DmSwitch3000_Exemplos de Configuracion via CLI

Indice

1. Roteiro Roteiro para atualização atualização de firmware firmware ............ .................. ............ ............ ............ ............ .......... 2

1.1. Upload de Firmware via CLI ................................. .................................................. .................................. ................................. ................ 2 1.2. Upload de firmware firmware via via Web ................................ ................................................. .................................. ................................. ................ 2

2. Configurações iniciais.................................................................... 3

2.1. Geral................. Geral .................................. .................................. .................................. .................................. .................................. ................................. ................ 3 2.2. Clock........................................ Clock......................................................... .................................. .................................. .................................. ........................... .......... 3 2.2.1. SNTP..............................................................................................................................................3 2.2.2. Manual............................................................................................................................................3

3. Gerenciamento.............................................................................. Gerenciamento .............................................................................. 4

3.1. Arquivos de Configuração Configuração ................................. .................................................. .................................. ................................... .................... 4 3.2. Atualização Atualização de Firmware Firmware............... ................................ .................................. ................................... ................................... ..................... .... 4 3.3. Configuração Configuração IP .................................. ................................................... .................................. .................................. ................................. ................ 5 3.3.1. Static...............................................................................................................................................5 3.3.2. DHCP ........................................................... ....................................................................................................................... ..................................................................................5 ......................5

3.4. SNMP/Traps SNMP/Traps Manager................... Manager.................................... .................................. ................................... ................................... ..................... .... 5 3.5. SSH ................................ ................................................. .................................. .................................. .................................. .................................. ..................... 5 3.6. Usuário local ................................. .................................................. .................................. ................................... ................................... ..................... .... 5 3.7. Servidor Servidor Radius..................... Radius...................................... .................................. .................................. .................................. .............................. ............. 5 3.8. ACLs................. ACLs .................................. .................................. .................................. .................................. .................................. ................................. ................ 5 3.9. 802.1x ................................ ................................................. .................................. .................................. .................................. ................................. ................ 6

4. Interface Interface ............ .................. ............ ............ ............. ............. ............ ............ ............ ............ ............ ............ ............ ......... ... 6

4.1. Speed / Duplex / Autonegotiation Autonegotiation .................................. ................................................... .................................. ........................ ....... 6 4.2. Storm Control ................................ ................................................. .................................. ................................... ................................... ..................... .... 7 4.3. Rate Limit................................... Limit..................................................... ................................... .................................. .................................. ........................ ....... 7 4.4. Security Security................ ................................. .................................. .................................. .................................. .................................. .............................. ............. 7

5. Layer 2 ............ .................. ............ ............ ............. ............. ............ ............ ............ ............ ............ ............ ............ ........... ..... 7

5.1. Link Aggregation Aggregation ................................. .................................................. .................................. .................................. ................................. ................ 7 5.1.1. Static PortChannel..........................................................................................................................7 5.1.2. LACP .................................................. .............................................................................................................. ............................................................................................8 ................................8

5.2. xSTP................. xSTP .................................. .................................. .................................. .................................. .................................. ................................. ................ 8 5.3. EAPS ................................. .................................................. .................................. .................................. .................................. ................................. ................ 9 5.4. VLAN ................................. .................................................. .................................. .................................. .................................. ............................... .............. 10 5.4.1. Static.............................................................................................................................................10 5.4.2. GVRP ........................................................... ....................................................................................................................... ................................................................................10 ....................10 5.4.3. Q-in-Q...........................................................................................................................................11

5.5. L2 Address Address Table ................................ ................................................. .................................. .................................. ............................... .............. 11 5.5.1. Static Address ........................................................ ................................................................................................................... ......................................................................11 ...........11 5.5.2. Address Aging ........................................................ ................................................................................................................... ......................................................................11 ...........11

5.6. Monitor Monitor................. .................................. .................................. .................................. .................................. .................................. ............................ ........... 11 5.7. Protocol Tunneling Tunneling ................................. .................................................. .................................. .................................. ............................ ........... 11

6. layer layer 3 ............ .................. ............ ............ ............. ............. ............ ............ ............ ............ ............ ............ ............ .......... .... 12

6.1. IGMP............................ IGMP............................................. .................................. .................................. ................................... ................................... ..................... 12

7. Batch ........................................................................................... 12 8. CoS ............................................................................................. 12 9. Filters Filters ............ .................. ............ ............ ............. ............. ............ ............ ............ ............ ............ ............ ............ ........... ..... 13 10. Roteiro Roteiro de testes testes ............ ................... ............. ............ ............ ............ ............ ............ ............ ............ ............ ...... 13

10.1. EAPS .................................. ................................................... .................................. .................................. .................................. ............................ ........... 13 10.2. VLAN.................... VLAN...................................... ................................... .................................. .................................. .................................. ......................... ........ 16 10.3. Resiliênci Resiliência........................... a............................................ .................................. .................................. .................................. ............................ ........... 17 10.4. Q-in-Q Q-in-Q ................................. .................................................. .................................. .................................. .................................. ............................ ........... 18 10.5. Port Security....... Security........................ .................................. .................................. .................................. .................................. ............................ ........... 18 DmSwitch

1

1. ROTEIRO PARA ATUALIZAÇÃO DE FIRMWARE 1.1. Upload de Firmware via CLI A atualização de firmware deve ser realizada através de um servidor TFTP. Caso seja necessário instalar este serviço no seu computador, recomendamos a utilização do PumpKin (http://www.klever.net/kin/canned/PumpKIN.exe (http://www.klever.net/kin/canned/PumpKIN.exe). ). Supondo que o endereço IP do servidor TFTP TFTP seja 192.168.0.1 e o nome do arquivo de firmware firmware seja 0201.im, o exemplo abaixo mostra como realizar o upload do firmware via CLI. O arquivo será armazenado em uma posição diferente daquela que está sendo usada pelo firmware corrente. O novo firmware será configurado como startup firmware, significa que após o reboot do equipamento, o novo firmware será o firmware corrente. Por default, o endereço IP do DmSwitch é 192.168.0.25/24 # # # # # # # # # # # # # # # # # #

