Intel Switch 480T User Manual

®
Intel NetStructure™  
480T Routing Switch  
User Guide  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Contents  
Contents ................................................i  
Preface .................................................1  
Introduction ..................................................................... 1  
Related Publications .......................................................2  
1: Overview ..........................................3  
Summary of Features ..................................................... 3  
Full-Duplex Support..................................................... 5  
Virtual LANs (VLANs).................................................. 5  
Spanning Tree Protocol (STP) .................................... 5  
Quality of Service (QoS).............................................. 6  
Unicast Routing........................................................... 6  
IP Multicast Routing .................................................... 6  
Load Sharing............................................................... 7  
Software Licensing - Router License Keys .................. 7  
Basic Functionality ...................................................... 7  
Full Layer 3 Functionality ............................................ 8  
Verifying the Router License ....................................... 8  
Upgrading a Router License........................................ 8  
Physical Features ............................................................ 8  
Front View ................................................................... 8  
Rear View.................................................................... 9  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
O
N
T
E
N
T
S
AC Connector............................................................ 10  
Serial Number............................................................ 10  
Console Port.............................................................. 10  
Management Port...................................................... 10  
MAC Address ............................................................ 10  
Switch LEDs .............................................................. 10  
Software Factory Defaults ............................................12  
Media Types, Distances and Specifications ...............14  
Optical Output Power ................................................ 15  
2: Installation and Setup ................... 17  
Important Safety Information .......................................17  
Determining the Switch Location ................................18  
Installing the Switch ......................................................18  
Rack Mounting........................................................... 18  
Free-Standing............................................................ 20  
Connecting Equipment to the Console Port .............. 20  
Turning On the Switch .............................................. 20  
Checking the Installation ........................................... 20  
Logging In for the First Time ........................................21  
Upgrading Your Firmware ............................................22  
Installing the Gigabit Interface Connector (GBIC) ......22  
®
3: Using Intel Device View .............. 23  
Installing Intel Device View ..........................................23  
To Install Intel Device View ....................................... 24  
Starting the Windows§ Version ................................. 25  
Starting the Web Version........................................... 25  
Installing a New Device .................................................26  
To Install and Configure a New Switch for Management  
26  
Using the Device Tree ...................................................26  
Device Tree icons...................................................... 27  
To Add a Device to the Device Tree.......................... 28  
To Refresh the Device Tree ...................................... 28  
To Delete a Device from the Device Tree ................. 28  
To Find a Device in the Device Tree ......................... 28  
Losing Contact with a Device .................................... 29  
Managing a Switch ........................................................29  
ii  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Intel® NetStructure™ 480T Routing Switch User Guide  
Viewing RMON Information ..........................................30  
To View RMON Statistics .......................................... 31  
4: Using Web Device Manager .......... 33  
Enabling and Disabling Web Access ...........................33  
Setting Up Your Browser ..............................................34  
Accessing Web Device Manager ..................................35  
Navigating Web Device Manager .................................35  
Task Frame ............................................................... 35  
Content Frame........................................................... 36  
Browser Controls .......................................................36  
Status Messages .......................................................37  
Stand-alone Buttons ..................................................37  
Saving Changes .............................................................37  
Filtering Information ......................................................38  
Using the Get Command to Configure a VLAN ............38  
TFTP Server ...................................................................38  
5: Accessing the Switch .................... 39  
Understanding the Command Syntax .........................39  
Syntax Helper ............................................................ 40  
Command Completion with Syntax Helper................ 40  
Abbreviated Syntax ................................................... 40  
Command Shortcuts.................................................. 41  
Numerical Ranges ..................................................... 41  
Names ....................................................................... 41  
Symbols..................................................................... 42  
Line-Editing Keys ..........................................................43  
Command History ..........................................................44  
Common Commands ....................................................44  
Configuring Management Access ................................48  
User Account............................................................. 48  
Administrator Account ............................................... 48  
Prompt Text............................................................... 49  
Default Accounts ....................................................... 49  
Changing the Default Password ................................49  
Creating a Management Account.............................. 50  
Viewing Accounts ......................................................50  
Deleting an Account ..................................................51  
iii  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
O
N
T
E
N
T
S
Domain Name Service Client ........................................51  
Real-time Basic Connectivity Checking ......................52  
Ping ........................................................................... 52  
Traceroute ................................................................. 53  
Methods of Managing the Switch ................................53  
Using the Console Interface ...................................... 54  
Using the 10/100 UTP Management Port.................. 54  
Using Telnet ...................................................................54  
Connecting to Another Host Using Telnet ................. 55  
Configuring Switch IP Parameters............................. 55  
Using a BOOTP Server .............................................55  
Manually Configuring the IP Settings ........................56  
Disconnecting a Telnet Session ................................ 58  
Controlling Telnet Access.......................................... 58  
Using Access Profiles ...................................................59  
Creating an Access Profile ........................................ 59  
Access Profile Rules.................................................. 61  
Access Profile Example............................................. 61  
Using Web Device Manager .........................................61  
Controlling Web Access ............................................ 62  
Simple Network Management Protocol (SNMP) .........62  
Accessing Switch Agents .......................................... 63  
Supported MIBs......................................................... 63  
Configuring SNMP Settings....................................... 63  
Displaying SNMP Settings......................................... 66  
Authenticating Users ....................................................66  
RADIUS Client........................................................... 66  
Per-Command Authentication Using RADIUS ...........67  
Configuring RADIUS Client .......................................67  
RADIUS RFC 2138 Attributes ...................................70  
Configuring TACACS+ .............................................. 70  
Simple Network Time Protocol (SNTP) .......................72  
Configuring and Using SNTP .................................... 73  
SNTP Configuration Commands ............................... 77  
SNTP Example.......................................................... 77  
iv  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Intel® NetStructure480T Routing Switch User Guide  
6: Configuring Ports .......................... 79  
Configuring Ports ..........................................................79  
Changing Port Speed and Duplex Setting................. 80  
Random Early Detection (RED)................................. 80  
Turning Off Auto-negotiation for a GBIC Port............ 81  
Jumbo Frames ...............................................................81  
Enabling Jumbo Frames............................................ 82  
Path MTU Discovery.................................................. 82  
IP Fragmentation with Jumbo frames........................ 83  
IP Fragmentation within a VLAN ...............................83  
Load Sharing ..................................................................84  
Load Sharing Algorithms ........................................... 84  
Configuring Load Sharing.......................................... 85  
Load-Sharing Example .............................................. 86  
Verifying the Load Sharing Configuration.................. 86  
Port Commands .............................................................86  
Port-Mirroring ................................................................90  
Mirroring Combined with Load Sharing ..................... 90  
Mirroring IP Multicast Traffic...................................... 91  
Mirroring Bandwidth................................................... 91  
Mirroring and Flooding............................................... 91  
Mirroring and Download Configuration ...................... 91  
Port-Mirroring Commands ............................................91  
Port-Mirroring Example.............................................. 92  
Enterprise Discovery Protocol .....................................92  
EDP Commands........................................................ 93  
7: Virtual LANs (VLANs) ..................... 95  
Overview of Virtual LANs ..............................................95  
Benefits...................................................................... 95  
VLANs Help to Control Traffic ...................................96  
VLANs Provide Extra Security ...................................96  
VLANs Ease Device Change and Movement ............96  
Bi-directional Rate Shaping for Layer 3 Routed VLANs .  
96  
Types of VLANs .............................................................97  
Port-Based VLANs .................................................... 97  
Spanning Switches with Port-Based VLANs .............98  
Tagged VLANs .......................................................... 99  
Uses of Tagged VLANs ...........................................100  
v
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
O
N
T
E
N
T
S
Assigning a VLAN Tag ............................................100  
Mixing Port-Based and Tagged VLANs ...................102  
Protocol-Based VLANs............................................ 102  
Predefined Protocol Filters ......................................103  
Defining Protocol Filters ..........................................104  
Deleting a Protocol Filter .........................................105  
Precedence of Tagged Packets Over Protocol Filters....  
105  
VLAN Names ................................................................105  
Default VLAN........................................................... 106  
Renaming a VLAN................................................... 106  
Configuring VLANs on the Switch .............................106  
VLAN Configuration Examples................................ 108  
Example 1 ................................................................108  
Example 2 ................................................................109  
Example 3 ................................................................109  
Example 4 ................................................................109  
Example 5 ................................................................109  
Displaying VLAN Settings ..........................................110  
VLAN Statistics ............................................................111  
Deleting VLANs ...........................................................111  
VLAN Tunneling (vMANs) ...........................................111  
MAC-Based VLANs .....................................................114  
MAC-Based VLAN Guidelines................................. 114  
MAC-Based VLAN Limitations................................. 115  
MAC-Based VLAN Commands ............................... 116  
MAC-Based VLAN Example.................................... 116  
Timed Configuration Download, MAC-Based VLANs ....  
117  
Example ...................................................................118  
8: Forwarding Database (FDB) ......... 119  
Overview of the FDB ...................................................119  
IP FDB Performance ............................................... 119  
FDB Contents.......................................................... 120  
FDB Entry Types ..................................................... 120  
Dynamic Entries ......................................................120  
Non-aging Entries ....................................................120  
Permanent Entries ...................................................121  
Blackhole Entries .....................................................121  
vi  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Intel® NetStructure480T Routing Switch User Guide  
How FDB Entries Get Added................................... 121  
Associating a QoS Profile with an FDB Entry.......... 122  
Configuring FDB Entries .............................................122  
FDB Configuration Examples 123  
Displaying FDB Entries ...............................................124  
Removing FDB Entries ................................................124  
9: Spanning Tree Protocol (STP) ..... 125  
Overview of Spanning Tree Protocol .........................125  
Spanning Tree Domains .............................................125  
STP Configurations .....................................................126  
Configuring STP ...................................................... 129  
STP Configuration Example .................................... 132  
Displaying STP Settings .............................................132  
Disabling and Resetting STP ......................................133  
10: Quality of Service (QoS) ............ 135  
Overview of Policy-Based Quality of Service ...........135  
Random Early Detection.......................................... 136  
Policy-Based Routing and Route Load Sharing ...... 136  
Performance Impact ....................................................136  
Applications and Types of QoS .................................137  
Voice Applications ................................................... 137  
Video Applications ................................................... 137  
Critical Database Applications................................. 138  
Web Browsing Applications ..................................... 138  
File Server Applications........................................... 139  
Building Blocks ...........................................................139  
Assigning QoS Attributes ..........................................139  
QoS Profiles .................................................................140  
Configuring a QoS Profile........................................ 142  
Modifying a QoS Profile........................................... 144  
Traffic Groupings and Creating a QoS Policy ..........144  
IP-Based Traffic Groupings ..................................... 145  
MAC-Based Traffic Groupings................................. 145  
Permanent MAC Addresses ....................................146  
Dynamic MAC Addresses ........................................146  
Blackhole MAC Address ..........................................146  
Broadcast/Unknown Rate Limiting MAC Address ...147  
Verifying MAC-Based QoS Settings ........................147  
vii  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
O
N
T
E
N
T
S
Explicit Class of Service Traffic Groupings (802.1p and  
DiffServ)................................................................... 147  
Configuring 802.1p Priority ......................................148  
Observing 802.1p Information .................................148  
Replacing 802.1p Priority Information .....................149  
802.1p Commands ..................................................150  
Configuring DiffServ ................................................ 151  
Observing DiffServ Information ...............................152  
Changing DiffServ Code Point Assignments in the QoS  
Profile ......................................................................152  
Replacing DiffServ Code Points ..............................153  
DiffServ Example .....................................................156  
Physical and Logical Groupings .............................. 156  
Source Port ..............................................................156  
VLAN .......................................................................157  
Verifying Physical and Logical Groupings ...............157  
Verifying Configuration and Performance ................157  
QoS Monitor ............................................................ 158  
Real-Time Performance Monitoring .........................158  
Background Performance Monitoring ......................159  
Displaying QoS Information..................................... 159  
Modifying a QoS Policy ..............................................160  
QoS Profile Buffer .......................................................160  
Maximum QoS Buffer .............................................. 160  
Bandwidth Settings and Their Impact...................... 161  
Maximum bandwidth settings ..................................161  
Minimum bandwidth settings ...................................162  
Bi-directional Rate Shaping for Layer 3 Routed VLANs  
163  
Configuring Bi-Directional Rate Shaping................. 164  
Bi-Directional Rate Shaping Limitations .................. 165  
Bi-Directional Rate Shaping Commands................. 165  
11: Enterprise Standby Router Protocol  
(ESRP) .............................................. 167  
Overview ......................................................................167  
ESRP-Aware Switches............................................ 168  
ESRP Basics ................................................................168  
Multiple ESRP VLANs ............................................. 169  
Mixing Clients and Routers on ESRP VLANs.......... 169  
viii  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Intel® NetStructure480T Routing Switch User Guide  
Ensure that EDP is Enabled .................................... 169  
ESRP and Host Attached Ports............................... 169  
Open Shortest Path First and ESRP ....................... 169  
Determining the ESRP Master ....................................170  
ESRP Tracking ........................................................ 171  
ESRP VLAN Tracking ..............................................171  
ESRP Route Table Tracking ...................................171  
ESRP Ping Tracking ................................................171  
ESRP Election Algorithms ....................................... 172  
Master Switch Behavior........................................... 172  
Standby Switch Behavior......................................... 172  
Electing the Master Switch ...................................... 173  
Failover Time........................................................... 173  
ESRP Options ..............................................................174  
ESRP Host Attach ................................................... 174  
ESRP Domains........................................................ 175  
ESRP Groups .......................................................... 175  
Linking ESRP Switches ..............................................177  
Configuring ESRP and Multinetting ...........................177  
ESRP and Spanning Tree ...........................................177  
ESRP and VLAN Aggregation ....................................178  
ESRP Commands ........................................................179  
ESRP Examples ...................................................... 182  
Single VLAN Using Layer 2 and Layer 3 Redundancy ..  
182  
Multiple VLANs Using Layer 2 Redundancy ............184  
Displaying ESRP Information .....................................186  
ESRP Environment and Diagnostic Tracking .......... 186  
12: IP Unicast Routing .................... 189  
Overview of IP Unicast Routing .................................189  
Policy-Based Routing and Route Load-Sharing ...... 190  
Router Interfaces ..................................................... 191  
Populating the Routing Table .................................. 192  
Dynamic Routes ......................................................192  
Static Routes ...........................................................192  
Multiple Routes ........................................................193  
IP Route Sharing .....................................................193  
Route Map Support .....................................................193  
Route Map Support for OSPF Export ...................... 194  
ix  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
O
N
T
E
N
T
S
BGP and OSPF Route Map Support for Tagging.... 195  
BGP and OSPF Route Map Support for DSB Accounting  
195  
Proxy ARP ....................................................................196  
ARP-Incapable Devices........................................... 196  
Proxy ARP Between Subnets.................................. 196  
Relative Route Priorities .............................................197  
IP Multinetting ..............................................................198  
IP Multinetting Operation......................................... 199  
IP Multinetting Examples......................................... 200  
Configuring IP Unicast Routing .................................201  
Verifying the IP Unicast Routing Configuration ....... 202  
VLAN Aggregation ......................................................202  
VLAN Aggregation Properties ................................. 204  
VLAN Aggregation Limitations................................. 204  
SubVLAN Address Range Checking....................... 205  
Isolation Option for Communication Between subVLANs  
205  
VLAN Aggregation Commands ............................... 205  
VLAN Aggregation Example.................................... 206  
Verifying the VLAN Aggregation Configuration ....... 207  
Configuring DHCP/BOOTP Relay ..............................207  
Verifying the DHCP/BOOTP Relay Configuration ... 208  
UDP Forwarding ..........................................................208  
Configuring UDP Forwarding................................... 209  
UDP-Forwarding Example....................................... 209  
ICMP Packet Processing......................................... 209  
UDP-Forwarding Commands .................................. 210  
IP Commands ..............................................................211  
Routing Configuration Example ................................219  
Displaying Router Settings ........................................220  
Resetting and Disabling Router Settings ..................221  
13: RIP and OSPF ............................ 223  
Overview ......................................................................223  
Distinguishing RIP and OSPF ................................. 224  
Overview of RIP ...........................................................225  
Routing Table .......................................................... 225  
Split Horizon ............................................................ 225  
Poison Reverse ....................................................... 225  
x
Download from Www.Somanuals.com. All Manuals Search And Download.  
Intel® NetStructure480T Routing Switch User Guide  
Triggered Updates................................................... 226  
Route Advertisement of VLANs............................... 226  
RIP Version 1 Compared to RIP Version 2 ............. 226  
Overview of OSPF .......................................................226  
Link-State Database ................................................ 227  
Areas ....................................................................... 227  
Area 0 ......................................................................228  
Stub Areas ...............................................................228  
Not-So-Stubby-Areas (NSSAs) ...............................228  
Normal Area ............................................................229  
Virtual Links .............................................................229  
OSPF Database Overflow ....................................... 231  
OSPF Passive Interface ..............................................231  
Routing with OSPF ......................................................232  
Set the RouterID...................................................... 232  
Route Redistribution ...................................................232  
Configuring Route Redistribution............................. 233  
Redistributing Routes into OSPF .............................233  
Redistributing Routes into RIP ................................234  
OSPF Timers and Authentication ..............................235  
OSPF Password Encryption .......................................235  
Route Map Support .....................................................235  
Route Map Support for OSPF Export ...................... 236  
BGP and OSPF Route Map Support for Tagging.... 236  
BGP and OSPF Route Map Support for DSB Accounting  
237  
Configuring RIP ...........................................................237  
RIP Configuration Example ........................................240  
Displaying RIP Settings ..............................................242  
Resetting and Disabling RIP .......................................242  
Configuring OSPF .......................................................243  
OSPF Configuration Example ................................. 249  
Configuration for ABR1............................................ 250  
Configuration for IR1 ............................................... 251  
Displaying OSPF Settings ..........................................252  
Resetting and Disabling OSPF Settings ....................253  
xi  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
O
N
T
E
N
T
S
14: Border Gateway Protocol (BGP) 255  
Overview ......................................................................255  
BGP Attributes .............................................................256  
BGP Communities .......................................................256  
BGP Features ...............................................................257  
Route Reflectors...................................................... 257  
Route Confederations.............................................. 258  
Route Confederation Example ................................258  
Route Aggregation ......................................................262  
Using Route Aggregation ........................................262  
Route Map Support ................................................. 262  
Interior Gateway Protocol (IGP) Synchronization.... 262  
Using the Loopback Interface.................................. 263  
OSPF-to-BGP Route Redistribution ........................ 263  
BGP Peer Groups.................................................... 263  
BGP MD5 Authentication ............................................265  
BGP Password Encryption .........................................266  
Configuring BGP .........................................................266  
Displaying BGP Settings ............................................271  
Resetting and Disabling BGP .....................................272  
BGP Route Selection ..................................................273  
15: IP Multicast Routing .................. 275  
Overview ......................................................................275  
DVMRP Overview.................................................... 276  
PIM Overview .......................................................... 276  
PIM-DM ...................................................................276  
PIM Sparse Mode (PIM-SM) ...................................277  
Static Rendezvous Points (RPs) .............................277  
PIM Mode Translation ............................................. 277  
IP Multicast Cache Display...................................... 278  
IGMP Overview ............................................................278  
IGMP Snooping ....................................................... 278  
IGMP Leave Message .............................................279  
IGMP Display ...........................................................279  
IGMP Query Interval ................................................280  
IGMP Configuration Commands ................................280  
Configuring IP Multicasting Routing .........................282  
Configuration Examples .......................................... 285  
Configuration for IR1 ............................................... 285  
xii  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Intel® NetStructure480T Routing Switch User Guide  
PIM-SM Configuration Example .............................. 286  
Configuration for ABR1............................................ 287  
Displaying IP Multicast Routing Settings ..................287  
Deleting and Resetting IP Multicast Settings ...........288  
16: IPX Routing ............................... 291  
Overview of IPX ...........................................................291  
Router Interfaces ..................................................... 291  
IPX Encapsulation Types ........................................ 293  
IPX and IP .....................................................................293  
IP and IPX on the Same VLAN................................ 294  
Tagged IPX VLAN ................................................... 294  
IPX Load Sharing .................................................... 294  
Populating the Routing Table .................................. 295  
Dynamic Routes ......................................................295  
Static Routes ...........................................................295  
IPX/RIP Routing ...........................................................295  
GNS Support ........................................................... 296  
Routing SAP Advertisements .................................. 296  
Configuring IPX ...........................................................297  
Verifying IPX Router Configuration.......................... 297  
Protocol-Based VLANs for IPX................................ 298  
Tuning...................................................................... 298  
Tagged VLANs and IPX .......................................... 299  
IPX and Round-Robin Load Sharing ....................... 299  
IPX Performance Testing Using Traffic Generators 299  
IPX and Bi-Directional Rate Shaping....................... 299  
IPX Commands ............................................................300  
IPX Configuration Example ........................................304  
Displaying IPX Settings ..............................................305  
Resetting and Disabling IPX .......................................306  
17: Access Policies ......................... 309  
Overview of Access Policies ......................................309  
IP Access Lists ........................................................ 309  
Routing Access Policies .......................................... 310  
§
IPX Routing Access Policies .................................310  
Route Maps ............................................................. 311  
Using IP Access Lists .................................................311  
How IP Access Lists Work....................................... 312  
xiii  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
O
N
T
E
N
T
S
Precedence Numbers.............................................. 312  
Specifying a Default Rule ........................................ 312  
The Permit-Established Keyword ............................ 313  
Adding and Deleting Access List Entries................. 314  
Maximum Entries..................................................... 314  
Access Lists for ICMP .................................................314  
Security and Access Policies................................... 315  
Verifying Access List Configurations ....................... 315  
Access List Commands ..............................................315  
IP Access List Examples ............................................320  
Example 1: Using the Permit-Established Keyword 320  
Step 1 Deny IP Traffic ..........................................320  
Step 2 Allow TCP Traffic ......................................321  
Step 3 - Permit-Established Access List ..................322  
Example 2: Filtering ICMP Packets......................... 323  
Using Routing Access Policies ..................................323  
Creating an Access Profile ...................................... 324  
Configuring an Access Profile Mode ....................... 324  
Adding an Access Profile Entry ............................... 325  
Specifying Subnet Masks ........................................325  
Sequence Numbering ..............................................326  
Permit and Deny Entries ..........................................326  
Autonomous System Expressions ...........................326  
Deleting an Access Profile Entry .............................327  
Applying Access Profiles ......................................... 327  
Routing Access Policies for RIP.............................. 327  
Examples .................................................................328  
Routing Access Policies for OSPF .......................... 329  
OSPF Access Policy Example .................................330  
Routing Access Policies for DVMRP....................... 331  
DVMRP Example .....................................................332  
Routing Access Policies for PIM.............................. 332  
PIM Example ...........................................................333  
Routing Access Policies for BGP ............................ 333  
Making Changes to a Routing Access Policy ...........334  
Removing a Routing Access Policy ..........................334  
Routing Access Policy Commands ...........................335  
Using Route Maps .......................................................337  
Creating a Route Map ............................................. 338  
Add Entries to the Route Map ................................. 338  
Add Statements to the Route Map Entries .............. 338  
xiv  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Intel® NetStructure480T Routing Switch User Guide  
Route Map Operation .............................................. 341  
Route Map Example ................................................341  
Changes to Route Maps.......................................... 342  
Route Maps in BGP................................................. 343  
Route Map Commands............................................ 343  
18: Server Load Balancing (SLB) ..... 347  
Overview .......................................................................347  
SLB Components ........................................................347  
Nodes ...................................................................... 348  
Pools........................................................................ 348  
Virtual Servers ......................................................... 348  
Forwarding Modes .......................................................349  
Transparent Mode ................................................... 350  
Translational Mode .................................................. 352  
Port Translation Mode ............................................. 354  
GoGo Mode............................................................. 355  
VIP Network Advertisement ........................................356  
Balancing Methods ......................................................357  
Round-Robin ........................................................... 357  
Ratio ........................................................................ 358  
Ratio Weight ............................................................358  
Least Connections................................................... 358  
Priority ..................................................................... 359  
Basic SLB Commands ................................................359  
Advanced SLB Application Example .........................363  
Health Checking ..........................................................368  
Health check definitions........................................... 368  
Layer 3 Ping Check .................................................368  
Layer 4 Port Check ..................................................368  
Layer 7 HTTP Check ...............................................368  
Layer 7 FTP Check ..................................................368  
Layer 7 NNTP Check ...............................................369  
Layer 7 POP3, SMTP, and Telnet Check ................369  
Internal Health Checking ......................................... 369  
Ping-Check ..............................................................370  
TCP-Port-Check ......................................................370  
Service-Check .........................................................371  
GoGo Mode Health Checking ..................................372  
SLB Global Connection Timeout .............................374  
xv  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
O
N
T
E
N
T
S
External Health Checking........................................ 374  
Health Checks for Web Cache Redirection and Policy  
Based Routing......................................................... 375  
Layer 4 Flows .......................................................... 376  
Policy-Based Routing with Route Load-Sharing...... 376  
Layer 4 Destination Port.......................................... 376  
Maintenance Mode ......................................................377  
Persistence ..................................................................377  
Client Persistence.................................................... 377  
SLB Proxy Client Persistence ..................................377  
Sticky Persistence ................................................... 378  
Server Load Balancing with ESRP ............................378  
Configuring the Switches for SLB and ESRP.......... 380  
Combined SLB and ESRP failover.......................... 381  
Configuration of SLB with ESRP ............................. 382  
Web-Server Configuration....................................... 382  
Using High Availability System Features ..................382  
Redundant SLB ....................................................... 383  
Using Ping-Check.................................................... 383  
Configuring Active-Active Operation........................ 383  
Sample Active-Active Configuration ........................384  
Using Manual Fail-Back........................................... 387  
Using SLB High Availability ..................................... 387  
Configuring Clients ..................................................388  
Configuring Switches for SLB H/A ...........................388  
Notes on Configuring SLB H/A ................................390  
Web Server configuration ........................................391  
Advanced SLB Commands ........................................392  
Web Cache Redirection ..............................................398  
Flow Redirection...................................................... 398  
Precedence of Flow Redirection Rules ................... 399  
Flow Redirection Commands .................................. 400  
Flow Redirection Example....................................... 401  
19: Status Monitoring and Statistics .....  
403  
Status Monitoring ........................................................403  
Port Statistics ..............................................................405  
Port Errors ...................................................................406  
xvi  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Intel® NetStructure480T Routing Switch User Guide  
Port Monitoring Display Keys ....................................407  
Setting the System Recovery Level......................... 408  
Logging ........................................................................408  
Local Logging .......................................................... 410  
If not specified, info and higher priority messages dis-  
play. .........................................................................410  
Real-Time Display ...................................................411  
Remote Logging ...................................................... 411  
Logging Configuration Changes.............................. 412  
Logging Commands ................................................ 412  
RMON ............................................................................414  
RMON Features ...................................................... 415  
Statistics ..................................................................415  
History .....................................................................415  
Alarms .....................................................................416  
Events ......................................................................416  
Configuring RMON .................................................. 416  
RMON Probe with Security Features Enabled ........417  
Event Actions........................................................... 417  
20: Software Upgrade and Boot Options  
419  
Overview .......................................................................419  
Saving Configuration Changes ..................................419  
Upgrading Your Switch ...............................................420  
Starting a TFTP Server............................................ 420  
Upgrading the BootROM ......................................... 421  
Upgrading the Firmware .......................................... 422  
Downgrading Your Switch ....................................... 422  
Using TFTP to Upload the Configuration ..................423  
Using TFTP to Download the Configuration .............424  
Downloading a Complete Configuration .................. 424  
Downloading an Incremental Configuration............. 425  
Scheduled Incremental Configuration Download .... 425  
Remember to Save ......................................................426  
Accessing BootROM ...................................................426  
Boot Option Commands .............................................427  
xvii  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Intel® NetStructure480T Routing Switch User Guide  
A: Technical Specifications and  
Supported Limits............................... 431  
Technical Specifications .............................................431  
Supported Standards, RFCs and Protocols ..............433  
Supported Limits .........................................................434  
B: Troubleshooting............................ 439  
LEDs .............................................................................439  
Using the Command-Line Interface ...........................440  
Port Configuration .......................................................442  
OSPF (Open Shortest Path First) ...............................443  
VLANs ...........................................................................444  
VLAN Names ...........................................................445  
VLANs, IP Addresses and Default Routes ..............445  
STP ................................................................................445  
ESRP .............................................................................446  
Troubleshooting Tools ................................................446  
Debug Tracing ......................................................... 446  
TOP Command........................................................ 446  
C: Regulatory Information................. 447  
Compliance statements ..............................................447  
Warnings ......................................................................449  
Limited Hardware Warranty ........................................450  
D: Intel Customer Support ................ 461  
Index ................................................ 465  
xviii  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Intel® NetStructure480T Routing Switch User Guide  
List of Figures  
®
Figure 1.1: Intel NetStructure 480T routing switch  
(front) ........................................................................... 9  
®
Figure 1.2: Intel NetStructure 480T routing switch (with  
and without redundant power supply) ......................... 9  
Figure 2.1: Fitting the mounting bracket ........................ 19  
Figure 2.2: GBIC module (1000 Mbps ports) ................. 22  
®
Figure 7.1: Example of a port-based VLAN on the Intel  
NetStructure 480T routing switch .......................... 97  
Figure 7.2: Single port-based VLAN spanning two switches  
98  
Figure 7.3: Two port-based VLANs spanning two switches  
99  
Figure 7.4: Physical diagram of tagged and untagged traffic  
101  
Figure 7.5: Logical diagram of tagged and untagged traffic  
101  
Figure 7.6: Protocol-based VLANs .............................. 103  
Figure 7.7: vMAN Configuration ................................. 113  
Figure 9.1: Multiple Spanning Tree Domains - VLAN tag-  
ging for trunk connections ....................................... 127  
Figure 9.2: Tag-based STP configuration -Incorrect .... 128  
Figure 10.1: Ethernet packet encapsulation .................. 148  
Figure 10.2: IP packet header encapsulation ................ 151  
Figure 11.1: ESRP host attach ...................................... 175  
Figure 11.2: ESRP groups ............................................ 176  
Figure 11.3: ESRP example using Layer 2 and Layer 3 re-  
dundancy .................................................................. 183  
Figure 11.4: ESRP example using Layer 2 redundancy 184  
Figure 12.1: Routing between VLANs ......................... 191  
Figure 12.2: VLAN aggregation ................................... 203  
Figure 12.3: Unicast routing configuration example .... 219  
Figure 13.1: Virtual link for stub area .......................... 230  
Figure 13.2: Virtual link providing redundancy ........... 230  
Figure 13.3: Route redistribution .................................. 233  
Figure 13.4: RIP configuration example ....................... 241  
Figure 13.5: OSPF configuration example ................... 249  
xix  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
O
N
T
E
N
T
S
Figure 14.1: Route reflectors ........................................ 257  
Figure 14.2: Routing confederation .............................. 258  
Figure 15.1: IP multicast routing PIM-DM configuration ex-  
ample ........................................................................ 285  
Figure 15.2: IP multicast routing using PIM-SM configura-  
tion ........................................................................... 286  
Figure 16.1: IPX VLAN configuration ......................... 292  
Figure 16.2: IPX routing configuration example .......... 304  
Figure 17.1: Access list denies all TCP and UDP traffic ....  
321  
Figure 17.2: Access list allows TCP traffic .................. 321  
Figure 17.3: Host A initiates a TCP session to Host B . 322  
Figure 17.4: Permit-established access list filters out SYN  
packet to destination ................................................ 323  
Figure 17.5: ICMP packets are filtered out ................... 323  
Figure 17.6: RIP access policy example ....................... 328  
Figure 17.7: OSPF access policy example .................... 331  
Figure 17.8: Route maps ............................................... 341  
Figure 18.1: Transparent mode ..................................... 351  
Figure 18.2: Translational mode ................................... 353  
Figure 18.3: GoGo mode .............................................. 355  
Figure 18.4: Advanced SLB configuration ................... 364  
Figure 18.5: SLB using ESRP and dual-attached servers ...  
379  
Figure 18.6: Active-active configuration ...................... 385  
Figure 18.7: SLB failover configuration using SLB H/A ...  
388  
Figure 18.8: Flow-redirection example ........................ 401  
xx  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Intel® NetStructure480T Routing Switch User Guide  
List of Tables  
Table 1.1: Switch LEDs .................................................. 11  
Table 1.2: Global Factory Defaults ................................. 12  
Table 1.3: Media Types and Distances ........................... 14  
Table 1.4: 1000LH Specifications .................................. 15  
Table 4.1: Multi-Select List Box Key Definitions .......... 36  
Table 5.1: Command Syntax Symbols ........................... 42  
Table 5.2: Line-Editing Keys .......................................... 43  
Table 5.3: Common Commands ..................................... 44  
Table 5.4: Default Accounts ........................................... 49  
Table 5.5: DNS Commands ............................................ 51  
Table 5.6: Ping Command Parameters ........................... 52  
Table 5.7: Access Profile Configuration Commands ..... 59  
Table 5.8: SNMP Configuration Commands .................. 64  
Table 5.9: RADIUS® Commands ................................... 68  
Table 5.10: TACACS+ Commands ................................ 71  
Table 5.11: Greenwich Mean Time Offsets .................... 74  
Table 5.12: SNTP Configuration Commands ................. 77  
Table 6.1: Port Commands ............................................. 87  
Table 6.2: Port-Mirroring Configuration Commands ..... 91  
Table 6.3: EDP Commands ............................................ 93  
Table 7.1: ..................................................................... 105  
Table 7.2: VLAN Configuration Commands ............... 107  
Table 7.3: VLAN Delete and Reset Commands ........... 111  
Table 7.4: MAC-Based VLAN Commands .................. 116  
Table 8.1: FDB Configuration Commands ................... 122  
Table 8.2: Removing FDB Entry Commands ............... 124  
Table 9.3: STP Configuration Commands .................... 130  
Table 9.4: STP Disable and Reset Commands ............. 133  
Table 10.1: Traffic Type and QoS Guidelines .............. 139  
Table 10.2: Default QoS Profile Names and Queues ... 140  
Table 10.3: Default QoS Profiles .................................. 142  
Table 10.4: QoS Configuration Commands ................. 143  
Table 10.5: Traffic Groupings by QoS Mode ............... 144  
Table 10.6: 802.1p Priority Value-to-QoS Profile Mapping  
149  
xxi  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
O
N
T
E
N
T
S
Table 10.7: 802.1p Priority Value-to-Hardware Queue Map-  
ping ................................................................................ 150  
Table 10.8: 802.1p Configuration Commands .............. 150  
Table 10.9: Default Code Point-to-QoS Profile Mapping ..  
152  
Table 10.10: Default 802.1p Priority Value-to-Code Point  
Mapping ......................................................................... 154  
Table 10.11: DiffServ Configuration Commands ......... 155  
Table 10.12: QoS Monitor Commands ......................... 158  
Table 10.13: QoS Maximum Bandwidth Settings ........ 161  
Table 10.14: QoS Profile Minimum Bandwidth ........... 162  
Table 11.1: ESRP Commands ...................................... 179  
Table 12.1: Relative Route Priorities ............................ 197  
Table 12.2: VLAN Aggregation Commands ................ 206  
Table 12.3: UDP-Forwarding Commands .................... 210  
Table 12.4: Basic IP Commands ................................... 212  
Table 12.5: Route Table Configuration Commands ..... 214  
Table 12.6: ICMP Configuration Commands ............... 216  
Table 12.7: Router Show Commands ........................... 220  
Table 12.8: Router Reset and Disable Commands ....... 221  
Table 13.1: LSA Type Numbers ................................... 227  
Table 13.2: RIP Configuration Commands .................. 237  
Table 13.3: RIP Show Commands ................................ 242  
Table 13.4: RIP Reset and Disable Commands ............ 243  
Table 13.5: OSPF Configuration Commands ............... 244  
Table 13.6: OSPF Show Commands ............................ 252  
Table 13.7: OSPF Reset and Disable Commands ......... 253  
Table 14.1: BGP Configuration Commands ................. 266  
Table 14.2: BGP Show Commands .............................. 271  
Table 14.3: BGP Reset and Disable Commands .......... 272  
Table 15.1: IGMP Configuration Commands ............... 280  
Table 15.2: IP Multicast Routing Configuration Commands  
282  
Table 15.3: IP Multicast Routing Show Commands ... 287  
Table 15.4: IP Multicast Routing Reset and Disable  
Commands .................................................................... 288  
Table 16.1: IPX§ Encapsulation Types ......................... 293  
xxii  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Intel® NetStructure480T Routing Switch User Guide  
Table 16.2: IPX§ Protocol Filters and Encapsulation Types  
298  
Table 16.3: Basic IPX§ Commands ............................ 300  
Table 16.4: IPX§ /RIP Configuration Commands ........ 301  
Table 16.5: IPX§/SAP Configuration Commands ........ 302  
Table 16.6: IPX§ Show Commands .............................. 305  
Table 16.7: IPX§ Reset and Disable Commands ......... 306  
Table 17.1: Access List Configuration Commands ...... 316  
Table 17.2: Regular Expression Notation ..................... 326  
Table 17.3: Routing Access Policy Configuration Com-  
mands ............................................................................. 335  
Table 17.4: Match Operation Keywords ....................... 339  
Table 17.5: Set Operation Keywords ............................ 340  
Table 17.6: Route Map Commands .............................. 344  
Table 18.1: Forwarding Mode Feature Summary ......... 350  
Table 18.2: Basic SLB Commands ............................... 359  
Table 18.3: Service-Check Parameters ......................... 371  
Table 18.4: Advanced SLB Commands ....................... 392  
Table 18.5: Example #1: Flow Redirection Rules ........ 399  
Table 18.6: Example #2: Flow Redirection Rules ........ 400  
Table 18.7: Flow Redirection Commands .................... 400  
Table 19.1: Status Monitoring Commands .................. 404  
Table 19.2: Port Monitoring Display Keys .................. 407  
Table 19.3: Fault Levels .............................................. 409  
Table 19.4: Fault Log Subsystems ............................... 409  
Table 19.5: Logging Commands .................................. 412  
Table 19.6: Event Actions ........................................... 417  
Table 20.1: Boot Option Commands ........................... 427  
Table A.1: Specifications .............................................. 431  
Table A.2: Supported Standards, RFCs and Protocols . 433  
Table A.3: Supported Limits ........................................ 434  
xxiii  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
O
N
T
E
N
T
S
xxiv  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Preface  
This preface provides an overview of this user guide, describes guide  
conventions, and lists other useful publications.  
Introduction  
®
This user guide provides the information you need to configure the Intel  
NetStructure480T routing switch.  
Information in the “Late  
Breaking News” shipped  
with your switch is more  
up to date than the  
It is intended for use by network administrators who are responsible for  
installing and setting up network equipment, and assumes a basic working  
knowledge of:  
Local Area Networks (LANs)  
Ethernet concepts, including switching and bridging  
Routing  
information in this guide.  
Internet Protocol (IP)  
Routing Information Protocol (RIP) and Open Shortest Path First  
(OSPF)  
Border Gateway Protocol (BGP-4)  
IP Multicast  
Distance Vector Multicast Routing Protocol (DVMRP)  
Protocol Independent Multicast (PIM)  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Internet Packet Exchange (IPX)  
Server Load Balancing (SLB)  
Simple Network Management Protocol (SNMP)  
Related Publications  
For further information refer to these publications:  
Command Line Interface Reference Guide  
Intel® NetStructure480T Routing Switch Quick Start Guide  
Late Breaking News  
Documentation for Intel products is available on the World Wide  
Web at the Intel support home page:  
http://support.intel.com  
2
Download from Www.Somanuals.com. All Manuals Search And Download.  
1
Overview  
®
The Intel NetStructure480T routing switch uses a powerful, full-  
featured software operating system for local management of the switch.  
This chapter offers an overview of the switch operation and covers these  
topics:  
Summary of features  
Software licensing  
Hardware specifications and factory defaults  
Media types  
Summary of Features  
The features of the 480T routing switch include:  
Virtual local area networks (VLANs) including support for IEEE  
802.1Q and IEEE 802.1p (priority queuing)  
VLAN aggregation  
Spanning Tree Protocol (STP) (IEEE 802.1D) with multiple STP  
domains  
Policy-Based Quality of Service (PB-QoS)  
Wire-speed IP routing  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
IP Multinetting  
Dynamic Host Configuration Protocol (DHCP)/Bootstrap Protocol  
(BOOTP) Relay  
Enterprise Standby Router Protocol (ESRP)  
RIP (Routing Information Protocol) version 1 and version 2  
OSPF (Open Shortest Path First) routing protocol  
BGP-4  
Wire-speed IP multicast routing support  
Diffserv (Differentiated Services) protocol support  
Access policy support for routing protocols  
Access list support for packet filtering  
IGMP (Internet Group Management Protocol) snooping to control  
IP multicast traffic  
DVMRP (Distance Vector Multicast Routing Protocol)  
Protocol Independent Multicast-Dense Mode (PIM-DM)  
Protocol Independent Multicast-Sparse Mode (PIM-SM)  
Wire-speed IPX§, IPX/RIP, and IPX/Service Advertising Protocol  
(SAP) support  
SLB support  
Load sharing (link aggregation) on multiple ports  
RADIUS (Remote Authorization Dial-In User Service) client and  
per-command authentication support  
TACACS+ (Terminal Access Controller Access Control System)  
support  
Console command line interface (CLI) connection  
Telnet CLI connection  
Web-based management interface  
Simple Network Management Protocol (SNMP) support  
RMON (Remote Monitoring)  
Traffic mirroring for all ports  
Intel® Device View (IDV) support  
4
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1
Overview  
Full-Duplex Support  
The 480T routing switch provides full-duplex support for all ports.  
Full-duplex mode allows frames to be transmitted and received  
simultaneously and, in effect, doubles the bandwidth available on a  
link. All 100/1000 Mbps ports on the 480Tswitch autonegotiate for  
half-duplex or full-duplex operation.  
The 1000BASE-SX, 1000BASE-LX and 1000LH ports operate in  
full-duplex mode only.  
Virtual LANs (VLANs)  
The local management software has a VLAN feature that enables you  
to construct your broadcast domains without being restricted by  
physical connections. A VLAN is a group of location and topology-  
independent devices that communicate as if they were on the same  
physical LAN.  
Implementing VLANs on your network has three advantages:  
Better broadcast traffic control - If a device in VLAN Marketing  
transmits a broadcast frame, only VLAN Marketing devices  
receive the frame.  
See Chapter 7, "Virtual  
LANs (VLANs)" on  
page 95.  
Extra security - Devices in VLAN Marketing can only  
communicate with devices in VLAN Sales using routing services.  
Easier to change or move devices on your networks.  
Spanning Tree Protocol (STP)  
The 480T routing switch supports the IEEE 802.1D Spanning Tree  
Protocol (STP), a bridge-based method of providing fault tolerance  
on networks. STP enables you to implement parallel paths for  
network traffic, and ensure that redundant paths are:  
See Chapter 9,  
"Spanning Tree  
Protocol (STP)" on  
page 125.  
Disabled when the main paths are operational.  
Enabled if the main traffic paths fail.  
A single spanning tree may span multiple VLANs.  
5
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Quality of Service (QoS)  
See Chapter 10,"Quality  
of Service (QoS)" on  
page 135.  
The local management software has Policy-Based Quality of Service  
(QoS) features that enable you to specify service levels for different  
traffic groups. By default, all traffic is assigned a normal QoS policy  
profile.  
You can create other QoS policies and apply them to different traffic  
types so that they have different guaranteed minimum bandwidth,  
maximum bandwidth, and priority.  
Unicast Routing  
The 480T routing switch can route IP or IPX traffic between VLANs  
that are configured as virtual router interfaces. Both dynamic and  
static IP routes are maintained in the routing table. The routing  
protocols supported include:  
See IP Unicast  
Routingon page 189.  
RIP version 1  
RIP version 2  
OSPF-2  
IPX/RIP  
BGP-4  
For further information consult these chapters:  
"IP Unicast Routing" on page 189  
"RIP and OSPF" on page 223  
"Border Gateway Protocol (BGP)" on page 255  
"IPX Routing" on page 291  
IP Multicast Routing  
See IP Multicast  
Routingon page 275.  
The 480T routing switch enables you to use IP multicasting to allow  
a single IP host to transmit a packet to a group of IP hosts. It supports  
multicast routes learned by way of the Distance Vector Multicast  
Routing Protocol (DVMRP) or Protocol Independent Multicast,  
dense or sparse mode (PIM-DM or PIM-SM).  
6
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1
Overview  
Load Sharing  
See Configuring Ports”  
on page 79.  
Load sharing allows you to increase bandwidth and resiliency by  
using a group of ports to carry traffic in parallel between systems. The  
switchs sharing algorithm allows you to use multiple ports as a  
single logical port.  
For example, VLANs treat the load-sharing group as a single virtual  
port.  
Software Licensing - Router  
License Keys  
You can expand the feature set of your switch using a license key.  
The keys are unique to the 480T routing switch and are not  
transferable. Keys are stored in NVRAM and, once entered, persist  
through reboots, software upgrades, and later reconfigurations.  
In the firmware, routing protocol support is separated into two sets:  
Basic  
Full Layer 3.  
Basic is a subset of Full Layer 3.  
Basic Functionality  
Basic functionality requires no license key. It includes all switching  
functions, as well as all available Layer 3 QoS, access list, and ESRP  
functions.  
Basic includes support for these Layer 3 routing functions:  
IP routing using RIP version 1, RIP version 2, or both  
IP routing between directly attached VLANs  
IP routing using static routes  
7
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Full Layer 3 Functionality  
Switches using a Full Layer 3 license also support other routing  
protocols and functions in addition to Basic functions, including:  
IP routing using OSPF  
IP multicast routing using DVMRP  
IP multicast routing using PIM (Dense or Sparse Mode)  
IPX routing (direct, static, and dynamic using IPX/RIP and IPX/  
SAP)  
IP routing using BGP  
Server load balancing (SLB)  
Web cache redirection  
Verifying the Router License  
To verify the router license, use the show switchcommand.  
Upgrading a Router License  
You can upgrade the router license of a switch by purchasing a  
voucher from Intel. The voucher contains instructions on obtaining a  
license key from the Intel web site at support.intel.com.  
Once a license key is entered, it is not necessary to enter the  
information again. We recommend keeping the upgrade voucher for  
your records.  
Physical Features  
Front View  
Figure 1.1 shows the switch front view.  
The 480T routing switch has 12 100/1000-Mbps ports, and four 1000  
Mbps-only ports. Ports 13 through 16 use modular GBIC connectors.  
8
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1
Overview  
100/1000 Mbps ports  
Unit status LEDs  
®
1
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
9
10  
11  
12  
13  
14  
15  
16  
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Port status LEDs  
GBIC ports  
480t_fr  
®
Figure 1.1: Intel NetStructure480T routing switch (front)  
For information on  
switch LEDs, refer to  
Rear View  
Figure 1.2 shows two rear view configurations. The second has a  
redundant power supply.  
"Switch LEDs" on page  
10.  
AC Connector  
Reset  
Console port  
N232  
100-120/200-240  
MADE IN USA  
with partial foreign content  
130116-00 Rev01  
Management port  
Reset Console port  
AC Connectors  
Primary Power  
N232  
100-120/200-240  
MADE IN USA  
with partial foreign content  
130116-00 Rev01  
Redundant Power  
Management port  
480t_rr2  
®
Figure 1.2: Intel NetStructure480T routing switch (with and  
without redundant power supply)  
9
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
AC Connector  
The 480T routing switch automatically adjusts to the supply voltage.  
The power supply unit (PSU) operates down to 100V, and is suitable  
for both 110 VAC and 200-240 VAC operation.  
Serial Number  
Use this serial number for fault-reporting purposes.  
Console Port  
Use the console port (9-pin, D-type connector) for connecting a  
terminal and carrying out local out-of-band management.  
For information on  
Management Port  
supported media types  
and distances, refer to  
Table 1.3 on page 14.  
The management port (RJ-45 connector) is a 10/100 Mbps Ethernet  
connection used for out-of-band management.  
MAC Address  
This label shows the unique Ethernet MAC address assigned to this  
device.  
Switch LEDs  
Table 1.1 describes the light emitting diode (LED) behavior on the  
480T routing switch.  
10  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1
Overview  
.
Table 1.1: Switch LEDs  
LED Color  
1000BASE-X Port Status LEDs (GBIC LEDs)  
Indicates  
Link/activity  
Green  
Orange  
Link is present; port is enabled.  
Frames are being transmitted/received on this  
port.  
Green flashing (steady)  
Off  
Link is present; port is disabled.  
Link is not present.  
100/1000BASE-T Port Status LEDs  
Link/activity  
Green  
Orange  
Link is present; port is enabled.  
Frames are being transmitted/received on the port.  
Link is present; port is disabled.  
Link is not present.  
Green flashing (steady)  
Off  
Speed Status  
Green  
Off  
1000 BASE-T operation.  
100 BASE-TX operation.  
10/100 Management Port Status LEDs  
Link/activity  
Green  
Orange  
Off  
Link is present.  
Frames are passing through this port.  
Link is not present.  
Unit Status LEDs  
Power 1 and  
Power 2  
Green  
Either or both LEDs green indicates the 480T  
routing switch is powered up.  
Orange  
An orange power LED indicates a power,  
overheat, or fan failure on the corresponding  
power supply unit.  
Off  
Both LEDs off indicates the switch is powered off.  
MGMT  
Green flashing (slow)  
Green flashing (fast)  
Orange  
The 480T routing switch is operating normally.  
POST is in progress.  
The switch has failed POST.  
11  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Software Factory Defaults  
Table 1.2 lists factory defaults for global features.  
Table 1.2: Global Factory Defaults  
Item  
Default Setting  
Serial or Telnet user account  
Web network management  
Telnet  
adminwith no password and userwith no password  
Enabled  
Enabled  
Enabled  
public  
private  
SNMP access  
SNMP read community string  
SNMP write community string  
RMON  
Enabled  
BOOTP  
Enabled on the default VLAN  
Disabled. If enabled, all traffic is part of the default queue  
Automatic roving  
Quality of Service (QoS)  
QoS monitoring  
802.1p priority  
Recognition enabled  
802.3x flow control  
CLI idle timeout  
Virtual LANs  
Enabled on 1000 Mbps Ethernet ports  
Enabled (15 minutes)  
Three VLANs pre-defined. VLAN named default  
contains all ports and belongs to the STPD named s0.  
VLAN mgmt operates on the 10/100 Ethernet  
management port. The management port is DTE only,  
and is not capable of switching or routing.  
VLAN MacVLanDiscover is active only when using  
MAC VLAN.  
12  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1
Overview  
Table 1.2: Global Factory Defaults (continued)  
Item  
Default Setting  
802.1Q tagging  
Spanning Tree Protocol  
Packets are untagged on the default VLAN.  
®
Disabled for the Intel NetStructure480T routing  
switch; enabled for each port in the STPD  
Forwarding database aging period 300 seconds (5 minutes)  
IP Routing  
RIP  
Disabled  
Disabled  
Disabled  
Disabled  
Enabled  
Enabled  
Disabled  
Disabled  
Disabled  
Disabled  
Disabled  
Disabled  
Disabled  
Disabled  
Disabled  
Disabled  
OSPF  
IP multicast routing  
IGMP  
IGMP snooping  
DVMRP  
PIM  
IPX§ routing  
NTP  
DNS  
Port mirroring  
Server load balancing  
Web Cache Redirection  
ESRP  
BGP-4  
13  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Media Types, Distances and  
Specifications  
Table 1.3 describes the media types and distances (cable lengths) for  
the different types of switch ports.  
Table 1.3: Media Types and Distances  
M Hz/Km  
Rating  
Maximum  
Distance  
Type  
Media  
1000BASE-SX  
50/125 µm Multimode Fiber  
50/125 µm Multimode Fiber  
62.5/125 µm Multimode Fiber  
62.5/125 µm Multimode Fiber  
400  
500  
160  
200  
500 Meters  
550 Meters  
220 Meters  
275 Meters  
1000BASE-LX  
50/125 µm Multimode Fiber  
50/125 µm Multimode Fiber  
62.5/125 µm Multimode Fiber  
10µ Single-mode Fiber  
400  
500  
500  
550 Meters  
550 Meters  
550 Meters  
5 Kilometers  
1000LH  
10µ Single-mode Fiber  
70 Kilometers  
1000BASE-T  
100BASE-TX  
10BASE-T  
Category 5 and higher UTP Cable  
Category 5 and higher UTP Cable  
Category 3 and higher UTP Cable  
100 Meters  
100 Meters  
100 Meters  
14  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1
Overview  
Table 1.4 describes the specifications for the 1000B-LH interface.  
Table 1.4: 1000LH Specifications  
Parameter  
Minimum  
Typical  
Maximum  
Transceiver  
Optical Output Power  
Center Wavelength  
0 dBm  
3 dBm  
5 dBm  
1540 nm  
1550 nm  
1560 nm  
Receiver  
Optical Input Power Sensitivity  
Optical Input Power Maximum  
Operating Wavelength  
-20 dBm  
1200nm  
-3d Bm  
1560 nm  
Optical Output Power  
The minimum cable  
length without a 10 dB  
attenuator is 32  
kilometers.  
The transmitter output power level for the 1000-LH is +5dBm. The  
maximum allowable receiver input power level is -3dBm. Therefore,  
there is a minimum of 8dB loss required for the link to operate  
without errors. You can achieve this minimum required loss using a  
fiber length of 32km (0.25dB/km provides 8dB loss), or by adding  
10dB of fixed optical attenuator at the receiver end.  
15  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
16  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Installation and  
Setup  
2
This chapter describes:  
Determining the Switch Location  
Installing the Switch  
Connecting Equipment to the Console Port  
Checking the Installation Using the Power-On Self Test (POST)  
Logging In for the First Time  
Upgrading Your Firmware  
Installing the Gigabit Interface Connector (GBIC)  
Important Safety Information  
Safety related  
There are no user serviceable parts on the Intel® NetStructure480T  
specifications are provided routing switch. The switch uses Class 1 laser technology. The ports emit  
in Appendix A, "Technical  
Specifications and  
Supported Limits" on page  
431.  
invisible infrared light. Do not look directly into open ports.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Determining the Switch Location  
The 480T routing switch can be free standing or mounted in a  
standard 19-inch equipment rack. Mounting brackets are supplied  
with the switch.  
When deciding where to install the switch, ensure that:  
The switch is accessible and you can connect cables easily.  
Water or moisture cannot enter the case of the unit.  
Air flow around the unit and through the side vents is not  
restricted.  
The switch has a minimum of 25 mm (1-inch) clearance.  
Units are not stacked more than four high if the switch is free-  
standing.  
Installing the Switch  
You can mount the switch in a rack or place it free-standing on a  
tabletop.  
Caution: Do not  
suspend the switch  
from under a table or  
desk, or attach it to a  
wall.  
Rack Mounting  
To rack mount the 480T routing switch:  
1
2
3
Place the switch upright on a hard flat surface, with the front  
facing you.  
Remove the screws (4 each side) from the sides of the chassis  
and retain for Step 4.  
Place the mounting bracket over the mounting holes on one side  
of the unit.  
18  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
2
Installation and Setup  
4
Replace the screws and fully tighten with a screwdriver, as  
shown in Figure 2.1.  
®
480t_028  
Figure 2.1: Fitting the mounting bracket  
5
6
Repeat the two previous steps for the other side of the switch.  
Insert the switch into the 19-inch rack. Ensure that ventilation  
holes are not obstructed.  
7
8
Secure the switch with rack mount screws (not provided).  
Remove the label over the AC connector and attach the power  
cord.  
9
Attach the cables according to your own network configuration.  
Many performance problems are caused by improper cabling. Pay  
careful attention to distance and cable type restrictions. See Media  
Types, Distances and Specificationson page 14.  
19  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Free-Standing  
The 480T routing switch is supplied with four self-adhesive rubber  
pads.  
You can stack up to  
four switches on top of  
one another.  
1
2
Apply the pads to the underside of the device by sticking a pad  
in the marked area at each corner of the switch.  
Place the devices on top of one another, ensuring that the cor-  
ners align.  
Connecting Equipment to the Console Port  
For direct local management, connect to the console port. The 480T  
routing switch console port settings are set as follows:  
Baud rate9600  
Data bits8  
Stop bit1  
ParityNone  
Flow controlXON/XOFF  
Be sure the terminal connected to the console port on the switch is  
configured with the same settings. This procedure is described in the  
documentation supplied with the terminal or terminal emulation  
software.  
Turning On the Switch  
To turn on power to the switch, connect the AC power cable to the  
switch and then to the power outlet. The switch has no on/off switch.  
Checking the Installation  
After plugging in the switch, the device performs a Power-On Self-  
Test (POST).  
During the POST, all ports are temporarily disabled, the packet LED  
is off and the power LED is on. The MGMT LED flashes quickly  
until the switch has successfully passed the POST, whereby it returns  
to the slow flashing state for normal operation.  
20  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
2
Installation and Setup  
If the switch passes the POST, the MGMT LED blinks at a slow rate  
(1 blink per second). If the switch fails the POST, the MGMT LED  
shows a solid orange light.  
Logging In for the First Time  
After the switch has completed the Power-On Self Test (POST), it is  
operational. Then you can log in to the switch and configure an IP  
address for the default VLAN (named default).  
To manually configure the IP settings:  
1
2
3
Connect a terminal or workstation running terminal-emulation  
software to the console port.  
At your terminal, press Enter one or more times until you see  
the login prompt.  
At the login prompt, enter the default user name admin to log in  
with administrator privileges.  
Administrator  
4
At the password prompt, press Enter.  
capabilities allow you to  
access all switch  
functions.  
The default name admin has no password assigned. When you  
have successfully logged in, the command-line prompt  
displays the name of the switch (for example, Switch480T) in  
its prompt.  
5
Assign an IP address and subnetwork mask for VLAN default.  
Use these commands (example IP addresses are used):  
configure vlan default ipaddress 123.45.67.8  
255.255.255.0  
configure iproute add default <gateway>  
123.45.67.8  
enable ipforwarding  
enable rip  
Your changes should take effect immediately.  
6
7
Save your configuration changes so that they are in effect after  
the next switch reboot. Use this command to save:  
save  
When you have finished, log out of the switch using this  
command:  
logout  
21  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Upgrading Your Firmware  
®
To upgrade your Intel NetStructure480T routing switch you must  
upgrade the BootRom image and firmware. Refer to the Late  
Breaking News that shipped with your switch for this procedure.  
Installing the Gigabit Interface  
Connector (GBIC)  
Ensure that the SC  
fiber-optic connector is  
removed from the GBIC  
prior to removing the  
GBIC from the I/O  
module.  
You can add and remove Gigabit Interface Connectors (GBICs) from  
the 480T routing switch without powering off the system. Three types  
of GBIC modules are available:  
1000BASE-SX  
1000BASE-LX  
1000LH  
Warning: Avoid  
Figure 2.2 illustrates a typical GBIC.  
exposing your eye to  
Class I laser radiation  
from open 1000 Mbps  
ports. Laser radiation is  
invisible to the human  
eye. Do not look  
directly into the 1000  
Mbps port when  
installing or removing  
GBICs to eliminate any  
possible harmful  
480t_027  
Figure 2.2: GBIC module (1000 Mbps ports)  
effects. Class I lasers  
are not considered  
harmful under normal  
operation.  
GBICs are a Class 1 laser device. Use only Intel approved modules.  
22  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Using Intel Device  
3
View  
Intel® Device View is a graphical user interface that helps you manage the  
Intel NetStructure480T routing switch and other supported Intel  
networking devices on your network.  
Intel Device View provides these features:  
The ability to configure new network devices  
A graphical device manager for Intel switches, hubs, and routers  
Autodiscovery, which finds supported Intel devices on the network  
Device Tree, which shows all supported devices detected on your  
network  
Remote Network Monitoring (RMON)  
Web or Windows§ platform  
Plug-in to HP OpenView§, IBM Tivoli NetView§, and Intel LANDesk®  
Network Manager  
Other useful tools such as a TFTP server  
Installing Intel Device View  
Before you install Intel Device View, make sure your PC meets the  
system recommendations in the Intel Device View User Guide, which is  
included on the Intel Device View CD-ROM.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
You can install both the Windows and the Web version of Intel  
Device View.  
To Install Intel Device View  
If you manage devices  
with Intel Device View  
from only one location  
on the network, install  
1. Put the Intel Device View CD-ROM in your computers CD-ROM  
drive. The Intel Device View installation screen appears. If it does  
not appear, run autoplay.exe from the CD-ROM (use the Run dia-  
log from the Start menu).  
§
the Windows version.  
If you want to manage  
devices from any PC  
on the network using  
Intel Device View,  
2. Choose the version of Intel Device View you want to install:  
Click Install for Windows to install Intel Device View for use  
on this PC only.  
Click Install for Web to install Intel Device View on a Web  
server. You is able to access the Device View server from any  
PC on your network with Internet Explorer§ 4.0x or later.  
install the Web version.  
Click Install as Plug-in to install Intel network device support  
for HP OpenView, IBM Tivoli NetView, or Intel LANDesk  
Network Manager. This option is not available if you do not  
have any of these programs installed on the PC.  
3. Follow the on-screen instructions in the installation program.  
24  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
3
Using Intel® Device View  
Starting the Windows§ Version  
We recommend you use the Window version of Intel Device View if  
you manage devices from only one location on the network.  
To start the Windows version:  
1
2
From your desktop, click Start.  
Point to Programs > Intel Device View > Intel Device View -  
Windows.  
Intel Device Views main screen appears.  
Starting the Web Version  
We recommend you use the Web version of Intel Device View if you  
want to manage devices from any PC on the network. To start the  
Web version:  
1. From your desktop, click Start.  
2. Point to Programs > Intel Device View > Intel Device View - Web.  
Intel Device Views main screen appears.  
To view Intel Device View from another PC on your network, enter  
this URL into the Address field for Internet Explorer:  
http://<servername>/devview/main.htm  
where <servername>is the IP address or name of the server where  
Intel Device View is installed. Intel Device Views main screen  
appears.  
25  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Installing a New Device  
After youve installed a new switch on your network, you can use  
Intel Device Views Device Install Wizard to configure it for  
management.  
To Install and Configure a New Switch for  
Management  
1. Start Intel Device View.  
The Device Install Wizard appears. If not, click Install from the  
Device menu or double-click the appropriate MAC address in the  
Device Tree under Unconfigured Devices.  
2. In the Start screen, click Next.  
3. In the MAC Address screen, click the MAC address of the new  
switch, and then click Next.  
4. Follow the instructions in the wizard to assign an IP address and a  
name to the switch.  
Using the Device Tree  
When you start Intel Device View, the Device Discovery service  
begins searching for supported Intel network devices on your  
26  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
3
Using Intel® Device View  
network. As it discovers devices, it adds an icon for each device to the  
Device Tree on the left side of the screen.  
Different states of the 480T routing switch are represented by unique  
icons in the Device Tree as indicated below.  
Device Tree icons  
Device Tree root  
Subnet  
Intel Switch (if non-responding the icon is red)  
Unconfigured Intel Switch  
Group of Intel Switches  
Intel Router  
Intel Switch (Layer 3 capable)  
Intel Stackable Hub  
27  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
The Device Tree works much like Windows Explorer:  
To expand the root or a subnet, click the (+) next to the icon.  
To collapse the view, click the (-) next to the icon.  
Double-click a device icon to view the device image.  
To Add a Device to the Device Tree  
1. Right-click anywhere on the Device Tree.  
2. When a menu appears, click Add Device.  
3. In the Add Device dialog box, enter the IP address of the switch  
you want to add.  
4. Fill in the other fields, as appropriate.  
5. Click OK.  
The new switchs icon appears in the Device Tree.  
To Refresh the Device Tree  
1. Right-click anywhere on the Device Tree.  
2. When a menu appears, click Refresh.  
Refreshing the Device Tree updates it to show any newly discovered  
devices and changes in device status.  
To Delete a Device from the Device Tree  
1. Right-click the device you want to remove from the Device Tree.  
2. Click Delete on the menu that appears.  
Deleting a device from the Device Tree does not affect the actual  
device, but only removes the icon from the tree.  
To Find a Device in the Device Tree  
1. Right-click anywhere on the Device Tree.  
2. When a menu appears, click Find.  
28  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
3
Using Intel® Device View  
3. In the Find Device dialog box, enter the IP address of the device  
you want to find in the tree.  
4. Click OK.  
The devices icon is highlighted in the Device Tree.  
Losing Contact with a Device  
If Intel Device View loses contact with a switch, it replaces the switch  
icon with the red non-responding switch icon.  
When the red non-responding switch icon appears, you will not be  
able to manage the device in Intel Device View.  
If youre unable to ping the device or start a Telnet session, try  
accessing the switchs Local Management. See Accessing the  
Switchon page 39.  
Managing a Switch  
To manage a 480T routing switch, double-click the switch icon in the  
Device Tree. In the example shown below, the switch was assigned  
an IP address of 124.123.122.3.  
29  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
The Express 480T Web Device Manager appears in the Intel Device  
View window.  
For complete information on using Intel Device View, refer to the  
programs online help or see the Intel Device View Help file on the  
installation CD-ROM.  
Viewing RMON Information  
The remote monitoring (RMON) specification is a feature of Intel  
Device View that extends Simple Network Management Protocol  
(SNMP) functionality to look at traffic patterns over the whole  
network instead of merely for an individual device. The 480T routing  
switch supports these RMON groups:  
Group 1 StatisticsMonitors utilization and error statistics for  
each network segment (100Mbps or 1000Mbps).  
Group 2 HistoryRecords periodic statistical samples from  
variables available in the statistics group.  
Group 3 AlarmsAllows you to set a sampling interval and  
alarm thresholds for statistics. When a threshold is passed, the  
30  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
3
Using Intel® Device View  
switch creates an event (see below). For example, you might set an  
alarm if switch utilization exceeds 30%.  
Group 9 EventsProvides notification and tells the switch what to  
do when an event occurs on the network.  
Events can send a trap to a trap-receiving station, place an entry  
in the log table, or both. For example, when the switch  
experiences an RMON event, it sounds an alarm.  
The switch also keeps a log that shows a list of the RMON events  
and RMON alarms that have occurred on the switch.  
To View RMON Statistics  
1. In the Device Tree, right-click the switchs icon and then point to  
RMON.  
2. Click the RMON option you want to view.  
You can also access RMON features by using LANDesk Network  
Manager, or an SNMP application that supports RMON, such as  
OpenView.  
For more information about using RMON to monitor the switch, refer  
to the Intel Device View Help file included on the CD-ROM.  
31  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
32  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Using Web Device  
Manager  
4
Web Device Manager is device-management software running in the  
Intel® NetStructure480T routing switch. It allows you to access the  
switch over a TCP/IP network, using a Web browser that supports frames  
and JavaScript§ (such as Netscape Navigator§ 3.0 or later, or Microsoft  
Internet Explorer§ 3.0 or later) to manage the system.  
Web Device Manager provides a subset of the command-line interface  
(CLI) commands available for configuring and monitoring the switch. If  
a particular command is not available using Web Device Manager, use the  
CLI to access the desired functionality.  
To use Web Device Manager, at least one VLAN must be assigned an IP  
address.  
Enabling and Disabling Web Access  
By default, Web access is enabled on the switch. You can restrict the use  
of Web access using an access profile.  
For information on creating An access profile permits or denies a named list of IP addresses and  
an access profile see page subnet masks. To configure Web access to use an access profile, use this  
324.  
command:  
enable web access-profile [<access-profile> | none]  
{port <tcp_port_number>}  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Use the noneoption to remove a configured access profile.  
To display the status of Web access, use this command:  
show management  
To disable Web access, use this command:  
disable web  
To re-enable Web access, use this command:  
enable web {access-profile [<access-profile> |  
none]} {port <tcp_port_number>]  
Reboot the system for these changes to take effect.  
Setting Up Your Browser  
Your browsers default settings should work well with Web Device  
Manager. Apply these recommended settings to improve the  
display features and functionality of Web Device Manager:  
After downloading a newer version of the switch image, clear the  
browser disk and memory cache to see the updated menu screens.  
It is important to clear the cache while at the main Logon screen,  
so that all underlying .GIF files are updated.  
Check for newer versions of stored pages by setting the  
cache options to the every visitsetting:  
When using Netscape Navigator, configure the cache to  
check for changes Every Time you request a page.  
When using Microsoft Internet Explorer, configure the  
Temporary Internet Files to check for newer versions of  
stored pages by selecting Every visit to the page.  
Images must be auto-loaded.  
Use a high-resolution monitor (1024 x 768 recommended) to  
maximize the amount of information displayed in the content  
frame. You can also use 800 x 600 pixels.  
Maximize viewing space by turning off the browser toolbars.  
Configure the browser to use these recommended fonts:  
Proportional fontTimes New Roman  
Fixed-width fontCourier New  
34  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
4
Using Web Device Manager  
Accessing Web Device Manager  
To access the default home page of the switch, enter this URL in  
your browser (substituting the actual ip address):  
http://<ip_address>  
When you access the home page of the system, the Login screen  
appears. Enter your user name and password and click OK.  
If you have entered the name and password of an administrator-  
level account, you have access to all Web Device Manager pages. If  
you have used a user-level account name and password, you only  
have access to the Statistics and Support information.  
If multiple people access the same switch using Web Device  
Manager, you might see this error message:  
Web:server busy  
To correct this situation, try logging out of the switch and logging  
in again.  
Navigating Web Device Manager  
After logging in to the switch, the Web Device Manager home page  
appears.  
Web Device Manager divides the browser screen into these  
sections:  
Task frame  
Content frame  
Stand-alone buttons  
Task Frame  
The task frame has two sections: menu buttons and submenu links.  
There are four task menu buttons:  
Configuration  
Statistics  
Support  
Logout  
35  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Below the task buttons are options. Options are specific to the task  
button that you select. When you select an option, the information  
displayed in the content frame changes.  
However, when you select a new task button, the content frame does  
not change until you select a new option.  
Content Frame  
When you submit a  
The content frame contains the main body of information in Web  
configuration page with no Device Manager. For example, if you select an option from the  
change an asterisk (*) will  
appear at the CLI prompt,  
even though actual  
Configuration task button, enter configuration parameters in the  
content frame. If you select the Statistics task button, statistics are  
displayed in the content frame.  
configuration values have  
not changed.  
Browser Controls  
Browser controls include drop-down list boxes, check boxes, and  
multi-select list boxes. A multi-select list box has a scrollbar on the  
right side of the box. Using a multi-select list box, you can select a  
single item, all items, a set of contiguous items, or multiple non-  
contiguous items. Table 4.1 describes how to make selections from  
a multi-select list box.  
Table 4.1: Multi-Select List Box Key Definitions  
Selection Type  
Key Sequence  
Single item  
Click the item using the mouse.  
All items or  
contiguous items  
Click the first item, and drag to the last  
item.  
Contiguous items  
Click the first item, hold down the Shift  
key, and click the last desired item.  
Selected non-  
contiguous items  
Hold down Ctrl, click the first desired  
item, click the next desired item, etc.  
36  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
4
Using Web Device Manager  
Status Messages  
Status messages are displayed at the top of the content frame. There  
are four types of status messages:  
InformationDisplays information that is useful to know prior  
to, or as a result of, changing configuration options.  
WarningDisplays warnings about the switch configuration.  
ErrorDisplays errors caused by incorrectly configured settings.  
SuccessDisplays informational messages after you click  
Submit. The message displayed reads, Request was submitted  
successfully.  
Stand-alone Buttons  
At the bottom of some of the content frames is a section that  
contains stand-alone buttons. Use these buttons to perform tasks  
that are not associated with a particular configuration option. An  
example of this is the Reboot Switch button.  
Saving Changes  
There are two ways to save your changes in Web Device Manager:  
Select Save Configuration from the Configuration task button,  
Switch option.  
This field contains a drop-down list box that allows you to  
select either the primary or secondary configuration area. After  
you select the configuration area, click Submit to save the  
changes.  
Click the Logout button.  
If you attempt to log out without saving your changes, Web  
Device Manager prompts you to save your changes.  
If you select Yes, the changes are saved to the selected  
configuration area.  
To change the selected configuration area:  
1. Go to the Configuration task button.  
2. Select the Switch option.  
37  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Filtering Information  
On some pages you can click a Filter button to display a subset of  
information for a page. For example, on the OSPF configuration  
page, you can configure authentication based on the VLAN, area  
identifier, or virtual link.  
Once you select a filtering option and click the Filter button, the  
form that provides the configuration options displays the available  
interfaces in the drop-down menu, based on your filtering selection.  
Using the Get Command to  
Configure a VLAN  
When configuring a VLAN using Web Device Manager, prior to  
editing the VLAN configuration, you must first click the Get button  
to ensure that subsequent edits are applied to the correct VLAN. If  
you do not click the Get button and you submit the changes, the  
changes are made to the VLAN that was previously displayed.  
If you configure a VLAN and then delete it, the default VLAN is  
shown in the VLAN name window, but the VLAN information  
contained in the lower portion of the page is not updated. Click the  
Get button to update the display.  
TFTP Server  
Intel Device View provides a TFTP Server utility on the Tools  
menu.  
38  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Accessing the  
Switch  
5
®
This chapter provides information to help you manage the Intel  
NetStructure480T routing switch, including:  
Understanding the Command Syntax  
Line-Editing Keys  
Command History  
Common Commands  
Configuring Management Access  
Real-time Basic Connectivity Checking  
Methods of Managing the Switch  
Simple Network Management Protocol (SNMP))  
For information on using  
the save command, see  
"Software Upgrade and  
Boot Options" on page  
419.  
To retain configuration changes through a power cycle or reboot, you  
must issue a savecommand after you have made the change.  
Understanding the Command Syntax  
This section briefly describes the steps to take when entering a command.  
The sections that follow give detailed information for using the  
command-line interface.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
To use the command-line interface (CLI):  
Most configuration  
commands require that  
you have administrator  
privileges.  
1. Enter the command name.  
When entering a command at the prompt, ensure that you have the  
appropriate privilege level.  
2. Enter the parameter name and values, if included.  
The value (also known as an argument) specifies how you want  
the parameter to be set. Values include numerics, strings, or  
addresses, depending on the parameter.  
3. After entering the complete command, press Enter.  
An asterisk (*) in front of  
the command-line prompt  
indicates you have made  
changes that have not  
been saved.  
Syntax Helper  
The CLI has a built-in syntax helper. If you are unsure of the  
complete syntax for a particular command, enter as much of the  
command as possible and press Enter. The syntax helper provides a  
list of options for the remainder of the command.  
The syntax helper also provides assistance if you have entered an  
incorrect command.  
Command Completion with Syntax Helper  
Use the Tab key to access command completion.  
1. Enter a partial command.  
2. Press the Tab key to post a list of available options.  
3. The cursor appears at the end of the command.  
Abbreviated Syntax  
Abbreviated syntax is the shortest, most unambiguous, allowable  
abbreviation of a command or parameter. Typically, this is the first  
three letters of the command. For example, ena is sufficient for the  
Enable command.  
When using abbreviated syntax, you must enter enough characters  
to make the command unambiguous and distinguishable to the  
switch.  
40  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
5
Accessing the Switch  
Command Shortcuts  
All component names must be unique. Name components using the  
createcommand. When you enter a command to configure a  
named component, you do not need to use the keyword of the  
component. For example, to create a VLAN, you must enter a  
unique VLAN name:  
create vlan engineering  
After you create the VLAN with a unique name, you can eliminate  
the keyword vlanfrom all other commands that require the name  
to be entered. For example, instead of entering the command:  
configure vlan engineering delete port 1,4  
you can enter this shortcut:  
configure engineering delete port 1,4  
Numerical Ranges  
Commands that require you to enter one or more port numbers on a  
switch use the parameter <portlist>in the syntax. For example:  
port 3  
A port list can be a range of numbers, for example:  
port 1-3  
You can add additional port numbers to the list, separated by a  
comma:  
port 3,4,6  
Names  
All named components of the switch configuration must:  
Have a unique name.  
Begin with an alphabetical character.  
Be delimited (separated) by a space, unless enclosed in quotation  
marks.  
41  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Symbols  
You may see a variety of symbols shown as part of the command  
syntax. These symbols explain how to enter the command, and you  
do not type them as part of the command itself. Table 5.1  
summarizes command syntax symbols. Press the Tab key in the  
command line interface for more command options.  
Table 5.1: Command Syntax Symbols  
Symbol  
Description  
< > Angle brackets  
Enclose a variable or value. You must specify the variable or value.  
For example, in the syntax:  
configure vlan <name> ipaddress <ip_address>  
you must supply a VLAN name for <name>and an address for  
<ip_address>when entering the command. Do not type the angle  
brackets.  
[ ] Square brackets  
| Vertical bar  
Enclose a required value or list of required arguments. You can  
specify one or more values or arguments. For example, in the syntax:  
use image [primary | secondary]  
you must specify either the primary or secondary image when  
entering the command. Do not type the square brackets.  
Separates mutually exclusive items in a list, one of which must be  
entered. For example, in the syntax:  
configure snmp community [readonly | readwrite]  
<string>  
you must specify either the read or the write community string in the  
command. Do not type the vertical bar.  
{ } Braces  
Enclose an optional value or a list of optional arguments. You can  
specify one or more values or arguments. For example, in the syntax  
reboot {<date> <time> | cancel}  
you can specify either a particular date and time combination, or the  
keyword cancelto cancel a scheduled reboot. If you do not specify a  
value, the system prompt asks if you want to reboot the routing  
switch now. Do not type the braces.  
42  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
5
Accessing the Switch  
Line-Editing Keys  
Table 5.2 describes the line-editing keys available using the CLI.  
Table 5.2: Line-Editing Keys  
Key(s)  
Description  
Backspace  
Deletes characters to the left of the cursor and shifts the remainder  
of the line to the left.  
Delete or Ctrl + D  
Deletes character at the cursor position and shifts the remainder of  
line to the left.  
Ctrl + K  
Deletes characters from the cursor position to the end of the line.  
Deletes characters from the cursor to the beginning of the line.  
Deletes the previous word.  
Ctrl + U  
Ctrl + W  
Left Arrow  
Moves the cursor to the left.  
Right Arrow  
Home or Ctrl + A  
End or Ctrl + E  
Ctrl + L  
Moves the cursor to the right.  
Moves the cursor to first character on the line.  
Moves the cursor to last character on the line.  
Clears the screen and moves the cursor to the beginning of the line.  
Up Arrow or Ctrl + P  
Displays the previous command in the command history buffer and  
places the cursor at the end of the command.  
Down Arrow or Ctrl + N Displays the next command in the command history buffer and  
places the cursor at the end of the command.  
43  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Command History  
The local management software stores the last 49 commands you  
entered. You can display a list of these commands by using this  
command:  
history  
Common Commands  
Table 5.3 describes common commands used to manage the 480T  
routing switch. Commands specific to particular features are  
described in detail throughout the guide. For detailed command  
information use the Quick Reference Guide that accompanies this  
user manual. Press the Tab key in the command line interface for  
more command options.  
Table 5.3: Common Commands  
Command  
Description  
clear session <number>  
Terminates a Telnet session from the switch.  
configure account <username>  
{<password>}  
Configures a user account password.  
Passwords can have no characters up to a  
maximum of 32 characters. User names and  
passwords are case-sensitive.  
configure banner  
Configures the banner string. You can enter  
up to 24 rows of 79-column text that is  
displayed before the login prompt of each  
session. To terminate the command, apply the  
banner then press Enter at the beginning of a  
line . To clear the banner, press Enter at the  
beginning of the first line.  
configure ports [all | mgmt | <portlist>] auto  
off {speed [100 | 1000]} duplex [half | full]  
Manually configures Ethernet port speed and  
duplex setting of one or more ports on a  
switch.  
44  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
5
Accessing the Switch  
Table 5.3: Common Commands (continued)  
Command  
Description  
configure time <date> <time>  
Configures the system date and time. The  
format is as follows:  
mm/dd/yyyy hh:mm:ss  
The time uses a 24-hour clock format.  
configure timezone <gmt_offset> {autodst |  
noautodst}  
Configures the time zone information to the  
configured offset from Greenwich Mean  
Time (GMT) time. The format of  
gmt_offsetis +/- minutes from GMT time.  
Specify:  
autodstEnables automatic daylight  
saving time change.  
noautodstDisables automatic daylight  
saving time change.  
The default setting is autodst.  
configure vlan <name> ipaddress  
<ip_address> {<mask>}  
Configures an IP address and subnet mask for  
a VLAN.  
create account [admin | user] <username>  
{encrypted} {<password>}  
Creates a user account. The command is  
available to admin-level users and users with  
§
RADIUS command authorization. The  
username can be between 1 and 32  
characters. The password can be between 0  
and 32 characters.  
create vlan <name>  
Creates a VLAN.  
delete account <username>  
delete vlan <name>  
Deletes a user account.  
Deletes a VLAN.  
disable bootp vlan [<name> | all]  
disable cli-config-logging  
Disables BOOTP for one or more VLANs.  
Disables logging of CLI commands to the  
Syslog.  
45  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 5.3: Common Commands (continued)  
Command  
Description  
disable clipaging  
Disables pausing of the screen display when  
a showcommand output reaches the end of  
the page.  
disable idletimeout  
Disables the timer that disconnects all  
sessions. Once disabled, console sessions  
remain open until the switch is rebooted or  
you log off. Telnet sessions remain open until  
you close the Telnet client.  
disable port [all | mgmt | <portlist>]  
disable telnet  
Disables a port on the switch.  
Disables Telnet access to the switch.  
Disables Web access to the switch.  
Enables BOOTP for one or more VLANs.  
disable web  
enable bootp vlan [<name> | all]  
enable cli-config-logging  
Enables the logging of CLI configuration  
commands to the Syslog for auditing  
purposes. The default setting is enabled.  
enable clipaging  
Enables pausing of the screen display when  
showcommand output reaches the end of the  
page. The default setting is enabled.  
enable idletimeout  
Enables a timer that disconnects all sessions  
(both Telnet and console) after 20(in  
minutes) of inactivity. The default setting is  
disabled.  
enable license full_L3 <license_key>  
Enables a particular software feature license.  
Specify <license_key> as an integer.  
The command unconfigure switch all  
does not clear licensing information. This  
license cannot be disabled after it is enabled  
on the switch.  
46  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
5
Accessing the Switch  
Table 5.3: Common Commands (continued)  
Command  
Description  
enable telnet {access-profile  
[<access_profile> | none]} {port  
<tcp_port_number>}  
Enables Telnet access to the switch. By  
default, Telnet is enabled with no access  
profile, and uses Transmission Control  
Protocol (TCP) port number 23. To cancel a  
previously configured access profile, use the  
noneoption.  
enable web {access-profile  
[<access_profile> | none]} {port  
<tcp_port_number>}  
Enables Web access to the switch. By default,  
Web access is enabled with no access profile,  
using TCP port number 80.  
Use the noneoption to cancel a previously  
configured access profile. Reboot the switch  
for this command to take effect.  
history  
Displays the previous 49 commands entered  
on the switch.  
show banner  
Displays the user-configured banner.  
unconfigure switch {all}  
The unconfigure switchcommand resets  
parameters to factory defaults, except defined  
user accounts, and date and time information.  
To reset user accounts and date and time,  
specify the keyword allwhich erases the  
selected configuration image in flash  
memory and reboots.  
47  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Configuring Management Access  
The local management software supports these two levels of  
management:  
User  
Administrator  
In addition to these management levels, you can optionally use an  
external RADIUS server to provide CLI command authorization  
checking for each command.  
For more information on  
A user-level account has viewing access to all manageable  
RADIUS, refer to "RADIUS parameters, with the exception of these:  
Client" on page 66.”  
User account database  
SNMP community strings  
User Account  
With a user-level account you can use the pingcommand to test  
device connectivity, and change the password assigned to the  
account name. When you log on the command-line prompt ends  
with a (>) sign. For example:  
switch480T:2>  
Administrator Account  
Using an administrator-level account, you can view and change all  
routing switch parameters. You can also add and delete users, and  
change the password associated with any account name.  
As an administrator you can also disconnect a management session  
connected through Telnet. If this happens, the user logged on  
through the Telnet connection is notified that the session was  
terminated.  
When you log on with administrator capabilities, the command-line  
prompt ends with a (#) sign. For example:  
switch480T:18#  
48  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
5
Accessing the Switch  
Prompt Text  
The prompt text is taken from the SNMP sysnamesetting (see  
Table 5.8, SNMP Configuration Commands,on page 64). The  
number that follows the colon indicates the sequential line/  
command number.  
If an asterisk (*) appears in front of the command-line prompt, it  
indicates that you have configuration changes that have not been  
saved. For example:  
*switch480T:19#  
Default Accounts  
The switch is configured with two default accounts. as shown in  
Table 5.4.  
Table 5.4: Default Accounts  
Account Name  
Access Level  
admin  
This user can access and change all  
manageable parameters. The admin account  
cannot be deleted.  
user  
This user can view (but not change) almost  
all manageable parameters. However, this  
user cannot view the user account database  
or the SNMP community strings.  
Changing the Default Password  
Default accounts do not have passwords assigned to them. User-  
assigned passwords must be between 0 and 32 characters.  
Passwords are case  
sensitive.  
To add a password to the default admin account:  
1. Log in to the switch using the name admin.  
2. At the password prompt, press Enter.  
3. Enter this command:  
configure account admin  
49  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
4. Enter the new password at the prompt.  
5. Re-enter the password for verification.  
To add a password to the default user account:  
1. Log in to the switch using the name admin.  
2. At the password prompt, press Enter, or enter the password that  
you have configured for the admin account.  
