Documente Academic
Documente Profesional
Documente Cultură
Configuration Guide
IBP version
2 Configuring Management........................................................................................... 6
2.1 Configuring In-band Management IP setting ................................................................ 7
2.2 Configuring oob IP setting........................................................................................... 10
2.3 Configuring default gateway setting ............................................................................ 12
2.4 Upload Firmware Image and Configuration File ......................................................... 14
Configuring Management
Configuring Uplink Sets
Configuring Port groups
Configuring VLAN groups
Configuring service LAN
Configuring service VLAN
Combining Port groups and service (V)LAN
Configuring Downlink LAG
Configuring Private Network
Configuring QoS
Configuring IGMP/MLD snooping
Configuring IEEE 802.1X Authentication
Configuring Port Mirroring
Configuring SNMP Agent
Configuring System Log
Mode Prompt
privileged EXEC mode (BX900-CB1)#
Configuration mode (BX900-CB1)(Config)#
Interface mode (BX900-CB1)(Interface BX900-CB1/0/1)#
Interface range mode (BX900-CB1)(if-range)#
The BX900 Ethernet Connection Blade could be managed via two kinds of method. One is to
use console redirection from management blade, the other is to use IP network connection.
Two management interfaces for IP network connection, in-band and out-of-band management
interfaces, are provided for users to access and to manage the Ethernet Connection Blade.
Both of these two management interfaces could be configured to get the IP address via use
DHCP at a time, but not simultaneously.
The BX900 Ethernet Connection Blade supports only one default gateway in the system. User
could assign the default gateway for in-band management or out-of-band management
interface, but not simultaneously. If the gateway for the in-band management is set it is only
valid for the in-band management. If the user tries to set also the gateway for the out-of-band
management there will be an error message saying that the gateway for the in-band
management is already set and it is therefore not allowed to configure a second one. If the
gateway for the out-of-band management is set it is only valid for the out-of-band
management. Again an appropriate error message will be shown if it is tried to configure the
in-band management gateway. If user configure one of these two management ports to get the
IP address from DHCP server, the default gateway got from DHCP server will be overridden
the existed one. That is, the default gateway will always be valid for the management port
which is configured to use DHCP if the IP and default gateway are assigned by DHCP server
successfully.
This chapter will describe how to configure IP address for the in-band and out-of-band
management interfaces and how to configure the default gateway for the system on the BX900
Ethernet Connection Blade.
Beginning in privileged EXEC mode, follow these steps to configure management IP setting for
in-band management interface:
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 ip address protocol To set IP management interface to use
<bootp|dhcp|none> bootp, dhcp or none.
Step 3 ip address <ipaddress> <netmask> To set a fixed IP address and net mask for
[<vlanId>] management interface.
Step 4 exit Return to privileged EXEC mode.
Step 5 show ip interface Verify the configuration.
To configure a fixed IP address for the in-band management interface, use ip address
protocol none global configuration command. To set an IP address and net mask for
in-band management interface, use ip address global configuration command. To display
IP setting of in-band management interface, use show ip interface privileged EXEC
command.
(BX900-CB1)#configure
(BX900-CB1)(Config)#ip address protocol none
Changing protocol mode will reset ip configuration.
Are you sure you want to continue? (y/n)y
(BX900-CB1)(Config)#ip address 192.168.2.1 255.255.255.0
(BX900-CB1)(Config)#exit
(BX900-CB1)#show ip interface
IP address and netmask: 192.168.2.1 255.255.255.0,
and address mode: User specified.
In this example, assign a VLAN ID for the in-band management interface. With this
configuration, the received tagged packets with the same VLAN ID will be allowed to
access the Ethernet Connection Blade. Otherwise, the packets will be dropped.
(BX900-CB1)#configure
(BX900-CB1)(Config)#ip address protocol none
(BX900-CB1)(Config)#ip address 192.168.2.1 255.255.255.0 100
(BX900-CB1)(Config)#exit
(BX900-CB1)#show ip interface
IP address and netmask: 192.168.2.1 255.255.255.0 on VLAN 100,
and address mode: User specified.
Beginning in privileged EXEC mode, follow these steps to configure management IP setting for
out-of-band management interface:
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 oob protocol To set IP management interface to use
<bootp|dhcp|dhcp6|none> bootp, dhcp, dhcpv6 or none.
Step 3 oob ip <ipaddr> <netmask> To set a fixed IP address and net mask for
management interface.
Step 4 exit Return to privileged EXEC mode.
Step 5 show oob Verify the configuration.
To configure to get IP address via DHCP protocol for the out-of-band management
interface, use oob protocol dhcp global configuration command. To set an IP address
and net mask for out-of-band management interface, use oob ip global configuration
command. To display IP setting of out-of-band management interface, use show oob
privileged EXEC command.
In this example, out-of-band management interface is configured to get the IP address via
DHCP protocol.
(BX900-CB1)#configure
(BX900-CB1)(Config)#oob protocol dhcp
Changing protocol mode will reset ip configuration.