DmSwitch3000#copy tftp 192.168.0.1 0201.im firmware DmSwitch3000#show firmware Running firmware: Firmware version: 2.0-pre Stack version: 1 Compile date: Mon Mar 20 14:37:18 UTC 2006 Flash ID 1 2

firmware: Version 2.0-pre 2.0-pre

Date 20/02/2006 11:37:27 20/03/2006 11:37:27

Flag R S

Size 7148432 7148432

Flags: R - Running firmware. S - To be used upon next startup. E - Empty/Error DmSwitch3000#reboot

1.2. Upload de firmware via Web A partir da versão 2 de firmware do DmSwtich, a atualização pode ser feita via Web. A figura abaixo mostra a tela do browser onde é realizado o upload do arquivo de firmware.

DmSwitch

2

2. CONFIGURAÇÕES INICIAIS 2.1. Geral # # # #

DmSwitch3000#configure DmSwitch3000(config)#hostname SWA SWA(config)#ip snmp-server location DATACOM SWA(config)#ip snmp-server contact Suporte

2.2. Clock 2.2.1. SNTP # # # # # # # # # # # # # # #

SWA(config)#sntp client SWA(config)#sntp poll 3600 SWA(config)#sntp server 200.20.186.75 SWA(config)#clock timezone Brasilia -3 SWA(config)#show sntp Current time: Fri Mar 31 11:34:37 2006 SNTP Status: enabled SNTP poll interval: 3600 SNTP server 1: 200.20.186.75 Last successful update: 14 m, 36 s ago. Server used: 200.20.186.75 Next attempt: in 45 m, 24 s.

2.2.2. Manual # # # # # # #

SWA#clock set 10:44:30 18 05 2006 SWA#sh clock Thu May 18 10:44:38 2006 Timezone is BRASILIA -0300

DmSwitch

3

3. GERENCIAMENTO 3.1. Arquivos de Configuração # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

SWA#copy SWA#copy SWA#copy SWA#copy SWA#show

default-config running-config running-config tftp 192.168.0.229 Minima.bin tftp 192.168.0.229 Minima.bin flash-config 1 running-config startup-config 2 config_teste flash

BootLoader version: 1.1.2-1 Flash ID 1 2


Date 20/02/2006 10:15:00 20/03/2006 11:37:27

Flags

Flash ID 1 2 3 4

config: Name Minima.bin config_teste

Date 31/03/2006 14:06:58 03/04/2006 09:50:15

Flags

RS

S E E

Size 7148432 7148432 Size 596 596

Flags: R - Running firmware. S - To be used upon next startup. E - Empty/Error SWA#select firmware 1 swA#select Startup-config 1 SWA#show flash BootLoader version: 1.1.2-1 Flash ID 1 2


Date 20/02/2006 10:15:00 20/03/2006 11:37:27

Flags S R

Size 7148432 7148432

Flash ID 1 2 3 4

config: Name Minima.bin config_teste

Date 31/03/2006 14:06:58 03/04/2006 09:50:15

Flags S

Size 596 596

E E

Flags: R - Running firmware. S - To be used upon next startup. E - Empty/Error

3.2. Atualização de Firmware # # # # # # # # # # # # # # # # #

SWA#copy tftp 192.168.0.229 0201.bin firmware SWA#show firmware Running firmware: Firmware version: 2.0-pre Stack version: 1 Compile date: Mon Mar 20 14:37:18 UTC 2006 Flash ID 1 2


Date 20/02/2006 10:15:00 20/03/2006 11:37:27

Flag R S

Size 7148432 7148432

Flags: R - Running firmware. S - To be used upon next startup. E - Empty/Error

DmSwitch

4

#

SWA#reboot

3.3. Configuração IP 3.3.1. Static # # # #

SWA(config)#ip default-gateway 192.168.0.1 SWA(config)#ip dns-server 192.168.0.254 SWA(config)#interface vlan 1 SWA(config-if-vlan-1)#ip address 192.168.0.241/24

3.3.2. DHCP # # # #

SWA(config)#ip default-gateway 192.168.0.1 SWA(config)#interface vlan 1 SWA(config-if-vlan-1)#ip address dhcp

3.4. SNMP/Traps Manager # # # # # # # # # # # #

SWA(config)#ip snmp-server community private rw SWA(config)#ip snmp-server host 192.168.0.229 private version 2c SWA(config)#show ip snmp-server SNMP status: Enable SNMP Community: public(Read-Only) private(Read/Write) Trap Manager: IP 192.168.0.229

COMMUNITY private

VERSION 2c

3.5. SSH # # # # # # # #

SWA(config)#ip ssh host-key generate rsa Generating rsa keys... Fingerprint: ... SWA(config)#ip ssh host-key generate dsa Generating rsa keys... Fingerprint: ... SWA(config)#fetch tftp public-key 192.168.0.229 PublicKey.bin admin SWA(config)#ip ssh server

3.6. Usuário local # # #

SWA(config)#username operador access-level 0 SWA(config)#username operador password 7 ********

3.7. Servidor Radius # # # # # # # # # # # # # # # #

SWA(config)#authentication login local radius SWA(config)#radius-server key ******** SWA(config)#radius-server host 1 address 192.168.0.229 SWA(config)#show radius-server RADIUS authentication configuration: Default Key: ******** Default Port: 1812 Timeout: 5 Retries: 2 Host 1: Address: 192.168.0.229 Host 2: Host 3: Host 4: Host 5:

