Page is loading ...
Lenov oFlexSystemFabricCN409310GbConvergedScalableSwitch
ApplicationGuide
ForLenovoEnterpriseNetworkOperatingSystem8.4
Note:Beforeusingthisinformationandtheproductitsupports,readthegeneralinformationintheSafetyinformationand
EnvironmentalNoticesandUserGuidedocu mentsontheLenovoDocumentationCDandtheWarrantyInformationdocumentthatcomes
withtheproduct.
ThirdEdition(July2017)
©CopyrightLenovo2017
Portions©CopyrightIBMCorporation2014.
LIMITEDANDRESTRICTEDRIGHTSNOTICE:IfdataorsoftwareisdeliveredpursuantaGeneralServices
Administration“GSA”contract,use,reproduction,ordisclosureissubjecttorestrictionssetforthinContractNo.
GS‐35F‐05925.
LenovoandtheLenovologo
aretrademarksofLenovointheUnitedStates,othercountries,orboth.
© Copyright Lenovo 2017 3
Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
WhoShouldUseThisGuide .......................21
WhatYou’llFindinThisGuide..................
....21
Part1:GettingStarted ........................21
Part2:SecuringtheSwitch..............
........21
Part3:SwitchBasics .........................22
Part4:AdvancedSwitchingFeatures..........
.......22
Part5:IPRouting..........................23
Part6:HighAvailabilityFundamentals..........
......23
Part7:NetworkManagement.....................24
Part8:Monitoring..................
........24
Part9:Appendices.........................24
AdditionalReferences ...............
...........25
TypographicConventions ........................26
Part 1:. Getting Started. . . . . . . . . . . . . . . . . . . . . . 27
Chapter 1. Switch Administration . . . . . . . . . . . . . . . . . 29
AdministrationInterfaces ...........
.............30
ChassisManagementModule.....................30
IndustryStandardCommandLineInterface..........
....30
Browser‐BasedInterface .......................31
EstablishingaConnection...................
.....32
UsingtheChassisManagementModule................32
Factory‐Defaultvs.CMM‐AssignedIPAddresses..........32
UsingTelnet.......
.....................33
UsingSecureShell..........................33
UsingSSH
withPasswordAuthentication.............35
UsingSSHwithPublicKeyAuthentication .............35
UsingaWebBrowser.............
...........36
ConfiguringHTTPAccesstotheBBI................36
ConfiguringHTTPSAccesstotheBBI ............
...37
BBISummary..........................38
UsingSimpleNetworkManagementProtocol..............39
BOOTP/DHCPClientIP
AddressServices .................40
HostNameConfiguration ......................40
SYSLOGServer......
.....................41
DHCPSnooping..........................41
EasyConnect
Wizard ..........................42
ConfiguringtheEasyConnectWizard.................42
BasicSystemMode
ConfigurationExample .............43
TransparentModeConfigurationExample.............44
RedundantModeConfigurationExample .............45
SwitchLoginLevels..
.........................47
AdministratorPasswordRecovery ....................49
SecureFTP..
.............................51
4 CN4093 Application Guide for N/OS 8.4
BootStrictMode ............................52
AcceptableCipherSuites .................
.....55
ConfiguringStrictMode .......................56
Limitations......................
.......56
ConfiguringNo‐PromptMode......................57
Chapter 2. Initial Setup . . . . . . . . . . . . . . . . . . . . . 59
InformationNeededforSetup.............
.........60
DefaultSetupOptions .........................61
StoppingSetup.............
..............61
RestartingSetup..........................61
SetupPart1:BasicSystemConfiguration...
..............62
SetupPart2:PortConfiguration .....................64
SetupPart3:VLANs........
..................66
SetupPart4:IPConfiguration......................67
IPInterfaces....
........................67
DefaultGateways..........................68
IP
Routing.............................69
SetupPart5:FinalSteps .................
........70
OptionalSetupforTelnetSupport....................71
Chapter 3. Switch Software Management . . . . . . . . . . . . . . 73
LoadingNewSoftwaretoYourSwitch ...........
.......74
LoadingSoftwareviatheISCLI ....................74
LoadingSoftwareviaBBI.................
.....75
UpdatingSoftwareonvLAGSwitches.................76
TheBootManagementMenu .....................
.78
BootRecoveryMode........................79
RecoverfromaFailedImageUpgradeusingTFTP...........80
RecoveringfromaFailedImage
UpgradeusingXModemDownload ...82
PhysicalPres ence..........................84
Part 2:. Securing the Switch . . . . . . . . . . . . . . . . . . . 85
Chapter 4. Securing Administration . . . . . . . . . . . . . . . . 87
ChangingtheSwitchPasswords...........
..........88
ChangingtheDefaultAdministratorPassword.............88
ChangingtheDefaultUserPassword.................88
© Copyright Lenovo 2017 Contents 5
SecureShellandSecureCopy......................89
ConfiguringSSH/SCPFeaturesontheSwitch ..............90
ToEnableorDisabletheSSH
Feature...............90
ToEnableorDisableSCP .....................90
ConfiguringtheSCPAdministratorPassword.....