3. Add a default user password using this command:  
configure account user  
4. Enter the new password at the prompt.  
5. Re-enter the new password at the prompt.  
Creating a Management Account  
If you forget your  
The 480T routing switch can have a total of 16 management  
password while logged out accounts. You can use the default names (admin and user), or you  
of the command-line  
interface, contact your  
local technical support  
representative.  
can create new names and passwords for the accounts. Account  
passwords can be between 0 and 32 characters. Do not use Ctrl +  
key or Alt + key.  
To create a management account:  
1. Log in to the switch as admin.  
2. At the password prompt, press Enter, or enter the password that  
you have configured for the admin account.  
3. Add a new user account with this command:  
create account [admin | user] <username>  
4. Enter the password at the prompt.  
5. Re-enter the password for verification.  
Viewing Accounts  
To view the accounts you have created, you must have  
administrator privileges. Use this command to see the accounts:  
show accounts  
50  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
5
Accessing the Switch  
Deleting an Account  
To delete an account, you must have administrator privileges. Use  
this command to delete an account:  
delete account <username>  
The account name admin Domain Name Service Client  
cannot be deleted.  
The Domain Name Service (DNS) client augments these  
commands, to allow them to accept either IP addresses or host  
names:  
• telnet  
• download [bootrom | configuration | image]  
• upload configuration  
• ping  
• traceroute  
Also, you can use the nslookuputility to return the IP address of a  
host name.  
Table 5.5 describes the commands used to configure DNS. Press the  
Tab key in the command line interface for more command options.  
Table 5.5: DNS Commands  
Command  
Description  
configure dns-client add <ipaddress> Adds a DNS name server(s) to the available server  
list for the DNS client. You can configure up to three  
name servers.  
configure dns-client default-domain  
<domain_name>  
Configures the domain that the DNS client uses if a  
fully qualified domain name is not entered. For  
example, if the default domain is configured to be  
intel.com,executing ping supportsearches for  
support@intel.com.  
configure dns-client delete  
<ipaddress>  
Removes a DNS server.  
nslookup <hostname>  
show dns-client  
Displays the IP address of the requested host.  
Displays the DNS configuration.  
51  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Real-time Basic Connectivity  
Checking  
Use these commands to check basic connectivity:  
ping  
traceroute  
Ping  
You can use the pingcommand to send Internet Control Message  
Protocol (ICMP) echo messages to a remote IP device. The ping  
command is available for both the user and administrator privilege  
level.  
The pingcommand syntax is:  
ping {continuous} {start-size <start_size> {- end-  
size <end_size>}} [<ip_address> | <hostname>] {from  
<src_address>} {with record-route}  
Options for the ping command are described in Table 5.6. Press the  
Tab key in the command line interface for more command options.  
Table 5.6: Ping Command Parameters  
Parameter  
Description  
continuous  
Specifies Internet Control Message Protocol  
(ICMP) echo messages to be sent  
continuously. To interrupt this option, press  
any key.  
size <n>  
Specifies the size of the ICMP request. If both  
start-sizeand end-size are specified,  
ICMP requests are transmitted using  
increments of 1 byte per packet. If no end-  
sizeis specified, packets of start-sizeare  
sent.  
<ipaddress>  
<hostname>  
Specifies the IP address of the host.  
Specifies the name of the host. To use the  
hostname, first configure DNS.  
52  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
5
Accessing the Switch  
Table 5.6: Ping Command Parameters (continued)  
Parameter  
Description  
from  
Uses the specified source address in the ICMP  
packet. If not specified, the address of the  
transmitting interface is used.  
with  
record-  
route  
Decodes the list of recorded routes and  
displays them when the ICMP echo reply is  
received.  
Traceroute  
The traceroutecommand enables you to trace the routed path  
between the switch and a destination endstation. The traceroute  
command syntax is:  
traceroute [<ip_address> | <hostname>] {from  
<src_ipaddress>} {ttl <TTL>} {port <port>}  
where:  
ip_address is the IP address of the destination endstation.  
hostname is the host name of the destination endstation. To use  
the host name, first configure DNS.  
from uses the specified source address in the ICMP packet. If not  
specified, the address of the transmitting interface is used.  
ttl configures the switch to trace up to the time-to-live number  
of the switch.  
port uses the specified UDP port number.  
Methods of Managing the Switch  
See "Using Intel® Device  
View" on page 23.  
You can manage the switch by either connecting a terminal (or  
workstation with terminal-emulation software) to the console port  
to access the CLI or by using TCP/IP through one of the switch  
ports or through the dedicated 10/100 Mbps unshielded twisted pair  
(UTP) Ethernet management port to access the switch remotely.  
53  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
You can use Telnet, a Web browser, or an SNMP manager to  
manage the switch remotely. There can be one console session, one  
Web session or eight concurrent Telnet sessions.  
Using the Console Interface  
You can access the built-in CLI of the 480T routing switch through  
the 9-pin RS-232 port located on the back of the switch.  
After the connection is established, the switch prompt appears, so  
you can log in.  
Using the 10/100 UTP Management Port  
The 480T routing switch has a dedicated 10/100 Mbps UTP  
management port. This port provides dedicated remote access to the  
switch using TCP/IP. It supports these management methods:  
Telnet using the CLI interface  
Intel Device View access using a Web browser  
SNMP access using SNMP manager  
The management port is a DTE port, and is not capable of  
supporting switching or routing functions. The TCP/IP  
configuration for the management port is done using the same  
syntax as used for VLAN configuration. The VLAN mgmt comes  
pre-configured with only the 10/100 Mbps management port as a  
member.  
You can configure the IP address, subnet mask, and default router  
for the VLAN mgmt, using these commands:  
configure vlan mgmt ipaddress <ip_address>/  
<subnet_mask>  
configure iproute add default <gateway>  
Using Telnet  
Most workstations with a Telnet facility can communicate with the  
480T routing switch over a TCP/IP network.  
Up to eight active Telnet sessions can access the switch  
concurrently. If idletimeoutsare enabled, the Telnet connection  
will time out after 20 minutes of inactivity. If a connection to a  
54  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
5
Accessing the Switch  
Telnet session is lost inadvertently, the switch terminates the  
session within two hours.  
Before you can start a Telnet session, you must set up the IP  
parameters described in the section "Configuring Switch IP  
Parameters" on page 55.. Telnet is enabled by default.  
To open the Telnet session, you must specify the IP address of the  
device that you want to manage. Check the user manual supplied  
with the Telnet facility if you are unsure of how to do this.  
After the connection is established, you will see the switch prompt  
and you can log in.  
Connecting to Another Host Using Telnet  
Use this command to Telnet from the current CLI session to another  
host:  
telnet [<ipaddress> | <hostname>] {<port_number>}  
If the TCP port number is not specified, the Telnet session defaults  
to port 23. Only VT100 emulation is supported.  
Configuring Switch IP Parameters  
To manage the routing switch through Telnet connection or by  
using an SNMP Network Manager, you must first configure the  
switch IP parameters.  
Using a BOOTP Server  
If you are using IP and you have a Bootstrap Protocol (BOOTP)  
server set up correctly on your network, you must add the following  
information to the BOOTP server:  
Media Access Control (MAC) address found on the rear label of  
the switch (or use the show switchcommand)  
IP address  
Subnet address mask (optional)  
Find the switchs MAC  
address on the rear label  
of the switch.  
After this is done, the IP address and subnet mask for the routing  
switch is downloaded automatically. You can then start managing  
the switch without further configuration.  
55  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
You can enable BOOTP on a per-VLAN basis using this command:  
enable bootp vlan [<name> | all]  
By default, BOOTP is enabled on the default VLAN.  
If you configure the 480T routing switch to use BOOTP, the switch  
IP address is not retained through a power cycle, even if the  
configuration is saved. To retain the IP address through a power  
cycle, you must configure the IP address of the VLAN using the  
command-line interface, Telnet, or Web interface.  
All VLANs within a switch that are configured to use BOOTP to get  
their IP address use the same MAC address. Therefore, if you are  
using BOOTP relay through a router, the BOOTP server must be  
capable of differentiating its relay based on the gateway portion of  
the BOOTP packet.  
Manually Configuring the IP Settings  
For more information on  
DHCP/BOOTP relay, refer  
If you are using IP without a BOOTP server, you must enter the IP  
parameters for the switch in order for the SNMP Network Manager,  
to "IP Unicast Routing" on Telnet software, or Web interface to communicate with the device.  
page 189.  
IP addresses are always assigned to a VLAN. You can assign  
multiple IP addresses to the switch.  
To assign IP parameters to the switch:  
1. Log in to the switch with administrator privileges.  
2. Assign an IP address and subnet mask to a VLAN.  
The switch comes configured with a default VLAN named default.  
To use Telnet or an SNMP Network Manager, you must have at  
least one VLAN on the switch, and it must be assigned an IP address  
and subnet mask.  
For information on creating To manually configure the IP settings:  
and configuring VLANs,  
1. Connect a terminal or workstation running terminal-emulation  
software to the console port.  
see "Virtual LANs  
(VLANs)" on page 95.  
2. At your terminal, press Enter one or more times until you see the  
login prompt.  
3. If you are logging in for the first time, use the default user name  
admin to log in with administrator privileges. For example:  
56  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
5
Accessing the Switch  
login: admin  
Administrator capabilities enable you to access all switch  
functions. The default user names have no passwords assigned.  
4. If you have been assigned a user name and password with admin-  
istrator privileges, enter them at the login prompt and press Enter.  
When you have successfully logged in, the command-line  
prompt displays the name of the switch.  
5. Assign an IP address and subnetwork mask for the default VLAN  
using this command:  
configure vlan <name> ipaddress <ipaddress>  
{<subnet_mask>}  
For example:  
configure vlan default ipaddress 123.45.67.8  
255.255.255.0  
Your changes take effect immediately.  
Generally, when configuring any IP addresses for the switch,  
you can express a subnet mask using dotted decimal notation, or  
classless inter-domain routing notation (CIDR).  
CIDR uses a forward slash plus the number of bits in the subnet  
mask. Using CIDR notation, the command identical to the one  
above would be:  
configure vlan default ipaddress 123.45.67.8/24  
6. Configure the default route for the switch using this command:  
configure iproute add default <gateway>  
{<metric>}  
For example:  
configure iproute add default 123.45.67.1  
7. Save your configuration changes so that they are in effect after the  
next switch reboot, using this command.  
save  
8. Log out of the switch using the command:  
logoutor quit  
57  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Disconnecting a Telnet Session  
An administrator-level account can disconnect a management  
session that is established through Telnet connection. If this  
happens, the user logged in through Telnet is notified that the  
session is terminated.  
To terminate a Telnet session:  
1. Log in to the switch with administrator privileges.  
2. Determine the session number of the session you want to termi-  
nate by using this command:  
show session  
3. Terminate the session by using this command:  
clear session <session_number>  
Controlling Telnet Access  
See "Using Access  
Profiles" on page 59.  
By default, Telnet services are enabled on the routing switch. You  
can restrict Telnet access using an access profile. An access profile  
permits or denies a named list of IP addresses and subnet masks. To  
configure Telnet to use an access profile, use this command:  
enable telnet {access-profile [<access_profile> |  
none]} {port <tcp_port_number>}  
Use the noneoption to remove a previously configured access  
profile.  
To display the status of Telnet, use this command:  
show management  
You must be logged in as  
an administrator to enable  
or disable Telnet.  
To disable Telnet, use this command:  
disable telnet  
To re-enable Telnet on the switch, use this command at the console  
port:  
enable telnet  
58  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
5
Accessing the Switch  
Using Access Profiles  
An access profile permits or denies a named list of IP addresses and  
subnet masks. To use access profiles, first define the list, and then  
apply the named list to the desired application.  
Access profiles are used by several routing switch features as a way  
to restrict access. Applications that use access profiles for remotely  
managing the switch are:  
SNMP read-only access  
SNMP read-write access  
Telnet  
Web access  
See "Access Policies" on  
page 309.  
Access profiles can also be used in association with access policies  
that control the flow of traffic.  
Creating an Access Profile  
Do not confuse access  
profiles with access  
policies.  
You can use access profiles to specifically permit or deny users  
access to an application. You restrict access by assigning an access  
profile to the service that is being used for remote access.  
When you create and name an access profile to restrict access to a  
certain application, you then need to configure the application to use  
the named access profile. Otherwise, no restrictions are applied.  
Use the commands listed in Table 5.7 to create and configure access  
profiles. For further access profile commands refer to Table 17.3 on  
page 335. Press the Tab key in the command line interface for more  
command options.  
Table 5.7: Access Profile Configuration Commands  
Command  
Description  
configure access-profile <access_profile>  
add {vlan <name> | ipaddress <ipaddress>  
<mask>}  
Adds an IP address or VLAN name to the  
access profile. The entry must be of the same  
type as the access profile (for example, IP  
address).  
59  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 5.7: Access Profile Configuration Commands (continued)  
Command  
Description  
configure access-profile <access_profile>  
delete {vlan <name> | ipaddress  
<ipaddress> <mask>}  
Deletes an IP address or VLAN name from the  
access profile.  
configure access-profile <access_profile>  
mode [permit | deny | none]  
Configures the access profile to one of the  
following:  
permitAllows the addresses that match the  
access profile description.  
denyDenies the addresses that match the  
access profile description.  
The default setting is permit.  
create access-profile <access_profile> type  
[as-path] [bgp-community] ipaddress |  
ipxret | ipxnode | ipxsap  
Creates an access profile. After the access  
profile is created, you can add one or more  
addresses to it, and you can use the profile to  
control a specific routing protocol.  
delete access-profile <access_profile>  
show access-profile <access_profile>  
Deletes an access profile.  
Displays access profile related information for  
the switch.  
The subnet mask specified in the access profile command is  
interpreted as a reverse mask. A reverse mask indicates the bits that  
are significant in the IP address and specifies the part of the address  
that must match the IP address to which the profile is applied.  
If you configure an IP address as an exact match to be specifically  
denied or permitted, use a mask of /32 (for example, 141.251.24.28/  
32).  
If the IP address represents a subnet address that you want to deny  
or permit, then configure the mask to cover only the subnet portion  
(for example, 141.251.10.0/24).  
If you are using classless subnet masking (CIDR), the same logic  
applies, but the configuration is more complex. For example, the  
address 141.251.24.128/27 represents any host from subnet  
141.251.24.128.  
60  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
5
Accessing the Switch  
Access Profile Rules  
These rules apply when using access profiles:  
Only one access profile can be applied to each application.  
The access profile can either permit or deny the entries in the  
profile.  
The same access profile can be applied to more than one  
application.  
Access Profile Example  
The following example creates an access profile named testpro, and  
denies access for the device with the IP address 192.168.10.10:  
create access-profile testpro type ipaddress  
configure access-profile testpro mode deny  
configure access-profile testpro add ipaddress  
192.168.10.10/32  
The following command applies the access profile testpro to Telnet:  
enable telnet access-profile testpro  
To view the contents of an access profile, use this command:  
show access-profile <access_profile>  
To view the Telnet configuration, use this command:  
show management  
Using Web Device Manager  
The Intel Web Device Manager is device-management software  
running in the routing switch that enables you to access the switch  
over a TCP/IP network using a Web browser.  
For more information, refer You should use a Web browser that supports frames (such as  
to "Using Web Device  
Manager" on page 33.  
Netscape Navigator§ 3.0 or later, or Microsoft Internet Explorer§ 3.0  
or later) to manage the switch over a TCP/IP network.  
Access the default home page of the switch using this command:  
http://<ipaddress>  
61  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
When you access the home page of the switch the Logon screen  
appears.  
Controlling Web Access  
By default, Web access is enabled on the routing switch. You can  
restrict access through the Web Device Manager using an access  
profile, which permits or denies access to a named list of IP  
addresses and subnet masks.  
For more information on  
assigning an IP address,  
refer to "Configuring  
Switch IP Parameters" on  
page 55.  
You can configure Web access to use an access profile using this  
command:  
enable web {access-profile <access-profile> | none}  
{port <tcp_port_number>}  
Use the noneoption to remove a previously configured access  
profile.  
To display the status of Web access, use this command:  
show management  
To disable Web access, use this command:  
disable web  
To re-enable Web access, use this command:  
enable web {access-profile <access-profile> | none}  
{port <tcp_port_number>}  
When you disable or enable Web Device Manager, you must reboot  
the switch for the changes to take effect. Apply an access profile  
only when Web Device Manager is enabled.  
Simple Network Management  
Protocol (SNMP)  
Any network manager running the Simple Network Management  
Protocol (SNMP) can manage the 480T routing switch, provided  
the Management Information Base (MIB) feature of the 480T  
routing switch is installed correctly on the management station.  
Each Network Manager provides its own user interface to the  
management facilities.  
62  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
5
Accessing the Switch  
Accessing Switch Agents  
To have access to the SNMP agent in the routing switch, at least one  
VLAN must have an IP address assigned to it.  
For more information on  
assigning IP addresses,  
refer to Table 5.3 on  
page 44.  
Supported MIBs  
Along with private MIBs, the routing switch supports the MIBs  
listed in "Technical Specifications and Supported Limits" on page  
431.  
Configuring SNMP Settings  
You can configure the following SNMP parameters on the routing  
switch:  
Authorized trap receiversAn authorized trap receiver can be  
one or more network management stations on your network. The  
switch sends SNMP traps to all trap receivers. You can have a  
maximum of 16 trap receivers configured for each switch. .  
SNMP read accessThe ability to read SNMP information can  
be restricted through the use of an access profile. An access  
profile permits or denies a named list of IP addresses and subnet  
masks.  
To configure SNMP read access to use an access profile, use the  
command:  
configure snmp access-profile readonly  
[<access_profile> | none]  
Use the noneoption to remove a previously configured access  
profile.  
SNMP read/write accessThe ability to read and write SNMP  
information can be restricted through the use of an access profile.  
An access profile permits or denies a named list of IP addresses  
and subnet masks.  
To configure SNMP read/write access to use an access profile,  
use the command:  
configure snmp access-profile readwrite  
[<access_profile> | none]  
Use the noneoption to remove a previously configured access  
profile.  
63  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Community stringsAllows a simple method of authentication  
between the 480T routing switch and the remote Network  
Manager. There are two types of community strings on the switch.  
Read community strings provide read-only access to the switch.  
The default read-only community string is public. Read-write  
community strings provide read and write access to the switch.  
The default read-write community string is private. A total of  
eight community strings can be configured on the switch. The  
community string for all authorized trap receivers must be  
configured on the switch for the trap receiver to receive switch-  
generated traps. SNMP community strings can contain up to 127  
characters.  
System contact (optional)A text field where you can enter the  
name of the person(s) responsible for managing the switch.  
System nameThe name you have assigned to this switch. The  
default name is switch480T.  
System location (optional)Use this to enter an optional  
location for this switch.  
Table 5.8 describes SNMP configuration commands. Press the Tab  
key in the command line interface for more command options.  
Table 5.8: SNMP Configuration Commands  
Command  
Description  
configure snmp access-profile readonly  
[<access_profile> | none]  
Assigns an access profile that limits which  
stations have read-only access to the switch.  
configure snmp access-profile readwrite  
[<access_profile> | none]  
Assigns an access profile that limits which  
stations have read-write access to the switch.  
configure snmp add trapreceiver <ipaddress>  
community <string>  
Adds the IP address of a specified trap  
receiver. The IP address can be a unicast,  
multicast, or broadcast address. A maximum  
of 16 trap receivers is allowed.  
64  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
5
Accessing the Switch  
Table 5.8: SNMP Configuration Commands (continued)  
Command  
Description  
configure snmp community [readonly |  
readwrite] {encrypted} <string>  
Adds an SNMP read or read/write community  
string. The default readonlycommunity  
string is public. The default readwrite  
community string is private. Each  
community string can have a maximum of  
127 characters, and can be enclosed by double  
quotation marks.  
configure snmp delete trapreceiver  
[<ip_address> community <string> | all]  
Deletes the IP address of a specified trap  
receiver or all authorized trap receivers.  
configure snmp syscontact <string>  
configure snmp syslocation <string>  
configure snmp sysname <string>  
Configures the name of the system contact. A  
maximum of 255 characters is allowed.  
Configures the location of the switch. A  
maximum of 255 characters is allowed.  
Configures the name of the switch. A  
maximum of 32 characters is allowed. The  
default sysname is the model name of the  
device (for example, switch480T). The  
sysnameappears in the switch prompt.  
disable snmp access  
disable snmp traps  
Disables SNMP access on the switch.  
Disabling SNMP access does not affect the  
SNMP configuration (for example,  
community strings).  
Prevents SNMP traps from being sent from  
the switch. This does not clear the SNMP trap  
receivers that have been configured.  
enable snmp access  
enable snmp traps  
Enables SNMP support.  
Enables SNMP trap support.  
unconfigure management  
Restores default values to all SNMP-related  
entries.  
65  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Displaying SNMP Settings  
To display the SNMP settings configured on the routing switch, use  
this command:  
show management  
This command displays the following information:  
Enable/disable state for Telnet, SNMP, and Web access, along  
with access profile information  
SNMP community strings  
Authorized SNMP station list  
SNMP trap receiver list  
RMON polling configuration  
Login statistics  
SNMP enhancements allow the ifMIB to display the port number  
for physical ports and VLAN name for the VLANs index.  
Authenticating Users  
The routing switch uses two methods to authenticate users who  
login to the switch:  
RADIUS§ client  
TACACS+ (Terminal Access Controller Access Control System  
Plus)  
RADIUS Client  
Remote Authentication Dial In User Service (RADIUS, RFC 2138)  
allows you to authenticate and centrally administer access to  
network nodes. The 480T routing switch RADIUS client  
implementation enables authentication for Telnet, Web interface, or  
console access to the switch.  
®
You cannot configure  
You can define a primary and secondary RADIUS server for the  
RADIUS and TACACS+ at routing switch to contact.  
the same time.  
When a user attempts to log on to the switch using Telnet, HTTP,  
or the console, the request is relayed to the primary RADIUS server,  
66  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
5
Accessing the Switch  
and then to the secondary RADIUS server, if the primary does not  
respond.  
If the RADIUS client is enabled, but access to the RADIUS primary  
and secondary servers fail, the routing switch uses its local database  
for authentication.  
The privileges assigned to the user (admin versus non-admin) at the  
RADIUS server take precedence over the configuration in the local  
switch database.  
Per-Command Authentication Using RADIUS  
Use RADIUS to perform per-command authentication. Per-  
command authentication allows you to define several levels of user  
capabilities that determine which set of commands the user has  
access to based on the RADIUS username and password.  
There is no need to configure any additional switch parameters to  
take advantage of this capability. The RADIUS server  
implementation automatically negotiates the per-command  
authentication capability with the switch.  
Configuring RADIUS Client  
You can define primary and secondary server communication  
information. Also for each RADIUS server, you can specify the  
RADIUS port number to use when talking to the RADIUS server.  
The default port value is 1645. The client IP address is the IP  
address used by the RADIUS server for communicating with the  
480T routing switch.  
RADIUS commands are described in Table 5.9. Press the Tab key  
in the command line interface for more command options.  
67  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
®
Table 5.9: RADIUS Commands  
Command  
Description  
configure radius [primary | secondary] server  
[<ipaddress> | <hostname>] {<udp_port>}  
client-ip <ipaddress>  
Configures the primary and secondary  
RADIUS§ server. Specify the following:  
[primary | secondary]Either the  
primary or secondary RADIUS server.  
[<ipaddress> | <hostname>]The IP  
address or host name of the server being  
configured.  
<udp_port>The UDP port to use to  
contact the RADIUS server. The default  
UDP port setting is 1645.  
client-ip <ipaddress>The IP address  
used by the switch to identify itself when  
communicating with the RADIUS server.  
The RADIUS server defined by this command  
is used for user-name authentication and CLI  
command authentication.  
configure radius [primary | secondary]  
shared-secret {encrypted} <string>  
Configures the authentication string used to  
communicate with the RADIUS server.  
configure radius-accounting [primary |  
secondary] shared-secret {encrypted}  
<string>  
Configures the authentication string used to  
communicate with the RADIUS accounting  
server.  
disable radius  
Disables the RADIUS client.  
Disables RADIUS accounting.  
disable radius-accounting  
68  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
5
Accessing the Switch  
®
Table 5.9: RADIUS Commands (continued)  
Command  
Description  
configure radius-accounting [primary |  
secondary] server [<ipaddress> |  
<hostname>] {<udp_port>} client-ip  
<ipaddress>  
Configures the RADIUS accounting server.  
Specify the following:  
[primary | secondary]Either the  
primary or secondary RADIUS server.  
[<ipadress> | <hostname>]The IP  
address or host name of the server being  
configured.  
<udp_port>The UDP port to use to  
contact the RADIUS server. The default  
UDP port setting is 1646.  
client-ip <ipaddress>The IP address  
used by the switch to identify itself when  
communicating with the RADIUS server.  
The accounting server and the RADIUS  
authentication server can be the same.  
enable radius  
Enables the RADIUS client. When enabled, all  
Web and CLI logins are sent to the RADIUS  
servers for authentication. When used with a  
RADIUS server that supports routing switch  
CLI authorization, each CLI command is sent  
to the RADIUS server for authentication  
before it is executed.  
enable radius-accounting  
show radius  
Enables RADIUS accounting. The RADIUS  
client must also be enabled.  
Displays the current RADIUS and RADIUS  
accounting client configuration and statistics.  
show radius-accounting  
Displays the current RADIUS accounting  
client configuration and statistics.  
69  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
RADIUS RFC 2138 Attributes  
The RADIUS RFC 2138 optional attributes supported are:  
User-Name  
User-Password  
Service-Type  
Login-IP-Host  
Configuring TACACS+  
Terminal Access Controller Access Control System Plus  
(TACACS+) is a means for providing authentication, authorization,  
and accounting on a centralized server, similar in function to a  
RADIUS client.  
The routing switch version of TACACS+ is used to authenticate  
prospective users who are attempting to administer the switch.  
TACACS+ is used to communicate between the switch and an  
authentication database.  
You cannot use TACACS+ You can configure two TACACS+ servers, specifying the primary  
and RADIUS at the same  
time.  
server address, secondary server address, and UDP port number to  
be used for TACACS+ sessions.  
Table 5.10 describes the commands that are used to configure  
TACACS+. Press the Tab key in the command line interface for  
more command options.  
70  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
5
Accessing the Switch  
Table 5.10: TACACS+ Commands  
Description  
Command  
configure tacacs [primary | secondary] server  
[<ipaddress> | <hostname>] {<udp_port>}  
client-ip <ipaddress>  
Configures the server information for a  
TACACS+ server. Specify the following:  
primary | secondarySpecifies  
primary or secondary server configuration.  
To remove a server, use the address  
0.0.0.0.  
<ipaddress> | <hostname>The IP  
address or hostname of the TACACS+  
server.  
<udp_port>Optionally specifies the  
UDP port to be used.  
client-ipSpecifies the IP address used  
by the switch to identify itself when  
communicating with the TACACS+ server.  
configure tacacs [primary | secondary]  
shared-secret {encrypted} <string>  
Configures the shared secret string used to  
communicate with the TACACS+ server.  
configure tacacs-accounting [primary |  
secondary] server [<ipaddress> |  
<hostname>] {<udp_port>} client-ip  
<ipaddress>  
Configures the TACACS+ accounting server.  
You can use the same server for accounting  
and authentication.  
configure tacacs-accounting [primary |  
secondary] shared-secret {encrypted}  
<string>  
Configures the shared secret string used to  
communicate with the TACACS+ accounting  
server.  
disable tacacs  
Disables TACACS+.  
disable tacacs-accounting  
disable tacacs-authorization  
enable tacacs  
Disables TACACS+ accounting.  
Disables CLI command authorization.  
Enables TACACS+. Once enabled, all Web  
and CLI logins are sent to one of the two  
TACACS+ servers for login name  
authentication and accounting.  
71  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 5.10: TACACS+ Commands (continued)  
Description  
Command  
enable tacacs-accounting  
Enables TACACS+ accounting. If accounting  
is used, the TACACS+ client must also be  
enabled.  
enable tacacs-authorization  
Enables CLI command authorization. When  
enabled, each command is transmitted to the  
remote TACACS+ server for authorization  
before the command is executed.  
show tacacs  
Displays the current TACACS+ configuration  
and statistics.  
show tacacs-accounting  
Displays the current TACACS+ accounting  
client configuration and statistics.  
unconfigure tacacs {server [primary |  
secondary]}  
Unconfigures the TACACS+ client  
configuration.  
unconfigure tacacs-accounting {server  
[primary | secondary]}  
Unconfigures the TACACS+ accounting  
client configuration.  
Simple Network Time Protocol  
(SNTP)  
Therouting switch supports the client portion of the Simple  
Network Time Protocol (SNTP) Version 3 based on RFC1769. The  
switch can use SNTP to update and synchronize its internal clock  
from a Network Time Protocol (NTP) server.  
When SNTP is enabled, the switch sends out a periodic query to the  
indicated NTP server, or the switch listens to broadcast NTP  
updates. The routing switch also supports the configured setting for  
Greenwich Mean time (GMT) offset and the use of daylight saving  
time.  
72  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
5
Accessing the Switch  
Configuring and Using SNTP  
To use SNTP:  
1
2
Identify the host(s) that are configured as NTP server(s).  
Identify the preferred method for obtaining NTP updates.  
The options are for the NTP server to send out broadcasts,  
or for switches using NTP to query the NTP server(s)  
directly. A combination of both methods is possible.  
3
Configure the Greenwich Mean Time (GMT) offset and day-  
light saving time preference. NTP updates are distributed  
using GMT time.  
To properly display the local time in logs and other  
timestamp information, the switch should be configured with  
the appropriate offset to GMT based on geographical  
location. Table 5.11 describes GMT offsets.  
The command syntax to configure GMT offset and usage of  
daylight saving time is as follows:  
configure timezone <GMT_offset> {autodst |  
noautodst}  
The GMT_OFFSET is in +/  
- minutes from the GMT  
time. You can enable or  
disable Automatic daylight  
saving time (DST)  
4
5
Enable the SNTP client using this command:  
enable sntp-client  
Once enabled, the switch sends out a periodic query to the  
NTP servers (if configured) or listens to broadcast NTP  
updates from the network. The network time information is  
automatically saved in the on-board real-time clock.  
changes. The default  
setting is enabled.  
If you would like this switch to use a directed query to the  
NTP server, configure the switch to use the NTP server(s). If  
the switch listens to NTP broadcasts, skip this step. To config-  
ure the 480T routing switch to use a directed query, use this  
command:  
configure sntp-client [primary | secondary]  
server [<ip_address> | <hostname>]  
NTP queries are first sent to the primary server. If the  
primary server does not respond within one second, or if it is  
not synchronized, the switch queries the secondary server (if  
configured).  
73  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
If the switch cannot obtain the time, it restarts the query  
process. Otherwise, the switch waits for the sntp-client  
update intervalbefore querying again.  
6
Optionally, you can change the interval for which the SNTP  
client updates the real-time clock of the switch using this com-  
mand:  
configure sntp-client update-interval <seconds>  
The default sntp-client update-intervalvalue is 64  
You can verify the configuration using these commands:  
show sntp-client  
7
8
This command provides configuration and statistics associ-  
ated with SNTP and its connectivity to the NTP server:  
show switch  
This command indicates the GMT offset, daylight saving  
time, and the current local time.  
Table 5.11: Greenwich Mean Time Offsets  
GMT  
GMT  
Offset in  
Hours  
Offset in  
Minutes  
Common Time Zone References  
Geographical Reference  
+0:00  
+0  
GMT - Greenwich Mean  
UT or UTC - Universal  
(Coordinated)  
London, England; Dublin,  
Ireland; Edinburgh, Scotland;  
Lisbon, Portugal; Reykjavik,  
Iceland; Casablanca, Morocco  
WET - Western European  
-1:00  
-2:00  
-3:00  
-60  
WAT - West Africa  
AT - Azores  
Cape Verde Islands  
Mid-Atlantic  
-120  
-180  
Brasilia, Brazil; Buenos Aires,  
Argentina; Georgetown,  
Guyana;  
-4:00  
-5:00  
-240  
-300  
AST - Atlantic Standard  
EST - Eastern Standard  
Caracas, La Paz  
Bogota, Columbia; Lima, Peru;  
New York, NY, USA;  
74  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
5
Accessing the Switch  
Table 5.11: Greenwich Mean Time Offsets (continued)  
GMT  
GMT  
Offset in  
Hours  
Offset in  
Minutes  
Common Time Zone References  
Geographical Reference  
-6:00  
-360  
CST - Central Standard  
Chicago, Illinois, USA; Mexico  
City, Mexico; Saskatchewan,  
Canada  
-7:00  
-8:00  
-9:00  
-10:00  
-420  
-480  
-540  
-600  
MST - Mountain Standard  
PST - Pacific Standard  
YST - Yukon Standard  
Salt Lake City, Utah, USA;  
Alberta, Canada  
Los Angeles, CA. USA; Seattle,  
WA, USA  
Whitehorse, Alaska, USA;  
Yukon Territory, Canada  
AHST - Alaska-Hawaii Standard  
CAT - Central Alaska  
Honolulu, Hawaii  
HST - Hawaii Standard  
-11:00  
-12:00  
-660  
-720  
NT - Nome  
Midway Islands, Samoa  
Eniwitok, Kwajalein  
IDLW - International Date Line  
West  
+1:00  
+60  
CET - Central European  
FWT - French Winter  
MET - Middle European  
MEWT - Middle European Winter  
SWT - Swedish Winter  
Paris, France; Berlin, Germany;  
Amsterdam, The Netherlands;  
Brussels, Belgium; Vienna,  
Austria; Madrid, Spain; Rome,  
Italy; Bern, Switzerland;  
Stockholm, Sweden; Oslo,  
Norway  
+2:00  
+3:00  
+120  
+180  
EET - Eastern European, Russia  
Zone 1  
Athens, Greece; Helsinki,  
Finland; Istanbul, Turkey;  
Jerusalem, Israel; Harare,  
Zimbabwe  
BT - Baghdad, Russia Zone 2  
Kuwait; Nairobi, Kenya;  
Riyadh, Saudi Arabia; Moscow,  
Russia; Tehran, Iran  
75  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 5.11: Greenwich Mean Time Offsets (continued)  
GMT  
GMT  
Offset in  
Hours  
Offset in  
Minutes  
Common Time Zone References  
Geographical Reference  
+4:00  
+5:00  
+5:30  
+240  
+300  
+330  
ZP4 - Russia Zone 3  
Abu Dhabi, UAE; Muscat;  
Tblisi; Volgograd; Kabul  
ZP5 - Russia Zone 4  
Islamabad, Karachi, Tashkent,  
Russia  
IST India Standard Time  
Bombay, Calcutta, Madras, New  
Delhi, Pune, Allahabad, India  
+6:00  
+7:00  
+8:00  
+360  
+420  
+480  
ZP6  
Dhaka, Almaty  
WAST - West Australian Standard  
CCT - China Coast, Russia Zone 7  
Bangkok, Jakarta  
Beijing, Hong Kong, Perth,  
Singapore, Taipei  
+9:00  
+540  
+600  
JST - Japan Standard, Russia Zone  
8
Tokyo, Japan; Osaka, Sapporo  
Seoul, Yakutsk  
+10:00  
EAST - East Australian Standard  
GST - Guam Standard  
Russia Zone 9  
Brisbane, Canteberra,  
Melbourne Sydney, Guam,  
Vladivostock  
+11:00  
+12:00  
+660  
+720  
Magadan, Solomon Islands,  
New Caledonia  
IDLE - International Date Line  
East  
Wellington, New Zealand; Fiji,  
Marshall Islands  
NZST - New Zealand Standard  
NZT - New Zealand  
NTP updates are distributed using GMT time. To properly display  
the local time in logs and other timestamp information, the switch  
should be configured with the appropriate offset to GMT based on  
geographical location.  
76  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
5
Accessing the Switch  
SNTP Configuration Commands  
Table 5.12 describes Simple Network Time Protocol (SNTP)  
configuration commands. Press the Tab key in the command line  
interface for more command options.  
Table 5.12: SNTP Configuration Commands  
Command  
Description  
configure sntp-client [primary | secondary]  
server [<ipaddress> | <host_name>]  
Configures an NTP server for the switch to  
obtain time information. Queries are first sent  
to the primary server. If the primary server  
does not respond within 1 second, or if it is  
not synchronized, the switch queries the  
second server.  
configure sntp-client update-interval  
<seconds>  
Configures the interval between polling for  
time information from SNTP servers. The  
default setting is 64.  
disable sntp-client  
enable sntp-client  
show sntp-client  
Disables SNTP client functions.  
Enables SNTP client functions.  
Displays configuration and statistics for the  
SNTP client.  
SNTP Example  
In this example, the 480T routing switch queries a specific NTP  
server and a backup NTP server. An update occurs every 20  
minutes. The commands to configure the switch are:  
configure timezone -480 autodst  
configure sntp-client update interval 1200  
enable sntp-client  
configure sntp-client primary server 10.0.1.1  
configure sntp-client secondary server 10.0.1.2  
77  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
78  
Download from Www.Somanuals.com. All Manuals Search And Download.  
6
Configuring Ports  
This chapter describes how to configure ports on the Intel® NetStructure™  
480T routing switch and covers these topics:  
Configuring Ports  
Changing Port Speed and Duplex Settings  
Jumbo Frames  
Load Sharing  
Jumbo Frames  
Port-Mirroring  
Enterprise Discovery Protocol  
Configuring Ports  
By default, all ports are enabled. To enable or disable one or more ports,  
use this command:  
[enable | disable] ports <portlist>  
For example, to disable ports 3, 5, and 12 through 15 on the switch, enter  
this:  
disable port 3,5,12-15  
Even though a port is disabled, the link remains enabled for diagnostic  
purposes.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
C
H
A
P
T
E
R
6
Intel NetStructure480T Routing Switch User Guide  
Changing Port Speed and Duplex Setting  
By default, the switch is configured to use auto-negotiation to  
determine port speed and duplex setting for each port. You can  
manually configure the duplex setting and the speed of 100/1000  
Mbps ports, and you can manually configure the duplex setting on  
the GBIC ports  
The 480T routing switch fast Ethernet ports can connect to either  
100BASE-TX or 1000BASE-T networks. By default, the ports  
auto-negotiate port speed. You can also configure each port for a  
particular speed (either 100 Mbps or 1000 Mbps).  
The GBIC ports are statically set to 1000 Mbps, and their speed  
cannot be modified.  
To configure port speed and duplex setting, use this command:  
configure ports <portlist> auto off {speed [100 |  
1000]} duplex [half | full]  
Except for the 10/100 management port, only 100 Mbps and 1000  
Mbps speeds are currently supported.  
To configure the switch to auto-negotiate, use this command:  
configure ports <portlist> auto on  
Flow control is supported only on GBIC ports. It is enabled or  
disabled as part of auto-negotiation. If auto-negotiation is set to off,  
flow control is disabled. When auto-negotiation is turned on, flow  
control is enabled.  
Random Early Detection (RED)  
Random Early Detection (RED) selectively drops packets when the  
output interface begins to show signs of congestion. By dropping  
some packets early rather than waiting until the buffer is full, RED  
avoids dropping large numbers of packets at once. This minimizes  
the chance of producing waves of congestion followed by periods  
when the link is not fully used. Thus, RED allows the transmission  
line to be used fully at all times. RED statistically drops more  
packets from large users than small, so traffic sources that generate  
the most traffic are more likely to be slowed down than traffic  
sources that generate little traffic.  
80  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
6
Configuring Ports  
To turn on RED, use this command:  
enable red port <portnumber>  
To configure the probability at which you want random early  
detection to drop packets, use this command:  
configure red drop-probability <percent>  
The percentage range is 0 - 100.  
Turning Off Auto-negotiation for a GBIC Port  
In certain interoperability situations, it is necessary to turn auto-  
negotiation off on a GBIC. Even though these ports run only at full  
duplex and gigabit speeds, the command that turns off auto-  
negotiation must still include the duplex setting.  
This example turns auto-negotiation off for port 4 (a GBIC Mbps  
Ethernet port):  
configure ports 4 auto off duplex full  
Jumbo Frames  
Jumbo frames are Ethernet frames that are larger than the allowable  
maximum size of 1522 bytes, including four bytes used for the  
cyclic redundancy check (CRC). The switch supports switching and  
routing of jumbo frames at wire-speed on all ports.  
Jumbo frames are used between endstations that support larger  
frame sizes for more efficient transfers of bulk data. Both  
endstations (and all the devices in the path) involved in the transfer  
must be capable of supporting jumbo frames.  
81  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
C
H
A
P
T
E
R
6
Intel NetStructure480T Routing Switch User Guide  
Enabling Jumbo Frames  
Some network interface  
cards have a configured  
maximum MTU size that  
does not include the  
additional 4 bytes of CRC.  
Ensure that the NIC  
maximum MTU size is at  
or below the maximum  
MTU size configured on  
the switch. Larger frames  
are dropped at the ingress  
port.  
To enable jumbo frame support, you must configure the MTU size  
(the largest jumbo frame allowed). To set the MTU size, use this  
command:  
configure jumbo-frame size <jumbo_frame_mtu>  
The jumbo_frame_mtu range is 1523 to 9216. The value describes  
the maximum size on the wire,and includes 4 bytes of CRC plus  
another 4 bytes if 802.1Q tagging is being used.  
Next, enable support on the physical ports that will carry jumbo  
frames, using this command:  
enable jumbo-frame ports [<portlist> | all]  
Path MTU Discovery  
In path MTU discovery, a source host will assume that the path  
MTU is the MTU of the first hop, which is known. The host will  
send all datagrams on that path with the DF (datagram  
fragmentation) bit set, restricting fragmentation. If any of the  
datagrams must be fragmented by a switch along the path, that  
switch will discard the datagrams and return ICMP (Internet  
Control Message Protocol) Destination Unreachable messages with  
a code meaning "fragmentation needed and DF set." Upon receipt  
of such a message (sometimes called a "Datagram Too Big"  
message), the source host reduces its assumed path MTU and can  
retransmit.  
The path MTU discovery process ends when:  
The host sets the path MTU low enough that its datagrams can be  
delivered without fragmentation.  
The host does not set the DF bit in the datagram headers.  
A host can choose not to set the DF bit because it is willing to have  
datagrams fragmented. Normally, the host continues to set DF in all  
datagrams, so that if the route changes and the new PMTU is lower,  
the host can perform PMTU discovery again.  
82  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
6
Configuring Ports  
IP Fragmentation with Jumbo frames  
To set the MTU size  
greater than 1500, all  
If an IP packet originates in a local network that allows large  
packets and that packet traverses a network that limits packets to a  
ports in the VLAN must be smaller size, the packet is fragmented instead of discarded. This is  
jumbo-frame enabled.  
designed for use in conjunction with jumbo frame support.  
Frames that are fragmented are not processed at wire-speed within  
the switch fabric.  
Also note that jumbo frame to jumbo frame fragmentation is not  
supported only jumbo frame to normal frame fragmentation is  
currently supported.  
To configure VLANs for IP fragmentation:  
1. Enable jumbo frames on the incoming port  
2. Add the port to a VLAN  
3. Assign an IP address to the VLAN  
4. Enable IP forwarding on the VLAN  
5. Set the MTU size using the following new command:  
configure ip-mtu <size> vlan <vlan name>  
The ip-mtu value can be 1500 or 9216, with 1500 the default. If  
you enter a value other than 1500, the switch will recognize that  
value as 9216.  
IP Fragmentation within a VLAN  
The routing switch also supports IP fragmentation within a VLAN.  
This feature does not require you to configure the MTU size. To use  
IP fragmentation within a VLAN:  
1. Enable jumbo frames on the incoming port  
2. Add the port to a VLAN  
3. Assign an IP address to the VLAN  
4. Enable IP forwarding on the VLAN  
If you leave the default MTU (maximum transmission unit) size  
when you enable jumbo-frame support on a port in the VLAN, you  
will receive a warning that the VLAN IP-MTU size is not set at  
maximum jumbo frame size. You can ignore this warning if you  
83  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
C
H
A
P
T
E
R
6
Intel NetStructure480T Routing Switch User Guide  
want IP fragmentation only within a VLAN. This is for inter-VLAN  
IP fragmentation only. For intra-VLAN IP fragmentation, all ports  
in the VLAN must be configured for jumbo frame support.  
Load Sharing  
Load sharing (also called link aggregation) using 480T routing  
switches allows you to increase bandwidth and resilience between  
switches by using a group of ports to carry traffic in parallel  
between switches. The sharing algorithm allows the routing switch  
to use multiple ports as a single logical port. For example, VLANs  
see the load-sharing group as a single logical port. Most load-  
sharing algorithms also guarantee packet sequencing between  
clients.  
If a port in a round-robin load share group is removed, the traffic  
that was being transmitted on that link is distributed on only one of  
the other active load share links in the round-robin group. The  
traffic is not distributed evenly between the remaining ports.  
If a port in a load-sharing group fails, traffic is redistributed to the  
remaining ports in the load-sharing group. If the failed port becomes  
active again, traffic is redistributed to include that port.  
Load sharing must be  
This feature is supported between 480T routing switches only, but  
may be compatible with third-party trunking or sharing algorithms.  
Check with your Intel Customer Service Representative (see "Intel  
Customer Support" on page 461).  
enabled on both ends of  
the link, or a network loop  
will result.  
Load Sharing Algorithms  
Load-sharing algorithms allow you to select the distribution  
technique used by the load-sharing group to determine the output  
port selection. Algorithm selection is not intended for use in  
predictive traffic engineering.  
84  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
6
Configuring Ports  
If you do not explicitly  
You can configure one of three load-sharing algorithms:  
select an algorithm, the  
port-based scheme is  
used. However, the  
address-based algorithm  
has a more even  
Port-based  
Address-based  
Round-robin  
Port-based load sharing algorithms use the ingress port to determine  
which physical port in the load-sharing group is used to forward  
traffic out of the switch.  
distribution and is the  
recommended choice.  
Address-based load-sharing algorithms use addressing information  
to determine which physical port in the load-sharing group to use  
for forwarding traffic out of the switch. Addressing information is  
based on the packet protocol, as follows:  
IP packetsUses the source and destination MAC and IP  
addresses, and the TCP port number.  
IPX§ packetsUses the source and destination MAC address,  
and IPX network identifiers.  
All other packetsUses the source and destination MAC address.  
Using the round-robin  
algorithm, packet  
sequencing between  
clients is not guaranteed.  
Round-robin load-sharing algorithms forward one packet out of  
each physical port in the load-sharing group using a round-robin  
scheme, whenever the switch receives a stream of packets.  
Configuring Load Sharing  
To set up the 480T routing switch to load share among ports, you  
must create a load-sharing group of ports. The first port in the load-  
sharing group is configured to be the master logical port. This is the  
reference port used in configuration commands. You can think of it  
as if the logical port represents the entire port group.  
Do not mix media types  
such as copper and fiber  
in a load-sharing  
These rules apply to load sharing:  
A group can contain up to 8 ports.  
The ports in a group do not need to be contiguous.  
configuration.  
Using odd numbered ports (1,3,5,7,9,11) can result in uneven  
packet distribution across ports.  
85  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
C
H
A
P
T
E
R
6
Intel NetStructure480T Routing Switch User Guide  
To define a load-sharing group, you assign a group of ports to a  
single, logical port number. To enable or disable a load-sharing  
group, use these commands:  
enable sharing <port> grouping <portlist>  
{algorithm [port-based | address-based | round-  
robin]}  
disable sharing <port>  
Load-Sharing Example  
Do not disable a port that  
is part of a load-sharing  
group. Disabling the port  
prevents it from forwarding  
traffic, but still allows the  
link to initialize. As a  
This example defines a load-sharing group that uses ports 9-12, and  
assigns the first port in the group as the master logical port 9:  
enable sharing 9 grouping 9-12  
In this example, logical port 9 represents physical ports 9  
through 12.  
result, a partner switch  
does not receive a valid  
indication that the port is  
not in a forwarding state,  
and the partner switch will  
continue to forward  
Always reference the master logical port of the load-sharing group  
(port 9 in the previous example) when configuring or viewing  
VLANs. VLANs configured to use other ports in the load-sharing  
group will have those ports deleted from the VLAN when load  
sharing becomes enabled.  
packets.  
Verifying the Load Sharing Configuration  
The show ports configurationcommand shows whether or not  
the ports are load sharing and shows the master logical port identity.  
Port Commands  
Table 6.1 describes the port commands. For further command  
options, press the Tab key in the command line interface.  
86  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
6
Configuring Ports  
Table 6.1: Port Commands  
Command  
Description  
configure jumbo-frame size  
<jumbo_frame_mtu>  
Configures the jumbo frame size. The range is  
between 1523 and 9216. The default setting is  
9216.  
configure ports <portlist> auto off {speed  
[100 | 1000]} duplex [half | full]  
Changes the configuration of a group of ports.  
Specify:  
auto offThe port will not auto-  
negotiate the settings.  
speedThe speed of the port. Except for  
the 10/100 management port, only  
100/1000 speeds are currently supported on  
the 480T routing switch.  
duplexThe duplex setting (half-duplex  
or full-duplex).  
configure ports <portlist> auto on  
Enables auto-negotiation for the port type;  
802.3z for 100/1000 Mbps ports, or 802.3u for  
the 10/100 management port.  
configure ports <portlist> display-string  
<string>  
Configures a user-defined string for a port. The  
string is displayed in certain showcommands  
(for example, show ports info). The string  
can be up to 16 characters.  
configure ports [all | mgmt | <portnumber>]  
qosprofile <qosname>  
Configures one or more ports to use a particular  
QoS profile.  
disable jumbo-frame ports [<portlist> | all]  
disable learning ports <portlist>  
Disables jumbo frame support on a port.  
Disables MAC address learning on one or more  
ports for security purposes. Once disabled, only  
broadcast traffic, EDP traffic, and packets  
destined for a permanent MAC address that  
matches a port number, are forwarded to that  
port. The default setting is enabled.  
87  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
C
H
A
P
T
E
R
6
Intel NetStructure480T Routing Switch User Guide  
Table 6.1: Port Commands (continued)  
Command  
Description  
disable ports <portlist>  
Disables a port. Even when disabled, the link is  
available for diagnostic purposes.  
disable sharing <port>  
Disables a load-sharing group of ports.  
enable jumbo-frame ports [<portlist> | all]  
Enables reception and transmission of jumbo  
frames. A jumbo frame is dropped:  
if it is received on a port with jumbo frames  
disabled, or  
if the jumbo frame needs to be forwarded  
out of a port that has jumbo frames  
disabled.  
enable learning ports <portlist>  
enable ports [<portlist> | all]  
Enables MAC address learning on one or more  
ports. The default setting is enabled.  
Enables a port.  
enable sharing <port> grouping <portlist>  
{algorithm [port-based | address-based |  
round-robin]}  
Defines a load-sharing group of ports. The ports  
specified in <portlist> are grouped to the  
master port. Optional load-sharing algorithms  
include:  
port-basedUses the ingress port as  
criteria for egress port selection.  
address-basedUses addressing  
information as criteria for egress port  
selection.  
round-robinForwards packets to all  
egress ports in a round-robinfashion.  
If not specified, port-based load sharing is used.  
restart ports {<portlist> | mgmt}  
Resets auto-negotiation for one or more ports by  
resetting the physical link.  
show ports {<portlist> | mgmt} collisions  
Displays real-time collision statistics.  
88  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
6
Configuring Ports  
Table 6.1: Port Commands (continued)  
Command  
Description  
show ports {<portlist> | mgmt}  
configuration  
Displays the port configuration.  
show ports {<portlist> | mgmt} info  
{detail}  
Displays detailed system-related information.  
Displays a histogram of packet statistics.  
show ports {<portlist> | mgmt} packet  
show ports {<portlist> | mgmt} qosmonitor Displays real-time QoS statistics. For more  
information, refer to "Quality of Service (QoS)"  
on page 135.  
show ports {<portlist> | mgmt} Rxerrors  
Displays real-time receive error statistics. For  
more information on error statistics, refer to  
"Status Monitoring and Statistics" on page 403.  
show ports {<portlist> | mgmt} stats  
show ports {<portlist> | mgmt} txerrors  
show ports {<portlist> | mgmt} utilization  
Displays real-time port statistics.  
Displays real-time transmit error statistics.  
Displays real-time port utilization information.  
Use the Spacebar to toggle between packet,  
byte, and bandwidth utilization information.  
unconfigure ports {<portlist> | mgmt }  
display-string <string>  
Clears the user-defined display string from a  
port.  
enable red port <portnumber>  
Enables RED on a port.  
configure red drop-probability <percent>  
Configures the RED drop-probability. The  
percentage range is 0 - 100.  
disable red ports  
Disables RED on one or all ports.  
89  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
C
H
A
P
T
E
R
6
Intel NetStructure480T Routing Switch User Guide  
Port-Mirroring  
Port-mirroring configures the switch to copy all traffic coming in  
and out of one or more ports to a monitor port on the switch. You  
can connect the monitor port to a network analyzer or RMON probe  
for packet analysis.  
The switch uses a traffic filter that copies a group of traffic to the  
monitor port. You can define the traffic filter based on:  
Physical portAll data that traverses the port, regardless of  
VLAN configuration, is copied to the monitor port.  
VLANAll data to and from a particular VLAN, regardless of  
the physical port configuration, is copied to the monitor port.  
Virtual portAll data specific to a VLAN on a specific port is  
copied to the monitor port.  
You can configure up to eight mirroring filters and one monitor  
port. Once you specify a port as a monitor port, you cannot use it for  
any other function.  
The mirroring port can be tagged or untagged. This allows the  
mirroring of multiple ports and/or VLANs to a mirror port while  
preserving the ability of a single protocol analyzer to track and  
differentiate traffic within a broadcast domain (VLAN) and across  
broadcast domains (e.g. across VLANS when routing). See  
Tagged VLANson page 99.  
Frames that contain errors Mirrored frames that are transmitted from the switch do not contain  
are not mirrored.  
802.1Q VLAN tagging information.  
Mirroring Combined with Load Sharing  
When mirroring ports also involve load-sharing, these limitations  
apply:  
Mirroring multiple or single VLANs on a specific port is known  
to cause behavioral problems when used in combination with load  
sharing. If enabled, load sharing will only make use of the master  
port and will not fail-over correctly. Deleting the mirror entry will  
restore normal operation.  
If the master port of a load-shared port group is down, mirroring  
will not provide traffic for the load-shared port group.  
90  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
6
Configuring Ports  
Mirroring IP Multicast Traffic  
Due to IGMP snooping, multicast traffic may cease to be seen on a  
mirror port. If you issue a restartcommand for the mirror port or  
remove and reinsert the port connection, multicast traffic will  
resume for the IGMP host time-out period (260 seconds).  
Mirroring Bandwidth  
Performing mirroring on gigabit ports running at line-rate will  
reduce the traffic throughput by approximately 30 percent.  
Mirroring and Flooding  
When a mirrored port is configured, the forwarding database for  
items being mirrored (e.g. ports or VLANs) are automatically  
cleared from the forwarding database if the link status on the mirror  
port changes. This can cause some temporary flooding until the  
normal learning process completes. Thus, removing or inserting a  
probe device into the mirror port may appear to cause flooding.  
However, this is expected behavior.  
Mirroring and Download Configuration  
When a mirrored port is enabled and configured, a downloaded  
configuration with mirroring options configured will cause the  
console to lock up. Manually reset the switch to regain access.  
Port-Mirroring Commands  
Port-mirroring commands are described in Table 6.2. For further  
command options, press the Tab key in the command line interface.  
Table 6.2: Port-Mirroring Configuration Commands  
Command  
Description  
configure mirroring add [vlan <name> | port  
<port> | vlan <name> port <port>]  
Adds a single mirroring filter definition.  
You can add up to eight mirroring  
definitions. You can mirror traffic from a  
VLAN, a physical port, or a specific  
VLAN/port combination.  
91  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
C
H
A
P
T
E
R
6
Intel NetStructure480T Routing Switch User Guide  
Table 6.2: Port-Mirroring Configuration Commands  
Command  
Description  
configure mirroring delete [vlan <name> | port  
<port> | vlan <name> port <port>]  
Deletes a particular mirroring filter  
definition, or all mirroring filter definitions.  
disable mirroring  
Disables port mirroring.  
enable mirroring to port <portnumber> [tagged |  
untagged]  
Designates a port as the mirror output port.  
See Tagged VLANson page 99.  
show mirroring  
Displays the port-mirroring configuration.  
Port-Mirroring Example  
This example selects port 3 as the mirror port, and sends all traffic  
coming into or out of the switch on port 1 to the mirror port:  
enable mirroring to port 3 untagged  
configure mirroring add port 1  
This next example sends all traffic coming into or out of the switch  
on port 1 and the VLAN default to the mirror port (enable mirroring  
for port 3 first):  
configure mirroring add port 1 vlan default  
Enterprise Discovery Protocol  
The Enterprise Discovery Protocol (EDP) is used to gather  
information about neighbor 480T routing switches. EDP is used by  
the switches to exchange topology information. EDP is also used by  
the Enterprise Standby Router Protocol (ESRP). Information  
communicated using EDP includes:  
MAC address (switch ID)  
Software version information  
IP address  
VLAN-IP information  
Port number  
92  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
6
Configuring Ports  
EDP Commands  
Table 6.3 lists EDP commands. For further command options, press  
the Tab key in the command line interface.  
Table 6.3: EDP Commands  
Command  
Description  
disable edp ports [<portlist> | all]  
enable edp ports [<portlist> | all]  
Disables the EDP on one or more ports.  
Enables generation and processing of EDP  
messages on one or more ports. The default  
setting is enabled.  
93  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
C
H
A
P
T
E
R
6
Intel NetStructure480T Routing Switch User Guide  
94  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Virtual LANs  
(VLANs)  
7
Setting up Virtual Local Area Networks (VLANs) on the switch eases  
many time-consuming tasks of network administration while increasing  
efficiency in network operations.  
This chapter describes the concept of VLANs and explains how to  
implement VLANs on the Intel® NetStructure480T routing switch.  
Overview of Virtual LANs  
The term VLAN (Virtual Local Area Network) refers to a collection of  
devices that communicate as if they were on the same physical LAN. Any  
set of ports (including all ports on the switch) can be considered a VLAN.  
You can create up to 3000 LAN segments are not restricted by the hardware that physically connects  
VLANs on the Intel®  
NetStructure480T  
routing switch.  
them. The segments are defined by flexible user groups you create with  
the command-line interface.  
Benefits  
Implementing VLANs on your networks has several advantages. VLANs:  
Help to control traffic.  
Provide extra security.  
Ease the change and movement of devices.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
VLANs Help to Control Traffic  
With traditional networks, broadcast traffic can cause congestion,  
because packets are sent to all network devices, even though the  
data is not needed by all.  
VLANs increase the efficiency of your network because each  
VLAN can be set up to include only those devices that must  
communicate with each other.  
VLANs Provide Extra Security  
Devices within each VLAN can only communicate with member  
devices in the same VLAN. For a device in VLAN Marketing to  
communicate with devices in VLAN Sales, the traffic must cross a  
routing device specifically configured for that purpose.  
VLANs Ease Device Change and Movement  
VLANs are not based on  
physical location.  
Therefore physical moves  
of devices do not require  
manual system updating.  
Many network administrators spend much of their time dealing with  
moves and changes. If users move to a different subnetwork, the  
addresses of each endstation must be updated manually.  
Bi-directional Rate Shaping for Layer 3 Routed  
VLANs  
For more information see  
"Bi-directional Rate  
Shaping for Layer 3  
Routed VLANs" on page  
163.  
Bi-directional rate shaping allows you to perform bandwidth  
management for Layer 2 and Layer 3 traffic flowing both to and  
from the switch.  
You can achieve bi-directional control by defining queue minimum  
and maximum bandwidth parameters to build true committed  
information rate capabilities. Also:  
All traffic grouping and bandwidth-management capabilities  
associated with Quality of Service (QoS) can be used for both  
directions of traffic.  
When switch ports are  
configured while in Layer 2  
mode, MAC block conflicts  
will not return error  
messages if Layer 3 mode  
is later enabled.  
The switch returns error messages on MAC block conflicts when  
you add rate-shaped ports to VLANs.  
MAC block restrictions do not exist when using the switch as  
Layer 2 only.  
96  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
7
Virtual LANs (VLANs)  
Types of VLANs  
You can create VLANs based on these criteria:  
Physical port  
802.1Q tag  
Ethernet, Logical Link Control Service Advertising Protocol  
(LLC SAP), or Logical Link Control Subnetwork Access  
Protocol (LLC/SNAP) Ethernet protocol type  
MAC address  
A combination of these criteria  
Port-Based VLANs  
In a port-based VLAN, a VLAN name is given to a group of one or  
more ports on the switch. A port can be a member of only one port-  
based VLAN.  
For example, on the switch in Figure 7.1:  
Ports 1 through 4 are part of VLAN Marketing  
Ports 9 through 12 are part of VLAN Sales  
Ports 5 through 8 and 15 and 16 are in VLAN Finance.  
Finance  
Marketing  
Sales  
®
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
480t_016  
®
Figure 7.1: Example of a port-based VLAN on the Intel  
NetStructure480T routing switch  
For the members of the different IP VLANs to communicate, the  
traffic must be routed by the switch, even if they are physically part  
97  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
of the same port. This means that each VLAN must be configured  
as a router interface with a unique IP address.  
Spanning Switches with Port-Based VLANs  
To create a port-based VLAN that spans two switches, you must:  
Assign the port on each switch to the VLAN.  
Connect the two switches using one port on each switch per  
VLAN.  
Figure 7.2 illustrates a single VLAN that spans two 480T routing  
switches. All ports on both switches belong to VLAN Sales. The  
two switches are connected using port 13 on System 1, and port 16  
on System 2.  
Sales  
System 1  
System 2  
®
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
®
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
480t_017  
Figure 7.2: Single port-based VLAN spanning two switches  
To create multiple VLANs that span two switches in a port-based  
VLAN, a port on System 1 must be connected to a port on System  
2 for each spanned VLAN and each of these ports must also be a  
member of the corresponding VLANs.  
Figure 7.3 illustrates two VLANs spanning two switches:  
On System 1, ports 9 through 12 are part of VLAN Accounting  
and ports 13 through 16 are part of VLAN Engineering.  
98  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
7
Virtual LANs (VLANs)  
On System 2, ports 1 through 4 are part of VLAN Accounting  
and ports 5 through 8, 15, and 16 are part of VLAN Engineering.  
System 1  
®
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
Accounting  
Engineering  
®
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
System 2  
480t_018  
Figure 7.3: Two port-based VLANs spanning two switches  
VLAN Accounting spans System 1 and System 2 by way of a  
connection between System 1, port 12 and System 2, port 1.  
VLAN Engineering spans System 1 and System 2 by way of a  
connection between System 1, port 13, and System 2, port 16.  
Using this configuration, you can create multiple VLANs that span  
multiple switches, in a daisy-chained fashion. To function properly:  
Each switch must have a dedicated port for each VLAN.  
Each dedicated port must be connected to a port that is a member  
of its VLAN on the next switch.  
Tagged VLANs  
Tagging is a process that inserts a marker (called a tag) into the  
Ethernet frame. The tag includes the identification number of a  
specific VLAN, called the VLANid.  
Using 802.1Q tagged packets may create packets slightly bigger  
than the current IEEE 802.3/Ethernet maximum of 1,518 bytes.  
This may affect packet error counters in other devices, and may also  
99  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
lead to connectivity problems if non-802.1Q bridges or routers are  
placed in the path.  
Uses of Tagged VLANs  
Tagging is most commonly used to create VLANs that span  
switches. The switch-to-switch connections are typically called  
trunks. Using tags, multiple VLANs can span multiple switches  
using one or more trunks. In a port-based VLAN, each VLAN  
requires its own pair of trunk ports, as shown in Figure 7.3. Using  
tags, multiple VLANs can span two switches with a single trunk.  
Another benefit of tagged VLANs is that a port can be a member of  
multiple VLANs. This is particularly useful if you have a device  
(such as a server) that must belong to multiple VLANs.  
A single port can be a member of only one port-based VLAN. If you  
want the port to be a member of more than one VLAN, it must use  
tagging. All additional VLAN membership for the port must be  
accompanied by tags. Along with configuring the VLAN tag for the  
port, the server must have a network interface card (NIC) that  
supports 802.1Q tagging.  
Assigning a VLAN Tag  
Each VLAN may be assigned an 802.1Q VLAN tag. As ports are  
added to a VLAN with an 802.1Q tag defined, you decide whether  
each port will use tagging for that VLAN. The default mode of the  
switch is to have all ports assigned to the VLAN named default with  
an 802.1Q VLAN tag (VLANid) of 1 assigned.  
Any packets arriving  
Not all ports in the VLAN must be tagged. As traffic from a port is  
tagged with a VLANid that forwarded out of the switch, the switch determines (in real time) if  
is not configured on a port each destination port should use tagged or untagged packet formats  
is discarded.  
for that VLAN. The switch adds and deletes tags, as required, by the  
port configuration for that VLAN.  
Figure 7.4 illustrates the physical view of a network that uses  
tagged and untagged traffic.  
100  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
7
Virtual LANs (VLANs)  
®
1
9
2
3
4
5
6
7
8
M
S
S
M
10  
11  
12  
13  
14  
15  
16  
S
M
Switch 1  
M
S
= Marketing  
= Sales  
802.1Q  
Tagged server  
= Tagged port  
®
1
2
3
4
5
6
7
8
M
S
M
S
9
10  
11  
12  
13  
14  
15  
16  
M
S
Switch 2  
480t_001  
Figure 7.4: Physical diagram of tagged and untagged traffic  
Figure 7.5 shows a logical diagram of the same network.  
Switch 1  
Sales  
Marketing  
Port 9 *  
Port 16 *  
Switch 1  
Switch 2  
Switch 1  
Switch 2  
Port 2  
Port 8  
Port 12  
Port 1  
Port 6  
Port 9  
Port 3  
Port 5  
Port 11  
Port 2  
Port 7  
Port 10  
Switch 2  
Port 16 *  
*Tagged Ports  
480t_002  
Figure 7.5: Logical diagram of tagged and untagged traffic  
In Figure 7.4 and Figure 7.5:  
The trunk port on each switch carries traffic for both VLAN  
Marketing and VLAN Sales.  
101  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
The trunk port on each switch is tagged.  
The server connected to port 9 on System 1 has a NIC that  
supports 802.1Q tagging.  
The server connected to port 9 on System 1 is a member of both  
VLAN Marketing and VLAN Sales.  
All other stations use untagged traffic.  
As data passes out of the switch, the switch determines if the  
destination port requires the frames to be tagged or untagged. All  
traffic coming from and going to the server is tagged. Traffic  
coming from and going to the trunk ports is tagged. The traffic that  
comes from and goes to the other stations on this network is not  
tagged.  
Mixing Port-Based and Tagged VLANs  
You can configure the switch using a combination of port-based and  
tagged VLANs. Each port can be a member of multiple VLANs,  
with the stipulation that only one of its VLANs uses untagged  
traffic. In other words, a port can simultaneously be a member of  
one port-based VLAN and multiple tag-based VLANs.  
VLAN classification treats packets arriving on a port with an  
802.1Q tag containing a VLANid of zero as untagged.  
Protocol-Based VLANs  
Protocol-based VLANs allow you to define a packet filter as the  
matching criteria to determine if a packet belongs to a particular  
VLAN.  
Protocol-based VLANs are most often used in situations where  
network segments include hosts running multiple protocols. For  
example, in Figure 7.6, the hosts are running both the IP and  
NetBIOS§ protocols:  
The IP traffic is divided into two IP subnets, 192.207.35.0 and  
192.207.36.0.  
The subnets are internally routed by the switch.  
The subnets are assigned different VLAN names, Finance and  
Personnel, respectively.  
102  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
7
Virtual LANs (VLANs)  
The remainder of the traffic belongs to the VLAN named  
MyCompany.  
All ports are members of the VLAN MyCompany.  
®
192.207.35.1  
192.207.36.1  
My Company  
192.207.35.0  
Finance  
192.207.36.0  
Personnel  
1
2
3
4
= IP traffic  
= All other traffic  
480t_003  
Figure 7.6: Protocol-based VLANs  
Predefined Protocol Filters  
These protocol filters are predefined on the switch:  
IP  
IPX§  
NetBIOS  
DECnet§  
IPX_8022  
IPX_SNAP  
AppleTalk§  
103  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Defining Protocol Filters  
For more information on  
SNAP for Ethernet  
If necessary, you can define a customized protocol filter, based on  
Ethertype, Logical Link Control (LLC), and/or Subnetwork Access  
Protocol (SNAP). Up to six protocols may be part of a protocol  
filter.  
protocol types, see  
TR 11802-5:1997 (ISO/  
IEC) [ANSI/IEEE std.  
802.1H, 1997 Edition]. For  
more information on  
standards see "Technical  
Specifications and  
To define a protocol filter:  
1. Create a protocol using this command:  
create protocol <protocol_name>  
For example:  
Supported Limits" on page  
431.  
create protocol fred  
The protocol name can have a maximum of 32 characters.  
2. Configure the protocol using this command:  
configure protocol <protocol_name> add  
<protocol_type> <hex_value>  
Supported protocol types include:  
etypeEthertype  
The values for etypeare four-digit hexadecimal numbers taken  
from a list maintained by the IEEE. You can find this list at this  
URL:  
http://standards.ieee.org/regauth/ethertype/  
index.html  
llcLLC Service Advertising Protocol (SAP)  
The values for LLCare four-digit hexadecimal numbers that are  
created by concatenating a two-digit LLC Destination SAP  
(DSAP) and a two-digit LLC Source SAP (SSAP).  
snapEthertype inside an IEEE SNAP packet encapsulation.  
The values for snapare the same as the values for etype,  
described previously.  
For example:  
configure protocol fred add llc feff  
configure protocol fred add snap 9999  
You can define a maximum of fifteen protocol filters, each  
containing a maximum of six protocols. All fifteen protocol filters  
can be active and configured for use.  
104  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
7
Virtual LANs (VLANs)  
Deleting a Protocol Filter  
If a protocol filter is deleted from a VLAN, the VLAN is assigned  
a protocol filter of none. You can continue to configure the VLAN.  
However, no traffic is forwarded to the VLAN until a protocol is  
assigned to it.  
Precedence of Tagged Packets Over Protocol  
Filters  
If a VLAN is configured to accept tagged packets on a particular  
port, incoming packets that match the tag configuration take  
precedence over any protocol filters associated with the VLAN.  
VLAN Names  
Each VLAN is given a name that can be up to 32 alphanumeric  
characters.  
VLAN names normally begin with an alphabetical letter. Use  
quotation marks to enclose a VLAN name that does not begin with  
an alphabetical character, or that includes a space, comma, or other  
special character. For example:-  
Table 7.1:  
Correct  
Incorrect  
vlanmarketing2  
2ndvlangroup”  
vlan marketing”  
2ndvlangroup  
vlan marketing  
Use VLAN names  
consistently across your  
entire network.  
VLAN names are locally significant. That is, VLAN names used on  
one switch are only meaningful to that switch. If another switch is  
connected to it, the VLAN names have no significance to the other  
switch.  
105  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Default VLAN  
The switch ships with one default VLAN that has these properties:  
The VLAN name is default.  
It includes all the ports on a new or initialized switch.  
The default VLAN is untagged on all ports. It has an internal  
VLANid of 1.  
Renaming a VLAN  
To rename a VLAN, use this command:  
configure vlan <old_name> name <new_name>  
These rules apply to renaming VLANs:  
Once you change the default VLAN name, it cannot be changed  
back to default.  
You cannot create a new VLAN named default.  
You cannot change the VLAN name MacVlanDiscover.  
Although the switch accepts a name change, the original name is  
recreated after the switch is rebooted.  
Configuring VLANs on the Switch  
This section describes the commands associated with setting up  
VLANs on the switch.  
To configure a VLAN:  
1. Create and name the VLAN.  
2. Assign an IP address and mask (if applicable) to the VLAN, if  
needed.  
Each IP address and  
3. Assign a VLANid, if any ports in this VLAN uses a tag.  
4. Assign one or more ports to the VLAN.  
mask assigned to a VLAN  
must represent a unique  
IP subnet. You cannot  
configure the same IP  
subnet on different VLANs.  
As you add each port to the VLAN, decide if the port uses an  
802.1Q tag.  
106  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
7
Virtual LANs (VLANs)  
Table 7.2 describes the commands used to configure a VLAN. For  
a complete list of command options, press the Tab key in the  
command line interface.  
Table 7.2: VLAN Configuration Commands  
Command  
Description  
configure dot1q ethertype <ethertype>  
Configures an IEEE 802.1Q Ethertype. Use  
this command only if you have another switch  
that supports 802.1Q, but uses an Ethertype  
value other than 8100. You must reboot the  
switch for this command to take effect.  
configure protocol <protocol_name> [add |  
delete] <protocol_type> <hex_value>  
{<protocol_type> <hex_value>} ...  
Configures a protocol filter. Supported  
<protocol_type> values include:  
etype  
llc  
snap  
The variable <hex_value> is a hexadecimal  
number between 0 and FFFF that represents  
either the Ethernet protocol type, the  
Destination Service Access Point/Session  
Service Access Point (DSAP/SSAP)  
combination (for Link Level Control (LLC)),  
or the Subnetwork Network Access Protocol  
(SNAP)-encoded Ethernet protocol type (for  
SNAP).  
configure vlan <name> add port [<portlist> |  
all] {tagged | untagged} {nobroadcast}  
Adds one or more ports to a VLAN. You can  
specify tagged or untagged ports. Specify  
nobroadcastto prevent the forwarding of  
broadcast, multicast, and unknown unicast  
traffic. By default, ports are untagged.  
configure vlan <name> delete port [<portlist>  
| all]  
Deletes one or more ports from a VLAN.  
configure vlan <name> ipaddress  
<ipaddress> {<mask>}  
Assigns an IP address and an optional mask to  
the VLAN.  
107  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 7.2: VLAN Configuration Commands (continued)  
Command  
Description  
configure vlan <name> protocol  
[<protocol_name> | any]  
Configures a protocol-based VLAN. If the  
keyword anyis specified, it becomes the  
default VLAN. All packets that cannot be  
forwarded to other protocol-based VLANs  
are assigned to the default VLAN of that port.  
configure vlan <name> qosprofile  
[<qosprofile> | none]  
Configures a VLAN to use a particular QoS  
profile. Dynamic forwarding database entries  
(FDB) associated with the VLAN are flushed  
once the change is committed.  
configure vlan <name> tag <vlanid>  
Assigns a numerical VLANid. The valid  
range is from 1 to 4095.  
configure vlan <old-name> name <new-  
name>  
Changes the name of a configured VLAN.  
create protocol <protocol_name>  
create vlan <name>  
Creates a user-defined protocol.  
Creates a named VLAN.  
Removes a protocol.  
delete protocol <protocol>  
delete vlan <name>  
Removes a VLAN.  
unconfigure vlan <name> ipaddress  
unconfigure vlan <name> xnetid  
Resets the VLAN IP address.  
Resets the VLAN xnetid.  
VLAN Configuration Examples  
Example 1  
This example creates a port-based VLAN named accounting,  
assigns the IP address 132.15.121.1, and assigns ports 1, 2, 3 and 6  
to it:  
create vlan accounting  
configure accounting ipaddress 132.15.121.1  
108  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
7
Virtual LANs (VLANs)  
configure default delete port 1-3,6  
configure accounting add port 1-3,6  
Because VLAN names are unique, you do not need to enter the  
keyword vlan after you have created the unique VLAN name. You  
can use the VLAN name alone.  
Example 2  
This example creates a tag-based VLAN named video. It assigns the  
VLANid 1000. Ports 4 through 8 are added as tagged ports to the  
VLAN.  
create vlan video  
configure video tag 1000  
configure video add port 4-8 tagged  
Example 3  
This example creates a VLAN named sales, with the VLANid 120.  
The VLAN uses both tagged and untagged ports. Ports 1 through 3  
are tagged, and ports 4 and 7 are untagged. When not explicitly  
specified, ports are added as untagged.  
create vlan sales  
configure sales tag 120  
configure sales add port 1-3 tagged  
configure sales add port 4,7  
Example 4  
This example creates a protocol-based VLAN named ipsales. Ports  
6 through 8 are assigned to the VLAN.  
create vlan ipsales  
configure ipsales protocol ip  
configure ipsales add port 6-8  
Example 5  
This example defines a protocol filter, myprotocol and applies it to  
the VLAN named myvlan. This is a command syntax example only,  
and has no real-world application.  
109  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
create protocol myprotocol  
configure protocol myprotocol add etype 0xf0f0  
configure protocol myprotocol add etype 0xffff  
create vlan myvlan  
configure myvlan protocol myprotocol  
Displaying VLAN Settings  
To display VLAN settings, use this command:  
show vlan {<name>}  
The showcommand displays summary information about each  
VLAN, and includes:  
Name  
VLANid  
How the VLAN was created  
IP address  
IPX address (if configured)  
STPD information  
Protocol information  
QoS profile information  
Ports assigned  
Tagged/untagged status for each port  
How the ports were added to the VLAN  
If you want to show all VLANs, type:  
show vlan detail  
To display protocol information, use this command:  
show protocol {<protocol>}  
This showcommand displays protocol information, including:  
Protocol name  
List of protocol fields  
110  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
7
Virtual LANs (VLANs)  
VLAN Statistics  
You can collect statistics on a per VLAN basis. Available statistics  
include:  
Receive and Transmit Unicast  
Receive and Transmit Multicast  
Receive and Transmit Broadcast  
Receive and Transmit Byte Count.  
To display VLAN statistics use the command:  
show vlan stats vlan <vlan_name> <vlan_name>  
You can use multiple VLAN names in this syntax for multiple  
VLAN displays.  
Deleting VLANs  
To delete a VLAN, or to return VLAN settings to their defaults, use  
the commands listed in Table 7.3. For a complete list of command  
options, press the Tab key in the command line interface.  
Table 7.3: VLAN Delete and Reset Commands  
Command  
Description  
delete protocol <protocol>  
delete vlan <name>  
Removes a protocol.  
Removes a VLAN.  
unconfigure vlan <name> ipaddress  
Resets the IP address of the VLAN.  
VLAN Tunneling (vMANs)  
Tunneling technology (also called encapsulating) allows you to  
send data from one network through another networks connections.  
It does this by encapsulating a network protocol within data packets  
carried by the second network.  
111  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
You can tunnel any number of 802.1Q VLANs into a single VLAN  
that can be switched through the 480T routing switch Ethernet  
infrastructure.  
Each tunnel is completely isolated from other tunnels or VLANs.  
This feature is useful in building transparent private networks (also  
called virtual metropolitan area networks or vMANs) that need  
point-to-point or point-to-multipoint connectivity across an  
Ethernet infrastructure.  
The VLAN tagging methods used within the vMAN tunnel are  
transparent to the tunnel. The tagging numbers and methods used by  
the customer are transparent to the metropolitan area network  
(MAN) provider.  
To configure a vMAN tunnel:  
1. Modify the 802.1Q Ethertype used by the switch to recognize  
tagged frames.  
2. Configure the switch to accept larger MTU (maximum  
transmission unit) size frames (jumbo frames).  
3. Create tunnels by creating VLANs and configuring member ports  
as tagged on switch-to-switch ports and untagged on the tunnels  
ingress/egress ports.  
112  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
7
Virtual LANs (VLANs)  
The figure shows a vMAN configuration with two tunnels that have  
ingress/egress ports on each 480T routing switch.  
Figure 7.7: vMAN Configuration  
Tunnel #1  
ingress/egress  
Tunnel #1  
ingress/egress  
®
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Ports 1-4  
Ports 1-4  
1:1  
1:2  
®
®
31  
31  
32  
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
vMAN core  
10  
11  
12  
10  
11  
12  
13  
14  
15  
16  
13  
14  
15  
16  
32  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
32  
31  
Ports 5-8  
Ports 5-8  
®
1
9
2
3
4
5
6
7
8
Tunnel #2  
Tunnel #2  
10  
11  
12  
13  
14  
15  
16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
ingress/egress  
ingress/egress  
Ports 1-4  
Ports 5-8  
Tunnel #1  
ingress/egress  
Tunnel #2  
ingress/egress  
480T_05  
The switches are configured as follows:  
configure dot1q ethertype 9100  
enable jumbo-frame ports 1,2  
configure jumbo-frame size 1530  
create vlan Tunnel1  
configure vlan Tunnel1 tag 50  
configure vlan Tunnel1 add port 1-4 untag  
configure vlan Tunnel1 add port 1,2 tagged  
create vlan Tunnel2  
configure vlan Tunnel2 tag 60  
configure vlan Tunnel2 add port 5-8 untag  
create vlan Tunnel2 add port 1,2 tagged  
113  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Specific to this configuration, a Layer 1 or Layer 2 redundancy  
method would also be employed, such as Spanning Tree or other  
protocol available on the switch.  
MAC-Based VLANs  
MAC-based VLANs allow physical ports to be mapped to a VLAN  
based on the source MAC address learned in the forwarding  
database (FDB). This feature allows you to designate a set of ports  
that have their VLAN membership dynamically determined by the  
MAC address of the endstation that plugs into the physical port.  
You can configure the source MAC address-to-VLAN mapping  
either offline or dynamically on the switch.  
For example, you can use this application for a roaming user who  
wishes to connect to a network from a conference room. In each  
conference room, the user plugs into one of the designated ports on  
the switch and is mapped to the appropriate VLAN. Connectivity is  
maintained to the network with all of the benefits of the configured  
VLAN in terms of QoS, routing, and protocol support.  
MAC-Based VLAN Guidelines  
When using MAC-to-VLAN mapping, consider these guidelines:  
A port can only accept connections from an endstation/host and  
should not be connected to a Layer-2 repeater device.  
Connecting to a Layer-2 repeater device can prevent certain  
addresses from mapping to their respective VLAN if they are not  
correctly configured in the MAC-VLAN configuration database.  
If a repeater device is connected to a MAC-based VLAN port,  
and the configured MAC-to-VLAN mapped station enters on  
the repeater, any endstation that is attached to the repeater can  
be mapped to that VLAN while the configured endstation is  
active in that VLAN. After removing the configured MAC-to-  
VLAN endstation, all other endstations lose connectivity.  
Groups are used as a security measure to allow a MAC address to  
enter into a VLAN only when the group mapping matches the  
port mapping.  
114  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
7
Virtual LANs (VLANs)  
This example show MAC 00:00:00:00:00:aa is only allowed to  
enter into the VLAN on ports 10 and 11 because of membership  
in group 100:  
* switch480T:50 # show mac  
Port  
Vlan  
Group  
State  
10  
MacVlanDiscover 100  
MacVlanDiscover 100  
MacVlanDiscover any  
MacVlanDiscover any  
MacVlanDiscover any  
Discover  
Discover  
Discover  
Discover  
Discover  
11  
12  
13  
14  
Total Entries in Database:2  
Mac  
Vlan  
Group  
00:00:00:00:00:aa  
00:00:00:00:00:01  
2 matching entries  
sales  
sales  
100  
any  
The group any is equivalent to the group 0 (zero). Ports that are  
configured as any allow any MAC address to be assigned to a  
VLAN, regardless of group association.  
You can download partial configurations of the MAC-to-VLAN  
database to the switch using the timed download configuration  
feature. See "Timed Configuration Download, MAC-Based  
VLANs" on page 117 for more information.  
MAC-Based VLAN Limitations  
The limitations of MAC-based VLANs are:  
You can download up to  
7,000 MAC addresses to  
the switch when using  
MAC-based VLANs.  
Ports participating in MAC VLANs must first be removed from  
any static VLANs.  
The MAC-to-VLAN mapping can only be associated with  
VLANs that exist on the switch.  
A MAC address cannot be configured to associate with more than  
one VLAN. If this is attempted, the MAC address is associated  
with the most recent VLAN entry in the MAC-to-VLAN  
database.  
The feature is intended to support one client per physical port.  
After a client MAC address has successfully registered, the  
115  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
VLAN association remains until the port connection is dropped or  
the FDB entry ages out.  
MAC-Based VLAN Commands  
Table 7.4 describes MAC-based VLAN commands. For a complete  
list of command options, press the Tab key in the command line  
interface.  
Table 7.4: MAC-Based VLAN Commands  
Command  
Description  
configure mac-vlan add mac-address [any |  
<mac_address>] mac-group [any |  
<group_number>] vlan <name>  
Adds a MAC address to a MAC-based  
VLAN.  
configure mac-vlan delete [mac-address  
<mac_address> | all]  
Removes one or all MAC addresses from a  
MAC-based VLAN.  
disable mac-vlan port <portlist>  
Disables a port from using the MAC-based  
VLAN algorithm.  
enable mac-vlan mac-group [any |  
<group_number>] port <portlist>  
Enables a port to use the MAC-based VLAN  
algorithm.  
show mac-vlan {configuration | database}  
Displays the MAC-based VLAN  
configuration and MAC address database  
content.  
MAC-Based VLAN Example  
In the following example, three VLANs are created, named  
engineering, marketing, and sales:  
A single MAC address is associated with each VLAN.  
The MAC address 00:00:00:00:00:02 has a group number of any  
or 0 (zero) associated with it, allowing it to be inserted into any  
port that is in MacVlanDiscover mode (ports 1-4 in this case).  