3.8. ACLs # #

SWA(config)#management all-client 192.168.0.0/24 SWA(config)#management http-client 192.168.0.229/32

DmSwitch

5

# #

3.9. 802.1x # # # #

SWA(config)#dot1x system-auth-control SWA(config)#interface ethernet 1 SWA(config-if-eth-1/1)#dot1x port-control auto SWA(config-if-eth-1/1)#dot1x re-authentication

4. INTERFACE 4.1. Speed / Duplex / Autonegotiation # # # # # # # # # # # # # # # # # # # # # # #

SWA(config)#interface ethernet 1 SWA(config-if-eth-1/1)#speed-duplex 100full SWA(config-if-eth-1/1)#no negotiation SWA(config-if-eth-1/1)#mdix force-auto SWA(config-if-eth-1/1)#show interfaces status ethernet 1 Information of Eth 1/1 Basic information: Port type: 100TX MAC address: 00:04:DF:00:08:2D Configuration: Name: Port admin: Up Speed-duplex: 100M full Capabilities: 10M half, 10M full, 100M half, 100M full Flow-control: Disabled MDIX: Force-Auto LACP: Disabled Current status: Link status: Up Operation speed-duplex: 100M full Flow control: Disabled MDIX: Normal

# # # # # # # # # # # # # # # # # # # # # # # # #

SWA(config-if-eth-1/1)#show interfaces table configuration Port Link Auto Speed Duplex Flow Port State Status Neg Cfg Actual Cfg Actual Ctrl Pvid ================================================================================ 1/ 1 ENABLE DOWN OFF 100 FULL FULL NONE 100 1/ 2 ENABLE DOWN ON 100 AUTO HALF NONE 100 1/ 3 ENABLE DOWN ON 100 AUTO HALF NONE 200 1/ 4 ENABLE UP ON 100 100 AUTO FULL NONE 200 1/ 5 ENABLE DOWN ON 100 AUTO HALF NONE 1 1/ 6 ENABLE DOWN ON 100 AUTO HALF NONE 1 1/ 7 ENABLE UP ON 100 100 AUTO FULL NONE 1 1/ 8 ENABLE DOWN ON 100 AUTO HALF NONE 1 1/ 9 ENABLE DOWN ON 100 AUTO HALF NONE 1 1/10 ENABLE UP ON 100 100 AUTO FULL NONE 1 1/11 ENABLE DOWN ON 100 AUTO HALF NONE 1 1/12 ENABLE DOWN ON 100 AUTO HALF NONE 1 1/13 ENABLE DOWN ON 100 AUTO HALF NONE 1 1/14 ENABLE DOWN ON 100 AUTO HALF NONE 1 1/15 ENABLE DOWN ON 100 AUTO HALF NONE 1 1/16 ENABLE DOWN ON 100 AUTO HALF NONE 1 1/17 ENABLE DOWN ON 100 AUTO HALF NONE 1 1/18 ENABLE DOWN ON 100 AUTO HALF NONE 1 1/19 ENABLE DOWN ON 100 AUTO HALF NONE 1 ================================================================================ spacebar->toggle screen U->page up D->page down ESC->exit

DmSwitch

6

4.2. Storm Control # # # # #

SWA(config)#interface ethernet 1 SWA(config-if-eth-1/1)#switchport storm-control broadcast pps 100 SWA(config-if-eth-1/1)#switchport storm-control multicast pps 200 SWA(config-if-eth-1/1)#switchport storm-control unicast pps 300

4.3. Rate Limit # # # # # # # # # # # # # # # # # # # # # # # #

SWA(config)#interface ethernet 1 SWA(config-if-eth-1/1)#rate-limit input rate 512 burst 32 SWA(config-if-eth-1/1)#rate-limit output rate 1024 burst 32 SWA(config-if-eth-1/1)#show interfaces switchport ethernet 1 Information of Eth 1/1 Broadcast threshold: Enabled, 500 packets/second Multicast threshold: Enabled, 500 packets/second Unknown-unicast threshold: Enabled, 500 packets/second MTU: 9198 bytes Ingress rate limit: Enabled, 512kbps, 32KB burst Egress rate limit: Enabled, 1024kbps, 32KB burst Ingress Rule: Disabled Acceptable frame type: All frames Native VLAN: 2 Priority for untagged traffic: 0 GVRP status: Disabled Protocol VLAN: Allowed VLAN: 1(s,u), 2(s,u) Forbidden VLAN: QinQ mode: External TPID: 0x8100 MAC addresses maximum: Disabled

4.4. Security # #

SWA(config)#interface ethernet 1 SWA(config-if-eth-1/1)#switchport port-security maximum 15

5. LAYER 2 5.1. Link Aggregation 5.1.1. Static PortChannel # # # # # # # # # # # # # # # # # # # # #

SWA(config)#interface port-channel 1 SWA(config-if-port-ch-1)#load-balance src-dst-ip SWA(config-if-port-ch-1)#set-member ethernet range 25 26 SWA(config-if-port-ch-1)#interface port-channel 2 SWA(config-if-port-ch-2)#set-member ethernet range 27 28 SWA(config-if-port-ch-2)#show interface status port-channel 1 Information of Port-Channel 1 Basic information: Port type: 1000T MAC address: 00:04:DF:00:08:D5 Configuration: Name: Port admin: Up Speed-duplex: Auto Capabilities: 10M half, 10M full, 100M half, 100M full, 1000M full Flow-control: Disabled MDIX: Auto Current status: Created by: User Link status: up Members: Eth1/25

DmSwitch

7

# # # # # # # # # # # # # # # # # # # # #

Eth1/26 SWA(config-if-port-ch-2)#show interface status port-channel 2 Information of Port-Channel 2 Basic information: Port type: 1000T MAC address: 00:04:DF:00:08:D6 Configuration: Name: Port admin: Up Speed-duplex: Auto Capabilities: 10M half, 10M full, 100M half, 100M full, 1000M full Flow-control: Disabled MDIX: Auto Current status: Created by: User Link status: up Members: Eth1/27 Eth1/28