........90
UsingSSHandSCPClientCommands.................90
ToLogIntotheSwitchfromtheClient ..............
.90
ToCopytheSwitchConfigurationFiletotheSCPHost........91
ToLoadaSwitchConfigurationFilefromtheSCPHost.......91
ToApplyandSavetheConfiguration...........
....91
ToCopytheSwitchImageandBootFilestotheSCPHost ......92
ToLoadSwitchConfigurationFilesfromtheSCPHost ........92
SSHandSCPEncryptionofManagementMessages .......
....93
GeneratingRSAHostKeyforSSHAccess...............93
SSH/SCPIntegrat ionwithRADIUSAuthentication ...........93
SSH/SCPIntegrat ionwithTACACS+Authentication .....
.....93
EndUserAccessControl.........................94
ConsiderationsforConfiguringEndUserAccounts...........94
StrongPasswords
..........................94
UserAccessControlMenu .....................
.95
SettingUpUserIDs.......................95
DefiningaUser’sAccessLevel..................95
Validating
aUser’sConfiguration .................95
EnablingorDisablingaUser . ..................95
LockingAccounts .....
...................95
Re‐enablingLockedAccounts ...................96
ListingCurrentUsers ........
................96
LoggingIntoanEndUserAccount..................96
ProtectedMode ........
....................97
StackingMode...........................97
Chapter 5. Authentication & Authorization Protocols . . . . . . . . . 99
RADIUSAuthentication
andAuthorization...............100
HowRADIUSAuthenticationWorks................100
ConfiguringRADIUSontheSwitch.......
..........101
RADIUSAuthenticationFeaturesinEnterpriseNOS.......... 101
SwitchUserAccounts......................
.102
RADIUSAttributesforEnterpriseNOSUserPrivileges ........103
TACACS+Authentication....................... 104
HowTACACS+AuthenticationWorks.....
...........104
TACACS+AuthenticationFeaturesinEnterpriseNOS.........105
Authorization . ......................
.. 105
Backdoor ...........................106
Accounting....................
......106
CommandAuthorizationandLogging................107
TACACS+PasswordChange....................109
Configuring
TACACS+AuthenticationontheSwitch.........109
LDAPAuthenticationandAuthorization ................110
ConfiguringtheLDAPServer............
........ 110
ConfiguringLDAPAuthenticationontheSwitch...........111
6 CN4093 Application Guide for N/OS 8.4
Chapter 6. 802.1X Port-Based Network Access Control . . . . . . . . 113
ExtensibleAuthenticationProtocoloverLAN.............. 114
EAPoLAuthenticationProcess ................... 115
EAPoLMessageExchange.....
................ 116
EAPoLPortStates ........................ 116
GuestVLAN.....
........................ 117
SupportedRADIUSAttributes..................... 118
EAPoLConfiguration
Guidelines .................... 120
Chapter 7. Access Control Lists. . . . . . . . . . . . . . . . . . 121
SummaryofPacketClassifiers ..................... 122
SummaryofACL
Actions ....................... 124
AssigningIndividualACLstoaPort .................. 124
ACLOrder
ofPrecedence ....................... 124
ACLGroups ........................
..... 125
AssigningACLGroupstoaPort .................. 125
ACLMeteringandRe‐Marking ................
... 126
Metering ........................... 126
Re‐Marking ..................
....... 126
ACLPortMirroring.......................... 127
ViewingACLStatistics...........
............. 127
ACLLogging............................ 128
EnablingACLLogging....
.................. 128
LoggedInformation........................ 128
RateLimitingBehavior...
................... 129
LogInterval........................... 129
ACLLogging
Limitations ..................... 129
ACLConfigurationExamples ..................... 130
ACLExample1.
......................... 130
ACLExample2.......................
... 130
ACLExample3.......................... 131
VLANMaps ..................
........... 132
VMapExample .......................... 133
ManagementACLs.........
................. 134
Part 3:. Switch Basics . . . . . . . . . . . . . . . . . . . . . . 135
Chapter 8. VLANs. . . . . . . . . . . . . . . . . . . . . . . . 137
VLANsOverview.......................... 138
VLANsandPortVLAN
IDNumbers .................. 139
VLANNumbers ......................... 139
PVID/NativeVLAN
Numbers ................... 140
VLANTagging/TrunkMode...................... 142
IngressVLANTagging...
................... 146
Limitations .......................... 146
VLANTopologiesandDesign
Considerations.............. 147
VLANConfigurationRules .................... 147
Example:MultipleVLANswithTaggingAdapters ......
.... 148
© Copyright Lenovo 2017 Contents 7
Protocol‐BasedVLANs........................150
Port‐Basedvs.Protocol‐BasedVLANs................ 150
PVLAN
PriorityLevels ......................151
PVLANTagging........................
.151
PVLANConfigurationGuidelines..................151
ConfiguringPVLAN .......................152
PrivateVLANs.
........................... 153
PrivateVLANPorts....................
....153
ConfigurationGuidelines.....................154
ConfigurationExample....................
