface sa2
Scope: both
Link is DOWN, administrative state is UP
Thrash-limiting
Status Not Detected, Action learn-disable, Timeout 1(s)
Hardware is AGGREGATE
<UP>
output packets 0, bytes 0, multicast packets 0 broadcast
packets 0
slide 226
Display sa group
show static-channel-group
Use this command to display all configured static channel groups and their corresponding
member ports.
Note that a static channel group is the same as a static aggregator.
LAG Maximum : 128
LAG Static Maximum: 96
LAG Dynamic Maximum: 32
LAG Static Count : 2
LAG Dynamic Count : 2
LAG Total Count : 4
Static Aggregator: sa2
Member:
port1.0.3
Port1.0.4
slide 227
Dynamic Link Aggregation (LACP)

Dynamic Link Aggregation Protocol (LACP)
LACP is basically dynamic trunking
Link Aggregation Control Protocol (LACP) is a control

protocol that automatically detects multiple links between two
LACP enabled devices
LACP then configures them to use their maximum possible

bandwidth by automatically trunking the links together
slide 229
LACP Overview
LACP is a state based protocol defined by IEEE 802.3ad
Each port sends out its state to the connected device

When it detects multiple links between itself and a partner if
characteristics are the same, a trunk is created
slide 230
Active vs Passive
LACP works in either ACTIVE or PASSIVE mode
ACTIVE - The port will transmit LACP dialogue messages

whether or not it receives them from the partner system.
PASSIVE - The port will only transmit LACP dialogue messages
if the partner systems is transmitting them, i.e. the partner is in
the active mode.
slide 231
LACP Negotation
Devices exchange LACPDUs at either end of an Ethernet link and are

referred to as the Actor or Partner
Several items of information about a device are sent as part of the
LACPDU such as:
Port number
Port Key
Periodic timeout (how often to send LACPDUs)
And others
The actor and partner come to agreement about each other's

settings
slide 232
Creating an LACP channel group
With the following command a dynamic link aggregation
awplus(config)# interface port1.0.3,port1.0.5

awplus(config-if)# channel-group 2 mode active
slide 233
Display the LACP groups
Display the LACP groups

awplus# show etherchannel
% Lacp Aggregator: po2
% Member:
port1.0.3
port1.0.5
slide 234
Display the LACP configuration
awplus# sho interface po2
Interface po2
Scope: both
Link is DOWN, administrative state is UP
Thrash-limiting
Status Not Detected, Action learn-disable, Timeout 1(s)
Hardware is AGGREGATE
<>
output packets 0, bytes 0, multicast packets 0 broadcast
packets 0
slide 235
Display the LACP Configuration
Use this command to display detailed information about all LACP channels.
awplus# show etherchannel details

% Aggregator po2 (4602)
% Mac address: 00:00:cd:24:fd:29
% Admin Key: 0002 - Oper Key 0000
% Receive link count: 1 - Transmit link count: 0
% Individual: 0 - Ready: 1
% Partner LAG: 0x8000,00-00-cd-24-da-a7
% Link: port1.0.3 (5003) disabled
% Link: port1.0.5 (5005) Sync: 1
slide 236
Display the LACP configuration
Use this command to display a summary of all LACP channels.
awplus# show ether sum
% Aggregator po2 (4602)

% Admin Key: 0002 - Oper Key 0000
% Link: port1.0.3 (5003) Disabled
% Link: port1.0.5 (5005) Sync: 1
slide 237
Layer 3 Overview and IP Routing
Table of Contents
IP Concepts
IP Addresses, IPv4 Addresses
ARP Mechanism
IP Gateway / Router
IPv4 Classes
Special IPv4 Addresses
IPv4 Configuration
slide 239
IP Introduction
IP Introduction
IP is the short form of the protocol called Internet Protocol

IP datagrams (called packets) are sent from one host to another,
possibly through interconnecting routers
IP service is unreliable, connectionless, best-effort packet delivery
system
IP provides network level services
Host addressing
Routing
Packet fragmentation and reassembly
(if necessary)
All other higher layer protocols use IP services
slide 241
IP Version 4
Current default IP is version 4

Defined in 1981 with RFC-791
32 Bit address. This is limited. Therefore Private Addresses are widely used via
Network Address Translation (NAT).
Variable length IP Header
Extra protocol: Address Resolution Protocol (ARP) needed in LANs
Octets described in Decimal notation
Originally based on Network Classes (A-E), now Classless (CIDR) is often used
Limitations
Lack of addresses. Therefore private networks are necessary
Lacks Auto-Configuration, Quality-of-Service, Real-Time options defined in protocol
slide 242
IP Version 6
IP Version 6 is becoming important because of problems in Asia, due

to lack of addresses
Defined in 1998 with RFC-2460
128 Bit address.
IP Routing is disabled by default
Fixed length header, with defined extensions. No IP checksum.
Host address (part of address) can be generated from MAC
ARP replaced by concept called Neighbour Detection (ND)
Octets always described in Hexadecimal notation
Always Classless notation
Typically several IP addresses per Interface
slide 243
IP Subnet Definition
A subnet consists of all systems that can directly communicate with each other using
layer 2 technologies
An Ethernet segment can contain more than one separate subnet but
Often different subnets are placed on individual VLANs, for administration ease.
IPv4 communication between hosts within an Ethernet subnet uses the ARP
(Address Resolution Protocol) mechanism
IPv6 has an improved mechanism for communication inside the Ethernet subnet
called ND (Neighbor Detection)
slide 244
IP Subnet Detection
IPv4 Address is 32 bits and expressed in dotted decimal
The complete entry requires the following data:
Host Address: e.g. 192.168.10.123
Network Mask
Dotted decimal: e.g. 255.255.255.0
Binary bit value: e.g. 192.168.10.123 /24
Defines which packets being processed are considered to be in the host subnet,
or must be forwarded via to a gateway
Defines which parts of the 32 bits are:
Network address part
Host address part
slide 245
IP Network Information
This part of the Host IP address entry is calculated in simple configurations, but will
need to be entered manually when non-standard subnets are used.
Network Address
Is often calculated automatically.
Network part = Network part of Host address + Host part = all zeros
Network Broadcast
Is often calculated automatically
Network part = Network part of Host address + Host part = all ones
slide 246
IPv4 Classes
Classes were defined in the original concept, but are now slowly being replaced by a newer classless
system (CIDR)
8 bits 8 bits 8 bits 8 bits