5.1.2. LACP # # # # # # # # # # # # # # # # # # # # # # # # # # #

SWA(config)#interface ethernet range 25 26 SWA(config-if-eth-1/25-to-1/26)#lacp actor admin-key 1 SWA(config-if-eth-1/25-to-1/26)#interface ethernet range 27 28 SWA(config-if-eth-1/27-to-1/28)#lacp actor admin-key 2 SWA(config-if-eth-1/27-to-1/28)#show lacp internal Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs A - Device is in Active Mode P - Device is in Passive Mode Port state: A - LACP_Activity T - LACP_Timeout S - Synchronization D - Distributing

G - Aggregation C - Collecting

E - Expired F - Defaulted

Aggregator id 1 (channel-group 1) Port eth 1/25 eth 1/26

Flags SA SA

LACP port Priority 32768 32768

Admin Key 0x100 0x100

Oper Key 0x101 0x101

Port State AGSCD AGSCD

Oper Key 0x101 0x101

Port State AGSCD AGSCD

Aggregator id 2 (channel-group 2) Port eth 1/27 eth 1/28

Flags SA SA

LACP port Priority 32768 32768

Admin Key 0x100 0x100

5.2. xSTP # # # # # # # # # # # # # # # # # # # # # #

SWA(config)#spanning-tree 1 priority 4096 SWA(config)#interface ethernet 1/1 SWA(config-if-eth-1/1)#spanning-tree edge-port SWA(config-if-eth-1/1)#show spanning-tree 1 Spanning-tree 1 information --------------------------------------------------------------Spanning tree mode: RSTP Spanning tree state: Enabled Priority: 4097 (4096 + 1) Bridge Hello Time (sec.): 2 Bridge Max Age (sec.): 20 Bridge Forward Delay (sec.): 15 Root Hello Time (sec.): 2 Root Max Age (sec.): 20 Root Forward Delay (sec.): 15 Designated Root: 1.0004df0008bc Current root port: 257 Current root cost: 20000 Number of topology changes: 42 Last topology changes time (sec.) 105 Members: VLAN 1 ---------------------------------------------------------------

DmSwitch

8

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

Eth 1/ 1 information --------------------------------------------------------------STA admin state: Enabled Role: Disabled --More-SWA(config-if-eth-1/1)#show spanning-tree 1 port-channel 1 Port-Channel 1 information --------------------------------------------------------------STA admin state: Enabled Role: Root State: Forwarding Path cost: 20000 Priority: 128 Designated cost: 0 Designated port: 128.257 Designated Root: 1.0004df0008bc Designated Bridge: 1.0004df0008bc Admin edge port: Disabled Admin Link type: auto Oper edge port: Disabled Oper Link type: point-to-point SWA(config-if-eth-1/1)#show spanning-tree 1 port-channel 2 Port-Channel 2 information --------------------------------------------------------------STA admin state: Enabled Role: Alternate State: Discarding Path cost: 20000 Priority: 128 Designated cost: 0 Designated port: 128.258 Designated Root: 1.0004df0008bc Designated Bridge: 1.0004df0008bc Admin edge port: Disabled Admin Link type: auto Oper edge port: Disabled Oper Link type: point-to-point

5.3. EAPS # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

SWA(config)#interface vlan range 4093 4094 SWA(config-if-vlan-4094)#set-member tagged ethernet range 25 26 SWA(config-if-vlan-4094)#exit SWA(config)# SWA(config)#no spanning-tree 1 SWA(config)# SWA(config)#eaps SWA(config)#eaps DM1 SWA(config)#eaps DM1 mode master SWA(config)#eaps DM1 port primary ethernet 25 SWA(config)#eaps DM1 port secondary ethernet 26 SWA(config)#eaps DM1 control-vlan id 4093 SWA(config)#eaps DM1 protected-vlans id range 2 2048 SWA(config)#eaps DM1 enable SWA(config)# SWA(config)#eaps DM2 SWA(config)#eaps DM2 port primary ethernet 26 SWA(config)#eaps DM2 port secondary ethernet 25 SWA(config)#eaps DM2 control-vlan id 4094 SWA(config)#eaps DM2 protected-vlans id range 2049 4092 SWA(config)#eaps DM2 enable SWA(config)#show eaps detail EAPS Enabled:

Yes

Domain Name: State: Enabled: Hello Timer interval: Fail Timer interval: Pre-forwarding Timer:

DM1 Complete Yes 1 sec 3 sec 6 sec (learned)

DmSwitch

Mode:

Master

Remaining:

0 sec

9

# # # # # # # # # # # # # # # # #

Last update from: Primary port: Secondary port: Control VLAN ID: Protected VLANs IDs:

(none) Eth1/25 Eth1/26 4093 2-2048

Domain Name: State: Enabled: Hello Timer interval: Fail Timer interval: Pre-forwarding Timer: Last update from: Primary port: Secondary port: Control VLAN ID: Protected VLANs IDs:

DM2 Links-Up Yes 1 sec 3 sec 6 sec (learned) (none) Eth1/26 Eth1/25 4094 2049-4092

Port status: Up Port status: Blocked

Mode:

Transit

Remaining:

