Ethernet Routing Switches Stackable Version 2.0.0 Last updated: Mar 2011 Objectives At the end of the training, you should be able to Understand the difference between the ERS families Understand basic setup for ERS Switches Know your way around Device Manager (EDM) and a little CLI Build a small converged network solution and have some fun! Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy. Agenda Getting started – Which ERS – Standalone or Stack Management – EDM and CLI – Configuring Management Layer 2 – VLANs – Creating VLANS – Access or TAG Layer 3 – Routing – IP interfaces – DHCP Relay QoS – – Roles Typical settings Energy Saver Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy. Getting Started Ideal as: Access Switch for Large Enterprises: high-performance Gigabit-to-the- Desktop Aggregation (Distribution) Switch Core Switching solution for small Enterprises ERS 5000 Top-of-Rack/Horizontal Stacking for the Data Centre Where 10GbE is required today Ideal as: Access Switch for mid-to-large Enterprise Environments with either FE or GbE connectivity at the Edge, or both ERS 4500 Where 10GbE Uplinks will become important Ideal as: Access Switch for Branch Office or smaller Enterprise Campus: when Fast Ethernet-only is appropriate Low-intensity convergence deployments ERS 2500 Standard offering for the Small to Medium Enterprise Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy. 4 Ethernet Routing Switch 2500 Series Workhorse solution to empower Convergence – 10/100 to the Desktop – Power-over-Ethernet & QoS Enable the Converged Branch Highly-available local Stacking & connections to the Core – high speed local switching & Layer Scalable, pay-as-you-grow 3 Routing – entry-level FAST 32 Comprehensive QoS & access control capabilities Integrated Access Control – 802.1X with Extensions – 802.1AB auto discovery for network & devices Delivers flexibility to the Network Edge ©2010 Avaya, Inc. All rights reserved. 5 Features of the ERS 2500 Series 4 Switch options – 2526T & 2526T-PWR – 24 10/100 802.3af-compliant PoE – Auto-sensing 10/100 Desktop ports, plus 2 active – Auto-discovery of PoE devices Uplinks, PoE option – 2550T& 2550T-PWR – 48 10/100 – Dynamic power management Desktop ports, plus 2 active Endpoint access control Uplinks, PoE option – 802.1X SHSA, Guest VLAN, Uplink options of SFP, 1000T, or 10/100/1000T RADIUS Authentication PoE available on 50% of Desktop ports – Green..! 32Gbps Stacking architecture – Up to 384 10/100 ports Wire-speed local switching & DiffServ & 802.1p Prioritisation Traffic Marking & Re-Marking Port Mirroring & Rate Limiting 802.3ad Link Aggregation (6 links) integrated Stacking ©2010 Avaya, Inc. All rights reserved. 6 Hardware 26-port Switches 2526T 2526T-PWR 50-port Switches 2550T 2550T-PWR ©2010 Avaya, Inc. All rights reserved. 7 Flexible Advanced Stacking Architecture Class-leading Stacking – the ERS 2500 Series implements FAST 32 – 4Gbps of Stacking capacity per Switch & up to 32Gbps for a Stack of 8 ERS 2500 Series with FAST 32 4Gbps Stacking per Switch & up to 32Gbps Scales up to 384 Ports of 10/100 Desktop plus up to 16 Ports for 10/100/1000 Combo Uplinks Auto Unit Replacement software & configuration control – Virtual Hot Swap Consolidated Management via a single IP Address Low-cost Stack cabling Pre-enabled or field-upgradeable Up to 8 Switches & 400 Ports Uses low-cost Cat 5E UTP for Stacking ©2010 Avaya, Inc. All rights reserved. 8 Getting Started Standalone or Stacking The ERS 2500 delivers 3 flexible options to meet customer needs Use ERS 2500s as single units • Ideal for smaller sites Standalone • Budget-friendly option Flexible option to move to stacking • No need to purchase additional hardware • Stacking is enabled via a software license Standalone Stacked • Grow your network when/if YOU want to Scalability from Day 1 • Units with stacking pre-enabled are available • Ready to stack immediately Stack Enabled 9 • No need for a stacking license Ethernet Routing Switch 2500 Series Stacking Implementation ERS 2500s use the rear 1000BaseTX ports as stacking ports – Rear ports offer the flexibility to be used as either normal Gigabit ports or as stacking ports. – Gigabit grade (Cat5E/Cat6) RJ-45 cabling is used to create the stacking ring – Stack up to 8 units high for 384 10/100 user ports and 16 Gigabit ports 10 Ethernet Routing Switch 2500 Series Stacking Functionality and Rear Ports – “Stacking Mode” must be configured on the rear ports before switches – – – – are connected together in a stack (there is no “auto-detection”). The Base unit must have Unit Select switch set to ON (one switch only) Each ERS2500 switch ships with a 46cm (1.5 foot) stack cable (black Cat5E cable). Additional cables of 1.5m (5’) and 3m (10’) are also be available for separate