Are you sure you want to continue? (y/n)y
(BX900-CB1)(Config)#exit
(BX900-CB1)#show oob
IP Address..................................... 172.16.2.125
Subnet Mask.................................... 255.255.255.0
Default Gateway................................ 172.16.2.254
IPv6 Address................................... FE80::21E:68FF:FE85:F760/64
OOB interface Configured Protocol.............. DHCP
Burned In MAC Address.......................... 00:1E:68:85:F7:60
(BX900-CB1)#
(BX900-CB1)#configure
(BX900-CB1)(Config)#oob protocol none
Changing protocol mode will reset ip configuration.
Are you sure you want to continue? (y/n)y
(BX900-CB1)(Config)#oob ip 192.168.2.1 255.255.255.0
(BX900-CB1)#show oob
IP Address..................................... 192.168.2.1
Subnet Mask.................................... 255.255.255.0
Default Gateway................................ 0.0.0.0
IPv6 Address................................... FE80::21E:68FF:FE85:F760/64
OOB interface Configured Protocol.............. None
Burned In MAC Address.......................... 00:1E:68:85:F7:60
(BX900-CB1)#
Beginning in privileged EXEC mode, follow these steps to configure default gateway from
out-of-band management interface:
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 oob protocol To set IP management interface to use
<bootp|dhcp|dhcp6|none> bootp, dhcp, dhcpv6 or none.
Step 3 oob ip <ipaddr> <netmask> To set a fixed IP address and net mask for
management interface.
Step 4 oob gateway <gateway> To set the default gateway address.
Step 5 exit Return to privileged EXEC mode.
Step 6 show oob Verify the configuration.
To configure the default gateway for the out-of-band management interface, use oob
gateway global configuration command. To display IP setting of out-of-band management
interface, use show oob privileged EXEC command.
(BX900-CB1)#configure
(BX900-CB1)(Config)#oob protocol none
Changing protocol mode will reset ip configuration.
Are you sure you want to continue? (y/n)y
(BX900-CB1)(Config)#oob ip 10.1.20.1 255.255.255.0
(BX900-CB1)(Config)#oob gateway 10.1.20.254
(BX900-CB1)(Config)#exit
(BX900-CB1)#show oob
IP Address..................................... 10.1.20.1
Subnet Mask.................................... 255.255.255.0
Default Gateway................................ 10.1.20.254
IPv6 Address................................... FE80::21E:68FF:FE85:F760/64
OOB interface Configured Protocol.............. None
Burned In MAC Address.......................... 00:1E:68:85:F7:60
(BX900-CB1)#
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 ip address protocol To set IP management interface to use
<bootp|dhcp|none> bootp, dhcp, or none.
Step 3 ip address <ipaddr> <netmask> To set a fixed IP address and net mask for
management interface.
Step 4 ip default-gateway <gateway> To set the default gateway address.
Step 5 exit Return to privileged EXEC mode.
Step 6 show ip redirects Verify the configuration.
To configure the default gateway for the in-band management interface, use ip
default-gateway global configuration command. To display IP setting of in-band
management interface, use show ip redirects privileged EXEC command.
(BX900-CB1)#configure
(BX900-CB1)(Config)#ip address protocol none
Changing protocol mode will reset ip configuration.
Are you sure you want to continue? (y/n)y
(BX900-CB1)(Config)# ip address 192.168.2.1 255.255.255.0
(BX900-CB1)(Config)#ip default-gateway 192.168.2.254
(BX900-CB1)(Config)#exit
(BX900-CB1)#show ip redirects
ip default gateway 192.168.2.254
(BX900-CB1)#
The gateway of in-band and out-of-band (oob) management interface can’t be set
! at the same time. If the gateway of oob has been set, you have to remove it before
you configure the gateway of in-band management interface.
Beginning in privileged EXEC mode, follow these steps to upload firmware from Ethernet
Connection Blade:
Command Purpose
Step 1 copy image <filename> <url> To upload firmware specified in
<filename> to the <url> address where
<url>={xmodem | tftp://ipaddr/path/file |
ftp://user:pass@ipaddr/path/file}
In this example, a firmware will be uploaded via TFTP protocol to a TFTP server with IP
address 192.168.2.100.
Before performing the upload operation, you have to configure an IP address for
! your Ethernet Connection Blade via DHCP protocol or manually.
Mode........................................... TFTP
Set TFTP Server IP............................. 192.168.2.100
TFTP Path...................................... ./
TFTP Filename.................................. sb11a-sw-r-0.30.0213.img
Data Type...................................... Code
Command Purpose
Step 1 copy startup-config <filename> To upload configuration file specified in
<url> <filename> to the <url> address where
<url>={xmodem | tftp://ipaddr/path/file |
ftp://user:pass@ipaddr/path/file}.
In this example, a configuration file will be uploaded via TFTP protocol to a TFTP server
with IP address 192.168.2.100.