0 sec

Port status: Up Port status: Up

5.4. VLAN 5.4.1. Static # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

SWA(config)interface vlan 2 SWA(config-if-vlan-2)#name contabilidade SWA(config-if-vlan-2)#ip address 192.168.2.241/24 SWA(config-if-vlan-2)#set-member untagged ethernet 1 SWA(config-if-vlan-2)#set-member tagged port-channel 1 SWA(config-if-vlan-2)#set-member tagged port-channel 2 SWA(config-if-vlan-2)#interface ethernet 1 SWA(config-if-eth-1/1)#switchport native vlan 2 SWA(config-if-eth-1/1)#switchport ingress-filtering SWA(config-if-eth-1/1)#interface port-channel 1 SWA(config-if-port-ch-1)#switchport acceptable-frame-types tagged SWA(config-if-port-ch-1)#switchport ingress-filtering SWA(config-if-port-ch-1)#interface port-channel 2 SWA(config-if-port-ch-2)#switchport acceptable-frame-types tagged SWA(config-if-port-ch-2)#switchport ingress-filtering SWA(config-if-port-ch-2)#exit SWA(config)#spanning-tree 1 vlan 2 SWA(config)#show vlan table Membership:

(u)ntagged, (t)agged, (d)ynamic, (f)orbidden uppercase indicates port-channel member

VLAN 1 [DefaultVlan]: static, active Unit 1

2 u u 1

4 u u 3

6 u u 5

8 10 12 14 16 18 20 22 24 26 28 u u u u u u u u u U U u u u u u u u u u U U 7 9 11 13 15 17 19 21 23 25 27

VLAN 2 [contabilidade]: static, active Unit 1

2 . u 1

4 . . 3

6 . . 5

8 10 12 14 16 18 20 22 24 26 28 . . . . . . . . . T T . . . . . . . . . T T 7 9 11 13 15 17 19 21 23 25 27

SWA(config)#show vlan name contabilidade VLAN: 2 [contabilidade] Type: Static Status: Active IP Address: 192.168.2.241/24 Aging-time: 300 sec. MAC maximum: Disabled Members: Eth1/1 (static, untagged) Port-Channel01 (static, tagged) Port-Channel02 (static, tagged)

5.4.2. GVRP # #

SWA(config)#bridge-ext gvrp SWA(config)#interface port-channel 1

DmSwitch

10

# # #

SWA(config-if-port-ch-1)#switchport gvrp SWA(config-if-port-ch-1)#interface port-channel 2 SWA(config-if-port-ch-2)#switchport gvrp

5.4.3. Q-in-Q # # #

SWA(config)#vlan qinq SWA(config)#interface ethernet 1 SWA(config-if-eth-1/1)#switchport qinq internal

5.5. L2 Address Table 5.5.1. Static Address # # # # # # # #

SWA(config)#mac-address-table static 00-01-02-03-04-05 ethernet 1/1 vlan 1 SWA(config)#show mac-address-table Total MAC Addresses for this criterion: 2 Unit ---1 1

Interface --------Eth 1/ 1 Eth 1/18

MAC Address ----------------00-01-02-03-04-05 00-0f-b0-57-8d-ef

VLAN ---1 1

Type --------Static Learned

5.5.2. Address Aging # # # # #

SWA(config)#mac-address-table aging-time mode global SWA(config)#mac-address-table aging-time 60 SWA(config)#show mac-address-table aging-time Aging mode: global. Global aging time: 60 sec.

5.6. Monitor # # # # # # # # # #

SWA(config)#monitor destination 10 SWA(config)#monitor preserve-format SWA(config)#interface ethernet 1/1 SWA(config-if-eth-1/1)#monitor source rx SWA(config)#show monitor Traffic Monitor ------------------------------------------Preserve format: Enabled Destination port: Eth1/10 Source ports: Eth1/1 (Rx)

5.7. Protocol Tunneling # # # # #

SWA(config)#l2protocol-tunnel dest-mac-address 01-04-df-cd-cd-cd SWA(config)#interface ethernet range 1 2 SWA(config-if-eth-1/1-to-1/2)#l2protocol-tunnel cdp SWA(config-if-eth-1/1-to-1/2)#l2protocol-tunnel stp SWA(config-if-eth-1/1-to-1/2)#l2protocol-tunnel vtp

# # # # # # # # # # # # # #

SWA(config-if-eth-1/1-to-1/2)#show l2protocol-tunnel Destination MAC address: 01-04-df-cd-cd-cd Eth 1/1 CDP packets tunneling: STP packets tunneling: VTP packets tunneling: PVST packets tunneling:

Enabled Enabled Enabled Disabled

Eth 1/2 CDP packets tunneling: STP packets tunneling: VTP packets tunneling: PVST packets tunneling:

Enabled Enabled Enabled Disabled

DmSwitch

11

# # # # # # # # # #

Eth 1/3 CDP packets tunneling: STP packets tunneling: VTP packets tunneling: PVST packets tunneling:

Disabled Disabled Disabled Disabled

Eth 1/4 CDP packets tunneling: --More—

Disabled

6. LAYER 3 6.1. IGMP # # #

SWA(config)#ip igmp snooping SWA(config)#ip igmp snooping querier SWA(config)#ip igmp snooping ip 192.168.10.1

7. BATCH # # # # # # # # # # # # # # # # # # # # # #

SWA(config)#batch new 1 SWA(config)#batch 1 start-session Batch-1#configure Batch-1(config)#interface ethernet 1 Batch-1(config-if-eth-1/1)#rate-limit input rate 64 burst 32 Batch-1(config-if-eth-1/1)#rate-limit output rate 64 burst 32 Batch-1(config-if-eth-1/1)#exit Batch-1(config)#batch term-session Save typed commands? y SWA(config)#batch 1 disable SWA(config)#batch 1 date min 00 hour 23 SWA(config)#show batch Batch 1: disable Date : min 00 hour 23 day-of-month all month all day-of-week all Commands List: configure interface ethernet 1 rate-limit input rate 64 burst 32 rate-limit output rate 64 burst 32 exit SWA(config)#