purchase from Avaya and are like “stack return” cables. Customers are permitted to use their own cables and longer lengths up to 100m (at customer’s risk, not “officially” supported by GNTS). MODE: Port 27 Port 28 Standalone -> Stacking -> Cascade Down Cascade Up Base Unit Select 11 Ethernet Routing Switch 4500 Series Scalable solution to empower Convergence – 10/100 or 10/100/1000 to the Desktop, Fixed 100FX & SFP options – Power-over-Ethernet & QoS – fail-safe FAST 320 – high-speed local switching & Layer 3 Routing Integrated Access Control – 802.1X with extensions Delivers 99.999% reliability to the Network Edge Enable the Converged Desktop Comprehensive access control options High-availability locally & to the Core Scalable, pay-as-you-grow Can mix FE and GE Switches in a stack 10/100/1000 & 10/100 Switches 10G Switches 1 Features of the ERS 4500 Series 11 Switch options – 4526FX – 4526T & 4526T-PWR – 4550T & 4550T-PWR – 4524GT & 4524GT-PWR – 4526GTX & 4526GTX-PWR – 4548GT & 4548GT-PWR High density solution: – 400/384 ports of 10/100 or 802.3af-compliant PoE – Auto-sensing 10/100/1000 – Auto-discovery of PoE devices – Dynamic power management End-point access control – 802.1X plus extensions (SHMA, MHMA, Guest VLAN, etc) 10/100/1000 with PoE & 10GbE Automatic Unit Replacement options Traffic Policing, DiffServ & 802.1p – SFP & FX options Prioritisation 184Gbps of local switching & 40Gbps Stacking throughput per Switch IP Filtering, Policies, & Offset Redundant Power option 1 Hardware Fast Ethernet Switches 4526FX 4526T & 4526T-PWR 4550T & 4550T-PWR Gigabit Ethernet Switches 4524GT & 4524GT-PWR 4526GTX & 4526GTX-PWR 4548GT & 4548GT-PWR 1 Flexible Advanced Stacking Technology Evolution of redundant self-healing stacking first introduced in 1998 Support for up to 8 units in a stack – Can mix any ERS4500 switch in the stack – Maximum 400 10/100 ports in a stack – Maximum 384 10/100/1000 ports in a stack – Up to 32 SFP GBICs in a stack for uplinks Return Cable creates resilient configuration Built-in Hi-Stack stacking ports come standard on the switch – Stacking cable (46cm / 18”) included with each switch – Loopback stacking cable for resilient stacking must be purchased separately True resilient stack IP Management Load-balancing and fail-over protection with Distributed MLT and 802.3ad Automatic Unit Replacement Functionality to automatically reconfigure any replaced unit 15 Grow as you Stack from 1 to 8 units as one reliable managed entity Agenda Getting Started Management – EDM and CLI – Configuring management L2- VLANs L3 - Routing QOS Energy Saver 16 Enterprise Device Manager - EDM Feature Overview EDM is a new embedded web based management system. – EDM uses Web2.0 and J2EE framework – more up to date – Improved workflows, selections and GUI configuration completeness EDM REPLACES both JDM and WebUI graphical configuration and element interfaces. – Integrated into the agent code of the switch, no longer requiring the right version of JDM to support chosen platforms. HTTP and HTTPS browser support – Tested and supported by: IE 7.0 and FireFox 3.0 and above. New on ERS 2500 4.3 / 4500 v5.4 / 5x00 v6.2 17 Enterprise Device Manager - EDM Main Screens EDM Landing Page – Switch Summary – Navigation Tree – “Configuration” folder already open with sub folders 18 Enterprise Device Manager - EDM Main Screens - II EDM – Device Physical View tab – can launch pull-down menu off ports 19 Enterprise Device Manager - EDM Main Screens - III EDM – Edit > Chassis > Chassis – General switch system information 20 Enterprise Device Manager - EDM Main Screens - IV EDM – Configuration > VLAN > VLANs – VLAN creation – white cells can be edited 21 Enterprise Device Manager - EDM Main Screens -V EDM – QoS > QoS Devices – NOTE: EDM opens new selections in new Tabs in the main view 22 Enterprise Device Manager - EDM EDM Help Files The help files for EDM are not integrated into the switch agent code and are downloaded to the switch when required by the agent. – Help file must be located on TFTP server or USB drive. EDM Help file configuration in CLI – CLI commands: edm help-file-path <path> [tftp address <ip>] show edm help-file-path Set Help file path (config) (config)# edm help-file-path /help tftp address 10.16.5.222 Show Help file path (config)# show edm help-file-path TFTP Server Address 10.16.5.222 /help 23 Enterprise Device Manager - EDM EDM Help file configuration - EDM EDM – Help File location configuration – EDM uses TFTP to access Help File documents Setup the help files location on TFTP server Install the help files one directory below the root on the TFTP server 24 Enterprise Device Manager - EDM HELP Screens EDM – MultiLink Trunks Help (example) – NOTE: when you click on Help – the related documentation is TFTP’d