Before performing the upload operation, you have to configure an IP address for
! your Ethernet Connection Blade via DHCP protocol or manually.
Mode........................................... TFTP
Set TFTP Server IP............................. 192.168.2.100
TFTP Path...................................... ./
TFTP Filename.................................. backup_config.cfg
Data Type...................................... Config File
(BX900-CB1)#
The ports (EXT37~EXT48 for SB11a, EXT37-EXT46 for SB11) connected to the external
network are called uplink port/external port, and the ports (INT1~INT36) connected to the NICs
of server blades are called downlink port/internal port. In SB11a, it provides 12 external ports
(8 RJ-45 ports and 4 SFP ports) and 36 downlink ports. In SB11, it provides 10 external ports
(8 RJ-45 ports and 2 SFP+ ports) and 36 downlink ports.
Uplink ports
Each uplink port is configured as a member of a LAG in default; it provides the external access
connection for Server Blade System. The configuration of uplink ports eliminates the need for
the Spanning Tree Protocol to prevent network loops and also provides a redundant function
for the external connection to improve network reliability.
In addition, the L2 failover feature is also provided for the uplink ports. With Network Adaptor
Teaming configured on the server blade Ethernet NIC, the servers can maintain redundant
links to multiple Ethernet Connection Blades within the Blade Server System to provide
enhanced reliability. The L2 failover feature allows the Ethernet Connection Blade to disable
the server-blade ports when all of its uplink ports are inactive. This causes the Network
Adaptor Teaming software to failover to the other Ethernet Connection Blade(s) in the Blade
Server System.
Downlink ports
Downlink port provides a network connection with 1Gbps full-duplex speed for the server
blades. The downlink ports could be configured as a member of a LAG to combine server
blade NICs connected to same Ethernet Connection Blade to provide a higher network
bandwidth for a server blade.
In IBP firmware version, it defines several groups, including Port groups, VLAN groups,
Service LAN, and Service VLAN. They provide different characteristics of handling packets.
Each group should combine an uplink set for its external connection. Packet handling in
different group types will be introduced in this chapter.
Port Groups
The downlink ports of Ethernet Connection Blade can be combined into Port Groups. Up to 36
port groups are available for the Ethernet Connection Blade with IBP firmware version. Each
Port Group could contain internal server ports (INT1-INT36).
All ports in a Port Group have the same configuration and are a member of a unique,
untagged/tagged VLAN. The packets are forwarded as it is received on Ethernet Connection
Blade, that is, tagged packets received from the server blades are forwarded include their tags
to all ports of the Port Group and untagged packets received from the server blades are
forwarded untagged to all ports of the Port Group. We call this as the VLAN transparent.
In addition, communication between Port Groups is not possible, nor is traffic from one group
visible in another group.
VLAN groups
The major difference to the traditional Port Group feature is that the grouping is defined on
VLAN base. It is similar to the port-based VLAN. Note that even though having identical VLAN
IDs, the VLANs in different VLAN port groups are different VLANs.
The incoming untagged packets received from the server blades will be tagged with the user
defined group VLAN tag and forwarded to the Uplink Set of the VLAN port group. The packets
leave the uplink(s) as tagged packets, the VLAN tag is not removed at the uplink(s). If the
server blade is sending tagged packets, they are dropped, except the tag is identical to the
defined Service VLAN ID. In this case it is handled according the Service VLAN definition,
forwarded to the Service VLAN Uplink Set.
The incoming tagged packets received at the uplink ports of VLAN port group are forwarded to
the downlink (server blade); according to their group VLAN tag definition. The tag is removed
at the downlink port, so that the server blades are receiving untagged packets. Packets tagged
with VLAN IDs other than defined by VLAN groups are dropped at the uplink(s), except those
tagged with the Service VLAN ID. They are handled according to Service VLAN group
definition.
Within the set of VLAN Port Groups sharing the same Uplink Set, one VLAN can be optionally
defined as “native VLAN”. This changes the tagging behavior at the uplink port for this native
VLAN ID. Incoming untagged packets are not dropped, but are tagged with the native VLAN ID
and forwarded to all the downlinks of this VLAN group. Incoming packets tagged with the
native VLAN ID are dropped at the uplink. Tagged packets with a VLAN ID that does not match
the VLAN ID of any other VLAN Port Group defined for this uplink set will be dropped. All
Service LAN
The Service LAN receives tagged packets from the server blade, but the tags are stripped
when they leave the uplink (external port). Incoming untagged packets received at the
uplink/external port are tagged and send to the corresponding downlinks (server blade) as
tagged packets. Incoming tagged packets at uplink/external ports are dropped.
Service VLAN
The Service VLAN receives tagged packets with Service VLAN ID from the server blade, and
forwards them to uplink/external port as tagged packets. Incoming tagged packets with
Service VLAN ID received at the uplink/external port are sent to the corresponding downlinks/
server blade as tagged packets.