116  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
7
Virtual LANs (VLANs)  
The MAC address 00:00:00:00:00:01 has a group number of 10  
associated with it, and can only be assigned to a VLAN if inserted  
into ports 5 or 6.  
The MAC address 00:00:00:00:00:03 has a group number of 200  
associated with it and can only be inserted into ports 9 through 12.  
To create the VLANs use these commands:  
enable mac-vlan mac-group any ports 1-4  
enable mac-vlan mac-group 10 ports 5-6  
enable mac-vlan mac-group 200 ports 9-12  
configure mac-vlan add mac-address  
00:00:00:00:00:01 mac-group 10 engineering  
configure mac-vlan add mac-address  
00:00:00:00:00:02 mac-group any marketing  
configure mac-vlan add mac-address  
00:00:00:00:00:03 mac-group 200 sales  
Timed Configuration Download, MAC-Based  
VLANs  
To allow centralized control of MAC-based VLANs over multiple  
switches, a timed TFTP configuration download allows you to  
download incremental configuration files from a primary or  
secondary server at specified time intervals. The timed downloads  
are configurable in 24-hour intervals. When a switch reboots, the  
configuration is automatically downloaded according to primary  
and secondary server settings.  
To configure the primary and/or secondary server and file name, use  
this command:  
configure download server [primary | secondary]  
<host_name> | <ip_address> <filename>  
To enable timed interval downloads, use this command:  
download configuration every <hour> <min>  
To display timed download information, use this command:  
show switch  
117  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Example  
For MAC-based VLANs, the downloaded file is an ASCII file that  
consists of CLI commands used to configure the most recent MAC-  
to-VLAN database.  
This feature is different from the normal download configuration  
command in that it allows incremental configuration without  
automatically rebooting.  
This example shows an incremental configuration file for MAC-  
based VLAN information that updates the database and saves  
changes:  
configure mac-vlan add mac-address  
00:00:00:00:00:01 mac-group any engineering  
configure mac-vlan add mac-address  
00:00:00:00:ab:02 mac-group any engineering  
configure mac-vlan add mac-address  
00:00:00:00:cd:04 mac-group any sales  
configure mac-vlan add mac-address  
00:00:00:00:ab:50 mac-group any sales  
configure mac-vlan add mac-address  
00:00:00:00:cd:60 mac-group any sales  
save  
118  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Forwarding  
8
Database (FDB)  
This chapter describes the contents of the forwarding database (FDB),  
how the FDB works, and how to configure the FDB.  
Overview of the FDB  
The Intel® NetStructure480T routing switch maintains a database of all  
media access control (MAC) addresses received on all of its ports. It uses  
the information in this database to decide whether a frame should be  
forwarded or filtered.  
IP FDB Performance  
The IP FDB handling is enhanced so that only relevant IP FDB entries are  
flushed when entries are modified in the system routing table.  
As a result, you will see a significant performance improvement in  
situations where there are frequent route changes. Performance is  
improved because route changes do not affect traffic that is not relevant  
to the route change.  
The 480T routing switch supports 256K entries in the forwarding  
database. These can be Layer 2 or Layer 3 addresses.  
Up to 256 static MAC entries are supported.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
You can download up to 7,000 MAC addresses to the switch when  
using MAC-based VLANs. You can create up to 3,000 VLANs on  
the switch.  
FDB Contents  
Each FDB entry consists of:  
The MAC address of the device  
An identifier for the port on which it was received  
An identifier for the VLAN to which the device belongs.  
Frames destined for devices that are not in the FDB are flooded to  
all members of the VLAN.  
FDB Entry Types  
There are four types of entries in the FDB:  
Dynamic entries  
Non-aging entries  
Permanent entries  
Blackhole entries  
Dynamic Entries  
Initially, all entries in the database are dynamic.  
Entries in the database are removed (aged-out) if, after a period of  
time (aging time), the device has not transmitted. This prevents the  
database from filling with obsolete entries by deleting the entry  
when a device is removed from the network.  
Dynamic entries are deleted from the database if the 480T routing  
switch is reset or a power off/on cycle occurs.  
For information about  
setting the aging time,  
refer to "Configuring FDB  
Entries" on page 122.  
Non-aging Entries  
If the aging time is set to zero, all aging entries in the database are  
defined as static, non-aging entries. This means that they do not age,  
but they are still deleted if the switch is reset.  
120  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
8
Forwarding Database (FDB)  
Permanent Entries  
All entries entered through the command line interface are stored as  
permanent.Only entries designated as Permanent are retained in the  
database if the switch is reset or a power off/on cycle occurs. A  
permanent entry can either be a unicast or multicast MAC address.  
The switch can support up Once created, permanent entries cannot be updated. For example,  
to 256 permanent MAC  
entries in the forwarding  
database.  
the permanent entry store is not updated when any of the following  
take place:  
A VLAN is deleted.  
A VLANid is changed.  
A port mode is changed (tagged/untagged).  
A port is deleted from a VLAN.  
A port is disabled.  
A port enters a blocking state.  
A port QoS setting is changed.  
A port goes down (link down).  
Blackhole Entries  
A blackhole entry configures the 480T routing switch to discard  
packets with a specified MAC destination address.  
Blackhole entries are useful as a security measure or in special  
circumstances where a specific destination address must be  
discarded.  
Blackhole entries are treated like permanent entries in the event of  
a switch reset or power off/on cycle.  
Blackhole entries are never aged out of the database.  
How FDB Entries Get Added  
Add entries to the FDB in two ways:  
The switch can learn entries by updating its FDB with the source  
MAC address from a packet, the VLAN, and the port identifier  
where the source packet was received.  
121  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
You can enter and update entries using a MIB browser, an SNMP  
Network Manager, or the command line interface (CLI).  
Associating a QoS Profile with an FDB Entry  
The switch applies the  
You can associate a QoS profile with a MAC address (and VLAN)  
QoS profile as soon as the of a device that is dynamically learned. The FDB treats the entry  
FDB entry is learned.  
like a dynamic entry (it is learned, it can be aged out of the database,  
and so on).  
Configuring FDB Entries  
To configure entries in the FDB, use the commands listed in  
Table 8.1. For further command options, press the Tab key in the  
command line interface.  
Table 8.1: FDB Configuration Commands  
Command  
Description  
create fdbentry <mac_address> vlan  
<name> [blackhole | ports [<portlist> |  
all] | dynamic] {qosprofile <qosprofile>}  
Creates an FDB entry. Specify:  
mac_addressDevice MAC address, using  
bytes separated by colons.  
nameVLAN associated with MAC address.  
blackholeConfigures the MAC address as a  
blackhole entry.  
portlistPort numbers associated with  
MAC address.  
dynamicSpecifies that the entry is learned  
dynamically. Used to associate a QoS profile  
with a dynamically learned entry.  
qosprofileQoS profile associated with  
MAC address.  
If more than one port number is associated with a  
permanent MAC entry, packets are multicast to the  
multiple destinations.  
122  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
8
Forwarding Database (FDB)  
Table 8.1: FDB Configuration Commands (continued)  
Command  
Description  
configure fdb agingtime <number>  
Configures the FDB aging time (in seconds). The  
range is 15 through 1,000,000. The default value  
is 300. A value of 0 indicates that the entry is  
never aged out.  
disable learning port <portlist>  
Disables MAC-address learning on one or more  
ports for security purposes. Once disabled, only  
broadcast traffic, EDP traffic, and packets destined  
for a permanent MAC address that matches the  
port number, are forwarded to the port. The  
default setting is enabled.  
enable learning port <portlist>  
Enables MAC-address learning on one or more  
ports.  
FDB CONFIGURATION EXAMPLES  
This example adds a permanent entry to the FDB:  
create fdbentry 00:A0:C9:12:34:56 vlan marketing  
port 4  
The permanent entry has these characteristics:  
MAC address is 00:A0:C9:12:34:56.  
VLAN name is marketing.  
Port number for this device is 4.  
This example associates the QoS profile qp2 with a dynamic entry  
that is learned by the FDB:  
If you assign a MAC  
address to a port that is  
not part of a VLAN, that  
port will be configured as  
a black hole.  
create fdbentry 00:A0:C9:12:34:56 vlan net34  
dynamic qosprofile qp2  
This entry has these characteristics:  
MAC address is 00:A0:C9:12:34:56.  
VLAN name is net34.  
The entry is learned dynamically.  
QoS profile qp2 is applied when the entry is learned.  
123  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Displaying FDB Entries  
To display FDB entries, use the command:  
Show fdb {<mac_address> | vlan <name> | ports  
<portlist> | permanent}  
where the following is true:  
mac_addressDisplays the entry for a particular MAC address.  
vlan <name>Displays the entries for a VLAN.  
portlistDisplays the entries for a port.  
permanentDisplays all permanent entries.  
With no options, the command displays all FDB entries.  
Removing FDB Entries  
You can remove one or more specific entries from the FDB, or you  
can clear the entire FDB of all entries by using the commands listed  
in Table 8.2. For further command options, press the Tab key in the  
command line interface.  
Table 8.2: Removing FDB Entry Commands  
Command  
Description  
clear fdb {<mac_address> | vlan <name> | ports  
<portlist>}  
Clears dynamic FDB entries that match  
the filter. When no options are specified,  
the command clears all FDB entries.  
delete fdbentry <mac_address> vlan <name>  
Deletes a permanent FDB entry.  
124  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Spanning Tree  
Protocol (STP)  
9
Using the Spanning Tree Protocol (STP) functionality of the Intel®  
NetStructure480T routing switch makes your network more fault  
tolerant.  
STP is a part of the 802.1D bridge specification defined by the IEEE  
(Institute of Electrical and Electronics Engineers), a standard-setting  
body. To explain STP in terms used by the 802.1D specification, the  
switch is referred to as a bridge.  
Overview of Spanning Tree Protocol  
STP is a bridge-based mechanism for providing fault tolerance on  
networks. STP allows you to implement parallel paths for network traffic,  
and ensure that the redundant paths are:  
Disabled when the main paths are operational.  
Enabled when the main path fails.  
Spanning Tree Domains  
You can partition the switch into multiple virtual bridges. Each virtual  
bridge can run an independent Spanning Tree instance. Each Spanning  
Tree instance is called a Spanning Tree Protocol Domain (STPD). Each  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
STPD has its own Root Bridge and active path. After the STPD is  
created, you can assign one or more VLANs to it.  
A port can belong to only one STPD. If a port is a member of  
multiple VLANs, then all those VLANs must belong to the same  
STPD.  
Remember these key points when configuring VLANs and STP:  
Each VLAN forms an independent broadcast domain.  
STP blocks paths to create a loop-free environment.  
When STP blocks a path, no data can be transmitted or received  
on the blocked port.  
Within any given STPD, all member VLANs use the same  
spanning tree.  
Be sure that multiple STPD instances within a single switch do not  
see each other in the same broadcast domain. This could happen if,  
for example, another external bridge is used to connect VLANs  
belonging to separate STPDs.  
If you delete an STPD, the VLANs that were members of that STPD  
are also deleted. You must remove all VLANs associated with the  
STP before deleting the STPD.  
In order for the switch to pass bridge protocol data units (BPDUs),  
with spanning tree disabled, a protocol filter of any must be  
associated with a VLAN on a port connected to the spanning tree  
domain. Otherwise when STP is off, BPDUs will not be flooded to  
adjacent bridges.  
STP Configurations  
When you assign VLANs to an STPD, pay careful attention to the  
STP configuration and its effect on the forwarding of VLAN traffic.  
Figure 9.1 illustrates a  
network that uses VLAN  
tagging for trunk  
Five VLANs have been defined:  
Sales is defined on Switch A, Switch B, and Switch M.  
Personnel is defined on Switch A, Switch B, and Switch M.  
Manufacturing is defined on Switch Y, Switch Z, and Switch M.  
Engineering is defined on Switch Y, Switch Z, and Switch M.  
connections.  
126  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
9
Spanning Tree Protocol (STP)  
Marketing is defined on all switches (Switch A, Switch B,  
Switch Y, Switch Z, and Switch M).  
Two STPDs are defined:  
STPD1 contains VLANs Sales and Personnel.  
STPD2 contains VLANs Manufacturing and Engineering.  
The VLAN Marketing is a member of the default STPD, but not  
assigned to either STPD1 or STPD2.  
Sales, Personnel, Marketing  
Switch A  
Manufacturing, Engineering, Marketing  
®
®
Switch Y  
®
®
Switch B  
Switch Z  
STPD 2  
STPD 1  
Switch M  
Sales, Personnel, Manufacturing, Engineering, Marketing  
480t_010  
Figure 9.1: Multiple Spanning Tree Domains - VLAN tagging  
for trunk connections  
When the switches in this configuration start, STP configures each  
STPD such that there are no active loops in the topology. STP can  
configure the topology in several ways to make it loop-free.  
In Figure 9.1, the connection between Switch A and Switch B is put  
into blocking state, and the connection between Switch Y and  
Switch Z is put into blocking state. After STP converges, all the  
VLANs can communicate, and all bridging loops are prevented.  
The VLAN Marketing, which was not assigned to either STPD1 or  
STPD2, communicates using all five switches. The topology has no  
loops, because STP has already blocked the port connection  
between Switches A and B, and between Switches Y and Z.  
127  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Be careful when configuring your VLANs within a single STPD.  
Figure 9.2 illustrates an incorrect network configuration using a  
single STPD.  
The STP configuration disables the ability of the switches to  
forward VLAN traffic.  
Marketing & Sales  
Marketing, Sales & Engineering  
®
®
Switch 1  
Switch 3  
Switch 2  
®
Sales & Engineering  
480t_011  
Figure 9.2: Tag-based STP configuration -Incorrect  
The tag-based network in Figure 9.2 has this configuration:  
Switch 1 contains VLAN Marketing and VLAN Sales.  
Switch 2 contains VLAN Engineering and VLAN Sales.  
Switch 3 contains VLAN Marketing, VLAN Engineering, and  
VLAN Sales.  
The tagged trunk connections for three switches form a triangular  
loop that is not permitted in an STP topology.  
All VLANs in each switch are members of the same STPD.  
STP may block traffic between Switch 1 and Switch 3 by disabling  
the trunk ports for that connection on each switch.  
Switch 2 has no ports assigned to VLAN marketing. Therefore, if  
the trunk for VLAN marketing on Switches 1 and 3 is blocked, the  
traffic for VLAN marketing will not be able to traverse the  
switches.  
128  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
9
Spanning Tree Protocol (STP)  
Configuring STP  
We recommend that you do not configure STP parameters unless  
you have considerable knowledge and experience with STP. The  
default STP parameters are adequate for most networks.  
To configure STP:  
STPD, VLAN, and QoS  
profile names must be  
unique. For example, a  
name used to identify a  
VLAN cannot be used for  
an STPD or a QoS profile.  
1. Create one or more STP domains using this command:  
create stpd <stpd_name>  
2. Add one or more VLANs to the STPD using this command:  
configure stpd <stpd_name> add vlan <name>  
3. Enable STP for one or more STP domains using this command:  
enable stpd {<stpd_name>}  
All VLANs belong to an STPD. If you do not want to run STP on a  
VLAN, you must add the VLAN to an STPD that is disabled.  
After you create the STPD, you can optionally configure STP  
parameters for the STPD.  
You can configure these parameters on each STPD:  
Hello time (default value 2 seconds)  
Forward delay (default value 15 seconds)  
Max age (default value 20 seconds)  
Bridge priority (default value 32768)  
You can configure these parameters on each port:  
Path cost  
Port priority  
The device supports the RFC 1493 Bridge MIB. You can only  
access the parameters of the s0 default STPD through this MIB.  
Table 9.3 lists the commands used to configure STP. Press the Tab  
key in the command line interface for further command options.  
129  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 9.3: STP Configuration Commands  
Command  
Description  
configure stpd <stpd_name> add vlan  
<name>  
Adds a VLAN to the STPD.  
configure stpd <stpd_name> forwarddelay  
<value>  
Specifies the time (in seconds) that the ports in  
this STPD spend in the listening and learning  
states when the switch is the root bridge.  
The range is 4 through 30. Default setting is 15.  
configure stpd <stpd_name> hellotime  
<value>  
Specifies the time delay (in seconds) between  
the transmission of BPDUs from this STPD  
when it is the root bridge.  
The range is 1 through 10. Default setting is 2.  
configure stpd <stpd_name> maxage  
<value>  
Specifies maximum age of BPDU in this STPD.  
The range is 6 through 40. Default setting is 20.  
Note that the time must be greater than, or equal  
to 2 x (Hello Time + 1) and less than, or equal  
to 2 x (Forward Delay 1).  
configure stpd <stpd_name> port cost  
<value> <portlist>  
Specifies the path cost of the port in this STPD.  
The range is 1 through 65,535. The switch  
automatically assigns a default path cost based  
on the speed of the port, as follows:  
For a 100-Mbps port, the default cost is 19.  
For a 1000-Mbps port, the default cost is 4.  
configure stpd <stpd_name> port priority  
<value> <portlist>  
Specifies the priority of the port in this STPD.  
By changing the port priority, you can make it  
more or less likely to become the Root Port.  
The range is 0 through 31. Default setting is 16.  
A setting of 0 indicates the lowest priority.  
configure stpd <stpd_name> priority  
<value>  
Specifies the priority of the STPD. By changing  
the priority, you can make it more or less likely  
to become the root bridge.  
The range is 0 through 65,535.  
The default setting is 32,768.  
A setting of 0 indicates the highest priority.  
130  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
9
Spanning Tree Protocol (STP)  
Table 9.3: STP Configuration Commands (continued)  
Command  
Description  
create stpd <stpd_name>  
Creates an STPD. When created, an STPD has  
these default parameters:  
Bridge priority32,768  
Hello time2 seconds  
Forward delay15 seconds  
enable ignore-stp vlan <name>  
Configures the switch to ignore the STP  
protocol, and not block traffic for the VLAN(s).  
This command is useful when multiple VLANs  
share the same physical ports, but only some of  
the VLANs require STP protection. The default  
setting is disabled.  
enable stpd {<stpd_name>}  
Enables the STP protocol for one or all STPDs.  
The default setting is disabled.  
enable stpd <stpd_name> port {<portlist>}  
Enables the STP protocol on one or more ports.  
If STPD is enabled for a port, Bridge Protocol  
Data Units (BPDUs) are generated on that port  
(if STP is enabled for the associated STPD).  
The default setting is enabled.  
enable ignore-bpdu vlan <vlan-name>  
Configures the switch to ignore the BPDU  
protocol on a VLAN.  
131  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
STP Configuration Example  
This example creates and enables an STPD named Backbone_st. It  
assigns the Manufacturing VLAN to the STPD. It disables STP on  
ports 1 through 7, and port 12.  
create stpd backbone_st  
configure stpd backbone_st add vlan manufacturing  
enable stpd backbone_st  
disable stpd backbone_st port 1-7,12  
Displaying STP Settings  
To display STP settings, use this command:  
show stpd {<stpd_name>}  
This command displays:  
STPD name  
Bridge ID  
STPD configuration information  
To display the STP state of a port, use this command:  
show stpd <stpd_name> port <portlist>  
This command displays:  
STPD port configuration  
STPD state (Root Bridge, and so on)  
STPD port state (forwarding, blocking, and so on)  
132  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
9
Spanning Tree Protocol (STP)  
Disabling and Resetting STP  
To disable STP or return STP settings to their defaults, use the  
commands listed in Table 9.4. For further command options, press  
the Tab key in the command line interface.  
Table 9.4: STP Disable and Reset Commands  
Command  
Description  
delete stpd <stpd_name>  
Removes an STPD. An STPD can only be removed  
if all VLANs were deleted from it. The default  
STPD, s0, cannot be deleted.  
disable ignore-stp vlan <name>  
disable stpd [<stpd_name> | all]  
Allows a VLAN to use STP port information.  
Disables the STP mechanism on a particular STPD  
or for all STPDs.  
disable ignore-bpdu vlan <vlan-name>  
disable stpd port <portlist>  
Disables the ignoring of Bridge Protocol Data Units  
(BPDUs) on a VLAN.  
Disables STP on one or more ports. Disabling STP  
on one or more ports puts those ports in forwarding  
state; all BPDUs received on those ports are  
disregarded.  
unconfigure stpd {<stpd_name>}  
Restores default STP values to a particular STPD or  
to all STPDs.  
133  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
134  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Quality of Service  
(QoS)  
10  
This chapter describes the concept of Quality of Service (QoS) and  
explains how to configure QoS on the Intel® NetStructure480T routing  
switch.  
Overview of Policy-Based Quality of  
Service  
Policy-based QoS allows you to assign specific levels of service to  
different traffic types traversing the switch. Policy-based QoS is an  
effective control mechanism for networks that have heterogeneous traffic  
patterns.  
Using Policy-based QoS,  
you can specify the  
service level for a  
Policy-based QoS allows you to protect bandwidth for important  
categories of applications or specifically limit the bandwidth associated  
with less critical traffic.  
particular traffic type.  
For example, if voice-over IP traffic requires a reserved amount of  
bandwidth to function properly, using policy-based QoS, you can reserve  
sufficient bandwidth to preserve latency characteristics critical to this type  
of application. Less critical applications can also be limited to preserve  
bandwidth.  
The switch contains separate hardware queues on every physical port.  
Each hardware queue is programmed with bandwidth-management and  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
prioritization parameters. The bandwidth-management and  
prioritization parameters that modify the forwarding behavior of the  
switch affect how the switch transmits traffic for a given hardware  
queue on a physical port.  
The switch tracks and enforces the minimum and maximum  
percentage utilization transmitted on every hardware queue for  
every port.  
Prioritization is utilized when two or more hardware queues on the  
same physical port are contending for transmission, as long as their  
respective bandwidth-management parameters have been satisfied.  
Random Early Detection  
Policy-based QoS can be configured to perform per-port Random  
Early Detection (RED) and drop-probability. Using this capability,  
the switch detects when traffic is filling up in any of the hardware  
queues, and performs a random discard on subsequent packets,  
based on the configured RED drop-probability.  
Instead of dropping sessions during times when the queue depth is  
exceeded, RED causes the switch to lower session throughput. The  
destination node detects the dropped packet, and, using TCP  
windowing mechanisms, slows the transmission from the source  
node. RED drop-probability is configured on a system-wide basis,  
and has a valid range from 0% to 100%.  
Policy-Based Routing and Route Load Sharing  
For information on policy-based routing and route load sharing  
(link aggregation) refer to "Policy-Based Routing and Route Load-  
Sharing" on page 190.  
Performance Impact  
Utilizing any aspect of policy-based Quality of Service has zero  
impact on switch performance. Using even the most complex traffic  
groupings is costless in terms of switch performance.  
136  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 0  
Quality of Service (QoS)  
Applications and Types of QoS  
Applications vary significantly in QoS requirements. These  
applications are ones that you will most commonly encounter and  
need to prioritize:  
Voice applications  
Video applications  
Critical database applications  
Web browsing applications  
File server applications  
General guidelines for each traffic type are given below and  
summarized in Table 10.1 on page 139. These are general  
guidelines and not strict recommendations.  
After the QoS parameters are set, you can monitor the performance  
of the application to determine if the actual behavior of the  
applications matches your expectations. It is important to  
understand the needs and behavior of the particular applications you  
want to protect or limit. Behavioral aspects to consider include:  
Bandwidth needs  
Sensitivity to latency and jitter  
Sensitivity and impact of packet loss  
Voice Applications  
Voice applications typically demand small amounts of bandwidth.  
However, the bandwidth must be constant and predictable because  
these applications are typically sensitive to latency (inter-packet  
delay) and jitter (variation in inter-packet delay).  
The most important QoS parameter to establish for voice  
applications is minimum bandwidth, followed by priority.  
Video Applications  
Video applications are similar in QoS needs to voice applications,  
with the exception that bandwidth requirements are somewhat  
larger, depending on the encoding. It is important to understand the  
behavior of the video application being used.  
137  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
For example, in the playback of stored video streams, some  
applications can transmit large amounts of data for multiple streams  
in one spike, with the expectation that the endstations will buffer  
significant amounts of video-stream data. This can present a  
problem to the network infrastructure, because it must be capable of  
buffering the transmitted spikes where there are speed differences  
(for example, going from Gigabit Ethernet to Fast Ethernet).  
The key QoS parameters for video applications include:  
Minimum bandwidth  
Priority  
Buffering (depending on the behavior of the application)  
Critical Database Applications  
Database applications, such as those associated with ERP  
(enterprise resource planning), typically do not demand significant  
bandwidth and are tolerant of delay. You can establish a minimum  
bandwidth using a priority less than that of delay-sensitive  
applications.  
Web Browsing Applications  
Use full-duplex links when QoS needs for Web-browsing applications cannot be generalized  
deploying policy-based  
into a single category. For example, ERP applications that use a  
QoS. Half-duplex operation browser front-end may be more important than those retrieving  
on links can make delivery daily news information. Traffic groupings can be distinguished  
of guaranteed minimum  
bandwidth impossible.  
from each other by their server source and destinations.  
Most browser-based applications are distinguished by asymmetric  
data flow (small data flows from the browser client, large data flows  
from the server to the browser client). An exception to this can be  
§
created by some Java applications. In addition, Web-based  
applications are generally tolerant of latency, jitter, and some  
packet loss. However small, packet-loss can have a large impact on  
perceived performance due to the nature of TCP.  
The relevant parameter for protecting browser applications is  
minimum bandwidth. The relevant parameter for preventing non-  
critical browser applications from overwhelming the network is  
maximum bandwidth. In addition, RED can be used to reduce  
session loss if the queue that floods Web traffic becomes over-  
subscribed.  
138  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 0  
Quality of Service (QoS)  
File Server Applications  
File serving typically poses the greatest demand on bandwidth,  
although file server applications are tolerant of latency, jitter, and  
some packet loss, depending on the network operating system and  
the use of TCP or UDP.  
Table 10.1: Traffic Type and QoS Guidelines  
Traffic Type  
Key QoS Parameters  
Voice  
Minimum bandwidth, priority  
Video  
Minimum bandwidth, priority, buffering (varies)  
Minimum bandwidth  
Database  
Web browsing  
Minimum bandwidth for critical applications, maximum bandwidth  
for non-critical applications, RED  
File server  
Minimum bandwidth  
Building Blocks  
The service that a particular type of traffic or traffic grouping  
receives is determined by assigning that traffic to a QoS profile. A  
QoS profile is characterized by minimum and maximum bandwidth  
and prioritization settings that define a desired class of service.  
Assigning QoS Attributes  
To assign QoS attributes you must define three interrelated QoS  
building blocks in three steps:  
1. Define a QoS profile.  
QoS profileA class of service that is defined through  
minimum and maximum bandwidth parameters, configuration of  
buffering and RED, and prioritization settings. The bandwidth  
and level of service that a particular type of traffic or traffic  
grouping receives is determined by assigning it to a QoS profile.  
139  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
2. Assign one or more traffic groupings to a QoS profile to create a  
QoS policy.  
Traffic groupingA classification or traffic type that has one  
or more attributes in common. These can range from a physical  
port to a VLAN to IP Layer 4 port information. Traffic  
groupings are assigned to QoS profiles to modify switch  
forwarding behavior. Traffic groupings transmitting out the  
same port that are assigned to a particular QoS profile share the  
assigned bandwidth and prioritization characteristics, and hence  
share the class of service.  
QoS policyThe combination that results from assigning a  
traffic grouping to a QoS profile.  
3. Monitor the performance of the application with the QoS monitor  
to determine whether the policies are meeting the desired results.  
QoS Profiles  
Eight default QoS profiles are provided. The default QoS profiles  
cannot be deleted. QoS profiles are linked to hardware queues.  
There are multiple hardware queues per physical port. The default  
QoS profile names and their queues are described in Table 10.2.  
Table 10.2: Default QoS Profile Names and Queues  
QoS Profile Name  
Hardware Queue  
Qp1  
Qp2  
Qp3  
Qp4  
Qp5  
Qp6  
Qp7  
Qp8  
Q0  
Q1  
Q2  
Q3  
Q4  
Q5  
Q6  
Q7  
Each physical port  
contains all of the  
hardware queues listed in  
Table 10.2.  
The parameters that make up a QoS profile include:  
Minimum bandwidth The minimum percentage of total link  
bandwidth that should be reserved for use by a hardware queue on  
a physical port. Bandwidth unused by that queue may be used by  
140  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 0  
Quality of Service (QoS)  
other queues. The minimum bandwidth for all queues should add  
up to less than 90%. The default value on all minimum bandwidth  
parameters is 0%.  
Maximum bandwidth The maximum percentage of total link  
bandwidth that may be transmitted by a hardware queue on a  
physical port. The default value on all maximum bandwidth  
parameters is 100%.  
Priority The level of priority assigned to a hardware queue on a  
physical port. The switch has eight different available priority  
settings. By default, each of the default QoS profiles is assigned a  
unique priority. Prioritization is used under these circumstances:  
When two or more hardware queues on the same physical  
port are contending for transmission on the same physical  
port, only after their respective bandwidth-management  
parameters have been satisfied. If two hardware queues on  
the same physical port have the same priority, a round-robin  
algorithm is used for transmission.  
When configured to do so, the priority of a QoS profile  
determines the 802.1p bits used in the priority field of a  
transmitted packet.  
See "Configuring DiffServ"  
on page 151  
The priority of a QoS profile determines the DiffServ code  
point value used in an IP packet when the packet is  
transmitted.  
Buffer This parameter reserves buffer memory for use  
exclusively by a QoS profile across all affected ports. The default  
value for buffer settings is 0%. The sumvalue of all QoS profile  
buffer parameters should not exceed 100%. Reserving buffer  
memory for a QoS profile affects the dynamic buffer space  
available to other QoS profiles. You should not modify the buffer  
parameter unless specific situations and application behavior  
indicates this need.  
A QoS profile does not alter the behavior of the switch until it is  
assigned to a traffic grouping. Remember that QoS profiles are  
linked to hardware queues. There are multiple hardware queues per  
physical port. By default, a QoS profile links to the identical  
hardware queue across all the physical ports of the switch.  
The settings for the default QoS profiles are summarized in  
Table 10.3. For further command options, press the Tab key in the  
command line interface.  
141  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 10.3: Default QoS Profiles  
Profile  
Name  
Hardware  
Queue  
Minimum  
Bandwidth  
Maximum  
Bandwidth  
Priority  
Low  
Buffer  
Qp1  
Qp2  
Qp3  
Qp4  
Qp5  
Qp6  
Qp7  
Qp8  
Q0  
Q1  
Q2  
Q3  
Q4  
Q5  
Q6  
Q7  
0
0
0
0
0
0
0
0
0%  
0%  
0%  
0%  
0%  
0%  
0%  
0%  
100%  
100%  
100%  
100%  
100%  
100%  
100%  
100%  
Lowhi  
Normal  
Normalhi  
Medium  
Mediumhi  
High  
Highhi  
Configuring a QoS Profile  
Table 10.4 lists the commands used to configure QoS. For further  
command options, press the Tab key in the command line interface.  
142  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 0  
Quality of Service (QoS)  
Table 10.4: QoS Configuration Commands  
Command  
Description  
configure qosprofile <qosprofile> {minbw  
<percent>} {maxbw <percent>} {priority  
<level>} {<portlist> | maxbuf <percent>  
minbuf <percent> [K | M]}  
Configures a QoS profile. Specify:  
minbwThe minimum buffer percentage  
guaranteed to be available to this queue for  
transmission. The default setting is 0.  
maxbwThe maximum buffer percentage  
this queue is permitted to use for  
transmission. The default setting is 100.  
priorityThe service priority for this  
queue. Settings include low, normal,  
medium, and high. The default setting is  
low. Available only in egress mode.  
maxbufThe maximum buffer for each  
queue, keeps a single queue from using all  
un-allocated buffer space.  
minbufThe minimum buffer for each  
queue.  
K/MSpecifies kilobytes or megabytes  
with respect to buffer size.  
configure ports [all | mgmt | <portnumber>]  
qosprofile <qosprofile>  
Configures one or more ports to use a particular  
QoS profile. Available only in ingress mode.  
configure red drop-probability <percent>  
Configures the Random Early Detect (RED)  
drop-probability. The percentage range is 0 to  
100.  
configure vlan <name> qosprofile  
[<qosprofile> | none]  
Configures a VLAN to use a particular QoS  
profile.  
disable red ports  
Disables RED on one or all ports.  
Enables RED on a port.  
enable red port <portnumber>  
143  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Modifying a QoS Profile  
You can modify the default profiles as desired. To modify the  
parameters of an existing QoS profile, use this command:  
configure qosprofile <qosprofile> {minbw <percent>}  
{maxbw <percent>} {priority <level>} {minbuf  
<percent>} {maxBuf <percent>} [K | M]  
Traffic Groupings and Creating a  
QoS Policy  
Use full-duplex links when After a QoS profile is modified for bandwidth and priority, you  
deploying policy-based  
assign the profile to a particular traffic grouping. A QoS profile is  
QoS. Half-duplex operation assigned to a specific traffic grouping to create a QoS policy. A  
on links can make delivery traffic grouping is a classification of traffic that has one or more  
of guaranteed minimum  
bandwidth impossible.  
attributes in common.  
Traffic groupings can be separated into these categories:  
IP-based information, such as IP source/destination and TCP/  
UDP port information  
Destination MAC (MAC QoS groupings)  
Explicit packet class of service information, such as 802.1p or  
DiffServ (IP TOS)  
Physical/logical configuration (physical source port or VLAN  
association)  
If a given packet matches two or more grouping criteria, there is a  
predetermined precedence for which traffic grouping will apply. In  
general, the more specific traffic grouping takes precedence.  
By default, all traffic groupings are placed in the QoS profile  
Qp1.The supported traffic groupings and their options by QoS  
mode are listed in Table 10.5. The groupings are listed in order of  
precedence (highest to lowest).  
Table 10.5: Traffic Groupings by QoS Mode  
IP Information (Access Lists) Groupings  
Access list precedence determined by user configuration  
IP destination  
144  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 0  
Quality of Service (QoS)  
Table 10.5: Traffic Groupings by QoS Mode (continued)  
IP Information (Access Lists) Groupings  
Destination Address MAC-based Groupings  
Permanent  
Dynamic  
Blackhole  
Broadcast/unknown rate limiting  
Explicit Packet Class of Service Groupings  
DiffServ (IP TOS)  
802.1p  
Physical/Logical Groupings  
Source port  
VLAN  
IP-Based Traffic Groupings  
IP-based traffic groupings are based on any combination of:  
IP source or destination address  
TCP/UDP or other Layer 4 protocol  
TCP/UDP port information  
IP-based traffic groupings are defined using access lists (see chapter  
16). By supplying a named QoS profile at the end of the access list  
command syntax, you can prescribe the bandwidth-management  
and priority handling for that traffic grouping. This level of packet  
filtering has no negative impact on performance.  
MAC-Based Traffic Groupings  
You can assign QoS profiles to destination MAC addresses. MAC-  
based traffic groupings are configured using this command:  
create fdbentry <MAC address> vlan <vlan>  
[blackhole | port <portlist> | dynamic qosprofile  
<qosprofile>]  
145  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
The MAC address options are:  
Permanent  
Dynamic  
Blackhole  
Broadcast/unknown rate limiting  
Permanent MAC Addresses  
Permanent MAC addresses can be assigned a QoS profile whenever  
traffic is destined for the MAC address. You can do this when you  
create a permanent FDB entry. For example:  
create fdbentry 00:11:22:33:44:55 vlan default port  
4 qosprofile qp2  
Dynamic MAC Addresses  
Dynamic MAC addresses can be assigned a QoS profile whenever  
traffic is destined for the MAC address. For any port on which the  
specified MAC address is learned in the specified VLAN, the port  
is assigned the specified QoS profile. For example:  
create fdbentry 00:11:22:33:44:55 vlan default  
dynamic qosprofile qp3  
The QoS profile is assigned when the MAC address is learned.  
When a client location changes, the assigned QoS profile moves  
with the device. If the MAC address entry already exists in the FDB,  
you can clear the forwarding database so that the QoS profile can be  
applied when the entry is added again. The command to clear the  
FDB is:  
clear fdb  
Blackhole MAC Address  
Using the blackholeoption configures the switch to not forward  
any packets to the destination MAC address on any ports for the  
VLAN specified. The blackholeoption is configured using this  
command:  
create fdbentry 00:11:22:33:44:55 vlan default  
blackhole  
146  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 0  
Quality of Service (QoS)  
Broadcast/Unknown Rate Limiting MAC Address  
IP multicast traffic is  
It is possible to assign broadcast and unknown destination packets  
to a QoS profile that has the desired priority and bandwidth  
parameters. Broadcast/unknown rate limiting is an extension of the  
QoS feature used for destination MAC addresses.  
subject to broadcast and  
unknown rate limiting only  
when IGMP snooping is  
disabled. Refer to "IGMP  
Snooping" on page 278.  
For example, if you want to limit broadcast and unknown traffic on  
the VLAN default to the bandwidth and priority defined in QoS  
profile qp3, the command is:  
create fdbentry ff:ff:ff:ff:ff:ff vlan default  
dynamic qp3  
Verifying MAC-Based QoS Settings  
To verify any of the MAC-based QoS settings, use either of these  
two commands:  
show fdb perm  
show qosprofile <qosprofile>  
Explicit Class of Service Traffic Groupings  
(802.1p and DiffServ)  
This category of traffic groupings describes what is sometimes  
referred to as explicit packet marking, and refers to information  
contained within a packet that is intended to explicitly determine a  
class of service. This includes:  
IP Differentiated Services (DiffServ) code points, also known as  
IP TOS bits  
Prioritization bits used in IEEE 802.1p packets  
An advantage of explicit packet marking is that the class of service  
information can be carried throughout the network infrastructure,  
without repeating what may be complex traffic grouping policies at  
each switch location. Another advantage is that endstations can  
perform their own packet marking on an application-specific basis.  
The 480T routing switch can observe and manipulate packet  
marking information with no performance penalty.  
The documented capabilities for 802.1p priority markings or  
DiffServ capabilities are not impacted by the switching or routing  
configuration of the switch. For example, 802.1p information can  
147  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
be preserved across a routed switch boundary and DiffServ code  
points can be observed or overwritten across a Layer 2 switch  
boundary.  
Configuring 802.1p Priority  
The switch supports the standard 802.1p priority bits that are part of  
a tagged Ethernet packet. The 802.1p bits can be used to prioritize  
the packet, and assign it to a particular QoS profile.  
When a packet arrives at the switch, the 802.1p priority field is  
examined, and can be mapped to a specific hardware queue for  
subsequent transmission. The 802.1p priority field is located  
directly following the 802.1Q type field, and preceding the 802.1Q  
VLAN ID, as shown in Figure 10.1.  
802.1Q  
type  
802.1p  
priority  
802.1Q  
VLAN ID  
8100  
Destination  
address  
Source  
address  
IP packet  
CRC  
480t_022  
Figure 10.1: Ethernet packet encapsulation  
Observing 802.1p Information  
When ingress traffic that contains 802.1p prioritization information  
is detected by the switch, the traffic is mapped to various hardware  
queues on the egress port of the switch. The 480T routing switch  
supports eight hardware queues. The hardware queues determine  
the bandwidth-management and priority characteristics used when  
transmitting packets.  
To control the mapping of 802.1p prioritization values to hardware  
queues, 802.1p prioritization values can be mapped to a QoS  
profile. The default mapping of each 802.1p priority value to QoS  
profile is described in Table 10.6.  
148  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 0  
Quality of Service (QoS)  
Table 10.6: 802.1p Priority Value-to-QoS Profile Mapping  
Priority Value  
QoS Profile  
Qp1  
0
1
2
3
4
5
6
7
Qp2  
Qp3  
Qp4  
Qp5  
Qp6  
Qp7  
Qp8  
As described in Table 10.2, by default a QoS profile is mapped to a  
hardware queue, and each QoS profile has configurable bandwidth  
parameters and priority. In this way, an 802.1p priority value  
detected on ingress can be mapped to a particular QoS profile with  
specified bandwidth-management and priority behavior.  
To change the default mappings of QoS profiles to 802.1p priority  
values, use the command:  
configure dot1p ethertype <dot1p_priority>  
Replacing 802.1p Priority Information  
By default, 802.1p priority information is not replaced or  
manipulated, and the information observed on ingress is preserved  
when transmitting the packet. This behavior is not affected by the  
switching or routing configuration of the switch.  
However, the switch is capable of inserting and/or overwriting  
802.1p priority information when it transmits an 802.1Q tagged  
frame. If 802.1p replacement is enabled, the 802.1p priority  
information that is transmitted is determined by the hardware queue  
149  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
that is used when transmitting the packet. To replace 802.1p priority  
information, use the command:  
enable dot1p replacement ports [<portlist> | all]  
802.1p priority information is replaced according to the hardware  
queue that is used when transmitting from the switch. The mapping  
is described in Table 10.7. This mapping cannot be changed.  
Table 10.7: 802.1p Priority Value-to-Hardware Queue  
Mapping  
Hardware Queue  
802.1p Priority Value  
Q0  
Q1  
Q2  
Q3  
Q4  
Q5  
Q6  
Q7  
0
1
2
3
4
5
6
7
802.1p Commands  
Table 10.8 shows the commands used to configure 802.1p priority.  
For further command options, press the Tab key in the command  
line interface.  
Table 10.8: 802.1p Configuration Commands  
Command  
Description  
configure dot1p ethertype <dot1p_priority>  
Configures the default QoS profile to 802.1p  
priority mapping. The value for dot1p_priority  
is an integer between 0 and 7.  
150  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 0  
Quality of Service (QoS)  
Table 10.8: 802.1p Configuration Commands (continued)  
Command  
Description  
disable dot1p replacement ports [<portlist>  
| all]  
Disables the ability to overwrite 802.1p priority  
values for a given set of ports.  
enable dot1p replacement ports [<portlist> |  
all]  
Enables the 802.1p priority field to be  
overwritten on egress according to the QoS  
profile to 802.1p priority mapping for a given  
set of ports.  
show dot1p  
Displays the 802.1p-to-QoS profile mappings.  
Configuring DiffServ  
Contained in the header of every IP packet is a field for IP Type of  
Service (TOS), also referred to as the DiffServ field. The DiffServ  
or TOS field is used by the switch to determine the type of service  
provided to the packet. Figure 10.2 shows the encapsulation of an  
IP packet header.  
0
1
2
3
4
5
6
7
DiffServ code point  
0
bits  
IHL  
Identification  
Time-to-live  
31  
Version  
Type-of-service  
Total length  
Flags Fragment offset  
Header checksum  
Protocol  
Source address  
Destination address  
Options (+ padding)  
Data (variable)  
Figure 10.2: IP packet header encapsulation  
151  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Observing DiffServ Information  
When a packet arrives at the switch on an ingress port, the switch  
examines the first six of eight TOS bits. These bits are called the  
code point.  
The switch can assign the QoS profile used to subsequently transmit  
the packet based on the code point. The QoS profile controls a  
hardware queue used when transmitting the packet out of the  
switch, and determines the forwarding characteristics of a particular  
code point.  
You can enable or disable the observance of DiffServ information.  
By default it is disabled. To enable observance of DiffServ  
information use the command:  
enable diffserv examination ports [<portlist> |  
all]  
Changing DiffServ Code Point Assignments in the  
QoS Profile  
6
Because the code point uses six bits, it has 64 possible values (2 =  
64). By default, the values are grouped and assigned to the default  
QoS profiles listed in Table 10.9.  
Table 10.9: Default Code Point-to-QoS Profile Mapping  
Code Point  
0-7  
QoS Profile  
Qp1  
8-15  
Qp2  
16-23  
24-31  
32-39  
40-47  
48-55  
56-63  
Qp3  
Qp4  
Qp5  
Qp6  
Qp7  
Qp8  
152  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 0  
Quality of Service (QoS)  
You can change the QoS profile assignment for all 64 code points.  
Use this command:  
configure diffserv examination code-point <code-  
point> qosprofile <qosprofile> ports [<portlist>]  
Once assigned, the rest of the switches in the network prioritize the  
packet using the characteristics specified by the QoS profile.  
Replacing DiffServ Code Points  
You can configure the switch to change the DiffServ code point in  
the packet prior to the packet being transmitted by the switch. This  
is accomplished with no impact on switch performance.  
The DiffServ code point value used in overwriting a packet is  
determined by the 802.1p priority value. As described in the section  
Replacing 802.1p Priority Information,the 802.1p priority value  
is, in turn, determined by the hardware queue used when  
transmitting a packet.  
It is not necessary to receive or transmit 802.1Q tagged frames, only  
to understand that the egress hardware queue, which also  
determines the 802.1p priority value, can also be configured to  
determine the DiffServ value if you want to replace the DiffServ  
code points.  
To enable the replacement of DiffServ code points you must enable  
both 802.1p replacement and DiffServ replacement using these  
commands:  
enable dot1p replacement ports [<portlist> | all]  
enable diffserv replacement ports [<portlist> |  
all]  
The default 802.1p priority value to code point mapping is  
described in Table 10.10.  
153  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 10.10: Default 802.1p Priority Value-to-Code Point  
Mapping  
Hardware Queue  
802.1p Priority Value Code Point  
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
0
8
16  
24  
32  
40  
48  
56  
You can change the 802.1p priority to DiffServ code point mapping  
to any code point value using this command:  
configure diffserv replacement priority vpri  
<number> code-point <code-point> ports [<portlist>]  
By doing so, the hardware queue used to transmit a packet  
determines the DiffServ value replaced in the IP packet.  
To verify the DiffServ configuration, use the command:  
show ports <portlist> info {detail}  
154  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 0  
Quality of Service (QoS)  
Table 10.11 describes the commands used to configure DiffServ.  
For further command options, press the Tab key in the command  
line interface.  
Table 10.11: DiffServ Configuration Commands  
Command  
Description  
configure diffserv examination code-point  
<code-point> qosprofile <qosprofile> ports  
[<portlist>]  
Configures the default ingress DiffServ code  
points to QoS profile mapping. The <code-  
point> is a 6-bit value in the IP-TOS byte in  
the IP header. You can specify up to 64 different  
code points for each port.  
configure diffserv replacement priority vpri  
<number> code-point <code-point> ports  
[<portlist>]  
Configures the default egress DiffServ  
replacement mapping.  
disable diffserv examination ports  
[<portlist> | all]  
Disables the examination of the DiffServ field  
in an IP packet.  
disable diffserv replacement ports  
[<portlist> | all]  
Disables the replacement of DiffServ code  
points in packets transmitted by the switch.  
enable diffserv examination ports  
[<portlist> | all]  
Enables the DiffServ field of an ingress IP  
packet to be examined by the switch in order to  
select a QoS profile. The default setting is  
disabled.  
enable diffserv replacement ports  
[<portlist> | all]  
Enables the DiffServ code point to be  
overwritten in packets transmitted by the  
switch. Eight user-defined code points can be  
configured on each port. The 802.1p priority  
bits (3-bits) are used to select one of the eight  
code points. The default setting is disabled.  
unconfigure diffserv examination ports  
[<portlist>]  
Removes the DiffServ examination code point  
from a port.  
unconfigure diffserv replacement ports  
[<portlist>]  
Removes the DiffServ replacement mapping  
from a port.  
155  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
DiffServ Example  
In this example, we use DiffServ to signal a class of service  
throughput and assign any traffic coming from network 10.1.2.x  
with a specific DiffServ code point. This allows all other network  
switches to send and observe the Diffserv code point instead of  
repeating the same QoS policy on every network switch.  
Configure the switch that handles incoming traffic from network  
10.1.2.x as follows:  
1. Configure parameters of the QoS profile Qp3:  
configure qp3 min 10 max 100  
2. Assign a traffic grouping for traffic from network 10.1.2.x to  
Qp3:  
create access-list TenOneTwo  
configure TenOneTwo 10.1.2.0/24 permit qp3  
3. To enable the switch to overwrite the DiffServ code point:  
enable dot1p replacement ports all  
enable diffserv replacement ports all  
4. Configure the switch so that other switches can signal the class of  
service that this switch should observe:  
enable diffserv examination ports all  
Table 10.3 indicates that Qp3 is tied to hardware queue Q2. When  
replacement is enabled all traffic sent out Q2 will contain code point  
value 16 (according to Table 10.10). If this is the desired code point  
to use, all traffic from 10.1.2.x is sent out Qp3 (at 10% minimum  
and 100% maximum) with a code point value of 16.  
Physical and Logical Groupings  
Two traffic groupings exist in this category:  
Source port  
VLAN  
Source Port  
A source port traffic grouping implies that any traffic sourced from  
this physical port uses the indicated QoS profile when the traffic is  
156  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 0  
Quality of Service (QoS)  
transmitted out to any other port. To configure a source port traffic  
grouping, use this command:  
configure ports [all | mgmt | <portnumber>]  
qosprofile <qosprofile>  
In the following example, all traffic sourced from port 7 uses the  
QoS profile named qp3 when being transmitted.  
configure ports 7 qosprofile qp3  
VLAN  
A VLAN traffic grouping indicates that all intra-VLAN switched  
traffic and all routed traffic sourced from the named VLAN uses the  
indicated QoS profile. To configure a VLAN traffic grouping, use  
this command:  
configure vlan <name> qosprofile [<qosprofile> |  
none]  
For example, all devices on VLAN servnet require use of the QoS  
profile qp4. The command to configure this example is:  
configure vlan servnet qosprofile qp4  
Verifying Physical and Logical Groupings  
To verify settings on ports or VLANs, use the command:  
show qosprofile <qosprofile>  
The same information is also available for ports or VLANs using:  
show ports info  
or  
show vlan  
Verifying Configuration and  
Performance  
You can use the information in this section to verify the QoS  
configuration and monitor the use of the QoS policies that are in  
place.  
157  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
QoS Monitor  
The QoS monitor is a utility that monitors the hardware queues  
associated with any port(s). The QoS monitor keeps track of the  
number of frames and the frames per second that a specific queue is  
responsible for transmitting on a physical port. Two options are  
available: a real-time display, and a separate option for retrieving  
information in the background and writing it to the log.  
Table 10.12 describes the QoS monitor commands. For further  
command options, press the Tab key in the command line interface.  
Table 10.12: QoS Monitor Commands  
Command  
Description  
disable qosmonitor  
Disables the QoS monitoring capability.  
enable qosmonitor port [<port> | mgmt]  
Enables the QoS monitoring capability on  
the switch. When no port is specified, the  
QoS monitor automatically samples all  
the ports. Error messages are logged to  
the syslog if the traffic exceeds the  
parameters of the QoS profile(s). The  
default setting is disabled.  
show ports {<portlist>} qosmonitor  
Displays real-time QoS statistics for one  
or more ports.  
Real-Time Performance Monitoring  
The real-time display scrolls through the given portlist to provide  
statistics. Screens for packet count and packets per second can be  
chosen. The particular port being monitored at that time is indicated  
by an asterisk (*) appearing after the port number in the display.  
The command for real-time viewing is:  
show ports {<portlist>} qosmonitor  
QoS monitor sampling is configured as follows:  
The port is monitored for 20 seconds before the switch moves to  
the next port in the list.  
158  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 0  
Quality of Service (QoS)  
A port is sampled for five seconds before the packets per second  
(pps) value is displayed on the screen.  
Background Performance Monitoring  
Monitoring QoS in the background places the transmit counter and  
any overflow information into the switch log. The log notification  
appears if one of the queues experiences an overflow condition  
since the last time it was sampled.  
An overflow entry indicates that a queue was over-subscribed at  
least temporarily, and is useful for determining correct QoS settings  
and potential over-subscription issues.  
Displaying QoS Information  
The QoS monitor can also be used to verify the QoS configuration  
and monitor the use of the QoS policies that are in place. To display  
QoS information on the switch, use this command:  
show qosprofile <qosprofile>  
Displayed information includes:  
QoS profile name  
Minimum bandwidth  
Maximum bandwidth  
Priority  
A list of all traffic groups to which the QoS profile is applied  
Additionally, you can display QoS information from the traffic  
grouping perspective by using one or more of these applicable  
commands:  
To display destination MAC entries and their QoS profiles.  
show fdb permanent  
To display general switch information :  
show switch  
To display the QoS profile assignments to the VLAN.  
show vlan  
159  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
To display information including QoS information for the port.  
show ports info {detail}  
Modifying a QoS Policy  
If you change the parameters of a QoS profile after a QoS policy  
was created (by applying a QoS profile to a traffic grouping), the  
timing of the configuration change depends on the traffic grouping  
involved. To have a change in QoS profile affect a change in the  
QoS policy, these rules apply:  
For destination MAC-based grouping (other than permanent),  
clear the MAC FDB using the command clear fdb. This  
command should also be issued after a policy is first formed, as  
the policy must be in place before an entry is made in the MAC  
FDB. For permanent destination MAC-based grouping, re-apply  
the QoS profile to the static FDB entry, as documented. You can  
also save and reboot the switch.  
For physical and logical groupings of a source port or VLAN, re-  
apply the QoS profile to the source port or VLAN, as  
documented. You can also save and reboot the switch.  
QoS Profile Buffer  
Although the QoS profile buffer can be set to a value greater than  
100, the maximum effective setting is 100%.  
Maximum QoS Buffer  
The maxbufparameter allows you to set a maximum buffer for each  
queue, so that a single queue will not consume all of the un-  
allocated buffer space.  
The maxbufvalues can be set in kilobit or megabit increments. The  
minimum value is zero K and the maximum is 16,384K. The default  
value is zero K. Unless you have explicit reasons, do not modify  
these parameters. Only unique situations require any non-default  
configurations of QoS.  
160  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 0  
Quality of Service (QoS)  
To set the maxbufvalue on a queue, use this command:  
configure qosprofile <qos profile> minbw <percent>  
maxbw <percent> priority <priority> maxbuf <number>  
To view the maxbufconfiguration, use this command:  
show qosprofile  
Bandwidth Settings and Their Impact  
Bandwidth settings applied to QoS profiles used for ingress or  
egress traffic are expressed as a percentage of bandwidth. QoS  
profile bandwidth settings are in turn applied to queues on physical  
ports. The actual impact of the bandwidth setting is determined by  
the port speed (100 or 1000 Mbps) and by the actual granularity  
capabilities of the switch.  
Maximum bandwidth settings  
The maximum bandwidth percentage settings determine the port  
bandwidth available to each queue. Use Table 10.13 to determine  
the actual maximum bandwidth associated with each setting. If the  
maximum percentage bandwidth configured does not match one of  
the settings listed below, it is rounded up to the next setting.  
Table 10.13: QoS Maximum Bandwidth Settings  
Maximum  
Bandwidth  
Setting (%)  
Maximum  
Bandwidth  
@ 100Mbps  
Maximum  
Bandwidth  
@ 1000 Mbps  
2%  
3%  
5%  
7%  
8%  
2 Mbps  
20 Mbps  
30 Mbps  
50 Mbps  
69 Mbps  
79 Mbps  
3.1 Mbps  
4.9 Mbps  
6.9 Mbps  
7.9 Mbps  
161  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 10.13: QoS Maximum Bandwidth Settings  
Maximum  
Bandwidth  
Setting (%)  
Maximum  
Bandwidth  
@ 100Mbps  
Maximum  
Bandwidth  
@ 1000 Mbps  
10%  
11%  
15%  
20%  
25%  
30%  
35%  
40%  
9.6 Mbps  
11.2 Mbps  
15 Mbps  
19 Mbps  
25 Mbps  
33Mbps  
96 Mbps  
112 Mbps  
150 Mbps  
190 Mbps  
250 Mbps  
330 Mbps  
350 Mbps  
420 Mbps  
35 Mbps  
42 Mbps  
Minimum bandwidth settings  
The minimum bandwidth settings determine the reserved port  
bandwidth available to each queue. Table 10.14 shows actual  
reserved bandwidth for each setting. If the reserved percentage  
configured does not match the settings below, it is rounded up. If the  
actual bandwidth used is below the minimum bandwidth within a  
queue, other queues on that physical port can use it.  
Table 10.14: QoS Profile Minimum Bandwidth  
Minimum  
Bandwidth  
Setting (%)  
Minimum  
Bandwidth@  
100 Mbps  
Minimum  
Bandwidth  
@ 1000 Mbps  
4%  
6%  
4.2 Mbps  
5.7 Mbps  
42 Mbps  
57 Mbps  
162  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 0  
Quality of Service (QoS)  
Table 10.14: QoS Profile Minimum Bandwidth  
Minimum  
Bandwidth  
Setting (%)  
Minimum  
Bandwidth@  
100 Mbps  
Minimum  
Bandwidth  
@ 1000 Mbps  
8%  
7.5 Mbps  
9.3 Mbps  
10 Mbps  
18.7 Mbps  
26.3 Mbps  
34 Mbps  
49 Mbps  
63 Mbps  
79 Mbps  
94 Mbps  
75 Mbps  
9%  
93 Mbps  
10%  
20%  
25%  
35%  
50%  
60%  
80%  
89%  
100 Mbps  
187 Mbps  
263 Mbps  
340 Mbps  
490 Mbps  
630 Mbps  
790 Mbps  
940 Mbps  
The sum of the minimum bandwidth values for the applied QoS  
profiles should be kept to less than 90% of available bandwidth.  
If the minimum bandwidth settings exceed 90% it is possible, under  
a sustained situation of over-subscription, that a lower priority  
queue could become starvedand not transmit traffic.  
Bi-directional Rate Shaping for  
Layer 3 Routed VLANs  
Bi-directional rate shaping allows you to perform bandwidth-  
management for Layer 2 and Layer 3 traffic flowing both to and  
from the switch.  
163  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
You can utilize up to eight ingress rate-shaping queues per VLAN  
and eight egress rate-shaping queues per physical port. By defining  
a QoS profiles minimum and maximum bandwidth corresponding  
to the physical queue and port, you define committed information  
rates for each queue and port. Different bandwidth rates can be  
applied to ingress vs. egress traffic.  
You can then create traffic groupings (e.g. physical port, VLAN, 1p,  
DiffServ, IP address, Layer 4 flow) for the eight pre-defined QoS  
profiles, thereby directing specific types of traffic to the desired  
queue. The traffic groupings used are not dependent on whether the  
traffic is switched or routed.  
When you configure switch The switch returns error messages on MAC-block conflicts when  
ports in L2 mode, MAC-  
block conflicts will not  
return error messages if  
L3 mode is later enabled.  
you add rate-shaped ports to VLANs.  
MAC-block restrictions do not exist when using the switch as Layer  
2 only.  
Configuring Bi-Directional Rate Shaping  
For bi-directional rate shaping to work, each VLAN requires a  
loopback port. This operates by directing all traffic from rate-  
shaped ports through the loopback port for that VLAN. To rate-  
shape ingress traffic, configure QoS normally on the loopback port  
for the VLAN.  
The maximum bandwidth and traffic grouping defined in the QoS  
profile for the loopback port sets the rate limit for ingress traffic on  
rate-shaped ports in that VLAN.  
Use these guidelines for bi-directional ingress rate shaping:  
You must configure a loopback port before adding rate-shaped  
ports to the VLAN.  
A loopback port cannot be used by an external device.  
A loopback port cannot be  
used by an external  
device.  
A loopback port must have a unique loopback VLAN tag ID.  
Ingress traffic on a port that is configured to use the loopback port  
is rate-shaped.  
Ingress traffic on a port that is not configured to use the loopback  
port will not be rate-shaped.  
164  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 0  
Quality of Service (QoS)  
Unicast traffic from a non-rate-shaped port to a rate-shaped port  
within the VLAN will not be rate-shaped.  
The aggregate forwarding bandwidth of all rate-shaped ports in a  
VLAN is determined by the traffic groupings and bandwidth  
settings for the QoS profiles of the loopback port.  
For egress rate shaping, simply set the maximum bandwidth of the  
QoS profile on the egress port.  
Bi-Directional Rate Shaping Limitations  
Consider these limitations when configuring bi-directional rate  
shaping:  
When configuring VLAN memberships, delete all rate-shaped  
ports before deleting the loopback port.  
If rate-shaped ports within a VLAN use different bandwidth  
parameters, set the priority of the QoS profiles on the loopback  
port and rate-shaped ports to low.  
Layer 2 switched rate-shaping only affects a single VLAN.  
IP forwarding must be enabled on the VLAN prior to adding the  
loopback port to a VLAN for L2 rate shaping.  
Ports that are tagged cannot be used for rate shaping.  
If you have IP routing enabled and you do add a rate-shaped port to  
a VLAN, and the rate-shaped port is in the same port block as  
loopback or normal ports, the switch will return one of these error  
messages:  
ERROR: Rate shaped port cant be in the same block  
as loopback port  
ERROR: Normal port (port #) cannot share the block  
with rate shaped port  
Bi-Directional Rate Shaping Commands  
To add the loopback port to the VLAN, use the command:  
configure vlan <vlan name> add port <port> loopback-  
vid <vlan_tag>  
To enable the loopback port, use the following command:  
restart port <loopback_port>  
165  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
To add rate-shaped ports to the VLAN, use the following command:  
configure vlan <vlan name> add port <portlist>  
{tagged | untagged} {nobroadcast} soft-rate-limit  
To delete rate-shaped ports from the VLAN, use the command:  
configure vlan <vlan name> delete port <portlist>  
To configure the rate-shaping parameters of the loopback port, use  
the normal QoS profile configuration command, as follows:  
configure qosprofile <qosprofile> {minbw <pcnt>}  
{maxbw <pcnt>} priority <level> {buffer <pcnt>}  
{<portlist>} <loopback port number>  
To display the bi-directional rate shaping configuration, use the  
command:  
show vlan {<vlan name> | detail}  
This command designates rate-shaped ports with an R and loopback  
ports with an L next to the port number.  
To set the port speed of a loopback port, use the normal port  
configuration command, as follows:  
configure ports <portlist> auto off {speed [ 100 |  
1000]} duplex [half | full]  
166  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Enterprise Standby  
Router Protocol  
(ESRP)  
11  
Overview  
We recommend that all  
switches using ESRP use  
the same version of  
firmware for  
Enterprise Standby Router Protocol (ESRP) allows multiple switches to  
provide redundant routing services to users. From the workstations  
perspective, there is only one default router that has one IP address and  
one MAC address, so ARP cache entries in client workstations do not  
need to be refreshed or aged-out.  
interoperability. See  
"Software Upgrade and  
Boot Options" on page  
419.  
Along with providing Layer 3 routing redundancy for IP and IPX§, ESRP  
also provides for Layer 2 redundancy. You can use these layered  
redundancy features in combination or independently. You do not have to  
®
configure the Intel NetStructure480T routing switch for routing to  
make valuable use of ESRP.  
The Layer 2 redundancy features of ESRP offer fast failure recovery  
(usually four to nine seconds) and provide for multi-homed system  
design. In some instances, depending on network system design, ESRP  
can provide better resiliency than using the Spanning Tree Protocol  
(STP).  
For more information on  
STP, see Chapter 9,  
"Spanning Tree Protocol  
(STP)" on page 125.  
You can use ESRP instead of STP, but not concurrently with it. You can  
enable STP on other switches for the VLAN, but the switch configured for  
ESRP cannot participate in STP for the configured VLAN.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
ESRP-Aware Switches  
480T routing switches that are not running ESRP, but are connected  
on a network with other 480T routing switches running ESRP, are  
ESRP-aware.  
When ESRP-aware switches are attached to ESRP-enabled  
switches, the ESRP-aware switches reliably perform failover and  
failback scenarios in the prescribed recovery times. It isnt  
necessary to configure this feature.  
When 480T routing switches running ESRP are connected to other  
types of Layer 2 switches, the failover times for traffic local to the  
segment may be longer, depending on the application involved and  
the Forwarding Database (FDB) timer used by the other vendors  
Layer 2 switch. As such, you can use ESRP with Layer 2 switches  
from other vendors, although recovery times vary.  
The VLANs associated with the ports connecting an ESRP-aware  
switch to an ESRP-enabled switch must be configured using an  
802.1Q tag on the connecting port or, whenever only a single  
VLAN is involved, as untagged using the protocol filter any.  
ESRP Basics  
Enterprise Standby Router Protocol (ESRP) is configured on a per-  
VLAN basis on each switch. A maximum of four switches can  
participate in providing redundant Layer 3 or Layer 2 services to a  
single VLAN. A maximum of 64 VLANs can run ESRP  
simultaneously on a single switch.  
The switches exchange keep-alive packets for each VLAN  
independently. Only one switch can actively provide Layer 3  
routing and/or Layer 2 switching for each VLAN. The switch  
performing the forwarding for a particular VLAN is considered the  
master for that VLAN. Other participating switches for the VLAN  
are in standby mode.  
For a VLAN with ESRP enabled, each participating switch uses the  
same MAC address and must be configured with the same IP  
address or IPX NetID. It is possible for one switch to be master for  
one or more VLANs while being in standby for others, thus  
allowing the load to be split across participating switches.  
168  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 1  
Enterprise Standby Router Protocol (ESRP)  
Multiple ESRP VLANs  
If multiple ESRP VLANs share a host port, each VLAN must be in  
an ESRP group.  
Mixing Clients and Routers on ESRP VLANs  
ESRP should not be enabled on a VLAN that is also expected to  
exchange routes with other non-ESRP routers (such as routers using  
RIP or OSPF). ESRP is intended and designed as a Layer 2 or Layer  
3 redundancy method for clients with a single default route. ESRPs  
fail-over operation may interfere with normal routing protocol  
communication if an ESRP-enabled VLAN contains other routers  
not using ESRP.  
Ensure that EDP is Enabled  
The Enterprise Discovery Protocol (EDP) must be enabled on the  
ports involved with ESRP in order to function correctly. By default  
EDP is enabled on all ports. To verify this, use the command:  
show port <portlist> info  
To enable EDP on a port, use the command:  
enable edp ports <portlist>  
ESRP and Host Attached Ports  
Any ESRP VLANs that share ESRP host-attached ports must be in  
different ESRP groups.  
Open Shortest Path First and ESRP  
For more information on  
configuring OSPF, refer to  
Chapter 13,"RIP and  
If you configure Open Shortest Path First (OSPF) and ESRP, you  
must manually configure an OSPF router identifier (ID). Be sure  
that you configure a unique OSPF router ID on each switch running  
ESRP.  
OSPF" on page 223.  
To have two or more switches participate in ESRP, these conditions  
must be met:  
To make each VLAN redundant, the switches must be able to  
exchange packets on the same Layer 2 broadcast domain for that  
VLAN. You can use multiple paths of exchange.  
169  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
For a VLAN to be recognized as participating in ESRP, the  
assigned IP address or the IPX NetID for the separate switches  
must be identical. Other aspects of the VLAN, including its  
name, are ignored.  
ESRP must be enabled on the desired VLANs for each switch.  
ESRP cannot be enabled  
on the VLAN default.  
Enterprise Discovery Protocol (EDP) must be enabled on the  
ports that are members of the ESRP VLANs (the default setting is  
enabled).  
To verify EDP status, use this command:  
show ports <portlist> info {detail}  
Determining the ESRP Master  
The ESRP master switch (providing Layer 3 routing and/or Layer 2  
switching services for a VLAN) is determined by these factors:  
Active portsThe switch with the greatest number of active  
ports takes highest precedence. A load-sharing port group is  
considered a single port.  
Tracking informationIn a typical Layer 3 router redundancy  
configuration (which has the ESRP switches routing to a cloud or  
routed backbone) you can use the VLAN that links the switch to  
the routed backbone as part of the criteria for determining the  
master/slave failover.  
Three types of tracking are supported for determining whether  
the switch performing the master ESRP function has  
connectivity to the outside world.  
VLAN The number of active ports in a tracked VLAN.  
IP route The number of available IP learned routes.  
Ping Tracks ICMP ping connectivity to specified devices.  
Other factors being equal, whenever one or more links to the  
routed backbone fails for the master, ESRP fails-over to the  
switch that has the most active ports associated with the routed  
backbone. If there are no active ports associated with the  
tracked VLAN, ESRP forces the switch to remain in slave state,  
because no backbone connectivity is available.  
ESRP priorityThis is a user-defined field. The range of the  
priority value is 0 to 254; a higher number has higher priority. The  
170  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 1  
Enterprise Standby Router Protocol (ESRP)  
default priority setting is 0. A priority setting of 255 loses the  
election and remains in standby mode.  
System MAC address The switch with the higher MAC  
address has priority.  
ESRP Tracking  
You can use tracking information to monitor various forms of  
connectivity from the ESRP switch to the outside world. This  
section describes your ESRP tracking options.  
ESRP VLAN Tracking  
You can configure ESRP to track connectivity to one or more  
specified VLANs as criteria for failover. If no active ports remain  
on the specified VLANs, the switch automatically relinquishes  
master status and remains in standby mode.  
To add or delete a tracked VLAN, use this command:  
configure vlan <name> [add | delete] track-vlan  
<vlan_tracked>  
ESRP Route Table Tracking  
You can configure ESRP to track specified routes in the route table  
as criteria for failover. If any of the configured routes are not  
available within the route table, the switch automatically  
relinquishes master status and remains in standby mode.  
To add or delete a tracked route, use this command:  
configure vlan <name> [add | delete] track-route  
<ipaddress/mask_length>  
ESRP Ping Tracking  
You can configure ESRP to track connectivity using a simple ping  
to any outside responder. The responder may represent the default  
171  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
route of the switch, or any device meaningful to network  
connectivity of the master ESRP switch.  
The switch automatically  
relinquishes master status  
and remains in standby  
mode if a ping keepalive  
fails three consecutive  
times.  
To view the status of tracked devices, use this command:  
show esrp  
ESRP Election Algorithms  
You configure the switch to use one of five different election  
algorithms to select the ESRP master. Each algorithm considers the  
election factors in a different order of precedence, as follows:  
All switches in the ESRP  
network must use the  
same election algorithm,  
otherwise loss of  
connectivity, broadcast  
storms, or other  
ports-track-priority-macActive ports, tracking  
information, ESRP priority, MAC address (Default)  
track-ports-priority-macTracking information, active  
ports, ESRP priority, MAC address  
priority-ports-track-macESRP priority, active ports,  
tracking information, MAC address  
unpredictable behavior  
may occur.  
priority-track-ports-macESRP priority, tracking  
information, active ports, MAC address  
priority-mac-onlyESRP priority, MAC address  
Master Switch Behavior  
When a switch is master, it actively provides Layer 3 routing  
services to other VLANs, and Layer 2 switching between all the  
ports of that VLAN. Additionally, the switch exchanges ESRP  
packets with other switches that are in standby mode.  
Standby Switch Behavior  
When a switch is in standby mode, it exchanges ESRP packets with  
other switches on that same VLAN. When a switch is in standby, it  
does not perform Layer 3 routing or Layer 2 switching services for  
the VLAN.  
From a Layer 3 routing protocol perspective (for example, RIP or  
OSPF), when in standby for the VLAN, the switch marks the router  
interface associated with the VLAN as down. From a Layer 2  
switching perspective, no forwarding occurs between the member  
ports of the VLAN; this prevents loops and maintains redundancy.  
172  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 1  
Enterprise Standby Router Protocol (ESRP)  
Electing the Master Switch  
A new master can be elected in one of these ways:  
A communicated parameter change  
Loss of communication between master and slave(s).  
Whenever a parameter that determines the master changes (for  
example, link loss or priority change), the election of the new  
master typically occurs within one timer cycle (2 seconds by  
default).  
When a switch in standby mode loses its connection with the  
master, a new election occurs (using the same precedence order  
indicated previously).  
The new election typically takes place in three times the defined  
timer cycle (6 seconds by default).  
Failover Time  
Failover time is largely determined by these factors:  
The ESRP timer setting.  
The routing protocol being used for inter-router connectivity  
whenever Layer 3 redundancy is used. OSPF failover time is  
faster than RIP failover time.  
The failover time associated with the ESRP protocol depends on the  
timer setting and the nature of the failure. The default timer setting  
is 2 seconds; the range is 1 to 255. Default settings usually result in  
a failover time of 5 to 8.  
When routing is configured, the failover of the particular routing  
protocol (such as RIP V1, RIP V2, or OSPF) is added to the failover  
time associated with ESRP.  
173  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
ESRP Options  
ESRP options include:  
ESRP Host Attach  
ESRP Domains  
ESRP Groups  
Linking ESRP Switches  
Configuring ESRP and Multinetting  
ESRP and Spanning Tree  
ESRP Host Attach  
ESRP host attach (HA) is an optional ESRP configuration that  
allows you to connect active hosts directly to an ESRP master or  
standby switch.  
Normally, the Layer 2 redundancy and loop prevention capabilities  
of ESRP do not allow packet forwarding from the standby ESRP  
switch. ESRP HA allows configured ports that do not represent  
loops to the network to continue Layer 2 operation, independent of  
their ESRP status.  
The ESRP HA option is useful when you are using multi-homed  
network interface cards (NICs) for server farms, and in conjunction  
with high-availability server load balancing (SLB) configurations,  
as shown in Figure 11.1.  
174  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 1  
Enterprise Standby Router Protocol (ESRP)  
OSPF/BGP4  
®
®
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
10  
11  
12  
13  
14  
15  
16  
13  
14  
15  
16  
10 11 12 13 14 15 16  
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
480T_045R  
Figure 11.1: ESRP host attach  
Other applications allow lower-cost redundant routing  
configurations, because hosts can be directly attached to the switch  
involved with ESRP. The ESRP HA feature requires at least one  
link between the master and standby ESRP switch for carrying  
traffic and to exchange ESRP hello packets.  
ESRP Domains  
An ESRP Domain is an optional ESRP configuration that allows  
you to configure multiple VLANs under the control of a single  
instance of the ESRP protocol. By grouping multiple VLANs under  
one ESRP group, the ESRP protocol can scale to provide protection  
to large numbers of VLANs. All VLANs within an ESRP group  
simultaneously share the same active and standby router and  
failover.  
ESRP Groups  
A switch cannot perform  
both master and slave  
functions on the same  
VLAN for separate  
The 480T routing switch supports running multiple instances of  
ESRP within the same VLAN or broadcast domain. This  
functionality is called an ESRP group. Though other uses exist, the  
most typical application for multiple ESRP groups is when two or  
more sets of ESRP switches are providing fast-failover protection  
within a subnet.  
instances of ESRP.  
175  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
For example, two ESRP switches provide Layer 2 and Layer 3  
connectivity and redundancy for the subnet, while another two  
ESRP switches provide Layer 2 connectivity and redundancy for a  
portion of the same subnet. Figure 11.2 shows ESRP groups.  
ESRP  
Group1  
Master  
ESRP  
Internet  
Group1  
Standby  
®
®
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
10  
11  
12  
13  
14  
15  
16  
13  
14  
15  
16  
10 11 12 13 14 15 16  
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
10  
11  
12  
13  
14  
15  
16  
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
10  
11  
12  
13  
14  
15  
16  
1
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
9
10  
11  
12  
10  
11  
12  
13  
14  
15  
16  
13  
14  
15  
16  
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
10  
11  
12  
13  
14  
15  
16  
10  
11  
12  
13  
14  
15  
16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
10  
11  
12  
13  
14  
15  
16  
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
ESRP Group2  
Standby  
10  
11  
12  
13  
14  
15  
16  
T
ESRP  
Group2  
Master  
1
9
2
3
4
5
6
7
8
1
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
9
10  
11  
12  
13  
14  
15  
16  
Rx  
Tx  
R
T
(L2 only)  
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
(L2 only)  
10  
11  
12  
13  
14  
15  
16  
10  
11  
12  
13  
14  
15  
16  
T
1
9
2
3
4
5
6
7
8
1
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
9
10  
11  
12  
13  
14  
15  
16  
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
10  
11  
12  
13  
14  
15  
16  
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
10  
11  
12  
13  
14  
15  
16  
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
10  
11  
12  
13  
14  
15  
16  
480T_056R  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Figure 11.2: ESRP groups  
A maximum of four distinct ESRP groups can be supported within  
the same networked broadcast domain.  
To configure the ESRP group membership for a VLAN on a switch,  
use this command:  
configure vlan <name> esrp group <group number>  
The default group number is zero (0).  
176  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 1  
Enterprise Standby Router Protocol (ESRP)  
Linking ESRP Switches  
Direct links between ESRP switches are useful under these  
conditions:  
When the ESRP switches are routing and supporting multiple  
VLANs (where the master/standby configuration is split so one  
switch is master for some VLANs and a second switch is master  
for other VLANs), a direct link provides a more direct path.  
The direct link can contain a unique router-to-router VLAN/  
subnet. Then the most direct routed path between two VLANs  
with different master switches is a direct link, instead of  
forwarding through another set of routers.  
A direct link is a highly reliable method to exchange ESRP  
hellos, so the possibility of multiple masters for one VLAN is  
lessened, should all downstream Layer 2 switches fail.  
A direct link is necessary when the ESRP HA option is used. Use  
the direct link to provide Layer 2 forwarding services through an  
ESRP standby switch.  
Direct links may contain a router-to-router VLAN, along with  
VLANs running ESRP. When multiple VLANs are used on the  
direct links, use 802.1Q tagging. The direct links may be aggregated  
into a load-shared group, if desired.  
Configuring ESRP and Multinetting  
When configuring ESRP and IP multinetting on the same switch,  
the parameters that affect the determination of the ESRP master  
must be configured identically for all the VLANs involved with IP  
multinetting. For example, the number of links in your  
configuration, the priority settings, and timer settings must be  
identical for all affected VLANs.  
ESRP and Spanning Tree  
A switch running ESRP should not simultaneously participate in  
Spanning Tree Protocol (STP) for the same VLAN(s). Other  
switches in the VLAN being protected by ESRP may run STP, in  
which case, the switch running ESRP forwards the STP BDPUs  
(Bridge Protocol Data Units), but does not filter them. Therefore,  
177  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
you can combine ESRP and STP on a network and a VLAN, but you  
must do so on separate devices.  
Be careful to maintain ESRP connectivity between ESPR master  
and standby switches when you design a network that uses ESRP  
and STP.  
ESRP and VLAN Aggregation  
Do not configure a sub-  
VLAN to run ESRP. The  
system will allow you to  
enable ESRP on a VLAN  
and then designate the  
VLAN as a sub-VLAN, but  
this is not a supported  
configuration.  
You can use ESRP to provide redundant default router protection to  
VLAN aggregation clients. ESRP is enabled on the super-VLAN  
only (not the sub-VLANs).  
The procedure is to add ports to the super-VLAN that is shared with  
the sub-VLANs. To do so, configure the super-VLAN with an  
802.1Q tag added as tagged with the sub-VLAN ports. This will  
avoid a protocol conflict. Then enable ESRP on the super-VLAN.  
For more information on  
VLAN aggregation, see  
Chapter 12, "IP Unicast  
Routing" on page 189.  
The following example combines ESRP and VLAN aggregation for  
the super-VLAN vsuper and two sub-VLANs, v1sub and v2sub,  
that have ports 1 and 2 as members, respectively.  
1
Create the VLANs and set up the super-VLAN to sub-VLAN  
relationship:  
create vlan v1sub  
create vlan v2sub  
create vlan vsuper  
configure vsuper ipaddress 10.1.2.3/24  
enable ipforwarding  
enable ospf  
configure ospf add vsuper  
configure v1sub add port 1  
configure v2sub add port 2  
configure vsuper add subvlan v1sub  
configure vsuper add subvlan v2sub  
2
Turn on ESRP for the VLAN vsuper:  
configure vsuper tag 1234  
configure vsuper add port 1,2 tagged  
enable esrp vlan vsuper  
Use these commands to verify the configuration:  
show vlan {detail}Displays super- and sub-VLAN  
relationships, IP addresses, and port membership.  
178  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 1  
Enterprise Standby Router Protocol (ESRP)  
show esrp {detail}Verifies ESRP is enabled and  
operational.  
ESRP Commands  
Table 11.1 describes the commands used to configure ESRP.  
Press the Tab key in the command line interface for more  
command options.  
Table 11.1: ESRP Commands  
Command  
Description  
configure esrp port-mode [host | normal] ports  
<portlist> {dont-count}  
Configures the ESRP port mode. A  
normalport does not accept or transmit  
traffic when the local ESRP device is a  
slave. The host port always switches user  
traffic, regardless of the ESRP state. The  
default setting is normal.  
configure vlan <name> add track-diagnostic  
failover <priority>  
Enables the priority of the diagnostic  
failover.  
configure vlan <name> add track-environment  
failover <priority>  
Sets the priority of the environmental  
failover.  
configure vlan <name> add track-ping  
Configures an ESRP-enabled VLAN to  
<ipaddress> frequency <seconds> miss <number> track an external gateway using ping. The  
switch will not be the ESRP master of the  
VLAN if the external gateway is not  
reachable.  
configure vlan <name> add track-iproute  
<ipaddress>/<masklength>  
Configures an ESRP-enabled VLAN to  
track the condition of a route entry in the  
kernel route table. The switch cannot be  
the ESRP master if none of the specified  
routes are reachable.  
configure vlan <name> add track-vlan  
<vlan_tracked>  
Configures an ESRP-enabled VLAN to  
track the condition of another VLAN.  
179  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 11.1: ESRP Commands (continued)  
Command  
Description  
configure vlan <name> delete track-diagnostic  
Disables the priority of the diagnostic  
failover.  
configure vlan <name> delete track-environment  
configure vlan <name> delete track-ping  
Disables the priority of the environmental  
failover.  
Configures an ESRP-enabled VLAN to  
<ipaddress> frequency <seconds> miss <number> stop tracking an external gateway.  
configure vlan <name> delete track-iproute  
<ipaddress>/<masklength>  
Disables route entry tracking for an  
ESRP-enabled VLAN.  
configure vlan <name> delete track-vlan  
<vlan_tracked>  
Removes the tracking of a VLAN by an  
ESRP-enabled VLAN.  
configure vlan <name> esrp esrp-election [ports-  
track-priority-mac | track-ports-priority-mac |  
priority-ports-track-mac | priority-track-ports-mac  
| priority-mac-only]  
Configures the election algorithm on the  
switch. The algorithm must be the same  
on all switches for a particular VLAN.  
Specify:  
ports_track_priority_mac—  
Active ports, tracking information,  
ESRP priority, MAC address  
track_ports_priority_mac—  
Tracking information, active ports,  
ESRP priority, MAC address  
priority_ports_track_mac—  
ESRP priority, active ports, tracking  
information, MAC address  
priority_track_ports_mac—  
ESRP priority, tracking information,  
active ports, MAC address  
priority_macESRP priority,  
MAC address  
The default setting is  
ports_track_priority_mac. If no  
tracking information is configured for a  
field, the field is ignored.  
180  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 1  
Enterprise Standby Router Protocol (ESRP)  
Table 11.1: ESRP Commands (continued)  
Command  
Description  
configure vlan <name> esrp group <number>  
configure vlan <name> esrp priority <value>  
Configures the ESRP group number.  
Configures the ESRP priority. The range  
is 0 to 255. The higher number has higher  
priority. The default setting is 0. A  
setting of 255configures the switch to  
be in standby state.  
configure vlan <name> esrp timer <hello_timer>  
Configures the time, in seconds, between  
ESRP updates. The range is 1 to 255. The  
default setting is 2. The timer setting  
must be configured identically for the  
VLAN across all participating switches.  
configure vlan <name> esrp-group <group  
number>  
Configures the virtual MAC address to be  
used for the ESRP VLAN. The default  
group number is 0.  
configure vlan <super_ESRP_VLAN> add  
domain-member vlan <sub_ESRP_VLAN>  
Adds a VLAN to an ESRP domain.  
ESRP is performed in the domain master  
VLAN, and not the other domain  
members. Maximum number of ESRP  
domain-member VLANs is 3000.  
configure vlan <super_ESRP_VLAN> delete  
domain-member vlan <sub_ESRP_VLAN>  
Deletes a VLAN from an ESRP domain.  
disable esrp {vlan <name>}  
enable esrp vlan <name>  
show esrp {detail}  
Disables ESRP on a VLAN.  
Enables ESRP on a VLAN.  
Displays ESRP configuration  
information.  
show esrp vlan <name>  
Displays ESRP configuration  
information for a specific VLAN.  
181  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
ESRP Examples  
This section provides examples of ESRP configurations.  
Single VLAN Using Layer 2 and Layer 3  
Redundancy  
This example, shown in Figure 11.3, uses a number of switches that  
perform Layer 2 switching for VLAN Sales. The switches are multi-  
homed to the VLAN Sales switches. The VLAN Sales switches  
perform Layer 2 switching between the switches shown near the  
bottom of the diagram, and Layer 3 routing to the outside world.  
Each switch is multi-homed using active ports to two VLAN Sales  
switches (as many as four could be used). ESRP is enabled on each  
VLAN Sales switch only for the VLAN that connects to the bottom  
switches.  
Each VLAN Sales switch has the VLAN Sales configured using the  
identical IP address. These switches then connect to the routed  
enterprise normally, using the desired routing protocol (for example  
RIP or OSPF).  
182  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 1  
Enterprise Standby Router Protocol (ESRP)  
®
OSPF or RIP  
®
®
Sales  
Sales  
VLAN  
VLAN  
(master)  
(standby)  
®
®
480t_019  
Figure 11.3: ESRP example using Layer 2 and Layer 3  
redundancy  
The VLAN Sales master switch, acting as master for VLAN Sales,  
performs both Layer 2 switching and Layer 3 routing services for  
VLAN Sales. The switch in standby mode for VLAN Sales  
performs neither, thus preventing bridging loops in the VLAN. The  
switch in standby mode does, however, exchange ESRP packets  
with the VLAN Sales master switch.  