to the switch. Help Sub-menu on setting up MLTs 25 Command Line Interface (CLI) Feature overview Serial Console – 9600 – No parity – No flow control – Straight cable – Ctrl Y to start Telnet SSH – Requires ‘secure’ agent image – i.e. 2500_431025s.img 26 Show running-config Enhancements Show and Copy commands - CLI The default behavior of the ‘show running-config’ command has changed: it is now displaying only the CLI commands with nondefault parameters. The new CLI syntax for ‘show running-module’ is: # show running-config [verbose][module {[802.1ab] [aaur] [adac] [arp-inspection] [aur] [banner] [core] [dhcp-relay] [dhcp-snooping] [eap] [interface] [ip] [ip-source-guard] [ipmgr] [ipv6] [l3] [l3-protocols] [lacp] [logging] [mac-security] [mlt] [poe] [port-mirroring] [qos] [rate-limit] [rmon] [rtc] [snmp] [ssh] [ssl] [stack] [stkmon] [stp] [vlacp] [vlan]}] The new CLI syntax for ‘copy running-config’ is: # copy running-config tftp [verbose] [module {[802.1ab] [aaur] [adac] [arp-inspection] [aur] [banner] [core] [dhcp-relay] [dhcp-snooping] [eap] [interface] [ip] [ip-source-guard] [ipmgr] [ipv6] [l3] [l3-protocols] [lacp] [logging] [mac-security] [mlt] [poe] [port-mirroring] [qos] [rate-limit] [rmon] [rtc] [snmp] [ssh] [ssl] [stack] [stkmon] [stp] [vlacp] [vlan]}] [address <XXX.XXX.XXX.XXX>] filename <WORD> Note: optional parameters shown in RED 27 Show running-config Enhancements Usage examples - CLI Display the non-verbose configuration of a switch/stack: # show running-config ! Embedded ASCII Configuration Generator Script ! Model = Ethernet Routing Switch 2526T (Stack Enabled) ! Software version = v4.3.0.073 ! ! Displaying only parameters different to default !================================================ enable configure terminal ! ! *** CORE *** ! ! ! *** SNMP *** ! ! ! *** IP *** ! ! … ! ! *** STACK MONITOR *** ! NOTE: the output above is for a switch/stack reset to default Copy the non-verbose configuration of a switch/stack to a TFTP server: # copy running-config tftp address 10.100.100.1 filename stack.cfg 28 Show running-config Enhancements Usage examples – CLI (cont) Display the non-verbose configuration for the specified applications: #show running-config module mlt stp vlan ! Embedded ASCII Configuration Generator Script ! Model = Ethernet Routing Switch 2526T (Stack Enabled) ! Software version = v4.3.0.073 ! ! Displaying only parameters different to default !================================================ enable configure terminal ! ! *** STP (Phase 1) *** ! ! ! *** VLAN *** ! ! ! *** MLT (Phase 1) *** ! ! ! *** STP (Phase 2) *** ! ! ! *** VLAN Phase 2*** ! ! ! *** MLT (Phase 2) *** ! NOTE: the output above is for a switch/stack reset to default Copy non-verbose configuration for the specified applications to a TFTP server: #copy running-config tftp module mlt stp vlan address 10.100.100.1 filename mlt_stp_vlan.cfg 29 Show running-config Enhancements Usage examples – CLI (cont) Display the verbose configuration of a switch/stack: # show running-config verbose ! Embedded ASCII Configuration Generator Script ! Model = Ethernet Routing Switch 2526T (Stack Enabled) ! Software version = v4.3.0.073 ! ! Displaying all switch parameters !==================================================== enable configure terminal ! ! *** CORE *** ! autosave enable mac-address-table aging-time 300 autotopology sntp server primary address 0.0.0.0 sntp server secondary address 0.0.0.0 … ! ! *** STACK MONITOR *** ! no stack-monitor enable stack-monitor stack-size 2 stack-monitor trap-interval 60 Copy the verbose configuration of a switch/stack to a TFTP server: # copy running-config tftp verbose address 10.100.100.1 filename stack_ver.cfg 30 Show running-config Enhancements Usage examples – CLI (cont) Display the verbose configuration for the specified applications: # show running-config verbose module mlt stp vlan ! Embedded ASCII Configuration Generator Script ! Model = Ethernet Routing Switch 2526T (Stack Enabled) ! Software version = v4.3.0.073 ! ! Displaying all switch parameters !==================================================== enable configure terminal ! ! *** STP (Phase 1) *** ! spanning-tree cost-calc-mode dot1d spanning-tree port-mode auto spanning-tree priority 8000 spanning-tree hello-time 2 spanning-tree forward-time 15 max-age 20 no spanning-tree 802dot1d-port-compliance enable ! ! *** VLAN *** ! vlan ports 1/1-26,2/1-26 tagging unTagAll filter-untagged-frame disable filterunregistered-frames enable priority 0 vlan configcontrol flexible vlan members 1 1/1-26,2/1-26 vlan ports 1/1-26,2/1-26 pvid 1 vlan igmp unknown-mcast-no-flood disable vlan igmp 1 snooping disable … 31 Show running-config Enhancements Usage examples – CLI (cont) … vlan igmp 1 proxy disable robust-value 2 query-interval 125 vlan