Class A Network Host Host Host
Class B Network Network Host Host
Class C Network Network Network Host
Class D Multicast
Class E Reserved
Class Address range (High octet) Mask

Class A 0-127 255.0.0.0
Class B 128-191 255.255.0.0
Class C 192-223 255.255.255.0
slide 247
Loopback and Private Addresses
Local loopback subnet within each host address 127.0.0.1 / 32

Private addresses are needed due to shortage of public addresses
Private addresses, which should never be used in a public network
Access to private addresses from the public network is typically via NAT (Network
address translation)
Address Class Reserved address space

Class A 10.0.0.0 through 10.255.255.255
Class B 172.16.0.0 through 172.31.255.255
Class C 192.168.0.0 through 192.168.255.255
slide 248
IP Routing
IP Data Transfer Within a Subnet
Routing decision is made using the subnet mask

Each host has a local IP Address to MAC Address translation cache
ARP Cache
When it needs to send an IP packet, then:
If entry is in the cache, the datagram will be sent to the MAC address
directly
If the entry is not in the cache, the host will send an ARP broadcast packet
and wait for answer from the host.
The ARP cache on a host is important for troubleshooting, especially
in determining if the issue is at layer 2 or layer 3.
slide 250
L3 Switching
Introduction
slide 251
IP Data Transfer Between Subnets
IP routing is the process of moving packets from one network to
another network using routers
The route that is taken to the remote network is decided by the
route found in the local router database
The local router only moves the packet to the neighbour which is
marked as the gateway for the destination
The router does not have any knowledge what happens after that
slide 252
A data connection probably requires packets to move in both

directions within the data flow. The remote routers must
therefore know a route:
To the remote network
From the remote network back to the local
slide 253
L3 Switching
Switch Setup Step 2:
Assigning IP Addresses to VLANs
slide 254
Route Entries
Routes from local interfaces/VLANs will be automatically inserted when
they are created.
Routes of networks not directly connected to the local router will need
to be inserted:
Static routes must be inserted manually.
Routes must be inserted for every subnet that should be reachable from
this router this can be a large management overhead
A default route will route any unknown packets to the gateway address,
and can simplify management but be a security risk
Changes in the network will need to be manually entered as new static
routes
slide 255
Dynamic Routes
Dynamic routes are inserted by routing software, running on

the routers.
The routes are continuously maintained, and will automatically learn
about any changes in the complete network
The routing protocol sends control packets to other routers with
the routing function, and therefore load the network
slide 256
RIB & FIB
There are two routing tables populated by your device: the

Routing Information Base (RIB) and the Forwarding Information
Base (FIB).
The RIB records all the routes that your device has learned
Your device uses the RIB to populate the FIB
slide 257
RIB & FIB
AlliedWare PlusTM Operating System adds routes to this table

when:
You add a static route using the ip route command

One or more routing protocols, such as RIP or OSPF, exchange
routing information with other routers or hosts
Your device receives route information from a connected
interface
slide 258
Routing process
Router is the Layer 3 device responsible for forwarding packet

towards their destination.
The following two examples explain:

Direct Routing
Indirect Routing
slide 259
Direct Routing
Direct Routing
PcA needs to send packets to PcB via Router1

PcA must determine if the destination IPv4 address is on the same
subnet. If not, then the packet must be sent to the default gateway.
Arp Request
Arp Reply
Pc A R1 Pc B
Arp request to identify the MAC address of the default gateway is sent and an ARP reply is
sent from R1 to PcA
slide 261
Routing Process
Next; PcA sends the packet to R1
Packet Transfer
Pc A R1 Pc B
R1 receives the packet and looks at the routing table for the
destination IP address.
slide 262
Routing Process
The routing table has a route to a directly connected network.

So R1 checks the ARP cache to see if the IPv4 destination address is
present. If not an arp request is sent.
Arp Request
Arp Reply
Pc A R1 Pc B
PcB answers the request with an ARP reply
slide 263
Direct Routing
Now R1 has the MAC address of PcB so the packet is

forwarded to PcB
Packet Transfer
Pc A R1 Pc B
slide 264
Indirect Routing
Indirect Routing
PcA is sending packets to PcB via R1 and R2
R1 R2
Pc A
R1 receives the packet and examines the routing table for the
The routing table has a route to a directly connected network. Pc B
slide 266
Routing Process Step 1
The first part is the same as in direct routing
PcA must determine if the destination IPv4 address is on the same subnet. If not the packet
must be sent to default gateway.
Arp request to identify the MAC address of the default gateway is sent
R1 R2
Pc A
After that PcA sends the packet to R1
Pc B
slide 267
R1 receives the packet and looks at the routing table for the
R1 doesnt have a directly connected interface with that destination so it look at the
routing table
R1 R2
Pc A
A static route exists in the routing table with the right destination so
packet is forwarded to the indicated nexthop (R2)
Pc B
slide 268
The packet is forwarded to R2 & the routing table is looked-up in order to

match the destination.
R1 R2
Pc A
The destination is found on the directly connected interface. Pc B
slide 269
Packet is finally forwarded to Pc B
R1 R2
Pc A
Now we have to consider how to route a packet from PcB back to PcA
Pc B
slide 270
Routing Process Back to Pc A
Pc B now replies to Pc A
R1 R2
Pc A
The packet is sent to R2 and then onto R1 and is processed against the
same routing rules as were used for the original packet from PcA to
PcB, so the routing tables of both routers must be filled in correctly. Pc B
slide 271
IP Routing
Routing decision is made depending on the subnet mask

The source host determines that the destination address in not in the
current subnet
If no matching entry is found then the packet will be discarded
Gateway or routing entries are made:
Manually, and are then called static routes
Automatically from routing software. E.g. RIP, OSPF
slide 273
Configuring IP
Setting an IP Address
On switch ports, the Interface address is defined per VLAN

awplus(config)# vlan database
awplus(config-vlan)# vlan 2 [name myvlan]
Attach access VLAN to the required switch ports

awplus(config)# interface port1.0.3-port1.0.10
Assign a static IPv4 address to the VLAN

awplus(config-if)# interface vlan2
slide 275
Displaying IP Interface Status
Show IPv4 status of all interfaces.