Different Service VLANs may share the same Uplink Set. If the port which is member of the
Service VLAN, receives tagged packets with the Service VLAN ID (SVID), those received
tagged packets will be forwarding based on Service VLAN. The Service VLANs with different
VLAN IDs may overlap in internal ports. The Service VLANs with disjoint uplink sets may have
identical SVID. The Service VLAN only defines the internal ports to form a group and it can
define its external connection by combining Uplink Sets.
Note that (VLAN) Port Group and Service (V)LAN may overlap on the internal ports
(downlinks). The untagged packets received from the server blade or uplink ports should obey
the rule of the (VLAN) Port Group.
Uplink set:
VLAN Port VLAN Port Service
Port Group Service LAN
Group Group (native) VLAN
Port Group X X X X V
VLAN Port
N/A V V X V
Group
VLAN Port
Group N/A N/A X X V
(native)
Service
N/A N/A N/A X X
LAN
Service
N/A N/A N/A N/A V
VLAN
Downlink ports:
VLAN Port
VLAN Port
Port Group Group Service LAN Service VLAN
Group
(native)
Port Group X X X V V
VLAN Port
N/A X X V V
Group
VLAN Port
N/A N/A X V V
Group (native)
Service LAN N/A N/A N/A V V
Service VLAN N/A N/A N/A N/A V
Legend:
X: not allowed
V: allowed, based on different VLAN ID
N/A: don’t care, duplicate information
In IBP firmware version, the external/uplink ports are defined in so-called Uplink Sets. In the
group definitions in IBP these Uplinks Sets are used to define the external connections. An
“Uplink Set” is defined as a set of 1 to n external (uplink) ports, which is be used in port group
definitions to connect a group of server blades to the customer’s LAN.
As an Uplink Set is created, two link aggregations will be created at the same time. One link
aggregation is for active and the other is for the backup. A port participates to an Uplink Set
and it will become the member of the active link aggregation automatically. User could assign
a port to participate to the backup link aggregation by manually.
In this chapter, it will describe how to configure the Uplink Sets and how to move the ports from
active link aggregation to backup one.
Beginning in privileged EXEC mode, follow these steps to create an uplink set and assign port
to this uplink set:
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 uplink-set uplinkSetName To create a empty uplink set
Step 3 interface interface-id Specify the external physical port that you
want to set to the uplink set, and enter
interface configuration mode.
Step 4 uplink-set uplinkSetName To make this interface to be the member
of the uplink set.
Step 5 exit Return to global configuration mode.
Step 6 exit Return to privileged EXEC mode.
Step 7 show uplink-set [uplinkSetName] Verify the configuration.
In this example, uplink-set up1 is created and interfaces 0/41 and 0/42 are assigned to this
uplink set.
(BX900-CB1)#configure
(BX900-CB1)(Config)#uplink-set up1
Name Interface ports active ports backup ports state Backup snoop LACP
BX900-CB1/0/45, BX900-CB1/0/45,
BX900-CB1/0/46, BX900-CB1/0/46,
BX900-CB1/0/47, BX900-CB1/0/47,
BX900-CB1/0/48 BX900-CB1/0/48
(BX900-CB1)#
Beginning in privileged EXEC mode, follow these steps to enable link state function for an
uplink set and groups:
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 linkstate uplinkSetName Enable the link state function on specific
uplink set.
Step 5 exit Return to privileged EXEC mode.
Step 6 show linkstate [uplinkSetName] Verify the configuration.
To enable/disable the link state feature, use linkstate/no linkstate global configuration
command. To display the link state setting, use show linkstate privileged EXEC
command.
(BX900-CB1)#configure
(BX900-CB1)(Config)#linkstate up1
(BX900-CB1)(Config)#exit
(BX900-CB1)#show linkstate
Uplink Set name Linkstate
--------------------------------- ---------
default yes
up1 yes
(BX900-CB1)#
Beginning in privileged EXEC mode, follow these steps to set a port to be the backup port:
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 interface interface-id Specify the external physical port that you
want to set to be a backup port, and enter
interface configuration mode.
Step 3 port-backup To make this interface to be the backup
port.
Step 4 exit Return to global configuration mode.
Step 5 exit Return to privileged EXEC mode.
Step 6 show port-backup [uplinkSetName] Verify the configuration.
To set a port to be the backup port, use port-backup interface configuration command. To
display the port backup, use show port-backup privileged EXEC command.
In this example, uplink-set up1 is created and interfaces 0/41 and 0/42 are the members of
uplink set up1. Try to set interface 0/42 to be the backup port of the uplink set up1.
(BX900-CB1)#configure
(BX900-CB1)(Config)#interface 0/42
(BX900-CB1)(Interface BX900-CB1/0/42)#port-backup
(BX900-CB1)(Interface BX900-CB1/0/41)#interface 0/42
(BX900-CB1)(Interface BX900-CB1/0/42)#exit
(BX900-CB1)(Config)#exit
(BX900-CB1)#show port-backup up1
Uplink Set name Port Backup External active ports External backup ports
(BX900-CB1)#
The downlink ports of Ethernet Connection Blade can be combined into Port Groups. Port
Groups have the following characteristics:
1. Each Port Group can contain only internal server ports (INT1-INT36).
2. It is not mandatory to include an uplink set. A group without a configured uplink set is used
only for internal communication.