configcontrol strict auto-pvid ! ! *** MLT (Phase 1) *** ! no mlt mlt 1 name "Trunk #1" disable member NONE mlt 1 learning normal mlt 1 loadbalance basic mlt 2 name "Trunk #2" disable member NONE mlt 2 learning normal mlt 2 loadbalance basic mlt 3 name "Trunk #3" disable member NONE mlt 3 learning normal mlt 3 loadbalance basic mlt 4 name "Trunk #4" disable member NONE mlt 4 learning normal mlt 4 loadbalance basic mlt 5 name "Trunk #5" disable member NONE mlt 5 learning normal mlt 5 loadbalance basic mlt 6 name "Trunk #6" disable member NONE mlt 6 learning normal mlt 6 loadbalance basic ! … 32 Show running-config Enhancements Usage examples – CLI (cont) … ! *** STP (Phase 2) *** ! spanning-tree port-mode normal interface FastEthernet ALL spanning-tree port 1/1-26 learning normal spanning-tree port 2/1-26 learning normal spanning-tree port 1/1-24 cost 10 priority 80 spanning-tree port 1/25-26 cost 1 priority 80 spanning-tree port 2/1-24 cost 10 priority 80 spanning-tree port 2/25-26 cost 1 priority 80 spanning-tree bpdu-filtering port 1/1-26 timeout 120 no spanning-tree bpdu-filtering port 1/1-26 enable spanning-tree bpdu-filtering port 2/1-26 timeout 120 no spanning-tree bpdu-filtering port 2/1-26 enable exit ! ! *** VLAN Phase 2*** ! vlan mgmt 1 ! ! *** MLT (Phase 2) *** ! Copy the verbose configuration for the specified applications to a TFTP server #copy running-config tftp verbose module mlt stp vlan address 10.100.100.1 filename mlt_stp_vlan_ver.cfg 33 Agenda Getting Started Management – EDM and CLI – Configuring management L2- VLANs L3 - Routing QOS Energy Saver 34 Initial Switch/Stack Setup Quick Start ERS2500> enable ERS2500# install Welcome to the 2550T-PWR setup utility. You will be requested for information to initially configure for the switch. When finished the information will be applied and stored in the switch NVRAM. Once the basic parameters are configured, additional configuration can proceed using other management interfaces. Press ^C to abort at any time. ############################################################################### Please Please Please Please Please Please Please Please provide provide provide provide provide provide provide provide the the the the the the the the in-band IP Address[10.16.5.4]: in-band sub-net mask[255.255.255.0]: Default Gateway[10.16.5.254]: Read-Only Community String[**********]: Read-Write Community String[**********]: Quick Start VLAN <1-4094> [5]: in-band IPV6 Address/Prefix_length[::/0]: in-band IPV6 Default Gateway[::]: ############################################################################### Basic switch parameters have now been configured and saved. ############################################################################### 35 Initial Switch/Stack Setup Manual via CLI ERS2500-Rack3# show running-config ! Embedded ASCII Configuration Generator Script ! Model = Ethernet Routing Switch 2550T-PWR ! Software version = v4.3.1.025 ! ! Displaying all switch parameters !==================================================== enable configure terminal ! ! *** IP *** ! ip default-gateway 10.16.5.254 ip address stack 0.0.0.0 ip address switch 10.16.5.4 ip address netmask 255.255.255.0 ! ! *** VLAN *** ! vlan mgmt 5 36 Extended IP Manager Feature Overview IP Manager enables administrators to restrict access to network services such as web, snmp and telnet (for IPv4 & IPv6). The IP Manager function which controls management connectivity to the switch has been extended to support IPv6 and SSH in ERS2500 release v4.3. Example section of IP Manager in ACG: ! *** IP Manager *** ! telnet-access enable snmp-server enable web-server enable ssh-server enable ipmgr telnet ipmgr snmp ipmgr web ipmgr ssh ipmgr source-ip 1 0.0.0.0 mask 0.0.0.0 ipmgr source-ip 2 255.255.255.255 mask 255.255.255.255 … ipmgr source-ip 51 ::/0 ipmgr source-ip 52 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 … NOTE: new options are in RED (‘s’ agent image must be loaded to support ssl) 37 Agenda Getting Started Management L2- VLANs – Creating Vlans – Access or Tag L3 - Routing QOS Energy Saver 38 VLAN Configuration Control* VLAN Config Automatic Control AutoPVID Flexible Strict Operations As you change the vlan the PVID changes accordingly VLAN PVID Set to the Vlan ID (default) As you add a As you add a To change Vlan the Vlan the Vlan the port PVID PVID has to be changes to remains set removed the new vlan to the first from the vlan previous vlan Set to the Set to the Set to the Last Vlan ID First Vlan ID Vlan ID # of VLANs One only Multiple Multiple One Only /Access port *Note: Applies to Untag All and Tag PVID Only ports Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy. Vlan Configuration Control Automatic :– VLAN Membership: Automatically adds an untagged port to a