8. CoS # # # # # # # #

SWA(config)#queue sched-mode wfq unit 1 ethernet all min-bw 64 128 256 512 1024 sp sp sp SWA(config)#queue max-bw 10048 10048 10048 10048 10048 100048 100048 100048 ethernet all SWA(config)#sho queue config ethernet 1 --------------------------------------------------------Port Queue Mode Max-Bw Min-Bw Weight SP-Queue --------------------------------------------------------1/ 1 0 WFQ 10048 64 -NO 1/ 1 1 WFQ 10048 128 -NO

DmSwitch

12

# # # # # # # #

1/ 1 2 WFQ 10048 256 -NO 1/ 1 3 WFQ 10048 512 -NO 1/ 1 4 WFQ 10048 1024 -NO 1/ 1 5 WFQ unlimit -------YES 1/ 1 6 WFQ unlimit -------YES 1/ 1 7 WFQ unlimit -------YES --------------------------------------------------------SWA(config)#

9. FILTERS # # # # # # # # # # # # # # # # # # # # # # # # # #

SWA(config)#filter new remark prioridade action 802.1p-from-tos SWA(config)# SWA(config)#filter new remark bloqueio_web match destination-port 80 match vlan 100 ingress ethernet range 1 24 action egress-block ethernet range 25 28 SWA(config)# SWA(config)#filter new action 802.1p 7 action vlan 200 match vlan 100 match dscp 46 ingress ethernet range 1 24 disable SWA(config)# SWA(config)#show filter Filter 1 (prioridade): enabled, priority 8 Actions: 802.1p-from-tos Matches: All packets Ingress: Filter 2 (bloqueio_web): enabled, priority 8 Actions: egress-block Eth1/25 to Eth1/28 Matches: vlan 100 destination-port 80 Ingress: Eth1/1 to Eth1/24 Filter 3: disabled, priority 8 Actions: 802.1p 7 vlan 200 Matches: vlan 100 dscp 46 Ingress: Eth1/1 to Eth1/24 SWA(config)#

10.ROTEIRO DE TESTES 10.1. EAPS A partir da configuração default, habilitar EAPS nos 3 SWs. Criar 2 domínios distintos DM1 e DM2. Configurar SWA como master, SWB e SWC como transit (default) nos 2 domínios. # # # # # # # # #

swabc(config)#no spanning-tree 1 vlan all swabc(config)#no spanning-tree 1 swabc(config)#eaps swabc(config)#eaps DM1 swa(config)#eaps DM1 mode master swabc(config)#eaps DM1 enable swabc(config)#eaps DM2 swa(config)#eaps DM2 mode master swabc(config)#eaps DM2 enable

DmSwitch

13

Configurar em cada SW para o DM1 a porta 25 como primary e a porta 26 como secondary. No domínio DM2 configurar a porta 26 como primary e a 25 como secondary. Isso faz com que ocorra balanceamento de carga. # # # #

swabc(config)#eaps swabc(config)#eaps swabc(config)#eaps swabc(config)#eaps

DM1 DM1 DM2 DM2

port port port port

primary ethernet 1/25 secondary ethernet 1/26 primary ethernet 1/26 secondary ethernet 1/25

Nos SWs A, B e C criar as VLANs de 2 até 200. As VLANs 2 e 200 com nomes Suporte e P&D respectivamente. Adicionar um IP nestas duas VLANs para gerência em cada SW. # # # # # # # # # # #

swabc(config)#interface vlan range 2 200 swabc(config-if-vlan-2-to-200)#interface vlan 2 swabc(config-if-vlan-2)#name suporte swa(config-if-vlan-2)#ip address 192.168.2.1/24 swb(config-if-vlan-2)#ip address 192.168.2.2/24 swc(config-if-vlan-2)#ip address 192.168.2.3/24 swabc(config-if-vlan-2)#interface vlan 200 swabc(config-if-vlan-200)#name P&D swa(config-if-vlan-200)#ip address 192.168.200.1/24 swb(config-if-vlan-200)#ip address 192.168.200.2/24 swc(config-if-vlan-200)#ip address 192.168.200.3/24

Configurar VLAN de controle id 1001 para DM1 e id 1002 para DM2 . Para o domínio DM1 a protected VLAN deve ser de 1 a 100 e para DM2 a protected VLAN deve ser de 101 a 200. # # # # # #

swabc(config)#interface vlan range 1001 1002 swabc(config-if-vlan-1002)#exit swabc(config)#eaps DM1 control-vlan id 1001 swabc(config)#eaps DM1 protected-vlans id range 1 100 swabc(config)#eaps DM2 control-vlan id 1002 swabc(config)#eaps DM2 protected-vlans id range 101 200

Configurar nos SWs as portas 23 a 28 como tagged nas VLANs de 2 a 200, 1001 e 1002 e Acceptable frame type tagged. # # # # # #

swabc(config)#interface vlan range 2 200 swabc(config-if-vlan-2-to-200)#set-member tagged ethernet range 1/23 1/28 swabc(config-if-vlan-2-to-200)#interface vlan range 1001 1002 swabc(config-if-vlan-1001-to-1002)#set-member tagged ethernet range 1/23 1/28 swabc(config-if-vlan-1001-to-1002)#interface ethernet range 1/23 1/28 swabc(config-if-eth-1/23-to-1/28)#switchport acceptable-frame-types tagged

No SWA configurar a porta 2 como tagged nas VLAN 2 e 200. Nos SWs B e C, configurar na porta 2 acesso VLAN 2 e na porta 20 acesso VLAN 200 # # # # # # # # # # #

swabc(config)#interface vlan 2 swa(config-if-vlan-2)#set-member tagged ethernet 1/2 swbc(config-if-vlan-2)#set-member untagged ethernet 1/2 swabc(config-if-vlan-2)#interface vlan 200 swa(config-if-vlan-200)#set-member tagged ethernet 1/2 swbc(config-if-vlan-200)#set-member untagged ethernet 1/20 swabc(config-if-vlan-200)#interface ethernet 1/2 swa(config-if-eth-1/2)#switchport acceptable-frame-types tagged swbc(config-if-eth-1/2)#switchport native vlan 2 swbc(config-if-eth-1/2)#interface ethernet 1/20 swbc(config-if-eth-1/20)#switchport native vlan 200

Criar um anel físico fazendo as seguintes cone xões: A25-B26, B25-C26, A26-C25.