Note: VLAN1 (the default VLAN) is shown in default state
The management ethernet port (etho) does not have a VLAN or IP address
here.
Route definitions (not shown here) will govern whether or not traffic is
routed between VLAN1 and VLAN2
awplus# sho ip inter
eth0 unassigned admin up down
lo unassigned admin up running
vlan1 192.168.1.1 admin up down
vlan2 192.168.30.250 admin up running
awplus#
slide 276
ARP Cache
The ARP cache is being continually maintained from information
learnt from the Ethernet interfaces.
Displaying the ARP entries can be very helpful when troubleshooting
Ethernet problems.
Command to display the ARP cache contents.
As can be seen there are two different hosts attached (probably via a
switch) to port 1.0.3
No hosts have been seen on any VLAN1 ports
awplus# sho arp

IP Address MAC Address Interface Port Type
192.168.30.12 0009.6be3.d55f vlan2 port1.0.3 dynamic
192.168.30.254 000e.a690.7c5d vlan2 port1.0.3 dynamic
awplus#
slide 277
ARP Cache
To clear the ARP cache of dynamic entries, use the command:
awplus# clear arp-cache
The ARP cache will be repopulated by the normal ARP learning
mechanism.
As long as the entries are relearned quickly enough, deleting dynamic
ARP entries does not affect:
Routes
OSPF neighbor status
BGP peer status
TCP/UDP connection status
VRRP status
slide 278
Static Route
IP Routing is enabled by default
awplus# sho ip forwarding
IP forwarding is on
Add a static route to network 192.168.40.0/24 by forwarding

packets to the host in this subnet at 192.168.30.252
awplus(config)# ip route 192.168.40.0/24 192.168.30.252
Add a default route to route anything, not otherwise defined, outside

this subnet to a host in this subnet which will route the traffic
awplus(config)# ip route 0.0.0.0/0 192.168.30.252
slide 279
Displaying IP Routes
Routes in RIB (Routing Information Base), that are not active,

are not shown
awplus# sho ip route
Codes: C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default
S 0.0.0.0/0 [1/0] via 192.168.30.254, vlan2

C 192.168.30.0/24 is directly connected, vlan2
S 192.168.40.0/24 [1/0] via 192.168.30.252, vlan2
awplus#
slide 280
Displaying IP Routes
Show all routes, including those on inactive links
awplus# show ip route database

Codes: C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
> - selected route, * - FIB route
S *> 0.0.0.0/0 [1/0] via 192.168.30.254, vlan2

C *> 192.168.30.0/24 is directly connected, vlan2
S *> 192.168.40.0/24 [1/0] via 192.168.30.252, vlan2
S 192.168.60.0/24 [1/0] via 192.168.50.250 inactive
slide 281
Checking IP Connections - Ping
To verify connections between networks and network devices,

use the ping and traceroute commands on your device.
Ping tests the layer 3 connectivity between two network
devices to determine whether each network device can see
the other device.
Echo request packets are sent to destination addresses and
responses are displayed on the console.
slide 282
Trace Route
You can use trace route to discover the route that packets pass
between two systems running the IP protocol.
Trace route sends an initial UDP packets with the Time To Live
(TTL) field in the IP header set starting at 1.
The TTL field is increased by one for every subsequent packet
sent until the destination is reached.
Each hop along the path between two systems responds with a
TTL exceeded packet (ICMP type 11) and from this the path is
determined
awplus# traceroute 10.0.0.1
slide 283
Virtual Chassis Stacking
Table of Contents
Stacking vs Redundancy
VCStack Introduction
Connecting switches into a stack
VCStack Configuration
Software and configuration file synchronization
Rolling Reboot
Resiliency Link
Managing Stack Members
Monitoring and troubleshooting
slide 285
VCStack Introduction
Definition of a Stack
A switch made of several units
A single IP address to manage the whole stack
High speed stacking link
All functionalities can be configured across the stack
It is what we call Virtual Chassis Stacking
slide 287
Stacking Benefits
Simplified Management
A virtual chassis can be configured /managed via a single IP address
Reduces network administration overhead
Simplified Configuration
Often redundancy protocols like VRRP & STP are not needed
Reduces management traffic on the network, and reduces configuration
complexity
High Availability
Network resources are spread across a number of stacked switches
Reduced impact of any one switch failing
In the core, access to resources guaranteed through resilient connections
Available upstream to servers, and downstream to distribution switches
slide 288
Stacking Benefits
SBx908 core
Hardware redundancy
High-bandwidth
QoS
Stacking
High-availability
Simplified management
Resilient links
Scalability
Future proof
x900 Distribution switches
8000S edge switches
slide 289
Stacking Benefits
Resiliency
Aggregated links configured across different switches in the stack
Full bandwidth from all links available for maximum throughput
In the event of failure, a connection to the network core is maintained
High Speed Stack Recovery
In case of stack failure, recovery typically occurs in less than 3 second
Scalability
Individual switches can be inserted and removed from the stack
Low entry cost
Pay as you grow
slide 290
Stacking Benefits
Complete stacking solution from one vendor
Guarantees straightforward installation
Service and support is simplified
Future Proof
A network solution can grow as required
A number of switches can create a powerful virtual chassis
SBx908
DC2552
X900 X930
X600 X610
X510
X310
slide 291
Creating a Stack
Connecting Switches into a Stack
The proprietary high-speed communication protocol that is used over the stacking links
requires multiple twisted pairs and a high level of shielding.
Specialized cables and connections are required.
The types of cables and connections available are dependant on the type of x-Series
switches you are stacking :
Back-port stacking on SwitchBlade x908
DC2552
Front-port stacking using XEM-STKs on x900 series
X930
AT-StackXG slide-in modules on x600 & x610 Series
Front-port stacking on the x510 series
Front-port stacking on the x310 series
slide 293
Stacking on a SBx908
On the rear of the SwitchBlade x908 chassis, there is a pair of fixed stacking ports.
Back port stacking requires a specific cable (AT-HS-STK-CBL1.0)
You have to order the cable separately of the chassis
Two SBx908 can be stacked together
Note that the cables are crossed overport 1 of the top switch is connected to port
2 of the bottom switch, and vice versa
slide 294
Stacking on a SBx908
This provides 80Gbps of stacking bandwidth per stacking port
Total bandwidth between units 160Gbps
Perfect for the enterprise core with very high-bandwidth
slide 295
Stacking on DC2552XS/L3
Front-port stacking
Each stacking port provide 40 Gbps with 4 QSFP+ ports
Stacking Bandwidth 160 Gbps
Up to 2 unit can be stacked
Differently from other x-series switches,
the stacking cables must connect ports of the same number.
slide 296
Stacking on X930
The x930 series allow up to 8 units to be

stacked using either front or back port stacking
(Front and back port stacking cannot combined.)
40 Gbps Rear-port stacking