new VLAN and automatically removes it from any previous VLAN membership. – PVID of the port: is automatically changed to the VID of the VLAN it joins. AutoPVID :– When an untagged port is added to a new VLAN, the port is added to the new VLAN and the PVID is assigned to the new VID without removing it from any previous VLAN memberships. Using this option, an untagged port can have membership in multiple VLANs Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy. Vlan Configuration Control Flexible:– Similar to AutoPVID. When this option is used, an untagged port can belong to an unlimited number of VLANs. – Any new additions of an untagged port to a new VLAN does not change the PVID of that port Strict:– The factory default, this selection restricts the addition of an untagged port to a VLAN if it is already a member of another VLAN. – To add an untagged port to a new VLAN, a port must be remove from all other VLANs of which it is a member before adding it to the new VLAN. The PVID of the port is changed to the new VID to which it was added. Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy. Ethernet Ports modes Port Mode # Vlan Tagging Access Depends on Config Ctrl No Tagging Tag All (Trunk) Multiple Tag all Vlans Untag PVID Multiple Tag all Vlans except the PVID (Default vlan) Tag PVID Multiple Tag only the PVID no other Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy. L2 - VLANs Changing VlanConfigControl Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy. 4 L2 - VLANs Create VLAN 44 L2 - VLANs Create VLAN 45 L2 - VLANs Create VLAN 46 L2 - VLANs Removing Ports 47 L2 - VLANs Adding Ports 48 L2 - VLANs Adding Ports 49 L2 - VLANs Apply Changes 50 L2 - VLANs Support for Voice and Data on one port Select and Right Click Port 18-24, Select Edit 51 L2 - VLANs Support for Voice and Data on one port 52 Agenda Getting Started Management L2- VLANs L3 – Routing – IP Interfaces – DHCP Relay QOS Energy Saver 53 IP Local and Static Routing Feature Overview Support up to 256 locally configured routing instances. Provides static route support Supports IP blocking (for different stack failures) Allows the switch to be managed through any IP address that has been assigned to any VLAN interface (not just the management VLAN). – When IP routing is enabled, the existing Switch / Stack IP address is assigned to the management VLAN interface. 54 L3 Routing Enable IP forwarding 55 L3 Routing Adding an IP interface to a VLAN 56 L3 Routing Adding an IP interface to a VLAN 57 L3 Routing Adding an IP interface to a VLAN 58 L3 Routing Adding an IP interface to a VLAN 59 L3 Routing Adding an IP interface to a VLAN 60 L3 Routing Adding an IP interface to a VLAN 61 L3 Routing Adding an IP interface to a VLAN 62 L3 Routing IP Local and static Routing Managing global IP config to enable / disable IP routing (config)# ip routing Enables IP routing globally (config)# no ip routing Disables IP routing globally Managing VLAN IP routing: (config)# interface vlan 7 (config-if)# ip address <IP> <mask> [<mac-offset>] Enables/disables IP routing on a VLAN – Example: (config-if)# ip address 172.16.7.1 255.255.255.0 7 (config-if)# no ip address 172.16.7.1 255.255.255.0 63 L3 Routing IP Local and static Routing Creating a static route: (config)# ip route <IP> <dest-mask> <next-hop> [<cost: 1-65535> | <weight: 165535>] enable – Example: (config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1 ena Change the weight (or cost) of a static route: – Example: (config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1 weight 40 Enable / disable / delete a static route: – Examples: (config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1 enable (config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1 disable (config)# no ip route 0.0.0.0 0.0.0.0 172.16.1.1 NOTE: In order for a static route to become active, the configured next-hop IP address must be reachable. 64 L3 Routing IP Local and Static Routing # show ip routing IP Routing is enabled IP ARP life time is 21600 seconds # show vlan ip ============================================================================== Vid ifIndex Address Mask MacAddress Offset Routing ============================================================================== Primary Interfaces -----------------------------------------------------------------------------1 10001 172.16.1.50 255.255.255.0 00:1D:42:36:EC:40 1 Enabled 3 10003 172.16.3.1 255.255.255.0 00:1D:42:36:EC:42 3 Enabled 4 10004 172.16.4.1 255.255.255.0 00:1D:42:36:EC:43 4 Enabled 5 10005 172.16.5.1 255.255.255.0 00:1D:42:36:EC:44 5 Enabled 6 10006 172.16.6.1 255.255.255.0 00:1D:42:36:EC:45 6 Enabled 7 10007 172.16.7.1 255.255.255.0 00:1D:42:36:EC:46 7 Enabled -----------------------------------------------------------------------------% Total