.. 154
Chapter 9. Ports and Link Aggregation (LAG) . . . . . . . . . . . . 157
ConfiguringPortModes ........................158
ConfiguringQSFP+Ports..................
.....160
AggregationOverview........................161
StaticLAGs................
.............162
BeforeConfiguringStaticLAGs ................... 162
StaticLAGConfigurationRules ............
.......162
ConfiguringaStaticLAG .....................163
ConfigurableLAGHashAlgorithm.............
......165
LinkAggregationControlProtocol...................167
LACPModes...................
........168
LACPindividual.........................169
ConfiguringLACP............
............170
Chapter 10. Spanning Tree Protocols. . . . . . . . . . . . . . . . 171
SpanningTreeProtocolModes.....................17 2
GlobalSTPControl.........
...............172
PVRSTMode.............................173
PortStates..
.......................... 173
BridgeProtocolDataUnits....................
. 174
DeterminingthePathforForwardingBPDUs ...........174
BridgePriority........................174
PortPriority...
......................175
RootGuard ..........................175
Loop
Guard..........................175
PortPathCost......................
...176
SimpleSTPConfiguration .....................176
Per‐VLANSpanningTreeGroups ..................
178
UsingMultipleSTGstoEliminateFalseLoops...........178
VLANandSTGAssignment..................179
ManuallyAssigningSTGs.......
............180
GuidelinesforCreatingVLANs.................180
RulesforVLANTaggedPorts.............
.....180
AddingandRemovingPortsfromSTGs .............181
Switch‐CentricConfiguration..................182
ConfiguringMultipleSTGs..
...................183
8 CN4093 Application Guide for N/OS 8.4
RapidSpanningTreeProtocol..................... 185
PortStates.......................
..... 185
RSTPConfigurationGuidelines................... 185
RSTPConfigurationExample.................... 186
Multiple
SpanningTreeProtocol .................... 187
MSTPRegion..........................
. 187
CommonInternalSpanningTree.................. 187
MSTPConfigurationGuidelines.................. 188
MSTPConfigurationExamples..
................. 188
MSTPConfigurationExample1................. 188
MSTPConfigurationExample2..........
....... 189
PortTypeandLinkType ....................... 191
Edge/PortfastPort ............
............ 191
LinkType............................ 191
Chapter 11. Virtual Link Aggregation Groups . . . . . . . . . . . . 193
VLAGCapacities ......
..................... 196
VLAGsversusPortLAGs ....................... 197
Configuring
VLAGs......................... 198
BasicVLAGConfiguration ..................... 199
Configure
theISL ....................... 20 0
ConfiguretheVLAG...................... 201
VLAGConfiguration‐VLANsMappedtoMSTI ........... 202
ConfiguretheISL ....................... 202
ConfiguretheVLAG.....
................. 203
ConfiguringHealthCheck..................... 204
VLAGswithVRRP.....
................... 205
ConfigureVLAGPeer1 .................... 205
ConfigureVLAGPeer2 ...
................. 208
Two‐tiervLAGswithVRRP .................... 211
ConfiguringVLAGsinMultipleLayers ..
............. 212
ConfigureLayer2/3BorderSwitches .............. 212
ConfigureSwitchesintheLayer2Region ...........
. 212
Chapter 12. Quality of Service . . . . . . . . . . . . . . . . . . 215
QoSOverview............................ 215
UsingACLFilters..............
............ 217
SummaryofACLActions..................... 217
ACLMeteringandRe‐Marking .........
.......... 217
Metering ........................... 218
Re‐Marking ..........
............... 218
UsingDSCPValuestoProvideQoS................... 219
DifferentiatedServicesConcepts ........
.......... 219
Per‐HopBehavior......................... 220
QoSLevels...........
................. 221
DSCPRe‐MarkingandMapping.................. 221
DSCPRe‐MarkingConfigurationExample1 ....
....... 222
DSCPRe‐MarkingConfigurationExample2 ........... 222
Using802.1pPrioritiestoProvideQoS................. 224
Queuingand
Scheduling....................... 225
© Copyright Lenovo 2017 Contents 9
ControlPlaneProtection........................ 226
PacketDropLogging.....................
....227
Part 4:. Advanced Switching Features . . . . . . . . . . . . . . . 229
Chapter 13. Stacking . . . . . . . . . . . . . . . . . . . . . . 231
StackingOverview.......................... 232
StackingRequirements...............
........ 233
StackingLimitations........................233
StackMembership...............
...........235
TheMasterSwitch ........................235
SplittingandMergingOneStack ......
..........236
MergingIndependentStacks ..................237
BackupSwitchSelection ................
......238
MasterFailover ........................238
MasterRecovery ...............
........ 238
NoBackup ..........................239
StackMemberIdentification ...........
.........239
ConfiguringaStack ..........................240
ConfigurationOverview..........
............240
BestConfigurationPractices .................... 240
StackingVLANs..............
.......... 241
ConfiguringEachSwitchinaStack .................241
ConfiguringaManagementIPInterface...........