StackQS module or direct attached cables
available.
The stacking cables must form a ring
It support LDS
slide 297
Stacking on X930
Rear stacking cable options:

AT-StackQS: 2 x QSFP+ stacking module
AT-QSFP1CU: 1 meter QSFP+ direct attach stacking cable
Front Stacking cable options:

AT-SP10TW11 meter SFP+ direct attach cable
In addition, Allied Telesis SPF+ modules can be inserted and connected by cables of whatever length
the SFP+ modules can support.
slide 298
Stacking on a x900
Front-port stacking
You can fit the XEM bays on x900 Series switches with a specialized stacking XEM
called the XEM-STK.
The specific cable type that connects these XEMs are purchased individually as either
0.5 or 2 meter long cables
AT-XEM-STK-CBL0.5
AT-XEM-STK-CBL2.0 AT-XEM-STK
slide 299
Stacking on a x900
Each XEM-STK module has 2 x 15Gbps HD stacking
connectors
So, total bandwidth between units is 60Gbps
You can stack up to two 2 switches
You can stack x900-24XS and x900-24XT together
You can stack two x900-12XT/S together
You cant mix x900-12XT/S and x900-24X in
a stack
slide 300
Stacking on a x600
An AT-StackXG module can be inserted on the rear of any non-POE x600
You cant add AT-StackXG in X600 POE, stacking ports are built in the chassis on POE
model (cable must be purchased separately)
The specific cable type that connects the AT-StackXG are purchased as either 0.5 or 1
meter long cables:
AT-STACKXG/0.5
AT-STACKXG/1
Each AT-STACKXG is shipped with one AT-STACKXG/0.5
slide 301
Stacking on a x600 / x610
AT-StackXG slide-in modules on x600
You can stack up to 4 x600 switches (8 x610s)
You can mix any x600 in a stack (POE and non POE)
Each stacking port provide 12 Gbps HD
Total bandwith of the stack is 48 Gbps
slide 302
Stacking on a x610
Up to 8 unit can be stacked with 5.4.3 firmware

AT-StackXG or AT-x6EM/XS2 slide-in modules on x610
AT-StackXG, has two full-duplex, 12 Gbps stacking
AT-x6EM/XS2, has two 10GbE SFP+ stacking slots
The two ports on an SFP+ AT-Stack module, AT-x6EM/XS2, are configured as
stacking ports by default. However, they can be reconfigured as 10 GbE network
switch ports.
slide 303
LDS
Using the AT-x6EM/XS2 stacking module you can extend the distance between
stacked units to the maximum distance supported by the particular SFP you are
using. This capability enables you to create a stack of up to 8 geographically
separated x610 switches as a single stack.
slide 304
Stacking on a x510
Four X510 units can be

stacked using 10 Gb front
port
The AT-SP10TW1- 1meter
SFP+ direct attach cable
should be used
The cable must form a ring
slide 305
Stacking on X310
Four X310 units can be stacked using 1 Gb

front port
slide 306
Stacking on XS900 series
Two XS900 unit can be stacked

using 10 Gb front port
The AT-SP10TW1- 1meter SFP+
direct attach cable should be used
slide 307
Stacking on GS900MX
Four GS900MX units can be

stacked using 10 Gb front
port
The AT-SP10TW1- 1meter
SFP+ direct attach cable
should be used
slide 308
VCStack Configuration
How the Stack Communicates
The stack management uses a specific VLAN ID and an IP subnet, default
values are :
VLAN 4094
Subnet 192.168.255.0/28
You may need to change these values if they clash with a VLAN ID or
subnet that is already in use in the network.
stack management subnet <ip-address>
stack management vlan <2-4094>
The management traffic is queued to egress queue 7 on the stack link (no
other traffic should be marked for queue 7)
slide 310
Stack Roles
Each switch in a stack acts in one role
backup member (also called stack member)
stack master (normally as the active master)
The stack members are controlled by the stack master.
The stack master performs a number of tasks that a stack member
does not perform:
It controls all switch management activity
It synchronizes boot release and configuration files with stack members
All routing protocol packets are processed by the stack master. The stack
master then transfers any requisite table updates to the stack members.
slide 311
Stack Master Selection
Master selection is based on two parameters
Firstly - stack members priority setting
Secondly - MAC address
The switch with the lowest priority become Master
Priority default is 128 - can change to select specific master
stack <switch stack ID> priority <0-255>
If several switches have the same priority, the one with the lowest MAC@
become Master
Master selection is not related with unit ID ((ie master does not have to be
1)
Any switches in a stack can potentially be Stack Master
slide 312
Virtual MAC Address
The virtual MAC address can be manually configured by specifying a VCStack virtual
Chassis ID. The ID selected will determine which virtual MAC address the stack will use.
The MAC address assigned to a stack must be unique within its network.
The virtual chassis ID entered will form the last 12 bits of a pre selected
MAC prefix component; that is, 0000.cd370xxx. For example:
awplus(config)# stack virtual-mac