of Primary Interfaces: 6 65 L3 Routing Local and Static Routing # show ip route =============================================================================== Ip Route =============================================================================== DST MASK NEXT COST VLAN PORT PROT TYPE PRF ------------------------------------------------------------------------------0.0.0.0 0.0.0.0 172.16.1.1 40 1 1/1 S IB 5 10.0.0.0 255.0.0.0 172.16.1.1 10 1 1/1 S IB 5 172.16.1.0 255.255.255.0 172.16.1.50 1 1 ---- C DB 0 172.16.3.0 255.255.255.0 172.16.3.1 1 3 ---- C DB 0 172.16.4.0 255.255.255.0 172.16.4.1 1 4 ---- C DB 0 172.16.5.0 255.255.255.0 172.16.5.1 1 5 ---- C DB 0 172.16.6.0 255.255.255.0 172.16.6.1 1 6 ---- C DB 0 172.16.7.0 255.255.255.0 172.16.7.1 1 7 ---- C DB 0 Total Routes: 8 ------------------------------------------------------------------------------TYPE Legend: I=Indirect Route, D=Direct Route, A=Alternative Route, B=Best Route, U=Unresolv ed Route, N=Not in HW 66 L3 Routing IP Routing ARP Management > Create / remove a static ARP entry: (config)# ip arp <IP> <MAC> <unit/port> [vid <1 - 4094>] > Example: (config)# ip arp 172.16.3.10 00:13:60:c2:62:ee 1/3 vid 3 (config)# no ip arp 172.16.3.10 00:13:60:c2:62:ee 1/3 vid 3 > Enable / Disable ARP response per VLAN: > Example: (config-if)# ip arp response (config-if)# no ip arp response > Configuring the ARP Aging time: > Example: (config)# ip arp timeout 720 67 L3 Routing IP Routing ARP Management # show ip arp (or show arp) =============================================================================== IP ARP =============================================================================== IP Address Age (min) MAC Address VLAN-Unit/Port/Trunk Flags ------------------------------------------------------------------------------172.16.3.255 0 ff:ff:ff:ff:ff:ff VLAN#3 LB 172.16.4.255 0 ff:ff:ff:ff:ff:ff VLAN#4 LB 172.16.5.255 0 ff:ff:ff:ff:ff:ff VLAN#5 LB 172.16.6.255 0 ff:ff:ff:ff:ff:ff VLAN#6 LB 172.16.7.255 0 ff:ff:ff:ff:ff:ff VLAN#7 LB 172.16.1.255 0 ff:ff:ff:ff:ff:ff VLAN#1 LB 172.16.1.14 65 00:15:60:c2:62:4d VLAN#1-1/1 D 172.16.1.50 0 00:1d:42:36:ec:40 VLAN#1 L 172.16.3.10 0 00:13:60:c2:62:ee VLAN#3-1/3 S 172.16.3.1 0 00:1d:42:36:ec:42 VLAN#3 L 172.16.4.1 0 00:1d:42:36:ec:43 VLAN#4 L 172.16.5.1 0 00:1d:42:36:ec:44 VLAN#5 L 172.16.6.1 0 00:1d:42:36:ec:45 VLAN#6 L 172.16.7.1 0 00:1d:42:36:ec:46 VLAN#7 L 172.16.1.1 60 00:13:49:4b:04:74 VLAN#1-1/1 D 172.16.3.0 0 ff:ff:ff:ff:ff:ff VLAN#3 LB 172.16.4.0 0 ff:ff:ff:ff:ff:ff VLAN#4 LB 172.16.5.0 0 ff:ff:ff:ff:ff:ff VLAN#5 LB 172.16.6.0 0 ff:ff:ff:ff:ff:ff VLAN#6 LB 172.16.7.0 0 ff:ff:ff:ff:ff:ff VLAN#7 LB 172.16.1.0 0 ff:ff:ff:ff:ff:ff VLAN#1 LB Total ARP entries : 21 ------------------------------------------------------------------------------Flags Legend: S=Static, D=Dynamic, L=Local, B=Broadcast 68 Agenda Getting Started Management L2- VLANs L3 – Routing – IP Interfaces – DHCP Relay QOS Energy Saver 69 L3 Routing BootP/DHCP Relay In order to obtain an IP address a BootP or DHCP client will broadcast the request on the local subnet. When routing is enabled on the VLAN, these broadcasts are not forwarded by the router. This is where the Bootp/DHCP relay is applicable. The relay agent intercepts these Bootp/DHCP requests and forwards then to the specified host or broadcast address on another routed VLAN. Up to 10 DHCP/BootP servers may be identified as destinations to the relay. 70 L3 Routing DHCP Relay 71 L3 Routing DHCP Relay 72 L3 Routing DHCP Relay 73 L3 Routing DHCP Relay config commands Enable / disable DHCP relay globally (config)# ip dhcp-relay fwd-path <agent-ip> <server-ip> <enable|disable> – Example: (config)# ip dhcp-relay fwd-path 172.16.6.1 172.16.4.2 enable (config)# ip dhcp-relay fwd-path 172.16.6.1 172.16.4.2 disable Add / remove a bootp/DHCP server (config)# ip dhcp-relay fwd-path <agent-ip> <server-ip>[mode <bootp | bootp-dhcp | dhcp>] – Example: (config-if)# ip dhcp-relay fwd-path 172.16.6.1 172.16.4.2 mode bootp (config-if)# no ip dhcp-relay fwd-path 172.16.6.1 172.16.4.2 mode bootp IP VLAN DHCP-relay configuration options – Examples: (config)#interface vlan 4 (config-if)#ip dhcp-relay ? broadcast clear-counters min-sec mode 74 enable DHCP relay broadcast on this vlan Clear dhcp-relay counters configure the backup dhcp server minimum wait time dhcp mode L3 Routing DHCP Relay show commands (config)# show ip dhcp-relay DHCP relay is enabled (config)# show ip dhcp-relay fwd-path ============================================================= DHCP ============================================================= INTERFACE SERVER ENABLE MODE ------------------------------------------------------------172.16.3.1 172.16.4.255 TRUE DHCP & BOOTP 172.16.6.1 172.16.4.2 FALSE DHCP & BOOTP (config)# show