There are four paths between the VLAN Sales switches. All the  
paths are used to send ESRP packets, allowing for four redundant  
paths for ESRP communication. The switches near the bottom of  
the diagram, being ESRP-aware, allow traffic within the VLAN to  
failover quickly, as they will sense when a master/slave transition  
occurs and flush FDB entries associated with the uplinks to the  
ESRP-enabled VLAN Sales switches.  
183  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
The following commands are used to configure both VLAN Sales  
switches. The assumption is that the inter-router backbone is  
running OSPF, with other routed VLANs already properly  
configured. Similar commands would be used to configure a switch  
on a network running RIP. The primary requirement is that the IP  
address for the VLAN(s) running ESRP must be identical. In this  
scenario, the master is determined by the programmed MAC  
address of the switch, because the number of active links for the  
VLAN and the priority are identical to both switches.  
These are the commands used to configure the VLAN Sales  
switches:  
create vlan sales  
configure sales add port 1-4  
configure sales ipaddr 10.1.2.3/24  
enable ipforwarding  
enable esrp sales  
enable edp ports all  
configure ospf add vlan sales  
enable ospf  
Multiple VLANs Using Layer 2 Redundancy  
Figure 11.4 illustrates an ESRP configuration that has multiple  
VLANs using Layer 2 redundancy.  
Sales master,  
Sales standby,  
Engineering standby  
Engineering master  
®
®
Sales  
Sales  
Sales - untagged link  
Sales +  
Engineering  
Engineering  
Engineering - untagged link  
Sales + Engineering - tagged link  
480t_020  
Figure 11.4: ESRP example using Layer 2 redundancy  
184  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 1  
Enterprise Standby Router Protocol (ESRP)  
Figure 11.3 builds on Figure 11.4, but eliminates the requirement of  
Layer 3 redundancy. It has these features:  
An additional VLAN, Engineering, is added that uses Layer 2  
redundancy.  
The VLAN Sales uses three active links to each upper switch.  
The VLAN Engineering has two active links to each upper  
switch.  
The switch labeled Sales + Engineering carries traffic for both  
VLANs.  
The link between the Sales + Engineering switch and the Sales  
master/Engineering standby switch uses 802.1Q tagging to  
carry traffic from both VLANs on one link. The switch counts the  
link active for each VLAN.  
The Sales standby/Engineering master switch has a separate  
physical port for each VLAN connected to the third bottom  
switch.  
In this example, the master and standby switches are configured for  
ESRP such that the VLAN Sales normally uses the first switch and  
the VLAN Engineering normally uses the second switch. This is  
accomplished by manipulating the ESRP priority setting for each  
VLAN for the particular switch.  
These are the configuration commands for the first switch (Sales  
master/Engineering standby):  
create vlan sales  
configure sales tag 10  
configure sales add port 1,2  
configure sales add port 3 tagged  
configure sales ipaddr 10.1.2.3/24  
create vlan eng  
configure eng tag 20  
configure eng add port 4  
configure eng add port 3 tagged  
configure eng ipaddr 10.4.5.6/24  
enable esrp sales  
enable esrp eng  
enable edp ports all  
configure sales esrp priority 5  
Configuration commands for the second switch (Sales standby/  
Engineering master) are as follows:  
185  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
create vlan sales  
configure sales add port 1-3  
configure sales ipaddr 10.1.2.3/24  
create vlan eng  
configure eng add port 1,4  
configure eng ipaddr 10.4.5.6/24  
enable esrp sales  
enable esrp eng  
configure eng esrp priority 5  
Displaying ESRP Information  
To verify the operational state of an ESRP VLAN and the state of  
its neighbor, use this command:  
show esrp  
To view tracking information about a particular VLAN, including  
the VLANs tracked by it and a list of the VLANs tracking it, use this  
command:  
show vlan  
ESRP Environment and Diagnostic Tracking  
ESRP is capable of tracking hardware status. If a power supply or  
fan fails, or if the chassis overheats, the priority for the ESRP  
VLAN will change to the failover settings..  
To configure the failover priority for ESRP VLANs, you must first  
assign a priority to each ESRP VLAN, using this command:  
configure vlan <vlan name> esrp priority  
If you set the priority to  
255, the ESRP VLAN will  
remain in standby mode  
even if the master ESRP  
VLAN fails. This is a  
special case.  
The range of the priority value is 0 to 254; a higher number has  
higher priority. The default priority setting is 0.  
You typically configure both ESRP VLANs with the same priority.  
Next, you must give the priority flag precedence over the active  
ports count, which has precedence by default, using this command:  
configure vlan <vlan name> esrp esrp-election  
priority-ports-track-mac  
Since the priority of both VLANs are set equal, ESRP uses the  
active ports count to determine the master ESRP VLAN.  
186  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 1  
Enterprise Standby Router Protocol (ESRP)  
Then, set the priority of environmental failover using the command:  
configure vlan <vlan name> add track-environment  
failover <priority>  
Disable the priority of environmental failover, using this command:  
configure vlan <vlan name> delete track-environment  
failover <priority>  
To enable the priority of the diagnostic failover, use this command:  
configure vlan <vlan name> add track-diagnostic  
failover <priority>  
To disable the priority of the diagnostic failover, use this command:  
configure vlan <vlan name> delete track-diagnostic  
Typically, you set the failover priority lower than the configured  
priority. Thus, if one of the VLANs experiences a hardware or  
diagnostics failure, that VLAN becomes the standby VLAN.  
187  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
188  
Download from Www.Somanuals.com. All Manuals Search And Download.  
12  
IP Unicast Routing  
This chapter describes how to configure IP routing on the Intel®  
NetStructure480T routing switch. It assumes that you are already  
familiar with IP unicast routing. If not, refer to these publications for  
additional information:  
RFC 1256 ICMP Router Discovery Messages  
RFC 1812 Requirements for IP Version 4 Routers  
For IEEE standards information refer to http://standards.ieee.org  
Overview of IP Unicast Routing  
For more information on  
routing protocols, refer to  
"Enterprise Standby  
Router Protocol (ESRP)"  
on page 167 and "IP  
The 480T routing switch provides full Layer 3, IP unicast routing. It  
exchanges routing information with other routers o8n the network using  
either the Routing Information Protocol (RIP) or the Open Shortest Path  
First (OSPF) protocol. The 480T routing switch dynamically builds and  
maintains a routing table and determines the best path for each of its  
Multicast Routing" on page routes.  
275.  
Each host using the IP unicast routing functionality of the switch must  
have a unique IP address assigned. In addition, the default gateway  
assigned to the host must be the IP address of the router interface. RIP and  
OSPF are described in Chapter 13.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Policy-Based Routing and Route Load-Sharing  
Policy-based routing is used to alter the normally calculated next-  
hop route, which is based on the route table. This same alteration  
can also load-share across multiple routers. It implies a set of rules  
or policies that take precedence over information in the route table.  
These policies can perform a flow-redirection to different next-hop  
addresses based on:  
IP source address and mask  
IP destination address and mask  
Layer 4 destination port  
In the event that the next-hop address (or addresses) becomes  
unavailable, the 480T routing switch will route the traffic normally.  
Several rules may be defined; the precedence of rules is determined  
by best match of the rule to the packet. If no rule is satisfied, no  
redirection occurs.  
There are two types of commands you can use to set up policy-  
based routing. One configures the redirection rule(s) and the other  
configures the next-hop IP address(es):  
create flow-redirect <flow_rule_name> [tcp | udp]  
destination [<ip_address>/<mask> | any] [ip-port  
[<L4_port> | any]] source [<ip_address>/<mask> |  
any]  
configure flow-redirect <flow_rule_name> [add |  
delete] next-hop <ip_address>  
If multiple next-hop addresses are defined, traffic satisfying the rule  
is load-shared across the next-hop addresses based on destination IP  
address.  
If next-hop address(es) fail (do not respond to ICMP pings), the  
switch will resume normal routing.  
Using policy-based routing To show configuration and status of flow redirection rules, use the  
has no impact on switch  
performance.  
command:  
show flow-redirect [<flow_rule_name | <cr>]  
190  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 2  
IP Unicast Routing  
Router Interfaces  
The routing software and hardware move IP traffic between router  
interfaces. A router interface is simply a VLAN that has an IP  
address assigned to it.  
As you create VLANs with IP addresses belonging to different IP  
subnets, you can also choose to route between the VLANs. Both the  
VLAN switching and IP routing function occur within the 480T  
routing switch. Each IP address and mask assigned to a VLAN must  
represent a unique IP subnet.  
You cannot configure the  
same IP address and  
In Figure 12.1, a 480T routing switch is depicted with two VLANs  
defined, Finance and Personnel:  
subnet on different VLANs.  
Ports 1 and 3 are assigned to Finance.  
Ports 2 and 4 are assigned to Personnel.  
Finance belongs to the IP network 192.207.35.0.  
The router interface for Finance is assigned the IP address  
192.207.35.1.  
Personnel belongs to the IP network 192.207.36.0; its router  
interface is assigned IP address 192.207.36.1.  
Traffic within each VLAN is switched using the Ethernet MAC  
addresses.  
Traffic between the two VLANs is routed using the IP addresses.  
Figure 12.1: Routing between VLANs  
191  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Populating the Routing Table  
The 480T routing switch maintains an IP routing table for both  
network routes and host routes. The table is populated from these  
sources:  
If you define a default  
route, and later delete the  
VLAN on the subnet  
associated with it, the  
now-invalid default route  
entry remains. You must  
manually delete the  
Dynamically, using routing protocol packets or by ICMP redirects  
exchanged with other routers  
Statically, using routes entered by the administrator:  
Default routes, configured by the administrator  
Locally, using interface addresses assigned to the system  
By other static routes, as configured by the administrator  
configured default route.  
Dynamic Routes  
Dynamic routes are learned using RIP or OSPF. Routers that use  
RIP or OSPF exchange information in their routing tables in the  
form of advertisements. Using dynamic routes, the routing table  
contains only networks that are reachable.  
Dynamic routes are aged out of the table when an update for the  
network is not received for a period of time, as determined by the  
routing protocol.  
Static Routes  
Static routes are manually entered into the routing table. Static  
routes are used to reach networks not advertised by routers.  
Static routes can also be used for security, by controlling which  
routes you want advertised by the router. You can decide if you  
want all static routes to be advertised, using one of these commands:  
[enable | disable] rip export static  
[enable | disable] ospf export static  
The default setting is enabled. Static routes are never aged out of the  
routing table.  
A static route must be associated with a valid IP subnet. An IP  
subnet is associated with a single VLAN by its IP address and  
subnet mask. If the VLAN is subsequently deleted, the static route  
entries using that subnet must be deleted manually.  
192  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 2  
IP Unicast Routing  
Multiple Routes  
When there are multiple, conflicting choices of equal-cost routes to  
a particular destination, the router picks the route with the longest  
matching network mask. If these are still equal, the router picks the  
route using these criteria (in this order):  
1. Directly attached network interfaces  
2. ICMP redirects (refer to Table 12.6 on page 216).  
3. Static routes  
4. Directly attached network interfaces that are not active  
If you define multiple default routes, the route with the lowest  
metric is used. If there are multiple default routes that have the same  
lowest metric, the system picks one of the routes.  
You can also configure blackhole routes. Traffic to these  
destinations is silently dropped.  
IP Route Sharing  
IP route sharing allows multiple equal-cost routes to be used  
concurrently. You can use IP route sharing with static routes or with  
OSPF routes. In OSPF, this capability is referred to as equal cost  
multi-path (ECMP) routing. To use IP route sharing, use this  
command:  
enable route sharing  
Next, configure static routes and/or OSPF as you would normally.  
You can use as many as five ECMP routes for a given destination.  
Route sharing is useful only in instances where you are constrained  
for bandwidth. This is typically not the case using 480T routing  
switches. Using route sharing makes router troubleshooting more  
difficult because of the complexity in predicting the path over  
which the traffic will travel.  
Route Map Support  
The switch includes the ability to apply route maps to routes that are  
being added to the kernel route table. You can configure the route  
maps based on these origins of the route:  
193  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Direct  
Static  
RIP  
OSPF  
BGP  
These route maps match the various characteristics of the route  
based on the originating protocol and set the accounting indices.  
Use this command to configure route maps:  
configure iproute route-map [bgp | direct | e-bgp  
| i-bgp | ospf | ospf-extern1 | ospf-extern2 |  
ospf-inter | ospf-intra | rip | static] [<route  
map> | none]  
Use this command to view the log:  
show iproute {priority | vlan <vlan> | permanent |  
summary <ipaddress> <netmask> | route-map | origin  
[direct | bgp | e-bgp | i-bgp | static | blackhole  
| rip | ospf-intra | ospf-inter | ospf-extern1 |  
ospf-extern2]} {sorted}  
You can make dynamic changes to the route map. Direct and static  
route changes are reflected immediately. RIP changes are reflected  
within 30 seconds. OSPF and BGP changes depend upon link state.  
Route Map Support for OSPF Export  
The enable ospfcommand is enhanced to support route maps.  
The route map is applied on each and every route that is exported to  
OSPF. It can be used for filtering or for setting the cost, cost type,  
and tag of the exported route. You can use this feature to make  
dynamic changes to the route map.  
Use these commands to enable OSPF route map export:  
enable ospf export direct [[cost <metric> [ase-  
type-1 | ase-type-2] {tag <number>}] | <route  
map>]  
enable ospf export static [[cost <metric> [ase-  
type-1 | ase-type-2] {tag <number>} | <route map>]  
enable ospf export rip [[cost <metric> [ase-type-1  
| ase-type-2] {tag <number>} | <route map>]  
194  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 2  
IP Unicast Routing  
enable ospf export [bgp | i-bgp | e-bgp] [[cost  
<metric> [ase-type-1 | ase-type-2] {tag <number>}  
| <route map>]  
enable ospf export vip [[cost <metric> [ase-type-1  
| ase-type-2] {tag <number>} | <route map>]  
BGP and OSPF Route Map Support for Tagging  
The 480T routing switch has route map support for BGP and OSPF  
tagging. This allows you to redistribute OSPF routes from the  
kernel routing table to BGP, or BGP routes to OSPF.  
Use this command to enable tagging:  
configure route-map <route-map> <sequence number>  
[add | delete] match [nlri-list <access-profile> |  
as-path [access-profile <access-profile> | <as no>]  
| community [access-profile <access-profile> | <as  
no>: <number> | number <community> | no-advertise  
| no-export | no-export-subconfed] | next-hop <ip  
address> | med <number> | origin [igp | egp |  
incomplete] | tag <number>]  
BGP and OSPF Route Map Support for DSB  
Accounting  
The 480T routing switch also offers route map support for BGP and  
OSPF accounting. This allows you to set the cost and type of the  
exported routes.  
Use this command to enable accounting:  
configure route-map <route-map> <sequence number>  
[add | delete] set [as-path <as no> | community  
[[access-profile <access-profile> | <as no>:  
<number> | number <community> | no-advertise | no-  
export | no-export-subconfed] | remove | [add |  
delete] [access-profile <access-profile> | <as no>:  
<number> | number <community> | no-advertise | no-  
export | no-export-subconfed]] | next-hop <ip  
address> | med <number> | local-preference  
<number> | weight <number> | origin [igp | egp |  
incomplete] | tag <number> | accounting index  
<number> value <number> | cost <number> | cost-  
type [ase-type-1 | ase-type-2]]  
195  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Proxy ARP  
Proxy Address Resolution Protocol (ARP) was first invented so that  
ARP-capable devices could respond to ARP request packets on  
behalf of ARP-incapable devices.  
Proxy ARP can also be used to achieve router redundancy and  
simplify IP client configuration. The switch supports proxy ARP for  
this type of network configuration.  
ARP-Incapable Devices  
To configure the switch to respond to ARP requests on behalf of  
devices that are incapable of doing so, you must configure the IP  
address and MAC address of the ARP-incapable device using this  
command:  
configure iparp add proxy <ipaddress> {<mask>}  
<mac_address> {always}  
Once configured, the system responds to ARP requests on behalf of  
the device, if these conditions are satisfied:  
The valid IP ARP request is received on a router interface.  
The target IP address matches the IP address configured in the  
proxy ARP table.  
The proxy ARP table entry indicates that the system should  
always answer this ARP request, regardless of the ingress VLAN  
(the alwaysparameter must be applied).  
Once all the proxy ARP conditions are met, the switch formulates  
an ARP input rules for the UDP-configured MAC address in the  
packet.  
Proxy ARP Between Subnets  
In some networks, it is desirable to configure the IP host with a  
wider subnet than the actual subnet mask of the segment.  
Proxy ARP can be used so that the router answers ARP requests for  
devices outside of the subnet. As a result, the host communicates as  
if all devices are local. In reality, communication with devices  
outside of the subnet are proxied by the router.  
196  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 2  
IP Unicast Routing  
For example, an IP host is configured with a class B address of  
100.101.102.103 and a mask of 255.255.0.0:  
The switch is configured with the IP address 100.101.102.1 and a  
mask of 255.255.255.0.  
The switch is also configured with a proxy ARP entry of IP  
address 100.101.0.0 and mask 255.255.0.0, without the always  
parameter.  
When the IP host tries to communicate with the host at address  
100.101.45.67, the IP hosts communicate as if the two hosts are  
on the same subnet, and sends out an IP ARP request.  
The switch answers on behalf of the device at address  
100.101.45.67, using its own MAC address. All subsequent data  
packets from 100.101.102.103 are sent to the switch, and the  
switch routes the packets to 100.101.45.67.  
Relative Route Priorities  
Although these priorities  
can be changed, do not  
attempt any manipulation  
unless you fully  
understand the possible  
consequences.  
Table 12.1 lists the relative priorities assigned to routes depending  
on the learned source of the route.  
Table 12.1: Relative Route Priorities  
Route Origin  
Direct  
Priority  
10  
BlackHole  
Static  
50  
1100  
1200  
2200  
2300  
2400  
3200  
ICMP  
OSPFIntra  
OSPFInter  
RIP  
OSPFExtern1  
197  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 12.1: Relative Route Priorities (continued)  
Route Origin  
OSPFExtern2  
BOOTP  
Priority  
3300  
5000  
To change the relative route priority, use this command:  
configure iproute priority [rip | bootp | icmp |  
static | ospf-intra | ospf-inter | e-bgp | i-bgp |  
ospf-extern1 | ospf-extern2] <priority>  
IP Multinetting  
IP multinetting is used in  
many legacy IP networks  
On the 480T routing switch, each subnet is represented by a  
different VLAN, and each of those VLANs has its own IP address.  
to overlap multiple subnets All of the VLANs share the same physical ports. The switch routes  
onto the same physical  
segment. Due to the  
resulting constraints in  
troubleshooting and  
bandwidth limitations, we  
recommend that  
multinetting be used as a  
transitional tool, and not  
as a long-term network  
design strategy.  
IP traffic from one subnet to another, all within the same physical  
ports.  
These rules and comments apply when you are configuring IP  
multinetting:  
Multiple VLANs share the same physical ports; each of the  
VLANs is configured with an IP address.  
A maximum of four subnets (or VLANs) on multinetted ports is  
recommended.  
All VLANs used in the multinetting group must share the same  
port assignment.  
One VLAN is configured to use an IP protocol filter. This is  
considered the primary VLAN interface for the multinetted  
group.  
The secondary multinetted VLANs can be exported using the  
export directcommand.  
The FDB aging timer is automatically set to 3,000 seconds (50  
minutes).  
If you are using a UDP or DHCP relay function, only the primary  
VLAN configured with the IP protocol filter is able to service  
these requests.  
The VLAN default should not be used for multinetting.  
198  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 2  
IP Unicast Routing  
IP Multinetting Operation  
Multinetted VLAN groups  
must contain identical port  
assignments.  
To use IP multinetting, follow these steps:  
1. Select a port where you want IP multinetting to run, for example,  
port 2.  
2. Remove the port from the default VLAN, using this command:  
configure default delete port 2  
3. Create a dummy protocol using this command:  
create protocol mnet  
4. Create the multinetted subnets using these commands:  
create vlan net21  
create vlan net22  
5. Assign IP addresses to the net VLANs using these commands:  
configure net21 ipaddress 123.45.21.1  
255.255.255.0  
configure net22 ipaddress 192.24.22.1  
255.255.255.0  
6. Assign one of the subnets to the IP protocol using this command:  
configure net21 protocol ip  
7. Assign the other subnets to the dummy protocol using this com-  
mand:  
configure net22 protocol mnet  
8. Assign the subnets to a physical port using these commands:  
configure net21 add port 2  
configure net22 add port 2  
9. Enable IP forwarding on the subnets using this command:  
enable ipforwarding  
10. Enable IP multinetting using this command:  
enable multinetting  
11. If you are using RIP, disable RIP on the dummy VLANs using  
this command:  
configure rip delete net22  
199  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
IP Multinetting Examples  
This example configures the switch to have one multinetted  
segment (port 5) that contains three subnets (192.67.34.0,  
192.67.35.0, and 192.67.37.0):  
configure default delete port 5  
create protocol mnet  
create vlan net34  
create vlan net35  
create vlan net37  
configure net34 ipaddress 192.67.34.1  
configure net35 ipaddress 192.67.35.1  
configure net37 ipaddress 192.67.37.1  
configure net34 protocol ip  
configure net35 protocol mnet  
configure net37 protocol mnet  
configure net34 add port 5  
configure net35 add port 5  
configure net37 add port 5  
enable ipforwarding  
enable multinetting  
The next example configures the switch to operate with:  
One multinetted segment (port 5) that contains three subnets  
(192.67.34.0, 192.67.35.0, and 192.67.37.0).  
A second multinetted segment consisting of two subnets  
(192.67.36.0 and 192.99.45.0). The second multinetted segment  
spans three ports (port 8, port 9, and port 10).  
RIP enabled on both multinetted segments.  
configure default delete port 5  
create protocol mnet  
create vlan net34  
create vlan net35  
create vlan net37  
configure net34 ipaddress 192.67.34.1  
configure net35 ipaddress 192.67.35.1  
configure net37 ipaddress 192.67.37.1  
configure net34 protocol ip  
200  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 2  
IP Unicast Routing  
configure net35 protocol mnet  
configure net37 protocol mnet  
config net34 add port 5  
config net35 add port 5  
config net37 add port 5  
configure default delete port 8,9,10  
create vlan net36  
create vlan net45  
configure net36 ipaddress 192.67.36.1  
configure net45 ipaddress 192.99.45.1  
configure net36 protocol ip  
configure net45 protocol mnet  
configure net36 add port 8,9,10  
configure net45 add port 8,9,10  
configure rip add vlan net34  
configure rip add vlan net36  
enable ipforwarding  
enable multinetting  
enable rip  
Configuring IP Unicast Routing  
IGMP and IGMP snooping This section describes the commands associated with configuring  
must be enabled when  
unicast IP routing or  
multicast routing is  
configured (the default  
setting is enabled for both  
IGMP and IGMP  
IP unicast routing on the 480T routing switch. To configure the  
route:  
1. Create and configure two or more VLANs (as described in the  
previous examples).  
2. Assign an IP address to each VLAN that is using routing:  
snooping).  
configure vlan <name> ipaddress <ipaddress>  
{<mask>}  
Ensure that each VLAN has a unique IP address.  
3. Configure a default route, using this command:  
Default routes are used  
when the router has no  
other dynamic or static  
route to the requested  
destination.  
configure iproute add default <gateway>  
{<metric>}  
4. Turn on IP routing for one or all VLANs, using this command:  
enable ipforwarding {vlan <name>}  
201  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
5. Turn on RIP or OSPF using one of these commands:  
enable rip  
enable ospf  
Verifying the IP Unicast Routing Configuration  
Use the show iproutecommand to display the current  
configuration of IP unicast routing for the switch and for each  
VLAN. The show iproutecommand displays the currently  
configured routes and includes how each route was learned.  
The show iproutedisplay has a special flag for routes that are  
active and in use. These routes are preceded by an asterisk (*) in the  
route table. If there are multiple routes to the same destination  
network, the asterisk will indicate which route is preferred.  
The Use and M-Use fields in the route table indicate the number of  
times the software routing module is using the route table entry for  
packet forwarding decisions.  
The Use field indicates a count for unicast routing while the M-Use  
field indicates a count for multicast routing. If the use count is going  
up in an unexpected manner, this indicates that the software is  
making route decisions and may need to be investigated further.  
Additional verification commands include:  
show iparpDisplays the IP ARP table of the system.  
show ipfdbDisplays the hosts that have been transmitting or  
receiving packets, and the port and VLAN for each host.  
show ipconfigDisplays configuration information for one or  
more VLANs.  
VLAN Aggregation  
VLAN aggregation is primarily useful to service providers,  
allowing them to increase the efficiency of IP address space usage.  
It does this by allowing clients within the same IP subnet to use  
different broadcast domains using the same default router.  
Using VLAN aggregation:  
A superVLAN is defined with the desired IP address, but without  
any member ports (unless it is running ESRP).  
202  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 2  
IP Unicast Routing  
The subVLANs use the IP address of the superVLAN as the  
default router address.  
Groups of clients are then assigned to subVLANs that have no IP  
address, but are members of the superVLAN.  
Clients can be informally allocated any valid IP addresses within  
the subnet. Optionally, you can prevent communication between  
subVLANs for isolation purposes so that subVLANs can be quite  
small, but allow for growth without re-defining subnet  
boundaries.  
Without using VLAN aggregation, each VLAN has a default router  
address, and you need to use large subnet masks. The result is more  
unused IP address space.  
Multiple secondary IP addresses can be assigned to the  
superVLAN. These IP addresses are only used to respond to ICMP  
ping packets to verify connectivity.  
Figure 12.2 illustrates VLAN aggregation.  
Figure 12.2: VLAN aggregation  
203  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
In Figure 12.2, all stations are configured to use the address 10.3.2.1  
for the default router.  
VLAN Aggregation Properties  
These properties apply to VLAN aggregation operation:  
All broadcast and unknown traffic remains local to the subVLAN  
and does not cross the subVLAN boundary.  
All traffic within the subVLAN is switched by the subVLAN,  
allowing traffic separation between subVLANs (while using the  
same default router address among them).  
Hosts are located on the subVLAN. Each host can assume any IP  
address within the address range of the superVLAN router  
interface. Hosts on the subVLAN are expected to have the same  
network mask as the superVLAN, and have their default router set  
to the IP address of the superVLAN.  
All traffic (IP unicast and IP multicast) between subVLANs is  
routed through the superVLAN. For example, no ICMP redirects  
are generated for traffic between subVLANs, because the  
superVLAN is responsible for subVLAN routing.  
Unicast IP traffic across the subVLANs is facilitated by the  
automatic addition of an ARP entry (similar to a proxy ARP  
entry) when a subVLAN is added to a superVLAN. You can  
disable this feature for security purposes.  
IP multicast traffic between subVLANs is routed when an IP  
multicast routing protocol is enabled on the superVLAN.  
VLAN Aggregation Limitations  
These limitations apply to VLAN aggregation:  
No additional routers may be located in a subVLAN.  
A subVLAN cannot be a superVLAN, and vice-versa.  
subVLANs are not assigned IP addresses.  
Typically, a superVLAN has no ports associated with it, except in  
the case of running ESRP.  
If a client is moved from one subVLAN to another, clear the IP  
ARP cache at the client and the switch to resume communication.  
204  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 2  
IP Unicast Routing  
SubVLAN Address Range Checking  
The use of static ARP  
entries associated with  
superVLANs or sub-  
Sub-VLAN address ranges can be configured on each subVLAN to  
prohibit the entry of IP addresses from hosts outside of the  
configured range.  
VLANs is not supported.  
To configure a subVLAN range use this command:  
configure vlan <vlan_name> subvlan-address-range  
<ipaddress-ipaddress>  
To remove a subVLAN address range use this command:  
configure vlan <vlan_name> subvlan-address-range  
0.0.0.0 0.0.0.0  
To view a subVLAN range use this command:  
show vlan [vlan_name]  
There is no error checking to prevent the configuration of  
overlapping subVLAN address ranges between multiple  
subVLANs. Doing so may result in unpredictable behavior of ARP  
within the superVLAN and associated subVLANs.  
Isolation Option for Communication Between  
subVLANs  
The isolation option works To facilitate communication between subVLANs, by default, an  
for normal, dynamic, ARP- entry is made in the IP ARP table of the superVLAN that performs  
based client  
communication.  
a proxy ARP function. This allows clients on one subVLAN to  
communicate with clients on another subVLAN. In certain  
circumstances, intra-subVLAN communication may not be desired  
for isolation reasons.  
To prevent normal communication between subVLANs, disable the  
automatic addition of the IP ARP entries on the superVLAN, using  
the command:  
disable subvlan-proxy-arp vlan <supervlan name>  
VLAN Aggregation Commands  
Table 12.2 describes VLAN aggregation commands. For more  
command options press the Tab key in the command line interface.  
205  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 12.2: VLAN Aggregation Commands  
Command  
Description  
configure vlan <supervlan name> add  
secondary-ip <ipaddress> {<mask>}  
Adds a secondary IP address to the  
superVLAN for responding to ICMP ping  
requests.  
configure vlan <supervlan name> add  
subvlan <subvlan name>  
Adds a subVLAN to a superVLAN.  
configure vlan <supervlan name> delete  
secondary-ip <ipaddress> {<mask>}  
Deletes a secondary IP address to the  
superVLAN for responding to ICMP ping  
requests.  
configure vlan <supervlan name> delete  
subvlan <subvlan name>  
Deletes a subVLAN from a superVLAN.  
disable subvlan-proxy-arp vlan [<supervlan  
name> | all]  
Disables subVLAN entries in the proxy ARP  
table.  
enable subvlan-proxy-arp vlan [<supervlan  
name> | all]  
Enables the automatic entry of subVLAN  
information in the proxy ARP table.  
VLAN Aggregation Example  
The following example illustrates how to configure VLAN  
aggregation. The VLAN vsuper is created as a superVLAN, and  
subVLANs vsub1, vsub2, and vsub3 are added to it.  
1. Create and assign an IP address to a VLAN designated as the  
superVLAN. This VLAN should have no member ports. Be sure  
to enable IP forwarding, and any desired routing protocol, on the  
switch:  
create vlan vsuper  
configure vsuper ipaddress 192.201.3.1/24  
enable ipforwarding  
enable ospf  
configure ospf add vsuper  
206  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 2  
IP Unicast Routing  
2. Create and add ports to the subVLANs:  
create vlan vsub1  
configure vsub1 add port 8-10  
create vlan vsub2  
configure vsub2 add port 11-13  
create vlan vsub3  
configure vsub3 add port 15-16  
3. Configure the superVLAN by adding the subVLANs:  
configure vsuper add subvlan vsub1  
configure vsuper add subvlan vsub2  
configure vsuper add subvlan vsub3  
4. Disable communication among subVLANs (optional):  
disable subvlan-proxy-arp <superVLAN name>  
Verifying the VLAN Aggregation Configuration  
Use these commands to verify proper VLAN aggregation  
configuration:  
show vlanIndicates the membership of subVLANs in a  
superVLAN.  
show iparpIndicates an ARP entry that contains subVLAN  
information. Communication with a client on a subVLAN must  
occur before you can make an entry in the ARP table.  
Configuring DHCP/BOOTP Relay  
Once IP unicast routing is configured, you can configure the switch  
to forward Dynamic Host Configuration Protocol (DHCP) or  
BOOTP requests coming from clients on subnets being serviced by  
the switch and going to hosts on different subnets.  
You can use this feature in various applications, including DHCP  
services between Windows§ NT§ servers and clients running  
Windows 95. To configure the relay function:  
Configure VLANs and IP unicast routing.  
Enable the DHCP or BOOTP relay function, using this command:  
enable bootprelay  
207  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Configure the addresses, where you want to direct DHCP or  
BOOTP requests, using this command:  
configure bootprelay add <ipaddress>  
To delete an entry, use this command:  
configure bootprelay delete {<ipaddress> | all}  
Verifying the DHCP/BOOTP Relay  
Configuration  
To verify the DHCP/BOOTP relay configuration, use this  
command:  
show ipconfig  
This command displays the configuration of the BOOTP relay  
service, and the addresses that are currently configured.  
UDP Forwarding  
UDP forwarding is a flexible and generalized routing utility for  
handling the directed forwarding of broadcast UDP packets. UDP  
forwarding allows applications, such as multiple DHCP relay  
services from differing sets of VLANs, to be directed to different  
DHCP servers. These rules apply to UDP broadcast packets handled  
by this feature:  
If the UDP profile includes BOOTP or DHCP, it is handled  
according to guidelines in RFC 1542.  
If the UDP profile includes other traffic types, these packets have  
the IP destination address modified as configured, and changes  
are made to the IP and UDP checksums and decrements to the  
TTL field, as appropriate.  
If the UDP forwarding is used for BOOTP or DHCP forwarding  
purposes, do not configure or use the existing bootprelay  
function. However, if the previous bootprelayfunctions are  
applicable, you may continue to use them.  
208  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 2  
IP Unicast Routing  
Configuring UDP Forwarding  
To configure UDP forwarding, the you must first create a UDP-  
forward destination profile. The profile describes the types of UDP  
packets (by port number) that are used, and where they are to be  
forwarded. You must give the profile a unique name, in the same  
manner as a VLAN, protocol filter, or Spanning Tree Domain.  
Next, configure a VLAN to use the UDP-forwarding profile. As a  
result, all incoming traffic from the VLAN that matches the UDP  
profile is handled as specified in the UDP-forwarding profile.  
You can define a maximum of ten UDP-forwarding profiles. Each  
named profile may contain a maximum of eight rules defining the  
UDP port, and destination IP address or VLAN. A VLAN can use a  
single UDP-forwarding profile. UDP packets directed toward a  
VLAN use an all-ones broadcast on that VLAN.  
UDP-Forwarding Example  
In this example, the VLAN Marketing and the VLAN Operations  
are pointed toward a specific backbone DHCP server (with IP  
address 10.1.1.1) and a backup server (with IP address 10.1.1.2).  
Additionally, the VLAN LabUser is configured to use any  
responding DHCP server on a separate VLAN called LabSvrs.  
The commands for this configuration are:  
create udp-profile backbonedhcp  
create udp-profile labdhcp  
configure backbonedhcp add 67 ipaddress 10.1.1.1  
configure backbonedhcp add 67 ipaddress 10.1.1.2  
configure labdhcp add 67 vlan labsvrs  
configure marketing udp-profile backbonedhcp  
configure operations udp-profile backbonedhcp  
configure labuser udp-profile labdhcp  
ICMP Packet Processing  
As ICMP packets are routed or generated, you have several options  
for controlling distribution:  
Access lists are described  
in Chapter , "Access  
Policies" on page 309.  
For ICMP packets typically generated or observed as part of the  
routing function, you can assert control on a per-type, per-VLAN  
basis.  
209  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
You can alter the default settings for security reasons, by  
restricting the success of tools that could be used to find  
information on an important application, host, or topology.  
For ICMP packets that are typically routed, you can apply access  
lists to restrict forwarding behavior.  
The controls include the disabling of transmitting ICMP messages  
associated with:  
unreachables  
port-unreachables  
time-exceeded  
parameter-problems  
redirects  
time-stamp  
address-mask requests.  
UDP-Forwarding Commands  
Table 12.3 describes the commands used to configure UDP-  
forwarding. For more command options, press the Tab key in the  
command line interface.  
Table 12.3: UDP-Forwarding Commands  
Command  
Description  
configure udp-profile <profile_name> add  
<udp_port> [vlan <name> | ipaddress  
<dest_ipaddress>]  
Adds a forwarding entry to the specified  
User Datagram Protocol(UDP)-  
forwarding profile name. All broadcast  
packets sent to udp_port are forwarded  
to either the destination IP address  
(unicast or subnet directed broadcast) or  
to the specified VLAN as an all-ones  
broadcast.  
configure udp-profile <profile_name> delete  
<udp_port> [vlan <name> | ipaddress  
<dest_ipaddress>]  
Deletes a forwarding entry from the  
specified udp-profilename.  
210  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 2  
IP Unicast Routing  
Table 12.3: UDP-Forwarding Commands (continued)  
Command  
Description  
configure vlan <name> udp-profile  
<profile_name>  
Assigns a UDP-forwarding profile to the  
source VLAN. Once the UDP profile is  
associated with the VLAN, the Intel  
®
NetStructure480T routing switch picks  
up any broadcast UDP packets that match  
the user-configured UDP port number,  
and forwards those packets to the user-  
defined destination. If the UDP port is  
the DHCP/BOOTP port number,  
appropriate DHCP/BOOTP proxy  
functions are used.  
create udp-profile <profile_name>  
Creates a UDP-forwarding profile. You  
must use a unique name for the UDP-  
forwarding profile.  
delete udp-profile <profile_name>  
show udp-profile {<profile_name>}  
Deletes a UDP-forwarding profile.  
Displays the profile names, input rules of  
the UDP port, destination IP address, or  
VLAN and the source VLANs where the  
profile is applied.  
unconfigure udp-profile vlan [<name> | all]  
Removes the UDP-forwarding profile  
configuration for one or all VLANs.  
IP Commands  
Table 12.4 describes the commands used to configure basic IP  
settings. For more command options, press the Tab key in the  
command line interface.  
211  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 12.4: Basic IP Commands  
Command  
Description  
clear iparp {<ipaddress> | vlan <name>}  
Removes dynamic entries in the IP  
ARP table. Permanent IP ARP entries  
are not affected.  
clear ipfdb {<ipaddress> | vlan <name> }  
Removes the dynamic entries in the IP  
forwarding database. If no options are  
specified, all dynamic IP FDB entries  
are removed.  
configure bootprelay add <ipaddress>  
Adds the IP destination address to  
forward BOOTP packets.  
configure bootprelay delete [<ipaddress> | all]  
Removes one or all IP destination  
addresses for forwarding BOOTP  
packets.  
configure iparp add <ipaddress>  
<mac_address>  
Adds a permanent entry to the ARP  
table. Specify the IP address and MAC  
address of the entry.  
configure iparp add proxy <ipaddress>  
{<mask>} {<mac_address>} {always}  
Configures proxy ARP entries. When  
maskis not specified, an address with  
the mask 255.255.255.255is  
assumed. When mac_addressis not  
specified, the MAC address of the  
®
Intel NetStructure480T routing  
switch is used in the ARP response.  
When alwaysis specified, the switch  
answers ARP requests without filtering  
requests that belong to the same subnet  
of the receiving router interface.  
configure iparp delete <ipaddress>  
Deletes an entry from the ARP table.  
Specify the IP address of the entry.  
configure iparp delete proxy [<ipaddress>  
{<mask>} | all]  
Deletes one or all proxy ARP entries.  
212  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 2  
IP Unicast Routing  
Table 12.4: Basic IP Commands (continued)  
Command  
Description  
configure iparp timeout <minutes>  
Configures the IP ARP timeout period.  
The default setting is 20 minutes. A  
setting of 0 disables ARP aging. The  
maximum aging time is 32 minutes.  
configure tcp-sync-rate  
<number_sync_per_sec>  
Configures a limit for the switch to  
process TCP connection requests. If the  
connection request rate is higher than  
the specified rate, or the total number  
of outstanding connection requests  
exceeds the system limit, the system  
ages out incomplete connection  
requests at a faster rate. The range is 5  
to 200,000. The default setting is 25  
connection requests per second.  
disable bootp vlan [<name> | all]  
disable bootprelay  
Disables the generation and processing  
of BOOTP packets.  
Disables the forwarding of BOOTP  
requests.  
disable ipforwarding {vlan <name>}  
Disables routing for one or all VLANs.  
disable ipforwarding broadcast {vlan <name>}  
Disables routing of broadcasts to other  
networks.  
disable loopback-mode vlan [<name>]  
Disables loopback mode on an  
interface.  
disable multinetting  
Disables IP multinetting on the system.  
enable bootp vlan [<name> | all]  
Enables the generation and processing  
of BOOTP packets on a VLAN to  
obtain an IP address for the VLAN  
from a BOOTP server. The default  
setting is enabled for all VLANs.  
213  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 12.4: Basic IP Commands (continued)  
Command  
Description  
enable bootprelay  
Enables the forwarding of BOOTP and  
Dynamic Host Configuration Protocol  
(DHCP) requests.  
enable ipforwarding {vlan <name>}  
Enables IP routing for one or all  
VLANs. If no argument is provided,  
enables routing for all VLANs that are  
configured with an IP address. The  
default setting for ipforwardingis  
disabled.  
enable ipforwarding broadcast {vlan <name>}  
enable loopback-mode vlan [<name>]  
Enables forwarding IP broadcast traffic  
for one or all VLANs. If no argument is  
provided, enables broadcast forwarding  
for all VLANs. To enable,  
ipforwardingmust be enabled on the  
VLAN. The default setting is disabled.  
Enables a loopback mode on an  
interface. If loopback is enabled, the  
router interface remains in the UP state,  
even if no ports are defined in the  
VLAN. As a result, the subnet is  
always advertised as one of the  
available routes.  
enable multinetting  
Enables IP multinetting on the system.  
Table 12.5 describes the commands used to configure the IP route  
table. For more command options, press the Tab key in the  
command line interface.  
Table 12.5: Route Table Configuration Commands  
Command  
Description  
configure iproute add <ipaddress>/<mask>  
<gateway> <metric>  
Adds a static address to the routing table. Use  
a value of 255.255.255.255 for maskto  
indicate a host entry.  
214  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 2  
IP Unicast Routing  
Table 12.5: Route Table Configuration Commands (continued)  
Command  
Description  
configure iproute add blackhole <ipaddress>  
<mask>  
Adds a blackhole address to the routing  
table. All traffic destined for the configured IP  
address is dropped, and no Internet Control  
Message Protocol (ICMP) message is  
generated.  
configure iproute add default <gateway>  
{<metric>}  
Adds a default gateway to the routing table. A  
default gateway must be located on a  
configured IP interface. If no metric is  
specified, the default metric of 1 is used. Use  
the unicast-only or multicast-only options to  
specify a particular traffic type. If not  
specified, both unicast and multicast traffic  
use the default route.  
configure iproute delete <ipaddress> <mask>  
<gateway>  
Deletes a static address from the routing table.  
configure iproute delete blackhole  
<ipaddress> <mask>  
Deletes a blackholeaddress from the  
routing table.  
configure iproute delete default <gateway>  
Deletes a default gateway from the routing  
table.  
configure iproute priority [rip | bootp | icmp |  
static | ospf-intra | ospf-inter | e-bgp | i-bgp |  
ospf-extern1 | ospf-extern2] <priority>  
Changes the priority for all routes coming  
from a particular route origin.  
disable iproute sharing  
enable iproute sharing  
Disables load sharing for multiple routes.  
Enables load sharing if multiple routes to the  
same destination are available. Only paths  
with the same lowest cost are shared. The  
default setting is disabled.  
rtlookup [<ipaddress> | <hostname>]  
Performs a look-up in the route table to  
determine the best route to reach an IP  
address.  
215  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 12.6 describes the commands used to configure IP options and  
the ICMP protocol. For more command options, press the Tab key  
in the command line interface.  
Table 12.6: ICMP Configuration Commands  
Command  
Description  
configure irdp [multicast | broadcast]  
Configures the destination address of the  
router advertisement messages. The default  
setting is multicast.  
configure irdp <mininterval>  
<maxinterval> <lifetime> <preference>  
Configures the router advertisement  
message timers, in seconds.  
Specify:  
minintervalThe minimum amount of  
time between router advertisements. The  
default setting is 450.  
maxintervalThe maximum time  
between router advertisements. The default  
setting is 600.  
lifetimeThe default setting is 1,800.  
preferenceThe preference level of the  
router. An ICMP Router Discover Protocol  
(IRDP) client always uses the router with  
the highest preference level. Change this  
setting to encourage or discourage the use  
of this router. The default setting is 0.  
disable icmp [parameter-problem | address-  
mask | port-unreachables | redirects | time-  
exceeded | timestamp | unreachables |  
userdirects] {vlan <name>}  
Disables ICMP messages for the packet  
type specified.  
disable ip-option loose-source-route  
disable ip-option record-route  
Disables the loose source route IP option.  
Disables the record-route IP option.  
disable ip-option record-timestamp  
disable ip-option strict-source-route  
disable ip-option use-router-alert  
Disables the record-timestamp IP option.  
Disables the strict-source-route IP option.  
Disables the use router alert IP option.  
216  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 2  
IP Unicast Routing  
Table 12.6: ICMP Configuration Commands (continued)  
Command  
Description  
enable icmp address-mask vlan [<name> |  
all]  
Enables an ICMP address-mask reply (type  
18, code 0) when an ICMP address mask  
request is received.The default setting is  
enabled. If a VLAN is not specified, the  
command applies to all IP interfaces.  
enable icmp parameter-problem vlan  
[<name> | all]  
Enables an ICMP parameter problem  
message packet (type 12) when the switch  
cannot properly process the IP header or IP  
option information.  
enable icmp port-unreachables vlan  
[<name> | all]  
Enables ICMP port unreachable messages  
(type 3, code 3) when a TPC or UDP  
request is made to the switch, and no  
application is waiting for the request, or  
when access policy denies the request. The  
default setting is enabled. If a VLAN is not  
specified, the command applies to all IP  
interfaces.  
enable icmp redirects vlan [<name> | all]  
Enables an ICMP redirect message (type 5)  
when a packet must be forwarded out on the  
ingress port. The default setting is enabled.  
If a VLAN is not specified, the command  
applies to all IP interfaces.  
enable icmp time-exceeded vlan [<name> |  
all]  
Enables an ICMP time exceeded message  
(type 11) when the TTL field expires during  
forwarding. IP multicast packets do not  
trigger ICMP time exceeded messages. The  
default setting is enabled. If a VLAN is not  
specified, the command applies to all IP  
interfaces.  
enable icmp timestamp vlan [<name> | all]  
Enables an ICMP timestamp response (type  
14, code 0) when an ICMP timestamp  
request is received. The default setting is  
enabled. If a VLAN is not specified, the  
command applies to all IP interfaces.  
217  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 12.6: ICMP Configuration Commands (continued)  
Command  
Description  
enable icmp unreachables vlan [<name> |  
all]  
Enables ICMP network-unreachable  
messages (type 3, code 0), and host  
unreachable messages (type 3, code 1)  
when a packet cannot be forwarded to the  
destination because of an unreachable route  
or host. The default setting is enabled. If a  
VLAN is not specified, the command  
applies to all IP interfaces.  
enable icmp useredirects  
Enables the modification of route table  
information when an ICMP redirect  
message is received. This option applies to  
the switch when it is not configured for  
routing. The default setting is disabled.  
enable ip-option loose-source-route  
enable ip-option record-route  
Enables the loose source route IP option.  
Enables the record route IP option.  
enable ip-option record-timestamp  
enable ip-option strict-source-route  
enable ip-option use-router-alert  
Enables the record timestamp IP option.  
Enables the strict source route IP option.  
®
Enables the Intel NetStructure480T  
routing switch to generate the router alert IP  
option with routing protocol packets.  
enable irdp {vlan <name>}  
Enables ICMP router advertisement  
messages on one or all VLANs. The default  
setting is enabled.  
unconfigure icmp  
unconfigure irdp  
Resets all ICMP settings to the default  
values.  
Resets all router-advertisement settings to  
the default values.  
218  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 2  
IP Unicast Routing  
Routing Configuration Example  
Figure 12.3 illustrates a 480T routing switch with three VLANs  
defined as:  
Financeaddress 192.207.35.1  
protocol sensitive VLAN using the IP protocol  
Ports 1 and 3 are assigned  
IP address 192.207.35.1.  
Personnel  
Protocol-sensitive VLAN using the IP protocol  
Ports 2 and 4 are assigned  
IP address 192.207.36.1  
MyCompany  
Port-based VLAN  
All ports are assigned  
Figure 12.3: Unicast routing configuration example  
219  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
The stations connected to ports 1 through 4 generate a combination  
of IP traffic and NetBIOS traffic. The IP traffic is filtered by the  
protocol-sensitive VLANs. All other traffic is directed to the VLAN  
MyCompany.  
In this configuration, all IP traffic from stations connected to ports  
1 and 3 have access to the router using the VLAN Finance. Ports 2  
and 4 reach the router through the VLAN Personnel. All other  
traffic (NetBIOS) is part of the VLAN MyCompany.  
The example in Figure 12.3 is configured using these commands:  
create vlan Finance  
create vlan Personnel  
create vlan MyCompany  
configure Finance protocol ip  
configure Personnel protocol ip  
configure Finance add port 1,3  
configure Personnel add port 2,4  
configure MyCompany add port all  
configure Finance ipaddress 192.207.35.1  
configure Personnel ipaddress 192.207.36.1  
configure rip add vlan Finance  
configure rip add vlan Personnel  
enable ipforwarding  
enable rip  
Displaying Router Settings  
To display settings for various IP routing components, use the  
commands listed in Table 12.7. For more command options, press  
the Tab key in the command line interface.  
Table 12.7: Router Show Commands  
Command  
Description  
show iparp proxy {<ipaddress>  
{<mask>}}  
Displays the proxy Address Resolultion Protocol  
(ARP) table.  
220  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 2  
IP Unicast Routing  
Table 12.7: Router Show Commands (continued)  
Command  
Description  
show iparp {<ipaddress | vlan <name> |  
permanent}  
Displays the IP ARP table. You can filter the display  
by IP address, VLAN, or permanent entries.  
show ipconfig {vlan <name> | detail}  
Displays configuration information for one or all  
VLANs.  
show ipfdb {<ipaddress>/<netmask> |  
vlan <name>}  
Displays the contents of the IP FDB table. If no  
option is specified, all IP FDB entries are displayed.  
show iproute {priority | vlan <name> |  
permanent | <ipaddress> <mask> |  
origin [direct | static | blackhole | rip |  
ospf-intra | ospf-inter | ospf-extern1  
bgp | e-bgp | i-bgp | ospf-extern2]}  
{sorted}  
Displays the contents of the IP routing table or the  
route origin priority.  
show ipstats {vlan <name>}  
Displays IP statistics for the microprocessor.  
Resetting and Disabling Router  
Settings  
To return router settings to their defaults and disable routing  
functions, use the commands listed in Table 12.8. For more  
command options, press the Tab key in the command line interface.  
Table 12.8: Router Reset and Disable Commands  
Command  
Description  
clear iparp {<ipaddress> | vlan <name>}  
Removes dynamic entries in the IP ARP table.  
Permanent IP ARP entries are not affected.  
clear ipfdb {<ipaddress> | vlan <name>]  
Removes the dynamic entries in the IP  
forwarding database. If no options are specified,  
all IP FDB entries are removed.  
221  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 12.8: Router Reset and Disable Commands (continued)  
Command  
Description  
disable bootp vlan [<name> | all]  
Disables the generation and processing of  
BOOTP packets.  
disable bootprelay  
Disables the forwarding of BOOTP requests.  
disable icmp <packet-type> vlan [<name>]  
Disables ICMP parameter-problem messages. If  
a VLAN is not specified, the command applies  
to all IP interfaces. Packet types are:  
parameter-problem, address-mask,  
port-unreachable, redirect, time-  
exceeded, timestamp, unreachable,  
userdirect.  
disable ipforwarding broadcast {vlan  
<name>}  
Disables routing of broadcasts to other  
networks.  
disable ipforwarding {vlan <name>}  
disable irdp {vlan <name>}  
Disables routing for one or all VLANs.  
Disables router advertisement messages on one  
or all VLANs.  
unconfigure icmp  
unconfigure irdp  
Resets all ICMP settings to the default values.  
Resets all router advertisement settings to the  
default values.  
222  
Download from Www.Somanuals.com. All Manuals Search And Download.  
13  
RIP and OSPF  
This chapter describes the interior routing protocols available on the  
Intel® NetStructure480T routing switch, RIP and OSPF. It assumes that  
you are already familiar with IP unicast routing. If not, refer to these  
publications:  
RFC 1058 Routing Information Protocol (RIP)  
RFC 1723 RIP Version 2  
RFC 2178 OSPF Version 2  
Overview  
Both RIP and OSPF can  
be enabled on a single  
VLAN.  
The Intel NetStructure 480T routing switch supports the use of two  
interior gateway protocols (IGPs): the Routing Information Protocol  
(RIP) and the Open Shortest Path First (OSPF) protocol for IP unicast  
routing.  
RIP is a distance-vector protocol, based on the Bellman-Ford (or distance-  
vector) algorithm. The distance-vector algorithm has been in use for many  
years, and is widely deployed and understood.  
OSPF is a link-state protocol, based on the Dijkstra link-state algorithm.  
OSPF is a newer IGP, and solves a number of problems associated with  
using RIP on todays complex networks.  
Both RIP and OSPF can be enabled on a single VLAN.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Distinguishing RIP and OSPF  
The distinction between RIP and OSPF lies in the fundamental  
differences between distance-vector protocols and link-state  
protocols. Using a distance-vector protocol, each router creates a  
unique routing table from summarized information obtained from  
neighboring routers. Using a link-state protocol, every router  
maintains an identical routing table created from information  
obtained from all routers in the autonomous system. Each router  
builds a shortest path tree, using itself as the root. The link-state  
protocol ensures that updates sent to neighboring routers are  
acknowledged by the neighbors, verifying that all routers have a  
consistent network map.  
The biggest advantage of using RIP is that it is relatively simple to  
understand and implement, and it is the de facto routing standard for  
many years.  
RIP has a number of limitations that can cause problems in large  
networks, including:  
A limit of 15 hops between the source and destination networks  
A large amount of bandwidth taken up by periodic broadcasts of the  
entire routing table  
Slow convergence  
Routing decisions based on hop count; no concept of link costs or  
delay  
Flat networks; no concept of areas or boundaries  
OSPF offers many advantages over RIP, including:  
No limitation on hop count  
Route updates multicast only when changes occur  
Faster convergence  
Support for load balancing to multiple routers based on the actual  
cost of the link  
Support for hierarchical topologies where the network is divided  
into areas  
The details of RIP and OSPF are explained later in this chapter.  
224  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 3 RIP and OSPF  
Overview of RIP  
RIP is an IGP first used in computer routing in the Advanced  
Research Projects Agency Network (ARPAnet) as early as 1969. It is  
primarily intended for use in homogeneous networks of moderate  
size.  
To determine the best path to a distant network, a router using RIP  
always selects the path that has the least number of hops. Each router  
that data must traverse is considered to be one hop.  
Routing Table  
The routing table in a router using RIP contains an entry for every  
known destination network. Each routing table entry contains:  
IP address of the destination network  
Metric (hop count) to the destination network  
IP address of the next router  
Timer that tracks the amount of time since the entry was last  
updated  
The router exchanges an update message with each neighbor every 30  
seconds (default value), or if there is a change to the overall routed  
topology (also called triggered updates). If a router does not receive  
an update message from its neighbor within the route timeout period  
(180 seconds by default), the router assumes the connection between  
it and its neighbor is no longer available.  
Split Horizon  
Split horizon is a scheme for avoiding problems caused by including  
routes in updates sent to the router from which the route was learned.  
Split horizon omits routes learned from a neighbor in updates sent to  
that neighbor.  
Poison Reverse  
Like split horizon, poison reverse is a scheme for eliminating the  
possibility of loops in the routed topology. In this case, a router  
advertises a route over the same interface that supplied the route, but  
the route uses a hop count of 16, defining it as unreachable.  
225  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Triggered Updates  
Triggered updates occur whenever a router changes the metric for a  
route, and it is required to send an update message immediately, even  
if it is not yet time for a regular update message to be sent. This will  
generally result in faster convergence, but may also result in more  
RIP-related traffic.  
Route Advertisement of VLANs  
VLANs that are configured with an IP address, but are configured to  
not route IP or are not configured to run RIP, do not have their subnets  
advertised by RIP. Only those VLANs that are configured with an IP  
address and are configured to route IP and run RIP have their subnets  
advertised.  
RIP Version 1 Compared to RIP Version 2  
When using RIP with  
supernetting/Classless  
Inter-Domain Routing  
(CIDR), use RIPv2 only.  
Turn RIP route  
RIP version 2 expands the functionality of RIP version 1 to include:  
Variable-Length Subnet Masks (VLSMs)  
Support for next-hop addresses, which allows for optimization of  
routes in certain environments.  
aggregation off.  
Multicasting; RIP version 2 packets can be multicast instead of  
being broadcast, reducing the load on hosts that do not support  
routing protocols.  
Overview of OSPF  
OSPF is a link-state protocol that distributes routing information  
between routers belonging to a single IP domain, also known as an  
autonomous system (AS). In a link-state routing protocol, each router  
maintains a database describing the topology of the autonomous  
system. Each participating router has an identical database  
maintained from the perspective of that router.  
From the link-state database (LSDB), each router constructs a tree of  
shortest paths, using itself as the root. The shortest path tree provides  
the route to each destination in the autonomous system. When several  
equal-cost routes to a destination exist, traffic can be distributed  
among them. The cost of a route is described by a single metric.  
226  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 3 RIP and OSPF  
Link-State Database  
Upon initialization, each router transmits a link-state advertisement  
(LSA) on each of its interfaces. LSAs are collected by each router  
and entered into the LSDB of each router. OSPF uses flooding to  
distribute LSAs between routers. Any change in routing information  
is sent to all of the routers in the network. All routers within an area  
have the exact same LSDB. Table 13.1 describes LSA type  
numbers.  
Table 13.1: LSA Type Numbers  
Type Number  
Description  
1
Router LSA  
2
3
4
Network LSA  
Summary LSA  
AS summary  
LSA  
5
7
AS external LSA  
Not-so-stubby-  
area (NSSA)  
external LSA  
Areas  
OSPF allows parts of a network to be grouped together into areas.  
The topology within an area is hidden from the rest of the  
autonomous system. Hiding this information enables a significant  
reduction in LSA traffic, and reduces the computations needed to  
maintain the LSDB. Routing within the area is determined only by the  
topology of the area.  
The three types of routers defined by OSPF are as follows:  
Internal Router (IR): An internal router has all of its interfaces  
within the same area.  
227  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Area Border Router (ABR): An ABR has interfaces in multiple  
areas. It is responsible for exchanging summary advertisements  
with other ABRs. You can create a maximum of 7 non-zero areas.  
Autonomous System Border Router (ASBR): An ASBR acts as a  
gateway between OSPF and other routing protocols, or other  
autonomous systems.  
Area 0  
Any OSPF network that contains more than one area is required to  
have an area configured as area 0, also called the backbone. All areas  
in an autonomous system must be connected to the backbone. When  
designing networks, you should start with area 0, and then expand  
into other areas.  
The backbone allows summary information to be exchanged between  
ABRs. Every ABR hears the area summaries from all other ABRs.  
The ABR then forms a picture of the distance to all networks outside  
of its area by examining the collected advertisements, and adding in  
the backbone distance to each advertising router.  
If this is the first instance of the OSPF area being used, create the area  
using this command:  
create ospf area <areaid>  
When a VLAN is configured to run OSPF, configure the area for the  
VLAN. If you want to configure the VLAN to be part of a different  
OSPF area, use this command:  
configure ospf vlan <name> area <areaid>  
Stub Areas  
OSPF allows certain areas to be configured as stub areas. A stub area  
is connected to only one other area. The area that connects to a stub  
area can be the backbone area. External route information is not  
distributed into stub areas. Stub areas are used to reduce memory  
consumption and computation requirements on OSPF routers.  
Not-So-Stubby-Areas (NSSAs)  
NSSAs are similar to the existing OSPF stub area configuration  
option, but have two additional capabilities:  
228  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 3 RIP and OSPF  
External routes originating from an ASBR connected to the NSSA  
can be advertised within the NSSA.  
External routes originating from the NSSA can be propagated to  
other areas, including the backbone area.  
The command to control the NSSA function is similar to the  
command used for configuring a stub area, as follows:  
configure ospf area <area_id> nssa {summary |  
nosummary} stub-default-cost <cost> {translate}  
The translateoption determines whether type 7 LSAs are  
translated into type 5 LSAs. When configuring an OSPF area as an  
NSSA, translate should only be used on NSSA border routers,  
where translation is to be enforced. If translateis not used on any  
NSSA border router in a NSSA, one of the ABRs for that NSSA is  
elected to perform translation (as indicated in the NSSA  
specification). Using this option on NSSA internal routers inhibits  
correct operation of the election algorithm.  
Normal Area  
A normal area is an area that is not any of:  
Area 0  
Stub area  
NSSA  
Virtual links can be configured through normal areas. External routes  
can be distributed into normal areas.  
Virtual Links  
When a new area is introduced that does not have a direct physical  
attachment to the backbone, a virtual link is used. A virtual link  
provides a logical path between the ABR of the disconnected area and  
the ABR of the normal area that connects to the backbone. A virtual  
link must be established between two ABRs that have a common  
area, with one ABR connected to the backbone. Figure 13.1  
illustrates a virtual link.  
229  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
ABR  
Virtual link  
®
ABR  
®
Area 2  
Area 1  
Area 0  
480t_012  
Figure 13.1: Virtual link for stub area  
You can use virtual links to repair a discontiguous backbone area. In  
Figure 13.2, if the connection between ABR1 and the backbone fails,  
the ABR2 connection provides redundancy so the discontiguous area  
continues to communicate with the backbone using the virtual link.  
Virtual link  
Area 2  
ABR 1  
ABR 2  
®
®
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
10  
11  
12  
13  
14  
15  
16  
13  
14  
15  
16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Area 1  
Area 0  
Area 3  
480T_017R  
Figure 13.2: Virtual link providing redundancy  
230  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 3 RIP and OSPF  
OSPF Database Overflow  
The OSPF Database Overflow feature allows you to both limit the  
size of the LSDB and maintain a consistent LSDB across all the  
routers in the system.  
Maintaining a consistent LSDB across all the routers in the domain  
ensures that all routers have a consistent view of the network.  
Maintain consistency by:  
Limiting the number of external LSAs in the database of each  
router  
Ensuring that all routers have identical LSAs  
Use this command to configure OSPF Database Overflow:  
configure ospf ase-limit <number> {timeout  
<seconds>}  
The command allows two parameters:  
A limit specifying the number of external LSAs (excluding the  
default LSAs) that the system will support before it goes into  
overflow state. A limit value of 0 disables this functionality.  
The timeout in seconds after which the system will come out of  
overflow state. A timeout value of 0 leaves the system in overflow  
state until OSPF is disabled and enabled.  
When the LSDB size limit is reached, OSPF database overflow  
flushes LSAs from the LSDB. OSPF database overflow flushes the  
same LSAs from all the routers, thereby maintaining consistency.  
OSPF Passive Interface  
You can configure an OSPF interface as passive. Passive interfaces  
do not send routing updates but do participate in receiving routing  
updates.  
To configure an OSPF interface as a passive interface:  
configure ospf add vlan <vlan name> area <area  
identifier> {passive}  
231  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
To reconfigure an OSPF interface as a normal interface:  
configure ospf add vlan <vlan name> area <area  
identifier>  
To display passive interface configuration:  
show ospf interfaces [detail]  
Routing with OSPF  
Set the RouterID  
We recommend manually setting the routerID of the switches  
participating in OSPF instead of having the switch automatically  
choose its routerID based on the highest interface IP address.  
Not performing this configuration in larger, dynamic environments  
could result in an older link state database being used. The command  
is:  
configure ospf routerid <address>  
The address is provided in dotted decimal notation. Each switch must  
have a unique routerID.  
Route Redistribution  
Both RIP and OSPF can be enabled simultaneously on the 480T  
routing switch. Route redistribution allows the switch to exchange  
routes, including static routes, between the two routing protocols.  
Figure 13.3 shows an example of route redistribution between an  
OSPF autonomous system and a RIP autonomous system.  
232  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 3 RIP and OSPF  
OSPF AS  
Backbone Area  
0.0.0.0  
®
ABR  
Area  
121.2.3.4  
®
®
ASBR  
ASBR  
RIP AS  
480t_015  
Figure 13.3: Route redistribution  
Configuring Route Redistribution  
Exporting routes from OSPF to RIP, and from RIP to OSPF, are  
discrete configuration functions. To run OSPF and RIP  
simultaneously, first configure both protocols, and then verify the  
independent operation of each. Then you can configure the routes to  
export from OSPF to RIP and from RIP to OSPF.  
Redistributing Routes into OSPF  
Use these commands to enable or disable the exporting of RIP  
learned, static, and direct routes to OSPF:  
enable ospf export [static | direct | ospf | vip]  
cost <metric> {tag <number>}  
disable ospf export [static | direct | ospf | vip]  
233  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
These commands enable or disable the exporting of RIP, static, and  
direct routes by way of LSAs to other OSPF routers as Autonomous  
System (AS)-external type 1 or type 2 routes. The default setting is  
disabled.  
The cost metric is inserted for all RIP-learned, static, and direct  
routes injected into OSPF. If the cost metric is set to 0, the cost is in-  
serted from the route. The tag value is used only by special routing  
applications. Use the number 0 if you do not have specific require-  
ments for using a tag. The tag value in this instance has no relation-  
ship with 802.1Q VLAN tagging.  
Enable or disable the export of Virtual IP addresses to other OSPF  
routers, using these commands:  
enable ospf export vip cost <metric> [ase-type-1 |  
ase-type-2] {tag <number>}  
disable ospf export vip  
Verify the configuration using the command:  
show ospf  
Redistributing Routes into RIP  
Enable or disable the exporting of static, direct, and OSPF-learned  
routes into the RIP domain, using these commands:  
enable rip export [static | direct | ospf | ospf-  
intra | ospf-inter | ospf-extern1 | ospf-extern2 |  
vip] cost <metric> tag <number>}  
disable rip export [static | direct | ospf | ospf-  
intra | ospf-inter | ospf-extern1 | ospf-extern2 |  
vip]  
These commands enable or disable the exporting of static, direct, and  
OSPF-learned routes into the RIP domain. You can choose which  
types of OSPF routes are injected, or you can simply choose ospf,  
which will inject all learned OSPF routes regardless of type. The  
default setting is disabled.  
234  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 3 RIP and OSPF  
OSPF Timers and Authentication  
Configuring OSPF timers and authentication on a per-area basis is a  
shorthand for applying the timers and authentication to each VLAN  
in the area at the time of configuration. If you add more VLANs to  
the area, be sure to configure the timers and authentication for the  
new VLANs explicitly.  
OSPF Password Encryption  
The neighbor password for OSPF is encrypted in upload/download  
configuration.  
Route Map Support  
See "Access Policies"  
on page 309.  
The 480T routing switch includes the ability to apply route maps to  
routes that are being added to the kernel route table. You can  
configure the route maps based on these origins of the route:  
Direct  
Static  
RIP  
OSPF  
BGP  
These route maps match the various characteristics of the route based  
on the originating protocol and set the accounting indexes. Use this  
command to configure route maps:  
configure iproute route-map [bgp | direct | e-bgp |  
i-bgp | ospf | ospf-extern1 | ospf-extern2 | ospf-  
inter | ospf-intra | rip | static] [<route map> |  
none]  
Use this command to view the log:  
show iproute {priority | vlan <vlan> | permanent |  
summary | <ipaddress> <netmask> | route-map | origin  
[direct | bgp | e-bgp | i-bpg | static | blackhole  
| rip | ospf-intra | ospf-inter | ospf-extern1 |  
ospf-extern2]} {sorted}  
235  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
You can make dynamic changes to the route map. Direct and Static  
route changes are reflected immediately, while RIP, OSPF, and BGP  
changes are reflected within 30 seconds.  
Route Map Support for OSPF Export  
When OSPF is enabled the route map is applied on each and every  
route exported to OSPF. It can be used for filtering or for setting the  
cost, cost type, and tag of the exported route. You can use this feature  
to make dynamic changes to the route map.  
Use these commands to enable OSPF route map export:  
enable ospf export direct [[cost <metric> [ase-type-  
1 | ase-type-2] {tag <number>}] | <route map>]  
enable ospf export static [[cost <metric> [ase-type-  
1 | ase-type-2] {tag <number>}] | <route map>]  
enable ospf export rip [[cost <metric> [ase-type-1 |  
ase-type-2] {tag <number>}] | <route map>]  
enable ospf export [bgp | i-bgp | e-bgp] [cost  
<metric> [ase-type-1 | ase-type-2] {tag <number>} |  
<route map>]  
enable ospf export vip [[cost <metric> [ase-type-1 |  
ase-type-2] {tag <number>}] | <route map>]  
BGP and OSPF Route Map Support for Tagging  
Tagging support for BGP and OSPF allows you to redistribute OSPF  
routes from the kernel routing table to BGP, or BGP routes to OSPF.  
Use this command to enable tagging:  
configure route-map <route-map> <sequence number>  
[add | delete] match [nlri-list <access-profile> |  
as-path [access-profile <access-profile> | <as no>]  
| community [access-profile <access-profile> | <as  
no>: <number> | number <community> | no-advertise |  
no-export | no-export-subconfed] | next-hop <ip  
address> | med <number> | origin [igp | egp |  
incomplete] | tag <number>  
236  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 3 RIP and OSPF  
BGP and OSPF Route Map Support for DSB  
Accounting  
Route map support for BGP and OSPF accounting allows you to set  
the cost and type of the exported routes.  
Use this command to enable accounting:  
configure route-map <route-map> <sequence number>  
[add | delete] set [as-path <as no> | community  
[[access-profile <access-profile> | <as no>:  
<number> | number <community> | no-advertise | no-  
export | no-export-subconfed] | remove | [add |  
delete] [access-profile <access-profile> | <as no>:  
<number> | number <community> | no-advertise | no-  
export | no-export-subconfed] |] | next-hop <ip  
address> | med <number> | local-preference <number>  
| weight <number> | origin [igp | egp | incomplete]  
| tag <number> | accounting index <number> value  
<number> | cost <number> | cost-type [ase-type-1 |  
ase-type-2]]  
Configuring RIP  
Table 13.2 describes the commands used to configure RIP. Press the  
Tab key, in the command line interface, for further command options.  
Table 13.2: RIP Configuration Commands  
Command  
Description  
configure rip add vlan [<name> | all]  
configure rip delete vlan [<name> | all]  
Configures RIP on an IP interface. For each IP  
interface created, RIP is disabled by default.  
Disables RIP on an IP interface. When RIP is  
disabled on the interface, the parameters are not  
reset to their defaults.  
configure rip garbagetime <seconds>  
configure rip routetimeout <seconds>  
Configures the RIP garbage time. The timer  
granularity is 10. The default setting is 120.  
Configures the route timeout. The default  
setting is 180.  
237  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 13.2: RIP Configuration Commands (continued)  
Command  
Description  
configure rip Rxmode [none | v1only |  
v2only | any] {vlan [<name> | all]}  
Changes the RIP receive mode for one or all  
VLANs. Specify:  
noneDrop all received RIP packets.  
v1onlyAccept only RIP v1 format  
packets.  
v2onlyAccept only RIP v2 format  
packets.  
anyAccept both RIP v1 and v2 packets.  
If no VLAN is specified, the setting is applied  
to all VLANs. The default setting is any.  
configure rip txmode [none | v1only |  
v1comp | v2only] {vlan [<name> | all]}  
Changes the RIP transmission mode for one or  
all VLANs. Specify:  
noneDo not transmit any packets on this  
interface.  
v1onlyTransmit RIP v1 format packets to  
the broadcast address.  
v1compTransmit RIP v2 format packets to  
the broadcast address.  
v2onlyTransmit RIP v2 format packets to  
the RIP multicast address.  
If no VLAN is specified, the setting is applied  
to all VLANs. The default setting is v2only.  
configure rip updatetime {seconds}  
Changes the periodic RIP update timer. The  
default setting is 30.  
configure rip vlan [<name> | all] cost  
<number>  
Configures the cost (metric) of the interface.  
The default setting is 1.  
enable rip  
Enables RIP. The default setting is disabled.  
238  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 3 RIP and OSPF  
Table 13.2: RIP Configuration Commands (continued)  
Command  
Description  
enable rip aggregation  
Enables aggregation of subnet information on  
interfaces configured to send RIP v2 or RIP v2-  
compatible traffic. The 480T routing switch  
summarizes subnet routes to the nearest class  
network route. These rules apply when using  
RIP aggregation:  
Subnet routes are aggregated to the nearest  
class network route when crossing a class  
boundary.  
Within a class boundary, no routes are  
aggregated.  
If aggregation is enabled, the behavior is the  
same as in RIP v1.  
If aggregation is disabled, subnet routes are  
never aggregated, even when crossing a class  
boundary.  
The default setting is disabled.  
enable rip export [static | direct | ospf | ospf- Enables RIP to redistribute routes from other  
intra | ospf-inter | ospf-extern1 | ospf-  
extern2 | static | vip] cost <metric> {tag  
<number>}  
routing functions.  
Specify:  
staticStatic routes  
directInterface routes (only interfaces  
with IP forwarding enabled are exported)  
ospfAll OSPF routes  
ospf-intraOSPF intra-area routes  
ospf-interOSPF inter-area routes  
ospf-extern1OSPF network-  
unreachable route type 1  
ospf-extern2OSPF network-  
unreachable route type 2  
vipVirtual IP  
The cost (metric) range is 0-15. If set to 0,  
RIP uses the route metric from the route origin.  
239  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 13.2: RIP Configuration Commands (continued)  
Command  
Description  
enable rip originate-default {always} cost  
<metric> {tag <number>}  
Configures a default route to be advertised by  
RIP if no other default route is advertised. If  
alwaysis specified, RIP always advertises the  
default route to its neighbors. If alwaysis not  
specified, RIP adds a default route if there is a  
reachable default route in the route table.  
enable rip poisonreverse  
Enables the poison reverse algorithm for RIP.  
The default setting is enabled. If you enable  
poison reverse and split horizon, poison reverse  
takes precedence.  
enable rip splithorizon  
Enables the split horizon algorithm for RIP.  
Default setting is enabled.  
enable rip triggerupdates  
Enables triggered updates. Triggered updates  
are a mechanism for immediately notifying a  
routers neighbors when the router adds or  
deletes routes or changes the metric of a route.  
The default setting is enabled.  
RIP Configuration Example  
Figure 13.4 illustrates a switch that has three VLANs defined as  
follows:  
Finance  
Protocol-sensitive VLAN using the IP protocol  
Ports 1 and 3 have been assigned  
IP address 192.207.35.1  
Personnel  
Protocol-sensitive VLAN using the IP protocol  
Ports 2 and 4 have been assigned  
IP address 192.207.36.1  
240  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 3 RIP and OSPF  
MyCompany  
Port-based VLAN  
All ports have been assigned  
Figure 13.4: RIP configuration example  
The stations connected to the system generate a combination of IP  
§
traffic and NetBIOS traffic. The IP traffic is filtered by the protocol-  
sensitive VLANs. All other traffic is directed to the VLAN  
MyCompany.  
In this configuration, all IP traffic from stations connected to ports 1  
and 3 have access to the router by way of the VLAN Finance. Ports 2  
and 4 reach the router by way of the VLAN Personnel. All other  
traffic (NetBIOS) is part of the VLAN MyCompany.  
The example in Figure 13.4 is configured as follows:  
create vlan Finance  
create vlan Personnel  
create vlan MyCompany  
configure Finance protocol ip  
configure Personnel protocol ip  
241  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
configure Finance add port 1,3  
configure Personnel add port 2,4  
configure MyCompany add port all  
configure Finance ipaddress 192.207.35.1  
configure Personnel ipaddress 192.207.36.1  
enable ipforwarding  
configure rip add vlan all  
enable rip  
Displaying RIP Settings  
To display settings for RIP, use the commands listed in Table 13.3.  
For more command options, press the Tab key in the command line  
interface.  
Table 13.3: RIP Show Commands  
Command  
Description  
show rip {detail}  
Displays RIP configuration and statistics for  
all VLANs.  
show rip stat {detail}  
Displays RIP-specific statistics for all  
VLANs.  
show rip stat vlan <name>  
show rip vlan <name>  
Displays RIP-specific statistics for a VLAN.  
Displays RIP configuration and statistics for a  
VLAN.  
Resetting and Disabling RIP  
To return RIP settings to their defaults, or to disable RIP, use the  
commands listed in Table 13.4. For more command options, press the  
Tab key in the command line interface.  
242  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 3 RIP and OSPF  
Table 13.4: RIP Reset and Disable Commands  
Command  
Description  
configure rip delete vlan [<name> | all]  
Disables RIP on an IP interface. When RIP is  
disabled on the interface, the parameters are not  
reset to their defaults.  
disable rip  
Disables RIP.  
disable rip aggregation  
Disables the RIP aggregation of subnet  
information on a RIP v2 interface.  
disable rip export [static | direct | ospf |  
ospf-intra | ospf-inter | ospf-extern1 |  
ospf-extern2 | vip]  
Disables the distribution of non-RIP routes into  
the RIP domain.  
disable rip originate-default  
disable rip poisonreverse  
disable rip splithorizon  
Disables the advertisement of a default route.  
Disables poison reverse.  
Disables split horizon.  
disable rip triggerupdates  
unconfigure rip {vlan <name>}  
Disables triggered updates.  
Resets all RIP parameters to match the default  
VLAN. Does not change the enable/disable state  
of the RIP settings. If no VLAN is specified, all  
VLANs are reset.  
Configuring OSPF  
Each switch configured to run OSPF must have a unique routerID.  
We recommended manually setting the routerID of the switches  
participating in OSPF, instead of having each switch automatically  
choose its routerID based on the highest interface IP address. Not  
performing this configuration in larger, dynamic environments could  
result in an older LSDB remaining in use.  
Table 13.5 describes the commands used to configure OSPF. For  
more command options, press the Tab key in the command line  
interface.  
243  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 13.5: OSPF Configuration Commands  
Command  
Description  
configure ospf [area <areaid> | vlan  
Configures the cost metric of one or all  
[<name> | all]] cost [automatic | <number>] VLAN(s). If an area is specified, the cost metric  
is applied to all VLANs currently within that  
area. When automaticis specified, the  
advertised cost is determined from the OSPF  
metric table and corresponds to the active  
highest bandwidth port in the VLAN.  
configure ospf [area <areaid> | vlan  
[<name> | all]] priority <number>  
Configures the priority used in the designated  
router-election algorithm for one or all IP  
interface(s) (VLANs) for all VLANs currently  
within the area. The range is 0 through 255, and  
the default setting is 1. Setting the value to 0  
ensures that the router is never selected as the  
designated router or backup designated router.  
configure ospf [vlan <name> | area  
<areaid> | virtual-link <routerid> <areaid>]  
authentication {encrypted} [simple-  
password <password> | md5  
Specifies the authentication password (up to  
eight characters) or Message Digest 5 (MD5)  
key for one or all interfaces (VLANs) in an area.  
The md5_keyis a numeric value with the range  
0 to 65,536. When the OSPF area is specified,  
authentication information is applied to all  
OSPF interfaces within the area.  
<md5_key_id> <md5_key>| none]  
configure ospf add virtual-link <routerid>  
<areaid>  
Adds a virtual link to another ABR. Specify:  
routeridFar-end router interface  
number.  
areaidTransit area used for connecting  
the two end-points.  
configure ospf add vlan [<name> | all] area  
<areaid> {passive}  
Enables OSPF on one or all VLANs (router  
interfaces). The <areaid>specifies the area to  
which the VLAN is assigned.  
configure ospf add vlan [<name> | all] area  
Enables OSPF on one or all VLANs and  
<areaid> link-type [auto | broadcast | point- specifies the link type.  
to-point]  
244  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 3 RIP and OSPF  
Table 13.5: OSPF Configuration Commands (continued)  
Command  
Description  
configure ospf [vlan <name> | area  
Configures the timers for one interface or all  
interfaces in the same OSPF area. These are the  
default, minimum, and maximum values (in  
seconds):  
<areaid> | virtual-link <routerid> <areaid>]  
timer <retransmit_interval> <transmit  
delay> <hello interval> <dead interval>  
retransmission_interval  
Default: 5 Minimum: 0  
Maximum: 3,600  
transmission_delay  
Default: 1 Minimum: 0  
Maximum: 3,600  
hello_interval  
Default: 10 Minimum: 1  
Maximum: 65,535  
dead_interval  
Default: 40 Minimum: 1  
Maximum: 2,147,483,647  
configure ospf area <areaid> add range  
<ipaddress> <mask> [advertise |  
noadvertise] [type 3 | type 7]  
Configures a range of IP addresses in an OSPF  
area. If advertised, the range is exported as a  
single LSA by the ABR.  
configure ospf area <areaid> delete range  
<ipaddress> <mask>  
Deletes a range of IP addresses in an OSPF  
area.  
configure ospf area <areaid> normal  
Configures an OPSF area as a normal area. The  
default setting is normal.  
configure ospf area <areaid> nssa  
[summary | nosummary] stub-default-cost  
<cost> {translate}  
Configures an OSPF area as a NSSA.  
configure ospf area <areaid> stub  
[summary | nosummary] stub-default-cost  
<cost>  
Configures an OSPF area as a stub area.  
245  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 13.5: OSPF Configuration Commands (continued)  
Command  
Description  
configure ospf area <areaid> [interarea-  
filter | external-filter] [<access-profile> |  
none]  
Configures an OSPF area specifying filter and  
access profile.  
configure ospf asbr-filter [<access_profile>  
| none]  
Configures a route filter for non-OSPF routes  
exported into OSPF. If noneis specified, no RIP  
and static routes are filtered.  
configure ospf ase-limit <number>  
{timeout <seconds>}  
Configures the OSPF Database Overflow and  
limits the size of the LSDB.  
configure ospf ase-summary add  
<ipaddress> <mask> cost <cost> {tag  
<tag_number>}  
Configures an aggregated OSPF external route  
using the IP addresses specified.  
configure ospf ase-summary delete  
<ipaddress> <mask>  
Deletes an aggregated OSPF external route.  
Removes a virtual link.  
configure ospf delete virtual-link  
<routerid> <areaid>  
configure ospf delete vlan [<name> | all]  
Disables OSPF on one or all VLANs (router  
interfaces).  
configure ospf direct-filter  
[<access_profile> | none]  
Configures a route filter for direct routes. If  
noneis specified, all direct routes are exported,  
if ospf export directis enabled.  
configure ospf lsa-batching-interval  
<timer_value>  
Configures the OSPF LSA batching timer value.  
The range is between 0 (disabled) and 600  
seconds, using multiples of 5. The LSAs added  
to the LSDB during the interval are batched for  
refresh or timeout. The default setting is 30.  
configure ospf metric-table 10 M <cost>  
100 M <cost> 1G <cost>  
Configures the automatic interface costs for 10  
Mbps, 100 Mbps, and 1 Gbps interfaces; an  
entry is required for all three. The default cost  
for 10 Mbps is 10, for 100 Mbps is 5, and for 1  
Gbps is 1. An entry is required for the 10 M port  
even though you may only need to configure the  
faster ports. An entry of 0 is acceptable.  
246  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 3 RIP and OSPF  
Table 13.5: OSPF Configuration Commands (continued)  
Command  
Description  
configure ospf routerid [automatic |  
<routerid>]  
Configures the OSPF routerID. If automatic  
is specified, the 480T routing switch uses the  
largest IP interface address as the OSPF  
routerID. Manual routerID setting is  
recommended.  
configure ospf spf-hold-time <seconds>  
Configures the minimum number of seconds  
between Shortest Path First (SPF)  
recalculations. The default setting is 3.  
configure ospf vlan <name> area <areaid>  
create ospf area <areaid>  
Changes the area ID of an OSPF interface  
(VLAN).  
Creates an OSPF area. Area 0.0.0.0 does not  
need to be created. It exists by default.  
disable ospf export [bgp | i-bgp | e-bgp]  
enable ospf  
Disables OSPF exporting of BGP-related  
routes.  
Enables the OSPF process for the router.  
enable ospf export [bgp | i-bgp | e-bgp] cost  
<metric> [ase-type-1 | ase-type-2] {tag  
<number>}  
Enables OSPF to export BGP-related routes  
using LSAs to other OSPF routers. The default  
tag number is 0. The default setting is disabled.  
enable ospf export direct cost <metric>  
[ase-type-1 | ase-type-2] {tag <number>}  
Enables the distribution of local interface  
(direct) routes into the OSPF domain. After it is  
enabled, the OSPF router is considered to be an  
ASBR. The default tag number is 0. The default  
setting is disabled. If an interface route  
corresponds to the interface that has OSPF  
enabled, it is ignored.  
enable ospf export rip cost <metric> [ase-  
type-1 | ase-type-2] {tag <number>}  
Enables the distribution of RIP routes into the  
OSPF domain. Once enabled, the OSPF router  
is considered to be an ASBR. The default tag  
number is 0. The default setting is disabled.  
247  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 13.5: OSPF Configuration Commands (continued)  
Command  
Description  
enable ospf export static cost <metric>  
[ase-type-1 | ase-type-2] {tag <number>}  
Enables the distribution of static routes into the  
OSPF domain. Once enabled, the OSPF router  
is considered to be an ASBR. The default tag  
number is 0. The default setting is disabled.  
enable ospf export vip cost <metric> [ase-  
type-1 | ase-type-2] {tag <number>}  
Enables the distribution of virtual IP addresses  
into the OSPF domain. The default tag number  
is 0. The default setting is disabled.  
248  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 3 RIP and OSPF  
OSPF Configuration Example  
Figure 13.5 shows an example of an autonomous system using OSPF  
routers. The details of this network follow.  
Figure 13.5: OSPF configuration example  
Area 0 is the backbone area and has these characteristics:  
2 internal routers (IR1 and IR2)  
2 area border routers (ABR1 and ABR2)  
249  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Network number 10.0.x.x  
2 identified VLANs (A0_10_0_2 and A0_10_0_3)  
Area 5 is connected to the backbone area through ABR1 and ABR2,  
having these characteristics:  
Network number 160.26.x.x  
1 identified VLAN (A5_160_26_26)  
2 internal routers  
A virtual link from ABR1 to ABR2 that traverses both internal  
routers.  