DmSwitch

14

Figura 1.

Verificar que os SWs reconhecem que o master é o SWA no dois domínios. O SWA mostra como ring status complete e as portas secondary bloqueiam conforme foram configuradas em cada domínio. O SWB e SWC estão no estado de Links-Up. # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

swa#show system Product ------Model: OID:

DmSwitch3224F1 1.3.6.1.4.1.3709.1.2.13

Factory ------Serial number: MAC Address:

300134 00:04:DF:00:08:BB

User configurable ----------------Name: Location: Contact:

swa

swa#show eaps detail EAPS Enabled:

Yes


DM1 Complete Yes Mode: Master 1 sec 3 sec 6 sec (learned) Remaining: 0 sec 00:04:DF:00:08:BB, Thu Jan 1 06:15:46 1970 Eth1/26 Port status: Up Eth1/25 Port status: Blocked 1001 1-100


DM2 Complete Yes Mode: Master 1 sec 3 sec 6 sec (learned) Remaining: 0 sec 00:04:DF:00:08:BB, Thu Jan 1 06:15:46 1970 Eth1/25 Port status: Up Eth1/26 Port status: Blocked 1002 101-200

DmSwitch

15

# # # # # # # # # # # # # # # # # # # # # # # # # # # #

swb#show eaps detail

# # # # # # # # # # # # # # # # # # # # # # # # # # #

swc#show eaps detail

EAPS Enabled:

Yes


DM1 Links-Up Yes Mode: Transit 1 sec 3 sec 6 sec (learned) Remaining: 0 sec 00:04:DF:00:08:BB, Thu Jan 1 06:19:22 1970 Eth1/26 Port status: Up Eth1/25 Port status: Up 1001 1-100



EAPS Enabled:

Yes





10.2. VLAN Conectar conforme Figura 2: MA-SWA-P2, MB-SWB-P2 e MC-SWC-P20. Configurar MA como tagged (servidor) nas VLANs 2 e 200 com um IP para cada VLAN em redes distintas (ex. 192.168.2.101/24 e 192.168.200.101/24). Configurar MB (cliente) com IP da VLAN 2 (ex. 192.168.2.102/24). Configurar MC (cliente) com um IP da VLAN 200 (ex. 192.168.200.103/24).

DmSwitch

16

Figura 2.

Verificar que ping MA-MB, MA-MC e NÃO MB-MC.

10.3. Resiliência Executar ping flooding à taxa de 10pps com pacotes de 64 bytes de MA para MB e de MA para MC. # #

root@MA#ping 192.168.2.102 –f –i 0.1 root@MA#ping 192.168.200.103 –f –i 0.1

Retirar e voltar a conexão entre cada um dos SWs alternadamente, medindo os tempos de proteção da rede em cada domínio. Verificar que a proteção ocorre em menos de 200ms (2 pacotes perdidos no máximo tanto para MC qto para MB. Esse tempo de convergência refere-se aos testes efetuados com enlaces ópticos nas portas giga. Com cobre as giga demoram mais para convergir. Verificar que a topologia lógica da rede se alterou (ring status failed) # # # # # # # # # # # # # # # # # # # # # # # #

swa#show eaps detail EAPS Enabled:

Yes


DM1 Failed Yes Mode: Master 1 sec 3 sec 6 sec (learned) Remaining: 0 sec 00:04:DF:00:08:BB, Thu Jan 1 01:08:54 1970 Eth1/26 Port status: Up Eth1/25 Port status: Down 1001 1-100

Domain Name: State: Enabled: Hello Timer interval: Fail Timer interval: Pre-forwarding Timer: Last update from: Primary port:

DM2 Failed Yes Mode: Master 1 sec 3 sec 6 sec (learned) Remaining: 0 sec 00:04:DF:00:08:BB, Thu Jan 1 01:08:54 1970 Eth1/25 Port status: Down

DmSwitch

17

# # # #

Secondary port: Control VLAN ID: Protected VLANs IDs:

Eth1/26 1002 101-200

Port status: Up

10.4. Q-in-Q Habilitar Q-in-Q double tagging global nos três SWs. As portas 25 e 26 dos SWs A, B e C e porta 2 do SWA, devem estar como tagged modo internal # # # # #

swabc(config)#vlan qinq swabc(config)#interface ethernet range 25 26 swabc(config-if-eth-1/25-to-1/26)#switchport qinq internal swa(config)#interface ethernet 2 swa(config-if-eth-1/2)#switchport qinq internal

Colocar MA, MB e MC na porta 2 de seus respectivos SWs e verificar que MB e MC se pingam (trocar IPs para mesma subrede. )

Figura 3.