3. Communication between groups is not possible, nor is traffic from one group visible in
another group.
By default there is no traffic between ports of different port groups except over
! Service VLAN and Service LAN.
All ports in a Port Group have the same configuration. Each port in the Port Group is a member
of a unique, untagged/tagged VLAN.
In the port groups, it is VLAN transparent; the packet will be forwarded as it is received on
ingress side, including the VLAN tagging.
Beginning in privileged EXEC mode, follow these steps to create port group and assign ports
to this port group:
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 port-group portGroupName To create a port group with an assigned
[uplinkSetName] group name and/or an assigned uplink
set.
Step 3 interface interface-id Specify the internal physical port that you
want to set to be a member of the port
group, and enter interface configuration
mode.
Step 4 no port-group Remove this interface from the port group
if it is already configured to a port group.
Step 5 port-group portGroupName To add this interface to the specified port
group.
Step 6 exit Return to global configuration mode.
Step 7 exit Return to privileged EXEC mode.
Step 8 show port-group [portGroupName] Verify the configuration.
(BX900-CB1)#configure
(BX900-CB1)(Config)#port-group pg_1
(BX900-CB1)(Config)#interface 0/1
(BX900-CB1)(Interface BX900-CB1/0/1)#no port-group
(BX900-CB1)(Interface BX900-CB1/0/1)#port-group pg_1
(BX900-CB1)(Interface BX900-CB1/0/1)#exit
(BX900-CB1)(Config)#exit
(BX900-CB1)#show port-group pg_1
Port Group Name Internal Ports Uplink Set Name External Ports
-------------------------- --------------- ------------------------ ---------------
pg_1 BX900-CB1/0/1 -
(BX900-CB1)#
In this example, port group pg_2 is created with a configured uplink set up1 and interface
0/1 is assigned to be the member of this port group.
(BX900-CB1)#configure
(BX900-CB1)(Config)#port-group pg_2 up1
(BX900-CB1)(Config)#interface 0/2
(BX900-CB1)(Interface BX900-CB1/0/2)#no port-group
(BX900-CB1)(Interface BX900-CB1/0/2)#port-group pg_2
(BX900-CB1)(Interface BX900-CB1/0/2)#exit
(BX900-CB1)(Config)#exit
(BX900-CB1)#show port-group pg_2
Port Group Name Internal Ports Uplink Set Name External Ports
-------------------------- -------------------- ------------------------ ----------------------
pg_2 BX900-CB1/0/2 up1 BX900-CB1/0/41
BX900-CB1/0/42
(BX900-CB1)#
Beginning in privileged EXEC mode, follow these steps to create a VLAN group and assign
ports to this VLAN group:
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 vlan-group vlanGroupName To create a VLAN group with an assigned
<1-4094> uplinkSetName group name, VLAN ID and a configured
uplink set.
Step 3 interface interface-id Specify the internal port that you want to
set to be a member of the VLAN group,
and enter interface configuration mode.
Step 4 no port-group Remove this interface from the port group
if it is already configured to a port group.
Step 5 no vlan-group Remove this interface from the VALN
group if it is already configured to a VLAN
group.
Step 6 vlan-group vlanGroupName To add this interface to the specified
VLAN group.
Step 7 exit Return to global configuration mode.
Step 8 exit Return to privileged EXEC mode.
Step 9 show vlan-group [vlanGroupName] Verify the configuration.
In this example, VLAN group vlang_1 with VLAN ID 2 is created and it is configured with
uplink set up1 and interface 0/1 is assigned to be the member of this VLAN group.
(BX900-CB1)#configure
(BX900-CB1)(Config)#vlan-group vlang_1 2 up1
(BX900-CB1)(Config)#interface 0/1
(BX900-CB1)(Interface BX900-CB1/0/1)#no port-group
(BX900-CB1)(Interface BX900-CB1/0/1)#no vlan-group
(BX900-CB1)(Interface BX900-CB1/0/1)#vlan-group vlang_1
(BX900-CB1)(Interface BX900-CB1/0/1)#exit
(BX900-CB1)(Config)#exit
(BX900-CB1)#show vlan-group vlang_1
VLAN port group name ID Internal ports UplinkSet name External ports VLAN
BX900-CB1/0/42
(BX900-CB1)#
The downlink ports are just allowed to be the member of port group and VLAN
! group at a time. If you want to assign a downlink port to another port group or
VLAN group, you have to remove it from current group first.
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 vlan-group-nativeVLAN To set the specified VLAN group with
vlanGroupName native VLAN option.
Step 3 exit Return to privileged EXEC mode.
Step 4 show vlan-group [vlanGroupName] Verify the configuration.