....243
AdditionalMasterConfiguration.................. 244
ViewingStackConnections...................244
BindingMembers
totheStack ..................245
AssigningaStackBackupSwitch................245
ManagingaStack .......
....................246
ConnectingtoStackSwitchesviatheMaster ............. 246
RebootingStackedSwitchesviatheMaster...
........... 246
RebootingStackedSwitchesusingtheISCLI ...........246
RebootingStackedSwitchesusingtheBBI............247
UpgradingSoftwarein
aStack.....................248
NewHybridStack ........................
248
ConvertingaEN4093RStacktoaHybridStack............248
NewStack ............................
248
ReplacingorRemovingStackedSwitches................ 249
RemovingaSwitchfromtheStack ..................249
InstallingtheNewSwitchor
HealingtheTopology..........249
BindingtheNewSwitchtotheStack................. 251
PerformingaRollingReloadorUpgrade .. ......
.......252
StartingaRollingReload.................... 252
StartingaRollingUpgrade...............
....252
SavingSyslogMessages...................... 254
FlexiblePortMappinginStacking ...............
....256
ISCLIStackingCommands.......................258
10 CN4093 Application Guide for N/OS 8.4
Chapter 14. Virtualization . . . . . . . . . . . . . . . . . . . . 259
Chapter 15. Virtual NICs . . . . . . . . . . . . . . . . . . . . . 261
vNICIDsontheSwitch........................ 262
vNICInterfaceNamesontheServer..............
.... 263
vNICUplinkModes......................... 266
vNICBandwidthMetering ..............
........ 268
vNICGroups............................ 269
vNICGroupsinDedicatedMode.......
........... 270
vNICGroupsinSharedMode................... 271
vNICTeamingFailover ...........
............. 272
vNICConfigurationExample..................... 274
vNICsforiSCSIonEmulexVirtualFabricAdapter .....
..... 277
vNICsforFCoEUsingtheEmulexVFA............... 278
Chapter 16. VMready . . . . . . . . . . . . . . . . . . . . . . 279
VECapacity....................
......... 279
VMGroupTypes........................... 280
LocalVMGroups .........
................ 280
ConfiguringaLocalVMGroup................. 280
DistributedVMGroups.........
............. 281
VMProfiles........................... 282
InitializingaDistributedVMGroup...
.............. 282
AssigningMembers ........................ 283
SynchronizingtheConfiguration........
.......... 283
RemovingMemberVEs...................... 283
VMcheck .............
................. 284
BasicValidation......................... 284
AdvancedValidation....
................... 285
VirtualDistributedSwitch ....................... 286
Prerequisites....
....................... 286
Guidelines ..........................
.. 286
MigratingtovDS ......................... 287
VirtualizationManagementServers..................
. 288
AssigningavCenter........................ 288
vCenterScans....................
...... 289
DeletingthevCenter....................... 289
ExportingProfiles.................
........ 289
VMwareOperationalCommands.................. 290
Pre‐ProvisioningVEs.................
........ 290
VLANMaps ............................. 291
VMPolicyBandwidthControl........
............. 292
VMPolicyBandwidthControlCommands .............. 292
BandwidthPoliciesvs.BandwidthShaping .............
293
VMreadyInformationDisplays .................... 293
LocalVEInformation....................... 293
vCenterHypervisorHosts ..................... 294
vCenterVEs........................
... 295
vCenterVEDetails........................ 296
VMreadyConfigurationExample..................
.. 297
© Copyright Lenovo 2017 Contents 11
Chapter 17. FCoE and CEE . . . . . . . . . . . . . . . . . . . . 299
FibreChanneloverEthernet......................30 0
TheFCoETopology.....................
...300
FCoERequirements ........................301
ConvergedEnhancedEthernet .................
....302
TurningCEEOnorOff ...................... 302
EffectsonLinkLayerDiscoveryProtocol..............
.302
Effectson802.1pQualityofService.................303
EffectsonFlowControl.....................
. 304
FCoEInitializationProtocolSnooping..................305
FIPSnoopingRequirements....................305
PortAggregation.
........................306
GlobalFIPSnoopingSettings.................... 306
FIPSnooping
forSpecificPorts...................306
FIPSLAGSupportonServerPorts ................. 307
PortFCFandENode
Detection................... 307
FCoEConnectionTimeout ..................... 308
FCoEACLRules ...
......................308
FCoEVLANs ...........................
309
ViewingFIPSnoopingInformation .................309
OperationalCommands......................310
FIPSnoopingConfiguration .
...................310
Priority‐BasedFlowControl......................312
Globalvs.Port‐by‐
PortPFCConfiguration ..............313
PFCConfigurationExample ....................314
EnhancedTransmissionSelection ........
............ 316
802.1pPriorityValues .......................316
PriorityGroups ..........
................317
PGID ............................ 317
AssigningPriorityValuestoa
PriorityGroup........... 318
DeletingaPriorityGroup....................318
AllocatingBandwidth...........
..........319
ConfiguringETS.........................320
DataCenterBridgingCapabilityExcha nge .........
.......322
DCBXSettings ..........................322
EnablingandDisablingDCBX ..........