In the event that the link between either ABR and the backbone  
fails, the virtual link provides a connection for all routers that  
become discontiguous from the backbone.  
Area 6 is a stub area connected to the backbone through ABR1,  
having these characteristics:  
Network number 161.48.x.x  
1 identified VLAN (A6_161_48_2)  
3 internal routers  
Uses default routes for inter-area routing  
Here are two router configuration examples for Figure 13.5.  
Configuration for ABR1  
The following is the configuration for the router labeled ABR1:  
create vlan A0_10_0_2  
create vlan A0_10_0_3  
create vlan A6_161_48_2  
create vlan A5_160_26_26  
configure vlan A0_10_0_2 ipaddress 10.0.2.1  
255.255.255.0  
configure vlan A0_10_0_3 ipaddress 10.0.3.1  
255.255.255.0  
configure vlan A6_161_48_2 ipaddress 161.48.2.2  
255.255.255.0  
250  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 3 RIP and OSPF  
configure vlan A5_160_26_26 ipaddress 160.26.26.1  
255.255.255.0  
create ospf area 0.0.0.5  
create ospf area 0.0.0.6  
enable ipforwarding  
configure ospf area 0.0.0.6 stub nosummary stub-  
default-cost 10  
configure ospf vlan A6_161_48_2 area 0.0.0.6  
configure ospf vlan A5_160_26_26 area 0.0.0.5  
configure ospf add virtual-link 160.26.25.1 0.0.0.5  
configure ospf add vlan all  
enable ospf  
Configuration for IR1  
The following is the configuration for the router labeled IR1:  
configure vlan A0_10_0_1 ipaddress 10.0.1.2  
255.255.255.0  
configure vlan A0_10_0_2 ipaddress 10.0.2.2  
255.255.255.0  
configure ospf add vlan all  
enable ipforwarding  
enable ospf  
251  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Displaying OSPF Settings  
To display settings for OSPF, use the commands listed in Table 13.6.  
For more command options, press the Tab key in the command line  
interface.  
Table 13.6: OSPF Show Commands  
Command  
Description  
show ospf  
Displays global OSPF information.  
show ospf area {detail}  
show ospf area <areaid>  
Displays information about all OSPF areas.  
Displays information about a particular OSPF  
area.  
show ospf ase-summary  
Displays the OSPF external route aggregation  
configuration.  
show ospf interfaces {detail}  
Displays information about all OSPF  
interfaces.  
show ospf interfaces {vlan <name> | area  
<areaid>}  
Displays information about one or all OSPF  
interfaces.  
show ospf lsdb {detail | stats} area [<areaid> |  
all] [router | network | summary-net |  
summary-asb | network-unreachable |  
external-type7 | all | lsid | lstype | <routerid>]  
Displays a table of the current LSDB. You can  
filter the display using the area ID and LSA  
type. The default setting is allwith no detail.  
If detailis specified, each entry includes  
complete LSA information.  
show ospf virtual-link [routerid <routerid>  
<areaid>]  
Displays virtual link information about a  
particular router or all routers.  
252  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 3 RIP and OSPF  
Resetting and Disabling OSPF  
Settings  
To return OSPF settings to their defaults, use the commands listed in  
Table 13.7. For more command options, press the Tab key in the  
command line interface.  
Table 13.7: OSPF Reset and Disable Commands  
Command  
Description  
delete ospf area [<areaid> | all]  
Deletes an OSPF area. Once removed, the  
associated OSPF area and interface information  
are deleted. Neither a backbone area, nor a non-  
empty area can be deleted.  
disable ospf  
Disables OSPF process in the router.  
disable ospf export direct  
Disables exporting of local interface (direct)  
routes into the OSPF domain.  
disable ospf export rip  
Disables exporting of RIP routes into the OSPF  
domain.  
disable ospf export static  
disable ospf export vip  
Disables exporting of statically configured routes  
into the OSPF domain.  
Disables exporting of virtual IP addresses into the  
OSPF domain.  
disable ospf export [bgp | e-bgp | i-bgp]  
Disables exporting of BGP, e-BGP, or i-BGP  
routes into the OSPF domain.  
unconfigure ospf {vlan <name> |  
<areaid>}  
Resets one or all OSPF interfaces to default  
settings.  
253  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
254  
Download from Www.Somanuals.com. All Manuals Search And Download.  
1
Border Gateway  
14  
Protocol (BGP)  
This chapter describes how to configure the Border Gateway Protocol  
®
(BGP), an exterior routing protocol available on the Intel NetStructure™  
480T routing switch.  
For IEEE standards  
information, refer to  
http://standards.ieee.org  
For more information on BGP, refer to these documents:  
RFC 1771 Border Gateway Protocol version 4 (BGP-4)  
RFC 1965 Autonomous System Confederations for BGP  
RFC 1966 BGP Route Reflection  
RFC 1997 BGP Communities Attribute  
RFC 1745 BGP/OSPF Interaction  
Overview  
The 480T routing switch  
supports BGP version 4  
only.  
BGP is an exterior routing protocol for use in TCP/IP networks. The  
primary function of BGP is to allow different autonomous systems (ASs)  
to exchange network reachability information.  
An autonomous system is a set of routers that are under a single technical  
administration. This set of routers uses a different routing protocol, such  
as Open Shortest Path First (OSPF), for intra-AS routing. One or more  
routers in the AS are configured as border routers, exchanging  
information with other border routers (in different autonomous systems)  
on behalf of all of the intra-AS routers.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
You can use BGP as an exterior border gateway protocol (EBGP),  
or you can use it within an AS, as an interior border gateway  
protocol (IBGP).  
BGP Attributes  
These well-known BGP attributes are supported by the 480T  
routing switch:  
Origin Defines the origin of the route. Possible values are IGP,  
EGP, and incomplete.  
AS_Path The list of ASs that are traversed for this route.  
Next_hop The IP address of the next-hop BGP router to reach  
the destination listed in the Network Layer Reachability  
Information (NLRI) field.  
Multi_Exit_Discriminator (MED) Used to select a particular  
border router in another AS when multiple border routers exist.  
Local_Preference Used to advertise this routers degree of  
preference to other routers within the AS.  
Atomic_aggregate Indicates that the sending border router is  
using a route-aggregate prefix in the route update.  
Aggregator Identifies the BGP router AS number and IP address  
that performed route aggregation.  
Community Identifies a group of destinations that share one or  
more common attributes.  
Cluster_ID Specifies a 4-byte field used by a route reflector to  
recognize updates from other route reflectors in the same cluster.  
BGP Communities  
A BGP community is a group of Border Gateway Protocol  
destinations that require common handling. The 480T routing  
switch supports these well-known BGP community attributes:  
no-export  
no-advertise  
internet  
256  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 4  
Border Gateway Protocol (BGP)  
BGP Features  
The BGP features supported by the 480T routing switch include:  
Route Reflectors  
Route Confederations  
Route Aggregation  
Route Map Support  
IGP Synchronization  
Loopback Interface  
OSPF-to-BGP Route Redistribution  
BGP Peer Groups  
Route Reflectors  
Be certain that peer  
One way to overcome the difficulties of creating a fully meshed AS  
routers that are not part of is to use route reflectors. Route reflectors allow a single router to  
the cluster are fully  
meshed according to the  
rules of BGP.  
serve as a central routing point for the AS or sub-AS.  
A cluster is formed by the route reflector and its client routers.  
Figure 14.1 shows a BGP cluster, including the route reflector and  
its clients.  
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
1
9
2
3
4
5
6
7
8
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
10  
11  
12  
13  
14  
15  
16  
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Non-client  
Client  
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Route Reflector  
1
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
9
10  
11  
12  
13  
14  
15  
16  
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Client  
Cluster  
480T_042R  
Figure 14.1: Route reflectors  
257  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Route Confederations  
BGP requires networks to use a fully-meshed router configuration.  
This requirement does not scale well, especially when BGP is used  
as an interior gateway protocol.  
One way to reduce the size of a fully-meshed AS is to divide the AS  
into multiple sub-autonomous systems and group them into a  
routing confederation. Within the confederation, each sub-AS must  
be fully meshed. The confederation is advertised to other networks  
as a single AS.  
Route Confederation Example  
Figure 14.2 shows an example of a confederation.  
AS 200  
SubAS 65001  
A
B
EBGP  
192.1.1.6/30  
192.1.1.5/30  
192.1.1.9/30  
1
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
1
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
9
10  
11  
12  
10  
11  
12  
13  
14  
15  
16  
13  
14  
15  
16  
9
10  
11  
12  
13  
14  
15  
16  
10  
11  
12  
13  
14  
15  
16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
192.1.1.17/30  
192.1.1.22/30  
IBGP  
192.1.1.21/30  
192.1.1.18/30  
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
10  
11  
12  
13  
14  
15  
16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
C
EBGP  
EBGP  
192.1.1.13/30  
192.1.1.14/30  
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
10  
11  
12  
13  
14  
15  
16  
13  
14  
15  
16  
10  
11  
12  
13  
14  
15  
16  
10  
11  
12  
13  
14  
15  
16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
192.1.1.10/30  
IBGP  
SubAS 65002  
Figure 14.2: Routing confederation  
E
D
480T_049T  
In this example, AS 200 has five BGP speakers. Without a  
confederation, BGP would require that the routes in AS 200 be fully  
meshed.  
258  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 4  
Border Gateway Protocol (BGP)  
Using the confederation, AS 200 is split into two sub-ASs:  
SubAS65001 and SubAS65002. Each sub-AS is fully meshed, and  
IBGP (Internal BGP) is running among its members.  
EBGP (External BGP) is used between Sub65001 and  
SubAS65002. Router B and Router D are EBGP peers. EBGP is  
also used between the confederation and outside ASs.  
To configure Router A, use these commands:  
create vlan ab  
configure vlan default delete port 1  
configure vlan ab add port 1  
configure vlan ab ipaddress 192.1.1.6/30  
enable ipforwarding vlan ab  
configure ospf add vlan ab area 0.0.0.0  
create vlan ac  
configure vlan ac add port 2  
configure vlan ac ipaddress 192.1.1.17/30  
enable ipforwarding vlan ac  
configure ospf add vlan ac area 0.0.0.0  
disable bgp  
configure bgp as-number 65001  
configure bgp routerid 192.1.1.17  
configure bgp confederation-id 200  
enable bgp  
create bgp neighbor 192.1.1.5 as-number remote-AS-  
number 65001  
create bgp neighbor 192.1.1.18 as-number remote-AS-  
number 65001  
enable bgp neighbor all  
To configure Router B, use these commands:  
create vlan ba  
configure vlan ba add port 1  
configure vlan ba ipaddress 192.1.1.5/30  
enable ipforwarding vlan ba  
configure ospf add vlan ba area 0.0.0.0  
create vlan bc  
configure vlan bc add port 2  
configure vlan bc ipaddress 192.1.1.22/30  
enable ipforwarding vlan bc  
configure ospf add vlan bc area 0.0.0.0  
259  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
create vlan bd  
configure vlan bd add port 3  
configure vlan bd ipaddress 192.1.1.9/30  
enable ipforwarding vlan bd  
configure ospf add vlan bd area 0.0.0.0  
disable bgp  
configure bgp as-number 65001  
configure bgp routerid 192.1.1.22  
configure bgp confederation-id 200  
enable bgp  
create bgp neighbor 192.1.1.6 as-number remote-AS-  
number 65001  
create bgp neighbor 192.1.1.21 as-number remote-AS-  
number 65001  
create bgp neighbor 192.1.1.10 as-number remote-AS-  
number 65002  
enable bgp neighbor all  
configure bgp add confederation-peer sub-AS-number  
65002  
To configure Router C, use these commands:  
create vlan ca  
configure vlan ca add port 1  
configure vlan ca ipaddress 192.1.1.18/30  
enable ipforwarding vlan ca  
configure ospf add vlan ca area 0.0.0.0  
create vlan cb  
configure vlan cb add port 2  
configure vlan cb ipaddress 192.1.1.21/30  
enable ipforwarding vlan cb  
configure ospf add vlan cb area 0.0.0.0  
disable bgp  
configure bgp as-number 65001  
configure bgp routerid 192.1.1.21  
configure bgp confederation-id 200  
enable bgp  
create bgp neighbor 192.1.1.22 as-number remote-AS-  
number 65001  
create bgp neighbor 192.1.1.17 as-number remote-AS-  
number 65001  
enable bgp neighbor all  
260  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 4  
Border Gateway Protocol (BGP)  
To configure Router D, use these commands:  
create vlan db  
configure vlan db add port 1  
configure vlan db ipaddress 192.1.1.10/30  
enable ipforwarding vlan db  
configure ospf add vlan db area 0.0.0.0  
create vlan de  
configure vlan de add port 2  
configure vlan de ipaddress 192.1.1.14/30  
enable ipforwarding vlan de  
configure ospf add vlan de area 0.0.0.0  
disable bgp  
configure bgp as-number 65002  
configure bgp routerid 192.1.1.14  
configure bgp confederation-id 200  
enable bgp  
create bgp neighbor 192.1.1.9 as-number remote-AS-  
number 65001  
create bgp neighbor 192.1.1.13 as-number remote-AS  
number 65002  
enable bgp neighbor all  
configure bgp add confederation-peer sub-AS-number  
65001  
To configure Router E, use these commands:  
create vlan ed  
configure vlan ed add port 1  
configure vlan ed ipaddress 192.1.1.13/30  
enable ipforwarding vlan ed  
configure ospf add vlan ed area 0.0.0.0  
disable bgp  
configure bgp as-number 65002  
configure bgp routerid 192.1.1.13  
configure bgp confederation-id 200  
enable bgp  
create bgp neighbor 192.1.1.14 as-number remote-AS-  
number 65002  
enable bgp neighbor 192.1.1.14  
261  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Route Aggregation  
Route aggregation involves combining the sub-networks of several  
routes so that they are advertised as a single route.  
Aggregation reduces the amount of information that a BGP speaker  
must store and exchange with other BGP speakers. Reducing the  
information that is stored and exchanged also reduces the size of the  
routing table.  
Using Route Aggregation  
To use BGP route aggregation:  
Enable aggregation using this command:  
enable bgp aggregation  
Create an aggregate route, using these commands:  
configure bgp add aggregate-address <ipaddress>/  
<masklength> {as-set} {summary-only} {advertise-  
route-map <route-map>} {attribute-route-map  
<route-map>}  
Route Map Support  
For information see "Route Maps in BGP" on page 343.  
Interior Gateway Protocol (IGP)  
Synchronization  
You can configure an AS as a transit AS, so that it can pass traffic  
through from one AS to a third AS. When you configure a transit  
AS, it is important that the routes advertised by BGP are consistent  
with the routes that are available within the AS using its interior  
gateway protocol.  
To ensure consistency, BGP should be synchronized with the IGP  
used within the AS. This will ensure that the routes advertised by  
BGP are reachable within the AS. IGP synchronization is enabled  
by default.  
262  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 4  
Border Gateway Protocol (BGP)  
Using the Loopback Interface  
If you are using BGP as your interior gateway protocol, you may  
decide to advertise the interface as available, regardless of the status  
of any particular interface. The loopback interface can also be used  
for EBGP multihop. Using the loopback interface eliminates  
multiple, unnecessary route changes.  
OSPF-to-BGP Route Redistribution  
You can enable both BGP and OSPF simultaneously on the 480T  
routing switch. Using route redistribution, the switch can exchange  
routes, including static routes, between the two routing protocols.  
Exporting routes from OSPF to BGP, and from BGP to OSPF, are  
disparate configuration functions.  
To run OSPF and BGP simultaneously, you must first configure  
both protocols and then verify the independent operation of each.  
Then you can configure the routes to export from OSPF to BGP and  
the routes to export from BGP to OSPF.  
BGP Peer Groups  
You can use BGP peer groups to group together up to 128 BGP  
neighbors. This simplifies configuring and updating neighbors  
because all neighbors automatically inherit the parameters of the  
BGP peer group.  
All neighbors in the peer group share these mandatory parameters:  
Remote AS  
Source-interface  
Out-nlri-filter  
Out-aspath-filter  
Out-route-map  
Send-community  
Next-hop-self  
You assign a unique name to the peer group when you create it. Use  
this command to create or delete a peer group.  
[create | delete] bgp peer-group <peer-group>  
263  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Use these commands to configure the parameters of the peer group.  
configure bgp peer-group <peer-group> remote-as  
<number>  
configure bgp peer-group <peer-group> [route-  
reflector-client | no-route-reflector-client]  
configure bgp peer-group <peer-group> weight  
<number>  
configure bgp peer-group <peer-group> source-  
interface [any | vlan <vlan>]  
configure bgp peer-group <peer-group> timer keep-  
alive <number> hold-time <number>  
configure bgp peer-group <peer-group> nlri-filter  
[in | out] [none | <access profile>]  
configure bgp peer-group <peer-group> as-path-  
filter [in | out] [none | <access profile>]  
configure bgp peer-group <peer-group> route-map-  
filter [in | out] [none | <route map>]  
configure bgp peer-group <peer-group> [send-  
communities | dont-send-communities]  
configure bgp peer-group <peer-group> soft-reset  
{input | output}  
configure bgp peer-group <peer-group> password  
<password>  
configure bgp peer-group <peer-group> [next-hop-  
self | no-next-hop-self]  
[enable | disable] bgp peer-group <peer-group>  
soft-in-reset  
[enable | disable] bgp peer-group <peer-group>  
When you modify the parameters, the changes is applied to all  
neighbors in the peer group. Modifying the following parameters  
automatically disables and enables the neighbors before the changes  
take effect:  
Remote-as  
Timer  
Source-interface  
Soft-in-reset  
264  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 4  
Border Gateway Protocol (BGP)  
Password  
To create a new neighbor and include it as a member of the peer  
group, use this command:  
create bgp neighbor <ip address> peer-group <peer-  
group> {multi-hop}  
This creates the new neighbor as part of the peer group, and the  
neighbor inherits all existing parameters from the peer group. This  
command requires the peer group to have remote AS configured.  
To add an existing neighbor to a peer group, use this command:  
configure bgp neighbor [<ip address>| all] peer-  
group <peer-group> {acquire-all}  
If you do not specify acquire-all, only the mandatory parameters  
are inherited from the peer group. If you specify acquire-all,  
then all the parameters of the peer group are inherited. This  
command disables the neighbor before adding the neighbor to the  
peer group.  
You can display existing peer groups using the command:  
show bgp peer-group {detail | <peer-group>  
{detail}}  
If you specify detail, the parameters of the neighbors in the peer  
group that are different from the peer group are displayed.  
BGP MD5 Authentication  
You can configure MD5 authentication between BGP neighbors.  
The maximum length of the password string is 31 characters.  
To configure BGP MD5 authentication:  
configure bgp neighbor <ip address> password  
<password>  
To remove BGP MD5 authentication:  
configure bgp neighbor <ip address> password none  
To show BGP MD5 authentication configuration:  
show bgp neighbor detail  
265  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
BGP Password Encryption  
The neighbor password for BGP is encrypted in upload/download  
configuration.  
Configuring BGP  
Table 14.1 describes the commands used to configure BGP. For  
more command options, press the Tab key in the command line  
interface.  
Table 14.1: BGP Configuration Commands  
Command  
Description  
configure bgp add aggregate-address  
<ipaddress>/<masklength> {as-set | as-  
match} {summary-only} {advertise-route-  
map <route-map>} {attribute-route-map  
<route-map>}  
Configures an aggregate route. Options  
include:  
as-setAggregates only the path  
attributes of the aggregate routes.  
summary-onlySends both aggregated  
and non-aggregated routes to the neighbors.  
advertise-route-mapSpecifies the  
route map used to select routes for this  
aggregated route.  
attribute-route-mapSpecifies the  
route map used to set the attributes of the  
aggregated route.  
configure bgp add confederation-peer sub-as-  
number <number>  
Specifies the list of sub-AS numbers that  
belong to a confederation. You can specify a  
maximum of 16 AS numbers.  
configure bgp delete confederation-peer sub-  
AS-number <number>  
Deletes a list of sub-AS numbers that belong  
to a confederation. You can delete up to 16  
AS numbers.  
configure bgp add network <ipaddress>/  
<mask_length> {<route_map>}  
Adds a network to be originated from this  
router. The network must be reachable by the  
router.  
266  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 4  
Border Gateway Protocol (BGP)  
Table 14.1: BGP Configuration Commands (continued)  
Command  
Description  
configure bgp delete network [<ipaddress> |  
<mask> | all]  
Deletes a network originated from this router.  
configure bgp as-number <as_number>  
Changes the local AS number used by BGP.  
You must disable BGP before the AS number  
can be changed.  
configure bgp cluster-id <cluster_id>  
Appends a BGP route reflector cluster-ID to  
the cluster list of a route. Used when multiple  
router reflectors are used within the same  
cluster of clients. You must disable BGP  
before configuring the cluster ID.  
configure bgp confederation-id  
<confederation_id>  
Changes the confederation ID.  
configure bgp delete aggregate-address  
[<ipaddress/masklength> | all]  
Deletes one or all aggregate routes.  
configure bgp local-preference  
<local_preference>  
Changes the default local-preference  
attribute. The range is 0 to 4,294,967,295.  
The default value is 100.  
configure bgp med [<number> | none]  
Configures the BGP multi-existence  
discriminator.  
configure bgp neighbor [<ipaddress> | all]  
[route-reflector-client | no-route-reflector-  
client]  
Configures a BGP neighbor as a route-  
reflector client. Implicitly defines the router  
as a route reflector. The neighbor must be in  
the same AS as the router.  
configure bgp neighbor [<ipaddress> | all]  
[send-community | dont-send-community]  
Configures whether communities should be  
sent to neighbors as part of the route updates.  
These settings apply to the peer group and all  
neighbors of the peer group.  
configure bgp neighbor [<ipaddress> | all] [no  
-next-hop-self | next-hop-self]  
Configures whether the next hop address used  
in the updates should be the address of the  
BGP connection originating it. These settings  
apply to the peer group and all neighbors of  
the peer group.  
267  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 14.1: BGP Configuration Commands (continued)  
Command  
Description  
configure bgp neighbor [<ipaddress> | all]  
password [none | {encrypted} <password>]  
Configures a password for a neighbor. When  
the password is configured, TCP MD5  
authentication is enabled on the TCP  
connection established with the neighbor. The  
encrypted keyword is used in the  
configuration to hide the plain text password.  
configure bgp neighbor [<ipaddress> | all]  
peer-group [none | <peer-group>]  
Configures the neighbor as the member of a  
peer group. The acquire-all keyword is used  
to indicate that all parameters should be  
inherited from the peer group. If acquire-all is  
not specified, only the default parameters will  
be inherited from the peer group.  
configure bgp neighbor [<ipaddress> | all] as- Configures an AS path filter for a neighbor.  
path-filter [in | out] [none | <access_profile>]  
The filter is defined using the access-profile  
mechanism and can be installed on the input  
side or the output side. Use the nonekeyword  
to remove the filter.  
configure bgp neighbor [<ipaddress> | all]  
nlri-filter [in | out] [none | <access_profile>]  
Configures an NLRI filter for a neighbor. The  
filter is defined using the access-profile  
mechanism, and can be installed on the input  
side or the output side. Use the nonekeyword  
to remove the filter.  
configure bgp neighbor [<ipaddress> | all]  
route-map-filter [in | out] [none |  
<route_map>]  
Configures a route map for a neighbor. The  
route map can be installed on the input or  
output side. It is used to modify or filter the  
NLRI information and the path attributes  
associated with it, while exchanging updates  
with the neighbor. To remove the route map  
use the nonekeyword.  
268  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 4  
Border Gateway Protocol (BGP)  
Table 14.1: BGP Configuration Commands (continued)  
Command  
Description  
configure bgp neighbor [<ipaddress> | all]  
soft-reset {in | out}  
Applies the current input or output routing  
policy to the routing information already  
exchanged with the neighbor. The input/  
output routing policy is determined by the  
nlri-filter, as-path-filter, and the route map  
configured for the neighbor in the input-  
output side. This command is a real-time  
operation and is not saved; it does not affect  
the 480T routing switch configuration.  
configure bgp neighbor [<ipaddress> | all]  
source-interface [any | vlan <name>]  
Changes the BGP source interface for TCP  
connections. The default setting is any.  
configure bgp neighbor [<ipaddress> | all]  
timer keep-alive <seconds> hold-time  
<seconds>  
Configures the BGP neighbor timers. The  
range for keep-alive is 0 to 65,535. The  
default keep-alive setting is 60. The range for  
hold-time is 0 to 21,845. The default hold-  
time is 90.  
configure bgp neighbor [<ipaddress> | all]  
weight <weight>  
Assigns a locally used weight to a neighbor  
connection for the route-selection algorithm.  
All routes learned from this peer are assigned  
the same weight. The route with the greatest  
weight is preferred when multiple routes are  
available to the same network. The range is 0  
to 4,294,967,295. The default setting is 0.  
configure bgp routerid <router_id>  
configure bgp soft-reconfiguration  
Changes the router ID. BGP must be disabled  
before changing the router ID.  
Immediately applies the route map associated  
with the network command, aggregation and  
redistribution. This command is a real-time  
operation and is not saved; it does not affect  
the routing switch configuration.  
create bgp neighbor <ipaddress> [peer-group  
<peergroup> | remote-as-number  
<as_number>] {mulithop}  
Creates a new BGP peer. Use the multihop  
keyword for EBGP peers that are not directly  
connected.  
create bgp peer-group <name>  
Creates a new peer group.  
269  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 14.1: BGP Configuration Commands (continued)  
Command  
Description  
disable bgp aggregation  
Disables BGP route-aggregation filtering.  
disable bgp always-compare-med  
Disables BGP use of the Multi-Exit  
Discriminator (MED) from neighbors in  
different autonomous systems in the route-  
selection algorithm. MED is only used when  
comparing paths from the same AS. The  
default setting is enabled.  
disable bgp export [ospf | ospf-intra | ospf-  
inter | ospf-extern1 | ospf-extern2] {route  
map}  
Disables BGP from export OSPF-related  
routes to BGP peers.  
disable bgp neighbor [<ipaddress> | all] {soft- Disables the soft recognition feature.  
in-reset}  
Disabling the soft recognition feature can  
potentially limit the amount of system  
memory consumed by the Routing  
Information Base In (RIB-in).  
disable bgp peer-group <peer group> {soft-  
in-reset}  
Disables the soft recognition feature of a peer  
group and all the neighbors of a peer group.  
disable bgp synchronization  
Disables the synchronization between BGP  
and IGP. Default is enabled.  
enable bgp  
Enables BGP.  
enable bgp aggregation  
enable bgp always-compare-med  
Enables BGP route-aggregation filtering.  
Enables BGP to use the MED from neighbors  
in different autonomous systems in the route-  
selection algorithm. MED is used only when  
comparing paths from the same AS. The  
default setting is enabled.  
enable bgp neighbor [<ipaddress> | all] {soft- Enables the BGP session. You must create the  
in-reset}  
neighbor before the BGP session can be  
enabled.  
270  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 4  
Border Gateway Protocol (BGP)  
Table 14.1: BGP Configuration Commands (continued)  
Command  
Description  
enable bgp synchronization  
Enables synchronization between BGP and  
IGP. When enabled, BGP waits for IGP to  
provide the next-hop reachability before  
advertising the route to an external neighbor.  
The default setting is enabled.  
enable bgp export [ospf | ospf-intro | ospf-  
inter | ospf-extern1 | ospf-extern2]  
{<route_map>}  
Configures BGP to export OSPF-related  
routes to BGP peers. BGP attributes  
associated with the OSPF routes can be  
applied using an optional route map.  
Displaying BGP Settings  
To display settings for BGP, use the commands listed in Table 14.2.  
For more command options, press the Tab key in the command line  
interface.  
Table 14.2: BGP Show Commands  
Command  
Description  
show bgp  
Displays BGP configuration information.  
show bgp neighbor {detail}  
Disables BGP neighbor information  
show bgp neighbor <ipaddress>  
Displays information about a specified  
neighbor.  
271  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Resetting and Disabling BGP  
To return BGP settings to their defaults, or to disable BGP, use the  
commands listed in Table 14.3. For more command options, press  
the Tab key in the command line interface.  
Table 14.3: BGP Reset and Disable Commands  
Command  
Description  
delete bgp neighbor [<ipaddress> | all]  
Deletes one or all BGP neighbors.  
disable bgp  
Disables BGP.  
disable bgp aggregation  
disable bgp always-compare-med  
Disables BGP route-aggregation.  
Disables MED from being used in the route-  
selection algorithm.  
disable bgp neighbor [<ipaddress> | all]  
{soft-in-reset}  
Disables the BGP session. Once disabled, all  
the Adjacent Routing Information Base In  
(Adj-RIB-in) for the neighbor is flushed out.  
disable bgp peer-group <peer group>  
{soft-in-reset}  
Disables the soft recognition feature of a peer  
group and all the neighbors of a peer group.  
disable bgp synchronization  
Disables the synchronization between BGP  
and IGP. Default is enabled.  
disable bgp export [ospf | ospf-extern |  
ospf-extern2 | ospf-inter | ospf-intra]  
<routemap>  
Disables exporting OSPF routes.  
272  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 4  
Border Gateway Protocol (BGP)  
BGP Route Selection  
BGP will select routes based on the following precedence (from  
highest to lowest):  
Weight  
Local preference  
Shortest length (shortest AS path)  
Lowest origin code  
Lowest MED  
Route from external peer  
Lowest cost to next hop  
Lowest RouterID  
273  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
274  
Download from Www.Somanuals.com. All Manuals Search And Download.  
15  
IP Multicast Routing  
This chapter describes the components of IP multicast routing, and how  
to configure it on the Intel® NetStructure480T routing switch.  
For more information on IP multicasting, refer to these publications:  
RFC 1112Host Extension for IP Multicasting  
RFC 2236Internet Group Management Protocol, Version 2  
DVMRP Version 3draft_ietf_dvmrp_v3_07  
PIM-DM Version 2draft_ietf_pim_v2_dm_03  
RFC 2326Protocol Independent Multicast-Sparse Mode  
Refer to http://www.ietf.org for the Internet Engineering Task Force  
(IETF) Working Groups for DVMRP and PIM.  
Overview  
IP multicast routing allows a single IP host to send a packet to a group of  
IP hosts. This group of hosts can include devices that reside on the local  
network, within a private network, or outside of the local network.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
IP multicast routing consists of these functions:  
Configure IP unicast  
routing before you  
configure IP multicast  
routing.  
A router that can forward IP multicast packets.  
A router-to-router multicast routing protocol, for example, Distance  
Vector Multicast Routing Protocol (DVMRP), or Protocol  
Independent Multicast (PIM).  
A method for the IP host to communicate its multicast group  
membership to a router. For example, Internet Group Management  
Protocol (IGMP).  
DVMRP Overview  
DVMRP is a distance-vector protocol that is used to exchange routing  
and multicast information between routers. Like RIP, DVMRP  
periodically sends the entire routing table to its neighbors.  
DVMRP has a mechanism that allows it to prune and graft multicast  
trees to reduce the bandwidth consumed by IP multicast traffic.  
PIM Overview  
Protocol Independent Multicast (PIM) is a multicast routing protocol  
similar to DVMRP. It provides both Dense Mode (PIM-DM) and  
Sparse Mode (PIM-SM).  
The 480T routing switch supports both dense mode and sparse mode  
operation. You can configure dense mode or sparse mode on a per-  
interface basis. Once enabled, some interfaces can run dense mode,  
while others run sparse mode.  
PIM-DM  
You can run either  
DVMRP or PIM-DM on  
the switch, but not both  
simultaneously.  
PIM-DM routers perform reverse path multicasting (RPM).  
However, instead of exchanging its own unicast route tables for the  
RPM algorithm, PIM-DM uses the existing unicast route table for the  
reverse path. As a result, PIM-DM requires less system memory.  
PIM-DM is a broadcast and prune protocol. Using PIM-DM,  
multicast routes are pruned and grafted in the same way as DVMRP.  
276  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 15  
IP Multicast Routing  
PIM Sparse Mode (PIM-SM)  
You can run either PIM-  
DM or PIM-SM on each  
VLAN.  
Unlike PIM-DM, PIM-SM is an explicit join and prune protocol, and  
supports shared trees as well as shortest path trees (SPTs). The routers  
must explicitly be joined to one or more groups to enable  
communication. This is beneficial for large networks that have group  
members sparsely distributed.  
Using PIM-SM, the router sends a join message to the rendezvous  
point (RP). The RP is a central multicast router that is responsible for  
receiving and distributing multicast packets.  
When a router has a multicast packet to distribute, it encapsulates the  
packet in a unicast message and sends it to the RP. The RP  
decapsulates the multicast packet and distributes it among all member  
routers.  
When a router determines that the multicast rate from a particular  
originating router (not the RP) has exceeded a configured threshold,  
that router can send an explicit join message to the originating router.  
Once this occurs, the receiving router gets the multicast directly from  
the sending router, and bypasses the RP.  
Static Rendezvous Points (RPs)  
If you configure a static  
RP in your network,  
configure the static RP  
on all switches in the  
network.  
The 480T routing switch allows you to override the PIM bootstrap  
message that selects a dynamic RP so that you can define a static RP  
in your network. To define a static RP, use the following command:  
configure pim crp static <rp address>  
PIM Mode Translation  
A 480T routing switch functioning as a PMBR (PIM Multicast  
Border Router) integrates PIM-SM and PIM-DM traffic separated by  
the PMBR.  
When forwarding PIM-DM traffic into a PIM-SM network, the  
PMBR will notify the RP that the PIM-DM network exists. The  
PMBR will then forward PIM-DM multicast packets to the RP, which  
will then forward the packets to those routers that have joined the  
multicast group.  
277  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
The switch also forwards PIM-SM traffic to a PIM-DM network. The  
PMBR sends a join message to the RP and the PMBR then broadcasts  
traffic from the RP into the PIM-DM network.  
There are no new commands that need to be entered to enable PIM-  
SM to PIM-DM functionality. By having both the DM mode interface  
and SM mode interface on the same router, the PMBR functionality  
is automatically enabled.  
IP Multicast Cache Display  
The show ipmc cachecommand displays a legend with a summary  
of each entry in the table.  
IGMP Overview  
IGMP is a protocol used by an IP host to register its IP multicast  
group membership with a router. The messaging protocol can also be  
snooped by a Layer 2 switch, to provide for intelligent forwarding of  
multicast data streams within a VLAN.  
Periodically, the router queries the multicast group to see if the group  
is still in use. If the group is still active, a single IP host responds to  
the query, and group registration is maintained.  
IGMP is enabled by default on the switch. However, you can  
configure the switch to disable the generation of periodic IGMP  
query packets. IGMP query should be enabled when the switch is  
configured to perform the IP unicast or IP multicast routing.  
IGMP Snooping  
IGMP snooping is a Layer 2 function that does not require multicast  
routing to be enabled. It reduces the flooding of IP multicast traffic.  
IGMP snooping optimizes network bandwidth use, and prevents  
multicast traffic from flooding to parts of the network that do not need  
it. IP multicast traffic is not reduced in the local multicast domain.  
IGMP snooping is enabled by default on the 480T routing switch. If  
you are using multicast routing, IGMP snooping must be enabled. If  
278  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 15  
IP Multicast Routing  
IGMP snooping is disabled, all IGMP and IP multicast traffic will  
flood within a given VLAN. This is normal 802.1d bridge behavior.  
IGMP and IGMP  
snooping must be  
enabled when IP  
IGMP snooping expects at least one device in the network to  
periodically generate IGMP query messages. Without an IGMP  
querier, the switch stops forwarding IP multicast packets to the ports.  
unicast or multicast  
routing is configured  
(the default setting is  
enabled).  
An optional optimization for IGMP snooping is the strict recognition  
of multicast routers only if the remote devices have joined the  
DVMRP (224.0.0.4) or PIM (244.0.0.13) multicast groups.  
To support IGMP snooping in environments that do not have an  
IGMP querier, the switch can function as an IGMP querier, according  
to the rules of IGMP Version 2.0. If IGMP snooping is enabled, the  
switch periodically queries for multicast group memberships.  
However, if either IGMP snooping is disabled or IGMP functionality  
is disabled, the switch does not generate IGMP query messages.  
IGMP is enabled when the switch is configured to perform IGMP  
snooping and there is no other reliable querier on the network.  
IGMP Leave Message  
IGMP snooping supports the IGMP leave message. When a port  
sends an IGMP leave message, the switch removes the IGMP  
snooping entry after 10 seconds. The router still sends a query to  
determine which ports wish to remain in the multicast group. If other  
members of the VLAN wish to remain in the multicast group, the  
router will ignore the leave message, but the port is removed from the  
IGMP snooping table.  
If the last port within a VLAN sends an IGMP leave message, the  
router will not receive any responses to the query, and the router will  
immediately remove the VLAN from its multicast group.  
IGMP Display  
The show igmp snoopingcommand can be displayed with a  
summary or detail view.  
279  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
IGMP Query Interval  
The maximum value you can set for the IGMP query interval is  
429,496,729. The values you can set for query response interval and  
the last member query interval are between 1 second and 25 seconds.  
IGMP Configuration Commands  
Table 15.1 describes the commands used to configure the Internet  
Gateway Message Protocol (IGMP). For more command options,  
press the Tab key in the command line interface.  
Table 15.1: IGMP Configuration Commands  
Command  
Description  
enable igmp {vlan <name>}  
Enables IGMP on a router interface. If no  
VLAN is specified, IGMP is enabled on all  
router interfaces. The default setting is enabled.  
enable igmp snooping {forward-mcrouter-  
only}  
Enables IGMP snooping on the switch. If  
forward-mcrouter-onlyis specified, the  
switch forwards all multicast traffic to the  
multicast router only. Otherwise, the switch  
forwards all multicast traffic to any IP router.  
280  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 15  
IP Multicast Routing  
Table 15.1: IGMP Configuration Commands (continued)  
Command  
Description  
configure igmp <query_interval>  
<query_response_interval>  
Configures the IGMP timers. Timers are based  
on IEEE RFC2236. Specify:  
<last_member_query_interval>  
query_intervalThe amount of time, in  
seconds, the system waits between sending  
out general queries. The range is 1 to  
429,496,729 seconds. The default setting is  
125.  
query_response_intervalThe  
maximum response time inserted into the  
periodic general queries. The range is 1 to  
25. The default setting is 10.  
last_member_query_intervalThe  
maximum response time inserted into a  
group-specific query sent in response to a  
leave-group message. The range is 1 to 25.  
The default setting is 1.  
configure igmp snooping timer  
<router_timeout> <host_timeout>  
Configures the IGMP snooping timers. Timers  
should be set to approximately 2.5 times the  
router-query interval in use on the network.  
Specify:  
router_timeoutThe interval, in  
seconds, between the last time the router  
was discovered and the current time. The  
range is 10 to 2,147,483,647 seconds (68  
years). The default setting is 260.  
host_timeoutThe interval, in seconds,  
between the last IGMP group report  
message from the host and the current time.  
The range is 10 to 2,147,483,647 seconds  
(68 years). The default setting is 260.  
281  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Configuring IP Multicasting Routing  
To configure IP multicast routing:  
1. Configure the system for IP unicast routing.  
2. Enable multicast routing on the interface, using this command:  
enable ipmcforwarding {vlan <name>}  
3. Enable DVMRP or PIM on all IP multicast routing interfaces, using  
either:  
configure dvmrp add vlan [<name> | all]  
configure pim add vlan [<name> | all] {dense |  
sparse}  
4. Enable DVMRP or PIM on the router, using either:  
enable dvmrp  
enable pim  
Table 15.2 describes the commands used to configure IP multicast  
routing. Press the Tab key in the command line interface for further  
command options.  
Table 15.2: IP Multicast Routing Configuration Commands  
Command  
Description  
enable dvmrp {[Rxmode | txmode] vlan  
[<name> | all]}  
Enables DVMRP on the system.  
configure dvmrp add vlan [<name> | all]  
Enables DVMRP on one or all IP interfaces. If no  
VLAN is specified, DVMRP is enabled on all IP  
interfaces. When an IP interface is created,  
DVMRP is disabled by default.  
configure dvmrp delete vlan [<name> |  
all]  
Disables DVMRP on one or all IP interfaces. If no  
VLAN is specified, DVMRP is disabled on all IP  
interfaces.  
282  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 15  
IP Multicast Routing  
Table 15.2: IP Multicast Routing Configuration Commands (continued)  
Command  
Description  
configure dvmrp timer  
<route_report_interval>  
<route_replacement_time>  
Configures the global DVMRP timers. Specify the  
following:  
route_report_intervalhow many  
seconds the system waits between  
transmitting periodic route report packets. The  
range is 1 to 2,147,483,647 seconds (68  
years).  
The default setting is 60. Because triggered  
update is always enabled, the route report will  
always be transmitted prior to the expiration  
of the route report interval.  
route_replacement_timeThe hold-down  
time before a new route is learned, after the  
previous route is deleted. The range is 1 to  
2,147,483,647 seconds (68 years). The default  
setting is 140.  
configure dvmrp vlan [<name> | all] cost  
<number>  
Configures the cost (metric) of the interface. The  
default setting is 1.  
configure dvmrp vlan [<name> | all]  
export-filter [<access_profile> | <none>]  
Configures DVMRP to filter out routes specified  
in the export filter when sending out route  
advertisements.  
configure dvmrp vlan [<name> | all]  
import-filter [<access_profile> | <none>  
Configures DVMRP to filter out certain routes  
(defined by the access profile) received from a  
neighbor.  
configure dvmrp vlan [<name> | all]  
trusted-gateway [<access_profile> |  
<none>]f  
Configures the DVMRP trusted gateway, based on  
the access profile.  
283  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 15.2: IP Multicast Routing Configuration Commands (continued)  
Command  
Description  
configure dvmrp vlan <name> timer  
<probe_interval> <neighbor timeout>  
Configures DVMRP interface timers. Specify:  
probe_intervalHow many seconds the  
system waits between transmitting DVMRP  
probe messages. The range is 1 to  
2,147,483,647 seconds (68 years). The default  
setting is 10.  
neighbor_timeout_intervalThe  
amount of time before a DVMRP neighbor  
route is declared to be down. The range is 1 to  
2,147,483,647 seconds (68 years). The default  
setting is 35.  
configure pim add vlan [<vlan> | all]  
{dense | sparse}  
Enables PIM on an IP interface. When an IP  
interface is created, per-interface PIM  
configuration is disabled by default. The default  
PIM mode is dense.  
configure pim cbsr [vlan <name> priority  
<priority> | none]  
Configures a candidate bootstrap router for PIM  
sparse-mode operation. The range is 0 - 255. The  
default setting is 0 and indicates the lowest  
priority. To delete a Candidate Bootstrap Router  
(CBSR), use the keyword noneas the priority.  
284  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 15  
IP Multicast Routing  
Configuration Examples  
See Chapter 13, "RIP  
and OSPF" on page  
223 for information on  
configuring OSPF.  
In the example below, the system labeled IR1 is configured for IP  
multicast routing using PIM-DM. l  
Area 0  
IR 2  
IR 1  
10.0.1.1  
10.0.1.2  
10.0.3.2  
10.0.2.2  
ABR 2  
ABR 1  
10.0.3.1  
10.0.2.1  
161.48.2.2  
160.26.25.1  
160.26.26.1  
Virtual link  
161.48.2.1  
160.26.26.2  
160.26.25.2  
Area 5  
Area 6 (stub)  
480t_014R  
Figure 15.1: IP multicast routing PIM-DM configuration  
example  
Configuration for IR1  
The following is the configuration for the router labeled IR1:  
configure vlan A0_10_0_1 ipaddress 10.0.1.2  
255.255.255.0  
285  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
configure vlan A0_10_0_2 ipaddress 10.0.2.2  
255.255.255.0  
configure ospf add vlan all  
enable ipforwarding  
enable ospf  
enable ipmcforwarding  
configure pim add vlan all  
enable pim  
PIM-SM Configuration Example  
In this example, the system labeled ABR1 is configured for IP  
multicast routing using PIM-SM.  
Figure 15.2: IP multicast routing using PIM-SM configuration  
Area 0  
IR 2  
IR 1  
10.0.1.1  
10.0.1.2  
10.0.3.2  
10.0.2.2  
A0_10_0_3  
A0_10_0_2  
ABR 2  
ABR 1  
10.0.3.1  
10.0.2.1  
161.48.2.2  
A6_161_48_2  
160.26.25.1  
160.26.26.1  
Virtual link  
A5_160_26_26  
161.48.2.1  
160.26.26.2  
160.26.25.2  
Area 5  
Area 6 (stub)  
480t_014R  
286  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 15  
IP Multicast Routing  
Configuration for ABR1  
The following is the configuration for the router labeled ABR1:  
configure vlan A0_10_0_2 ipaddress 10.0.2.1  
255.255.255.0  
configure vlan A0_10_0_3 ipaddress 10.0.3.1  
255.255.255.0  
configure vlan A6_161_48_2 ipaddress 161.48.2.2  
255.255.255.0  
configure vlan A5_160_26_26 ipaddress 160.26.26.1  
255.255.255.0  
configure ospf add vlan all  
enable ipforwarding  
enable ipmcforwarding  
configure pim add vlan all sparse  
create access-profile rp-list ipaddress  
configure rp-list add ipaddress 224.0.0.0 240.0.0.0  
enable loopback-mode A0_10_0_3  
configure pim crp A0_10_0_3 rp-list 30  
configure pim cbsr A0_10_0_3 30  
configure pim spt-threshold 16 8  
Displaying IP Multicast Routing  
Settings  
To display settings for IP multicast routing components, use the  
commands listed in Table 15.3. For more command options, press the  
Tab key in the command line interface.  
Table 15.3: IP Multicast Routing Show Commands  
Command  
Description  
show dvmrp {vlan <name> | route {detail}}  
Displays the DVMRP configuration and  
statistics, or the unicast route table. The  
default setting is all.  
287  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 15.3: IP Multicast Routing Show Commands (continued)  
Command  
Description  
show igmp snooping {vlan <name> | detail}  
Displays IGMP snooping registration  
information, and a summary of all IGMP  
timers and states.  
show ipmc cache {detail} {<group>}  
{<src_ipaddress> <mask>}  
Displays the IP multicast forwarding cache.  
show pim {vlan <name> | detail}  
Displays the PIM configuration and  
statistics. If no VLAN is specified, the  
configuration is displayed for all PIM  
interfaces.  
show pim rp-set {group}  
Displays the RP set for one or all groups.  
Deleting and Resetting IP Multicast  
Settings  
To return IP multicast routing settings to their defaults and disable  
IP multicast routing functions, use the commands listed in  
Table 15.4. For more command options, press the Tab key in the  
command line interface.  
Table 15.4: IP Multicast Routing Reset and Disable Commands  
Command  
Description  
clear igmp snooping {vlan <name>}  
Removes one or all IGMP snooping entries.  
clear ipmc [counters | cache | debug | trace |  
dlcs | fdb | igmp | iparp | ipfdb | log | session  
| slb] {<group> {<src_ipaddress>  
<mask>}}  
Resets the IP multicast items. If no options are  
specified, all IP multicast entries are flushed.  
configure ipmc cache timeout <seconds>  
Configures the aging time (in seconds) for  
multicast cache entries. The default setting is  
300.  
288  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 15  
IP Multicast Routing  
Table 15.4: IP Multicast Routing Reset and Disable Commands (continued)  
Command  
Description  
disable dvmrp {[Rxmode | txmode] vlan  
[<name> | all]}  
Disables DVMRP on the system.  
disable dvmrp Rxmode vlan [<name> | all]  
disable dvmrp txmode vlan [<name> | all]  
disable igmp {vlan <name>}  
Disables receiving of DVMRP packets on a per-  
VLAN basis.  
Disables transmitting of DVMRP packets on a  
per-VLAN basis.  
Disables the router-side IGMP processing on a  
router interface. No IGMP query is generated,  
but the switch continues to respond to IGMP  
queries received from other devices. If no  
VLAN is specified, IGMP is disabled on all  
router interfaces.  
disable igmp snooping  
Disables IGMP snooping. IGMP snooping can  
be disabled only if IP multicast routing is not  
being used. Disabling IGMP snooping allows  
all IGMP and IP multicast traffic to flood within  
a given VLAN.  
disable ipmcforwarding {vlan <name>}  
disable pim  
Disables IP multicast forwarding.  
Disables PIM on the system.  
unconfigure dvmrp {vlan <name>}  
Resets the DVMRP timers to their default  
settings. If no VLAN is specified, all interfaces  
are reset.  
unconfigure igmp  
Resets all IGMP settings to their default values  
and clears the IGMP group table.  
unconfigure pim {vlan <name>}  
Resets all PIM settings to their default values.  
289  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
290  
Download from Www.Somanuals.com. All Manuals Search And Download.  
16  
IPX Routing  
§
This chapter describes how to configure IPX , IPX/RIP, and IPX/SAP on  
the Intel® NetStructure480T routing switch. It assumes that you are  
familiar with IPX. If not, refer to your Novell documentation.  
Overview of IPX  
The 480T routing switch provides support for IPX, IPX/RIP (Routing  
Information Protocol), and IPX/SAP (Service Advertisement Protocol).  
The switch dynamically builds and maintains an IPX routing table and an  
IPX service table.  
The switch supports separate routing interfaces for IP and IPX traffic on  
the same VLAN, load sharing of IPX routed traffic, and 802.1Q tagged  
packets on a routed IPX VLAN.  
Router Interfaces  
The routing software and hardware routes IPX traffic between IPX router  
interfaces. A router interface is simply a VLAN that has an IPX network  
identifier (NetID) and IPX encapsulation type assigned to it.  
As you create VLANs with different IPX NetIDs, the switch automatical-  
ly routes between them. Both the VLAN switching and IPX routing func-  
tion occur within the switch. You can configure a VLAN with either an  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
IPX NetID or an IP address. You also can configure a VLAN for  
both IPX and IP routing.  
Figure 16.1 shows the same switch discussed earlier in Figure 12.1  
on page 191. In Figure 16.1, IPX routing is added to the switch, and  
two additional VLANs have been definedExec and Support.  
Both VLANs have been configured as protocol-specific VLANs,  
using IPX.  
®
§
IP IPX  
192.207.36.0  
Personnel  
2516  
Exec  
A2B5  
Support  
192.207.35.0  
Finance  
1
2
3
4
5
7
192.207.36.14  
NetID 2516  
MAC 00:AA:BB:CC:DD:EE  
NetID A2B5  
MAC 01:23:45:66:54:32  
NetID 2516  
MAC 00:11:22:33:44:55  
480t_006  
Figure 16.1: IPX VLAN configuration  
Exec is assigned the IPX NetID 2516. Support is assigned the IPX  
NetID A2B5. Port 5 is assigned to Exec; Port 7 is assigned to  
Support. In addition, port 4 is assigned to Exec. Therefore, port 4  
belongs to both the Personnel VLAN (running IP) and the Exec  
VLAN (running IPX).  
Traffic within each VLAN is switched using the Ethernet MAC  
address. Traffic between Exec and Support is routed using the IPX  
NetID. Traffic cannot be sent between the IP VLANs (Finance and  
Personnel) and the IPX VLANs (Exec and Support).  
292  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 6  
IPX Routing  
IPX Encapsulation Types  
Novell NetWare§ supports four types of frame encapsulation. The  
term for each type is described in Table 16.1.  
Table 16.1: IPX§ Encapsulation Types  
Name  
Description  
ENET_II  
ENET_8023  
The frame uses the Ethernet 2 header.  
The frame includes the IEEE 802.3 length  
field, but does not include the IEEE 802.2  
Logical Link Control (LLC) header. This  
encapsulation is used by NetWare§ version  
2.x and the original 3.x version.  
ENET_8022  
The frame uses the IEEE format and  
includes the IEEE 802.2 LLC header. This  
encapsulation is used by NetWare version  
3.12 and 4.x.  
ENET_SNAP  
The frame adds a Subnetwork Access  
Protocol (SNAP) header to the IEEE 802.2  
LLC header.  
To configure a VLAN to use a particular encapsulation type, use  
this command:  
configure vlan <name> xnetid <netid> [enet_ii |  
enet_8023 | enet_8022 | enet_snap]  
IPX and IP  
The 480T routing switch supports:  
Separate routing interfaces for IP and IPX traffic on the same  
VLAN  
Load sharing of IPX routed traffic  
802.1Q tagged packets on a routed IPX VLAN  
293  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
IP and IPX on the Same VLAN  
The switch supports IP and IPX routing within the same VLAN.  
This feature does not require any special configuration.  
Tagged IPX VLAN  
The switch supports tagged 802.1Q traffic on an IPX VLAN that is  
performing routing.  
Tagging is most commonly used to create VLANs that span  
multiple switches. Using VLAN tags, multiple VLANs can span  
multiple switches using one or more trunks. In a port-based VLAN,  
each VLAN requires its own pair of trunk ports.  
Another benefit of tagged VLANs is the ability to have a port be a  
member of multiple VLANs. This is particularly useful if you have  
a device (such as a server) that must belong to multiple VLANs. A  
single port can be a member of only one port-based VLAN. All  
additional VLAN memberships for that port must be configured  
with tags.  
To configure a tagged IPX VLAN, assign a tag to the VLAN using  
this command:  
configure vlan <name> tag <vlanid>  
The valid range is from 1 to 4095.  
To assign tagged ports to the VLAN, use this command:  
configure vlan <name> add port <portlist> {tagged |  
untagged} {nobroadcast}  
To display your VLAN settings, use this command:  
show vlan {<name>} {detail}  
IPX Load Sharing  
See "Load Sharing" on  
page 84.  
The 480T routing switch supports IPX load sharing. There is no  
special configuration requirement to support this function. Simply  
configure load sharing as you would normally.  
294  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 6  
IPX Routing  
Populating the Routing Table  
The routing switch builds and maintains an IPX routing table. As in  
the case of IP, the table is populated using dynamic and static  
entries.  
Dynamic Routes  
Dynamic routes are typically learned using IPX/RIP. Routers that  
use IPX/RIP exchange information in their routing tables in the  
form of advertisements. Using dynamic routes, the routing table  
contains only networks that are reachable.  
Dynamic routes are aged out of the table when an update for the  
network is not received for a period of time, as determined by the  
routing protocol.  
Static Routes  
Static routes are manually entered into the routing table. Static  
routes are used to reach networks not advertised by routers. You can  
configure up to 64 static IPX routes on the 480T routing switch.  
Static routes are never aged out of the routing table. Static routes are  
advertised to the network using IPX/RIP.  
IPX/RIP Routing  
See Figure 13.4 on page  
241.  
The switch supports the use of IPX/RIP for unicast routing. IPX/  
RIP is different from IP/RIP. However, many of the concepts are the  
same. The 480T routing switch supports these IPX/RIP features:  
Split horizon  
Poison reverse  
Triggered updates  
Route information is entered into the IPX route table in one of two  
ways:  
Dynamically, using RIP  
Statically, using the command:  
configure ipxroute add [<dest_netid> | default]  
next_hop_netid next_hop_node_addr <hops> <ticks>  
295  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
IPX/RIP is automatically enabled when a NetID is assigned to the  
VLAN. To remove the advertisement of an IPX VLAN, use the  
command:  
configure ipxrip delete {vlan <name> | all}  
GNS Support  
The 480T routing switch supports the Get Nearest Server (GNS)  
reply function. When a NetID is assigned to the switch, the GNS  
reply service is automatically enabled. When a station requests a  
particular service on the network (for example, locating a print  
server), the station sends a GNS request and the switch responds to  
the request. If GNS-reply is disabled, the switch drops the request.  
To disable GNS-reply, use this command:  
disable ipxsap gns-reply {vlan <name>}  
Routing SAP Advertisements  
The 480T routing switch contains an IPX Service Table, and  
propagates SAP advertisements to other IPX routers on the  
network. Each SAP advertisement contains:  
Service type  
Server name  
Server NetID  
Server node address  
The service information is entered into the IPX Service Table in one  
of two ways:  
Dynamically, through SAP  
Statically, using this command:  
configure ipxservice add <service_type>  
<service_name> <netid> <node_address> <socket>  
<hops>  
296  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 6  
IPX Routing  
Configuring IPX  
This section describes the commands associated with configuring  
IPX, IPX/RIP, and IPX/SAP on the 480T routing switch. Configure  
IPX routing as follows:  
1. Create at least two VLANs (see "Virtual LANs (VLANs)" on  
page 95).  
2. If you are combining an IPX VLAN with another VLAN on the  
same port(s), you must use a protocol filter on one of the VLANs,  
or use 802.1Q tagging.  
3. Assign each VLAN a NetID and encapsulation type, using this  
command:  
configure vlan <name> xnetid <netid> [enet_ii |  
enet_8023 | enet_8022 | enet_snap]  
Ensure that each VLAN  
has a unique IPX NetID  
Once you configure the IPX VLAN information, IPX forwarding  
automatically begins to function. Specifically, configuring the IPX  
and that the encapsulation VLAN automatically enables the IPX/RIP, IPX/SAP, and SAP  
type matches the VLAN  
protocol.  
GNS services.  
Verifying IPX Router Configuration  
Use these commands to verify the IPX routing configuration:  
show vlanAlong with other information, this command  
displays the IPX NetID setting and encapsulation type.  
show ipxconfigAnalogous to the show ipconfig  
command for the IP protocol, it displays summary global IPX  
configuration information followed by per-VLAN information.  
Information includes enable/disable status for IPX/RIP, IPX/SAP,  
IPX route sharing, IPX service sharing, and so on.  
show ipxrouteAnalogous to the show iproutecommand  
for the IP protocol. it displays static and learned routes, along  
with information about the VLAN that uses the route, hop count,  
age of the route, and so on.  
show ipxsapDisplays the enable status of IPX/SAP for the  
VLAN, and its operational and administrative status (including  
the GNS reply service). It also lists any identified IPX/SAP  
neighbors, SAP packet statistics, and several other timer settings.  
297  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
show ipxripDisplays the enable status of IPX/RIP for the  
VLAN, including operational and administrative status. It also  
lists identified IPX/RIP neighbors, RIP packet statistics, and  
several other timer settings.  
show ipxserviceDisplays the contents of the IPX Service  
Table.  
Protocol-Based VLANs for IPX  
When combining IPX VLANs with other VLANs on the same  
physical port, it may be necessary to assign a protocol filter to the  
VLAN. This is especially true if it is not possible to use 802.1Q  
VLAN tagging.  
For convenience, IPX-specific protocol filters have been defined  
and named in the default configuration of the switch. Each filter is  
associated with a protocol encapsulation type. The IPX-specific  
protocol filters and the associated encapsulation type of each are  
described in Table 16.2.  
§
Table 16.2: IPX Protocol Filters and Encapsulation Types  
Used for Filtering IPX  
Protocol Name  
IPX  
Protocol Filter  
etype 0x8137  
llc 0xe0e0  
Encapsulation Type  
enet_ii  
IPX_8022  
IPX_snap  
enet_802_2  
enet_snap  
SNAP 0x8137  
It is not possible to define a protocol-sensitive VLAN for filtering  
the IPX enet_8023encapsulation type. Instead, use a protocol-  
sensitive filter on the other VLANs that share the same ports,  
leaving the enet_8023encapsulation VLAN configured using the  
anyprotocol.  
Tuning  
On larger networks, increase IPX SAP and IPX RIP update intervals  
to reduce CPU load (e.g., from default of 60 to 120 seconds).  
298  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 6  
IPX Routing  
To increase route stability, you can increase the hold multiplier  
(default is 3 for 180 seconds). To modify these parameters use CLI  
commands:  
configure ipxrip <vlan name> update-interval <time>  
hold-multiplier <number>  
configure ipxsap <vlan name> update-interval <time>  
hold-multiplier <number>  
Tagged VLANs and IPX  
IPX routing is not supported on tagged VLANs.  
IPX and Round-Robin Load Sharing  
Due to packet sequencing problems, we do not recommend that IPX  
load sharing run with the round-robin load-sharing algorithm.  
IPX Performance Testing Using Traffic  
Generators  
When using traffic generation equipment to test the wire-speed  
capability of IPX routing, entries that are allowed to age out with the  
ports remaining active cannot be re-learned on that port and will not  
be forwarded at wire-speed.  
Restarting the port or clearing the FDB will not address this issue.  
In a real-worldIPX environment, clients and servers generally do  
not lose communication with the directly attached switch for the  
FDB entries to age out.  
IPX and Bi-Directional Rate Shaping  
Bi-directional rate shaping is not supported for use with IPX traffic.  
299  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
IPX Commands  
Table 16.3 describes the commands used to configure basic IPX  
settings. For more command options, press the Tab key in the  
command line interface.  
Table 16.3: Basic IPX§ Commands  
Command  
Description  
configure ipxmaxhops <number>  
Configures the IPX maximum hop count  
when forwarding IPX packets. The  
default setting is 16. Change this only if  
NetWare§ Link Services Protocol (NLSP)  
is running in the IPX network.  
configure ipxroute add [<dest_netid> | default]  
<next_hop_id> <next_hop_node_addr> <hops>  
<tics>  
Adds a static IPX route entry in the IPX  
route table. Specify:  
next_hop_idThe NetID of the  
neighbor IPX network.  
next_hop_node_addrThe node  
address of the next IPX router.  
hopsThe maximum hop count.  
ticsThe timer delay value.  
You can enter up to 64 static routes.  
configure ipxroute delete [<dest_netid> | default]  
<next_hop_netid> <next_hop_node_addr>  
Removes a static IPX route entry from  
the route table.  
configure ipxservice add <service_type>  
<service_name> <netid> <node_address>  
<socket> <hops>  
Adds a static entry to the IPX service  
table. Specify:  
service_typeSrvice type.  
service_nameService name.  
netidIPX network identifier.  
node_addressNode address of  
the server.  
socketIPX port number.  
hopsThe number of hops (for SAP  
routing).  
300  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 6  
IPX Routing  
Table 16.3: Basic IPX§ Commands (continued)  
Command  
Description  
configure ipxservice delete <service_type>  
<service_name> <netid> <node_address>  
<socket>  
Deletes an IPX service from the service  
table.  
configure vlan <name> xnetid <netid> [enet_ii |  
enet_8023 | enet_8022 | enet_snap]  
Configures a VLAN to run IPX routing.  
Specify:  
enet_iiUses Ethernet 2 header.  
enet_8023Uses IEEE 802.3  
length field, but does not include the  
IEEE 802.2 LLC header.  
enet_8022Uses IEEE the format  
and the IEEE 802.2 LLC header.  
enet_snapAdds Subnetwork  
Access Protocol (SNAP) header to  
IEEE 802.2 LLC header.  
enable type20 forwarding {vlan <name>}  
Enables the forwarding of IPX type 20  
(NetBIOS inside IPX) packets from one  
§
or more ingress VLANs. The default  
setting is disabled.  
xping {continuous} {size <n>} <netid>  
<node_address>  
Pings an IPX node. If continuousis not  
specified, 4 pings are sent. The default  
ping packet size is 256 data bytes. The  
size can be configured to between 1 and  
1,484 bytes.  
Table 16.4 describes the commands used to configure the IPX route  
table. For more command options, press the Tab key in the  
command line interface.  
Table 16.4: IPX§ /RIP Configuration Commands  
Command  
Description  
configure ipxrip add vlan [<name> | all]  
Configures one or all IPX VLANs to run IPX/  
RIP. IPX/RIP is enabled by default when you  
configure the IPX VLAN.  
301  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 16.4: IPX§ /RIP Configuration Commands (continued)  
Command  
Description  
configure ipxrip vlan [all | <name>] [import-  
filter | export-filter | trusted-gateway] [none |  
<access-profile>]  
Configures the import, export, or trusted-  
gateway options and specifies an access  
profile.  
configure ipxrip delete vlan [<name> | all]  
Disables IPX/RIP on one or all interfaces.  
configure ipxrip vlan [<name> | all] delay  
<msec>  
Configures the time between each IPX/RIP  
packet within an update interval. The default  
setting is 55 milliseconds.  
configure ipxrip vlan [<name> | all] max-  
packet-size <size>  
Configures the maximum transmission unit  
(MTU) size of the IPX/RIP packet. The  
default setting is 432 bytes.  
enable ipxrip  
Enables IPX/RIP on the router.  
configure ipxrip vlan [<name> | all] update-  
interval <time> {hold-multiplier <number>}  
Configures the update interval and hold  
multiplier for IPX/RIP updates. This setting  
affects both the periodic update interval of  
IPX/RIP and the aging interval of learned  
routes.  
The default update interval is 60 seconds. The  
default multiplier is 3.The aging period is  
calculated using the formula:  
update-interval x multiplier = aging period  
Table 16.5 describes the commands used to configure IPX/SAP.  
For more command options, press the Tab key in the command line  
interface.  
Table 16.5: IPX§/SAP Configuration Commands  
Command  
Description  
configure ipxsap add vlan [<name> | all]  
Configures an IPX VLAN to run IPX/SAP  
routing. If no VLAN is specified, all VLANs  
are configured to run IPX/SAP routing. IPX/  
SAP routing is enabled by default when the  
IPX VLAN is configured.  
302  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 6  
IPX Routing  
Table 16.5: IPX§/SAP Configuration Commands (continued)  
Command  
Description  
configure ipxsap delete vlan [<name> | all]  
Disables IPX/SAP on an interface.  
configure ipxsap vlan [<name> | all] delay  
<msec>  
Configures the time between each SAP packet  
within an update interval. The default setting  
is 55 milliseconds.  
configure ipxsap vlan [<name> | all] [export-  
filter | import-filter | trusted-gateway]  
[<access profile> | none]  
Configures the import, export, or trusted-  
gateway options and specifies an access  
profile.  
configure ipxsap vlan [<name> | all] max-  
packet-size <number>  
Configures the MTU size of the IPX/SAP  
packets. The default setting is 432 bytes.  
configure ipxsap vlan [<name> | all] update-  
interval <time> {hold-multiplier <number>}  
Configures the update interval and hold  
multiplier for IPX/SAP updates. This setting  
affects both the periodic update interval of  
SAP and the aging interval of learned routes.  
The default update interval is 60 seconds.The  
default multiplier is 3. The aging period is  
calculated using the formula:  
update-interval * multiplier = aging period  
Triggered update is always enabled;  
therefore, new information is processed and  
propagated immediately.  
configure ipxsap vlan <name> gns-delay  
<msec>  
Configures the amount of time the switch  
waits before answering a GNS request. By  
default, the switch answers a GNS request as  
soon as possible (0 milliseconds).  
enable ipxsap  
Enables IPX/SAP on the router.  
enable ipxsap gns-reply {vlan <name>}  
Enables GNS-reply on one or all IPX  
interfaces. If no VLAN is specified, GNS-  
reply is enabled on all IPX interfaces. The  
default setting is aging time (in seconds).  
303  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
IPX Configuration Example  
Figure 16.2 builds on the example showing the IP/RIP  
configuration that was used in Figure 13.4 on page 241. Now, along  
with having IP VLANs configured, this example illustrates a switch  
that has two IPX VLANs defined.  
The first VLAN is Exec with these characteristics:  
Protocol-sensitive VLAN using the IPX protocol with the filter  
IPX_8022  
Ports 4 and 5 have been assigned to Exec  
Exec is configured for IPX NetID 2516 and IPX encapsulation  
type 802.2  
The second VLAN is Support with these characteristics:  
Port 7 is assigned to Support  
Support is configured for IPX NetID A2B5 and IPX  
encapsulation type 802.2  
®
§
IP IPX  
192.207.36.0  
Personnel  
2516  
Exec  
A2B5  
Support  
192.207.35.0  
Finance  
1
2
3
4
5
7
192.207.36.14  
NetID 2516  
MAC 00:AA:BB:CC:DD:EE  
NetID A2B5  
MAC 01:23:45:66:54:32  
NetID 2516  
MAC 00:11:22:33:44:55  
480t_006  
Figure 16.2: IPX routing configuration example  
304  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 6  
IPX Routing  
The stations connected to the system generate a combination of IP  
traffic and IPX traffic. The IP traffic is filtered by the IP VLANs.  
IPX traffic is filtered by the IPX VLANs.  
In this configuration, all IP traffic from stations connected to ports  
1 and 3 have access to the IP router through the VLAN Finance. IP  
traffic on ports 2 and 4 reach the IP router using the VLAN  
Personnel.  
Similarly, IPX traffic from stations connected to ports 4 and 5 have  
access to the IPX router using the VLAN Exec. IPX traffic to port  
7 reaches the IPX router using the VLAN Support. Both Exec and  
Support use enet_8022 as the encapsulation type.  
The IPX configuration shown in the example in Figure 16.2 uses  
these commands:  
create vlan Exec  
create vlan Support  
configure Exec protocol ipx_8022  
configure Exec add port 4,5  
configure Support add port 7  
configure Support protocol ipx_8022  
configure Exec xnetid 2516 enet_8022  
configure Support xnetid A2B5 enet_8022  
Displaying IPX Settings  
To display settings for various IPX components, use the commands  
listed in Table 16.6. For more command options, press the Tab key  
in the command line interface.  
Table 16.6: IPX§ Show Commands  
Command  
Description  
show ipxconfig {vlan <name>}  
Displays IPX configuration information for  
one or all VLANs.  
show ipxfdb  
Displays the hardware IPX FDB  
information.  
show ipxrip {vlan <name>}  
Displays IPX/RIP configuration and  
statistics for one or all VLANs.  
305  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 16.6: IPX§ Show Commands (continued)  
Command  
Description  
show ipxroute {vlan <name> | xnetid <netid> |  
origin [static | rip | local]}  
Displays the IPX routes in the route table.  
show ipxsap {vlan <name>} {stats}  
Displays IPX/SAP configuration and status  
for one or all VLANs.  
show ipxservice {vlan <name> | name <service  
name> | type <hex> | origin [static | ipxsap]}  
Displays IPX services learned through SAP.  
show ipxstats {vlan <name>}  
Displays IPX packet statistics for the IPX  
router, and one or all VLANs.  
Resetting and Disabling IPX  
To return IPX settings to their defaults and disable IPX functions,  
use the commands listed in Table 16.7.  
Table 16.7: IPX§ Reset and Disable Commands  
Command  
Description  
disable ipxrip  
Disables IPX/RIP on the router.  
Disables IPX/SAP on the router.  
disable ipxsap  
disable ipxsap gns-reply {vlan <name>}  
Disables GNS reply on one or all IPX  
interfaces.  
disable type20 forwarding {vlan <name>}  
unconfigure ipxrip {vlan <name>}  
Disables the forwarding of IPX type-20 packets.  
Resets the IPX/RIP settings on one or all  
VLANs to the default. Removes import and  
export filters, and resets the MTU size, update  
interval, and inter-packet delay.  
306  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 6  
IPX Routing  
Table 16.7: IPX§ Reset and Disable Commands (continued)  
Command  
Description  
unconfigure ipxsap {vlan <name>}  
Resets the IPX/SAP settings on one or all  
VLANs to the default. Removes import and  
export filters, and resets the MTU size, update  
interval, and inter-packet delay.  
unconfigure vlan <name> xnetid  
Removes the IPX NetID of a VLAN.  
307  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
308  
Download from Www.Somanuals.com. All Manuals Search And Download.  
17  
Access Policies  
This chapter describes access policies, and how they are created and  
implemented on the Intel® NetStructure480T routing switch.  
Overview of Access Policies  
Access policies are a generalized category of features that impact  
forwarding and route forwarding decisions. Access policies are used  
primarily for security and quality of service (QoS) purposes.  
There are three categories of access policies:  
IP access lists  
Routing access policies  
Route maps  
IP Access Lists  
IP access lists consist of IP access rules, and are used to perform packet  
filtering and forwarding decisions on incoming traffic. They are based on  
criteria that involves Layer 3 IP or Layer 4 socket source or destination  
information. Each packet arriving on an ingress port is compared to the  
access list in sequential order, and is either forwarded to a specified QoS  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
profile or dropped. Using access lists has no impact on switch  
performance.  
Access lists are typically applied to traffic that crosses Layer 3  
router boundaries, but it is possible to use access lists within a Layer  
2 VLAN.  
Routing Access Policies  
Routing access policies are used to control the advertisement or  
recognition of routing protocols, such as Router Information  
Protocol (RIP), Open Shortest Path First (OSPF) or Border  
Gateway Protocol (BGP). You can use routing access policies to  
hide entire networks, or to trust only specific sources for routes or  
ranges of routes.  
The capabilities of routing access policies are specific to the type of  
routing protocol involved, but are sometimes more efficient and  
easier to implement than access lists.  
IPX§ Routing Access Policies  
Routing access policies support IPX, IPX/ RIP, IPX/SAP, and IPX  
node rules. Routing access policies consist of access rules, and are  
used to perform packet filtering and forwarding decisions on  
incoming traffic. Each IPX/RIP or IPX/SAP packet arriving on an  
ingress port is compared to each access profile rule in sequence, and  
is either forwarded or dropped. To create IPX access profiles, use  
this command:  
create access-profile <access_profile> type  
[ipaddress | ipx-node | ipx-net | ipx-sap | as-path |  
bgp-community]  
To configure an IPX net, node or SAP access profile, use this  
command:  
configure access-profile <access_profile> [add |  
delete] {seq-number} ipx-net <ipx_net_id_in_hex>  
<ipx_net_id_mask_in_hex>  
configure access-profile <access_profile> [add |  
delete] {seq-number} ipx-node <ipx_net_id_in_hex>  
<ipx_net_id_mask_in_hex>  
<ipx_node_id_in_mac_address_format>  
310  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 17  
Access Policies  
configure access-profile <access_profile> [add |  
delete] {seq-number} ipx-sap <ipx_sap_type_in_hex>  
<ipx_name_string>  
To assign IPX access profiles as either import or export filters to  
RIP or SAP, use these commands:  
configure ipxrip vlan [<vlan name> | all] import-  
filter [<access_profile> | none]  
configure ipxrip vlan [<vlan name> | all] export-  
filter [<access_profile> | none]  
configure ipxsap vlan [<vlan name> | all] import-  
filter [<access_profile> | none]  
configure ipxsap vlan [<vlan name> | all] export-  
filter [<access_profile> | none]  
To view your access profile configuration, use this command:  
show access-profile <access_profile>  
Route Maps  
Route maps are used to modify or filter routes redistributed into  
BGP. They are also used to modify or filter the routing information  
exchanged with BGP neighbors.  
Using IP Access Lists  
Each entry that makes up the IP access list of the 480T routing  
switch contains a unique name. It can contain a unique precedence  
number, as well. Precedence numbers range from 1 to 25,600, with  
the number 1 having the highest precedence.  
The precedence number determines the order in which each criteria  
rule is examined by the switch. Once a matching entry in the access  
list is found, the packet is acted on and either forwarded or dropped.  
The rules of an IP access list consist of a combination of these six  
components:  
IP source address and mask  
IP destination address and mask  
TCP or UDP source port range  
TCP or UDP destination port range  
311  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Physical source port  
Precedence number (optional)  
How IP Access Lists Work  
For each access list entry, you can either permit the packet to be  
forwarded, or deny the packet (in which case, it is dropped). When  
you create a permit access list condition, you can optionally specify  
a QoS profile.  
The QoS profile informs  
the 480T routing switch  
which bandwidth  
When a packet arrives on an ingress port, the packet is compared  
with the access list rules to determine a match. When a match is  
found, the packet is processed.  
management and priority  
to use when transmitting  
the packet.  
If the access list is of type deny, the packet is dropped. If the list is  
of type permit, the packet is forwarded. A permit access list can also  
apply a QoS profile to the packet.  
Precedence Numbers  
The precedence number is optional, and determines the order in  
which each rule is examined by the 480T routing switch. Access list  
entries that contain a precedence number are evaluated from highest  
to lowest precedence.  
You can specify overlapping rules; however, if you are using  
precedence numbers, overlapping rules without precedence  
numbers are ignored. Therefore, precedence numbers must be  
specified among all overlapping rules.  
If a new rule without a precedence number is entered, and it  
overlaps existing rules, the switch rejects the new rule and resolves  
the precedences among all remaining overlapping rules.  
Specifying a Default Rule  
To begin constructing an access list, you should specify a default  
rule. A default rule contains wildcards for destination and source IP  
address, with no Layer 4 information.  
A default rule determines whether the behavior of the access list is  
an implicit deny or implicit accept. If no access list entry is satisfied,  
the default rule is used to determine whether the packet is forwarded  
312  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 17  
Access Policies  
or dropped. If no default rule is specified, the default implicit  
behavior is to forward the packet.  
This example shows a default entry used to specify an implicit deny:  
create access-list denyall ip destination 0.0.0.0/0  
source 0.0.0.0/0 deny ports any  
Once the default behavior of the access list is established, you can  
create additional entries with precedence. The optional precedence  
numbers range from 1 to 25,600 (number 1 having the highest  
precedence).  
The access list example below performs packet filtering in the  
following order, as determined by the precedence number:  
1. Deny UDP port 16 and TCP port 15 traffic to the 10.2.X.X net-  
work.  
2. All other TCP port 15 traffic destined for other 10.X.X.X net-  
works is permitted using QoS profile Qp4.  
3. All remaining traffic to 10.2.0.0 uses QoS profile Qp3.  
With no default rule specified, all remaining traffic is allowed using  
the default QoS profile.  
create access-list deny102_16 udp dest 10.2.0.0/8  
ip-port 16 source any ip-port any deny ports any  
precedence 10  
create access-list deny102_15 tcp dest 10.2.0.0/8  
ip-port 15 source any ip-port any deny ports any  
precedence 20  
create access-list allow10_15 tcp dest 10.0.0.0/8  
ip-port 15 source any ip-port any permit  
qosprofile qp4 ports any precedence 30  
create access-list allow102 ip dest 10.2.0.0/8  
source 0.0.0.0/0 permit qosprofile qp3 ports any  
precedence 40  
The Permit-Established Keyword  
Access lists support the use of the permit-establishedkeyword.  
This keyword allows directional control of attempts to open a TCP  
session. You can explicitly permit or block session initiation using  
313  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
the keyword. For example, you could use this entry to permit TCP  
sessions originated from anywhere in the 10.1.0.0 network only:  
create access-list TCPout tcp destination 10.1.0.0/  
16 ip-port any source 0.0.0.0/0 ip-port any  
permit-established ports any  
In this example, using the permit-establishedkeyword allows  
only TCP packets with the ACK (acknowledgement) or RST (reset)  
bit set to destination 10.1.0.0. from anywhere, but not to any other  
destination.  
Adding and Deleting Access List Entries  
You can add and delete entries in the access list. To add an entry,  
you must supply a unique name and, optionally, a unique  
precedence number.  
To modify an existing  
entry, you must delete the  
entry and retype it, or  
create a new entry with a  
new unique name.  
To delete an access list entry, use the command:  
delete access-list <name>  
Maximum Entries  
You can use up to 255 entries with an assigned precedence. Along  
with the 255 entries, you can also create entries that do not use  
precedence, with these restrictions:  
A source IP address must use wildcards or be completely  
specified (32-bit mask).  
The Layer 4 source and destination ports must use wildcards or be  
completely specified (no ranges).  
No physical source port can be specified.  
Access Lists for ICMP  
Access lists for ICMP (Internet Control Message Protocol) traffic  
processing are handled somewhat differently. An access list for  
ICMP is only effective for traffic routed by the switch.  
ICMP traffic can either be forwarded (routed) by the switch or  
discarded, but cannot contain options for assigning a QoS profile.  
Other included configuration options for filtering ICMP include:  
314  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 17  
Access Policies  
IP source and destination address and mask  
ICMP type code  
Physical source port (optional)  
Numbered precedence (optional)  
When using an access control list with an IP deny any rule, all  
ICMP traffic will not be blocked (for either Layer 2 or Layer 3). To  
block all traffic within Layer 2 and Layer 3, two access lists must be  
created, an IP deny any rule and an ICMP deny any rule.  
Security and Access Policies  
ICMP ACL Precedence You can assign precedence values to  
access lists for ICMP traffic. The precedence number is optional;  
access list entries that contain a precedence number are evaluated  
from highest to lowest precedence. Precedence numbers range from  
1 to 25,600, with the number 1 having the highest precedence.  
Assigning precedence allows the switch to resolve conflicts  
between ICMP rules.  
ICMP Deny Rule If an ICMP deny rule is created with type  
configured as zero, all ICMP traffic with any other type is blocked.  
The ICMP type zero and code zero is treated as a wildcard and will  
apply to all ICMP rules.  
Verifying Access List Configurations  
To verify access list settings you can view the access list  
configuration to see real-time statistics where access list entries are  
affected when processing traffic. To view the access list  
configuration and statistics screen, use this command:  
show access-list {name | port <port>}  
To refresh the access list statistics display, use this command:  
show access-list-monitor  
Access List Commands  
Table 17.1 describes the commands used to configure IP access  
lists. For further command options, press the Tab key in the  
command line interface.  
315  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 17.1: Access List Configuration Commands  
Command  
Description  
create access-list <name> ip destination  
[<dst_ipaddress>/<dst_mask> | any] source  
[<src_ipaddress>/<src_mask> | any] [deny |  
permit <qosprofile> | deny] ports  
Creates a named IP access list. The access list is  
applied to all ingress packets. Options include:  
<name>Specifies the access list name.  
The access list name can be between 1 and  
16 characters.  
[<portlist> | any] {precedence <number>}  
ipSpecifies an IP access list.  
destinationSpecifies an IP destination  
address and subnet mask. A mask length of  
32 indicates a host entry. An IP address of  
0.0.0.0 is a wildcard and matches all.  
sourceSpecifies an IP source address  
and subnet mask. An IP address of 0.0.0.0  
is a wildcard and matches all.  
permitSpecifies that the packets  
matching the access list description are  
permitted to be forwarded by this switch.  
An optional Quality of Service (QoS)  
profile can be assigned to the access list, to  
enable the switch to prioritize packets  
accordingly.  
denySpecifies that the packets matching  
the access list description are filtered  
(dropped) by the switch.  
precedenceSpecifies the access list  
precedence number. The range is 1 to  
25,600.  
316  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 17  
Access Policies  
Table 17.1: Access List Configuration Commands (continued)  
Command  
Description  
create access-list <name> tcp destination  
[<dst_ipaddress>/<dst_mask> | any] ip-port  
[<dst_port> | range <dst_port_min>  
<dst_port_max> | any] source  
[<src_ipaddress>/<src_mask> | any] ip-port  
[<src_port> | range <src_port_min>  
<src_port_max> | any] [permit  
<qosprofile> | permit-established | deny]  
ports [<portlist> | any] {precedence  
<precedence_num>} {log}  
Creates a named IP access list to look at TCP  
port numbers. The access list is applied to all  
ingress packets. Options include:  
<name>Specifies the access list name.  
The access list name can be between 1 and  
16 characters.  
tcpSpecifies an IP access list that looks  
at TCP port numbers.  
destinationSpecifies an IP destination  
address and subnet mask. A mask length of  
32 indicates a host entry. An IP address of  
0.0.0.0 is a wildcard and matches all.  
sourceSpecifies an IP source address  
and subnet mask. An IP address of 0.0.0.0  
is a wildcard and matches all.  
permit-establishedSpecifies that a  
uni-directional session establishment is  
allowed.  
permitSpecifies that the packets  
matching the access list description are  
permitted to be forwarded by this switch.  
An optional QoS profile can be assigned to  
the access list, to enable the switch to  
prioritize packets accordingly.  
rangeSpecifies the TCP or UDP port  
range.  
denySpecifies that the packets matching  
the access list description are filtered  
(dropped) by the switch.  
precedenceSpecifies the access list  
precedence number. The range is 1 to  
25,600.  
317  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 17.1: Access List Configuration Commands (continued)  
Command  
Description  
Creates a named IP access list to look at UDP port  
numbers. The access list is applied to all ingress  
packets. Options include:  
create access-list <name> udp destination  
[<dst_ipaddress>/<dst_mask> | any] ip-port  
[<dst_port> | range <dst_port_min>  
<dst_port_max> | any] source  
[<src_ipaddress>/<src_mask> | any] ip-port  
[<src_port> | range <src_port_min>  
<src_port_max> | any] [permit  
<name>Specifies the access list name. The  
access list name can be between 1 and 16  
characters.  
udpSpecifies an IP access list that looks at  
<qosprofile> | deny] ports [<portlist> | any]  
{precedence <precedence_num>}  
UDP port numbers.  
destinationSpecifies an IP destination  
address and subnet mask. A mask length of  
32 indicates a host entry.  
sourceSpecifies an IP source address and  
subnet mask.  
permitSpecifies that the packets matching  
the access list description are permitted to be  
forward by this switch. An optional QoS  
profile can be assigned to the access list,to  
enable the switch to prioritize packets  
accordingly.  
rangeSpecifies the TCP or UDP port  
range.  
denySpecifies that the packets matching the  
access list description are filtered (dropped)  
by the switch.  
precedenceSpecifies the access list  
precedence number. The range is 1 to 25,600.  