To set native VLAN option for a VLAN group, use vlan-group-nativeVLAN global
configuration command. To display the VLAN group, use show vlan-group privileged
EXEC command.
(BX900-CB1)#configure
(BX900-CB1)(Config)#vlan-group-nativeVLAN vlang_1
(BX900-CB1)(Config)#exit
(BX900-CB1)#show vlan-group vlang_1
VLAN Native
VLAN port group name ID Internal ports UplinkSet name External ports VLAN
BX900-CB1/0/42
(BX900-CB1)#
Beginning in privileged EXEC mode, follow these steps to create a Service LAN and assign
ports to this Service LAN:
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 svc-lan svcLanName <1-4094> To create a Service LAN with an assigned
uplinkSetName group name, VLAN ID and a configured
uplink set.
Step 3 interface interface-id Specify the internal port that you want to
set to be a member of the Service LAN,
and enter interface configuration mode.
Step 4 svc-lan svcLanName To add this interface to the specified
Service LAN.
Step 5 exit Return to global configuration mode.
Step 6 exit Return to privileged EXEC mode.
Step 7 show svc-lan [svcLanName] Verify the configuration.
In this example, Service LAN slan_1 with VLAN ID 100 is created and it is configured with
uplink set up2 for its external connection. The interface 0/2 is added to this Service LAN.
(BX900-CB1)#configure
(BX900-CB1)(Config)#svc-lan slan_1 100 up2
(BX900-CB1)(Config)#interface 0/2
(BX900-CB1)(Interface BX900-CB1/0/2)# svc-lan slan_1
(BX900-CB1)(Interface BX900-CB1/0/2)#exit
(BX900-CB1)(Config)#exit
(BX900-CB1)#show svc-lan slan_1
Service LAN name VLAN ID Internal ports Uplink Set name External ports
BX900-CB1/0/44
(BX900-CB1)#
Beginning in privileged EXEC mode, follow these steps to create a Service VLAN and assign
ports to this Service VLAN:
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 svc-vlan svcVlanName <1-4094> To create a Service VLAN with an
uplinkSetName assigned group name, VLAN ID and a
configured uplink set.
Step 3 interface interface-id Specify the internal port that you want to
set to be a member of the Service VLAN,
and enter interface configuration mode.
Step 4 svc-vlan svcVlanName To add this interface to the specified
Service VLAN.
Step 5 exit Return to global configuration mode.
Step 6 exit Return to privileged EXEC mode.
Step 7 show svc-vlan [svcVlanName] Verify the configuration.
In this example, Service VLAN svlan_1 with VLAN ID 200 is created and it is configured
with uplink set up3 for its external connection. The interface 0/3 is added to this Service
VLAN.
(BX900-CB1)#configure
(BX900-CB1)(Config)#svc-vlan svlan_1 200 up3
(BX900-CB1)( Config)#interface 0/3
(BX900-CB1)(Interface BX900-CB1/0/3)# svc-vlan svlan_1
(BX900-CB1)(Interface BX900-CB1/0/3)#exit
(BX900-CB1)(Config)#exit
(BX900-CB1)#show svc-vlan svlan_1
Service VLAN name VLAN ID Internal ports Uplink Set name External ports
BX900-CB1/0/46
(BX900-CB1)#
(BX900-CB1)#configure
(BX900-CB1)(Config)#port-group pg_overlap uplink_1
(BX900-CB1)(Config)#interface range 0/1 – 0/12
(BX900-CB1)(if-range)#no port-group
(BX900-CB1)(if-range)#port-group pg_overlap
(BX900-CB1)(if-range)#exit
(BX900-CB1)(Config)#svc-vlan svlan_overlap 4094 uplink_2
(BX900-CB1)(Config)#interface range 0/10 – 0/12
(BX900-CB1)(if-range)#svc-vlan svlan_overlap
(BX900-CB1)(if-range)#exit
(BX900-CB1)(Config)#exit
(BX900-CB1)#show port-group pg_overlap
Port Group Name Internal Ports Uplink Set Name External Ports
BX900-CB1/0/2 BX900-CB1/0/42
BX900-CB1/0/3
BX900-CB1/0/4
BX900-CB1/0/5
BX900-CB1/0/6
BX900-CB1/0/7
BX900-CB1/0/9
BX900-CB1/0/10
BX900-CB1/0/11
BX900-CB1/0/12
BX900-CB1/0/11 BX900-CB1/0/46
BX900-CB1/0/12
(BX900-CB1)#
(BX900-CB1)#configure
(BX900-CB1)(Config)#port-group pg_overlap uplink_1
(BX900-CB1)(Config)#interface range 0/1 – 0/12
(BX900-CB1)(if-range)#no port-group
(BX900-CB1)(if-range)#port-group pg_overlap
(BX900-CB1)(if-range)#exit
(BX900-CB1)(Config)#svc-vlan svlan_overlap 4094 uplink_1
(BX900-CB1)(Config)#interface range 0/20 – 0/24
(BX900-CB1)(if-range)#svc-vlan svlan_overlap
(BX900-CB1)(if-range)#exit
(BX900-CB1)(Config)#exit
(BX900-CB1)#show port-group pg_overlap
Port Group Name Internal Ports Uplink Set Name External Ports
BX900-CB1/0/2 BX900-CB1/0/42
BX900-CB1/0/3
BX900-CB1/0/4
BX900-CB1/0/5
BX900-CB1/0/6
BX900-CB1/0/7
BX900-CB1/0/8
BX900-CB1/0/9
BX900-CB1/0/10
BX900-CB1/0/11
BX900-CB1/0/12
BX900-CB1/0/21 BX900-CB1/0/42
BX900-CB1/0/22
BX900-CB1/0/23
BX900-CB1/0/24
(BX900-CB1)#
Beginning in privileged EXEC mode, follow these steps to configure link aggregation with
LACP:
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 port-channel name To create a port-channel.