Gerar broadcast em MB e verificar que chega s em tag em MC e chega com a tag 2 (metro tag) em MA #

root@MB#ping 192.168.2.255 –b

10.5. Port Security Habilitar Port-Security na porta de acesso dos SWB e SWC para o máximo de 50 macs. # #

swbc(config)#interface ethernet 2 swbc(config-if-eth-1/2)#switchport port-security maximum 50

Habilitar Port-Secutity no SWA para a VLAN de acesso 2 em 80 MACs e Trocar o aging time da VLAN 2 para 600 sec # # #

swa(config)#interface vlan 2 swa(config-if-vlan-2)#mac-address-table port-maximum 80 swa(config-if-vlan-2)# mac-address-table aging-time 600

DmSwitch

18

Limpar a tabela MAC dos SWs #

swabc#clear mac-address-table

Injetar a partir de MC e MB 17.000 MACs (utilizar macof, packETH,etc)e verificar que: No máximo 50 MACs foram aprendidos nas portas do SWB e SWC:

•

# # # # # # # # # # # # # # # # # # # # # # # #

SWB#sh mac-address-table interface e 2 Total MAC Addresses for this criterion: 50 Unit Interface ---- --------1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 --More—

MAC Address ----------------00-0f-b0-57-8d-ef 0a-81-2e-4d-5b-aa 16-31-4a-75-1c-da 1c-3e-92-5a-1e-d9 1c-fb-e0-7e-c2-f8 1e-44-6a-7c-96-8a 22-5a-3f-1b-72-30 2c-bf-e8-10-3d-9d 38-63-51-11-4f-00 38-eb-7c-57-e3-f4 3a-10-12-71-58-ac 3a-a7-6a-28-29-ee 3e-fa-ba-4b-ec-eb 40-83-c7-5b-b7-17 40-da-1a-2f-a5-70 44-26-e5-38-74-ad 46-7e-49-3e-e3-d4 4c-a3-2a-2c-a5-77

VLAN ---2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2

Type --------Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned

# SWC#sh mac-address-table interface e 2 # Total MAC Addresses for this criterion: 50 # # Unit Interface MAC Address VLAN Type # ---- --------- ----------------- ---- --------# 1 Eth 1/ 2 00-0f-b0-57-8d-ef 2 Learned # 1 Eth 1/ 2 02-0c-26-0b-0d-a9 2 Learned # 1 Eth 1/ 2 04-fa-b3-15-ea-d7 2 Learned # 1 Eth 1/ 2 06-23-8f-13-ea-c7 2 Learned # 1 Eth 1/ 2 06-77-c8-4e-de-82 2 Learned # 1 Eth 1/ 2 0a-25-5b-1d-d3-4f 2 Learned # 1 Eth 1/ 2 0e-0a-86-16-98-bd 2 Learned # 1 Eth 1/ 2 0e-99-9f-3d-c9-e2 2 Learned # 1 Eth 1/ 2 10-cd-fd-1d-2e-6f 2 Learned # 1 Eth 1/ 2 18-c0-d9-16-95-96 2 Learned # 1 Eth 1/ 2 1e-c3-8a-6e-38-96 2 Learned # 1 Eth 1/ 2 22-aa-65-6c-ba-8a 2 Learned # 1 Eth 1/ 2 26-a8-2e-66-8f-0c 2 Learned # 1 Eth 1/ 2 26-e0-59-12-7d-c3 2 Learned # 1 Eth 1/ 2 28-fd-e5-12-f4-51 2 Learned # 1 Eth 1/ 2 2c-0e-d2-14-50-ef 2 Learned # 1 Eth 1/ 2 3a-59-39-1a-7b-1e 2 Learned # 1 Eth 1/ 2 3a-b8-48-35-73-cd 2 Learned --More--

No máximo 80 MACs foram aprendidos no SWA

•

# # # # # # # # # #

SWA#sh mac-address-table vlan 2 Total MAC Addresses for this criterion: 80 Unit ---1 1 1 1 1

Interface MAC Address VLAN Type --------- ----------------- ---- --------Eth 1/ 25 00-01-02-03-04-05 2 Learned Eth 1/ 25 00-05-3e-23-ce-28 2 Learned Eth 1/ 25 00-0c-29-19-8b-6f 2 Learned Eth 1/ 25 00-0f-b0-57-8d-ef 2 Learned Eth 1/ 25 00-14-12-35-76-d2 2 Learned

DmSwitch

19

# # # # # # # # # # # # # #

1 Eth 1 Eth 1 Eth 1 Eth 1 Eth 1 Eth 1 Eth 1 Eth 1 Eth 1 Eth 1 Eth 1 Eth 1 Eth --More--

1/ 1/ 1/ 1/ 1/ 1/ 1/ 1/ 1/ 1/ 1/ 1/ 1/

25 25 25 25 25 25 25 25 25 25 25 25 25

00-14-f3-0e-85-2d 00-1a-88-c2-4e-fe 00-1b-21-7f-c2-fc 00-2e-2a-64-e9-d2 00-33-56-c4-47-8e 00-35-e3-20-ff-0e 00-3a-a7-83-f8-48 00-3d-f8-e7-d9-44 00-3e-cc-bb-a8-f7 00-47-8e-6b-2c-e8 00-4c-3c-96-3f-27 00-51-54-3c-13-a2 00-55-3b-e4-5a-b0

2 2 2 2 2 2 2 2 2 2 2 2 2

Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned

No máximo 100 MACs foram aprendidos na VLAN 2 do SWB e SWC

•

# # # # # # # # # # # # # # # # # # # # # # # #

SWB#sh mac-address-table vlan 2 Total MAC Addresses for this criterion: 100 Unit Interface ---- --------1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 1 Eth 1/ 2 --More--

MAC Address ----------------00-0c-f1-ac-9b-61 00-03-55-f9-d6-5b 00-04-df-00-08-42 00-0d-01-b0-3e-5a 00-0f-6e-ee-04-7c 00-0f-b0-57-8d-ef 00-10-42-17-f3-ff 00-12-2a-e0-8d-9b 00-18-a0-47-a5-38 00-19-88-23-38-10 00-1a-8d-6b-64-bc 00-1c-e9-e0-73-19 00-20-c2-cd-1b-b1 00-26-64-7b-71-0b 00-26-f4-d4-06-81 00-2c-31-9c-7f-1d 00-2c-34-57-c7-b3 00-35-2b-9b-60-33

VLAN ---1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1

Type --------Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned Learned

DmSwitch

20

DmSwitch3000_Exemplos de Configuracion via CLI

Recommend Documents