318  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 17  
Access Policies  
Table 17.1: Access List Configuration Commands (continued)  
Command  
Description  
Creates a named ICMP access list. The access list  
is applied to all ingress packets. Options include:  
create access-list icmp destination  
[<dest_ipaddress>/<mask> | any] source  
[<src_ipaddress>/<source_mask> | any]  
type <icmp_type> code <icmp_code>  
[permit | deny] {<portlist>} {precedence  
<number>}  
<name>Specifies the access list name of  
between 1 and 16 characters.  
icmpSpecifies an ICMP access list.  
destinationSpecifies an IP destination  
address and subnet mask. A mask length of  
32 indicates a host entry.  
sourceSpecifies an IP source address and  
subnet mask.  
typeSpecifies the ICMP_TYPE number  
from 0 to 255.  
codeSpecifies the ICMP_CODE number  
from 0 to 255.  
permitSpecifies that packets matching the  
access list description are forwarded. An  
optional QoS profile can be assigned to the  
access list, so the switch can prioritize  
packets accordingly.  
denySpecifies that packets matching the  
access list description are filtered (dropped)  
by the switch.  
delete access-list <name>  
Deletes an access list.  
disable access-list <name> [counter | log]  
enable access-list <name> [counter | log]  
Disables the collection of access-list statistics.  
Enables the collection of access-list statistics.  
The default setting is enabled.  
disable access-list <name> log  
enable access-list <name> log  
Disables logging of a message (with details of  
packet properties) to the Syslog facility for each  
packet that matches the access list description.  
Enables logging of message, (with details of  
packet properties) to the Syslog facility for each  
packet matching the access list description.  
319  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 17.1: Access List Configuration Commands (continued)  
Command  
Description  
show access-list {<name> | ports  
<portlist>}  
Displays access-list information.  
show access-list-fdb  
Displays the hardware access control list  
mapping.  
show access-list-monitor  
Refreshes the access-list statistics display.  
IP Access List Examples  
This section presents two IP access list examples:  
Using the permit-establish keyword  
Filtering ICMP packets  
Example 1: Using the Permit-Established  
Keyword  
This example uses an access list that permits TCP sessions (Telnet,  
FTP, and HTTP) to be established in one direction.  
The switch shown in Figure 17.1 is configured as:  
Two VLANs, NET10 VLAN and NET20 VLAN, are defined.  
The IP address for NET10 VLAN is 10.10.10.1/24.  
The IP address for NET20 VLAN is 10.10.20.1/24.  
The workstations are configured using addresses 10.10.10.100  
and 10.10.20.100.  
IP Forwarding is enabled.  
These sections detail the steps used to configure the example.  
Step 1 Deny IP Traffic  
First, create an access-list that blocks all IP-related traffic. This  
includes any TCP- and UDP-based traffic. Although ICMP is used  
320  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 17  
Access Policies  
in conjunction with IP, it is technically not an IP data packet. Thus,  
ICMP data traffic, such as ping traffic, is not affected.  
Use this command to create the access-list:  
create access-list denyall ip destination any  
source any deny ports any  
Figure 17.1: Access list denies all TCP and UDP traffic  
Step 2 Allow TCP Traffic  
The next set of access-list commands permits TCP-based traffic to  
flow. Because each session is bidirectional, an access-list must be  
defined for each direction of the traffic flow. UDP traffic is still  
blocked.  
Use these commands to create the access list defined for  
bidirectional traffic flow:  
create access-list tcp1 tcp destination 10.10.20.100/  
32 ip any source 10.10.10.100/32 ip any permit qp1  
ports any precedence 20  
create access-list tcp2 tcp destination  
10.10.10.100/32 ip any source 10.10.20.100/32 ip  
any permit qp1 ports any precedence 21  
Figure 17.2 illustrates the outcome of this access list.  
TCP  
UDP  
ICMP  
10.10.10.100  
Figure 17.2: Access list allows TCP traffic  
10.10.20.100  
321  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Step 3 - Permit-Established Access List  
When a TCP session begins, there is a three-way handshake that  
includes a sequence of a SYN, SYN/ACK and ACK packets.  
Figure 17.3 shows an illustration of the handshake that occurs when  
Host A initiates a TCP session to Host B. After this sequence, actual  
data can be passed.  
SYN  
SYN / ACK  
ACK  
Host A  
10.10.10.100  
Host B  
10.10.20.100  
EW_  
Figure 17.3: Host A initiates a TCP session to Host B  
An access list that uses the permit-established keyword filters the  
SYN packet in one direction.  
Use the permit-established keyword to allow only Host A to be able  
to establish a TCP session to Host B and to prevent any TCP  
sessions from being initiated by Host B, as illustrated in  
Figure 17.3. The syntax for this access-list is:  
Pay attention to the  
destination and source  
address, and the desired  
effect.  
create access-list <mylist> tcp destination  
<ipaddress> ip-port <portnumber> source <ipaddress>  
ip-port any permit-established ports <portnumber>  
precedence 8  
The exact command line entry for this example is:  
This rule has a higher  
precedence than the rule  
tcp2.  
create access-list telnet-allow tcp destination  
10.10.10.100/32 ip-port 15 source any ip-port any  
permit-established ports any precedence 8  
322  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 17  
Access Policies  
Figure 17.4 shows the final outcome of this access list.  
SYN  
SYN  
10.10.10.100  
10.10.20.100  
Figure 17.4: Permit-established access list filters out SYN  
packet to destination  
Example 2: Filtering ICMP Packets  
This example creates an access list that filters out ping (ICMP echo)  
packets. ICMP echo packets are defined as type anycode any.  
The command to create this access list is:  
create access-list denyping icmp destination any  
source any type any code any deny ports any  
Figure 17.5 shows the final outcome of this access list.  
Figure 17.5: ICMP packets are filtered out  
Using Routing Access Policies  
Access policy entries can be one of these types:  
IP addresses and subnet masks  
VLANs  
Autonomous system path expressions (AS-Path), Border Gateway  
Protocol (BGP) only  
BGP communities (BGP only)  
323  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
See Creating an Access  
Profileon page 324.  
To use routing access policies  
1. Create an access profile.  
2. Configure the access profile to be of type permit, deny, or none.  
3. Add entries to the access profile.  
4. Apply the access profile.  
Creating an Access Profile  
The first thing to do when using routing access policies is to create  
an access profile. An access profile has a unique name, and contains  
one of these entry types:  
A list of IP addresses and associated subnet masks  
One or more autonomous system path expressions (BGP only)  
One or more BGP community numbers (BGP only)  
You must give the access profile a unique name (in the same  
manner as naming a VLAN, protocol filter, or Spanning Tree  
Domain). You must also indicate the type of access list.  
To create an access profile, use this command:  
create access-profile <access_profile> type  
[ipaddress | as-path | bgp-community]  
Configuring an Access Profile Mode  
After the access profile is created, you must configure the access  
profile mode. The access profile mode determines whether the  
items in the list are to be permitted access or denied access.  
There are three available modes:  
PermitThe permitaccess profile mode permits the operation,  
if it matches any entry in the access profile. If the operation does  
not match any entries in the list, the operation is denied.  
DenyThe denyaccess profile mode denies the operation, if it  
matches any entry in the access profile. If it does not match all  
specified entries in the list, the operation is permitted.  
NoneUsing the none mode, the access profile can contain a  
combination of permitand deny entries. Each entry must  
include a permitor denyattribute. The operation is compared  
324  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 17  
Access Policies  
with each entry in the list. Once a match is found, the operation is  
either permitted or denied, depending on the configuration of the  
matched entry. If no match is found, the operation is implicitly  
denied.  
To add or delete IP addresses or VLANs from an access profile, use  
this command:  
configure access-profile <access_profile> [add |  
delete] {ipaddress <ipaddress> <mask>}  
Then, configure the access profile mode using  
configure access-profile <access_profile> mode  
[permit | deny | none]  
Adding an Access Profile Entry  
Next, configure the access profile by adding or deleting IP  
addresses, autonomous system path expressions, or BGP  
communities, using this command:  
configure access-profile <access_profile> [add |  
delete | mode] {<seq_number>} {permit | deny}  
[ipaddress <ipaddress> | <mask> {exact} | as-path  
<path-expression> | bgp-community [internet | no-  
export | no-advertise | no-export-subconfed |  
<as_no:number> | number <community>]]  
These sections describe the configure access-profile add  
command.  
Specifying Subnet Masks  
The subnet mask specified in the access profile command is  
interpreted as a reverse mask. A reverse mask indicates the bits that  
are significant in the IP address. In other words, a reverse mask  
specifies the part of the address that must match the IP address to  
which the profile is applied.  
If you configure an IP address that is an exact match, specifically  
denied or permitted, use a mask of /32 (for example, 141.251.24.28/  
32).  
If the IP address represents all addresses in a subnet address that you  
wish to deny or permit, then configure the mask to cover only the  
subnet portion (for example, 141.251.10.0/24). The keyword exact  
325  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
can be used when you wish to match only against the subnet  
address, and ignore all addresses within the subnet.  
If you are using CIDR subnet masking, the same logic applies, but  
the configuration is more tricky. For example, the address  
141.251.24.128/25 represents any host from network  
141.251.24.128/255.255.255.128.  
Sequence Numbering  
You can specify the sequence number for each access profile entry.  
If you do not specify a sequence number, entries are sequenced in  
the order they are added. Each entry is assigned a value of five more  
than the sequence number of the last entry.  
Permit and Deny Entries  
If you have configured the access profile mode to be none, you must  
specify each entry type as either permitor deny. If you do not  
specify the entry type, it is added as a permitentry. If you have  
configured the access profile mode to be permitor deny, it is not  
necessary to specify a type for each entry.  
Autonomous System Expressions  
The as-pathkeyword uses a regular expression string to match  
against the AS-path. Regular expression notation can include any of  
the characters listed in Table 17.2.  
Table 17.2: Regular Expression Notation  
Character  
Definition  
[,]  
.
Specifies a range of numbers to be matched  
Matches any number  
^
$
-
Matches the beginning of the AS path  
Matches the end of the AS path  
Matches the beginning or end, or a space  
Separates the beginning and end of a range  
of numbers  
326  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 17  
Access Policies  
Table 17.2: Regular Expression Notation  
Character  
Definition  
*
+
?
Matches zero or more instances  
Matches one or more instances  
Matches zero or one instance  
Deleting an Access Profile Entry  
To delete an access profile entry, use this command:  
configure access-profile <access_profile> delete  
<seq_number>  
Applying Access Profiles  
After the access profile is defined, apply it to one or more routing  
protocols or VLANs. When an access profile is applied to a protocol  
function (for example, the export of RIP routes) or a VLAN, this  
forms an access policy.  
A profile can be used by multiple routing protocol functions or  
VLANs, but a protocol function or VLAN can use only one access  
profile.  
Routing Access Policies for RIP  
If the RIP protocol is being used, you can configure the 480T  
routing switch to use an access profile to determine any of these:  
Trusted NeighborUse an access profile to determine trusted  
RIP router neighbors for the VLAN on the switch running RIP. To  
configure a trusted neighbor policy, use this command:  
configure rip vlan [<name> | all] trusted-  
gateway [<access_profile> | none]  
Import FilterUse an access profile to determine which RIP  
routes are accepted as valid routes. You can combine this policy  
with the trusted neighbor policy to accept selected routes only  
from a set of trusted neighbors. To configure an import filter  
policy, use this command:  
327  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
configure rip vlan [<name> | all] import-filter  
[<access_profile> | none]  
Export FilterUse an access profile to determine which RIP  
routes are advertised into a particular VLAN, using this  
command:  
configure rip vlan [<name> | all] export-filter  
[<access_profile> | none]  
Examples  
In the example shown in Figure 17.6, a switch is configured with  
three VLANs, Engsvrs, Sales and Backbone. The RIP protocol is  
used to communicate with other routers on the network. The  
administrator wants to allow internal access to all the VLANs on the  
switch, but no access to the router that connects to the Internet. The  
remote router that connects to the Internet has a local interface  
connected to the corporate backbone. The IP address of the local  
interface connected to the corporate backbone is 10.0.0.10/24.  
Internet  
Internet  
10.0.0.10 / 24  
Backbone (RIP)  
10.0.0.11 / 24  
Engsvrs  
10.0.0.12 / 24  
Sales  
Switch being  
configured  
10.1.1.1 / 24  
10.2.1.1 / 24  
Engsvrs  
Figure 17.6: RIP access policy example  
Sales  
480t 007  
328  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 17  
Access Policies  
Assuming the backbone VLAN interconnects all the routers in the  
company (and, therefore, the Internet router does not have the best  
routes for other local subnets), the commands to build the access  
policy for the switch would be:  
create access-profile nointernet type ipaddress  
configure access-profile nointernet mode deny  
configure access-profile nointernet add ipaddress  
10.0.0.10/32  
configure rip vlan backbone trusted-gateway  
nointernet  
If the administrator wants to restrict any user belonging to the  
VLAN Engsvrs from reaching the VLAN Sales (IP address  
10.2.1.0/24), the additional access policy commands to build the  
access policy would be:  
create access-profile nosales type ipaddress  
configure access-profile nosales mode deny  
configure access-profile nosales add ipaddress  
10.2.1.0/24  
configure rip vlan backbone import-filter nosales  
This configuration results in the switch having no route back to the  
VLAN Sales.  
Routing Access Policies for OSPF  
For information on  
Because OSPF is a link-state protocol, the access policies  
associated with OSPF are different in nature than those associated  
with RIP. Access policies for OSPF are intended to extend the  
filtering and security capabilities of OSPF (for example, link  
authentication and the use of IP address ranges). If the OSPF  
protocol is being used, you can configure the switch to use an access  
profile to determine any of these:  
converting an OSPF area  
into an IP type format see  
"OSPF (Open Shortest  
Path First)" on page 443.  
Inter-area FilterFor switches configured to support multiple  
OSPF areas (an ABR function), you can apply an access profile to  
an OSPF area that filters a set of OSPF inter-area routes from  
being sourced from any other areas. To configure an inter-area  
filter policy, use this command:  
configure ospf area <area_id> interarea-filter  
[<access_profile> | none]  
329  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
External FilterFor switches configured to support multiple  
OSPF areas (an ABR function), you can apply an access profile to  
an OSPF area that filters a set of OSPF external routes from being  
advertised into that area. To configure an external filter policy, use  
this command:  
configure ospf area <area_id> external-filter  
[<access_profile> | none]  
If any of the external  
routes specified in the filter  
have already been  
advertised, those routes  
will remain until the  
associated LSAs in that  
area time-out.  
ASBR FilterFor switches configured to support RIP and static  
route re-distribution into OSPF, you can use an access profile to  
limit the routes advertised into OSPF for the switch as a whole. To  
configure an ASBR filter policy, use this command:  
configure ospf asbr-filter [<access_profile> |  
none]  
Direct FilterFor switches configured to support direct route re-  
distribution into OSPF, you can use an access profile to limit the  
routes that are advertised into OSPF for the switch as a whole. To  
configure a direct filter policy, use this command:  
configure ospf direct-filter [<access_profile> |  
none]  
OSPF Access Policy Example  
Figure 17.7 illustrates an OSPF network that resembles the network  
used previously in the RIP example. In this example, access to the  
Internet is accomplished using the ASBR function on the switch  
labeled Internet. As a result, all routes to the Internet are done  
through external routes.  
Suppose the network administrator wishes to only allow access to  
certain Internet addresses falling within the range 192.1.1.0/24 to  
get to and from the internal backbone.  
To configure the switch labeled Internet, the commands would be:  
create access-profile okinternet ipaddress  
configure access-profile okinternet mode permit  
configure access-profile okinternet add 192.1.1.0/  
24  
configure ospf asbr-filter okinternet  
330  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 17  
Access Policies  
Internet  
192.1.1.1/24  
allowed  
®
Switch being  
configured  
Internet  
10.0.0.10 / 24  
Backbone (OSPF)  
area 0.0.0.0  
10.0.0.11 / 24  
Engsvrs  
10.0.0.12 / 24  
®
®
Sales  
10.1.1.1 / 24  
10.2.1.1 / 24  
Engsvrs  
area 0.0.0.1  
Sales  
area 0.0.0.2  
480t_008  
Figure 17.7: OSPF access policy example  
Routing Access Policies for DVMRP  
The access policy capabilities for DVMRP resemble those for RIP.  
If the DVMRP protocol is used for routing IP multicast traffic, you  
can configure the switch to use an access profile to determine:  
Trusted NeighborUse an access profile to determine trusted  
DVMRP router neighbors for the VLAN on the switch running  
DVMRP. To configure a trusted neighbor policy, use this  
command:  
configure dvmrp vlan [<name> | all] trusted-  
gateway [<access_profile> | none]  
Import FilterUse an access profile to determine which  
DVMRP routes are accepted as valid routes. To configure an  
import filter policy, use this command:  
configure dvmrp vlan [<name> | all] import-  
filter [<access_profile> | none]  
331  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Export FilterUse an access profile to determine which  
DVMRP routes are advertised into a particular VLAN, using this  
command:  
configure dvmrp vlan [<name> | all] export-  
filter [<access_profile> | none]  
DVMRP Example  
In this example, the network used in the previous RIP example is  
configured to run DVMRP. The network administrator wants to  
disallow Internet access for multicast traffic to users on the VLAN  
Engsvrs.  
This is accomplished by preventing the learning of routes that  
originate from the switch labeled Internet through DVMRP on the  
switch labeled Engsvrs.  
To configure the switch labeled Engsvrs, use these commands:  
create access-profile nointernet type ipaddress  
configure access-profile nointernet mode deny  
configure access-profile nointernet add ipaddress  
10.0.0.10/32  
configure dvmrp vlan backbone trusted-gateway  
nointernet  
Suppose the administrator wants to preclude users on the VLAN  
Engsvrs from seeing any multicast streams that are generated by the  
VLAN Sales across the backbone. The commands for the additional  
configuration of the switch labeled Engsvrs are:  
create access-profile nosales type ipaddress  
configure access-profile nosales mode deny  
configure access-profile nosales add ipaddress  
10.2.1.0/24  
configure dvmrp vlan backbone import-filter nosales  
Routing Access Policies for PIM  
PIM (Protocol Independent Multicasting) leverages the unicast  
routing capability that is already present in the 480T routing switch.  
If the PIM protocol is used for routing IP multicast traffic, you can  
332  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 17  
Access Policies  
configure the switch to use an access profile to determine trusted  
neighbor (PIM) router neighbors for the VLAN on the switch  
running PIM.  
To configure a trusted neighbor policy, use this command:  
configure pim vlan [<name> | all] trusted-  
gateway [<access_profile> | none]  
PIM Example  
With PIM, you can use the unicast access policies to restrict  
multicast traffic. In this example, a network similar to the example  
used in the previous RIP example is also running PIM. The network  
administrator wants to disallow Internet access for multicast traffic  
to users on the VLAN Engsvrs. This is accomplished by preventing  
the learning of routes that originate from the switch labeled Internet  
using PIM on the switch labeled Engsvrs.  
To configure the switch labeled Engsvrs, the commands would be:  
create access-profile nointernet type ipaddress  
configure access-profile nointernet mode deny  
configure access-profile nointernet add ipaddress  
10.0.0.10/32  
configure pim vlan backbone trusted-gateway  
nointernet  
Routing Access Policies for BGP  
If the BGP protocol is being used, you can configure the switch to  
use an access profile to determine:  
NLRI filterUse an access profile to determine the NLRI  
information that must be exchanged with a neighbor. To configure  
an NLRI filter policy, use this command:  
configure bgp neighbor [<ipaddress> | all]  
nlri-filter [in | out] [<access_profile> |  
none]  
The NLRI filter access policy can be applied to the ingress or  
egress updates, using the inand outkeywords, respectively.  
Autonomous system path filterUse an access profile to  
determine which NLRI information must be exchanged with a  
neighbor based on the AS path information present in the path  
333  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
attributes of the NLRI. To configure an autonomous system path  
filter policy, use this command:  
configure bgp neighbor [<ipaddress> | all] as-  
path-filter [in | out] [<access_profile> |  
none]  
You can apply the autonomous system path filter to the ingress  
or egress updates, using the inand outkeywords, respectively.  
Making Changes to a Routing  
Access Policy  
Changes to profiles  
applied to OSPF require  
rebooting the switch or  
disabling and re-enabling  
OSPF.  
You can change the routing access policy by changing the  
associated access profile. However, the propagation of the change  
depends on the protocol and policy involved. Propagation of  
changes applied to RIP, DVMRP, and PIM access policies depend  
on the respective protocol timers to age-out entries.  
In BGP, the change to the policy is immediately effective on the  
routing information exchanged after the policy changes. You can  
apply the changes on the routing information that had been  
exchanged before the policy changes, by issuing a soft reset on the  
ingress or egress side, depending on the change.  
For soft resets to be applied on the ingress side, the changes must  
have been previously enabled on the neighbor.  
Removing a Routing Access Policy  
To remove a routing access policy, you must remove the access  
profile from the routing protocol or VLAN. All the commands that  
apply an access profile to form an access policy also have the option  
of choosing noneas the access profile. Using the noneoption  
removes any access profile of that particular type from the protocol  
or VLAN, and, therefore, removes the access policy.  
334  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 17  
Access Policies  
Routing Access Policy Commands  
Table 17.3 describes the commands used to configure routing  
access policies. Press the Tab key in the command line interface for  
further command options.  
Table 17.3: Routing Access Policy Configuration Commands  
Command  
Description  
configure access-profile <access_profile>  
add {<seq-number>} {permit | deny}  
[ipaddress <ipaddress> <mask> {exact} |  
as-path <path_expression> | bgp-  
Adds an entry to the access profile. The explicit  
sequence number, and permit or deny attribute  
should be specified if the access profile mode is  
none. Specify:  
community [internet | no-advertise | no-  
export | no-export-subconfed |  
<as_no:number> | number <community>]]  
<seq-number>The order of the entry  
within the access profile. If no sequence  
number is specified, the new entry is added  
to the end of the access profile and is  
automatically assigned a value of 5 more  
than the sequence number of the last entry.  
permit | denyPer-entry permit or deny  
specification. The per-entry attribute only  
takes effect if the access profile mode is  
none. Otherwise, the overall access profile  
type takes precedence.  
<ipaddress> <mask>An IP address and  
mask. If the attribute exactis specified  
for an entry, then an exact match with  
address and mask is performed; subnets  
within the address range do not match entry  
against entry.  
as-pathA regular expression string to  
compare with the autonomous system path.  
bgp-communityThe BGP community  
number in as_no:number format, or as an  
unsigned 32-bit integer in decimal format.  
The BGP community internetmatches  
against all routes, because all routes belong  
to the Internet community.  
335  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 17.3: Routing Access Policy Configuration Commands (continued)  
Command  
Description  
configure access-profile <access_profile>  
delete <seq_number>  
Deletes an access profile entry using the  
sequence number.  
configure access-profile <access_profile>  
mode [permit | deny | none]  
Configures the access profile to one of the  
following:  
permitAllows the addresses that match  
the access profile description.  
denyDenies the addresses that match the  
access profile description.  
nonePermits and denies access on a per-  
entry basis. Each entry must be added to the  
profile as either permitor deny.  
The default setting is permit.  
configure bgp neighbor [<ipaddress> | all]  
as-path-filter [in | out] [<access_profile> |  
none]  
Configures BGP to use the AS-path filter for  
the routing information exchanged with the  
neighbor.  
configure bgp neighbor [<ipaddress> | all]  
nlri-filter [in | out] [<access_profile> |  
none]  
Configures BGP to use the NLRI filter for  
routing information exchanged with a neighbor.  
configure dvmrp vlan [<name> | all] export- Configures DVMRP to filter out certain routes  
filter [<access_profile> | none]  
while performing the route advertisement.  
configure dvmrp vlan [<name> | all]  
import-filter [<access_profile> | none]  
Configures DVMRP to filter certain routes  
received from its neighbor.  
configure dvmrp vlan [<name> | all]  
trusted-gateway [<access_profile> | none]  
Configures DVMRP to use the access policy to  
determine which DVMRP neighbor is trusted  
and to receive routes from the access policy.  
configure ospf area <area_id> external-  
filter [<access_profile> | none]  
Configures the router to use an access policy or  
policies to determine which external routes are  
allowed to be exported into the area. This router  
must be an ABR.  
336  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 17  
Access Policies  
Table 17.3: Routing Access Policy Configuration Commands (continued)  
Command  
Description  
configure ospf area <area_id> interarea-  
filter [<access_profile> | none]  
Configures the router to use the access policy to  
determine which inter-area routes are allowed  
to be exported into the area. This router must be  
an ABR.  
configure ospf asbr-filter [<access_profile>  
| none]  
Configures the router to use the access policy to  
limit the routes that are advertised into OSPF  
for the switch as a whole, for switches  
configured to support RIP and static route  
redistribution into OSPF.  
configure ospf direct-filter  
[<access_profile> | none]  
Configures the router to use the access policy to  
limit the routes that are advertised into OSPF  
for the switch as a whole, for switches  
configured to support direct route redistribution  
into OSPF.  
configure pim vlan [<name> | all] trusted-  
gateway [<access-profile> | none]  
Configures PIM to use the access profile to  
determine which PIM neighbor is to receive or  
reject the routes.  
configure rip vlan [<name> | all ] export-  
filter [<access-profile> | none]  
Configures RIP to suppress certain routes when  
performing route advertisements.  
configure rip vlan [<name> | all] import-  
filter [<access_profile> | none]  
Configures RIP to ignore certain routes  
received from its neighbor.  
configure rip vlan [<name> | all] trusted-  
gateway [<access_profile> | none]  
Configures RIP to use the access list to  
determine which RIP neighbor is to receive (or  
reject) the routes.  
Using Route Maps  
Route maps are a mechanism you can use to conditionally control  
the redistribution of routes between two routing domains, and to  
modify the routing information that is redistributed.  
337  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Route maps are used in conjunction with the match and set  
operations. A match operation specifies a criteria that must be  
matched. A set operation specifies a change that is made to the route  
when the match operation is successful.  
There are three basic steps to configuring a route-map:  
1. Create a route-map.  
2. Add entries to the route map.  
3. Add statements to the route map entries.  
Creating a Route Map  
To create a route-map , use this command:  
create route-map <route-map>  
Add Entries to the Route Map  
To add entries to the route map, use this command:  
configure route-map <route-map> add <sequence number>  
[permit | deny] {match-one | match-all}  
where:  
The unique sequence number identifies the entry, and  
determines the position of the entry in the route map. Route maps  
are evaluated sequentially.  
The permitkeyword permits the route; the denykeyword denies  
the route and is applied only if the entry is successful.  
The match-onekeyword is a logical or. The route map is  
successful if at least one of the matching statements is true.  
The match-allkeyword is a logical and. The route map is  
successful when all match statements are true. This is the default  
setting.  
Add Statements to the Route Map Entries  
To add statements to the route map entries, use one of these three  
commands:  
338  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 17  
Access Policies  
configure route-map <route-map> <sequence number>  
add match [nlri-list <access_profile> | as-path  
[access_profile <access-profile> | <as num>] |  
community [access-profile <access_profile> |  
<as_num>:<number> | number <community>] | next-hop  
<ipaddress> | med <number> | origin [igp | egp |  
incomplete | tag <number>]]  
configure route-map <route-map> <sequence number>  
add set [as-path <as_num> | community [remove |  
{add | delete} [access-profile <access_profile |  
<as_num:number> | number <number>] |] next-hop  
<ipaddress> | med <number> | local-preference  
<number> | origin [igp | egp | incomplete | tag  
<number>]]  
configure route-map <route-map> <sequence number>  
add goto <route-map>  
where:  
The route-mapis the name of the route map.  
The sequence numberidentifies the entry in the route map to  
which this statement is being added.  
The match, set, and gotokeywords specify the operations to  
be performed. Within an entry, the statements are sequenced in  
the order of their operation. The match statements are first,  
followed by set, and then goto.  
The nlri-list, as-path, community, next-hop, med,  
origin, and weightkeywords specify the type of values that  
must be applied using the specified operation against the  
corresponding attributes as described in Table 17.4 and  
Table 17.5.  
Table 17.4: Match Operation Keywords  
Keyword  
Description  
nlri-list <access_profile>  
Matches the NLRI against the specified access profile.  
as-path [<access_profile> | <as-  
no>]  
Matches the AS path in the path attributes against the  
specified access profile or AS number.  
339  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 17.4: Match Operation Keywords  
Keyword  
Description  
community [<access_profile> |  
<community>]  
Matches the communities in the path attribute against the  
specified BGP community access profile or the  
community number.  
next-hop <ipaddress>  
med <number>  
Matches the next-hop in the path attribute against the  
specified IP address.  
Matches the multi-existing discriminator (MED) in the  
path attribute against the specified MED number.  
origin [igp | egp | incomplete]  
Matches the origin in the path attribute against the  
specified origin.  
Table 17.5: Set Operation Keywords  
Keyword  
Definition  
as-path <as no>  
Adds the specified AS number to the beginning of the  
AS path in the path attribute.  
community <community>  
next-hop <ipaddress>  
med <number>  
Adds the specified community to the existing  
community in the path attribute.  
Sets the next hop in the path attribute to a specified IP  
address.  
Sets MED in the path attribute to a specified MED  
number.  
local-preference <number>  
Sets the local preference in the path attribute to the  
specified local preference number.  
weight <number>  
origin  
Sets weight associated with NLRI to a specified number.  
Sets origin in the path attributes to the specified origin.  
340  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 17  
Access Policies  
Route Map Operation  
The entries in the route map are processed in the ascending order of  
the sequence number. Within the entry, the match statements are  
processed first. When the match operation is successful, the set and  
goto statements within the entry are processed, and the action  
associated with the entry is either applied, or the next entry is  
processed. If the end of the route map is reached, it is implicitly  
denied.  
When there are multiple match statements, the primitive match-  
one or match-all in the entry determines how many matches are  
required for success.  
When there are no match statements in an entry, the entry is  
considered a successful match.  
Route Map Example  
Figure 17.8 shows a topology using route maps to filter or modify  
routing information that is exchanged between the neighbors RTA  
and RTB using BGP.  
AS 1111  
®
1
9
2
3
4
5
6
7
8
Internet  
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
RTA  
10.0.0.1  
10.0.0.2  
®
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
RTB  
AS 2222  
480T_048R  
Figure 17.8: Route maps  
341  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
These points apply to this example:  
RTA is a member of AS 1111 and peers with a router in the  
Internet to receive the entire Internet routing table.  
RTB is a member of AS 2222, and has an EBGP connection with  
RTA through which it receives the Internet routing table.  
AS 1111 is acting as a transit AS for all traffic between AS 2222  
and the Internet.  
If you are the administrator of AS 1111 and you want to filter  
out route information about network 221.1.1.0/24 and its  
subnets from being passed on to AS 2222, you can configure a  
route-map on the egress side of RTA's EBGP connection with  
RTB, and filter out the routes.  
To configure RTA, use these commands:  
create access-profile iplist type ipaddress  
configure iplist add ipaddress 221.1.1.0/24  
create route-map bgp-out  
configure bgp-out add 10 deny  
configure bgp-out 10 add match nlri-list iplist  
configure bgp-out add 20 permit  
configure bgp neighbor 10.0.0.2 route-map-filter  
out bgp-out  
configure bgp neighbor 10.0.0.2 soft-reset out  
To modify the routing information originated from AS 300 to  
include a MED value of 200, the sequence of commands would be:  
create access-profile aslist type as-path  
configure aslist add as-path "^300"  
configure bgp-out add 15 permit  
configure bgp-out 15 add match as-path access-  
profile aslist  
configure bgp-out 15 add set med 200  
configure bgp neighbor 10.0.0.2 soft-reset out  
Changes to Route Maps  
Changes to the route maps used to modify or filter NLRI  
information exchanged with neighbors is immediately effective on  
the routing information exchanged after the policy changes.  
342  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 17  
Access Policies  
You can apply the changes on the NLRI information that had been  
exchanged before the policy changes, by issuing a soft reset on the  
ingress or egress side, depending on the changes.  
For soft resets to be applied on the ingress side, the changes must be  
previously enabled on the neighbor.  
Changes to the route maps associated with network aggregation or  
redistribution commands become effective after a maximum  
interval of 30 seconds. You can immediately apply them by using  
the soft reconfiguration command.  
Route Maps in BGP  
Route maps are used in BGP to modify or filter NLRI information  
exchanged with neighbors. They are also used in NLRI information  
that originates through network command, aggregation, or  
redistribution.  
Route Map Commands  
Table 17.6 describes route map commands. For further command  
options, press the Tab key in the command line interface.  
343  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 17.6: Route Map Commands  
Command  
Description  
configure route-map <route-map> [add |  
delete] <sequence number> [deny | permit]  
{match-all | match one}  
Adds or deletes entries to the route map.  
Specify:  
The sequence numberuniquely identifies  
the entry, and determines the position of the  
entry in the route map. Route maps are  
evaluated sequentially.  
The permitkeyword permits the route; the  
denykeyword denies the route and is  
applied only if the entry is successful.  
The match-onekeyword is a logical or.  
The route map is successful if at least one  
of the matching statements is true.  
The match-allkeyword is a logical and.  
The route map is successful when all match  
statements are true. The match allsetting  
is the default.  
configure route-map <route-map> <sequence  
number> add goto <route-map>  
Configures a route-map gotostatement.  
configure route-map <route-map> <sequence  
number> add match [nlri-list  
Configures a route-map matchstatement.  
Specify:  
<access_profile> | as-path [access_profile  
<access_profile> | <as_num>] | community  
[access-profile <access_profile> |  
<as_num>:<number | number <community>]  
| next-hop <ipaddress> | med <number> |  
origin [igp | egp | incomplete | tag <number>]]  
route-mapThe name of the route map.  
sequence numberThe statement in  
the route map to which this statement is  
being added.  
nlri-list, as-path, community,  
next-hop, med, and originThe type  
of values that must be applied using the  
specified operation against the  
corresponding attributes as described in  
Table 17.4.  
344  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R 17  
Access Policies  
Table 17.6: Route Map Commands (continued)  
Command  
Description  
configure route-map <route-map> <sequence  
number> add set [accounting index <num>  
value <num> | as-path <as_num> |  
community [remove | {add | delete} [access-  
profile <access_profile> | <as_num:number>  
| number <number>]] | cost <num> | cost-type  
[<ase-type-1 | ase-type-2>] | next-hop  
Configures a route-map setstatement.  
Specify:  
route-map The name of the route  
map.  
sequence numberThe statement in the  
route map to which this statement is  
being added.  
<ipaddress> | med <number> | local-  
preference <number> | origin [igp | egp |  
incomplete] | tag <num> | weight <num>]  
as-path, community, next-hop, med,  
local-preference, and origin –  
Specify the type of values that must be  
applied using the specified operation  
against the corresponding attributes as  
described in Table 17.5.  
configure route-map <route-map> <sequence  
number> delete goto <route-map>  
Deletes a route-map gotostatement.  
Deletes a route-map matchstatement.  
configure route-map <route-map> <sequence  
number> delete match [nlri-list  
<access_profile> | as-path [access-profile  
<access_profile> | <as_no>] | community  
[access-profile | no-advertise | no-export | no-  
export-subconfed | number | <AS-id>] | next-  
hop <ipaddress> | med <number> | origin [igp  
| egp | incomplete]]  
configure route-map <route-map> <sequence  
number> delete set [accounting index <num>  
value <num> | as-path <as_num> |  
Deletes a route-map setstatement.  
community [remove | {add | delete} [access-  
profile <access_profile> | <as_num:number>  
| number <number>]] | cost <num> | cost-type  
[<ase-type-1 | ase-type-2>] | next-hop  
<ipaddress> | med <number> | local-  
preference <number> | origin [igp | egp |  
incomplete] | tag <num> | weight <num>]  
345  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 17.6: Route Map Commands (continued)  
Command  
Description  
configure route-map <route-map> add  
<sequence number> [permit | deny] {match-  
one | match-all]  
Adds a statement to the route map with the  
specified sequence number and action. The  
sequence number determines the order of the  
statement in the route map, and the action  
specifies the action to be taken on a successful  
match against the statements in the route map.  
configure route-map <route-map> delete  
<sequence number>  
Deletes a statement from the route map.  
Creates a route-map statement.  
create route-map <route-map>  
delete route-map <route_map>  
Deletes a route-map statement from the route  
map.  
346  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Server Load  
18  
Balancing (SLB)  
Overview  
The Server Load Balancing (SLB) feature of the Intel® NetStructure™  
480T routing switch divides many client requests among several servers.  
This activity is transparent to the client using the resource. It is mainly  
used for Web hosting where several redundant servers are used to increase  
the performance and reliability of busy Web sites.  
Using SLB, the switch can manage and balance traffic for client  
equipment such as Web servers, cache servers, routers, firewalls, and  
proxy servers. SLB offers a variety of useful features that meet the special  
needs of e-commerce sites, Internet service providers, and managers of  
large intranets.  
SLB Components  
There are three components that comprise an SLB system:  
Nodes  
Pools  
Virtual Servers  
All three components are required for every SLB configuration.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Nodes  
A node is an individual service on a physical server that consists of  
an IP address and a port number.  
Pools  
A pool is a group of nodes that is mapped to a corresponding virtual  
server. Pools allow you to scale large networks that contain many  
nodes. Pools may be configured independently and associated with  
virtual servers in complex ways.  
Each pool has its own load balancing method. When associated with  
a virtual server, the pool cannot be deleted from the SLB  
configuration.  
Pools must be added before, and deleted after, the virtual servers  
that reference them. If a pool is not associated with a virtual server,  
it is not used for load balancing.  
To create a pool, use this command:  
create slb pool <poolname> {lb-method [round-robin  
| ratio | priority | least-connections]}  
To add nodes to a pool, use this command:  
configure slb pool <poolname> add  
<ipaddress>:<L4Port> {ratio <ratio> | priority  
<priority>}  
To delete nodes from a pool, use this command:  
configure slb pool <poolname> delete  
<ipaddress>:<L4Port>  
Virtual Servers  
Virtual servers are the backbone of the SLB configuration. They  
determine which groups of servers, or other network equipment, are  
targeted for server load balancing. Before you configure virtual  
servers, you need to know:  
The forwarding mode for your network design  
The name of the pool  
The virtual IP address  
348  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
The virtual port number  
Once you know which virtual server options are useful in your  
network, you can:  
Define standard virtual servers  
Define wildcard virtual servers  
Each virtual server maps to a single pool, which can be a group of  
content servers, firewalls, routers, or cache servers.  
You can configure two different types of virtual servers:  
Standard virtual servers  
A standard virtual server represents a site, such as a Web site or  
an FTP site, and it provides load balancing for content servers.  
The virtual server IP address should be the same IP address that  
you register with the DNS (domain name system) for the site  
that the virtual server represents.  
Wildcard virtual servers  
A wildcard virtual server load balances transparent network  
devices such as firewalls, routers, or cache servers. Wildcard  
virtual servers use a special wildcard IP address (0.0.0.0), and  
you can use them only if Transparent mode is activated.  
For cache server applications, use flow redirection.  
A virtual server is identified by a virtual IP address. To create a  
virtual server, use this command:  
create slb vip <vipname> pool <poolname> mode  
[transparent | translation | port-translation]  
<ipaddress>{-<upper_ipaddress>}: <L4Port> {unit  
<number>}  
Forwarding Modes  
The 480T routing switch supports these SLB forwarding modes:  
Transparent  
Translational  
Port Translation  
GoGo  
349  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 18.1 summarizes the features supported by each forwarding  
mode.  
Table 18.1: Forwarding Mode Feature Summary  
Port  
Transparent  
Translational  
Translation  
GoGo  
Performance  
Hardware-  
based, server-  
to-client  
Microprocessor- Microprocessor- Hardware-based,  
based, bi-  
based, bi-  
directional  
bi-directional  
directional  
Load sharing  
algorithms  
Round-robin,  
Ratio, Priority,  
Least  
Round-robin,  
Ratio, Priority,  
Least  
Round-robin,  
Ratio, Priority,  
Least  
Round-robin  
(hash)  
Connections  
Connections  
Connections  
Persistence  
IPSA + Mask,  
IP list  
IPSA + Mask,  
IP list  
IPSA + Mask,  
IP list  
IPSA  
L1  
Health  
checking  
L3, L4, L7,  
External  
L3, L4, L7,  
External  
L3, L4, L7,  
External  
Transparent Mode  
As with any server load  
balancing application, the  
Using transparent mode, the 480T routing switch does not modify  
the IP addresses before sending the traffic on to the selected server.  
content must be duplicated To accomplish this, all servers must respond to the IP addresses  
on all physical servers.  
associated with the virtual server. This virtual IP address (VIP) is  
the address used by the clients to connect to the virtual server. The  
servers must use this address as a loopback address and the address  
associated with the virtual server must be load balanced.  
It is not possible to have a In transparent mode, servers can be directly attached or have a  
router between the SLB  
switch and the load  
balanced servers.  
Layer 2 switch between the SLB switch and the server.Transparent  
mode is shown in Figure 18.1.  
To configure transparent mode, use this command:  
create slb vip <vipname> pool <poolname> mode  
transparent <ipaddress>{-<upper_ipaddress>}:  
<L4Port> {unit <number>}  
350  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
.
Clients  
Servers  
Stream 1  
Stream 3  
Stream 2  
Stream 1  
Stream 2  
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Stream 3  
480T_055R  
Figure 18.1: Transparent mode  
In Figure 18.1, the 480T routing switch is configured to respond to  
requests for the VIP by forwarding them to the load balanced  
servers.  
The servers are configured as follows:  
The interface for server 1 is 192.168.200.1  
The interface for server 2 is 192.168.200.2  
The loopback address on the servers is 192.168.201.1 (VIP)  
The service is configured to use the appropriate address and port,  
as specified in the switch configuration  
The commands used to configure the switch as shown in  
Figure 18.1 are described below. These commands configure the  
VLANs and the switch IP addresses and subnets:  
create vlan srvr  
create vlan clnt  
create vlan vips  
configure srvr ipaddress 192.168.200.1 /24  
configure clnt ipaddress 10.1.1.1 /24  
configure vips ipaddress 192.168.201.1 /24  
configure srvr add port 4-8  
configure clnt add port 1-4  
enable ipforwarding  
351  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Use these commands to create a round-robin pool called MyWeb,  
and add nodes to the new pool:  
create slb pool MyWeb lb-method round  
configure slb pool MyWeb add 192.168.200.1:80  
configure slb pool MyWeb add 192.168.200.2:80  
Use this command to create a transparent mode VIP for the Web site  
and assign the MyWeb pool to it:  
create slb vip WebVip pool MyWeb mode transparent  
192.168.201.1:80  
Use these commands to create a round-robin pool called MySSL,  
and add nodes to the new pool.  
create slb pool MySSL lb-method round-robin  
configure slb pool MySSL add 192.168.200.1:443  
configure slb pool MySSL add 192.168.200.2:443  
This command creates a transparent mode VIP for the Web site and  
assigns the MySSL pool to it:  
create slb vip SSLVip pool MySSL mode transparent  
192.168.201.1:443  
Use these commands to enable SLB, configure the server VLAN to  
act as the server side, and configure the client VLAN to act as the  
client side:  
enable slb  
configure vlan srvr slb-type server  
configure vlan clnt slb-type client  
Individual servers require that a loopback address be configured for  
each IP address to which the server will respond.  
Translational Mode  
In translational mode, requests coming in to the VIP are translated  
to the IP address of the server to be balanced. This mode does not  
require the configuration of a loopback address, since each server  
only uses its own IP address. As with any server load balancing  
application, the content must be duplicated on all physical servers.  
352  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
To configure translational mode, use this command:  
create slb vip <vipname> pool <poolname> mode  
translation <ipaddress>{-<upper_ipaddress>}:  
<L4Port> {unit <number>}  
Figure 18.2 shows translational mode.  
Clients  
Servers  
Stream 1  
Stream 1  
Stream 2  
Stream 3  
®
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Stream 2  
Stream 3  
SLB switch  
2 virtual servers configured  
VIP addresses:  
Servers  
Each server responds to  
requests on its  
real unique IP address  
Server1 192.168.200.1  
port 80 MyWeb  
192.168.201.1 port 80  
representing MyWeb.com  
points to pool WebVip  
192.168.201.1 port 443  
representing MySSL.com  
points to pool SSLVip  
port 443 MySSL  
Server2 192.168.200.2  
port 80 MyWeb  
port 443 MySSL  
480T_053R  
Figure 18.2: Translational mode  
In Figure 18.2, the 480T routing switch is configured to respond to  
requests for the VIP by translating them and forwarding them to the  
load balanced servers. No additional server configuration is needed.  
Use these commands to configure the VLANs and the switch IP  
addresses and subnets:  
create vlan srvr  
create vlan clnt  
create vlan vips  
configure srvr ipaddress 192.168.200.10 /24  
configure clnt ipaddress 10.1.1.1 /24  
353  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
configure vips ipaddress 192.168.201.1 /24  
configure srvr add port 4-8  
configure clnt add port 1-4  
enable ipforwarding  
These commands create a round-robin pool called MyWeb, and add  
nodes to the new pool:  
create slb pool MyWeb lb-method round  
configure slb pool MyWeb add 192.168.200.1:80  
configure slb pool MyWeb add 192.168.200.2:80  
This command creates a translation mode VIP (virtual IP address)  
for the Web site and assign the MyWeb pool to it:  
create slb vip WebVip pool MyWeb mode translation  
192.168.201.1:80  
Use these commands to create a round-robin pool called MySSL,  
and add nodes to the new pool:  
create slb pool MySSL lb-method round  
configure slb pool MySSL add 192.168.200.1:443  
configure slb pool MySSL add 192.168.200.2:443  
To create a translation mode VIP for the Web site and assign the  
MySSL pool to it, use this command:  
create slb vip SSLVip pool MySSL mode translation  
192.168.201.1:443  
Use these commands to enable SLB, configure the server VLAN to  
act as the server side, and configure the client VLAN to act as the  
client side:  
enable slb  
configure vlan srvr slb-type server  
configure vlan clnt slb-type client  
Port Translation Mode  
Port translation is essentially the same thing as translational mode,  
except that the Layer 4 port on the virtual server can be different  
from the Layer 4 port on the nodes being load balanced. The 480T  
354  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
routing switch automatically changes the IP address and port  
address on incoming packets to that of the load balanced servers. As  
with any server load balancing application, the content must be  
duplicated on all physical servers.  
Configure port translation mode using this command:  
create slb vip <vipname> pool <poolname> mode  
port-translation <ipaddress>-  
{<upper_ipaddress>}:<L4Port> {unit <number>}  
GoGo Mode  
As with any server load  
balancing application, the  
GoGo mode is considered a fast (line rate) method of server load  
balancing. GoGo mode forwards traffic without manipulating  
content must be duplicated packet content. Session persistence is maintained using IP source  
on all physical servers.  
address persistence information.  
Traffic is optimally  
To use GoGo mode, all servers are configured with the same MAC  
balanced across groups of and IP addresses. In GoGo mode, the load balancing method is  
two, four, or eight directly fixed, and is based on a hashing of the client IP address. All GoGo  
attached servers. Because mode traffic exhibits persistence based on source IP information.  
servers are always directly That is, a given source address is mapped to one and only one  
attached, there is no need physical server.  
to configure nodes, pools,  
or VIPs.  
Figure 18.3 shows GoGo mode.  
Clients  
Servers  
SLB switch Gogo-Mode configured  
for ports 29-32  
No other configuration necessary  
Servers configured to use  
same IP and MAC addresses  
Server 1 192.168.200.1  
MAC 00-00-00-CO-FF-EE  
®
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
Server 2 192.168.200.1  
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
MAC 00-00-00-CO-FF-EE  
480T_040R  
Figure 18.3: GoGo mode  
355  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
In Figure 18.3, the 480T routing switch is configured to balance all  
traffic sent to the VIP based on the client IP address.  
All servers have the same:  
MAC address  
IP address  
Content  
The commands used to configure the switch, as indicated in the  
example are:  
create vlan server  
create vlan client  
configure srvr ipaddress 10.1.1.1 /24  
configure clnt ipaddress 1.1.1.1 /24  
configure srvr add port 4-8  
configure clnt add port 1-4  
enable slb gogo 4 grouping 4-8  
enable ipforwarding  
Separating clients and servers into separate VLANs is not a  
requirement in GoGo mode.  
VIP Network Advertisement  
There are three methods for controlling network connectivity to the  
VIPs. Depending on the subnet to which the VIP belongs, the 480T  
routing switch will adjust its behavior automatically.  
Proxy ARP - If the VIP is a member of an existing subnet to  
which the switch is directly attached, the switch responds to ARP  
requests on behalf of the VIP. This allows you to implement  
server load balancing on a Layer 2 network. The VLAN  
containing the servers is a different subnet than the client VLANs  
subnet. The VIP appears as a member of the client subnet.  
Host-Route - If the VIP created is not a member of an existing  
subnet that the switch is directly attached to, a host-route entry is  
added to the routing table for the switch. All clients will need to  
have a routed path to the VIP that points to the switchs IP address  
on the client VLAN.  
356  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
Subnet-Route - If your network configuration requires that the  
VIPs be propagated through a routing protocol by the switch, you  
need to create a loopback VLAN with the VIP(s) being valid  
members of the loopback VLANs subnet. When a routing  
protocol is enabled, the subnet containing the VIPs is propagated  
through the network.  
Balancing Methods  
A load balancing method defines, in part, the logic that the 480T  
routing switch uses to determine which node should receive a  
connection hosted by a particular virtual server. Individual load  
balancing methods take into account one or more dynamic factors,  
such as current connection count.  
Because each application of SLB is unique, node performance  
depends on a number of different factors. We recommend that you  
experiment with different load balancing methods, and choose the  
one that offers the best performance in your particular environment.  
The 480T routing switch supports these load balancing methods:  
Round-robin  
Ratio  
Least connections  
Priority  
Round-Robin  
The default load balancing method is round-robin, and it simply  
passes each new connection request to the next server in line,  
eventually distributing connections evenly across the array of  
devices being load balanced. Round-robin works well in most  
configurations, especially if the equipment that you are load  
balancing is roughly equal in processing speed and memory.  
To configure round-robin, use this command:  
configure slb pool <poolname> lb-method round-robin  
357  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Ratio  
If you are working with servers that differ significantly in  
processing speed and memory, you may want to switch to the ratio  
load balancing method. In ratio, the 480T routing switch distributes  
connections among devices according to ratio weights that you set,  
where the number of connections that each device receives over  
time is proportionate to the ratio weight.  
For example, if your array contained one new, high-speed server  
and two older servers, you could set the ratio so that the high-speed  
server receives twice as many connections as either of the two older  
servers.  
To configure ratio, use this command:  
configure slb pool <poolname> lb-method ratio  
Ratio Weight  
The ratio weight is the proportion of total connections that the node  
address should receive. The default ratio weight for a given node  
address is 1. If all node addresses use this default weight, the  
connections are distributed equally among the nodes. A ratio weight  
of 2 would result in twice as much traffic as a ratio weight of 1.  
To configure a ratio weight, use this command:  
configure slb pool <poolname> add  
<ipaddress>:<L4Port> ratio {<ratio>}  
Least Connections  
The least connections method is considered relatively simple in that  
the switch passes a new connection to the node having the least  
number of active sessions. The number of active sessions includes  
only those sessions occurring within the same VIP (virtual IP  
address). Least connections works best in environments where the  
servers or other equipment you are load balancing have similar  
capabilities.  
To configure least connections, use this command:  
configure slb pool <poolname> lb-method least-  
connections  
358  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
Priority  
Priority mode is a variant of round-robin designed to provide  
redundant standby nodes within a pool. When you add a node to a  
pool, you can assign a priority level. Priority numbers range from 1  
to 65,535, with the highest number indicating the highest priority.  
The 480T routing switch will distribute traffic in round-robin  
fashion among the pools active nodes with the highest priority. If  
all nodes at that priority level go down or hit a session limit  
maximum, all new sessions are directed to the nodes at the next  
lowest priority level.  
The switch continually monitors the status of the down nodes. As  
each node comes back up, the switch distributes traffic according to  
the priorities.  
For example, with a pool that has six nodes divided evenly into two  
priority levels (2 and 1) all sessions are evenly distributed using  
round-robin to the nodes at priority level 2.  
If one of the priority level 2 nodes are down, all of the traffic is  
assigned to the remaining level 2 nodes. If all of the priority level 2  
nodes are down, then all sessions are directed to the priority level 1  
nodes. If one of the level 2 nodes comes back up, all new sessions  
are assigned to it.  
Basic SLB Commands  
Table 18.2 describes basic SLB commands. Press the Tab key in the  
command line interface for further command options.  
Table 18.2: Basic SLB Commands  
Command  
Description  
clear slb connections [VIP <vipname> |  
ipaddress <ipaddress>:{<L4Port>}]  
Clears the active connections.  
configure slb pool <poolname> add  
<ipaddress>:<L4Port> {ratio <ratio> |  
priority <priority>}  
Adds a physical server (node) to a server  
pool. When a new node is added, ping-  
checkis automatically enabled.  
359  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 18.2: Basic SLB Commands  
Command  
Description  
configure slb pool <poolname> delete  
<ipaddress>:<L4Port>  
Deletes a physical server from a server pool.  
configure slb pool <poolname> lb-method  
[round-robin | ratio | priority | least-  
connections]  
Configures the SLB load-balancing method.  
configure slb l4-port <L4Port>  
[treaper_timeout <seconds> | udp-idle-  
timeout <seconds>]  
Configures the inactive period for TCP or  
UDP before the connection is aged out.  
configure vlan <name> slb-type [server |  
client | both | none]  
Marks a VLAN as either a server VLAN or a  
client VLAN. If the server also originates  
connections to other servers, set slb-type  
to both.  
create slb pool <poolname> {slb-method  
[round-robin | ratio | priority | least-  
connections]}  
Creates a server pool and optionally assigns a  
load-balancing method to the pool. The  
default load-balance method is round-robin.  
A pool represents a group of physical servers  
that is used to load-balance one or more VIPs.  
create slb vip <vipname> pool <poolname>  
mode [transparent | translation | port-  
translation] <ipaddress> {-  
<upper_ipaddress>}:<L4Port> {unit  
<number>}  
Creates one or more new virtual IP addresses  
(VIPs) and attaches the VIP to a pool of  
physical servers. The server pool needs to be  
created before the VIP is created. If portis  
not specified, all requests to the VIP are  
forwarded to the server. If portis specified,  
only the specified TCP/UDP ports are  
allowed to reach the server. All other packets  
are dropped.  
delete slb pool [<poolname> | all]  
delete slb vip [<vipname> | all]  
Deletes a server pool.  
Deletes one or all VIPs.  
360  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
Table 18.2: Basic SLB Commands  
Command  
Description  
disable slb  
Disables SLB processing. Disabling SLB:  
Closes all connections.  
Withdraws VIP routes or routes that do  
not respond with proxy ARP responses of  
VIP addresses.  
Disconnects the switch from redundant  
SLB switches.  
disable slb gogo-mode <port number> {all |  
ping-check | tcp-port-check <port> | service-  
check <port>}  
Disables gogo-mode processing.  
disable slb node [<ipaddress>:<L4Port> | all]  
{close-connections-now | [ping-check | tcp-  
port-check]}  
Disables one or more nodes from receiving  
new connection establishments. If close-  
connections-nowis specified, all current  
open connections are closed immediately.  
disable slb l4-port [<L4Port> | all]  
Disables one or all L4 ports for SLB.  
Disables a single VIP port.  
disable slb vip ipaddress  
<ipaddress>:<L4Port> {close-connections-  
now}  
disable slb vip <vipname> {close-  
connections-now}  
Disables a VIP group. When disabled, no new  
connections to the real servers are allowed. If  
close-connections-nowis specified,  
all existing connections are immediately  
closed. Otherwise, the existing connections  
are closed naturally, and are subject to  
connection reaping if idle for longer than the  
treaper-timeout configured on the SLB port.  
disable slb vip all {close-connections-now |  
client-persistence | service-check | sticky-  
persistence | svcdown-reset}  
Disables all VIP groups. If close-  
connections-nowis specified, all existing  
connections are immediately closed.  
361  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 18.2: Basic SLB Commands  
Command  
Description  
enable slb  
Enables SLB processing on the switch, and  
activates these functions for transparent,  
translational, and port translation modes:  
Exporting of VIP routes or proxy ARP  
for VIP addresses.  
Processing of VIP lookup and connection  
setup.  
Establishing communication with  
redundant SLB switches.  
The default setting is disabled.  
enable slb gogo-mode <port number>  
grouping <portlist>  
Enables gogo-mode processing for a group of  
ports. There are no additional configuration  
commands for gogo mode.  
enable slb node [<ipaddress>:<L4Port> | all]  
ping-check | tcp-port-check}  
Enables one or more nodes to receive data  
traffic. A node represents a physical server.  
enable slb l4-port <L4Port>  
Enables an L4 port for SLB.  
Enables a single VIP port.  
enable slb vip ipaddress  
<ipaddress>:<L4Port>  
enable slb vip <vipname>  
show slb  
Enables a VIP group.  
Displays the current SLB global configuration  
information, including:  
Global enable/disable mode  
Global modes  
Default settings for health checker  
show slb node {<ipaddress>:<L4Port>}  
show slb pool {poolname}  
Displays node-specific configuration  
information and status.  
Displays the current SLB pool configuration  
and statistics.  
362  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
Table 18.2: Basic SLB Commands  
Command  
Description  
show slb pool <poolname>  
Displays the configuration for the specified  
SLB pool.  
show slb l4-port {<L4Port>}  
show slb vip {detail}  
Displays the SLB configuration for one or all  
L4 ports.  
Displays the current VIP configuration and  
statistics.  
show slb vip <vipname> {detail}  
unconfigure slb all  
Displays the configuration for the specified  
VIP.  
Resets SLB global defaults and clears the  
SLB configuration.  
Advanced SLB Application  
Example  
This example builds upon the introductory SLB example. The  
advanced concepts included in this example are:  
Multiple pools  
Multiple VIPs  
Multiple balancing algorithms  
Multiple types of health checking  
Figure 18.4 shows an example of an advanced SLB application.  
363  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
®
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Clients  
172.16.0.1  
Server pools  
Pool "Site1"  
Pool "Site3"  
Round Robin  
Round Robin  
Real unique IP addresses  
Server1 192.168.200.1  
Server2 192.168.200.2  
Associated VIPs  
192.168.201.1  
port 80 (MyWeb)  
192.168.201.1  
port 443 (MySSL)  
Layer 4 (port) health  
checking on all nodes  
for port 80  
Pool "Site2"  
Round Robin  
Real unique IP addresses  
Server1 192.168.200.5  
Server2 192.168.200.6  
Associated VIPs  
Pool "FTP1"  
Least Connections  
Real unique IP addresses  
Server1 192.168.200.3  
Server2 192.168.200.4  
Associated VIPs  
Real unique IP addresses  
Server1 192.168.200.7  
Server2 192.168.200.8  
Server3 192.168.200.9  
Server4 192.168.200.10  
Server5 192.168.200.11  
Associated VIPs  
192.168.201.4  
port 80 (MyWeb3)  
192.168.201.4  
port 443 (MySSL3)  
Layer 3 (ping) health  
checking  
192.168.201.3  
port 80 (MyWeb2)  
192.168.201.3  
192.168.201.2  
port 20 (ftpD)  
192.168.201.2  
port 21 (ftpC)  
port 443 (MySSL2)  
Layer 7 (content) health  
checking on VIP MyWeb2  
Layer 4 (content) health  
checking VIP ftpC  
480T_051R  
Figure 18.4: Advanced SLB configuration  
The commands used to configure are described below.  
Use these commands to create the VLAN from which outside  
connections will come:  
create vlan outside  
configure vlan outside ipaddress 172.16.0.1 /16  
configure vlan outside add ports 1-8  
To create the virtual IP VLAN, use these commands:  
create vlan sites  
364  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
configure vlan sites ipaddress 192.168.201.254 /24  
All VIPs is configured to use this subnet. There are no ports  
associated with this VLAN.  
You can use these commands to create the VLAN servers and  
enable IP forwarding:  
create vlan servers  
configure vlan servers ipaddress 192.168.200.254 /  
24  
configure vlan servers add ports 9-16  
enable ipforwarding  
The next example shows a series of commands used to create a Web  
site. The site is defined as having 2 servers: 192.168.200.1 and  
192.168.200.2, each with 2 services (HTTP and SSL).  
Two VIPs (virtual IP addresses) are then created to point at the  
appropriate pools. As a default, round-robin is used to load balance  
the services.  
Only one IP address is used for both VIPs; the difference is the port  
number. Finally, port checking is enabled to ensure fault tolerance  
on each of the servers.  
Use these commands:  
create slb pool site1web  
configure slb site1 add 192.168.200.1:80  
configure slb site1 add 192.168.200.2:80  
create slb pool site1ssl  
configure slb site1 add 192.168.200.1:443  
configure slb site1 add 192.168.200.2:443  
create slb vip myweb pool site1web mode  
transparent 192.168.201.1:80  
create slb vip myssl pool site1ssl mode  
transparent 192.168.201.1:443  
enable slb node 192.168.200.1:80 tcp-port-check  
enable slb node 192.168.200.2:80 tcp-port-check  
enable slb node 192.168.200.1:443 tcp-port-check  
365  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
enable slb node 192.168.200.2:443 tcp-port-check  
The next series of commands creates a second Web site. This  
second site is similar to the first example; the difference is that  
content checking is enabled on this site. For this type of health  
checking, the server downloads a specified page (/testpage.htm) and  
looks for a specific string in the content (test successful). If  
it finds the string, the server is considered online.  
Use these commands:  
create slb pool site2web  
configure slb site2web add 192.168.200.5:80  
configure slb site2web add 192.168.200.6:80  
create slb pool site2ssl  
configure slb site2ssl add 192.168.200.5:443  
configure slb site2ssl add 192.168.200.6:443  
create slb vip myweb2 pool site2web mode  
transparent 192.168.201.3:80  
create slb vip myssl2 pool site2ssl mode  
transparent 192.168.201.3:443  
enable slb vip myweb2 service-check  
configure slb vip myweb2 service-check http url  
/testpage.htmmatch-string test successful”  
The following series of commands creates a third Web site. This  
example creates one pool with a wildcard port specified. This means  
that the pool allows any port that is sent to it by the VIP. All five  
servers respond to requests on both port 80 and port 443.  
Note: Port 0 the wildcard  
port.  
Use these commands:  
create slb pool site3web  
configure slb site3web add 192.168.200.7:0  
configure slb site3web add 192.168.200.8:0  
configure slb site3web add 192.168.200.9:0  
configure slb site3web add 192.168.200.10:0  
configure slb site3web add 192.168.200.11:0  
create slb vip myweb3 pool site3web mode  
transparent 192.168.201.4:80  
366  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
create slb vip myssl3 pool site3web mode  
transparent 192.168.201.4:443  
The next example demonstrates the series of commands you would  
use to create an FTP site.  
The site is defined as having two servers: 192.168.200.3 and  
192.168.200.4. Only FTP is being serviced by the servers. The two  
different VIPs and port numbers refer to the control and data  
channels used by the FTP service. Two VIPs are then created to  
point at the appropriate pools.  
As with the first site, the default load balancing method (round-  
robin) is used. Layer 7 health checking is used on the ftpC VIP. By  
using health checking, the switch logs in to the site as user test with  
the password testpass.  
If the login is successful, the server is labeled up and is allowed to  
participate in load balancing. The account and password must be set  
up on all FTP servers. Use these commands:  
create slb pool ftp1c  
configure slb ftp1c add 192.168.200.3:21  
configure slb ftp1c add 192.168.200.4:21  
create slb pool ftp1d  
configure slb ftp1d add 192.168.200.3:20  
configure slb ftp1d add 192.168.200.4:20  
create slb vip ftpc pool ftp1c mode transparent  
192.168.201.2:21  
create slb vip ftpd pool ftp1d mode transparent  
192.168.201.2:20  
enable slb vip ftpc service-check  
configure slb vip ftpc service-check ftp user test  
password testpass  
Finally, enable SLB and configure the VLANs as either client or  
server, using these commands.  
enable slb  
configure vlan outside slb-type client  
configure vlan servers slb-type server  
367  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Health Checking  
The 480T routing switch supports both internal and external health  
checking.  
Health check definitions  
For reference, the following health checks are available on all  
Server Load Balancing, Web Cache Redirection and Policy-based  
Routing functions. SLB functions test individual servers. Web  
Cache Redirection and Policy-based routing functions test the next-  
hops in accordance with the flow-redirection rules.  
Layer 3 Ping Check  
The default health checking is a simple ping check, where the  
switch sends an ICMP ping packet to the configured server or next-  
hop. If 3 replies are lost, the server or next-hop is set to down and  
flows are not redirected to it. The ping check is the only health  
checking that will work with a wildcard as the IP Port.  
Layer 4 Port Check  
The switch will attempt to establish a TCP connection to the server  
or next-hop.  
When using Web Cache Redirection or Policy Based Routing, the  
Layer 4 port must be defined in the flow and opened on the next-hop  
in order for the health check to succeed.  
Layer 7 HTTP Check  
The HTTP health check will download a specific page from the  
server or next-hop configured for the flow. The switch will then  
search the page for a specific text string in the first 1000 bytes. If the  
text string is found, the check passes. As an alternative you can  
configure the check to accept any data from the downloaded page.  
Layer 7 FTP Check  
The FTP health check establishes an FTP connection between the  
switch and the server or next-hop. The switch will attempt to log in  
368  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
using the name and password supplied during the configuration.  
The check will succeed when the switch successfully logs into the  
next-hop.  
Layer 7 NNTP Check  
The NNTP health check connects to the server or next-hop,  
establishes a connection, and attaches to a user defined newsgroup.  
Layer 7 POP3, SMTP, and Telnet Check  
These health checks attach to the server or next-hop using the  
specified protocol and log in. After successful login the next-hop is  
marked as up.  
Internal Health Checking  
Three types of internal health checks are available:  
Ping-check  
Port-check  
Service-check  
If any of the health checks enabled on a given node do not pass  
within the timeout specified, the node is considered down. When a  
node is down, no new connection is established to that node until the  
node passes all configured health checks. If a health check fails and  
if the svcdown-reset parameter is enabled on an associated VIP  
(virtual IP address), existing connections for the VIP on this node is  
closed by sending TCP Reset to the client and node.  
In the command-line interface, the commands show pooland show  
vipdisplay individual node resources as up or down. New  
connections are only allowed if the VIP and node in question are  
both enabled and up. A node is assumed to be up unless health  
check is enabled and fails, in which case the node is marked down.  
A resource is also marked down if it was disabled and the number  
of existing connections drops to zero. If a node is marked down for  
this reason, ping-checks and port-checks on this node are  
automatically stopped to conserve system resources, but they  
resume if the node is enabled by the user.  
369  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
The 480T routing switch also supports external health checking.  
External health checking uses an external service configured by the  
user to perform health checks and uses SNMP (Simple Network  
Management Protocol) as a mechanism to notify the switch of a  
server failure.  
Ping-Check  
Ping-check is Layer 3-based pinging of the physical node. The  
default ping frequency is one ping generated to the node every 10  
seconds. If the node does not respond to any ping within a timeout  
period of 30 seconds (3 ping intervals), the node is considered  
down.  
To enable ping-check, use this command:  
enable slb node <ipaddress> ping-check  
To disable ping-check, use this command:  
disable slb node <ipaddress> ping-check  
TCP-Port-Check  
TCP-port-check is Layer 4-based TCP port open/close testing of the  
physical node. The default frequency is 30 seconds and the default  
timeout is 90 seconds.  
Port-checking is useful when a node passes ping-checks, but a  
required TCP service (for example, HTTP) has gone down. If the  
HTTP service running on TCP port 80 crashed, that would cause a  
Layer 4 port-check on port 80 to fail, because no TCP socket could  
be opened to that port. If this continues for the duration of the  
specified port-check timeout, the IP/port combination is considered  
down.  
To enable tcp-port-check, use this command:  
enable slb node <ipaddress>:<L4Port> tcp-port-check  
To disable tcp-port-check, use this command:  
disable slb node <ipaddress>:{<L4Port> | all} tcp-  
port-check  
370  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
Service-Check  
Service-check is Layer 7-based and application-dependent. It is  
defined on a VIP and is performed on each node in the pool with  
which this VIP is associated. The default frequency is 60 seconds  
and the default timeout is 180 seconds. Each service check has  
associated parameters that you can set. These parameters are  
described in Table 18.3.  
Table 18.3: Service-Check Parameters  
Service  
Attribute  
Global Default Value  
HTTP  
URL  
Match-string  
/
Any-content  
FTP  
Userid  
Password  
anonymous  
anonymous  
Telnet  
SMTP  
Userid  
Password  
anonymous  
anonymous  
DNS-domain  
Newsgroup  
Same as the switch DNS domain. If no DNS domain is  
configured for the switch, the value is mydomain.com.  
NNTP  
POP3  
ebusiness  
Userid  
Password  
anonymous  
anonymous  
If the service-check parameters are not specified on an individual  
node or VIP, the global default values for these parameters are used.  
The global defaults are configurable, so you can change them to  
your most often used parameters.  
In the case of HTTP service-checking, you can specify the URL of  
the Web page to be retrieved, such as /index.html. You can also  
specify a match-string, such as Welcome, that is expected to be in  
the retrieved Web page.  
If the match-string is found in the first 1,000 bytes of the retrieved  
Web page, the service-check passes on the particular node. A  
match-string specifying the keyword any-content will match any  
retrieved text. However, to distinguish valid data in the retrieved  
371  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
text from error text, we recommend that you specify an actual string  
to match.  
For FTP, Telnet, and POP3, service-check attempts to log on and  
off the application on the server using the specified userID and  
password.  
For SMTP, service-check identifies the identity of the switch by  
providing the specified DNS domain. The SMTP server might not  
even use the specified DNS domain for authentication, only  
identification.  
For NNTP, service-check queries the newsgroup specified.  
Because service-checking is configured on a VIP basis, multiple  
VIPs can use the same nodes, and you can run multiple service-  
checks against a particular node IP address and port number, it is  
possible for some of these service-checks to fail, while others pass.  
Therefore, when determining if a given node can accept a new  
connection for a VIP, the node must pass the service-check  
configured for that VIP.  
When showing detailed VIP information, the status for individual  
nodes is shown with respect to that VIP.  
To enable service-check, use this command:  
enable slb vip [<vipname> | all] service-check  
To disable service-check, use this command:  
disable slb vip [<vipname> | all] service-check  
GoGo Mode Health Checking  
The 480T routing switch supports health checking on servers  
participating in SLB GoGo mode. You can configure multiple  
health checks (ping-check, tcp-port-checks and service-checks)  
simultaneously on a given GoGo mode grouping. A physical port in  
a GoGo mode grouping is considered available for GoGo traffic  
only if all configured health checks pass.  
Use these commands to enable GoGo mode health checking:  
enable slb gogo-mode master ping-check {ipaddress}  
enable slb gogo-mode master tcp-port-check [port |  
all]  
372  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
enable slb gogo-mode master service-check [http | ftp  
| telnet | smtp | nntp | pop3 | all | tcpport]  
Use these commands to disable GoGo mode health checking:  
disable slb gogo-mode master ping-check  
disable slb gogo-mode master tcp-port-check [port |  
all]  
disable slb gogo-mode master service-check [http |  
ftp | telnet | smtp | nntp | pop3 | all | tcpport]  
unconfigure slb gogo-mode master health-check  
This command disables and deletes all ping-check, tcp-port-check,  
and service-check configurations for this GoGo mode grouping.  
The GoGo mode grouping itself is not affected.  
unconfigure slb gogo-mode master service-check [http  
| ftp | telnet | smtp | nntp | pop3 | all | tcpport]  
This command disables and deletes the service-check  
configuration. If the associated TCP port has not been used for any  
tcp-port-check configuration, the TCP port is deleted as well.  
Use these commands to configure GoGo mode health checking:  
configure slb gogo-mode master ping-check frequency  
seconds timeout seconds  
configure slb gogo-mode master health-check ipaddress  
configure slb gogo-mode master tcp-port-check [add |  
delete] port  
configure slb gogo-mode master tcp-port-check timer  
port frequency seconds timeout seconds  
configure slb gogo-mode master service-check http  
{l4-port port} {url url match-string [match_string |  
any-content]}  
configure slb gogo-mode master service-check ftp {l4-  
port port} {userid userid | password {encrypted}  
password}  
configure slb gogo-mode master service-check telnet  
{l4-port port} {userid userid | password {encrypted}  
password}  
configure slb gogo-mode master service-check smtp  
{l4-port port} {dns_domain}  
configure slb gogo-mode master service-check nntp  
{l4-port port} {newsgroup}  
373  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
configure slb gogo-mode master service-check pop3  
{l4-port port} {userid userid password {encrypted}  
password}  
configure slb gogo-mode master service-check timer  
[http | ftp | telnet | smtp | nntp | pop3 | tcpport]  
frequency seconds timeout seconds  
Use these command to view your GoGo mode health checking  
configuration:  
show slb gogo-mode {master} {configuration}  
SLB Global Connection Timeout  
For SLB transparent and translational modes you can configure the  
global connection timeout period. This helps to avoid cases where  
connections are closed because the TCP FIN and ACK timeout is  
too short.  
To configure the global connection timeout period (between 1 and  
180 seconds) use this command:  
configure slb global connection-timeout <seconds>  
The default value is 1 second. In addition, the timeout should be set  
as low as possible to avoid stale connections staying in the table.  
External Health Checking  
For server health checking, that goes beyond the abilities of internal  
health checking, the 480T routing switch also supports external  
health checking. The external health checking device sends the  
results of its check to the switch by way of SNMP MIB attributes.  
For information on the specific MIB definitions for external health  
checking, contact Intel Customer Support (see Appendix D, "Intel  
Customer Support" on page 461).  
374  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
Health Checks for Web Cache Redirection and  
Policy Based Routing  
Health checking works on  
the ports configured by  
their associated flow. For  
example, if you configure  
a flow to redirect on port  
80 (HTTP), but FTP is  
configured as the service  
check, the switch will try to  
open an FTP session on  
port 80. The health check  
will fail if the protocol will  
not work on the configured  
flow.  
Several additional health checks are supported for the flows that are  
defined under web cache redirection and policy based routing. The  
operation and definition of these health checks are identical to those  
used for server load balancing.  
Ping Check: The ping check is the only health checking that will  
work with a wildcard as the Layer 4 IP port. To configure a ping  
check for a defined flow, use this command:  
configure <flow> service-check ping  
Layer 4 Port Check: The port has to be defined and open on the  
next hop in order for the health check to succeed. To configure a  
Layer 4 Port health check for a defined flow, use this command:  
configure <flow> service-check L4-port  
HTTP Check: To configure an HTTP health check for a defined  
flow, use this command:  
configure <flow> service-check http url <url>”  
match-string <string>”  
In this example the switch will connect to the cache and  
download the page test.htm in the root WWW directory and  
search the page for the word pass in the first 1000 bytes. The  
quotation marks are necessary for the switch to recognize the  
Web page and the string.  
FTP Check: To configure an FTP health check for a defined flow,  
use this command:  
configure <flow> service-check ftp user <user>  
<password>  
NNTP Check: To configure an NNTP health check for a defined  
flow, use the command:  
configure <flow> service-check nntp <newsgroup>  
POP3, SMTP and Telnet Checks: To configure a POP3, SMTP  
or Telnet health check for a defined flow, use the command:  
configure <flow> service-check <pop3|smtp|telnet>  
user <user> <password>  
Configuring health check timeouts and frequencies is similar to  
the server load balancing command:  
conf slb global service-check frequency <seconds>  
timeout <seconds>  
375  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Layer 4 Flows  
Policy-based routing and Web cache redirection support an any  
option for the Layer 4 protocol type which allows the redirection of  
TCP, UDP and other traffic types with the exception of ICMP  
traffic. To configure this capability, use the anyoption in the syntax  
for flow re-direction.  
create flow-redirect <flow_rule_name> [tcp | udp |  
any] destination [<ip_address>/<mask> | any] ip-port  
[<L4_port> | any] source [<ip_address>/<mask> | any]  
Policy-Based Routing with Route Load-Sharing  
Policy-based routing is used to alter the normally calculated next-  
hop route which is based on the route table. This same alteration can  
also load-share across multiple routers. It implies a set of rules or  
policies that take precedence over information in the route table.  
These policies can perform a flow-redirection to different next-hop  
addresses based on:  
IP source address and mask  
IP destination address and mask  
Layer 4 Destination Port  
In the event that the next-hop address (or addresses) becomes  
unavailable, the switch will route the traffic normally. Several rules  
can be defined; the precedence of rules is determined by best match  
of the rule to the packet. If no rule is satisfied, no redirection occurs.  
There are two types of commands to setup policy-based routing, one  
to configure the redirection rules and one to configure the next-hop  
IP addresses:  
create flow-redirect <flow_rule_name> [tcp | udp |  
any] destination [<ip_address>/<mask> | any] ip-port  
[<L4_port> | any] source [<ip_address>/<mask> | any]  
configure flow-redirect <flow_rule_name> [add |  
delete] next-hop <ip_address>  
If multiple next-hop addresses are defined, traffic satisfying the rule  
is load-shared across the next-hop addresses based on destination IP  
address. If next-hop addresses fail (do not respond to ICMP pings),  
the switch will resume normal routing. Using policy-based routing  
has no impact on switch performance.  
376  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
To show configuration and status of flow redirection rules, use this  
command:  
show flow-redirect [<flow_rule_name | <cr>]  
Maintenance Mode  
You can easily put a node or VIP into maintenance mode by  
disabling the node or VIP. In maintenance mode, existing  
connections remain active, but no new connections are permitted.  
The existing connections are either closed by the client and server,  
or are aged out if idle for more than 600 seconds.  
Persistence  
Using persistence, you can ensure that traffic flows do not span  
multiple servers. The 480T routing switch supports two types of  
persistence:  
Client persistence  
Sticky persistence  
Client Persistence  
Client persistence for a virtual server provides a persist mask  
feature. You can define a range of IP addresses that can be matched  
to a persistent connection. Any client whose source IP address falls  
within the range is considered a match for the given persistence  
entry.  
To configure client persistence, use this command:  
enable slb vip [<vipname> | all] client-  
persistence {timeout <seconds>} {mask <mask>}  
SLB Proxy Client Persistence  
Use SLB proxy client persistence when you need client persistence  
and you use multiple NAT address ranges to translate the internal  
client IP addresses. Use these three commands:  
enable slb proxy-client-persistent  
disable slb proxy-client-persistent  
377  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
configure slb proxy-client-persistent [add |  
delete] <ipaddress / mask>  
Sticky Persistence  
Sticky persistence provides a special type of persistence that is  
especially useful for cache servers. Similar to client persistence,  
sticky persistence keeps track of incoming clientssource and  
destination IP addresses.  
When a client is looking to make a repeat connection to a particular  
destination IP address, the 480T routing switch directs the client to  
the same cache server or other transparent node that it used  
previously.  
Allowing clients to repeatedly use the same cache server can help  
you reduce the amount of content that might otherwise be  
duplicated on two or more cache servers in your network.  
To prevent sticky entries  
from clumping on one  
server, use a static load  
balancing mode, such as  
round-robin.  
Sticky persistence provides the most benefit when you load balance  
caching proxy servers. A caching proxy server intercepts Web  
requests and returns a cached Web page if it is available. To  
improve the efficiency of the cache on these proxies, it is necessary  
to send similar requests to the same proxy server repeatedly.  
You can only activate  
sticky persistence on  
wildcard virtual servers.  
You can use sticky persistence to cache a given Web page on one  
proxy server instead of on every proxy server in an array. This saves  
the other proxies from duplicating the Web page in their cache,  
wasting memory.  
To configure sticky persistence, use this command:  
enable slb vip [<vipname> | all] sticky-  
persistence {timeout <seconds>}  
Server Load Balancing with ESRP  
Using ESRP (Enterprise Standby Router Protocol), the SLB service  
is made redundant, along with the Layer 2 and Layer 3 services of  
the 480T routing switch . This configuration allows single- or dual-  
attached servers to support redundant gateway services and very  
fast recovery from a fault.  
When ESRP is enabled, all servers can be online at the same time  
(as opposed to only the ones connected to the active switch in High  
378  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
Availability mode or having to introduce another interconnecting  
switch), and recovery from a switch failure occurs in less than 8  
seconds.  
Figure 18.5 shows SLB enabled using ESRP and dual-attached  
servers.  
OSPF  
ESRP and SLB running  
on this VLAN  
Switch 1  
VLAN inside  
1.10.0.2/16  
Switch 1  
VLAN server  
1.205.0.1/16  
Single-attached host  
Clients  
VIP site1 1.10.1.1 (switch)  
VIP site2 1.10.1.2 (switch)  
Server pools  
multi-homed  
1
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
9
10  
11  
12  
13  
14  
15  
16  
VLAN outside  
1.201.0.1/16  
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
1
2
3
4
5
6
7
8
1
2
3
4
5
6
7
8
9
10  
11  
12  
13  
14  
15  
16  
9
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
VLAN inside  
1.10.0.1/16  
1
9
2
3
4
5
6
7
8
testpool  
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
Real unique IP addresses  
Server1 1.205.1.1/16  
Server2 1.205.1.2/16  
Server3 1.205.1.3/16  
Server4 1.205.1.4/16  
Associated VIPs  
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Switch 2  
VLAN inside  
1.10.0.3/16  
Switch 2  
VLAN server  
1.206.0.1/16  
VIP site1 1.10.1.1 (switch)  
VIP site2 1.10.1.2 (switch)  
1.10.1.1 port 80 (site1)  
1.10.1.2 port 80 (site2)  
Single-attached host  
480T physical configuration  
VLAN outside  
Dual-attached servers connected to ports 1-4  
Interconnect (also configured as host) on port 15  
VLAN inside  
480T physical configuration  
VLAN server  
Dual-attached servers connected to ports 1-4  
Interconnect (also configured as host) on port 32  
VLAN inside  
port 16 connects to gateway switch  
port 31 connects to gateway switch  
480T_058R  
Figure 18.5: SLB using ESRP and dual-attached servers  
379  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Configuring the Switches for SLB and ESRP  
The SLB and ESRP  
The procedure used to configure the Switch 1 and Switch 2 in  
configurations are identical Figure 18.5 is described below.  
on both switches, in  
1. Create the VLANs, using these commands:  
relation to the ports being  
used.  
create vlan inside  
create vlan server  
2. Connect the gateway to the VLAN inside, using these com-  
mands:  
configure inside ipaddress 1.10.0.2 /16  
configure inside add port 10  
3. Configure the servers to connect to the VLAN server on ports 1  
through 4, and configure port 8 to connect to the other ESRP  
switch, using these commands:  
configure server ipaddress 1.205.0.1 /16  
configure server add port 1-4, 8  
4. Enable IP forwarding, create a server pool called testpool, and  
add four servers to it using TCP port 80, using these commands:  
enable ipforwarding  
create slb pool testpool  
configure slb pool testpool add 1.205.1.1:80  
configure slb pool testpool add 1.205.1.2:80  
configure slb pool testpool add 1.205.1.3:80  
configure slb pool testpool add 1.205.1.4:80  
5. Use these commands to create SLB VIP addresses for the two  
Web sites (site1 and site2) and associate them with server pool  
testpool:  
create slb vip site1 pool testpool mode  
transparent 1.10.1.1:80  
create slb vip site2 pool testpool mode  
transparent 1.10.1.2:80  
6. Use these commands to display the statistics of SLB pool mem-  
bers and SLB VIPs.  
show slb stats pool  
show slb stats pool testpool  
show slb stats vip site1  
380  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
show slb stats vip site2  
7. To configure the ratio and priority of an existing pool member  
and to display the current SLB pool statistics, use this command  
for each pool member, filling in the ipaddress, port, ratio and prio-  
ity as needed:  
configure slb pool <poolname> member  
<ipaddress: port> [ratio <ratio> | priority  
<priority>]  
8. Enable SLB and configure it for the appropriate VLANs (client  
connections enter from the VLAN inside), using these com-  
mands:  
enable slb  
configure inside slb client  
configure server slb server  
9. Enable the routing protocol of choice (in this example, OSPF) and  
configure it appropriately, using this command:  
enable ospf  
See Chapter 13, RIP and OSPF for more information.  
10. Enable the ESRP protocol on the VLAN server and configure the  
ESRP direct-attached hosts mode to allow the proper failover of  
services, using these commands:  
enable esrp server  
configure esrp port-mode host ports 1-4, 8  
The interconnection between the switches is also configured as  
a host port.  
11. Configure SLB to use the ESRP protocol, using this command:  
configure slb esrp server add unit 1  
Combined SLB and ESRP failover  
You can combine SLB and ESRP to provide a high availability  
topology. Use these two commands to map an ESRP configured  
VLAN to the SLB failover unit number and to display the current  
SLB/ESRP configuration:  
configure slb esrp vlan <vlan name> [add | delete]  
unit [1 - 16]  
show slb esrp  
381  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Configuration of SLB with ESRP  
Note the following about the configurations for switches running  
SLB and ESRP:  
All switch ports connected directly to the servers must be  
configured as ESRP host ports.  
The link between the two switches must be configured as an  
ESRP host port.  
The configuration uses transparent mode and HTTP services, but  
can be configured to support any of the currently supported load  
balancing protocols.  
Unlike the High Availability configuration, both switches are  
configured as Switch 1.  
Web-Server Configuration  
In Figure 18.5, basic HTTP, configured at TCP port 80, is the only  
service being load balanced. The services must match those  
configured on the switch. For example, HTTP services configured  
at TCP port 7080 on the switch require that servers be able to allow  
connections at port 7080.  
Ensure that the SLB connection is valid before trying to transfer the  
configuration to an ESRP/SLB configuration.  