Step 3 interface interface-id Specify the port-channel interface (logical
interface), and enter interface
configuration mode.
Step 4 no staticcapability To disable the static mode of the
port-channel.
Step 5 exit Return to global configuration mode.
Step 6 interface interface-id Specify the downlink interface, and enter
interface configuration mode.
Step 7 channel-group interface-id To join the specified port-channel group.
Step 8 exit Return to global configuration mode.
Step 9 exit Return to privileged EXEC mode
Step 10 show port-channel all Verify the configuration.
(BX900-CB1)#configure
(BX900-CB1)(Config)#port-channel downlink-lag1
Interface BX900-CB1/1/3 created for port-channel downlink-lag1
(BX900-CB1)(Config)#interface range 0/1 – 0/4
(BX900-CB1)(if-range)#channel-group BX900-CB1/1/3
Intf Name Link Mode Mode Mode Type LB Ports Speed Active
------ --------------- ------ ---- ---- ------ ---- --- ------ --------- ------
BX900-CB1/1/3 downlink-lag1 Down En. En. En. Dy. SDM BX900-CB1/0/1 Auto False
(BX900-CB1)#
Beginning in privileged EXEC mode, follow these steps to configure link aggregation without
LACP:
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 port-channel name To create a port-channel.
Step 3 interface interface-id Specify the port-channel interface (logical
interface), and enter interface
configuration mode.
Step 4 staticcapability To enable the static mode of the
port-channel.
Step 5 exit Return to global configuration mode.
Step 6 interface interface-id Specify the downlink interface, and enter
interface configuration mode.
Step 7 channel-group interface-id To join the specified port-channel group.
Step 8 exit Return to global configuration mode.
Step 9 exit Return to privileged EXEC mode.
Step 10 show port-channel all Verify the configuration.
In this example, a port-channel group downlink-lag1 is created with static property and
downlink interfaces 0/1, 0/2, 0/3 and 0/4 are set to the member of this port-channel group.
(BX900-CB1)#configure
(BX900-CB1)(Config)#port-channel downlink-lag1
Interface BX900-CB1/1/3 created for port-channel downlink-lag1
(BX900-CB1)(Config)#interface BX900-CB1/1/3
(BX900-CB1)(Interface BX900-CB1/1/3)#staticcapability
(BX900-CB1)(Interface BX900-CB1/1/3)#exit
(BX900-CB1)(Config)#interface range 0/1 – 0/4
(BX900-CB1)(if-range)#channel-group BX900-CB1/1/3
(BX900-CB1)(if-range)#exit
Intf Name Link Mode Mode Mode Type LB Ports Speed Active
------ --------------- ------ ---- ---- ------ ---- --- ------ --------- ------
BX900-CB1/1/3 downlink-lag1 Down En. En. En. St. SDM BX900-CB1/0/1 Auto False
(BX900-CB1)#
Beginning in privileged EXEC mode, follow these steps to configure link aggregation with load
balance settings:
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 interface interface-id Specify the port-channel interface (logical
interface), and enter interface
configuration mode.
Step 3 load-balance Set the load balance for the port-channel
<dst-ip/dst-mac/src-dst-ip/src-dst-mac/ group.
src-ip/src-mac>
Step 4 exit Return to global configuration mode.
Step 5 exit Return to privileged EXEC mode.
Step 6 show port-channel all Verify the configuration.
To set the load balance setting of a port-channel group, use load-balance interface
configuration command. To display port-channel group, use show port-channel all
privileged EXEC command.
(BX900-CB1)#configure
(BX900-CB1)(Config)#port-channel downlink-lag1
Interface BX900-CB1/1/3 created for port-channel downlink-lag1
(BX900-CB1)(Config)#interface BX900-CB1/1/3
(BX900-CB1)(Interface BX900-CB1/1/3)#load-balance src-dst-ip
(BX900-CB1)(Interface BX900-CB1/1/3)#exit
(BX900-CB1)(Config)#exit
(BX900-CB1)#show port-channel all
Port- Link
Intf Name Link Mode Mode Mode Type LB Ports Speed Active
------ --------------- ------ ---- ---- ------ ---- --- ------ --------- ------
BX900-CB1/1/3 downlink-lag1 Down En. En. En. St. SDI BX900-CB1/0/1 Auto False
(BX900-CB1)#
Beginning in privileged EXEC mode, follow these steps to configure downlink isolation for an
interface:
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 interface interface-id Specify the downlink/internal interface,
and enter interface configuration mode.