awplus(config)# stack virtual-chassis-id 63
This will result in a virtual MAC address of: 0000.cd37.003f
slide 313
Stack Member ID
Each switch in a stack has an ID number, which can be an integer
between 1 and 8. The default on each switch is a stack ID of 1.
The stack IDs on each switch within a stack are unique.
The system can automatically assign a unique ID number to each
stack member
Each members configuration is associated with its ID
Allows putting the stack in a pre-defined configuration
In case of conflict, system automatically modifies ID of the unit with the higher
MAC@
slide 314
Assigning Stack IDs
Manual assignment on a switch before stacking
stack(config)#stack 1 renumber <1-8>
Automatic assignment as switches join the stack
The stack master will be assigned stack ID 1, and the other switches will be
automatically assigned other IDs.
Manual renumbering of a switch after stacking
stack(config)#stack 1 renumber <1-8>
slide 315
Stack Maintenance
Adding a stack member
A switch can be added to an existing stack (hot-swapped in)
Power down the new switch
Connect its ports to the stack
Power on
Removing a stack member
A member can be removed from a stack (hot-swapped out)
Power down the member
Disconnect its stacking ports
Reconnect the remaining stack members
slide 316
Stack Maintenance
Replacing a stack member
You can seamlessly swap a switch into the stack to replace another
Configure new switch with the same member ID as its replacement
Optional auto-upgrade
Auto-upgrade will copy the master's software release onto new member
If a new member joins a stack and has a SW release that is different, the masters
software release is copied to the new member
Auto-upgrade works when the master and new-member releases are similar (for
example 5.4.3-0.1 and 5.4.3-0.2)
Auto-upgrade is enabled by default
Disable with (no) stack <1-8> software-auto-synchronization
If disabled, a new member with different SW release cannot join stack
slide 317
Provisioning
Provisioning provides the ability to pre-configure ports that are not yet present in a
switch or in a stack.
Provisioning keeps a 'placeholder' for a XEM or switch which has been hot-swapped
out.
Switch provisionning
awplus(config)#switch 2 provision x900-24
XEM provisionning
awplus(config)#switch 2 bay 2 provision xem-12
slide 318
Resiliency Link
Resiliency Link
In this network scenario when
the stack link breaks, the edge
switches will continue to use
their uplink ports. This is a
problem because the two
switches elect themselves as
master and a duplicate ip issue
occur.
The optional Resiliency Link
feature provide a solution to
this problem.
slide 320
Resiliency Link
With a Resiliency Link, the stack members all listen for periodic
(one per second) Health Check messages from the master
As long as the active master sends Health Check messages, the

other stack members know that the active master is still active.
The Resiliency Link can be between

Eth0 port (only on SwitchBlade x908 or x900 series switches)
A dedicated VLAN (resiliencylink VLAN) to which switch ports may
become members. This is available on the x600, x900, and x908.
slide 321
Resiliency Link
Stack Master
High-Speed
Resiliency Link
Chassis Stack Connectors
Stack Member
slide 322
Resiliency Link Configuration
The out-of-band Ethernet port is configured as a resiliency port with the
command:
awplus(config)# stack resiliencylink eth0
Note that even if you configure the eth0 port as a resiliency port, you can still
use it for out of-band management.
A VLAN, and switch port are configured for resiliency link connection with
the commands:
awplus(config)# stack resiliencylink vlan1000
awplus(config-if)# switchport resiliencylink
This VLAN is dedicated to the resiliency link function and must not be the
stack management VLAN or a customer data VLAN.
slide 323
Fast Failover
Fast Failover
In a VCStack environment, one of the stack members acts as the

master switch, and provides decision making for the virtual chassis.
All of the other VCStack members are in active standby, also having
learnt routing and forwarding information for the network to ensure
that if the Master were to fail, another member is able to seamlessly
assume control of the virtual chassis with absolutely minimal network
downtime.
slide 325
Fast Failover
Synchronisation of hardware forwarding tables, VLAN state

tables, and port state tables is maintained across stack
members.
Additionally, state information for other features is shared

across stack members, to enable a seamless transition upon
failover (AMF, DHCP, LLDP etc.).
slide 326
Managing Stack Members

File Synchronization
A VCStack requires that the software version and the

configuration files on all stack members are the same.
The following files are synchronised by the stack master:
Software release auto-synchronisation
Shared running configuration
Shared startup configuration
Scripts
Note : licences are not synchronized. For optional features (e.g. IPv6) each
switch in the stack must have his own feature licence
slide 328
Rolling Reboot
This command allows a stack to be rebooted in a rolling sequence so that
no more than one unit of the stack is in reboot at any given time.
First, the stack master is rebooted causing the remaining stack members to
failover and elect a new master.
As soon as the rebooted Active Master has reloaded, it becomes the Active
Master again.
Immediately after the Active Master has reloaded and assumed its role
again, all of the other switches in the stack are rebooted at the same time.
slide 329
Rolling Reboot
awplus#reboot rolling
The stack master will reboot immediately and boot up with the
configuration
file settings. The remaining stack members will then reboot
once the master
has finished re-configuring.
Continue the rolling reboot of the stack? (y/n):y
awplus#22:11:07 awplus VCS[995]: Automatically rebooting stack
member-4 (MAC: 00.15.77.c9.73.cb) due to Rolling reboot
URGENT: broadcast message:
System going down IMMEDIATELY!
... Rebooting at user request ...
slide 330
Remote - Login
This command is used only on the master in order to log onto

the CLI of another stack member. In most respects the result
of this similar to being logged into the stack master.
Configuration commands are still applied to all stack members,
but show commands, and commands that access the file system
are executed locally.
To log onto stack member 2, use the following command:
awplus# remote-login 2
To return to the command prompt on the master stack member, type exit.
slide 331
Monitoring and troubleshooting
You can monitor and troubleshoot VCStack with several tools

LEDs on the switch or XEM
By using the show stack and show stack detail commands
Stack debug output
Counters
Event logging
slide 332
Show Stack
awplus#show stack
Virtual Chassis Stacking summary information
ID Pending ID MAC address Priority Role

1 - 0015.77ae.60cb 128 Active Master
2 - 0015.77ae.5fdc 128 Backup Member
3 - 0015.77c2.4d56 128 Backup Member
slide 333
Counters
You can obtain detailed counters relating to stack events and signaling packets with
the command:
show counter stack
The event counters make it possible to see if unexpected events have been occurring
on the stack.
slide 334
VCStacking Plus
VCStack Plus Introduction
VCStack Plus allows two SwitchBlade x8100 Series chassis to

be stacked together and operate as a single virtual unit, using
SBx81CFC960 control cards.
This creates a powerful and completely resilient network core,
which can even be separated over a long distance.
slide 336
VCStack Plus Feature
Creating a VCS Plus stack greatly eases network management,

because the two physical SwitchBlade x8100 Series chassis
form a single virtual unit that is managed and configured via a
single IP address.
VCStack Plus also enables you to create highly resilient
networks. Resiliency can be applied in several ways.
slide 337
VCStack Plus
Within the VCS Plus stack itself, chassis interconnection is via

four high-speed links on each CFC960 control card. Dual
control cards in each physical chassis means there are up to 8
VCStack Plus links, providing resiliency.
If a link, port or control card fails, VCStack Plus connectivity
will still continue; although degraded performance might occur
due to the reduced bandwidth.
slide 338
VCStack Plus
The network can also be made extremely resilient by utilizing

link aggregation across the VCS Plus stack.
Creating aggregated links that span line cards located within
different chassis within a stack creates an extremely resilient
configuration.
slide 339
VCStack Plus Capable Switches
VCStack Plus is supported on the following Allied Telesis switch

types:
SwitchBlade x8112
SwitchBlade x8106
Stacking can only be achieved when using CFC960 control cards.