.......323
PeerConfigurationNegotiation .................323
ConfiguringDCBX .....................
...324
FCoEExampleConfiguration ..................... 326
Chapter 18. Fibre Channel . . . . . . . . . . . . . . . . . . . . 329
Ethernetvs.FibreChannel..................
.....330
SupportedSwitchRoles ........................331
NPVGateway...............
........... 331
Full‐FabricFC/FCoESwitch.................... 332
Limitations ...............
............. 332
12 CN4093 Application Guide for N/OS 8.4
ImplementingFibreChannel...................... 333
PortModes ........................
... 333
FibreChannelVLANs ....................... 334
PortMembership....................
..... 334
SwitchingMode......................... 335
NPVGateway ...............
........... 336
NPVPortTrafficMapping................... 33 6
NPVDisruptiveLoad‐Balancing ............
.... 336
Limitations .......................... 337
FullFabricMode................
......... 338
FullFabricZoning....................... 338
Zones...............
............. 338
E‐Ports............................ 341
OptimizedFCoETrafficFlow ....
.............. 342
StorageManagementInitiativeSpecification(SMI‐S) ......... 343
Restrictions.....................
..... 343
FibreChannelConfiguration...................... 344
ConfigurationGuidelines..................
... 344
Example1:NPVGateway..................... 344
Example2:FullFabricFC/FCoESwitch ............... 346
FibreChannelStandardProtocolsSupported ............... 348
Chapter 19. Edge Virtual Bridging . . . . . . . . . . . . . . . . . 349
EVBOperationsOverview....................... 350
VSIDBSynchronization...
................... 350
VLANBehavior ......................... 351
DeletingaVLAN
....................... 351
ManualReflectiveRelay...................... 352
EVBConfiguration
.......................... 353
ConfiguringEVBinStackingMode...................
355
Limitations............................. 356
Unsupportedfeatures.................
...... 356
Chapter 20. Static Multicast ARP . . . . . . . . . . . . . . . . . 357
ConfiguringStaticMulticastARP.................... 358
ConfigurationExample ..................
.... 358
Limitations............................. 360
Chapter 21. Unified Fabric Port . . . . . . . . . . . . . . . . . . 361
UFPLimitations............
............... 362
VirtualPortsModes ......................... 363
vPort‐S‐TagMapping ...
.................... 363
vPort‐VLANMapping ....................... 363
UFPvPortMode.
........................ 363
TunnelMode........................
. 364
802.1QTrunkMode...................... 364
AccessMode ......................
... 365
FCoEMode.......................... 36 5
Auto‐VLANMode ................
...... 365
© Copyright Lenovo 2017 Contents 13
UFPBandwidthProvisioning .....................366
EnhancedTransmissionSelectionmode...............366
UFPStrictBandwidthProvisioningmode..
............ 367
UsingUFPwithOtherCN409310GbConvergedScalableSwitchFeatures .. 368
Layer2Failover.......................
...368
IncreasedVLANLimits ......................368
PrivateVLANs ....................
......368
VMReady ............................369
802.1Qbg..............
...............369
UFPConfigurationExamples......................370
Example1:AccessMode.......
...............370
Example2:TrunkMode......................371
Example3:Auto‐VLANModewithVMready .
........... 373
Example4:Auto‐VLANModewithEdgeVirtualBridging ....... 374
Example5:TunnelMode....................
..375
Example6:FCoEMode......................376
Example7:PrivateVLAN Conf iguration ...............377
Example8:
Layer2FailoverConfiguration ..............37 9
Example9:8vPortswithETSbandwidthprovisioningmode......380
Chapter 22. Switch Partition . . . . . . . . . . . . . . . . . . . 383
SPARProcessingModes ..............
.......... 384
LocalDomainProcessing......................384
Pass‐ThroughDomainProcessing ............
......385
Limitations .............................386
UnsupportedFeatures............
...........387
SPARVLANManagement .......................388
ExampleConfigurations ............
............389
PassThroughConfigurat ion ....................389
LocalDomainConfiguration............
........389
Part 5:. IP Routing. . . . . . . . . . . . . . . . . . . . . . . . 391
Chapter 23. Basic IP Routing . . . . . . . . . . . . . . . . . . . 393
IPRoutingBenefits ..........................393
RoutingBetweenIPSubnets .......
...............393
SubnetRoutingExample ......................395
UsingVLANstoSegregateBroadcastDomains ....
........ 397
BOOTPRelayAgent .........................399
BOOTPRelayAgentConfiguration..........
.......399
Domain‐SpecificBOOTPRelayAgentConfiguration..........400
DynamicHostConfigurationProtocol..................401
DHCPRelayAgent...
.....................401
DHCPRelayAgentConfiguration..................402
Chapter 24. Internet Protocol Version 6 . . . . . . . . . . . . . . . 403
IPv6Limitations ....
....................... 404
IPv6AddressFormat........................
. 405
14 CN4093 Application Guide for N/OS 8.4
IPv6AddressTypes ......................... 406
UnicastAddress....................
..... 406
MulticastAddress ........................ 406
AnycastAddress.................