ip dhcp-relay counters INTERFACE REQUESTS REPLIES ------------------------------------------172.16.1.50 0 0 172.16.7.1 0 0 172.16.6.1 0 0 172.16.5.1 0 0 172.16.4.1 0 0 172.16.3.1 16 4 75 Agenda Getting Started Management L2- VLANs L3 – Routing QOS – IP Interfaces – DHCP Relay Energy Saver 76 Avaya Ethernet Routing Switch 2500/4500 Intelligent Flexibility High Priority Incoming Traffic Medium Priority Normal Priority Low Priority 7 6 5 4 3 2 1 0 Priorities 4 3 Outgoing Traffic 2 1 Hardware Queues DiffServ Code Point (DSCP) classification and prioritization – Prioritizes, marks, remarks, filters and classifies DSCP markings within the IP packet to ensure different applications are prioritized within the switch and the network 802.1p Prioritization – Provides basic traffic prioritization with 8 802.1p priorities 77 Changing the rules with intelligent flexibility Advanced QoS Feature Overview QoS functions supported include: – L2-L4 traffic classification, – filtering (forward/drop), – marking/remarking of DSCP, – Policing/metering and – egress Shaping. QoS configuration fully supported in CLI and EDM (GUI). Advanced QoS support across all current stackable switching families. 78 Advanced QoS QoS Concepts DiffServ and 802.1p are the underlying technology for all QoS configurations. The ERS Series supports the following QoS classes: – Critical and Network classes have the highest priority over all other traffic. – Premium class is an end-to-end service functioning similarly to a virtual leased line. Traffic in this service class is normally guaranteed an agreedupon peak bandwidth. Traffic requiring this service must be shaped at the network boundary in order to undergo a negligible delay and delay variance. This service class is suitable for real-time applications, such as video and voice over IP. The recommended PHB for this service is the Expedited Forwarding (EF) PHB. – Platinum, Gold, Silver, and Bronze classes use the Assured Forwarding (AF) PHB. These classes are used for real-time, delay-tolerant traffic and non-real-time, mission-critical traffic. – Standard class is the best-effort IP service with an additional, optional use of traffic classification that is used at the network boundary to request a better effort treatment for packets that are in-profile (packets that do not break the service agreements between the user & the service provider). 79 Advanced QoS QoS Concepts cont… Port-based Quality of Service: policies are applied directly to individual ports. A port-based Quality of Service environment allows for the more direct application of Quality of Service policies and eliminates the need to group ports together when assigning policies. Role-based Quality of Service: individual ports are first assigned to a role and that role was assigned a policy. A role is a collection of ports defined within the same interface group. They share settings. For example, all ports are defined as untrusted. Port-based and role-based policies can be applied to same port; however the switch administrator is responsible for the proper division of resources across the individual policies. At factory default, ports are assigned to the default interface group (role combination), which is named allQoSPolicyIfcs. 80 Advanced QoS Interface Groups Interface groups are used in the creation of role-based policies. Role-based policies differ from port-based policies in the fact that role- based policies group ports together to apply a common set of rules to them. Each port can belong to only one interface group. When you move a port to another interface group (role combination), the classification elements associated with the previous interface group are removed and the classifications elements associated with the new interface group are installed on the port. At factory default, ports are assigned to the default interface group (role combination), which is named allQoSPolicyIfcs. All ports must be removed from an interface group before it is deleted. An interface group cannot be deleted when it is referenced by a policy. 81 Advanced QoS Interface Types The classifications of trusted, untrusted, and unrestricted actually apply to groups of ports (interface groups). Trusted interfaces — IPv4 traffic received on trusted interfaces is remarked at the layer 2 level, that is, the 802.1p user priority value is updated based on the DSCP value in the packet at ingress and the installed DSCP-to-CoS mapping data. The DSCP value is not updated. Untrusted interfaces — IPv4 traffic received on untrusted interfaces is re-marked at the layer 3 level—that is, the DSCP value is updated. Unrestricted interfaces – Does not change DSCP or 802.1p setting. 