VCS Plus stack using chassis from within the same product model SBx8106
with a SBx8106, or a SBx8112 with a SBx8112 chassis.
slide 340
VCStack Plus stacking modules, cables, and connections
SwitchBlade x8100 Series switch can support a maximum of

two chassis per stack.
Each chassis can have one or two CFC960 control cards
installed, and these utilize their four front panel 10GbE SFP+
ports for stacking connectivity.
A VCS Plus stack can consist of up to four CFC960 control
cards connected over SFP+ ports numbered 1 to 4.
slide 341
VCStack Plus Card
When VCStack Plus is enabled, all of these ports are reserved

for stacking and cannot be configured as normal network ports.
One control card will be chosen as the active master for the
stack.
slide 342
VCStack Plus Modules
The SFP+ stack ports use special pluggable transceivers (SFPs)

and 10 Gigabit fibre cables to connect the physical stack; these
are:
AT-StackOP/0.3 (300 meters long)
AT-StackOP/9.0 (10 kilometers long)
slide 343
Two Chassis Stack Configuration
The figure below shows you how to fully cable a stack

connected over its SFP+ ports
slide 344
Licensing
A license is needed to enable VCStack plus.

License installation is easy.
awplus# license VCStack-Plus <license-key>
A restart of affected modules may be required.
Would you like to continue? (y/n): y
Card 1.5 installed 1 license
Card 1.6 installed 1 license
2 licenses installed
slide 345
POE (AlliedWare+)
Table of Contents
Power over Ethernet

PoE Standard
PoE Technology
PoE Configuration
slide 347
Power over Ethernet Introduction

Power over Ethernet (PoE)
Power over Ethernet (PoE) is a technology allowing devices such as

IP telephones to receive power over existing LAN cabling
Power is supplied to network devices over the same cabling used to

carry network traffic
Devices that require power are called Powered Devices (PDs)
Devices that provide power to PDs are called Power Sourcing

Equipment (PSE)
slide 349
Advantages of PoE
A single cable between switch and Powered Device (PD)

No separate power installation/ connection needed for PDs
Device placement is not limited to nearby power sources
PDs can be easily moved to wherever there is LAN cabling
Safer - no mains voltages anywhere
A UPS can guarantee power to devices during mains failure
Devices can be shut down or reset remotely
Little configuration or management required
slide 350
PoE Technology
PoE requires little configuration or management
The PSE automatically determines whether a device connected

to a port is a powered device or not
The PSE can also determine the power class of the device
slide 351
PoE Standards
The PoE IEEE 802.3af standard was formally approved by the IEEE
Standards Board in June 2003
The IEEE 802.3af standard supports delivery of up to 15.4 watts per

port
The maximum power consumed by a PD, as specified by the

standard, is 12.95 watts
The system provides the extra power (up to 15.4 watts) to

compensate for line loss
slide 352
PoE Standards
PoE+ supplies the higher power required from a new generation of

network attached devices.
The IEEE 802.3at specification can provide up to 30W of power at
the PSE.
A PD under the IEEE 802.3at specification can draw up to 25.5W of
power, which is sufficient to power a new generation of higher
powered PDs
The IEEE 802.3at specification is backwards compatible with the IEEE
802.3af specification.
Powered Devices complying with IEEE 802.3af are compatible with
the IEEE 802.3at Power Sourcing Equipment.
slide 353
Powered Device (PD) Discovery
Device detection involves applying a DC voltage between the
transmit and receive wire pairs, and measuring the received current
A PSE will expect to see a 25K Ohm resistance and 150nF

capacitance between the pairs for the device to be considered a valid
PD
The PSE will check for the presence of PDs on connected ports at
regular intervals
Power is removed when a PD is no longer connected
slide 354
Power Classes & Delivery

Power Classes
Once a PD is discovered, a PSE may optionally perform PD classification
This is done by applying a DC voltage and current to the port
If the PD supports power classification it will apply a load to the line

indicating the classification required
Once the PDs power class is detected, the PSE manages power allocation
by subtracting the PDs class maximum value from the overall power
budget
This allows for management of power allocation when there is not enough
power available from the PSE to supply maximum power to all ports
slide 356
Power Classes
The power classes outlined by PoE standard are:
Class Power usage

0 0.44 W to 12.95 W (802.3af)
1 0.44 W to 3.84 W
2 3.84 W to 6.49 W
3 6.49 W to 12.95 W
4 12.95 W to 25.50 W (802.3at)
slide 357
Power Delivery
An Ethernet cable (CAT5) has four twisted pairs, but only two
of these are used for data transfer in 10/100 Mbps networks
The IEEE 802.3af standard allows two options for using

Ethernet cables for power supply:
1) The Data pair is used

2) The Spare pair is used
slide 358
Power Delivery
Different vendors PSE equipment may use either the data or
spare wire pairs to supply power, depending on their PoE
implementation
Powered Devices (PDs) must be able to accept power from

both options
The voltage supplied is 48V, and a maximum 12.95W of power

is available at the Powered Device
In the PD, an isolated DC-DC converter transforms the 48V to

a lower voltage suitable for the electronics
slide 359
Power Delivery
The voltage supplied for the IEEE 802.3af standard is nominally

48V, and a maximum of 12.95W of power is available at the
Powered Device.
The voltage supplied for the IEEE 802.3at standard is nominally
56V, and a maximum of 25.5W of power is available at the
Powered Device.
slide 360
Power Delivery
Pin Alternative A Alternative B