........ 407
IPv6AddressAuto‐configuration.................... 408
IPv6Interfaces................
............ 409
NeighborDiscovery ......................... 410
Hostvs.Router .........
................. 411
SupportedApplications........................ 412
IPv6Configuration....
...................... 414
ConfigurationGuidelines..................... 414
IPv6ConfigurationExamples...
................. 414
IPv6ConfigurationExample1................. 414
IPv6ConfigurationExample2.......
.......... 415
Chapter 25. Using IPsec with IPv6 . . . . . . . . . . . . . . . . . 417
IPsecProtocols ............................ 418
UsingIPsecwiththeCN4093......
................ 419
SettingupAuthentication..................... 420
CreatinganIKEv2Proposal ......
............ 420
ImportinganIKEv2DigitalCertificate.............. 421
GeneratingaCertificateSigningRequest.............
421
GeneratinganIKEv2DigitalCertificate ............. 423
EnablingIKEv2PresharedKeyAuthentication .......... 424
SettingUpaKeyPolicy...........
........... 424
UsingaManualKeyPolicy..................... 426
UsingaDynamicKeyPolicy .........
........... 428
Chapter 26. Routing Information Protocol . . . . . . . . . . . . . 429
DistanceVectorProtocol ....................... 429
Stability ...........
.................... 429
RoutingUpdates........................... 430
RIPv1 .
............................... 430
RIPv2 ...................
............. 430
RIPv2inRIPv1CompatibilityMode .................. 430
RIPFeatures...........
.................. 431
PoisonReverse.......................... 431
TriggeredUpdates ..
...................... 431
Multicast ...........................
. 431
DefaultRoute.......................... 431
Metric ....................
.......... 431
Authentication .......................... 432
RIPConfigurationExample..........
............ 433
Chapter 27. Internet Group Management Protocol . . . . . . . . . . 435
IGMPSnooping........................... 436
IGMPGroups.....
..................... 437
IGMPv3............................
. 437
IGMPSnoopingConfigurationExample............... 438
StaticMulticastRouter....................... 439
© Copyright Lenovo 2017 Contents 15
IGMPRelay.............................440
ConfigurationGuidelines.................
....440
IGMPRelayConfigurationExample ................. 441
IGMPQuerier ........................
....442
IGMPQuerierConfigurationExample................442
AdditionalIGMPFeatures......................
. 443
FastLeave............................44 3
IGMPFiltering..................
........443
ConfiguringtheRange..................... 444
ConfiguringtheAction...............
......444
IGMPFilteringConfigurationExample.............. 444
Chapter 28. Multicast Listener Discovery . . . . . . . . . . . . . . 445
MLDTerms ........................
.....446
HowMLDWorks........................... 447
HowFloodingImpactsMLD ...........
.........448
MLDQuerier ........................... 448
QuerierElection ............
............ 448
DynamicMrouters........................44 9
MLDCapacityandDefaultValues......
.............450
ConfiguringMLD........................... 451
Chapter 29. Border Gateway Protocol . . . . . . . . . . . . . . . 453
InternalRoutingVersusExternalRouting...
............. 454
FormingBGPPeerRouters.......................45 5
WhatisaRouteMap?.....
....................456
IncomingandOutgoingRouteMaps ................ 457
Precedence .........
...................457
ConfigurationExample......................457
AggregatingRoutes....
....................459
RedistributingRoutes....................... 459
BGPAttributes...
......................... 460
LocalPreferenceAttribute.....................460
Metric(Multi‐ExitDiscriminator)Attribute ..............460
SelectingRoutePathsinBGP......................461
BGPFailoverConfiguration ...
...................462
DefaultRedistributionandRouteAggregationExample..........46 4
Chapter 30. OSPF . . . . . . . . . . . . . . . . . . . . . . . . 467
OSPFv2Overview............
..............467
TypesofOSPFAreas....................... 468
TypesofOSPFRoutingDevices ....
...............469
NeighborsandAdjacencies.....................470
TheLink‐StateDatabase ........
..............470
TheShortestPathFirstTree ....................471
InternalVersusExternalRouting ......
............471
16 CN4093 Application Guide for N/OS 8.4
OSPFv2ImplementationinEnterpriseNOS............... 472
ConfigurableParameters...................... 472
DefiningAreas.....
..................... 473
AssigningtheAreaIndex ................... 473
UsingtheAreaIDto
AssigntheOSPFAreaNumber........ 474
AttachinganAreatoaNetwork................. 474
InterfaceCost ..............
............ 475
ElectingtheDesignatedRouterandBackup............. 475
SummarizingRoutes................
....... 475
DefaultRoutes .......................... 476
VirtualLinks ..............
............. 477
RouterID ............................ 477
Authentication .....
..................... 478
ConfiguringPlainTextOSPFPasswords ............. 479
ConfiguringMD5Authenticati on ........
........ 480
HostRoutesforLoadBalancing................... 481
LoopbackInterfacesinOSPF..............
...... 481
OSPFFeaturesNotSupported ................... 482
OSPFv2ConfigurationExamples..................