82 Advanced QoS QoS Components IP Element L2 Element System Element • IP address type • IP flow identifier • IP source address/mask • IP destination address/mask • IP protocol type/IPv6 next-header • IP DSCP value • IP L4 source port • IP L4 dest port • Source MAC • Destination MAC VLAN ID number • VLAN tag • EtherType • IEEE 802.1p Fully customized classifiers can be created to match non-IP-based traffic, as well as to identify IP-based traffic using non-typical fields in Layers 2, 3, 4, and beyond. Classifier Classifier Blocks Policy 83 Advanced QoS Configuration examples - CLI Single Identification IP Elements - Traffic identification Rules & Classifiers (for Naming rules) Destination Layer 4 Port – DNS # qos ip-element 1 protocol 6 dst-port-min 53 dst-port-max 53 # qos classifier 1 set-id 1 name DNS_DST element-type IP element-id 1 – IPSEC with UDP Wrapper Destination # qos ip-element 3 protocol 17 dst-port-min 10001 dst-port-max 10001 # qos classifier 3 set-id 3 name IPSEC_UDP_DST element-type IP element-id 3 Source Layer 4 Port – SSL # qos ip-element 2 protocol 6 src-port-min 443 src-port-max 443 # qos classifier 2 set-id 2 name SSL_SRC element-type IP element-id 2 Destination IP Address – Specific server # qos ip-element 11 dst-ip 47.153.226.20/32 # qos classifier 11 set-id 11 name HTTP&IP element-type IP element-id 11 84 Advanced QoS Configuration examples - CLI Multiple Identification IP Elements - Traffic identification Rules & Classifiers (for Naming rules) Destination IP Address & Layer 4 Port – Web Traffic to specific server # qos ip-element 11 dst-ip 47.153.226.20/32 protocol 6 dst-port-min 80 dst-port-max 80 # qos classifier 11 set-id 11 name HTTP&IP element-type IP element-id 11 Source IP Address & Layer 4 Port – SSL Traffic from specific server # qos ip-element 12 src-ip 47.153.226.20/32 protocol 6 src-port-min 443 src-port-max 443 # qos classifier 12 set-id 12 name SSL&IP element-type IP element-id 12 Important note on layer 4 port ranges: – Port range specifications are limited due to the way bit masking operates on the switches. – Example: ‘min’ port range set first then becomes the “bit boundary” for the ‘max’ range. If you start the ‘min’ at port 80 (1010000 binary), the next ‘max’ range can be 81 (1010001), or 83 (1010011), or 87 (1010111), or finally - 95 (1011111). IE: bit mask/wildcards are added by column weight upto the first “1” set in the minimum range value. 85 Advanced QoS Configuration examples - CLI Grouping “like” Classifiers and QoS marking per classifier – Destination Layer 4 Port Block # qos classifier-block 11 block-number 10 name L4_DST set-id 11 in-profileaction 6 # qos classifier-block 12 block-number 10 name L4_DST set-id 12 in-profileaction 4 # qos classifier-block 13 block-number 10 name L4_DST set-id 13 in-profileaction 3 – Destination IP Address and Layer 4 port Block # qos classifier-block 11 block-number 10 name L3&L4_DST set-id 11 inprofile-action 6 # qos classifier-block 12 block-number 10 name L3&L4_DST set-id 12 inprofile-action 4 # qos classifier-block 13 block-number 10 name L3&L4_DST set-id 13 inprofile-action 3 86 Advanced QoS Configuration examples - CLI Applying Classifiers to Interface groups – InBound Destination IP Address and Layer 4 Port Block # qos policy 10 name IN_L3&L4_DST if-group SGS clfr-type block clfr-name L3&L4_DST precedence 10 – OutBound Source IP Address and Layer 4 Port Block # qos policy 11 name OUT_L3&L4_SRC if-group SGS clfr-type block clfr-name L3&L4_SRC precedence 11 87 Advanced QoS Additional Commands - CLI Removing Rules - Remove in reverse order # # # # no no no no qos qos qos qos policy 17 classifier-block 17 classifier 17 ip-element 17 Showing QoS information # # # # show show show show qos qos qos qos ip-element classifier classifier-blocks policy 88 Advanced QoS QoS Configuration – EDM EDM ‘QoS Devices’ Screen – Queues, Interface groups / ID’s, 802.1p & DSCP Mapping, Meters and Shapers. 89 Advanced QoS QoS Configuration – EDM EDM ‘QoS Rules’ Screen – IP, L2 & System Classifier Elements, Classifiers and Classifier Blocks. Click “Insert” to add a L2 Classifier Element 90 Advanced QoS QoS Configuration – EDM EDM ‘QoS’ Screen – Actions, Meters, Shapers and Policies. Pre-defined QoS Actions and service classes 91 Agenda Getting Started Management L2- VLANs L3 – Routing QOS Energy Saver 92 Energy Saver POE – Access Ports Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy. Energy Saver POE – Access Ports Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy. Energy Saver Energy Saver – Access Ports Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy. Energy Saver Energy Saver – Access Ports Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy. Energy Saver Energy Saver – Access Ports Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy. Q&A 98 Thank you Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy. 99