1 positiv
2 positiv
PoE Switch 3 negativ
4 positiv
5 positiv
6 negativ
7 negativ
8 negativ
1.
. RJ 45 Connector
.
. (Ethernet 10/100)
.
.
8
slide 361
Power Delivery
Powered devices that comply with the IEEE 802.3af standard

typically support both methods of power delivery methods
So you should not need to be concerned about whether a

powered device is compatible with the switchs power delivery
method
So long as a powered device is compliant with the standard, it

should be able to receive its power from the switch
slide 362
PoE Configuration
PoE Configuration
PoE is enabled by default on all non-SFP 10/100/1000 RJ-45

ports
Use the following Interface Mode command to configure the
administrative mode of the inline power on an interface.
awplus(config-if)# no power-inline enable
awplus(config-if)#power-inline enable
slide 364
Port Prioritization
Port prioritization is the way the switch determines which

ports are to receive power in the event that the needs of the
PDs exceed the available power resources of the switch.
If there is not enough power to support all the ports set for a
given priority level, power is provided to the ports based on
port number, in ascending order.
slide 365
Port Prioritization
If the PD's connected to a switch require more power than the

switch is capable of delivering, the switch will deny power to
some ports based on a system called port prioritization.
You can use port prioritization to ensure that PD's critical to

the operations of your network are given preferential
treatment by the switch in the distribution of power, should the
demands of the devices exceed the available capacity.
slide 366
Priority Command
There are three priority levels:

Critical
High
Low
Use the following Interface Mode command to set the
operation priority of the powered device. Use no form of
command to return to default:
awplus(config-if)#power inline priority {critical | high |
low}
awplus(config-if)#no power inline priority

slide 367
PoE Show Command
This command displays the Power over Ethernet (PoE) status for all
ports on the Power Sourcing Equipment (PSE).
awplus# show power-inline
slide 368
Power Threshold
At the default setting of 80% the switch sends an SNMP trap

when the PoE devices require more than 80% of the maximum
available power on the switch.
The switch can be configured to send a Simple Network
Management Protocol (SNMP) trap to your management
workstation and enters an event in the event log whenever the
total power requirements of the powered devices exceed the
specified percentage of the total maximum power available on
the switch.
slide 369
Threshold Command
Use the following Global Configuration Mode command to

specify the threshold in percents to compare to measured
power.
awplus(config)# power inline usage-threshold 1-99
A trap is sent if threshold is crossed (If traps are enabled)
slide 370
Trap Command
For your management workstations to receive traps from the

switch, you must configure SNMP on the switch by specifying
the IP address of the workstations.
The switch will also enter an event in the event log whenever
power consumption of the switch has returned below the
power limit threshold.
You can set the SNMP traps (notifications) for PoE using the
SNMP command:
awplus(config)# snmp-server enable trap power-

inline
slide 371
Simple Network Management Protocol
(SNMP)
Table of Contents
SNMP overview
How MIBs work
How SNMP works
Configuring & implementing SNMP
slide 373
What Is SNMP?
Simple Network Management Protocol (SNMP) is a widely used protocol

designed to facilitate the management of networked devices from a central
location.
Simple Network Management Protocol

Internet standard for IP device management
Developed 1988 by IETF
Standard message format.
Standard set of managed objects.
Standard way to add objects.
slide 374
SNMP Versions
SNMP V1
SNMP V2c (typically referred to as SNMP V2)
Uses UDP protocol not guaranteed transfer
Minimal security community string in clear text (password)
Management data described in MIBs (Management Information Base). Language used is
ASN.1
V2c has added functions for improved efficiency (GET-BULK)
Simple to use
SNMP V3
Uses UDP not guaranteed transfer
Strong authentication possible
Strong encryption possible
Complex to use
slide 375
SNMP Architecture
The SNMP architecture is composed of three major elements:
Managers (software) are responsible for communicating with (and

managing) network devices that implement SNMP Agents (also software).
Agents reside in devices such as workstations, switches, routers,

microwave radios, printers, and provide information to Managers.
MIBs (Management Information Base) describe data objects to be managed by

an Agent within a device. MIBs are actually just text files, and values of MIB
data objects are the topic of conversation between Managers and Agents.
slide 376
SNMP Architecture
SNMP agents reside in the firmware of the device.
SNMP agents control information through MIBs.
SNMP applications (managers) request information from device SNMP
agents.
SNMP architecture components:

Managed nodes with SNMP agent.
Management w/s with management application (manager).
Protocol to pass information between agent & manager.
Management information.
slide 377
MIB - Management Information Base
MIBs provide a logical database for information storage and

retrieval.
Standard MIBs for similar devices/functions (RFCs or Public).
Enterprise (Private) MIBs for vendor / product specific features.
Management software retrieves/requests the information from MIBs.
MIBs must be compiled within the Network Management

platform.
Must also be compiled within the managed device firmware.
slide 378
Public MIBs
Standards-based MIB modules listed in RFC 2400
~ 100 such modules

~ 10,000 defined objects.
Examples
RFC 1213 (MIB-II) set of standard objects used for TCP/IP networks
e.g. sysObjectID.
RFC 1643 set of standard objects for statistical metrics for ethernet
interfaces.
slide 379
Enterprise MIBs
Created and maintained by enterprises
E.g. Allied Telesis, etc.
In the case of the Allied Telesis Group

ATI (U.S.)
ATKK-Milan (Europe)
ATR (NZ)
ATKK (Japan)
Examples
Atrouter.mib (ATR)
Atil2.mib (ATI-US)
slide 380
SNMP Introduction
Elements
Network Management
System
GET / SET / GET-NEXT
Agent Manager
TRAP / RESPONSE
slide 381
SNMP Messages
The SNMP protocol is termed simple because it has only six operations, or
messagesget, get-next, get-response, set, and trap, and SNMPv2c
also has the get-bulk-request message.
The replies from the managed device are processed by the NMS and
generally used to provide a graphical representation of the state of the
network.
slide 382
SNMP GET and SET Messages
SNMP GET and SET transfers

Manager sends a UDP packet
Includes the MIB address (and perhaps the new value)
Includes a community string in clear text
Agent checks
Is MIB known?
Is community known?
Does this community allow this access?
If access allowed, then respond with a UDP packet
slide 383
SNMP Messages
Get: retrieve value
get-request sent by an NMS to an agent, to retrieve the value of an object.
GetNext: retrieve value (MIB Walk)

get-next-request sent by an NMS to an agent, to retrieve the value of the next object in
the sub-tree.
GetBulk: retrieve multiple value

get-bulk-request sent by an NMS to an agent to request a large amount of data with a
single message. This is for SNMPv2c messages
Set: Update Value

Sent by an NMS to an agent, to manipulate the value of an object.
slide 384
SNMP Traps
SNMP TRAP
Agent setup via management commands
Unsolicited event on the agent
Agent sends UDP TRAP
MIB value
Community string
Such events include the restarting or re-initialization of a device, a change in the status of a
network link (up or down), or an authentication failure.
Standard (Default) Traps (6)