.. 483
Example 1:SimpleOSPFDomain.................. 483
Example 2:VirtualLinks...................... 485
Configuring
OSPFforaVirtualLinkonSwitch#1......... 485
ConfiguringOSPFforaVirtualLinkonSwitch#2......... 486
OtherVirtualLinkOptions ...........
........ 48 8
Example 3:SummarizingRoutes.................. 488
VerifyingOSPFConfiguration ..................
. 490
OSPFv3ImplementationinEnterpriseNOS............... 491
OSPFv3DifferencesfromOSPFv2.................. 491
OSPFv3RequiresIPv6Interfaces...
............. 491
OSPFv3UsesIndependentCommandPaths........... 491
OSPFv3IdentifiesNeighborsbyRouterID ............ 491
OtherInternal
Improvements .................. 492
OSPFv3Limitations ........................ 492
OSPFv3ConfigurationExample...
............... 492
NeighborConfigurationExample................ 495
Chapter 31. Protocol Independent Multicast. . . . . . . . . . . . . 497
PIMOverview.............
............... 497
SupportedPIMModesandFeatures................. 498
BasicPIMSettings ..........
................ 499
GloballyEnablingorDisablingthePIMFeature............ 499
DefiningaPIMNetworkComponent...........
..... 499
DefininganIPInterfaceforPIMUse ................ 500
PIMNeighborFilters ..................
..... 500
AdditionalSparseModeSettings.................... 502
SpecifyingtheRendezvousPoint .................
. 502
InfluencingtheDesignatedRouterSelection............. 502
SpecifyingaBootstrapRouter................... 503
© Copyright Lenovo 2017 Contents 17
UsingPIMwithOtherFeatures .....................504
PIMwithACLsorVMAPs....................
. 504
PIMwithIGMP ..........................504
PIMConfigurationExamples...................
...505
Example1:PIM‐SMwithDynamicRP................505
Example2:PIM‐SMwithStaticRP ................
. 506
Example3:PIM‐DM ........................506
Part 6:. High Availability Fundamentals . . . . . . . . . . . . . . . 509
Chapter 32. Basic Redundancy . . . . . . . . . . . . . . . . . . 511
AggregationforLinkRedundancy................
...511
HotLinks..............................512
ForwardDelay.............
............. 512
Preemption............................512
FDBUpdate ......
.....................512
ConfigurationGuidelines.....................513
ConfiguringHotLinks....
...................513
Chapter 33. Layer 2 Failover . . . . . . . . . . . . . . . . . . . 515
AutoMonitoringLAGLinks...................... 516
VLANMonitor ..
........................ 516
AutoMonitorConfigurations .................... 516
SettingtheFailover
Limit ..................... 518
ManuallyMonitoringPortLinks....................519
MonitorPortState..
.......................519
ControlPortState........................
.519
L2FailoverwithOtherFeatures ....................520
LACP......................
........ 520
SpanningTreeProtocol......................520
ConfigurationGuidelines ...............
........521
AutoMonitorGuidelines......................521
ManualMonitorGuidelines..............
......521
ConfiguringLayer2Failover ......................522
AutoMonitorExample ................
......522
ManualMonitorExample..................... 522
Chapter 34. Virtual Router Redundancy Protocol . . . . . . . . . . . 523
VRRPOverview ................
........... 523
VRRPComponents........................ 524
VirtualRouter............
............. 524
VirtualRouterMACAddress. .................524
OwnersandRenters...........
........... 524
MasterandBackupVirtualRouter ................524
VirtualInterfaceRouter ................
....525
VRRPOperation.........................525
SelectingtheMasterVRRPRouter..............
....525
18 CN4093 Application Guide for N/OS 8.4
FailoverMethods........................... 526
Active‐ActiveRedundancy....................
. 527
Hot‐StandbyRedundancy..................... 527
VirtualRouterGroup......................
. 528
EnterpriseNOSExtensionstoVRRP.................. 529
VirtualRouterDeploymentConsiderations............... 530
AssigningVRRPVirtualRouterID .
................ 530
ConfiguringtheSwitchforTracking. ................ 530
HighAvailabilityConfigurations ..........
.......... 531
Active‐ActiveConfiguration .................... 531
Task1:ConfigureCN40931 ............
...... 53 2
Task2:ConfigureCN40932 .................. 533
Hot‐StandbyConfiguration.................
... 535
Task1:ConfigureCN40931 .................. 536
Task2:ConfigureCN40932 .................. 537
Part 7:. Network Management. . . . . . . . . . . . . . . . . . . 539
Chapter 35. Link Layer Discovery Protocol . . . . . . . . . . . . . 541
LLDPOverview... ........................ 542
LLDP‐StackingMode..................
..... 542
EnablingorDisablingLLDP...................... 543
GlobalLLDPSetting ...............
........ 543
TransmitandReceiveControl................... 543
LLDPTransmitFeatures.................
....... 544
ScheduledInterval ........................ 544
MinimumInterval..............
.......... 544
Time‐to‐LiveforTransmittedInformation.............. 545
TrapNotifications ..................