Using High Availability System  
Features  
The 480T routing switch supports several advanced redundant  
system features. These provide additional assurance that your  
content is available if a switch experiences a problem. Options  
include:  
Redundant SLB  
Ping-check  
Active-active operation  
Manual fail-back  
SLB high availability  
382  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
Redundant SLB  
The 480T routing switch supports a failover process that uses a  
redundant configuration of two switches. If one switch fails, the  
second switch takes over the SLB duties of the first. By preparing a  
redundant switch for the possibility of failover, you effectively  
maintain your sites reliability and availability in advance.  
You can configure the switches so that both perform SLB  
simultaneously. This type of operation is called active-active.  
To configure failover, use this command:  
configure slb failover unit [1 | 2] remote-ip  
<ipaddress> local-ip <ipaddress>:<L4Port> {alive-  
frequency <seconds> timeout <seconds>} {dead-  
frequency <seconds>}  
enable slb failover  
The switches in a redundant SLB configuration should have  
identical SLB configurations except for the failoverparameters.  
You can configure SLB on one switch, upload the configuration,  
edit it, and download it to the second switch to replicate the  
configuration.  
Using Ping-Check  
Failover ping-check is used to determine if the currently active SLB  
server has the required network connectivity. If the specified IP  
address is unreachable for a specified duration, the ping-check  
triggers a failover to the redundant switch.  
The address being pinged To configure ping-check, use these commands:  
should be for a device  
other than the redundant  
SLB switch.  
configure slb failover ping-check <ipaddress>  
enable slb failover ping-check  
Configuring Active-Active Operation  
Using active-active redundant SLB, configure one switch as unit 1  
and the other switch as unit 2. You then assign the VIPs either to  
unit 1 or to unit 2 (by default, a VIP is assigned to unit 1).  
383  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
When both switches are active, each switch performs SLB only for  
the VIPs assigned to it. If a switch fails, the other switch takes over  
the VIPs assigned to the failed switch.  
The basic failover configure command assigns the switchs unit  
number:  
configure slb failover unit [1 | 2] remote-ip  
<ipaddress> local-ip <ipaddress>:<L4Port> {alive-  
frequency <seconds> timeout <seconds>} {dead-  
frequency <seconds>}  
where:  
remote-ipSpecifies the IP address of the redundant SLB  
switch.  
local-ipSpecifies the IP address of the switch you are  
configuring.  
All VIPs with a given virtual IP address must be assigned to the  
same unit.  
To assign a VIP to a unit, use this command:  
configure slb vip <vipname> unit {1 | 2}  
Sample Active-Active Configuration  
Figure 18.6 shows an example of an active-active failover  
configuration.  
384  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
Real unique IP addresses  
Server1 1.205.1.1/16  
Server2 1.205.1.2/16  
Associated VIPs  
1.10.1.1 port 80 (site1)  
1.10.1.2 port 80 (site2)  
Switch 1  
VLAN inside  
1.10.0.2/16  
Switch 1  
Clients  
VIP site1 1.10.1.1 (unit 1)  
VIP site2 1.10.1.2 (unit 2)  
VLAN server  
1.205.0.1/16  
1
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
9
10  
11  
12  
13  
14  
15  
16  
VLAN outside  
1.201.0.1/16  
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
1
2
3
4
5
6
7
8
1
2
3
4
5
6
7
8
9
10  
11  
12  
13  
14  
15  
16  
9
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Server pools  
VLAN inside  
1.10.0.1/16  
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Switch 2  
VLAN inside  
1.10.0.3/16  
VIP site1 1.10.1.1 (unit 1)  
VIP site2 1.10.1.2 (unit 2)  
Switch 2  
VLAN server  
1.206.0.1/16  
testpool2  
Real unique IP addresses  
Server1 1.206.1.1/16  
Server2 1.206.1.2/16  
Associated VIPs  
1.10.1.1 port 80 (site1)  
1.10.1.2 port 80 (site2)  
Figure 18.6: Active-active configuration  
In this sample configuration, failover is enabled to ensure fault  
tolerance. To configure this example on the first switch, use these  
commands:  
create vlan inside  
create vlan server  
configure vlan inside ipaddress 1.10.0.2 /16  
configure vlan inside add port 10  
configure vlan server ipaddress 1.205.0.1 /16  
configure vlan server add port 4-8  
enable ipforwarding  
385  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
create slb pool testpool1  
configure slb pool testpool1 add 1.205.1.1:80  
configure slb pool testpool1 add 1.205.1.2:80  
create slb vip site1 pool testpool1 mode  
transparent 1.10.1.1:80  
create slb vip site2 pool testpool1 mode  
transparent 1.10.1.2:80  
configure enable slb  
configure vlan inside slb-type client  
configure vlan server slb-type server  
configure slb failover unit 1 remote 1.10.0.3  
local 1.10.0.2:1028  
enable slb failover  
enable slb failover ping  
configure slb vip site1 unit 1  
configure slb vip site2 unit 2  
configure slb fail ping-check 1.10.0.1 freq 1  
To configure this example on the second switch, use these  
commands:  
create vlan inside  
create vlan server  
configure vlan inside ipaddress 1.10.0.3 /16  
configure vlan inside add port 10  
configure vlan server ipaddress 1.206.0.1 /16  
configure vlan server add port 4-8  
enable ipforwarding  
create slb pool testpool2  
configure slb pool testpool2 add 1.206.1.1:80  
configure slb pool testpool2 add 1.206.1.2:80  
create slb vip site1 pool testpool2 mode  
transparent 1.10.1.1:80  
create slb vip site2 pool testpool2 mode  
transparent 1.10.1.2:80  
enable slb  
configure vlan inside slb-type client  
configure vlan server slb-type server  
configure slb failover unit 2 remote 1.10.0.2  
local 1.10.0.3:1028  
386  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
enable slb failover  
enable slb fail ping  
configure slb vip site1 unit 1  
configure slb vip site2 unit 2  
configure slb fail ping-check 1.10.0.1 freq 1  
The differences between the configurations of these two switches  
are the IP addresses, and the designation of the first switch as the  
master of the active-active configuration.  
Using Manual Fail-Back  
In an active-active configuration, fail-back is the action of releasing  
the virtual servers that are assigned to a failed switch when that  
switch becomes operational again. By default, fail-back occurs  
automatically. If the minor disruption of fail-back makes automatic  
fail-back undesirable, you can enable manual fail-back. With  
manual fail-back, fail-back occurs only when the operator enters the  
fail-back command.  
To enable manual fail-back, use this command:  
enable slb failover manual-failback  
To execute a manual fail-back, use this command:  
configure slb failover failback-now  
Using SLB High Availability  
Using SLB High Availability (SLB H/A) provides redundancy in  
the case of an SLB service failure. Using SLB H/A, a site is  
configured with multiple servers spanning two switches. All servers  
are capable of responding to requests for content, but only those  
servers connected to the active switch receive requests. The other  
servers are idle or are used to serve another site.  
Figure 18.7 shows an SLB failover configuration using SLB H/A.  
387  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
testpool1  
Real unique IP addresses  
Server1 1.205.1.1/16  
Server2 1.205.1.2/16  
Associated VIPs  
1.10.1.1 port 80 (site1)  
1.10.1.2 port 80 (site2)  
Switch 1  
VLAN inside  
1.10.0.2/16  
VIP site1 1.10.1.1 (unit 1)  
VIP site2 1.10.1.2 (unit 2)  
Switch 1  
VLAN server  
1.205.0.1/16  
Clients  
1
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
9
10  
11  
12  
13  
14  
15  
16  
VLAN outside  
1.201.0.1/16  
10 11 12 13 14 15 16  
Rx  
Tx  
R
T
x  
T
R
T
1
2
3
4
5
6
7
8
1
2
3
4
5
6
7
8
9
10  
11  
12  
13  
14  
15  
16  
9
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Server pools  
VLAN inside  
1.10.0.1/16  
1
9
2
3
4
5
6
7
8
1
9
2
3
4
5
6
7
8
10  
11  
12  
13  
14  
15  
16  
10 11 12 13 14 15 16  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Rx  
Tx  
Switch 2  
VLAN inside  
1.10.0.3/16  
VIP site1 1.10.1.1 (unit 1)  
VIP site2 1.10.1.2 (unit 2)  
Switch 2  
VLAN server  
1.206.0.1/16  
testpool2  
Real unique IP addresses  
Server1 1.206.1.1/16  
Server2 1.206.1.2/16  
Associated VIPs  
1.10.1.1 port 80 (site1)  
1.10.1.2 port 80 (site2)  
480T_050R  
Figure 18.7: SLB failover configuration using SLB H/A  
Configuring Clients  
The configuration used to connect clients to SLB virtual sites with  
High Availability enabled is transparent to the accessing clients. As  
with normal SLB, the clients connect to the VIP believing that it is  
the physical address on a host server.  
Configuring Switches for SLB H/A  
The procedure used to configure the two switches for SLB High  
Availability is described below.  
388  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
Create the VLANs, using these commands:  
create vlan inside  
create vlan server  
The VLAN inside connects to the gateway and the VLAN server  
contains all of the load balanced servers.  
The gateway is connected to the VLAN inside, using these  
commands:  
configure inside ipaddress 1.10.0.2 /16  
configure inside add port 10  
Connect the servers to the VLAN server on ports 4-8, using these  
commands:  
configure server ipaddress 1.205.0.1 /16  
configure server add port 4-8  
Two servers are connected Enable IP forwarding, create a server pool called testpool1, and add  
to each High Availability  
two servers to testpool1 using TCP port 80, using these commands:  
switch.  
enable ipforwarding  
create slb pool testpool1  
configure slb pool testpool1 add 1.205.1.1:80  
configure slb pool testpool1 add 1.205.1.2:80  
Create SLB VIP addresses for the two Web sites (site1 and site2)  
and associate the server pool testpool with them, using these  
commands:  
create slb vip site1 pool testpool1 mode  
transparent 1.10.1.1:80  
create slb vip site2 pool testpool1 mode  
transparent 1.10.1.2:80  
Then create testpool2 and add 1.206.1.1:80 and 1.206.1.2:80 to it.  
Create an identical SLB for testpool2.  
Then, enable SLB and configure it for the appropriate VLANs  
(client connections enter from the VLAN inside), using these  
commands:  
enable slb  
389  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
configure inside slb client  
configure server slb server  
Configure SLB H/A for the switch, using this command:  
configure slb failover unit 1 remote 1.10.0.3  
local 1.10.0.2 l4-port 1028  
One switch in a High Availability pair is designated as unit 1 and  
the other is designated as unit 2. VIPs associated with the unit  
numbers are primarily serviced by the appropriate switch. The IP  
address of the remote switch in the failover pair is 1.10.0.3. The IP  
address of the local interface used by the High Availability protocol  
to communicate with the remote switch is 1.10.0.2. The Layer 4 port  
used by the High Availability protocol to exchange information is  
1028.  
Along with performing normal status checking on the remote  
switch, the High Availability protocol pings the gateway to ensure  
that a connection to the client exists. If the connection to the  
gateway at IP address 1.10.0.1 fails, the remote switch services all  
of the connections. Configure status checking and enable failover  
using these commands:  
enable slb failover  
configure slb failover ping-check 1.10.0.1  
enable slb failover ping  
Configure the unit numbers on the two sites to determine which of  
the High Availability switches will actively serve the VIPs, using  
these commands:  
configure slb vip site1 unit 1  
configure slb vip site2 unit 2  
In this example, site1 is serviced by the current switch and the  
remote switch (configured as unit 2) services site2. A switch  
configured as unit 1 services unit 2s VIPs only when the remote  
switch (configured as unit 2) fails.  
Notes on Configuring SLB H/A  
These are important notes about the configurations for SLB H/A:  
In the design shown in Figure 18.7, only the servers directly  
connected to the switch that is actively servicing the VIP are used  
390  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
in the load balancing scheme. Without ESRP, another switch  
interconnecting all the servers is necessary.  
One switch is designated as unit 1 and the other as unit 2. This  
designation determines which VIPs are active on each switch in  
the failover pair.  
In this configuration, site1 is serviced by Switch 1 and has two  
servers that respond to client requests. Site2 is serviced by the  
remote switch (Switch 2), and has two other servers that respond  
to client requests.  
If ping-check is enabled, it must not be directed at the remote  
switch. The remote switch is checked by the High Availability  
protocol. The ping-check works best when directed at a gateway  
to ensure that a path out of the network is available to the switch.  
The configuration uses transparent mode and HTTP services, but  
can be configured to support any of the currently supported load  
balancing protocols.  
The configurations for the High Availability switches are  
identical, with the exception of the failovercommand:  
configure slb failover unit 1 remote 1.10.0.3  
local 1.10.0.2 l4-port 1028  
The remote switch is set to unit 2, and the remote/local IP  
addresses are reversed to accurately describe the network, as  
shown in this command:  
configure slb failover unit 2 remote 1.10.0.2  
local 1.10.0.3 l4-port 1028  
Web Server configuration  
In the configuration shown in Figure 18.7 on page 388, basic HTTP,  
configured at TCP port 80, is the only service being load balanced.  
It is important that the services match those configured on the  
switch. For example, HTTP services configured at TCP port 7080  
on the switch would require the servers to be able to allow  
connections at port 7080. You must also ensure that the SLB  
configuration is valid before enabling High Availability.  
All four servers (two local and two connected to the remote switch)  
should be identical in content, with the content for both site1 and  
site2 configured to be served.  
391  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
This configuration uses transparent mode. Therefore, the VIPs need  
to be added to the servers as loopback addresses. This is done by  
configuring the network interfaces on the servers. A detailed  
description for doing this is provided after Figure 18.1.  
Advanced SLB Commands  
Table 18.4 describes advanced SLB commands. For further  
command options, press the Tab key in the command line interface.  
Table 18.4: Advanced SLB Commands  
Command  
Description  
clear slb persistence {vip <vip name>}  
Resets all connection information in the  
persistence table. New connections opened  
are directed to a new server.  
clear slb connections {ip address <ipaddress>:  
L4Port | vip <vip name>}  
Resets all connections.  
configure slb failover failback-now  
Configures the local SLB to release remote  
SLB resources if the remote SLB is alive.  
configure slb failover ping-check <ipaddress>  
{frequency <seconds> timeout <seconds>}  
Configures the SLB device to actively  
determine if an external gateway is  
reachable by performing a ping. If the  
external gateway is not reachable, the VIPs  
failover to the remote SLB device.  
Specify:  
ipaddressThe IP address of the  
external gateway.  
frequencyThe interval, in seconds,  
between pings sent to the remote  
gateway. The default setting is 1.  
timeoutThe amount of time, in  
seconds, before the local device declares  
the remote gateway is not reachable. The  
default setting is 3.  
392  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
Table 18.4: Advanced SLB Commands  
Command  
Description  
configure slb failover unit <number> {remote-  
ip <ipaddress> local-ip <ipaddress>:  
{<L4Port>}}  
Configures the slb failover. Specify:  
remote-ip-addressThe remote  
peer IP address.  
local-ip-addressThe address of a  
local IP interface used for the failover  
connection.  
L4PortThe TCP port used for keep-  
alives between the failover peers. The  
default port is 1028.  
unitThe unit number for this SLB  
device. The default unit number is 1.  
configure slb global [ping-check | tcp-port-  
check | service-check] frequency <seconds>  
timeout <seconds>  
Configures default health checking  
frequency and timeout period. If the health  
check frequency and timeout are not  
specified for a specific node or VIP, the  
global values are used. Specify one of these  
service checkers:  
ping-checkL3-based pinging of the  
physical node. Default ping frequency is  
one ping generated to the node each 10  
seconds. If the node does not respond to  
any ping within a timeout period of 30  
seconds (3 ping intervals), the node is  
considered inoperable.  
tcp-port-checkL4-based TCP port  
open/close testing. Default values are 30  
seconds for frequency and 90 seconds for  
timeout.  
service-checkL7-based  
application-dependent checking. Default  
values are 60 seconds for frequency and  
180 seconds for timeout.  
configure slb global ftp userid <userid>  
password {encrypted} {<password>}  
Configures default parameters for L7  
service checking. If no password is  
provided, you are prompted twice.  
393  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 18.4: Advanced SLB Commands  
Command  
Description  
configure slb global http url <url_string>  
match-string [<match_string> | any-content]  
Configures the default parameters for L7  
service checking.  
configure slb global nntp newsgroup  
<newsgroup>  
Configures the default parameter for L7  
service checking.  
configure slb global persistence-level [same-  
vip-same-port | same-vip-any-port | any-vip]  
Configures the default parameter for  
persistence level.  
configure slb global persistence-method [per-  
packet | per-session]  
Configures the default parameter for  
persistence method.  
configure slb global pop3 userid <userid>  
password {encrypted} {<password>}  
Configures the default parameter for L7  
service checking.  
configure slb global smtp <dns_domain>  
Configures the default parameter for L7  
service checking.  
configure slb global synguard max-  
unacknowledge-SYNs <num_syns>  
Configures the num_synsvalue that is used  
to trigger the SYN-guard feature.  
configure slb global telnet userid <userid>  
password {encrypted} {<password>}  
Configures default parameters for L7  
service checking. If no password is  
provided, you are prompted twice for the  
password.  
configure slb node <ipaddress>:<L4Port> tcp-  
port-check frequency <seconds> | timeout  
<seconds>  
Overrides the global default frequency and  
timeout values for this node. Use a value of  
0 to restore settings to global default values.  
configure slb node <ipaddress> ping-check  
frequency <seconds> timeout <seconds>]  
Overrides the global default frequency and  
timeout values for this node. Use a value of  
0 to restore the settings to the global default  
values.  
configure slb vip <vipname> max-connections  
<connections>  
Configures the maximum connections  
allowed to a particular VIP. A value of 0  
indicates that no maximum is enforced. The  
default value is 0.  
394  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
Table 18.4: Advanced SLB Commands  
Command  
Description  
configure slb vip <vipname> service-check  
frequency <seconds> timeout <seconds>  
Configures the L7 service check frequency  
and timeout parameters for a particular VIP.  
To return to the global values, specify 0for  
frequency and timeout.  
configure slb vip <vipname> service-check http  
{url <url> match-string [<match_string> | any-  
content]}  
Configures VIP service checking for the  
HTTP service. When the match-string  
option is specified, the string must be in the  
first 1000 bytes of the returned Web page.  
configure slb vip <vipname> service-check ftp  
{userid <userid> | password {encrypted}  
<password>}  
Configures VIP service checking for the  
FTP service.  
configure slb vip <vipname> service-check  
telnet {userid <userid> | password {encrypted}  
<password>}  
Configures VIP service checking for the  
telnet service.  
configure slb vip <vipname> service-check  
smtp {<dns_domain>}  
Configures VIP service checking for the  
SMTP service.  
configure slb vip <vipname> service-check  
nntp <newsgroup>  
Configures VIP service checking for the  
NNTP service.  
configure slb vip <vipname> service-check  
pop3 userid <userid> password {encrypted}  
{<password>}  
Configures VIP service checking for the  
POP3 service.  
configure slb vip <vipname> unit <number>  
Configures a unit number of a VIP name for  
active-active failover. The default unit  
number is 1.  
disable slb failover  
Disables SLB failover.  
disable slb failover manual-failback  
disable slb failover ping-check  
disable slb global synguard  
Disables manual failback.  
Disables ping-check to an external gateway.  
Disables the TCP SYN-guard feature.  
395  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 18.4: Advanced SLB Commands  
Command  
Description  
disable slb node <ipaddress>:{<L4Port> | all}  
tcp-port-check  
Disables L4 port checking.  
disable slb node <ipaddress> ping-check  
Disables L3 pinging.  
disable slb vip [<vipname> | all] client-  
persistence  
Disables client-persistence.  
disable slb vip [<vipname> | all] close-  
connections-now  
Disables one or all VIP groups. All existing  
connections are immediately closed.  
disable slb vip [<vipname> | all] service-check  
Disables L7 service checking.  
Disables sticky persistence.  
disable slb vip [<vipname> | all] sticky-  
persistence  
disable slb vip [<vipname> | all] svcdown-reset Disables svcdown-reset.  
enable slb failover  
Enables the SLB failover mechanism. The  
default setting is disabled.  
enable slb failover manual-failback  
enable slb failover ping-check  
Enables manual failback.  
Enables ping-checking to an external  
gateway. The default setting is disabled.  
enable slb global synguard  
Enables the TCP SYN-guard feature. The  
SYN-guard feature minimizes the effect of  
the TCP-open type of denial-of-service  
attack by keeping track of all the half-open  
connections. When the number of half-open  
connections exceeds the num_synsvalue,  
the half-open connections are fast-aged out.  
enable slb node <ipaddress> ping-check  
Enables L3 pinging to the node address.  
Ping-check is automatically enabled when a  
node is added to a pool.  
enable slb node <ipaddress>:<L4Port> tcp-  
port-check  
Enables L4 port-check to the node address.  
396  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
Table 18.4: Advanced SLB Commands  
Command  
Description  
enable slb vip [<vipname> | all] client-  
persistence {mask <mask>}  
Enables client persistence and specifies the  
timeout and client address mask. If the  
client sets up multiple sessions to a virtual  
server, all sessions must connect to the  
same physical node.  
Enabling client persistence instructs the  
switch to forward new session requests  
from the same client (or clients on the same  
network using the maskargument) to the  
same node. The association between the  
client and physical node is ended after the  
specified timeout. The default is disabled.  
enable slb vip [<vipname> | all] service-check  
Enables L7 service checking based on:  
If a service check is already configured,  
it uses the user-configured service-  
checking information.  
If a service-check is not explicitly  
configured and a well-known port is  
used when creating a VIP, the switch  
guesses the application based on the  
well-known port number and starts the  
L7 service checker with the global  
default parameters.  
enable slb vip [<vipname> | all] sticky-  
persistence {netmask <mask>}  
Enables sticky persistence and specifies the  
timeout. Sticky persistence is usually used  
to load balance firewall and Web caches.  
When enabled, the switch forwards all  
traffic and new sessions toward a  
destination address (or address within a  
certain subnet boundary specified by the  
maskargument) to the same physical node.  
The default setting is disabled.  
397  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 18.4: Advanced SLB Commands  
Command  
Description  
enable slb vip [<vipname> | all] svcdown-reset  
Enables the svcdown-reset configuration. If  
enabled, the switch sends TCP RST to both  
the clients and the node, if the node  
associated with this VIP completely fails a  
ping-check, port-check, or service-check.  
Otherwise, the connections to the node are  
left as is, and are subject to connection  
reaping if idle for longer than the treaper-  
timeout configured on the SLB port. The  
default setting is disabled.  
show slb failover  
Disables the SLB failover configuration and  
status.  
unconfigure slb vip [<vipname> | all] service-  
check  
Disables and removes the service check  
configuration.  
Web Cache Redirection  
Web cache redirection uses the TCP or UDP port number to redirect  
client requests to a target device (or group of devices). Web cache  
redirection transparently redirects traffic to Web cache devices or to  
proxy servers and firewalls located in a demilitarized zone.  
There are two ways to configure Web cache redirection:  
Transparent mode SLB (described earlier in this chapter)  
Flow redirection  
Flow Redirection  
Flow redirection examines traffic and redirects it based on these  
criteria:  
IP source address and mask  
IP destination address and mask  
Layer 4 port  
398  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
Precedence of Flow Redirection Rules  
Multiple flow redirection rules can overlap in making a redirection  
decision. In these cases, precedence is determined by "best match"  
where the most specific redirection rule that satisfies the criteria  
will win. The best match is determined in this order:  
Destination IP Address/Mask  
Destination IP Port  
Source IP Address/Mask  
In general, these rules apply:  
If a flow with a comparatively better matching mask on an IP  
address satisfies the content of a packet, that flow is observed.  
If one flow redirection rule contains any as an L4 protocol and a  
second flow redirection rule contains explicit L4 port information,  
the second is observed, if the packet contains matching L4  
information.  
If one flow has a comparatively better match on source  
information and a second flow has comparatively better match on  
destination information then the rule with the better match on the  
destination information is selected.  
For example, in the following two cases, the rule with the best  
match is the rule that is selected.  
Table 18.5: Example #1: Flow Redirection Rules  
Destination IP  
Address  
Destination IP  
Port  
Source IP  
Address  
Priority  
Selection  
192.0.0.0/8  
192.168.0.0/16  
80  
ANY  
ANY  
1
2
ANY  
399  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
In this case, Policy 1 is the rule with the best match as it contains an  
explicit Destination IP Port even though the mask for the  
Destination IP Address is less specific.  
Table 18.6: Example #2: Flow Redirection Rules  
Destination IP  
Address  
Destionation IP  
Port  
Source IP  
Address  
Priority Selection  
192.168.2.0/24  
192.168.0.0/16  
192.168.2.0/24  
192.168.2.0/24  
80  
ANY  
2
4
3
1
ANY  
ANY  
80  
10.10.10.0./24  
10.10.0.0/16  
10.10.0.0/16  
In this case, Policy 4 is the rule with the best match as it contains an  
explicit destination IP Port.  
Flow Redirection Commands  
To configure flow redirection, use the commands listed in  
Table 18.7. For further command options, press the Tab key in the  
command line interface.  
Table 18.7: Flow Redirection Commands  
Command  
Description  
configure flow-redirect <flow_policy>  
add next-hop <ipaddress>  
Adds the next-hop host (gateway) that is to receive  
the packets that match the flow policy. By default,  
ping-based health checking is enabled.  
configure flow-redirect <flow_policy>  
delete next-hop <ipaddress>  
Deletes the next-hop host (gateway).  
configure flow-redirect <flow-policy>  
service-check [ftp | http | L4-port | nntp |  
ping | pop3 | smtp | telnet]  
Adds a service check for the specified service to  
the flow redirection policy  
400  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 8  
Server Load Balancing (SLB)  
Table 18.7: Flow Redirection Commands (continued)  
Command  
Description  
create flow-redirect <flow_policy> [any |  
tcp | udp] destination [<ipaddress/mask>  
| any] ip-port [<L4Port> | any] source  
[<ipaddress/mask> | any]  
Creates a flow redirection policy.  
delete flow-redirect <flow_policy>  
show flow-redirect  
Deletes a flow redirection policy.  
Displays the current flow redirection  
configuration and statistics.  
Flow Redirection Example  
Figure 18.8 uses flow redirection to redirect Web traffic to Web  
cache servers. In this example, the clients and the cache devices are  
located on different networks. This is done by creating a different  
VLAN for the clients and cache devices.  
Internet  
®
Web client A Web client B  
Client VLAN  
10.10.10.1/24  
10.10.30.1/24  
10.10.20.1/24  
Cache device 1  
10.10.20.10/24  
Cache device 2  
10.10.20.11/24  
Cache VLAN  
Figure 18.8: Flow-redirection example  
EW_054  
401  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
These commands are used to configure the 480T routing switch in  
this example:  
create vlan client  
configure vlan client add port 1  
configure vlan client ipaddress 10.10.10.1/24  
create vlan cache  
configure vlan cache add port 2  
configure vlan cache ipaddress 10.10.20.1/24  
create vlan internet  
configure vlan internet add port 3  
configure vlan internet ipaddress 10.10.30.1/24  
enable ipforwarding  
create flow-redirect wcr tcp destination any ip-  
port 80 source any  
configure flow-redirect wcr add next-hop  
10.10.20.10  
configure flow-redirect wcr add next-hop 10.10.20.1  
402  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Status Monitoring  
and Statistics  
19  
This chapter describes how to view the current operating status of the  
Intel® NetStructure480T routing switch, how to display information in  
the log, and how to take advantage of available Remote Monitoring  
(RMON) capabilities.  
Viewing statistics on a regular basis allows you to see how well your  
network is performing. If you keep simple daily records, you may see  
trends emerging and notice problems arising before they cause major  
network faults.  
Status Monitoring  
The status monitoring facility provides information about the 480T  
routing switch. This information may be useful when contacting Intel  
Customer Support, should you have a problem. The local management  
software includes many showcommands that display information about  
different switch functions and facilities.  
Table 19.1 describes showcommands that are used to monitor the status  
of the 480T routing switch . For further command options, press the Tab  
key in the command line interface.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 19.1: Status Monitoring Commands  
Command  
Description  
show log config  
Displays the log configuration, including the syslog  
host IP address, the priority level of messages being  
logged locally, and the priority level of messages  
being sent to the syslog host.  
show log {<priority>}  
Displays the current snapshot of the log. Priority  
options filter the log to display messages with the  
selected priority or higher (more critical).  
Specify:  
Critical  
Emergency  
Alert  
Error  
Warning  
Notice  
Info  
Debug  
Configuration  
If not specified, all messages display.  
show memory {detail}  
Displays the current system-memory information.  
Specify the detailoption to view task-specific  
memory usage.  
404  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 9  
Status Monitoring and Statistics  
Table 19.1: Status Monitoring Commands (continued)  
Command  
Description  
show switch  
Displays the current switch information, including:  
sysName, sysLocation, sysContact  
MAC address  
Current time and date, system uptime, and time  
zone  
Operating environment (temperature indication,  
fans, and power supply status)  
Non-Volatile Random Access Memory  
(NVRAM) configuration information  
Scheduled reboot information  
Software licensing information  
show version  
Displays the hardware and software versions  
running on the switch.  
Port Statistics  
The 480T routing switch allows you to view port statistic  
information. The summary information lists values for the current  
counter against each port on each operational module in the system,  
and it is refreshed approximately every 2 seconds. Values are  
displayed to nine digits of accuracy.  
To view port statistics, use this command:  
show ports <portlist> stats  
This port statistic information is collected:  
Link StatusThe current status of the link. Options are:  
Ready: the port is ready to accept a link  
Active: the link is present at this port  
Transmitted Packet Count (Tx Pkt Count)The number of  
packets that were successfully transmitted by the port.  
Transmitted Byte Count (Tx Byte Count)The total number of  
data bytes successfully transmitted by the port.  
405  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Received Packet Count (Rx Pkt Count)The total number of  
good packets that were received by the port.  
Received Byte Count (Rx Byte Count)The total number of  
bytes that were received by the port, including bad or lost frames.  
This number includes bytes contained in the Frame Check  
Sequence (FCS), but excludes bytes in the preamble.  
Received Broadcast (Rx Bcast)The total number of frames  
received by the port that are addressed to a broadcast address.  
Received Multicast (Rx Mcast)The total number of frames  
received by the port that are addressed to a multicast address.  
Port Errors  
The 480T routing switch tracks errors for each port. To view port  
transmit errors, use this command:  
show ports <portlist> txerrors  
This port transmit error information is collected:  
Port Number  
Link StatusThe current status of the link. Options are:  
Ready: the port is ready to accept a link  
Active: the link is present at this port  
Transmit Collisions (Tx Coll)The total number of collisions  
seen by the port, regardless of whether a device connected to the  
port participated in any of the collisions.  
Transmit Late Collisions (Tx Late Coll)The total number of  
collisions that occurred after the ports transmit window expired.  
Transmit Deferred Frames (Tx Deferred)The total number  
of frames that were transmitted by the port after the first  
transmission attempt was deferred by other network traffic.  
Transmit Errored Frames (Tx Error)The total number of  
frames that were not completely transmitted by the port because  
of network errors (such as late collisions or excessive collisions).  
Transmit Parity Frames (Tx Parity)The bit summation has a  
parity mismatch.  
406  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 9  
Status Monitoring and Statistics  
To view port receive errors, use this command:  
show ports <portlist> rxerrors  
The following port receive error information is collected:  
Receive Bad CRC Frames (Rx CRC)The total number of  
frames received by the port that were of the correct length, but  
contained a bad FCS value.  
Receive Oversize Frames (Rx Over)The total number of good  
frames the port received that were longer than the supported  
maximum length of 1,522 bytes. Ports with jumbo frames enabled  
do not increment this counter.  
Receive Undersize Frames (Rx Under)The number of frames  
the port received that were less than 64 bytes long.  
Receive Fragmented Frames (Rx Frag)The total number of  
frames the port received that were of incorrect length and  
contained a bad FCS value.  
Receive Jabber Frames (Rx Jab)The total number of frames  
the port received, greater than the support maximum length and  
that had a Cyclic Redundancy Check (CRC) error.  
Receive Alignment Errors (Rx Align)The total number of  
frames received by the port that occurs if a frame has a CRC error  
and does not contain an integral number of octets.  
Receive Frames Lost (Rx Lost)The total number of frames  
that were received by the port that were lost due to buffer  
overflow in the switch.  
Port Monitoring Display Keys  
Table 19.2 describes the keys used to control the displays that  
appear when you issue any of the show portcommands.  
Table 19.2: Port Monitoring Display Keys  
Key(s)  
Description  
U
D
Displays the previous page of ports.  
Displays the next page of ports.  
407  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 19.2: Port Monitoring Display Keys (continued)  
Key(s)  
Description  
Esc or Enter  
0
Exits from the screen.  
Clears all counters.  
Cycles through these screens:  
Spacebar  
Packets per second  
Bytes per second  
Percentage of bandwidth  
Available using the show port  
utilizationcommand only.  
Setting the System Recovery Level  
You can configure the system to automatically reboot after a  
software task exception, using this command:  
configure sys-recovery-level [none | critical |  
all]  
Where:  
noneConfigures the level to no recovery.  
criticalConfigures the switch to log an error into the syslog  
and automatically reboot the system after a critical task exception.  
allConfigures the switch to log an error into the syslog and  
automatically reboot the system after any task exception.  
The default setting is none.  
Logging  
The 480T routing switch log tracks all configuration and fault  
information pertaining to the device. Each entry in the log contains  
this information:  
Timestamp The timestamp records the month and day of the  
event, along with the time (hours, minutes, and seconds) in the  
408  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 9  
Status Monitoring and Statistics  
form HH:MM:SS. If the event was caused by a user, the user  
name is also provided.  
Fault levelTable 19.3 describes the three levels of importance  
that the system can assign to a fault.  
Table 19.3: Fault Levels  
Level  
Description  
Critical  
A desired switch function is inoperable. The  
switch may need to be reset.  
Warning  
A noncritical error that may lead to a function  
failure.  
Informational  
Debug  
Actions and events that are consistent with  
expected behavior.  
Information that is useful when performing  
detailed troubleshooting procedures.  
By default, log entries that are assigned a critical or warning  
level remain in the log after a switch reboot. Issuing a clear log  
command does not remove these static entries. To remove log  
entries of all levels (including warning or critical), use this  
command:  
clear log static  
SubsystemThe subsystem refers to the specific functional area  
to which the error refers. Table 19.4 describes the subsystems  
Table 19.4: Fault Log Subsystems  
Subsystem  
Description  
Syst  
General system-related information. Examples  
include memory, power supply, security  
violations, fan failure, overheat condition, and  
configuration mode.  
STP  
Shielded Twisted Pair (STP) information.  
Examples include an STP state change.  
409  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 19.4: Fault Log Subsystems (continued)  
Subsystem  
Description  
Brdg  
Bridge-related functionality. Examples include  
low table space and queue overflow.  
SNMP  
Telnet  
SNMP information. Examples include  
community string violations.  
Information related to Telnet login and  
configuration performed using a Telnet session.  
VLAN  
Port  
VLAN-related configuration information.  
Port management-related configuration.  
Examples include port statistics and errors.  
Local Logging  
The 480T routing switch maintains 1,000 messages in its internal  
log. You can display a snapshot of the log at any time, using the  
command:  
show log {<priority>}  
Displays the current snapshot of the log. Priority filters the log to  
display messages with the selected or higher (more critical) priority.  
Priorities include (in order):  
Critical  
Emergency  
Alert  
Error  
Warning  
Notice  
Info  
Debug  
If not specified, info and higher priority messages display.  
410  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 9  
Status Monitoring and Statistics  
Real-Time Display  
Along with viewing a snapshot of the log, you can configure the  
system to maintain a running real-time display of log messages on  
the console. To turn on the log display, enter this command:  
enable log display  
To configure the log display, use this command:  
configure log display {<priority>}  
If priorityis not specified, only messages of critical priority  
display.  
If you enable the log display on a terminal connected to the console  
port, your settings remain in effect even after your console session  
ends (unless you explicitly disable the log display).  
When using a Telnet connection, if your Telnet session is  
disconnected (because of the inactivity timer or for other reasons),  
the log display is automatically halted. To restart the log display,  
use the enable log displaycommand.  
Remote Logging  
Along with maintaining an internal log, the 480T routing switch  
supports remote logging using the syslog host facility. You can  
configure up to four syslog servers for remote logging. To enable  
remote logging configure the syslog host to accept and log  
messages. Use these commands:  
1. Enable remote logging by using this command:  
enable syslog  
2. Configure remote logging by using this command:  
configure syslog {add} <ipaddress> <facility>  
{<priority>}  
3. Specify:  
ipaddressThe IP address of the syslog host.  
facilityThe syslog facility level for local use. Options  
include local0through local7.  
priorityFilters the log to display messages with the  
selected or higher (more critical) priority.  
411  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
The priorities are the same as for local logging.  
If not specified, only critical priority messages are sent to the syslog  
host.  
Logging Configuration Changes  
The local management software allows you to record all configura-  
tion changes (and their sources) made through the CLI using Telnet  
or the local console. The changes are logged to the system log.  
Each log entry includes the user account name that performed the  
change and the source IP address of the client (if Telnet was used).  
Configuration logging applies only to commands that result in a  
configuration change. To enable configuration logging, use this  
command:  
enable cli-config-logging  
To disable configuration logging, use this command:  
disable cli-config-logging  
CLI configuration logging is enabled by default.  
Logging Commands  
The commands described in Table 19.5 allow you to configure  
logging options, reset the options, display the log, and clear the log.  
For further command options, press the Tab key in the command  
line interface.  
Table 19.5:Logging Commands  
Command  
Description  
clear counters  
clear log {static}  
Clears all switch statistics and port counters.  
Clears the log. If staticis specified, the  
critical log messages are also cleared.  
412  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 9  
Status Monitoring and Statistics  
Table 19.5:Logging Commands (continued)  
Command  
Description  
configure log display {<priority>}  
Configures the real-time log display. Displays  
the current snapshot of the log. Priority filters  
the log to display messages with the selected  
or higher (more critical) priority. Priorities  
include (in order):  
Critical  
Emergency  
Error  
Alert  
Warning  
Notice  
Info  
Debug  
If not specified, infoand higher priority  
messages display.  
configure syslog {add} <ip_address>  
<facility> {<priority>}  
Configures the syslog host address and filters  
messages sent to the syslog host. You can  
configure up to four syslog servers. Options  
include:  
ipaddressThe IP address of the syslog  
host.  
facilityThe syslog facility level for  
local use (local0 - local7).  
priorityThe priority filter as described  
in the previous command, one of critical,  
emergency, error, alert, warning, notice,  
info or debug.  
configure syslog delete <ip_address>  
<facility> {<priority>}  
Deletes a syslog host address.  
Disables configuration logging.  
disable cli-config-logging  
413  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 19.5:Logging Commands (continued)  
Command  
Description  
disable log display  
Disables the log display.  
Disables logging to a remote syslog host.  
disable syslog  
enable cli-config-logging  
Enables the logging of CLI configuration  
commands to the Syslog for auditing  
purposes. The default setting is enabled.  
enable log display  
enable syslog  
Enables the log display.  
Enables logging to a remote syslog host.  
show log config  
Displays the log configuration, including the  
syslog host IP address, the priority level of  
messages being logged locally, and the  
priority level of messages being sent to the  
syslog host.  
show log {<priority>}  
Displays the current snapshot of the log.  
Priorityfilters the log to display messages  
with the selected or higher (more critical)  
priority. Priorities is one of Critical,  
Emergency, Error, Alert, Warning, Notice,  
Info, or Debug. If not specified, info and  
higher priority messages display.  
RMON  
Using the Remote Monitoring (RMON) capabilities of the 480T  
routing switch allows network administrators to improve system  
efficiency and reduce the load on the network.  
This sections explain more about the RMON concept and the  
RMON features supported by the switch.  
RMON is the common abbreviation for the Remote Monitoring  
Management Information Base (MIB) system defined by the  
Internet Engineering Task Force (IETF) documents RFC 1271 and  
RFC 1757. You can use RMON to monitor LANs remotely.  
414  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
1 9  
Status Monitoring and Statistics  
A typical RMON setup consists of two components:  
RMON probeAn intelligent, remotely controlled device or  
software agent that continually collects statistics about a LAN  
segment or VLAN. The probe transfers the information to a  
management workstation on request, or when a predefined  
threshold is crossed.  
Management workstationCommunicates with the RMON  
probe and collects the statistics from it. The workstation does not  
have to be on the same network as the probe, and can manage the  
probe by in-band or out-of-band connections.  
You can only use the RMON features of the system if you have an  
RMON management application, and have enabled RMON on the  
switch.  
RMON Features  
The IETF defines nine groups of Ethernet RMON statistics. The  
480T routing switch supports four of these groups:  
Statistics  
History  
Alarms  
Events  
Statistics  
The RMON Ethernet Statistics group provides traffic and error  
statistics showing packets, bytes, broadcasts, multicasts, and errors  
on a LAN segment or VLAN.  
Information from the Statistics group is used to detect changes in  
traffic and error patterns in critical areas of the network.  
History  
The History group provides historical views of network  
performance by taking periodic samples of the counters supplied by  
the Statistics group. The History group features user-defined  
sample intervals and bucket counters for complete customization of  
trend analysis.  
415  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
The History group is useful for analysis of traffic patterns and trends  
on a LAN segment or VLAN, and to establish baseline information  
indicating normal operating parameters.  
Alarms  
The Alarms group provides a versatile, general mechanism for  
setting threshold and sampling intervals to generate events on any  
RMON variable. Both rising and falling thresholds are supported,  
and thresholds can be on the absolute value of a variable or its delta  
value. Alarm thresholds may be auto-calibrated or set manually.  
Alarms inform you of a network performance problem and can  
trigger automated action responses through the Events group.  
Events  
The Events group creates entries in an event log or sends SNMP  
traps to the management workstation. An event is triggered by an  
RMON alarm. You can configure the switch to:  
Ignore the event  
Log the event  
Send an SNMP trap to the receivers listed in the trap receiver table  
Both log and send a trap  
The RMON traps are defined in RFC 1757 for rising and falling  
thresholds.  
Effective use of the Events group saves you time. Rather than  
having to watch real-time graphs for important occurrences, you  
can depend on the Events group for notification.  
Through the SNMP traps, events can trigger other actions,  
providing a mechanism for an automated response to certain  
occurrences.  
Configuring RMON  
RMON requires one probe per LAN segment, and stand-alone  
RMON probes have traditionally been expensive. Therefore, Intels  
approach is to provide an affordable RMON probe into the agent of  
each system. This allows RMON to be widely deployed around the  
416  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
network without costing more than traditional network  
management.  
The 480T routing switch accurately maintains RMON statistics at  
the maximum line rate of all of its ports. For example, statistics can  
be related to individual ports.  
RMON Probe with Security Features Enabled  
A probe must be able to monitor all traffic. Unlike Intels built-in  
probe, a stand-alone probe must be attached to a nonsecure port.  
Implementing RMON in the 480T routing switch allows for all  
ports to have security features enabled.  
To enable or disable the collection of RMON statistics on the  
switch, use this command:  
[enable | disable] rmon  
By default, RMON is disabled. However, even in the disabled state,  
the 480T routing switch responds to RMON queries and sets for  
alarms and events. By enabling RMON, the switch begins the  
processes necessary for collecting switch statistics.  
Event Actions  
The actions that you can define for each alarm are shown in  
Table 19.6.  
Table 19.6: Event Actions  
Action  
High Threshold  
No action  
Notify only  
Notify and log  
Send trap to all trap receivers.  
Send trap; place entry in RMON log.  
To be notified of events using SNMP traps, you must configure one  
or more trap receivers.  
417  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
418  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Software Upgrade  
and Boot Options  
20  
Overview  
This chapter describes the procedure for upgrading the Intel®  
NetStructure480T routing switch firmware image. It also includes a  
discussion of how to save and load a primary and secondary image and  
configuration file on the switch.  
Saving Configuration Changes  
The configuration is the customized set of parameters that you have  
selected to run on the switch. As you make configuration changes, the new  
settings are stored in run-time memory. Settings that are stored in run-  
time memory are not retained by the switch when the switch is rebooted.  
To retain the settings and have them load when you reboot the switch, you  
must save the configuration to non-volatile (more permanent) storage.  
The switch can store two different configurations: a primary and a  
secondary. When you save configuration changes, you can select the  
configuration you want to save the changes to. If you do not specify, the  
changes are saved to the configuration area currently in use.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
If you make a mistake, or find you must revert to the configuration  
as it was before you started making changes, you can set the switch  
to use the secondary configuration on the next reboot.  
If the switch is rebooted  
during a configuration  
save, the switch boots to  
factory default settings.  
The configuration in the  
process of being saved is  
unaffected.  
To save the configuration, use this command:  
save {configuration} {primary | secondary}  
To use the configuration, use this command:  
use configuration [primary | secondary]  
The configuration takes effect on the next reboot.  
Upgrading Your Switch  
To upgrade your 480T  
routing switch you may  
need to upgrade the  
BootROM image and the  
firmware. Refer to the Late  
Breaking News document  
at http://support.intel.com.  
The image file contains the factory-installed executable code or  
program that runs on the switch. As new versions of the image are  
released, you should upgrade the firmware and the BootROM  
image running on your switch.  
The images are upgraded by using a download procedure from a  
TFTP (Trivial File Transfer Protocol) server on the network your  
switch is connected to.  
To upgrade the switch, you must:  
1. Save your configuration to the TFTP server.  
2. Download the new BootROM and reboot your switch.  
3. Download the new firmware and reboot your switch.  
4. Restore your configuration from the TFTP server.  
Since the switch stores both a primary and a secondary  
configuration, you can upgrade the firmware into the primary  
configuration, while retaining the older versions in the secondary  
configuration in case of problems in the upgrade process.  
Starting a TFTP Server  
®
The switch ships with Intel Device View (see Using Intel Device  
View for information about installing and using Intel Device View).  
To activate the TFTP server, choose Tools and then choose TFTP  
Server.  
420  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
2 0  
Software Upgrade and Boot Options  
Once the TFTP server is running, click the Server Dir. button.  
Verify that the active directory is Program Files\Intel\Intel Device  
View\Firmware. Make sure that both the BootROM image (a file  
named ngbootnn.bin) and the firmware image (a file named  
vnnnnbnn.tfp) are in this directory.  
Upgrading the BootROM  
The BootROM image is always backward compatible with older  
versions of the firmware, so you can upgrade your BootROM before  
you upgrade your firmware without losing switch functionality.  
To upgrade the BootROM image:  
1. Connect an ethernet cable between the switch and a workstation  
that is on the same network or subnet as the switch. Use terminal  
emulation software, such as HyperTerminal, to connect to the  
switch and log in. By default, a login of admin with no password  
is provided  
2. Save your existing configuration to disk using this command.  
Choose a filename you will remember easily. TFTPserverIP is the  
IP address of your TFTP server. You can find this in the lower  
left-hand corner of the TFTP server window.  
upload configuration <TFTPserverIP> <filename>  
3. Reset the switch to factory defaults using this command:  
unconfig switch all  
4. Log into switch and set the IP address of the switch to a valid IP  
address on your network.  
configure vlan default ipaddress <ip address>  
<mask>  
5. Save this configuration to the primary database.  
save configuration primary  
6. Download BootROM 6.5 to the switch from your TFTP server.  
download bootrom <TFTPserverIP> ngboot<nn>.bin  
7. Reboot the switch and log back on.  
reboot  
421  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Upgrading the Firmware  
To upgrade the firmware on the switch:  
1. Download the latest image from your TFTP server.  
download image <TFTPserverIP> v<nnn>b<nn>.tfp  
primary  
2. Verify that primary image is now at the latest version and that the  
secondary image is still at the older version:  
show switch  
3. Save this configuration in the primary configuration database:  
save configuration primary  
4. Then reboot the switch, and log back into the switch.  
reboot  
5. Verify that the switch is now using the latest version of the  
BootROM and firmware:  
show version  
6. Download your saved configuration back onto the switch. <File-  
name> is the name of the configuration file you saved earlier  
before downloading the new BootROM.  
download configuration <TFTPserverIP> <filename>  
primary  
Downgrading Your Switch  
Assuming you have followed the upgrade instructions correctly,  
these steps return to your previous firmware and configuration files:  
Activate the previous image in the secondary image space using  
the command:  
use image secondary  
To configure the switch to access the secondary configuration  
(assuming you have set up the older version as the secondary  
configuration) use the command:  
use config secondary  
Verify that the above procedures were completed successfully  
with the command:  
422  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
2 0  
Software Upgrade and Boot Options  
show switch  
Reboot the switch using the rebootcommand.  
If you have followed upgrade instructions, your original  
configuration should be operational.  
If you did not have an older configuration, you may perform a  
minimal configuration for the switch through the command line  
interface (CLI) sufficient to TFTP download the configuration file  
generated during the upgrade procedure.  
Using TFTP to Upload the  
Configuration  
You can upload the current configuration to a TFTP server on your  
network. The uploaded ASCII file retains the command-line  
interface (CLI) format. This allows you to:  
Modify the configuration using a text editor, and later download a  
copy of the file to the same switch, or to one or more different  
switches.  
Send a copy of the configuration file to Intel Customer Support  
for problem-solving.  
Automatically upload the configuration file every day, so that the  
TFTP server can archive the configuration daily. Because the  
filename is not changed, the configured file stored in the TFTP  
server is overwritten every day.  
To upload the configuration, use the command:  
upload configuration [<ipaddress> | <hostname>]  
<filename> {every <time>}  
where:  
ipaddressis the IP address of the TFTP server.  
hostnameis the hostname of the TFTP server. (You must enable  
DNS to use this option.)  
filenameis the name of the ASCII file. The filename can be up  
to 255 characters long, and cannot include any spaces, commas,  
quotation marks, or special characters.  
every <time>specifies the time of day you want the  
configuration automatically uploaded on a daily basis. If not  
423  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
specified, the current configuration is immediately uploaded to  
the TFTP server.  
To cancel a scheduled configuration upload, use the command:  
upload configuration cancel  
Using TFTP to Download the  
Configuration  
To modify the switch configuration, you can download ASCII files  
that contain CLI commands to the switch. Three types of  
configuration scenarios can be downloaded:  
Complete configuration  
Incremental configuration  
Scheduled incremental configuration  
You can find a TFTP Server Utility in Intel Device View under the  
Tools menu.  
Downloading a Complete Configuration  
Downloading a complete configuration replicates or restores the  
entire configuration to the switch. You typically use this type of  
download with the upload configcommand, which generates a  
complete switch configuration in an ASCII format. As part of the  
complete configuration download, the switch is automatically  
rebooted.  
To download a complete configuration, use this command:  
download configuration [<hostname | ip_address>]  
<filename>  
After you download the ASCII configuration using TFTP, you are  
prompted to reboot the switch. The downloaded configuration file  
is stored in current switch memory during the rebooting process,  
and is not retained if the switch has a power failure.  
When the switch completes booting, it treats the downloaded  
configuration file as a script of CLI commands, and automatically  
executes the commands. If your CLI connection is through a Telnet  
424  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
2 0  
Software Upgrade and Boot Options  
connection (and not the console port), your connection is terminated  
when the switch reboots, but the command executes normally.  
Downloading an Incremental Configuration  
You can make a partial or incremental change to the switch  
configuration using downloaded ASCII files that contain CLI  
commands. The switch interprets these commands as a script of CLI  
commands. They take effect at the time of the download, without  
requiring a reboot of the switch.  
To download an incremental configuration, use this command:  
download configuration <hostname | ip_address>  
<filename> {incremental}  
Scheduled Incremental Configuration  
Download  
You can schedule the switch to download a partial or incremental  
configuration on a regular basis. You can use this feature to update  
the switch configuration regularly from a centrally administered  
TFTP server. As part of the scheduled incremental download, you  
can optionally configure a backup TFTP server.  
To configure the primary and/or secondary TFTP server and  
filename, use this command:  
configure download server [primary | secondary]  
<hostname | ip_address> <filename>  
To enable scheduled incremental downloads, use this command:  
download configuration every <hour> <min>  
To display scheduled download information, use this command:  
show switch  
To cancel scheduled incremental downloads, use this command:  
download configuration cancel  
425  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Remember to Save  
Regardless of the download option used, configurations are  
downloaded into switch runtime memory only. The configuration is  
saved only when the savecommand is issued, or if the  
configuration file itself includes the savecommand.  
If the configuration currently running in the switch does not match  
the configuration that the switch used when it originally booted, an  
asterisk (*) appears before the command line prompt when using  
the CLI.  
Accessing BootROM  
The BootROM of the switch initializes certain important switch  
variables during the boot process. In the event the switch does not  
boot properly, you can access some boot option functions through a  
special BootROM menu.  
Interaction with the BootROM menu is only required under special  
circumstances, and should be done only under the direction of Intel  
Customer Support.  
To access the BootROM menu, follow these steps:  
Attach a serial cable to the console port of the switch, as described  
in Chapter 3, Accessing the Switch.  
Attach the other end of the serial cable to a terminal or terminal  
emulator.  
Power cycle the switch while pressing the spacebar on the  
keyboard of the terminal.  
When the BootROM-> prompt appears, release the spacebar. You  
can open a Help menu by pressing h.  
Options in the menu include:  
Selecting the image to boot from  
Booting to factory default configuration  
Performing a serial download of an image  
For example, to change the image that the switch boots from in flash  
memory:  
Press 1for the image stored in primary, or  
426  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
2 0  
Software Upgrade and Boot Options  
Press 2for the image stored in secondary.  
Then, press the fkey to boot from newly selected on-board flash  
memory.  
To boot to factory default configuration:  
Press the dkey for default, and  
Press the fkey to boot from the configured on-board flash.  
Boot Option Commands  
Table 20.1 lists the CLI commands associated with switch boot  
options. For further command options, press the Tab key in the  
command line interface.  
Table 20.1: Boot Option Commands  
Command  
Description  
configure download server [primary |  
secondary] <hostname | ipaddress>  
<filename>  
Configures the TFTP server(s) used by a  
scheduled incremental configuration  
download.  
download bootrom [<ipaddress> |  
<hostname>] <filename>  
Downloads a BootROM image from a TFTP  
server. The downloaded image replaces the  
BootROM in the onboard flash memory.  
Caution If this command does not complete  
successfully, it could prevent the switch from  
booting.  
download configuration <hostname |  
ipaddress> <filename> {incremental}  
Downloads a complete configuration. Use the  
incrementalkeyword to specify an  
incremental configuration download.  
download configuration cancel  
Cancels a scheduled configuration download.  
download configuration every <hour> <min>  
Schedules a configuration download. Specify  
the hour using a 24-hour clock, where the  
range is 0 to 23.  
427  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table 20.1: Boot Option Commands (continued)  
Command  
Description  
download image [<ipaddress> | <hostname>]  
<filename> {primary | secondary}  
Downloads a new image from a TFTP server  
over the network. If parameters are not  
specified, the image is saved to the current  
image.  
reboot {time <date> <time> | cancel}  
Reboots the switch on the date and time  
specified. If you do not specify a reboot time,  
the reboot happens immediately following the  
command, and any scheduled reboots are  
cancelled.  
To cancel a scheduled reboot, use the cancel  
option.  
save {configuration} {primary | secondary}  
Saves the current configuration to nonvolatile  
(more permanent) storage.  
You can specify the primary or secondary  
configuration area. If not specified, the  
configuration is saved to the primary  
configuration area.  
show configuration  
Displays the current configuration to the  
terminal. You can then capture the output and  
store it as a file.  
upload configuration [<ipaddress> |  
<hostname>] <filename> {every <time>}  
Uploads the current run-time configuration to  
the specified TFTP server.  
If every timeis specified, the switch  
automatically saves the configuration to the  
server once per day, at the specified time.  
If the time option is not specified, the current  
configuration is immediately uploaded.  
upload configuration cancel  
Cancels a scheduled configuration upload.  
428  
Download from Www.Somanuals.com. All Manuals Search And Download.  
C
H
A
P
T
E
R
2 0  
Software Upgrade and Boot Options  
Table 20.1: Boot Option Commands (continued)  
Command  
Description  
use configuration [primary | secondary]  
Configures the switch to use a particular  
configuration on the next reboot. Options  
include the primary configuration area or the  
secondary configuration area.  
use image [primary | secondary]  
Configures the switch to use a particular  
image on the next reboot.  
429  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
430  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Technical  
Specifications and  
Supported Limits  
A
Technical Specifications  
For IEEE standards  
information refer to  
The following table lists specifications for the Intel® NetStructure™  
480T routing switch.  
http://standards.ieee.org  
Table A.1: Specifications  
Physical Dimensions  
Height: 3.5 inches x Width: 17.36 inches x Depth: 19.20  
inches  
Weight: with single PSU: 21.7 lbs  
with dual PSU: 27.4 lbs  
Environmental Requirements  
Operating Temperature  
Storage Temperature  
Operating Humidity  
Standards  
0° to 40° C  
-25 to 70° C  
5% to 95% relative humidity, noncondensing  
EN60068 (IEC68)  
Certification Marks  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table A.1: Specifications  
CE (European Community)  
TUV/GS (German Notified Body)  
C-Tick (Australian Communication Authority)  
Underwriters Laboratories (USA and Canada)  
Safety  
Agency Certifications  
UL 1950 3rd Edition, listed  
cUL listed to CSA 22.2#950  
TUV GS mark safety approval to the following EN  
standards:  
EN60950:1992/A3:+A1 +A2 +A3 +A4 +A11  
EN60825-1; 1994, + All  
Electromagnetic Compatibility  
FCC part 15 Class  
Ices003 Issue3 Class A  
VCCI Class A  
EN55022:1998 Class A  
EN55024:1998  
C-Tick mark to AS/NZS 3548:1997 Class A  
RRL (Korea)  
BSMI (Taiwan) CNS13438: 1997  
Heat Dissipation  
Power Supply  
265W maximum (904.82 BTU/hr maximum)  
AC Line Frequency  
Input Voltage Options  
Current Rating  
47 Hz to 63 Hz  
90 VAC to 264 VAC, auto-ranging  
100-120/200-240 VAC 4.0/2.0 A  
432  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Appendix A  
Technical Specifications and Supported Limits  
Supported Standards, RFCs and  
Protocols  
Table A.2: Supported Standards, RFCs and Protocols  
RFCs, Standards, and Protocols  
RFC 1058 RIP  
RFC 1723 RIP v2  
RFC 1112 IGMP  
RFC 2236 IGMP v2  
DVMRP v3 - Draft IETF DVMRP v3-07  
PIM-DM v2 - Draft IETF PIM-DM v2-dm-01  
RFC 2362 PIM-SM  
RFC 1966 - BGP Route Reflection  
RFC 1997 - BGP Communities Attribute  
RFC 1745 - BGP/OSPF  
RFC 2113 - IP Router Alert Option  
RFC 1256 Router discovery protocol  
RFC 1812 IP router requirement  
RFC 783 TFTP  
RFC 1587-NSSA option  
RFC 2178 OSPF  
RFC 1542 BootP  
RFC 854 Telnet  
RFC 1122 Host requirements  
IEEE 802.1D-1998 (802.1p) Packet priority  
IEEE 802.1Q VLAN tagging  
IEEE 802.3u 100 Mbps Ethernet  
IEEE 802.3z 1 Gbps Ethernet  
IEEE 802.3ab 1 Gbps Ethernet on Cat 5 UTP  
IEEE 802.3ac Frame Extension for VLAN  
tagging on Ethernet  
IEEE 802.3ad Link Aggregation  
IEEE 802.3x Full-Duplex Operation/Flow  
Control on Ethernet  
IEEE 802.1d Spanning Tree Protocol  
RFC 1965 - Autonomous System  
Confederations for BGP  
RFC 768 UDP  
RFC 791 IP  
RFC 792 ICMP  
RFC 793 TCP  
RFC 826 ARP  
RFC 2068 HTTP  
RFC 2131 BootP/DHCP relay  
RFC 2030 - Simple Network Time Protocol  
§
IPX RIP/SAP Router specification  
IPX SNAP  
IP RIP v1 and v2  
IP Multinetting  
NetBEUI  
§
AppleTalk protocol  
RFC 1771Border Gateway Protocol (BGP-4)  
Enterprise Standby Router Protocol (ESRP)  
Management and Security  
RFC 1157 SNMP v1/v2c  
RFC 1213 MIB II  
RFC 1354 IP forwarding table MIB  
RFC 1493 Bridge MIB  
RFC 2021 RMON probe configuration  
RFC 2239 802.3 MAU MIB  
RFC 1724 RIP v2 MIB  
Enterprise MIB  
RFC 2037 Entity MIB  
HTML and Telnet management  
RFC 2138 RADIUS  
RFC 1573 Evolution of Interface  
RFC 1643 Ethernet MIB  
RFC 1757 Four groups of RMON  
433  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Supported Limits  
The table below summarizes tested metrics for various features on the  
480T routing switch. These metrics are laboratory results and are for  
reference and comparison only.  
Table A.3: Supported Limits  
Metric  
Description  
Limit  
Access Profiles  
Used by SNMP, Telnet, Vista Web interface, and  
Routing Access Policies.  
128  
Access Profile entries  
Access List rules  
Used by SNMP, Telnet, Vista Web interface, and  
Routing Access Policies.  
256  
Maximum number of Access Lists in which all  
rules utilize all available options.  
worst case:  
255  
Telnet - number of  
sessions  
Maximum number of simultaneous Telnet  
sessions.  
8
SNMP - Trap receivers  
Syslog servers  
Maximum number of SNMP trap receiver  
stations supported.  
16  
4
Maximum number of simultaneous syslog  
servers that are supported.  
Jumbo Frame size  
Maximum size supported for Jumbo frames,  
including the CRC.  
9216  
VLANs  
Includes all VLANs, sub-VLANs, super-VLANs  
3000  
512  
IP Router interfaces  
Maximum number of VLANs performing IP  
routing; excludes sub-VLANs.  
434  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Appendix A  
Technical Specifications and Supported Limits  
Table A.3: Supported Limits  
MAC-based VLANs –  
MAC addresses  
Maximum number of MAC addresses that can be  
downloaded to the switch when using MAC-  
based VLANs.  
7000  
15  
Protocol-sensitive  
VLANs active  
protocol filters  
The number of simultaneously active protocol  
filters in the switch.  
Spanning Tree - Max  
STPDs  
Maximum number of Spanning Tree Domains.  
64  
Spanning Tree –  
Maximum number of  
ports  
Maximum number of ports that can participate in  
a single Spanning Tree Domain.  
Same as  
available  
physical  
ports.  
IP Static Routes  
Maximum number of permanent IP routes.  
1024  
8
IP route sharing entries  
Maximum number of IP routes used in route  
sharing calculations. This includes static routes  
and OSPF ECMP.  
IP Static ARP entries  
Maximum number of permanent IP static ARP  
entries supported.  
512  
512  
256  
10  
Static IP ARP Proxy  
entries  
Maximum number of permanent IP ARP proxy  
entries.  
Static MAC FDB  
entries  
Maximum number of permanent MAC entries  
configured into the FDB.  
UDP profiles  
Number of profiles that can be created for UDP  
forwarding.  
UDP profile entries  
Number of entries within a single UDP profile.  
16  
ESRP Route-track  
entries  
Maximum number of routes that can be tracked  
by ESRP.  
256  
435  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table A.3: Supported Limits  
ESRP number of  
instances  
Maximum number of ESRP-supported VLANs  
for a single switch.  
64  
4
ESRP number of  
ESRP groups  
Maximum number of ESRP groups within a  
broadcast domain.  
ESRP number of  
VLANs in a single  
ESRP domain  
Maximum number of VLANs that can be joined  
to a single ESRP instance through an ESRP  
domain.  
256  
default;  
300 max  
FDB Maximum  
number of L2/L3  
entries  
Maximum number of MAC addresses.  
128,000  
Mirroring Mirrored  
ports  
Maximum number of ports that can be mirrored  
to the mirror port.  
8
Mirroring number of  
VLANs  
Maximum number of VLANs that can be  
mirrored to the mirror port.  
8
RIP-learned routes  
Maximum number of RIP routes supported  
without aggregation.  
8000  
384  
8
RIP interfaces on a  
single router  
Recommended maximum number of RIP-routed  
interfaces on a switch.  
OSPF areas  
OSPF routes  
As an ABR, how many OSPF areas are supported  
within the same switch.  
Recommended maximum number of routes  
contained in an OSPF LSDB.  
30,000  
40  
OSPF routers in a  
single area  
Recommended maximum number of routers in a  
single OSPF area.  
OSPF interfaces on a  
single router  
Recommended maximum number of OSPF-  
routed interfaces on a switch.  
384  
436  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Appendix A  
Technical Specifications and Supported Limits  
Table A.3: Supported Limits  
OSPF virtual links  
Maximum number of OSPF virtual links  
supported.  
32  
BGP routes  
Maximum number of routes contained in the  
BGP route table.  
500,000  
64  
BGP peers  
Maximum number of BGP peers on a single  
router.  
Policy-Based Routing  
Maximum number of policy-based routes that  
can be stored on a switch.  
64  
WCR - Max number of  
redirection rules  
Maximum number of rules that can point to the  
same or separate groups of Web cache servers.  
64  
(8 servers)  
SLB - Max number of  
simultaneous sessions  
For Transparent and Translational and GoGo  
modes respectively.  
500,000/  
500,000/  
unlimited  
SLB - Max number of  
VIPs  
For Transparent and Translational and GoGo  
modes respectively.  
1000/1000/  
unlimited  
SLB - Max number of  
Pools  
For Transparent and Translational (does not  
apply to GoGo mode).  
256/256  
256/256  
8
SLB - Max number of  
Nodes per Pool  
For Transparent and Translational (does not  
apply to GoGo mode).  
SLB - Max number of  
physical servers per  
group  
Applies to GoGo mode only; a group shares any  
number of common VIPs.  
§
IPX static routes and  
Maximum number of static IPX RIP route and  
IPX SAP entries.  
64 for each  
services (RIP and SAP)  
IPX dynamic routes  
and services  
Maximum recommended number of dynamically  
learned IPX RIP routes and SAP entries.  
2000 for  
each  
437  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Table A.3: Supported Limits  
IPX Router interfaces  
IPX Access control lists  
Maximum number of IPX router interfaces.  
256  
Maximum number of access lists in which all  
rules utilize all available options.  
worst case:  
255  
438  
Download from Www.Somanuals.com. All Manuals Search And Download.  
B
Troubleshooting  
If you encounter problems when using the Intel® NetStructure480T  
routing switch, this appendix may be helpful. If you have a problem not  
listed here or in the Late Breaking News,contact your local technical  
support representative (see "Intel Customer Support" on page 491).  
LEDs  
Why doesnt the power LED light?  
Check that the power cable is firmly connected to the device and to the  
supply outlet.  
Why does the MGMT LED light orange when powering on?  
The device has failed its Power-On Self Test (POST). Contact your  
supplier for advice.  
A link is connected, but the Status LED does not light. Why?  
Check that all connections are secure.  
Make sure cables are free from damage.  
Make sure the devices at both ends of the link are powered-up.  
Ensure both ends of the 1000 Mbps link are set to the same  
autonegotiation state.  
Both sides of the 1000 Mbps link must be enabled or disabled. If the two  
are different, typically the side with autonegotiation disabled will have  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
the link LED lit, and the side with autonegotiation enabled will not  
have the LED lit.  
The default configuration for a 1000 Mbps port is autonegotiation  
enabled. Verify by using this command:  
show port config  
Why wont the switch power on?  
The 480T routing switch uses a digital power supply with surge  
protection. During a power surge, the protection circuits turn off the  
power supply.  
To reset, unplug the switch for 1 minute, plug it back in, and restart  
the switch.  
If this does not work, try using a different power source (different  
power strip or outlet) and power cord.  
Using the Command-Line Interface  
Why wont the initial Welcome prompt display?  
Check that your terminal or terminal emulator is correctly  
configured.  
For console port access, you may need to press Enter several times  
before the welcome prompt appears.  
Check the settings on your terminal or terminal emulator. The  
settings are 9600 baud, 8 data bits, 1 stop bit, no parity, XON/OFF  
flow control enabled.  
Why wont the SNMP Network Manager access the device?  
Check that the device IP address, subnet mask, and default gateway  
are correctly configured, and that the device has been reset.  
Check that the device IP address is correctly recorded by the SNMP  
Network Manager (refer to your user documentation for the  
Network Manager).  
Check that the community strings configured for the system and  
Network Manager are the same.  
Check that SNMP access was not disabled for the system.  
440  
Download from Www.Somanuals.com. All Manuals Search And Download.  
A p p e n d i x  
B
Troubleshooting  
Why wont the Telnet workstation access the device?  
Check that the device IP address, subnet mask and default gateway  
are configured correctly, and that the device has been reset.  
Ensure that you enter the IP address of the switch correctly when  
invoking the Telnet facility.  
Check that Telnet access was not disabled for the switch. If you  
attempt to log in and the maximum number of Telnet sessions are  
being used, you should receive an error message indicating so.  
Why is it that traps are not received by the SNMP Network  
Manager?  
Check that the SNMP Network Manager's IP address and  
community string are configured correctly  
Check that the IP address of the Trap Receiver is configured  
properly on the system.  
The SNMP Network Manager or Telnet workstation can no  
longer access the device. Why?  
Check that Telnet access or SNMP access is enabled.  
Check that the port through which you are trying to access the  
device has not been disabled. If it is enabled, check the connections  
and network cabling at the port.  
Check that the port through which you are trying to access the  
device is in a correctly configured VLAN.  
Try accessing the device through a different port. If you succeed, a  
problem with the original port is indicated. Examine the  
connections and cabling.  
A network problem may be blocking your access to the device over  
the network. Try accessing the device through the console port.  
Check that the community strings configured for the device and the  
Network Manager are the same.  
Check that SNMP access was not disabled for the system.  
Why do permanent entries remain in the Forwarding Database  
(FDB)?  
If you have made a permanent entry in the FDB (which requires  
you to specify the VLAN where it belongs and then delete the  
VLAN), the FDB entry will remain. Though harmless, you must  
manually delete the entry from the FDB if you want to remove it.  
441  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
How do I remove unused default and static routes?  
If you have defined static or default routes, those routes will  
remain in the configuration, independent of whether the VLAN and  
VLAN IP address that used them remains. You should manually  
delete the routes if no VLAN IP address is capable of using them.  
What if I forget my password and cannot log in?  
If you are not an administrator, another user having administrator  
access level can log in, delete your user name, and create a new  
user name for you, with a new password.  
Alternatively, another user having administrator access level can  
log in and reset the device to factory defaults. This will return all  
configuration information (including passwords) to the initial  
values.  
If no one knows a password for an administrator level user, contact  
Intel Customer Support. See Intel Customer Supporton  
page 461.  
Port Configuration  
What if no link light shows on a 100/1000 Base port?  
If patching from a hub or switch to another hub or switch, ensure  
that you are using a CAT5 (Category 5) cable. A crossover cable is  
recommended and is required for some configurations.  
What if Im receiving excessive RX CRC errors?  
When a device with autonegotiation disabled is connected to a  
480T routing switch that has autonegotiation enabled, the switch  
links at the correct speed, but in half-duplex mode.  
The switch 100/1000 Mbps physical interface uses a method  
called parallel detection to access the link. Because the other  
network device is not participating in autonegotiation (and does  
not advertise its capabilities), parallel detection on the switch is  
only able to sense 100 Mbps versus 1000 Mbps speed, and not  
the duplex mode. Therefore, the switch establishes the link in  
half-duplex mode using the correct speed.  
442  
Download from Www.Somanuals.com. All Manuals Search And Download.  
A p p e n d i x  
B
Troubleshooting  
To establish a full-duplex link either force it at both sides, or run  
autonegotiation on both sides (using full-duplex as an advertised  
capability, the default setting).  
Always verify that the  
switch and the network  
device match in  
A mismatch of duplex mode between the 480T routing switch and  
another network device will cause poor network performance. View  
statistics using:  
configuration for speed  
and duplex.  
show port rx  
If it displays a constant increment of CRC errors, it is a duplex  
mismatch between devices, rather than a problem with the 480T  
routing switch.  
What if no link light shows on a 1000 Mbps fiber port?  
Check to ensure that the transmit fiber goes to the receive fiber side  
of the other device, and vice-versa.  
The switch has autonegotiation set to on by default for 1000 Mbps  
ports. Set these ports to auto off (using the command configure  
port <port #> auto off) if you are connecting to devices that  
do not support autonegotiation.  
Ensure that you are using multi-mode fiber (MMF) when using a  
1000BASE-SX GBIC, and single mode fiber (SMF) when using a  
1000BASE-LX GBIC. 1000BASE-SX does not work with SMF.  
1000BASE-LX works with MMF, but requires you to use a mode  
conditioning patchcord (MCP).  
OSPF (Open Shortest Path First)  
When setting up OSPF areas, it indicates the area must be in an  
IP-type format. That differs from some non-Intel equipment.  
How do I convert an OSPF area into an IP-type format?  
The 480T routing switch must have the OSPF area ID input in IP  
dotted decimal notation. Some non-Intel equipment may show this as  
a whole number. To convert OSPF whole numbers to dotted decimal  
notation:  
Convert the non-IP type format using a decimal to binary  
converting method, for example, to convert 400 decimal into  
binary (110010000). The binary number needs to show 32 digits,  
representing the digits of the 4 octets in the IP-type format.  
110010000 binary = 00000000.00000000.0000001.10010000 as  
broken into octets.  
443  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Then convert each octet into a decimal value. (for example,  
00000000.00000000.0000001.10010000 = 0.0.1.144).  
Therefore, 400 = 0.0.1.144  
VLANs  
What if I cant add a port to a VLAN?  
If you attempt to add a port to a VLAN and get an error message  
similar to:  
localhost:7 # configure vlan marketing add port  
1,2  
ERROR: Protocol conflict on port 1  
you already have a VLAN using untagged traffic on a port. You  
can only configure one VLAN using untagged traffic on a single  
physical port.  
Verify VLAN configuration by using this command:  
show vlan <name>  
The solution for this error is to remove ports 1 and 2 from the  
VLAN currently using untagged traffic on those ports. If this were  
the default VLAN, you would use the command:  
localhost:23 # configure vlan default del port  
1,2  
This allows you to enter the previous command (without getting  
an error message) as:  
localhost:26 # configure vlan red add port 1,2  
444  
Download from Www.Somanuals.com. All Manuals Search And Download.  
A p p e n d i x  
B
Troubleshooting  
VLAN Names  
There are restrictions on VLAN names. They cannot contain white  
spaces and cannot start with a numeric value unless you use quotation  
marks around the name.  
If a name contains  
white spaces, starts  
with a number, or  
contains non-  
alphabetical characters,  
you must use quotation  
marks whenever  
referring to the VLAN  
name.  
What if 802.1Q links do not work correctly?  
VLAN names are only locally significant through the command-  
line interface. For two switches to communicate across an 802.1Q  
link, the VLAN ID for the VLAN on one switch should have a  
corresponding VLAN ID for the VLAN on the other switch.  
If you are connecting to a third-party device and have checked that  
the VLAN IDs are the same, the Ethertype field used to identify  
packets as 802.1Q packets may differ between the devices. The  
default value used by the switch is 8100. If the third-party device  
differs from this and cannot be changed, you can change the 802.1Q  
Ethertype used by the switch with this command:  
configure dot1p ethertype <ethertype>  
Changing this parameter changes how the system recognizes all  
tagged frames it receives, as well as the value it inserts in all  
tagged frames it transmits.  
VLANs, IP Addresses and Default Routes  
The system can have an IP address for each configured VLAN. It is  
necessary to have an IP address associated with a VLAN if you intend  
to manage (Telnet, SNMP, ping) through that VLAN or route IP  
traffic.  
You can also configure multiple default routes for the system. The  
system first tries the default route with the lowest cost metric.  
STP  
I have connected an endstation directly to the switch, but the  
endstation fails to boot correctly. Why?  
The switch has STP enabled, and the endstation is booting before  
the STP initialization process is complete.  
Verify that STP has been disabled for that VLAN, or turn off STP  
for the switch ports of the endstation (and devices to which it is  
attempting to connect). Then reboot the endstation.  
445  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Why does the switch keep aging out endstation entries in the  
switch Forwarding Database (FDB)?  
Reduce the number of topology changes by disabling STP on those  
systems that do not use redundant paths.  
Specify that the endstation entries are static or permanent.  
ESRP  
Why am I having trouble with interoperability between switches  
using different versions of firmware running ESRP?  
We recommend that all switches running ESRP use the same  
version of firmware.  
If mixing of firmware versions becomes necessary on the network,  
problems may arise using some of the newer ESRP features.  
Contact customer support for details.  
Troubleshooting Tools  
Debug Tracing  
The debug commands  
should only be used  
when advised by Intel  
technical personnel.  
The local management software includes a debug-tracing facility for  
the switch. The command can be applied to one or all VLANs:  
show debug-tracing {vlan <name>}  
TOP Command  
The topcommand activates a utility that indicates microprocessor  
utilization by process.  
446  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Regulatory  
Information  
C
Compliance statements  
Each of the following compliance statements applies only to products that bear the mark or text  
required by the appropriate certification agency.  
FCC Part 15 Compliance Statement  
This product has been tested and found to comply with the limits for a Class A digital device  
pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection  
against harmful interference when the equipment is operated in a commercial environment.  
This product generates, uses, and can radiate radio frequency energy and, if not installed and used  
in accordance with the instruction manual, may cause harmful interference to radio  
communications. Operation of this equipment in a residential area is likely to cause harmful  
interference; in which case, the user will be required to correct the interference at his own  
expense.  
NOTE: This device complies with Part 15 of the FCC Rules. Operation is subject to the following  
two conditions: (1) This device may not cause harmful interference, and (2) this device must  
accept any interference received, including interference that may cause undesired operation.  
CAUTION If you make any modification to the equipment not expressly approved by Intel,  
you could void your authority to operate the equipment.  
Canada Compliance Statement (Industry Canada)  
Cet appareil numérique respecte les limites bruits radioélectriques applicables aux appareils  
numériques de Classe A prescrites dans la norme sur le matériel brouilleur: "Appareils  
Numériques", NMB-003 édictée par le Ministre Canadien des Communications.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
This digital apparatus does not exceed the Class A limits for radio noise emissions from  
digital apparatus set out in the interference-causing equipment standard entitled: "Digital  
Apparatus," ICES-003 of the Canadian Department of Communications.  
CE Compliance Statement  
This certifies that the Intel® NetStructure480T routing switch complies with the EU  
Directive, 89/336/EEC, using the EMC standards EN55022 (Class A) and EN50082-1.  
This product also complies with the EU Directive, 73/23/EEC, using the safety standard  
EN60950. In addition, this product complies with the EU Standards EN61000-3-2 and  
EN61000-3-3.  
CISPR 22 Statement  
WARNING This is a Class A product. In a domestic environment this product may cause  
radio interference in which case the user may be required to take adequate measures.  
Taiwan Class A EMI Statement  
VCCI Statement  
Class A ITE  
This is a Class A product based on the standard of the Voluntary Control Council for  
Interference by Information Technology Equipment (VCCI). If this equipment is used in a  
domestic environment, radio disturbance may arise. When such trouble occurs, the user  
may be required to take corrective actions.  
448  
Download from Www.Somanuals.com. All Manuals Search And Download.  
A p p e n d i x  
C
Regulatory Information  
Warnings  
WARNING  
This is a Class A product. In a domestic environment this product may cause radio  
interference in which case the user may be required to take adequate measures.  
Internal access to the Intel NetStructure 480T routing switch is intended only for qualified  
service personnel. Do not remove any covers. There are no user serviceable parts inside.  
WARNING  
Choose a site that is:  
Clean and free of airborne particles (other than normal room dust).  
Well ventilated and away from sources of heat including direct sunlight.  
Away from sources of vibration or physical shock.  
Isolated from strong electromagnetic fields produced by electrical devices.  
In regions that are susceptible to electrical storms, we recommend you plug your  
system into a surge suppressor and disconnect telecommunication lines to your  
modem during an electrical storm.  
Provided with a properly grounded wall outlet.  
Do not attempt to modify or use the supplied AC power cord if it is not the exact type  
required.  
AVERTISSEMENT  
Lemplacement choisi doit être:  
Propre et dépourvu de poussière en suspension (sauf la poussière normale).  
Bien aéré et loin des sources de chaleur, y compris du soleil direct.  
A labri des chocs et des sources de ibrations.  
Isolé de forts champs magnétiques géenérés par des appareils électriques.  
Dans les régions sujettes aux orages magnétiques il est recomandé de brancher votre  
système à un supresseur de surtension, et de débrancher toutes les lignes de  
télécommunications de votre modem durant un orage.  
Muni dune prise murale correctement mise à la terre.  
Ne pas utiliser ni modifier le câble dalimentation C. A. fourni, sil ne correspond pas  
exactement au type requis.  
WARNUNG  
Der entwickelt. Der Standort sollte:  
sauber und staubfrei sein (Hausstaub ausgenommen);  
gut gelüftet und keinen Heizquellen ausgesetzt sein (einschließlich direkter  
Sonneneinstrahlung);  
keinen Erschütterungen ausgesetzt sein;  
keine starken, von elektrischen Geräten erzeugten elektromagnetischen Felder  
aufweisen;  
449  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
in Regionen, in denen elektrische Stürme auftreten, mit einem  
Überspannungsschutzgerät verbunden sein; während eines elektrischen Sturms sollte  
keine Verbindung der Telekommunikationsleitungen mit dem Modem bestehen;  
mit einer geerdeten Wechselstromsteckdose ausgerüstet sein.  
Versuchen Sie nicht, das mitgelieferte Netzkabel zu ändern oder zu verwenden, wenn es  
sich nicht um genau den erforderlichen Typ handelt.  
AVVERTENZA  
Scegliere una postazione che sia:  
Pulita e libera da particelle in sospensione (a parte la normale polvere presente  
nellambiente).  
Ben ventilata e lontana da fonti di calore, compresa la luce solare diretta.  
Al riparo da urti e lontana da fonti divibrazione.  
Isolata dai forti campi magnetici prodotti da dispositivi elettrici.  
In aree soggette a temporali, è consigliabile collegare il sistema ad un limitatore di  
corrente. In caso di temporali, scollegare le linee di comunicazione dal modem.  
Dotata di una presa a muro correttamente installata.  
Non modificare o utilizzare il cavo di alimentazione in c. a. fornito dal produttore, se non  
corrisponde esattamente al tipo richiesto.  
ADVERTENCIAS  
Escoja un lugar:  
Limpio y libre de partículas en suspensión (salvo el polvo normal)  
Bien ventilado y alejado de fuentes de calor, incluida la luz solar directa.  
Alejado de fuentes de vibración.  
Aislado de campos electromagnéticos fuertes producidos por dispositivos eléctricos.  
En regiones con frecuentes tormentas eléctricas, se recomienda conectar su sistema a  
un eliminador de sobrevoltage y desconectar el módem de las líneas de  
telecomunicación durante las tormentas.  
Previsto de una toma de tierra correctamente instalada.  
No intente modificar ni usar el cable de alimentación de corriente alterna, si no se  
corresponde exactamente con el tipo requerido.  
Limited Hardware Warranty  
Intel warrants to the original owner that the hardware product delivered in this package will  
be free from defects in material and workmanship for three (3) years following the latter of:  
(i) the date of purchase only if you register by returning the registration card as indicated  
thereon with proof of purchase; or (ii) the date of manufacture; or (iii) the registration date  
if by electronic means provided such registration occurs within thirty (30) days from  
purchase. This warranty does not cover the product if it is damaged in the process of being  
installed. Intel recommends that you have the company from whom you purchased this  
product install the product.  
INTEL RESERVES THE RIGHT TO FILL YOUR ORDER WITH A PRODUCT  
CONTAINING NEW OR REMANUFACTURED COMPONENTS. THE ABOVE  
450  
Download from Www.Somanuals.com. All Manuals Search And Download.  
A p p e n d i x  
C
Regulatory Information  
WARRANTY IS IN LIEU OF ANY OTHER WARRANTY, WHETHER EXPRESS,  
IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY  
WARRANTY OF NONINFRINGEMENT OF INTELLECTUAL PROPERTY,  
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR ANY  
WARRANTY ARISING OUT OF ANY PROPOSAL, SPECIFICATION, SAMPLE OR  
OTHERWISE.  
This warranty does not cover replacement of products damaged by abuse, accident, misuse,  
neglect, alteration, repair, disaster, improper installation or improper testing. If the product  
is found to be otherwise defective, Intel, at its option, will replace or repair the product at  
no charge except as set forth below, provided that you deliver the product along with a  
return material authorization (RMA) number either to the company from whom you  
purchased it or to Intel (North America only). If you ship the product, you must assume the  
risk of damage or loss in transit. You must use the original container (or the equivalent) and  
pay the shipping charge. Intel may replace or repair the product with either new or  
remanufactured product or parts, and the returned product becomes Intels property. Intel  
warrants the repaired or replaced product to be free from defects in material and  
workmanship for a period of the greater of: (i) ninety (90) days from the return shipping  
date; or (ii) the period of time remaining on the original three (3) year warranty.  
This warranty gives you specific legal rights and you may have other rights which vary  
from state to state. All parts or components contained in this product are covered by Intels  
limited warranty for this product; the product may contain fully tested, recycled parts,  
warranted as if new. For warranty information call one of the numbers below.  
Returning a Defective Product (RMA)  
Before returning any product, contact an Intel Customer Support Group and obtain an RMA  
number by calling:  
North America only: (916) 377-7000  
Other locations: Return the product to the place of purchase.  