AuthenticationFailure
coldStart
warmStart
linkUp
linkDown
slide 385
Polling versus Event Notification
SNMP employs a polling paradigm.
A Network Management Station (NMS) polls the managed device for

information as and when it is required, by sending get-request, get-next-
request, and/or get-bulk-request PDUs to the managed device. The managed
device responds by returning the requested information in a get-response
PDU.
The only time that a managed device initiates an exchange of information is

in the special case of a trap PDU. A managed device may generate a limited
set of traps to notify the NMS of critical events.
slide 386
SNMP Configuration
SNMP V1/V2c Commands
awplus# sho snmp

SNMP enable ........ No
SNMPv3 engine ID (configured) ....... Not set
SNMPv3 engine ID (actual)............ Not set
awplus(config)# snmp-server community private rw

awplus(config)# snmp-server community public ro
awplus(config)# exit
awplus# sho snmp

SNMP enable ........ Yes
SNMPv3 engine ID (configured) ....... Not set
SNMPv3 engine ID (actual)............ 0x80001f88807095fd04489958cd
slide 387
SNMP Configuration
Create a read-only access community called example2ro for use by the regional network
management station at 192.168.16.1.
Use an ACL to give the regional NMS SNMP access to the switch using that community name.
awplus(config)# access-list 67 permit 192.168.16.1

awplus(config)# snmp-server community example2ro ro 67
slide 388
SNMP Configuration
Additional Support Information
Extra info that can be used by the manager NMS system to identify switches
awplus(config)# snmp-server contact Fred Bloggs

awplus(config)# snmp-server location Munich
SNMP access should also be limited as much as possible.

Access only from specified IP address
Access only from specified subnet
Note: these are not real security features, just improvements. Real SNMP security is
achieved by using encryption/authentication with SNMPv3
slide 389
Configure trap hosts
Specify the IP address or addresses that the traps will get sent to. In this example, traps will be sent
to both NMSes.
awplus(config)# snmp-server host 192.168.11.5 version 2c example1rw
awplus(config)# snmp-server host 192.168.16.1 version 2c Example2ro
Enable link traps, for example on a range of switch ports:

awplus(config)# int port1.1.5-1.1.7
awplus(config-if)# snmp trap link-status
Check that the current configuration of the SNMP communities matches the desired configuration:
awplus# show snmp-server
awplus# show snmp-server community
awplus# show run snmp
slide 390
snmp-server enable trap
Use this command to enable the switch to send the specified

notifications (traps).
snmp-server enable trap {[auth] [bgp] [dhcpsnooping] [epsr]
[lldp] [loopprot] [mstp] [nsm] [ospf] [pim] [power-inline]
[rmon] [thrash-limit] [vcs] [vrrp]}
The Environmental Monitoring traps are enabled by default.
Example:
awplus(config)# snmp-server enable trap ospf vrrp
slide 391
Thank you
Americas Headquarters | 19800 North Creek Parkway | Suite 100 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895
Asia-Pacific Headquarters | 11 Tai Seng Link | Singapore | 534182 | T: +65 6383 3832 | F: +65 6383 3830
EMEA Headquarters | Via Motta 24 | 6830 Chiasso | Switzerland | T: +41 91 69769.00 | F: +41 91 69769.11
2011 Allied Telesis Inc. All rights reserved. Information in this document is subject to change without notice. All company names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners.

CAT Enterprise2016 1

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

CAT Enterprise2016 1

Enviado por

Direitos autorais:

Formatos disponíveis

Certified Allied Telesis Technician / Enterprise (CAT-ENT)

Editor: Roberto Cassinerio - roberto_cassinerio@alliedtelesis.com

This 2 day technical training course gives the core knowledge

Upon completion of this course, the attendees will be able to:

Hardware Overview Link Aggregation

Operations Basic IP Routing

Layer 2 Switching Stacking

Lab sessions spread Lab sessions spread

Breaks and lunch schedule

Network Media Cell Based & Channel

GS950/8POE GS950/16-24-48 X610 X510 x210/x230/x310

GS950/10-16-28-48PS FS980M GS900MX XS900MX

Mulitple services chassis-based solution

Appliance or software based Extricom Wireless Switch

The Serial Interface : RS-232 Connectors / Adapters

USB to RS-232 DB9 to RJ45

1) Give it a name and click OK 2) Select the Com port to use

The defaults are:

The AlliedWare Plus Bootloader allows a number of operations to be performed

Enter selection ==>

The switch starts up in this sequence:

Bootloader 1.1.0 loaded

Allied Telesis Inc.

Mounting virtual filesystems... [ OK ]

To use this Security Level menu item, proceed as follows:

Enter selection ==> s

The first level is the default level.

Anyone who has physical access to the switch can connect a

The next level of security is equivalent to the second one,

Passwords are encrypted

The Command line modes (CLI)

After successfully logging into an AlliedWare Plus switch you

By default the command prompt shows awplus>

Privileged Exec mode is main mode for monitoring

This mode gives access to all configuration commands for the

Interface Router Interface Router

Help is available from all 3 operating modes using:

To display the options for a command, enter the command + ?

The system has a command completion module:

The up/down arrow keys recall the last commands used.

awplus(config)# do show ip int brief

AlliedWare Plus now supports 15 privilege levels, divided into 3

Levels 1-6 provide access to most show commands, in User Exec

Levels 7-14 provide access to some more show commands, in

Level 15 provides access to some additional show commands and all

List all configured users

awplus# show running-config |include username

The 'no form of the command removes a user:

con 0 manager idle 00:00:00 ttyS0 15

Commands input from the command line interface (CLI) are

Ensure you are in Privileged Exec mode:

Remove start-up file (Privilege mode):

AlliedWare Plus (TM) 5.4.2 12/12/11 12:13:19

Switch System Status Thu Sep 22 14:00:13 2011

System Pluggable Information

Digital Diagnostics Monitoring (DDM) for SFPs, SFP+s and XFPs

You can trouble-shoot fiber cable and pluggable issues with

Setting up a default banner:

The switch can apply summer time and winter time

Show file list, including hidden files (Privilege mode):

A TFTP Server or computer running TFTP server software

Check the file is in the flash:

Set the release file as start-up image (Configuration mode):

Reboot the switch and verify with a show sys