...... 545
ChangingtheLLDPTransmitState................. 546
TypesofInformationTransmitted..................
547
LLDPReceiveFeatures........................ 549
TypesofInformationReceived ...................
549
ViewingRemoteDeviceInformation................ 549
Time‐to‐LiveforReceivedInformation ............... 552
LLDPExampleConfiguration.....
................ 553
Chapter 36. Simple Network Management Protocol. . . . . . . . . . 555
SNMPVersion1........................... 556
SNMPVersion
3........................... 557
DefaultConfiguration....................
... 557
UserConfigurationExample.................... 558
View‐BasedConfigurations.................... 559
SecureAuditLogging....................... 561
© Copyright Lenovo 2017 Contents 19
ConfiguringSNMPTrapHosts..................... 562
SNMPv1TrapHostConfiguration..................562
SNMPv2TrapHostConfiguration.
.................563
SNMPv3TrapHostConfiguration..................564
SNMPMIBs.. .......
..................565
SwitchImagesandConfigurationFiles................ 573
LoadingaNewSwitchImage........
............ 574
LoadingaSavedSwitchConfiguration. ............... 574
SavingtheSwitchConfiguration.............
.....575
SavingaSwitchDump.......................575
Chapter 37. Service Location Protocol . . . . . . . . . . . . . . . 577
ActiveDADiscovery...............
........577
Chapter 38. System License Keys . . . . . . . . . . . . . . . . . 578
ObtainingActivationKeys .....................578
InstallingActivationKeys ..............
.......578
TransferringActivationKeys.................... 579
TrialKeys .................
........... 579
FlexiblePortMapping....................... 580
Chapter 39. Secure Input/Output Module . . . . . . . . . . . . . . 581
SIOMOverview.. ........
................. 582
SwitchAccessinSIOMMode ....................583
UsingSIOMwithStacking .....
................ 583
SIOMFeatureConsiderations....................585
CreatingaPolicySetting........
................586
ProtocolsAffectedbythePolicySetting............... 586
InsecureProtocols...........
............ 586
SecureProtocols........................587
InsecureProtocolsUnaffectedbySIOM .......
......587
ManagingUserAccounts....................... 589
UsingCentralizedSNMPv3ManagementwithSIOM.........589
ImplementingSNMPv3
withSIOM.................589
ImplementingSecureLDAP(LDAPS)..................591
EnablingLDAPS .......
..................591
DisablingLDAPS .........................592
SyslogsandLDAPS .
....................... 593
SIOMDependencies .........................
594
Part 8:. Monitoring . . . . . . . . . . . . . . . . . . . . . . . 595
Chapter 40. Remote Monitoring . . . . . . . . . . . . . . . . . . 597
RMONOverview ...........................597
RMONGroup1–Statistics..................
.....598
RMONGroup2–History........................ 599
HistoryMIBObjects ................
........ 599
ConfiguringRMONHistory .................... 599
20 CN4093 Application Guide for N/OS 8.4
RMONGroup3–Alarms ....................... 601
AlarmMIBObjects.....................
... 601
ConfiguringRMONAlarms.................... 601
AlarmExample1.....................
.. 601
AlarmExample2....................... 602
RMONGroup9–Events..................
...... 603
Chapter 41. sFLOW . . . . . . . . . . . . . . . . . . . . . . . 605
sFlowStatisticalCounters ....................... 605
sFlowNetworkSampling..............
......... 605
sFlowExampleConfiguration..................... 606
Chapter 42. Port Mirroring . . . . . . . . . . . . . . . . . . . . 607
PortMirroringBehavior..............
.......... 608
ConfiguringPortMirroring.................... 608
Part 9:. Appendices . . . . . . . . . . . . . . . . . . . . . . . 609
Appendix A. Glossary . . . . . . . . . . . . . . . . . . . . . . 611
Appendix B. Getting help and technical assistance. . . . . . . . . . 613
Appendix C. Notices . . . . . . . . . . . . . . . . . . . . . . 615
Trademarks.............
................ 617
ImportantNotes........................... 618
RecyclingInformation...
...................... 619
ParticulateContamination ....................... 620
TelecommunicationRegulatoryStatement.
............... 621
ElectronicEmissionNotices...................... 622
FederalCommunicationsCommission(FCC)Statement....
.... 622
IndustryCanadaClassAEmissionComplianceStatement ....... 622
AvisdeConformitéàlaRéglementationdʹIndustrieCanada...... 622
AustraliaandNewZealandClassAStatement .........
... 622
EuropeanUnion‐CompliancetotheElectromagneticCompatibilityDirective
623
GermanyClassAStatement.................... 623
JapanVCCIClassAStatement. .........
......... 624
JapanElectronicsandInformationTechnologyIndustriesAssociation
(JEITA) Statement......................... 625
KoreaCommunicationsCommission(KCC)Statement....
..... 625
RussiaElectromagneticInterference(EMI)ClassAstatement ...... 625
People’sRepublicofChinaClassAelectronicemissionstatement.... 625
TaiwanClassAcompliancestatement..............
.. 625
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 627
/