If the Customer Support Group verifies that the product is defective, they will have the  
Return Material Authorization Department issue you an RMA number to place on the outer  
package of the product. Intel cannot accept any product without an RMA number on the  
package.  
LIMITATION OF LIABILITY AND REMEDIES  
INTEL SHALL HAVE NO LIABILITY FOR ANY INDIRECT OR SPECULATIVE  
DAMAGES (INCLUDING, WITHOUT LIMITING THE FOREGOING,  
CONSEQUENTIAL, INCIDENTAL AND SPECIAL DAMAGES) ARISING FROM  
THE USE OF OR INABILITY TO USE THIS PRODUCT, WHETHER ARISING OUT  
OF CONTRACT, NEGLIGENCE, TORT, OR UNDER ANY WARRANTY,  
IRRESPECTIVE OF WHETHER INTEL HAS ADVANCE NOTICE OF THE  
POSSIBILITY OF ANY SUCH DAMAGES, INCLUDING, BUT NOT LIMITED TO  
LOSS OF USE, INFRINGEMENT OF INTELLECTUAL PROPERTY, BUSINESS  
INTERRUPTIONS, AND LOSS OF PROFITS, NOTWITHSTANDING THE  
FOREGOING, INTELS TOTAL LIABILITY FOR ALL CLAIMS UNDER THIS  
AGREEMENT SHALL NOT EXCEED THE PRICE PAID FOR THE PRODUCT.  
THESE LIMITATIONS ON POTENTIAL LIABILITIES WERE AN ESSENTIAL  
ELEMENT IN SETTING THE PRODUCT PRICE. INTEL NEITHER ASSUMES NOR  
AUTHORIZES ANYONE TO ASSUME FOR IT ANY OTHER LIABILITIES.  
Some states do not allow the exclusion or limitation of incidental or consequential  
damages, so the above limitations or exclusions may not apply to you.  
Critical Control Applications: Intel specifically disclaims liability for use of the  
hardware product in critical control applications (including, for example only, safety or  
health care control systems, nuclear energy control systems, or air or ground traffic control  
451  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
systems) by Licensee or Sublicensees, and such use is entirely at the users risk. Licensee  
agrees to defend, indemnify, and hold Intel harmless from and against any and all claims  
arising out of use of the hardware product in such applications by Licensee or  
Sublicensees.  
Software: Software provided with the hardware product is not covered under the hardware  
warranty described above. See the applicable software license agreement which shipped  
with the hardware product for details on any software warranty.  
Limited Hardware Warranty (Europe  
only)  
Intel warrants to the original owner that the hardware product delivered in this package will  
be free from defects in material and workmanship for three (3) years following the latter of:  
(i) the date of purchase only if you register by returning the registration card as indicated  
thereon with proof of purchase; or (ii) the date of manufacture; or (iii) the registration date  
if by electronic means provided such registration occurs within thirty (30) days from  
purchase. This warranty does not cover the product if it is damaged in the process of being  
installed. Intel recommends that you have the company from whom you purchased this  
product install the product.  
INTEL RESERVES THE RIGHT TO FILL YOUR ORDER WITH A PRODUCT  
CONTAINING NEW OR REMANUFACTURED COMPONENTS. THE ABOVE  
WARRANTY IS IN LIEU OF ANY OTHER WARRANTY, WHETHER EXPRESS,  
IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY  
WARRANTY OF NONINFRINGEMENT OF INTELLECTUAL PROPERTY,  
SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, OR ANY  
WARRANTY ARISING OUT OF ANY PROPOSAL, SPECIFICATION, SAMPLE OR  
OTHERWISE.  
This warranty does not cover replacement of products damaged by abuse, accident, misuse,  
neglect, alteration, repair, disaster, improper installation or improper testing. If the product  
is found to be otherwise defective, Intel, at its option, will replace or repair the product at  
no charge except as set forth below, provided that you deliver the product along with a  
return material authorization (RMA) number either to (a) the company from whom you  
purchased it or (b) to Intel, North America only (if purchased in Europe you must deliver  
the product to (a). If you ship the product, you must assume the risk of damage or loss  
in transit. You must use the original container (or the equivalent) and pay the shipping  
charge. Intel may replace or repair the product with either new or remanufactured product  
or parts, and the returned product becomes Intels property. Intel warrants the repaired or  
replaced product to be free from defects in material and workmanship for a period of the  
greater of: (i) ninety (90) days from the return shipping date; or (ii) the period of time  
remaining on the original three (3) year warranty.  
This warranty gives you specific legal rights and you may have other rights which vary  
from state to state. All parts or components contained in this product are covered by Intels  
limited warranty for this product; the product may contain fully tested, recycled parts,  
warranted as if new. For warranty information call one of the numbers below.  
Returning a Defective Product (RMA)  
Before returning any product, contact an Intel Customer Support Group and obtain an RMA  
number by calling the non-toll free numbers below:  
Country  
Number  
Language  
France  
+33 (0) 1 41 91 85 29  
French  
452  
Download from Www.Somanuals.com. All Manuals Search And Download.  
A p p e n d i x  
C
Regulatory Information  
Country  
Germany  
Italy  
Number  
Language  
German  
Italian  
+49 (0) 69 9509 6099  
+39 (0) 2 696 33276  
+44 (0) 870 607 2439  
United  
English  
Kingdom  
If the Customer Support Group verifies that the product is defective, they will have the  
Return Material Authorization Department issue you an RMA number to place on the outer  
package of the product. Intel cannot accept any product without an RMA number on the  
package.  
LIMITATION OF LIABILITY AND REMEDIES  
INTEL SHALL HAVE NO LIABILITY FOR ANY INDIRECT OR SPECULATIVE  
DAMAGES (INCLUDING, WITHOUT LIMITING THE FOREGOING,  
CONSEQUENTIAL, INCIDENTAL AND SPECIAL DAMAGES) ARISING FROM  
THE USE OF OR INABILITY TO USE THIS PRODUCT, WHETHER ARISING OUT  
OF CONTRACT, NEGLIGENCE, TORT, OR UNDER ANY WARRANTY,  
IRRESPECTIVE OF WHETHER INTEL HAS ADVANCE NOTICE OF THE  
POSSIBILITY OF ANY SUCH DAMAGES, INCLUDING, BUT NOT LIMITED TO  
LOSS OF USE, INFRINGEMENT OF INTELLECTUAL PROPERTY, BUSINESS  
INTERRUPTIONS, AND LOSS OF PROFITS, NOTWITHSTANDING THE  
FOREGOING, INTELS TOTAL LIABILITY FOR ALL CLAIMS UNDER THIS  
AGREEMENT SHALL NOT EXCEED THE PRICE PAID FOR THE PRODUCT.  
THESE LIMITATIONS ON POTENTIAL LIABILITIES WERE AN ESSENTIAL  
ELEMENT IN SETTING THE PRODUCT PRICE. INTEL NEITHER ASSUMES NOR  
AUTHORIZES ANYONE TO ASSUME FOR IT ANY OTHER LIABILITIES.  
Critical Control Applications: Intel specifically disclaims liability for use of the  
hardware product in critical control applications (including, for example only, safety or  
health care control systems, nuclear energy control systems, or air or ground traffic control  
systems) by Licensee or Sublicensees, and such use is entirely at the users risk. Licensee  
agrees to defend, indemnify, and hold Intel harmless from and against any and all claims  
arising out of use of the hardware product in such applications by Licensee or  
Sublicensees.  
Software: Software provided with the hardware product is not covered under the hardware  
warranty described above. See the applicable software license agreement which shipped  
with the hardware product for details on any software warranty.  
This limited hardware warranty shall be governed by and construed in accordance with the  
laws of England and Wales. The courts of England shall have exclusive jurisdiction  
regarding any claim brought under this warranty.  
Limitation de garantie du matériel  
(Europe)  
Intel garantit au propriétaire original que le produit matériel livré dans le présent coffret est  
exempt de défaut matériel ou de fabrication pour une période de trois (3) ans à compter de  
la plus récente des dates suivantes : (i) la date dachat uniquement si vous vous êtes inscrit  
en renvoyant la carte dinscription de la façon indiquée, avec une preuve dachat ; (ii) la  
date de fabrication ou (iii) la date dinscription électronique à condition quelle ait lieu dans  
les 30 jours suivant lachat. La présente garantie sera nulle si le produit matériel est  
endommagé lors de son installation. Intel recommande de faire installer le produit matériel  
par la société auprès de laquelle il a été acheté.  
453  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
INTEL SE RESERVE LE DROIT DE VOUS LIVRER UN PRODUIT CONTENANT  
DES COMPOSANTS NOUVEAUX OU REPARES. CETTE GARANTIE REMPLACE  
TOUTES LES AUTRES GARANTIES, EXPRESSES, TACITES OU LEGALES, Y  
COMPRIS, MAIS SANS QUE CETTE ENUMERATION SOIT LIMITATIVE, LES  
GARANTIES CONCERNANT LE NON RESPECT DE LA PROPRIETE  
INTELLECTUELLE, LA QUALITE SATISFAISANTE, LADEQUATION POUR UN  
USAGE PARTICULIER, OU TOUTE AUTRE GARANTIE ISSUE DE TOUT AUTRE  
PROPOSITION, SPECIFICATION, ECHANTILLON OU AUTRE.  
La présente garantie ne couvre pas le remplacement de produits matériels endommagés par  
abus, accident, mauvaise utilisation, négligence, altération, réparation, catastrophe,  
installation ou tests incorrects. Si le produit matériel savère défectueux pour une autre  
raison, Intel décidera de le remplacer ou de le réparer gratuitement, à lexception des cas  
énumérés ci-après, à condition que le produit soit renvoyé avec un numéro dautorisation  
de retour du matériel (ARM) à (a) la société auprès de laquelle il a été acheté ou (b) à Intel,  
en Amérique du Nord seulement (si lachat a eu lieu en Europe vous devez le renvoyer à  
(a). Si vous expediéz le produit matériel, vous devez assumer le risque de dégâts ou de  
perte pendant le transport. Vous devez utiliser le coffret original (ou l’équivalent) et payer  
les frais de transport. Intel peut réparer le produit matériel ou le remplacer par un produit  
neuf ou remis à neuf, le produit renvoyé devenant la propriété dIntel. Intel garantit que le  
produit matériel réparé ou de remplacement est exempt de défaut matériel ou de fabrication  
pendant la plus longue des périodes suivantes: (i) quatre-vingt-dix (90) jours à compter de  
la date de retour; ou (ii) la période encore couverte par la garantie originale de trois (3) ans.  
La présente garantie vous accorde des droits juridiques spécifiques et vous pouvez  
également disposer dautres droits variant dun Etat à lautre. Tous les composants ou  
pièces du produit matériel sont couverts par la garantie limitée dIntel relative à ce dernier  
; il peut contenir des pièces recyclées, entièrement testées et garanties comme neuves. Pour  
plus dinformations sur la garantie, appelez lun des numéros énumérés ci-après.  
Retour dun produit défectueux (ARM)  
Avant de retourner un produit matériel, contactez le service dassistance à la clientèle Intel  
pour obtenir un numéro ARM.  
Pays  
Numéro  
Langue  
Français  
Allemand  
Italien  
France  
Allemagne  
Italie  
+33 (0) 1 41 91 85 29  
+49 (0) 69 9509 6099  
+39 (0) 2 696 33276  
+44 (0) 870 607 2439  
R.U.  
Anglais  
Si le service dassistance confirme que le produit est défectueux, il demandera au  
Département dautorisation de retour de matériel de vous attribuer un numéro ARM à  
indiquer sur lemballage externe. Intel ne peut accepter aucun produit sans numéro ARM.  
LIMITATION DE RESPONSABILITE ET DE RECOURS  
INTEL DECLINE TOUTE RESPONSABILITE RELATIVE A DES DOMMAGES  
INDIRECTS OU SPECULATIFS (Y COMPRIS, SANS LIMITATION DES ELEMENTS  
CI-DESSUS, LES DOMMAGES CONSECUTIFS, ACCIDENTELS ET SPECIAUX)  
DECOULANT DE LUTILISATION OU DE LINCAPACITE DUTILISER CE  
PRODUIT, DUS A UN CONTRAT, UNE NEGLIGENCE, UN TORT OU COUVERTS  
PAR TOUTE GARANTIE, MEME SI LA POSSIBILITE DUN TEL DOMMAGE A  
DEJA ETE PORTEE A LA CONNAISSANCE DINTEL, Y COMPRIS, MAIS SANS  
QUE CETTE ENUMERATION SOIT LIMITATIVE, UNE PRIVATION DE  
JOUISSANCE, UN NON RESPECT DE LA PROPRIETE INTELLECTUELLE, UNE  
INTERRUPTION DES ACTIVITES ET UN MANQUE A GAGNER . NONOBSTANT  
LA DECLARATION QUI PRECEDE, LA RESPONSABILITE GLOBALE DE INTEL  
454  
Download from Www.Somanuals.com. All Manuals Search And Download.  
A p p e n d i x  
C
Regulatory Information  
CONCERNANT TOUS LES LITIGES RELATIFS AU PRESENT ACCORD NE SERA  
PAS SUPERIEURE AU PRIX PAYE POUR LE PRODUIT. CES LIMITATIONS DE  
RESPONSABILITE POTENTIELLE ONT CONSTITUE UN FACTEUR  
DETERMINANT LORS DE LA FIXATION DU PRIX DU PRODUIT. INTEL  
NASSUME AUCUNE AUTRE RESPONSABILITE ET NAUTORISE QUICONQUE  
A LE FAIRE EN SON NOM.  
La garantie limitée du matériel est régie et interprétée par les lois en vigueur en Angleterre  
et au Pays de Galles. Les tribunaux anglais jouissent dune juridiction exclusive en matière  
de litige concernant cette garantie.  
Garanzia limitata sullhardware  
(valida solo in Europa)  
La garantie limitée du matériel est régie et interprétée par les lois en vigueur en Angleterre  
et au Pays de Galles. Les tribunaux anglais jouissent dune juridiction exclusive en matière  
de litige concernant cette garantie.  
Intel garantisce al proprietario originale che il prodotto hardware incluso in questo  
pacchetto è privo di difetti in materiale e in lavorazione per un periodo di tre (3) anni a  
partire dallultima data tra: (i) la data di acquisto, solo nel caso in cui lutente effettua la  
registrazione tramite la scheda di registrazione, come indicato, accompagnata dalla prova  
di acquisto; oppure (ii) la data di fabbricazione; oppure (iii) la data di registrazione, se  
effettuata per via elettronica, a condizione che tale registrazione avvenga entro trenta (30)  
giorni dallacquisto. Questa garanzia non copre il prodotto nel caso questo fosse  
danneggiato durante linstallazione. Intel raccomanda di fare installare il prodotto  
dallazienda da cui il prodotto è stato acquistato.  
INTEL SI RISERVA IL DIRITTO DI ONORARE LORDINAZIONE CON UN  
PRODOTTO CONTENENTE PARTI NUOVE O RIFABBRICATO. LA GARANZIA  
QUI SOPRA SOSTITUISCE QUALSIASI ALTRA GARANZIA, SIA QUELLA  
ESPLICITA, IMPLICITA O STATUTORIA, INCLUSO, MA NON LIMITATO A,  
QUALSIASI GARANZIA DI NON VIOLAZIONE DI PROPRIETÀ INTELLETTUALE,  
QUALITÀ SODDISFACENTE, IDONEITÀ A QUALSIASI SCOPO PARTICOLARE O  
QUALSIASI GARANZIA DERIVANTE DA PROPOSTA, SPECIFICAZIONI,  
CAMPIONI O ALTRO.  
Questa garanzia non include la sostituzione di prodotti danneggiati a causa di abuso,  
incidente, uso inappropriato, negligenza, alterazione, riparazione, disastro, installazione o  
controllo inadeguati. Se il prodotto viene considerato difettoso per altri motivi, Intel, a sua  
discrezione, sostituirà o riparerà il prodotto, a proprie spese, eccetto nei casi qui sotto  
menzionati, a condizione che il prodotto venga consegnato congiuntamente al numero di  
autorizzazione per la restituzione del materiale (RMA, Return Material Authorization) (a)  
allazienda da cui si è acquistato il prodotto, oppure (b) a Intel, solo quando in Nord  
America (se il prodotto è stato acquistato in Europa, sarà necessario consegnare il prodotto  
seguendo le modalità indicate in (a)). Se il prodotto viene inviato, il mittente si assume  
la responsabilità in caso di danni o di perdita durante il tragitto. È necessario utilizzare  
limballaggio originale del prodotto (o un suo equivalente) e pagare le spese di spedizione.  
Intel sostituirà o riparerà il prodotto (o la parte) con uno nuovo o uno rifabbricato, e il  
prodotto restituito diventerà proprietà di Intel. Intel garantisce che il prodotto riparato o  
sostituito sarà privo di difetti in materiale e in lavorazione per un periodo comunque non  
superiore: (i) a novanta (90) giorni dalla data di spedizione allutente; oppure (ii) al periodo  
rimanente nella garanzia originale di tre (3) anni.  
Questa garanzia dà allutente diritti legali specifici; potrebbero esistere altri diritti, variabili  
da stato a stato. Tutte le parti e i componenti contenuti in questo prodotto sono coperti dalla  
garanzia limitata di Intel relativa a questo prodotto; il prodotto potrebbe contenere parti  
455  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
riciclate, completamente collaudate e garantite come nuove. Per maggiori informazioni  
sulla garanzia, chiamare uno dei numeri indicati qui sotto.  
Restituzione di prodotti difettosi (RMA)  
Prima di restituire un prodotto, contattare lassistenza tecnica di Intel e richiedere un  
numero RMA; i numeri verdi sono qui sotto elencati:  
Paese  
Numero  
Lingua  
Francese  
Tedesco  
Italiano  
Inglese  
Francia  
+33 (0) 1 41 91 85 29  
+49 (0) 69 9509 6099  
+39 (0) 2 696 33276  
+44 (0) 870 607 2439  
Germania  
Italia  
Regno Unito  
Se il gruppo di supporto alla clientela determina che il prodotto è difettoso, richiederà  
lemissione di un numero di autorizzazione per la restituzione del materiale (RMA) da  
porre allesterno dellimballaggio del prodotto. Intel non accetterà prodotti sprovvisti di  
tale numero visibile sullimballaggio.  
LIMITAZIONI DI RESPONSABILITÀ E RIMEDI  
INTEL NON POTRÀ ESSERE CONSIDERATA RESPONSABILE DI ALCUN  
DANNO, DIRETTO O SPECULATIVO (INCLUSI, SENZA LIMITAZIONI COME  
INDICATO IN PRECEDENZA, I DANNI CONSEQUENZIALI, INCIDENTALI E  
SPECIALI) DERIVANTI DALLUSO O DALLA IMPOSSIBILITÀ DI UTILIZZARE  
QUESTO PRODOTTO, PER MOTIVI NON CONTEMPLATI NEL CONTRATTO, O  
DOVUTI A NEGLIGENZA, TORTO O SOTTO QUALSIASI GARANZIA,  
INDIPENDENTEMENTE DAL FATTO CHE INTEL SIA A CONOSCENZA O MENO  
DELLA POSSIBILITÀ DI TALI DANNI, INCLUSI, MA NON LIMITATI ALLA  
PERDITA DUSO, VIOLAZIONE DI PROPRIETÀ INTELLETTUALE,  
INTERRUZIONI DAFFARI E PERDITA DI PROFITTI, NONOSTANTE QUANTO  
DETTO IN PRECEDENZA, LA RESPONSABILITÀ TOTALE DI INTEL NEI  
CONFRONTI DEI RECLAMI, SECONDO QUESTO ACCORDO, NON ECCEDERÀ IL  
PREZZO PAGATO PER IL PRODOTTO. QUESTE LIMITAZIONI SULLE  
RESPONSABILITÀ POTENZIALI SONO STATE FATTORE DECISIVO NELLA  
DETERMINAZIONE DEL PREZZO DEL PRODOTTO. INTEL NON ASSUME, NÉ  
AUTORIZZA ALCUNO AD ASSUMERE PER SÉ, NESSUNALTRA  
RESPONSABILITÀ.  
Applicazioni di controllo di situazioni critiche: Intel disconosce specificatamente la  
responsabilità nel caso di uso dellhardware in applicazioni di controllo di situazioni  
critiche (inclusi, al solo scopo di esempio, sistemi di controllo della sicurezza o della salute,  
dellenergia nucleare, o sistemi di controllo aereo o terrestre) da parte dei licenziatari o dei  
sottolicenziatari, e tale uso fa parte completamente del rischio intrapreso dallutente. Il  
licenziatario è daccordo nel difendere, indennizzare e liberare Intel da ogni reclamo  
risultante dalluso del prodotto hardware in tale applicazioni da parte del licenziatario o del  
sottolicenziatario.  
Software: il software accluso al prodotto hardware non è coperto dalla garanzia  
dellhardware sopra descritta. Per maggiori dettagli sulla garanzia del software, vedere  
laccordo di licenza relativo al software, inviato assieme al prodotto hardware.  
Questa garanzia limitata dellhardware è governata da, ed è conforme a, le leggi di  
Inghilterra e Galles. Il tribunale di Inghilterra avrà la completa giurisdizione su qualsiasi  
reclamo presentato sotto questa garanzia.  
456  
Download from Www.Somanuals.com. All Manuals Search And Download.  
A p p e n d i x  
C
Regulatory Information  
Beschränkte Hardwaregarantie (Nur  
für Europa)  
Intel garantiert dem ursprünglichen Eigentümer, daß die in diesem Paket enthaltene  
Hardware keine Material- oder Herstellungsfehler aufweist. Diese Garantie gilt für drei (3)  
Jahre (a) nach dem Kaufdatum, wenn die ausgefüllte Registrierungskarte entsprechend den  
darauf enthaltenen Angaben zusammen mit einem Kaufnachweis eingesendet wurde; oder  
(b) nach dem Herstellungsdatum; oder (c) nach dem Registrierungsdatum, wenn die  
Registrierung innerhalb von 30 Tagen auf elektronischem Weg durchgeführt wird. Diese  
Garantie entfällt, wenn die Hardware bei der Installation beschädigt wird. Intel empfiehlt,  
die Installation durch den Verkäufer der Hardware durchführen zu lassen.  
INTEL BEHÄLT SICH DAS RECHT VOR, IHREN AUFTRAG MIT EINEM  
PRODUKT ZU ERFÜLLEN, DAS NEUE ODER ERNEUERTE KOMPONENTEN  
ENTHÄLT. OBIGE GARANTIE GILT ANSTELLE ALLER ANDEREN  
AUSDRÜCKLICHEN, STILLSCHWEIGENDEN ODER GESETZLICH  
FESTGELEGTEN GARANTIEN. AUSGESCHLOSSEN SIND DAMIT AUCH UNTER  
ANDEREM ALLE GARANTIEN FÜR DIE VERKEHRSFÄHIGKEIT, DIE  
VERLETZUNG DER RECHTE VON DRITTEN, DIE EIGNUNG FÜR EINEN  
BESTIMMTEN ZWECK ODER GARANTIEN, DIE IM ZUSAMMENHANG MIT  
EINEM ANGEBOT, EINER SPEZIFIKATION ODER EINEM MUSTER GEGEBEN  
WURDEN.  
Diese Garantie schließt den Hardware-Ersatz bei Beschädigung aufgrund von  
Mutwilligkeit, Unfall, falscher Verwendung, Fahrlässigkeit, Umänderung, Reparatur,  
Katastrophen, falscher Installation oder unvorschriftsmäßigem Testen aus. Wenn das  
Hardwareprodukt aus anderen Gründen beschädigt ist, liegt die Entscheidung bei Intel, ob  
die Hardware mit Ausnahme der im folgenden beschriebenen Einschränkungen kostenlos  
ersetzt oder repariert wird. Hierzu müssen Sie das Produkt zusammen mit einer  
Rückgabenummer (RMA-Nummer, siehe unten) entweder (a) an den Verkäufer des  
Produkts oder (b) an Intel zurücksenden (bei Kauf in Europa muß das Produkt an (a)”  
geliefert werden). Das Risiko des Verlusts oder der Beschädigung während des Transports  
liegt bei Ihnen als Käufer. Sie müssen zum Versenden die Originalverpackung (oder einen  
gleichwertigen Ersatz) verwenden und die Versandkosten übernehmen. Intel ersetzt die  
Hardware entweder durch ein neues oder ein neuwertiges Produkt. Das zurückgegebene  
Hardwareprodukt wird Eigentum von Intel. Intel garantiert, daß das reparierte oder ersetzte  
Hardwareprodukt für einen Zeitraum von: (i) neunzig (90) Tagen ab Rückgabedatum oder  
(ii) für die verbleibende Zeit der ursprünglichen Garantie von drei (3) Jahren frei von  
Material- und Herstellungsfehlern ist. Dabei gilt jeweils der längere Zeitraum.  
Mit dieser Garantie erhalten Sie bestimmte Rechte, die je nach Staat durch weitere Rechte  
ergänzt werden können. Alle Teile oder Komponenten dieses Hardwareprodukts werden  
durch die beschränkte Hardwaregarantie von Intel abgedeckt. Das Hardwareprodukt kann  
vollständig getestete, wiederverwendete Teile enthalten, die derselben Garantie wie neue  
Produkte unterliegen. Informationen zur Garantie erhalten Sie unter einer der Intel  
Kundendienstnummern, die am Ende dieses Handbuchs zu finden sind.  
Rückgabe eines beschädigten Produkts (RMA)  
Bevor Sie ein Hardwareprodukt zurücksenden, sollten Sie sich vom Intel Kundendienst  
eine sogenannte RMA-Nummer zuweisen lassen, indem Sie eine der folgenden  
gebührenpflichtigen Telefonnummern anrufen:  
Land  
Telefon  
Sprache  
Französisch  
Deutsch  
Frankreich  
Deutschland  
+33 (0) 1 41 91 85 29  
+49 (0) 69 9509 6099  
457  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Land  
Telefon  
Sprache  
Italienisch  
Englisch  
Italien  
+39 (0) 2 696 33276  
+44 (0) 870 607 2439  
Great Britain  
Nachdem die Beschädigung vom Kundendienst bestätigt worden ist, wird von der  
zuständigen Abteilung eine Rückgabenummer (RMA-Nummer) ausgegeben, die auf der  
äußeren Verpackung der Hardware angebracht werden muß. Intel akzeptiert kein Produkt  
ohne RMA-Nummer auf der Verpackung.  
Haftungsbeschränkung und Rechtsmittel  
INTEL HAFTET NICHT FÜR INDIREKTE ODER SPEKULATIVE SCHÄDEN  
(EINSCHLIESSLICH ALLER FOLGESCHÄDEN SOWIE ALLER ZUFÄLLIGEN UND  
BESONDEREN SCHÄDEN), DIE DURCH DIE VERWENDUNG ODER  
NICHTVERWENDBARKEIT DIESES PRODUKTS ENTSTEHEN, SEI DIES IM  
ZUSAMMENHANG MIT EINER VERTRAGLICHEN VERPFLICHTUNG,  
AUFGRUND VON FAHRLÄSSIGKEIT, DURCH UNERLAUBTE HANDLUNGEN  
ODER IM RAHMEN EINER GARANTIE. DIES GILT AUCH FÜR FÄLLE, IN DENEN  
INTEL ÜBER DIE MÖGLICHKEIT SOLCHER SCHÄDEN, DIE SICH UNTER  
ANDEREM DURCH NUTZUNGSAUSFÄLLE, BETRIEBSUNTERBRECHUNGEN  
UND GEWINNVERLUSTE ERGEBEN KÖNNEN, IN KENNTNIS GESETZT  
WURDE.  
UNGEACHTET DER GEWÄHRTEN GARANTIE ÜBERSTEIGT DIE HAFTUNG  
VON INTEL IM RAHMEN DIESER VEREINBARUNG IN KEINEM FALL DEN  
KAUFPREIS DES HARDWAREPRODUKTS. DIESE HAFTUNGSBESCHRÄNKUNG  
IST EIN WESENTLICHER FAKTOR BEI DER FESTLEGUNG DES PREISES FÜR  
DAS HARDWAREPRODUKT. INTEL ÜBERNIMMT KEINE WEITERE HAFTUNG  
UND ERTEILT DRITTEN KEINERLEI BEFUGNIS, FÜR INTEL EINE WEITERE  
HAFTUNG ZU ÜBERNEHMEN.  
Steuer- und Überwachungsanwendung von hoher Wichtigkeit: Intel schließt  
insbesondere die Haftung bei der Verwendung des Hardwareprodukts mit  
Steueranwendungen von hoher Wichtigkeit (z.B. Sicherheits- und  
Krankenversicherungssysteme, Steuersysteme für Nuklearanlagen sowie  
Verkehrsüberwachungssysteme für Boden- und Luftverkehr) durch den Lizenznehmer  
oder Unterlizenznehmer ab, und eine derartige Verwendung liegt ausschließlich in der  
Verantwortung des Benutzers. Der Lizenznehmer erklärt sich bereit, Intel zu verteidigen  
und schadlos zu halten bezüglich aller Klagen, die aus der Verwendung eines  
Hardwareprodukts für solche Zwecke vom Lizenznehmer oder Unterlizenznehmern  
erhoben werden.  
Software: Die mit diesem Hardwareprodukt gelieferte Software wird von der oben  
beschriebenen Hardwaregarantie nicht abgedeckt. Bitte lesen Sie die entsprechende  
Softwarelizenzvereinbarung, die mit dem Hardwareprodukt geliefert wurde, um genaue  
Informationen zur Softwaregarantie zu erhalten.  
Diese eingeschränkte Hardwaregarantie unterliegt den Gesetzen von England und Wales.  
Die englischen Gerichte sind Gerichtsstand für alle Klagen, die im Rahmen der Garantie  
erhoben werden.  
Garantía limitada de hardware (sólo  
para Europa)  
Intel garantiza al propietario original que el producto de hardware entregado en este  
paquete no tendrá defectos de materiales ni fabricación durante tres (3) años contados a  
458  
Download from Www.Somanuals.com. All Manuals Search And Download.  
A p p e n d i x  
C
Regulatory Information  
partir de la fecha que resulte más reciente de entre las opciones siguientes: (i) la fecha de  
compra, sólo si devuelve la tarjeta de registro con prueba de compra de la forma indicada  
al respecto para registrarse; o bien (ii) la fecha de fabricación; o (iii) la fecha de registro, si  
éste se ha producido por medios electrónicos y dentro de los treinta (30) días siguientes a  
la compra. Esta garantía no cubre los daños sufridos por el producto durante el proceso de  
instalación. Intel recomienda que sea la empresa a la que adquirió el producto la que se  
encargue de su instalación.  
INTEL SE RESERVA EL DERECHO DE CUMPLIMENTAR EL PEDIDO CON UN  
PRODUCTO QUE CONTENGA COMPONENTES NUEVOS O REFRABRICADOS.  
LA GARANTÍA ANTERIOR PREVALECE SOBRE CUALQUIER OTRA GARANTÍA,  
YA SEA EXPLÍCITA, IMPLÍCITA O REGLAMENTARIA, INCLUIDAS, SIN  
LIMITACIÓN, CUALESQUIERA GARANTÍAS DE NO INFRINGIMIENTO DE LA  
PROPIEDAD INTELECTUAL, CALIDAD SATISFACTORIA, ADECUACIÓN PARA  
UNA FINALIDAD DETERMINADA O CUALQUIER GARANTÍA SURGIDA DE  
CUALQUIER PROPUESTA, ESPECIFICACIÓN, MUESTRA O DE OTRA CLASE.  
Esta garantía no cubre la sustitución de productos dañados por abuso, accidente, mal uso,  
negligencia, alteración, reparación, desastre, instalación incorrecta o pruebas incorrectas.  
Si el producto tuviera cualquier otro defecto, Intel se reserva la opción de reemplazar o  
reparar el producto sin cargo alguno, excepto los descritos a continuación, siempre que el  
producto se entregue con un número de autorización de devolución de material (RMA), a  
(a) la empresa a la que se adquirió o (b) a Intel, sólo en América del Norte (si lo adquirió  
en Europa, debe entregar el producto a (a). Si envía el producto, debe asumir el riesgo de  
daños o pérdida en el transporte. Debe utilizar el embalaje original (o equivalente) y costear  
los gastos de envío. Intel puede reemplazar o reparar el producto con piezas o productos  
nuevos o refabricados, y el producto devuelto pasa a ser propiedad de Intel. Intel garantiza  
que el producto reparado o reemplazado no tendrá defectos materiales ni de fabricación  
durante el periodo que resulte mayor de los siguientes: (i) noventa (90) días desde la fecha  
de envío; o (ii) el periodo de tiempo restante de la garantía original de tres (3) años.  
Esta garantía le otorga derechos legales concretos y puede tener otros derechos que varían  
según la jurisdicción. Todas las piezas o componentes que contiene este producto están  
cubiertos por la garantía limitada de Intel sobre este producto; el producto puede contener  
piezas recicladas, completamente comprobadas, garantizadas como si de piezas nuevas se  
tratase. Si desea obtener más información sobre la garantía, puede llamar a uno de los  
números indicados a continuación.  
Devolución de productos defectuosos (RMA)  
Antes de devolver cualquier producto, póngase en contacto con el grupo de Asistencia al  
cliente de Intel y obtenga un número RMA en uno de los siguientes números no gratuitos:  
País  
Número  
Idioma  
Francés  
Alemán  
Italiano  
Inglés  
Francia  
Alemania  
Italia  
+33 (0) 1 41 91 85 29  
+49 (0) 69 9509 6099  
+39 (0) 2 696 33276  
+44 (0) 870 607 2439  
Reino Unido  
Si el grupo de Asistencia al cliente comprueba que el producto es defectuoso, se podrá en  
contacto con el Departamento de autorización de devolución de material para que éste le  
envíe un número RMA que debe colocar en el envoltorio externo del producto. Intel no  
puede aceptar productos sin el número RMA en el paquete.  
LIMITACIÓN DE RESPONSABILIDAD Y REPARACIONES  
INTEL NO SERÁ RESPONSABLE DE NINGÚN DAÑO INDIRECTO O  
ESPECULATIVO (INCLUIDOS, SIN LIMITAR A LOS ANTERIORES, LOS DAÑOS  
INDIRECTOS, INCIDENTALES Y ESPECIALES) PRODUCIDO POR EL USO O POR  
459  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
LA IMPOSIBILIDAD DEL USO DE ESTE PRODUCTO, YA PROVENGA DE  
CONTRATO, NEGLIGENCIA, AGRAVIO O BAJO CUALQUIER GARANTÍA, SIN  
IMPORTAR QUE INTEL HAYA RECIBIDO PREVIO AVISO DE LA POSIBILIDAD  
DE DICHOS DAÑOS, INCLUIDOS, AUNQUE NO LIMITADOS A, PÉRDIDAS DE  
USO, INFRINGIMIENTO DE LA PROPIEDAD INTELECTUAL, SUSPENSIÓN DEL  
EJERCICIO COMERCIAL Y PÉRDIDA DE BENEFICIOS, A PESAR DE LO  
ANTERIOR, TODA LA RESPONSABILIDAD DE INTEL SOBRE LAS  
RECLAMACIONES REALIZADAS BAJO ESTE ACUERDO NO EXCEDERÁ EL  
PRECIO PAGADO POR EL PRODUCTO. ESTAS LIMITACIONES SOBRE LAS  
RESPONSABILIDADES POTENCIALES HAN CONSTITUIDO UN ELEMENTO  
ESENCIAL A LA HORA DE DETERMINAR EL PRECIO DEL PRODUCTO. INTEL  
NO ASUME NI AUTORIZA QUE NINGUNA PERSONA ASUMA EN SU LUGAR  
NINGUNA OTRA RESPONSABILIDAD.  
Aplicaciones de control crítico: Intel deniega específicamente la responsabilidad por el  
uso del producto de hardware en aplicaciones de control crítico (incluidos, sólo a modo de  
ejemplo, los sistemas de seguridad o atención sanitaria, sistemas de control de energía  
nuclear o sistemas de control de tráfico aéreo o rodado) por Receptores o Subreceptores de  
la Licencia, y dicho uso queda enteramente a riesgo del usuario. El Receptor de la Licencia  
acuerda defender, indemnizar y mantener la inocencia de Intel por y contra toda  
reclamación surgida del uso del producto de hardware en tales aplicaciones por parte del  
Receptor o Subreceptor de la Licencia.  
Software: El software proporcionado con el producto de hardware no está cubierto por la  
garantía de hardware descrita anteriormente. Si desea obtener información detallada sobre  
las garantías de software, consulte el acuerdo de licencia correspondiente al software  
incluido con el producto de hardware.  
Esta garantía limitada de hardware se regirá e interpretará de acuerdo con las leyes de  
Inglaterra y Gales. Los tribunales de Inglaterra tendrán la exclusiva jurisdicción sobre todas  
las reclamaciones presentadas bajo esta garantía.  
460  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Intel Customer  
Support  
D
®
Intel offers a range of support services for your Intel NetStructure™  
480T routing switch. You can learn about the options available for your  
area by visiting the Intel support Web site at http://www.intel.com/  
network/services.  
Worldwide Access to Technical Support  
Intel has technical support centers worldwide. The technicians who staff  
the centers generally offer service in the languages of the region.  
Visit our Web site at http:/support.intel.com/.  
North America only  
For support, call (800) 838-7136 or (916) 377-7000.  
Japan only  
For support, call +81-298-47-0800.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Other areas  
For support in other countries, use the following table to dial the toll-  
free support number. Using the table, locate the country from which  
you are calling, dial the access number, await the dial tone, and then  
dial the listed 800 number.  
Country  
Dialing Information  
Australia  
1-800-881-011 await dial tone, then 800-838-7136  
022-903-011 await dial tone, then 800-838-7136  
0-800-100-10 await dial tone, then 800-838-7136  
10811 await dial tone, then 800-838-7136  
1 4  
Austria  
1
Belgium  
3
China  
Denmark  
8001-0010 await dial tone, then 800-838-7136  
9800-100-10 await dial tone, then 800-838-7136  
19-0011 await dial tone, then 800-838-7136  
0130-0010 await dial tone, then 800-838-7136  
800-1111 await dial tone, then 800-838-7136  
000-117 await dial tone, then 800-838-7136  
001-801-10 await dial tone, then 800-838-7136  
172-1011 await dial tone, then 800-838-7136  
0-911 await dial tone, then 800-838-7136  
1
Finland  
France (includes Andorra)  
Germany  
Hong Kong  
5
India  
2
Indonesia  
1
Italy (includes Vatican City)  
1
Korea  
4
Malaysia  
800-0011 await dial tone, then 800-838-7136  
06-022-9111 await dial tone, then 800-838-7136  
000-911 await dial tone, then 800-838-7136  
800-190-11 await dial tone, then 800-838-7136  
0080001001 await dial tone, then 800-838-7136  
105-11 await dial tone, then 800-838-7136  
0-0-800-111-1111 await dial tone, then 800-838-7136  
05017-1-288 await dial tone, then 800-838-7136  
0-800-99-0123 await dial tone, then 800-838-7136  
755-5042 await dial tone, then 800-838-7136  
800-0111-111 await dial tone, then 800-838-7136  
900-99-00-11 await dial tone, then 800-838-7136  
430-430 await dial tone, then 800-838-7136  
020-795-611 await dial tone, then 800-838-7136  
0-800-550011 await dial tone, then 800-838-7136  
0800-10288-0 await dial tone, then 800-838-7136  
0019-991-1111 await dial tone, then 800-838-7136  
0800-89-0011 await dial tone, then 800-838-7136  
1
Netherlands  
New Zealand  
Norway  
Pakistan  
Philippines  
1 3  
Poland  
3
Portugal  
RSA (South Africa)  
1 2 3  
Russia  
Singapore  
Spain  
Sri Lanka  
Sweden  
1
Switzerland  
1
Taiwan  
5
Thailand  
3
United Kingdom (BT)  
462  
Download from Www.Somanuals.com. All Manuals Search And Download.  
A p p e n d i x  
D
Intel Customer Support  
Country  
Dialing Information  
3
United Kingdom (Mercury)  
0500-89-0011 await dial tone, then 800-838-7136  
12010288 await dial tone, then 800-838-7136  
Vietnam  
Notes:  
1 Public phones require coin deposit  
2 Use phones allowing international access  
3 May not be available from every phone  
4 Public phones require local phone payment through the call duration  
5 Not available from public phones  
463  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
464  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Index  
Numerics  
10/100 Mbps management port ................................................10  
802.1p configuration commands (table) ...................................150  
802.1Q links, troubleshooting ................................................445  
802.1Q VLAN tag ...............................................................100  
8021Q .................................................................................99  
A
AC connector ........................................................................10  
access levels .........................................................................48  
access lists  
configuration commands (table) .......................................316  
deleting .......................................................................314  
description ...................................................................309  
examples ......................................................................320  
ICMP filter example .......................................................323  
ICMP traffic .................................................................314  
maximum entries ...........................................................314  
permit-established example .....................................320  
restrictions ...................................................................314  
verifying settings ...........................................................315  
access policies  
types ...........................................................................324  
access policies, description ....................................................309  
Download from Www.Somanuals.com. All Manuals Search And Download.  
I
N
D
E
X
access policy  
soft reset ......................................................................334  
access profiles  
configuration commands (table) ..........................................59  
create .............................................................................59  
example .........................................................................61  
reverse mask ...........................................................60, 325  
rules ..............................................................................61  
SNMP ...........................................................................63  
Telnet ............................................................................58  
use ................................................................................59  
Web Device Manager .......................................................62  
accounts, creating ..................................................................50  
Address Resolution Protocol ..................................................196  
address-based ........................................................................85  
admin account .....................................................................49  
aging entries, FDB ...............................................................120  
aging time ..........................................................................120  
aging timer .........................................................................198  
air flow, heat dissipation ........................................................432  
alarm actions .......................................................................417  
Alarms .................................................................................30  
Alarms, RMON ...................................................................416  
any option ..........................................................................376  
area 0 (OSPF) .....................................................................228  
area 0, OSPF .......................................................................228  
areas, OSPF ........................................................................227  
ARP ..................................................................................196  
ARP proxy .........................................................................196  
ARP requests ......................................................................196  
ARP response .....................................................................196  
ARP-incapable device ...........................................................196  
AS ....................................................................................326  
AS path ..............................................................................326  
AS, BGP ............................................................................255  
AS,BGP .............................................................................256  
as-path ...............................................................................326  
Australian Communication Authority ......................................432  
authentication ..................................................................66, 67  
autonegotiation ......................................................................80  
Autonomous System Expressions ............................................326  
autonomous system, description ..............................................255  
466  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
B
backbone area, OSPF ............................................................228  
bandwidth ..........................................................................138  
bandwidth management .........................................................163  
bandwidth settings ...............................................................161  
Basic Layer 3  
access list .........................................................................7  
ESRP ..............................................................................7  
QoS .................................................................................7  
RIP .................................................................................7  
static routes ......................................................................7  
VLANs ............................................................................7  
Baud rate ..............................................................................20  
BGP ..................................................................................256  
access policies ...............................................................333  
Aggregator ...................................................................256  
Atomic_aggregate ..........................................................256  
attributes ......................................................................256  
autonomous system ........................................................255  
autonomous system path ..................................................256  
cluster ..........................................................................257  
Cluster_ID ....................................................................256  
community ...................................................................256  
configuration commands (table) ........................................266  
description ....................................................................255  
features ........................................................................257  
IGP synchronization .......................................................262  
internet ........................................................................256  
Local_Preference ...........................................................256  
loopback interface ..........................................................263  
MED ...........................................................................256  
Next hop ......................................................................256  
NLRI ...........................................................................256  
no-advertise ..................................................................256  
no-export ......................................................................256  
origen ..........................................................................256  
redistributing to OSPF ....................................................263  
reset and disable commands (table) ...................................272  
route aggregation ...........................................................262  
route map support ..........................................................195  
route maps ....................................................................343  
route reflectors ..............................................................257  
routing access policies ....................................................333  
settings, displaying .........................................................271  
467  
Download from Www.Somanuals.com. All Manuals Search And Download.  
I
N
D
E
X
show commands (table) ...................................................271  
soft reset ......................................................................334  
bi-directional rate shaping .....................................................163  
blackhole ............................................................................146  
blackhole entries, FDB ..........................................................121  
boot option commands (table) ................................................427  
boot, troubleshooting ............................................................440  
BOOTP  
and UDP-Forwarding .....................................................208  
relay, configuring ...........................................................207  
using .............................................................................55  
BootROM  
menu, accessing .............................................................426  
prompt .........................................................................426  
Border Gateway Protocol. See BGP  
BPDU ................................................................................130  
browser  
controls ..........................................................................36  
fonts ..............................................................................34  
setting up .......................................................................34  
C
cable lengths .........................................................................14  
cable types and distances .........................................................14  
cache servers .......................................................................349  
CE (European Community) ....................................................432  
Center Wavelength .................................................................15  
certification marks ...............................................................431  
certifications marks ..............................................................432  
CIDR, RIP ..........................................................................226  
clear log static .....................................................................409  
CLI  
command history .............................................................44  
command shortcuts ..........................................................41  
line-editing keys ..............................................................43  
named components ...........................................................41  
numerical ranges ..............................................................41  
symbols .........................................................................42  
syntax helper ...................................................................40  
using  
CLI, troubleshooting .............................................................440  
client persistence .................................................................377  
cluster ID ...........................................................................256  
468  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
command  
history ...........................................................................44  
shortcuts ........................................................................41  
syntax, understanding .......................................................39  
command completion .............................................................40  
Command-Line Interface, troubleshooting ................................440  
Command-Line Interface. See CLI  
common commands (table) ......................................................44  
config flow-redirect ..............................................................376  
config iproute add default ........................................................57  
config ports ........................................................................166  
config qosprofile ..................................................................166  
config route-map .................................................................344  
config slb failover unit ..................................................383, 391  
config slb ftp1c add ..............................................................367  
config slb site1 add ..............................................................365  
config slb site3web add .........................................................366  
config slb vip ftpc service ......................................................367  
config slb vip myweb2 service-check http url /testpage.htmmatch-  
string .................................................................................366  
config vlan .................................................................165, 166  
config vlan ipaddress .............................................................57  
config vlan default ipaddress ....................................................57  
config vlan outside add ports ..................................................364  
config vlan outside ipaddress .................................................364  
config vlan outside slb-type client ...........................................367  
config vlan servers add ports ..................................................365  
config vlan servers ipaddress ..................................................365  
config vlan servers slb-type server ...........................................367  
config vlan sites ipaddress .....................................................365  
configuration  
download complete ........................................................424  
downloading .................................................................424  
downloading incremental ................................................425  
logging ........................................................................412  
primary and secondary ....................................................420  
saving changes ..............................................................419  
schedule download .........................................................425  
uploading to file ............................................................423  
configure qosprofile .............................................................161  
console port ..........................................................................20  
connecting to ..................................................................20  
location ..........................................................................10  
contact support ....................................................................462  
469  
Download from Www.Somanuals.com. All Manuals Search And Download.  
I
N
D
E
X
control flow ..........................................................................80  
controlling Telnet access .........................................................58  
conversion of OSPF area .......................................................443  
convert OSPF area ...............................................................443  
cooling, heat dissipation ........................................................432  
CRC ....................................................................................81  
CRC errors .........................................................................442  
create flow-redirect ..............................................................376  
create protocol .....................................................................104  
create slb pool .....................................................................367  
create slb pool site1web ........................................................365  
create slb pool site3web ........................................................366  
create slb vip ftpc pool ftp1c mode transparent ..........................367  
create slb vip myssl pool site1ssl mode transparent .....................365  
create slb vip myweb pool site1web mode transparent .................365  
create slb vip myweb2 pool site2web mode transparent ...............366  
create slb vip myweb3 pool site3web mode transparent ...............366  
create vlan outside ...............................................................364  
create vlan servers ................................................................365  
create vlan sites ...................................................................364  
crossover cable, troubleshooting .............................................442  
C-Tick (Australian Communication Authority) ..........................432  
Current Rating, voltage .........................................................432  
customer service ..................................................................461  
customer support .................................................................461  
cyclic redundancy check (CRC) ................................................81  
D
Data bits ...............................................................................20  
database applications ............................................................138  
database applications, QoS ....................................................138  
datagram fragmentation ...........................................................82  
debug ................................................................................446  
debug-tracing ......................................................................446  
decimal to binary conversion ..................................................443  
default  
passwords .......................................................................49  
settings ..........................................................................12  
users ..............................................................................49  
default VLAN ....................................................................106  
default, troubleshooting .........................................................442  
deleting a session ...................................................................58  
Device Discovery ..................................................................26  
470  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Device Tree ..........................................................................26  
DF bit ..................................................................................82  
DHCP  
multinetting ..................................................................198  
relay, configuring ...........................................................207  
DHCP and UDP-Forwarding ..................................................208  
DiffServ, configuring ............................................................151  
dimensions .........................................................................431  
disabling a port ......................................................................79  
disabling route advertising (RIP) .............................................226  
disconnecting a Telnet session ..................................................58  
Distance Vector Multicast Routing Protocol. See DVMRP  
distance-vector protocol ........................................................224  
DNS  
configuration commands (table) ..........................................51  
description ......................................................................51  
Domain Name Service. See DNS  
domains, Spanning Tree Protocol ............................................125  
dotted decimal notation .........................................................443  
download ...........................................................................424  
downloading incremental configuration ....................................425  
DSB ..................................................................................195  
DSB accounting ...................................................................195  
dummy protocol ..................................................................199  
duplex setting ........................................................................80  
DVMRP  
configuring ...................................................................282  
description ....................................................................276  
routing acces policies ......................................................331  
dynamic entries, FDB ...........................................................120  
dynamic routes ............................................................192, 295  
E
EBGP ........................................................................256, 259  
EBGP multihop ...................................................................263  
EBGP peers ................................................................259, 269  
ECMP ...............................................................................193  
EDP  
commands (table) ............................................................93  
description ......................................................................92  
election algorithms ...............................................................172  
electromagnetic compatibility .................................................432  
enable ipforwarding ......................................................365, 389  
471  
Download from Www.Somanuals.com. All Manuals Search And Download.  
I
N
D
E
X
enable log display ................................................................411  
enable SLB .........................................................................354  
enable slb ...................................................................367, 389  
enable slb failover ................................................................383  
enable slb node tcp-port-check ...............................................365  
enable slb vip ftpc service-check .............................................367  
enabling a port ......................................................................79  
encapsulating ......................................................................111  
endstation entries, troubleshooting ..........................................446  
endstation, troubleshooting ....................................................445  
Enterprise Discovery Protocol See EDP  
enterprise router protocol .......................................................138  
environmental requirements ...................................................431  
equal cost multi-path routing (ECMP) ......................................193  
ERP ..................................................................................138  
error message  
datagram too big ..............................................................82  
df set .............................................................................82  
fragmentation needed .......................................................82  
error messages  
MAC-block conflicts ......................................................164  
errors  
transmit ........................................................................406  
errors, port ..........................................................................406  
ESRP  
algorithms ....................................................................172  
and STP .......................................................................177  
basics ..........................................................................168  
configuration commands (table) ........................................179  
description ....................................................................167  
direct link .....................................................................177  
domains .......................................................................175  
election algorithms .........................................................172  
example .......................................................................182  
failover time .................................................................173  
fast-failover ..................................................................175  
groups .........................................................................175  
host attach ....................................................................174  
linking switches .............................................................177  
master ..................................................................170, 172  
master switch electing .....................................................173  
master, behavior ............................................................172  
master, definition ...........................................................168  
master, determining ........................................................170  
472  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
master, failover ..............................................................170  
master, priority ..............................................................170  
master, tracking .............................................................170  
ping .............................................................................171  
redundancy ...................................................................167  
route table ....................................................................171  
standby mode, behavior ...................................................172  
standby mode, definition .................................................168  
tracking ........................................................................171  
troubleshooting ..............................................................446  
VLAN tracking .............................................................171  
with SLB ......................................................................378  
Ethernet RMON statistics ......................................................415  
European Community ...........................................................432  
Events .................................................................................31  
events, RMON ....................................................................416  
exterior gateway protocol ......................................................256  
exterior gateway protocol (E-BGP) ..........................................256  
external health checking, health checking .................................374  
external health checking, SLB ................................................374  
F
failover ..............................................................................383  
failover time .......................................................................173  
Fast Ethernet ports .................................................................80  
fast-failover ........................................................................175  
FDB ..................................................................................119  
adding an entry ..............................................................121  
aging entries .................................................................120  
blackhole entries ............................................................121  
clear and delete commands (table) .....................................124  
configuration commands (table) ........................................122  
configuring ...................................................................122  
contents .......................................................................120  
creating permanent entry, example ....................................123  
displaying .....................................................................124  
dynamic entries .............................................................120  
entries ..........................................................................120  
non-aging entries ...........................................................120  
permanent entries ...........................................................121  
QoS profile association ...................................................122  
removing entries ............................................................124  
troubleshooting ..............................................................441  
473  
Download from Www.Somanuals.com. All Manuals Search And Download.  
I
N
D
E
X
FDB handling .....................................................................119  
file server applications, QoS ...................................................139  
Filter button (Web Access) ......................................................38  
filter, ICMP ........................................................................323  
filter, traffic ..........................................................................90  
filtering, packet ...................................................................313  
filters, VLAN ......................................................................103  
Flow control .........................................................................20  
flow control ..........................................................................80  
flow redirection ...................................................................398  
flow redirection commands (table) ..........................................400  
flow-redirection ...........................................................190, 376  
fonts, browser .......................................................................34  
Forwarding Database. See FDB  
forwarding modes, SLB ........................................................349  
frame size .............................................................................81  
free-standing installation .........................................................20  
FTP check ..........................................................................375  
FTP health check .................................................................375  
Full Layer 3 ............................................................................8  
full-duplex ..............................................................................5  
G
GBICs, installing and removing ................................................22  
get button .............................................................................38  
Get Nearest Server ...............................................................296  
GNS ..................................................................................296  
GNS, disable (table) .............................................................306  
gogo mode ..........................................................................349  
GoGo mode, SLB ................................................................355  
graphic user interface ..............................................................23  
Greenwich Mean Time Offsets (table) ........................................74  
group-specific query  
IGMP ..........................................................................281  
H
HA ....................................................................................387  
HA SLB .............................................................................378  
hardware address ...................................................................10  
health check ........................................................................375  
health checking, any option ....................................................376  
health checking, SLB ............................................................374  
474  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
heat dissipation ....................................................................432  
high availability ...........................................................387, 388  
high availability mode, SLB ...................................................378  
History ................................................................................30  
history .................................................................................44  
history command ...............................................................44  
History, RMON ...................................................................415  
home page ......................................................................35, 61  
hop count, RIP ....................................................................225  
HTTP health check ...............................................................375  
HTTP service-checking .........................................................371  
I
IBGP .........................................................................256, 259  
ICMP ..................................................................................52  
configuration commands (table) ........................................216  
ICMP echo messages ..............................................................52  
ICMP filter .........................................................................323  
ICMP Router Discovery Protocol. See IRDP  
ICMP, access lists ................................................................314  
IEEE 802.1Q .........................................................................99  
IGMP ................................................................................278  
configuration commands (table) ........................................280  
description ....................................................................278  
query ...........................................................................278  
snooping ......................................................................278  
Version 2.0 ...................................................................279  
IGMP query ........................................................................281  
image  
downloading .................................................................420  
upgrading .....................................................................420  
Input Voltage Options ...........................................................432  
install ..................................................................................18  
Install Intel Device View .........................................................24  
install switch .........................................................................18  
installing GBICs ....................................................................22  
Intel® Device View ...............................................................23  
interfaces, router ..........................................................191, 291  
interior gateway protocol (I-BGP) ...........................................256  
international support .............................................................462  
Internet Control Message Protocol ............................................52  
Internet Group Management Protocol. See IGMP  
Internet Packet Exchange protocol. See IPX  
475  
Download from Www.Somanuals.com. All Manuals Search And Download.  
I
N
D
E
X
IP access rules .....................................................................309  
IP address, entering ................................................................56  
IP address, troubleshooting ....................................................445  
IP ARP Request ...................................................................196  
IP FDB handling ..................................................................119  
IP multicast routing  
configuration commands (table) ........................................282  
configuring ...................................................................282  
description ................................................................6, 275  
DVMRP, configuring .....................................................282  
DVMRP, description ......................................................276  
IGMP configuration commands (table) ...............................280  
IGMP snooping .............................................................278  
IGMP, description ..........................................................278  
PIM-DM, configuring .....................................................282  
PIM-SM .......................................................................277  
reset and disable commands (table) ...................................288  
settings, displaying .........................................................287  
show commands (table) ...................................................287  
IP multinetting  
description ....................................................................198  
example .......................................................................200  
IP route sharing ...................................................................193  
IP TOS configuration commands (table) ...................................155  
IP type format conversion ......................................................443  
IP unicast routing  
basic IP commands (table) ...............................................212  
BOOTP relay ................................................................207  
configuration commands (table) ........................................214  
configuration examples ...................................................219  
configuring ...................................................................201  
default gateway .............................................................189  
description ........................................................................6  
DHCP relay ..................................................................207  
disabling ......................................................................221  
dynamic routes ..............................................................192  
enabling .......................................................................201  
equal cost multi-path routing (ECMP) ................................193  
IP route sharing .............................................................193  
multinetting, description ..................................................198  
multinetting, example .....................................................200  
multiple routes ..............................................................193  
proxy ARP ...................................................................196  
reset and disable commands (table) ...................................221  
476  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
resetting .......................................................................221  
router interfaces .............................................................191  
router show commands (table) ..........................................220  
routing table ..........................................................192, 214  
populating 192  
settings, displaying .........................................................220  
static routes ..................................................................192  
verifying the configuration ...............................................202  
IP, manually configure ............................................................21  
IPX  
configuration commands (table) ........................300, 301, 302  
configuration example ....................................................304  
configuring ...................................................................297  
disabling ......................................................................306  
dynamic routes ..............................................................295  
load sharing ..................................................................294  
protocol filters ...............................................................298  
protocol-based VLANs ...................................................298  
reset and disable commands (table) ...................................306  
resetting .......................................................................306  
router interfaces .............................................................291  
routing table ..........................................................295, 301  
routing table, populating ..................................................295  
service table ..................................................................302  
settings, displaying .........................................................305  
show commands (table) ...................................................305  
static routes ..................................................................295  
verifying router configuration ...........................................297  
IPX route table ....................................................................295  
IPX VLAN .........................................................................294  
IPX/RIP .............................................................................306  
configuring ...................................................................297  
disabling ......................................................................306  
reset and disable commands .............................................306  
routing table configuration commands (table) ......................301  
routing table, populating ..................................................295  
settings, displaying .........................................................305  
show commands (table) ...................................................305  
IPX/SAP  
configuration commands (table) ........................................302  
configuring ...................................................................297  
disabling ......................................................................306  
reset and disable commands (table) ...................................306  
resetting .......................................................................306  
477  
Download from Www.Somanuals.com. All Manuals Search And Download.  
I
N
D
E
X
settings, displaying .........................................................305  
show commands (table) ...................................................305  
IRDP .................................................................................218  
J
jumbo frame .....................................................81, 87, 88, 112  
mtu range .......................................................................82  
K
keys  
line-editing .....................................................................43  
port monitoring .............................................................407  
router license ....................................................................7  
L
layer 4 destination port ..........................................................376  
layer 4 flows .......................................................................376  
Layer 4 port check ...............................................................375  
Layer 4, routing ...................................................................190  
LED ....................................................................................20  
LED, troubleshooting ...........................................................439  
license ...................................................................................8  
license key ..........................................................................7, 8  
line frequency .....................................................................432  
line-editing keys ....................................................................43  
Link Aggregation ...................................................................84  
link light, troubleshooting ......................................................442  
link loss .............................................................................173  
link-state database ................................................................227  
link-state protocol, description ................................................224  
load balancing methods, SLB .................................................357  
load sharing ....................................................................84, 85  
description ......................................................................84  
group .............................................................................86  
group, description ............................................................84  
IPX .............................................................................294  
master port .....................................................................85  
policy based routing .......................................................376  
verification .....................................................................86  
load-sharing ........................................................................376  
local logging .......................................................................410  
478  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
log display ..........................................................................411  
logging  
and Telnet ....................................................................411  
commands (table) ..........................................................412  
configuration changes .....................................................412  
description ....................................................................408  
fault level .....................................................................409  
local ............................................................................410  
message .......................................................................409  
QoS monitor .................................................................159  
real-time display ............................................................411  
remote .........................................................................411  
subsystem .....................................................................409  
timestamp .....................................................................408  
logging in .................................................................21, 22, 49  
logical port ...........................................................................85  
login  
admin ............................................................................57  
loopback interface ................................................................263  
M
MAC address ..................................................................10, 55  
MAC address limits ..............................................................115  
MAC-based VLAN ..............................................................117  
configuration commands (table) ........................................116  
example .......................................................................116  
timed configuration download ..........................................117  
MAC-Based VLANs ............................................................114  
MacVlanDiscover ................................................................106  
maintenance mode, SLB ........................................................377  
management access ................................................................48  
management accounts .............................................................50  
Management and Security .....................................................433  
management port ...................................................................10  
MANs ...............................................................................112  
manually configure IP .............................................................21  
mask ...................................................................................60  
master port ...........................................................................85  
load sharing ....................................................................85  
maxbuf (QoS) .....................................................................160  
MED,BGP ..........................................................................256  
media distances .....................................................................14  
media types ..........................................................................14  
479  
Download from Www.Somanuals.com. All Manuals Search And Download.  
I
N
D
E
X
metropolitan area network .....................................................112  
MGMT LED .........................................................................21  
MIB ..................................................................................433  
MIBs ...................................................................................63  
microprocessor utilization ......................................................446  
mirror port ............................................................................92  
mirroring ..............................................................................90  
bandwidth ......................................................................91  
mirroring filters .....................................................................90  
monitoring ..........................................................................403  
monitoring the switch ...........................................................403  
MTU frames .........................................................................81  
Multicast Border Router, PIM ................................................277  
multi-existing discriminator  
MED ...........................................................................340  
multihop, EBGP ..................................................................263  
multinetting ........................................................................200  
multinetting. See IP multinetting  
multiple routes ....................................................................193  
N
names, VLANs ....................................................................105  
Network Interface Card (NIC) ................................................100  
Network Time Protocol (NTP) .................................................72  
NIC ...................................................................................100  
NLRI .................................................................................256  
NNTP health check ..............................................................375  
non-aging entries .................................................................120  
non-aging entries, FDB .........................................................120  
Not-So-Stubby_Area.See NSSA  
NSSA ................................................................................229  
NSSA. See OSPF  
NTP server ...........................................................................72  
NTP. see SNTP  
O
Open Shortest Path First. See OSPF  
Operating Humidity ..............................................................431  
Operating Temperature .........................................................431  
Operating Wavelength ............................................................15  
Optical Input Power ...............................................................15  
Optical Output Power .............................................................15  
480  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Origin, BGP ........................................................................256  
OSPF  
advantages ....................................................................224  
area 0 ..........................................................................228  
areas ............................................................................227  
backbone area ...............................................................228  
configuration commands (table) ........................................244  
configuration example ....................................................249  
description ............................................................224, 226  
disabling ......................................................................253  
enabling .......................................................................202  
hello interval .................................................................245  
link-state database ..........................................................227  
normal area ...................................................................229  
NSSA ..........................................................................228  
redistributing to BGP ......................................................263  
reset and disable commands (table) ...................................253  
resetting .......................................................................253  
route map support ..........................................................195  
router types ...................................................................227  
routing access policies ............................................329, 330  
settings, displaying .........................................................252  
show commands (table) ...................................................252  
stub area .......................................................................228  
virtual link ....................................................................229  
vs. RIP .........................................................................224  
OSPF area conversion ...........................................................443  
OSPF whole number conversion .............................................443  
out-of-band management .........................................................10  
P
packet  
tagging ........................................................................100  
packet filtering ............................................................309, 313  
packet protocol ......................................................................85  
packet-loss .........................................................................138  
Parity ...................................................................................20  
password ............................................................................442  
passwords  
default ...........................................................................49  
forgetting .......................................................................50  
per command ........................................................................67  
per-command authentication ....................................................67  
481  
Download from Www.Somanuals.com. All Manuals Search And Download.  
I
N
D
E
X
permanent entries, FDB .........................................................121  
permanent entry, troubleshooting ............................................441  
persistence, SLB, client .........................................................377  
PIM  
trusted neighbor .............................................................333  
PIM mode translation ...........................................................277  
PIM-DM  
configuration .................................................................282  
routing access policies ....................................................332  
PIM-DM, access policies .......................................................332  
PIM-SM  
description ....................................................................277  
rendezvous point ............................................................277  
RP ..............................................................................277  
ping  
command .......................................................................52  
ping check ....................................................................375  
policy based routing .......................................................375  
web cache redirection .....................................................375  
ping-check ..........................................................................370  
PMBR ...............................................................................277  
poison reverse .............................................................225, 295  
poison-reverse  
command .....................................................................240  
policy based routing .....................................................190, 375  
HTTP health check .........................................................375  
layer 4 port check ..........................................................375  
load sharing ..................................................................376  
NNTP health check ........................................................375  
policy based routing, load sharing ...........................................376  
POP3 health check ...............................................................375  
POP3 service-check ..............................................................372  
populating routing table ........................................................192  
port  
autonegotiation ................................................................80  
commands ......................................................................86  
commands (table) ............................................................87  
console ..........................................................................10  
disabling ........................................................................79  
enabling .........................................................................79  
enabling and disabling ......................................................79  
errors,viewing ...............................................................406  
installing and removing GBICs ...........................................22  
layer 4 destination ..........................................................376  
482  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
master port .....................................................................85  
mirroring ........................................................................90  
monitoring ....................................................................403  
monitoring display keys ..................................................407  
priority, STP .................................................................129  
receive errors ................................................................407  
speed .............................................................................80  
statistics, viewing ...........................................................405  
STP state, displaying ......................................................132  
STPD membership .........................................................126  
transmit errors ...............................................................406  
port translation ....................................................................349  
port translation mode, SLB ....................................................354  
port-based ............................................................................85  
port-based VLANs .................................................................97  
Port-mirroring .......................................................................90  
POST ..................................................................................20  
Power On Self-Test (POST) .....................................................20  
power on, troubleshooting .....................................................440  
power socket .........................................................................10  
power supply ........................................................................10  
power supply specifications ...................................................432  
powering on the switch ...........................................................20  
powering up, troubleshooting .................................................440  
primary VLAN interface .......................................................198  
Priority numbers range ..........................................................359  
probe, RMON .............................................................415, 416  
profiles, QoS .......................................................................140  
protocol filters .....................................................................103  
protocol filters, IPX ..............................................................298  
Protocol Independent Multicast- Sparse Mode. See PIM-SM  
protocol-based VLANs .........................................................102  
Proxy ARP .........................................................................196  
proxy ARP, and subnets ........................................................196  
proxy ARP, description .........................................................196  
proxy client persistance .........................................................377  
Q
QoS .......................................................................................6  
802.1p configuration commands (table) ..............................150  
802.1p priority ..............................................................148  
applications ..................................................................137  
assigning QoS service levels ............................................139  
483  
Download from Www.Somanuals.com. All Manuals Search And Download.  
I
N
D
E
X
bandwidth management ...................................................135  
bandwidth settings .........................................................161  
blackhole ......................................................................146  
broadcast/unknown rate limiting .......................................147  
buffer ..........................................................................141  
building blocks ..............................................................139  
configuration commands (table) ........................................143  
database applications ......................................................138  
default .........................................................................140  
default QoS profiles .......................................................140  
description ............................................135, 139, 140, 158  
DiffServ, configuring ......................................................151  
examples ..............................................................146, 157  
explicit packet marking ...................................................147  
FDB entry association .....................................................122  
file server applications ....................................................139  
IP address .....................................................................145  
IP TOS configuration commands (table) .............................155  
MAC address ........................................................145, 146  
maxbuf ........................................................................160  
maximum bandwidth ......................................................141  
minimum bandwidth .......................................................140  
modifying .....................................................................144  
parameters ....................................................................140  
policy, description ..........................................................140  
policy-based .................................................................135  
prioritization parameters ..................................................135  
priority ........................................................................141  
profiles ........................................................139, 140, 144  
Random Early Detection (RED) ........................................136  
source port ............................................................156, 157  
traffic groupings ............140, 144, 145, 146, 147, 156, 157  
traffic groupings (table) ...................................................144  
verifying ..............................................................157, 159  
video applications ..........................................................137  
VLAN .........................................................................157  
voice applications ..........................................................137  
web browsing applications ...............................................138  
QoS monitor .......................................................................158  
configuration commands (table) ........................................158  
logging ........................................................................159  
real-time display ............................................................158  
QoS profile, FDB .................................................................122  
Quality of Service. See QoS  
484  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
queries, router, IGMP ...........................................................278  
query, group specific, IGMP ..................................................281  
R
rack .....................................................................................18  
rack mount ...........................................................................18  
rack mounting .......................................................................18  
RADIUS ..............................................................................66  
RADIUS commands (table) .....................................................68  
Random Early Detection (RED) ..............................................136  
rate shaping ........................................................................163  
real-time display ..................................................................411  
receive errors ......................................................................407  
RED ..................................................................138, 139, 143  
redundancy, ESRP ...............................................................167  
redundancy, router ...............................................................196  
redundant power ....................................................................10  
remote logging ....................................................................411  
remote monitoring ..................................................................30  
Remote Monitoring. See RMON  
reset button ...........................................................................10  
resetting .............................................................................306  
restart ..................................................................................91  
Restart port .........................................................................165  
reverse mask .................................................................60, 325  
RIP  
advantages ....................................................................224  
CIDR ...........................................................................226  
configuration commands (table) ........................................237  
configuration example ....................................................240  
description ............................................................224, 225  
disabling route advertising ...............................................226  
enabling .......................................................................202  
hop count .....................................................................225  
limitations ....................................................................224  
multicasting ..................................................................226  
poison reverse ...............................................................225  
reset and disable commands (table) ...................................243  
routing access policies ....................................................327  
routing table ..................................................................225  
routing table entries ........................................................225  
settings, displaying .........................................................242  
show commands (table) ...................................................242  
485  
Download from Www.Somanuals.com. All Manuals Search And Download.  
I
N
D
E
X
split horizon ..................................................................225  
timer ...........................................................................225  
triggered updates ...........................................................226  
version 2 ......................................................................226  
vs. OSPF ......................................................................224  
RJ-45 connector .....................................................................10  
RMON ........................................................................30, 415  
alarm actions .................................................................417  
Alarms group ................................................................416  
events group .................................................................416  
features supported ..........................................................415  
groups .........................................................................415  
History group ................................................................415  
probe .............................................................90, 415, 416  
Statistics group ..............................................................415  
traps ............................................................................416  
root bridge ..........................................................................130  
round-robin ...................................................................85, 357  
route advertising, RIP ...........................................................226  
route map support  
accounting ....................................................................195  
BGP ............................................................................195  
DSB accounting .............................................................195  
OSPF ...........................................................................195  
tagging ........................................................................195  
route maps  
BGP ............................................................................343  
changing ......................................................................342  
configuration commands (table) ........................................344  
creating ........................................................................338  
description ............................................................311, 337  
example .......................................................................341  
goto entries ...................................................................339  
match entries .................................................................339  
match operation keywords (table) ......................................339  
processing ....................................................................341  
set entries .....................................................................339  
set operation keywords (table) ..........................................340  
router interfaces ...........................................................191, 291  
router license ..........................................................................8  
router redundancy ................................................................196  
router types, OSPF ...............................................................227  
router-queries ......................................................................278  
routing access policies  
486  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
access profile ................................................................324  
access profile, applying ...................................................327  
access profile, changing ..................................................334  
access profile, configuring ...............................................324  
access profile, creating ....................................................324  
BGP ............................................................................333  
configuration commands (table) ........................................335  
deny ............................................................................324  
DVMRP .......................................................................331  
DVMRP examples .........................................................332  
none ............................................................................324  
OSPF ..........................................................................329  
OSPF examples .............................................................330  
permit ..........................................................................324  
PIM-DM ......................................................................332  
PIM-DM examples .........................................................333  
removing ......................................................................334  
RIP .............................................................................327  
RIP examples ................................................................328  
using ...........................................................................324  
Routing Information Protocol. See RIP  
routing table ........................................................................225  
routing table, populating IPX .................................................295  
routing. See IP unicast routing  
RP ....................................................................................277  
RX CRC errors ....................................................................442  
S
safety information ................................................................432  
save changes .......................................................................419  
save command .......................................................................39  
saving changes using Web Device Manager ................................37  
saving configuration changes .................................................419  
scheduling configuration download .........................................425  
screen resolution,Web Device Manager ......................................34  
secondary multinetted VLANs ................................................198  
security  
access profiles .................................................................59  
security and management ......................................................433  
serial number ........................................................................10  
serial port. See console port  
Server Load Balancing See SLB  
service and support ...............................................................461  
487  
Download from Www.Somanuals.com. All Manuals Search And Download.  
I
N
D
E
X
service-check ......................................................................371  
sessions, deleting ...................................................................58  
shortcuts, command ................................................................41  
show flow-redirect ...............................................................377  
show iproute .......................................................................202  
show port ...........................................................................407  
show port all info ...................................................................87  
show port utilization .............................................................408  
show ports configuration .........................................................86  
show qosprofile ...................................................................161  
show switch ..........................................................................55  
show vlan ...........................................................................166  
Simple Network Management Protocol. See SNMP  
Simple Network Time Protocol. See SNTP  
size of switch ......................................................................431  
SLB  
active-active .................................................................383  
advanced configuration commands (table) ..........................392  
basic configuration commands (table) ................................359  
components ..................................................................347  
description ....................................................................347  
enable ..........................................................................354  
external health checking ..................................................374  
failover ........................................................................383  
forwarding mode ...........................................................349  
GoGo mode ..................................................................355  
health checking .............................................................369  
high availability .............................................................382  
host-route .....................................................................356  
least connections ............................................................358  
load balancing methods ...................................................357  
maintenance mode .........................................................377  
manual fail-back ............................................................387  
nodes ...........................................................................348  
persistence ....................................................................377  
ping-check ....................................................................370  
ping-checking ...............................................................383  
pool .............................................................................380  
pools ...........................................................................348  
port translation mode ......................................................354  
priority mode ................................................................359  
proxy ...........................................................................377  
proxy ARP ...................................................................356  
ratio ............................................................................358  
488  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
ratio weight ..................................................................358  
redundant configuration ..................................................383  
round-robin ...................................................................357  
service-check ................................................................371  
standard virtual servers ...................................................349  
sticky ...........................................................................377  
sticky persistence ...........................................................378  
subnet-route ..................................................................357  
tcp-port-check ...............................................................370  
translational mode ..........................................................352  
transparent mode ...........................................................350  
VIPs ............................................................................348  
VIPs, creating ...............................................................349  
virtual servers ...............................................................348  
wildcard virtual servers ...................................................349  
with ESRP ....................................................................378  
SLB and ESRP ....................................................................381  
SLB H/A ....................................................................387, 388  
SLB High Availability ..........................................................387  
SLB VIPs ...........................................................................380  
SLB/HA .............................................................................390  
SNAP protocol ....................................................................104  
SNMP .................................................................................30  
community strings ............................................................64  
configuration commands (table) ..........................................64  
configuring .....................................................................63  
controlling access ............................................................63  
read access .....................................................................63  
read/write access ..............................................................63  
settings, displaying ...........................................................66  
supported MIBs ...............................................................63  
trap receivers ..................................................................63  
using .............................................................................62  
SNMP Network Manager, troubleshooting ................................440  
SNMP traps ........................................................................416  
SNMP traps, troubleshooting .................................................441  
snooping ............................................................................279  
SNTP ..................................................................................72  
configuration commands (table) ..........................................77  
configuring .....................................................................73  
Daylight Savings Time ......................................................73  
description ......................................................................72  
example .........................................................................77  
Greenwich Mean Time offset .............................................73  
489  
Download from Www.Somanuals.com. All Manuals Search And Download.  
I
N
D
E
X
Greenwich Mean Time Offsets (table) ..................................74  
soft resets ...........................................................................334  
software  
factory defaults ................................................................12  
Software Licensing ..................................................................7  
software upgrade .................................................................420  
spanning switches ..................................................................98  
spanning tree domain ............................................................125  
Spanning Tree Protocol .............................................................5  
Spanning Tree Protocol. See STP  
speed ...................................................................................80  
speed, ports ...........................................................................80  
split horizon ................................................................225, 295  
Standards ...........................................................................431  
start Device View ..................................................................25  
start-up, troubleshooting ........................................................440  
static routes ................................................................192, 295  
static routes, troubleshooting ..................................................442  
static RP .............................................................................277  
Statistics ..............................................................................30  
statistics  
RMON ........................................................................415  
statistics, port ......................................................................405  
statistics, SLB .....................................................................380  
status messages (Web Access) ..................................................37  
status monitoring .................................................................403  
status monitoring commands (table) ........................................403  
sticky persistance .................................................................378  
sticky persistence .................................................................377  
Stop bit ................................................................................20  
Storage Temperature ............................................................431  
STP ...............................................................................5, 125  
and ESRP .....................................................................177  
and VLANs ..................................................................126  
bridge priority ...............................................................129  
configurable parameters ..................................................129  
configuration commands (table) ........................................130  
configuration example ....................................................132  
configuring ...................................................................129  
disable and reset commands (table) ...................................133  
displaying settings ..........................................................132  
domains .......................................................................125  
endstation, troubleshooting ..............................................445  
examples ......................................................................126  
490  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
forward delay ................................................................129  
hello time .....................................................................129  
initialization, troubleshooting ...........................................445  
max age .......................................................................129  
overview ......................................................................125  
path cost .......................................................................129  
port priority ..................................................................129  
port state, displaying .......................................................132  
stub area .............................................................................228  
stub area, OSPF ...................................................................228  
subnet mask ..........................................................................60  
Subnet Masks ......................................................................226  
sub-VLAN .........................................................................203  
supernetting, RIP .................................................................226  
super-VLAN .......................................................................202  
support ..............................................................................462  
support services ...................................................................461  
supported limits ...................................................................434  
switch  
certification marks .........................................................431  
certifications marks ........................................................432  
dimensions ...................................................................431  
electromagnetic compatibility ...........................................432  
environmental requirements .............................................431  
free-standing installation ...................................................20  
front view .........................................................................8  
heat dissipation ..............................................................432  
installing ........................................................................18  
logging ........................................................................408  
MAC address ..................................................................10  
monitoring ....................................................................403  
positioning .....................................................................18  
power supply specifications .............................................432  
powering on ....................................................................20  
rack mounting .................................................................18  
rear view ..........................................................................9  
size .............................................................................431  
weight .........................................................................431  
syntax helper .........................................................................40  
syntax, understanding .............................................................39  
syslog host ..........................................................................411  
491  
Download from Www.Somanuals.com. All Manuals Search And Download.  
I
N
D
E
X
T
TACACS+  
commands (table) ............................................................71  
description ......................................................................70  
servers, specifying ...........................................................70  
tag ....................................................................................100  
tagged IPX VLAN ...............................................................294  
tagged VLAN .....................................................................100  
tagging ..............................................................................100  
BGP ............................................................................195  
OSPF ...........................................................................195  
route map support ..........................................................195  
tagging, VLAN ......................................................................99  
tcp-port-check .....................................................................370  
technical support ..................................................................461  
telephone support .................................................................461  
Telnet ............................................................................54, 55  
controlling access ............................................................58  
disconnecting a session .....................................................58  
logging ........................................................................411  
using .............................................................................54  
telnet health check ...............................................................375  
Telnet workstation, troubleshooting .........................................441  
Terminal Access Controller Access Control System Plus. See  
TACACS+  
TFTP  
using ...........................................................................423  
TFTP server utility .................................................................38  
third-party trunking ................................................................84  
timed configuration download ................................................117  
timed download ...................................................................115  
timer .................................................................................198  
timestamp ...........................................................................408  
toll-free support number ........................................................462  
top command ......................................................................446  
traceroute command ..........................................................53  
traffic filter ...........................................................................90  
traffic grouping ...................................................................139  
traffic groupings ..........................................................138, 144  
translation ..........................................................................229  
translation, PIM mode ...........................................................277  
translational mode ................................................................349  
translational mode, SLB ........................................................352  
transmit errors .....................................................................406  
492  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
Transparent mode ................................................................349  
transparent mode .................................................................349  
transparent mode, SLB ..........................................................350  
transparent private networks ...................................................112  
Trap Receiver, troubleshooting ...............................................441  
triggered update ...................................................................225  
triggered updates .........................................................226, 295  
troubleshooting tools ............................................................446  
troubleshooting, top command ................................................446  
trunking ...............................................................................84  
trunks ................................................................................100  
trusted neighbor ...................................................................333  
tunnel ................................................................................112  
TUV/GS (German Notified Body) ...........................................432  
U
UDP  
multinetting ..................................................................198  
UDP-Forwarding  
and BOOTP ..................................................................208  
and DHCP ....................................................................208  
configuring ...................................................................209  
description ....................................................................208  
UDP-forwarding  
configuration commands (table) ........................................210  
example .......................................................................209  
profiles ........................................................................209  
VLANs ........................................................................209  
update, triggered ..................................................................225  
upgrade software .................................................................420  
upgrading the image .............................................................420  
uploading the configuration ...................................................423  
users  
access levels ...................................................................48  
creating ..........................................................................50  
default ...........................................................................49  
viewing ..........................................................................50  
UTP Cable ............................................................................14  
V
verifying the installation ..........................................................20  
video applications and QoS ....................................................137  
493  
Download from Www.Somanuals.com. All Manuals Search And Download.  
I
N
D
E
X
viewing accounts ...................................................................50  
VIPs, SLB ..........................................................................348  
Virtual LANs. See VLANs  
virtual link, OSPF ................................................................229  
VLAN  
debug-tracing ................................................................446  
ESRP tracking ...............................................................171  
IP fragmentation ..............................................................83  
MAC download limits ....................................................115  
MAC-based ..................................................................117  
MTU .............................................................................83  
rate shaping  
bandwidth management 163  
tag ..............................................................................100  
tag assigning .................................................................100  
tunneling ......................................................................111  
VLAN aggregation  
configuration commands (table) ........................................206  
description ....................................................................202  
limitations ....................................................................204  
properties .....................................................................204  
proxy ARP ...................................................................205  
secondary IP address ......................................................203  
sub-VLAN ...................................................................203  
super-VLAN .................................................................202  
VLAN configuration, Web Device Manager ................................38  
VLAN names, troubleshooting ...............................................445  
VLAN tagging ......................................................................99  
VLANid ...............................................................................99  
VLANs ................................................................................95  
and STP .......................................................................126  
and Web access ...............................................................33  
assigning tags ................................................................100  
benefits ..........................................................................95  
configuration commands (table) ........................................107  
configuration examples ...................................................108  
configuring ...................................................................106  
default ........................................................................106  
delete and reset commands (table) .....................................111  
description ........................................................................5  
disabling route advertising ...............................................226  
displaying settings ..........................................................110  
IP address, troubleshooting ..............................................445  
mixing port-based and tagged ...........................................102  
494  
Download from Www.Somanuals.com. All Manuals Search And Download.  
®
Intel NetStructure480T Routing Switch User Guide  
names ..........................................................................105  
port, troubleshooting .......................................................444  
port-based ......................................................................97  
protocol filters ...............................................................103  
protocol-based ...............................................................102  
protocol-based, IPX ........................................................298  
restoring default values ...................................................111  
routing .................................................................201, 297  
tagged ............................................................................99  
tagged IPX ...................................................................294  
troubleshooting ..............................................................444  
trunks ..........................................................................100  
types .............................................................................97  
UDP-forwarding ............................................................209  
with IP and IPX .............................................................294  
VLSMs ..............................................................................226  
vMAN tunnel ......................................................................112  
vMANs ..............................................................................111  
voice applications, QoS .........................................................137  
W
warnings ............................................................................449  
warranty .............................................................................451  
web browsing applications, QoS .............................................138  
web cache redirection ...................................................375, 398  
HTTP health check .........................................................375  
layer 4 port ...................................................................375  
Web Device Manager  
accessing ........................................................................35  
browser controls ..............................................................36  
browser setup ..................................................................34  
controlling access ............................................................62  
description ......................................................................33  
fonts ..............................................................................34  
home page ................................................................35, 61  
saving changes ................................................................37  
screen resolution ..............................................................34  
status messages ...............................................................37  
VLAN configuration ........................................................33  
Web site, support .................................................................461  
Web-server configuration ......................................................391  
weight ...............................................................................431  
Welcome prompt, troubleshooting ...........................................440  
495  
Download from Www.Somanuals.com. All Manuals Search And Download.  
I
N
D
E
X
wildcard IP address ..............................................................349  
496  
Download from Www.Somanuals.com. All Manuals Search And Download.  
A14542-001  
100044-00 rev04  
Download from Www.Somanuals.com. All Manuals Search And Download.  

Insignia Flat Panel Television NS P42Q10A User Manual
Intel Server MFS5000SI User Manual
JVC CRT Television AV 27150 User Manual
JVC VCR HR 272EU User Manual
Kenwood Car Video System KVT 532DVD User Manual
Kenwood Coffeemaker CM040 User Manual
Kenwood Speaker KFC 162MR User Manual
Kenwood TV Mount 411 User Manual
KitchenAid Gas Grill KBNU367TSS00 User Manual
KitchenAid Ice Maker KUIC15PLTS0 User Manual