Step 3 isolate Set the isolation for this interface.
Step 4 exit Return to privileged EXEC mode.
Step 5 show port-channel all Verify the configuration.
In this example, the interface 0/1, the member of the port group, is set to use downlink
isolation.
(BX900-CB1)#configure
(BX900-CB1)(Config)#interface 0/1
(BX900-CB1)(Interface BX900-CB1/0/1)#isolate
(BX900-CB1)(Interface BX900-CB1/0/1)#exit
(BX900-CB1)(Config)#exit
(BX900-CB1)#show interface status 0/1
Interface......................... BX900-CB1/0/1
ifIndex........................... 1
Description.......................
Admin Mode........................ Disable
E-Keying Status................... Connected
Physical Mode..................... Auto
Physical Status...................
Link Status....................... Down
(BX900-CB1)#
Beginning in privileged EXEC mode, follow these steps to configure priority control on specific
interface:
Command Purpose
Step 1 configure Enter global configuration mode
Step 2 interface interface-id Specify the interface, and enter interface
configuration mode. The interface can be a
physical Layer 2 interface or a port channel
(logical interface).
Step 3 queue trust dot1p Set the trust mode to dot1p.
Step 4 queue cos-map priority-id queue-id Assign a priority ID to specific traffic class
queue to configure dot1p priority mapping.
Step 5 exit Return to global configuration mode.
Step 6 exit Return to privileged EXEC mode.
Step 7 show queue cos-map interface-id Verify the configuration.
To configure priority control and assign priority mapping to an interface, use the CoS
interface configuration command. To display the configuration, use show queue cos-map
privileged EXEC command.
In this example, cos-map is configured on interface 0/1 to assigns egress port queue of
different priority to User priority value (CoS) in VLAN tag:
(BX900-CB1)#configure
(BX900-CB1)(Config)#interface 0/1
(BX900-CB1)(Interface BX900-CB1/0/1)#queue trust dot1p
(BX900-CB1)(Interface BX900-CB1/0/1)#queue cos-map 0 1
(BX900-CB1)(Interface BX900-CB1/0/1)#queue cos-map 1 2
(BX900-CB1)(Interface BX900-CB1/0/1)#queue cos-map 4 2
(BX900-CB1)(Interface BX900-CB1/0/1)#exit
(BX900-CB1)#show queue cos-map 0/1
(BX900-CB1)#
Beginning in privileged EXEC mode, follow these steps to configure IP precedence value
rewrite on specific interface:
Command Purpose
Step 1 configure Enter global configuration mode
Step 2 diffserv Enable DiffServ Admin mode.
Step 3 class-map match-all Create a DiffServ class with a class-map
class-map-name name.
Step 4 match cos <0-7> Configure a match condition based on a
CoS value..
Step 5 exit Return to global configuration mode.
Step 6 policy-map policy-name in Create a DiffServ policy with a policy-map
name.
Step 7 class class-map-name Attach the DiffServ class to this policy.
Step 8 mark ip-precedence <0-7> Configure marking action on the specific IP
precedence value.
Step 9 exit Return to policy-map configuration mode.
Step 10 exit Return to global configuration mode.
Step 11 interface interface-id Specify the interface, and enter interface
configuration mode. The interface can be a
physical Layer 2 interface or a port channel
(logical interface).
Step 12 service-policy in policy-map-name Specify the policy which will be applied to
this interface.
Step 13 exit Return to global configuration mode.
Step 14 exit Return to privileged EXEC mode.
Step 15 show class-map Verify the configuration.
Step 16 show policy-map Verify the configuration.
Step 17 show policy-map interface Verify the configuration.
interface-id in
(BX900-CB1)#configure
(BX900-CB1)(Config)#diffserv
(BX900-CB1)(Config)#class-map match-all class1
(BX900-CB1)(Config-classmap)#match cos 5
(BX900-CB1)(Config-classmap)#exit
(BX900-CB1)(Config)#policy-map policy1 in
(BX900-CB1)(Config-policy-map)#class class1
(BX900-CB1)(Config-policy-classmap)#mark ip-precedence 2
(BX900-CB1)(Config-policy-classmap)#exit
(BX900-CB1)(Config-policy-map)#exit
(BX900-CB1)(Config)#interface 0/1
(BX900-CB1)(Interface BX900-CB1/0/1)#service-policy in policy1
(BX900-CB1)(Interface BX900-CB1/0/1)#exit
(BX900-CB1)(Config)#exit
(BX900-CB1)#show class-map
Class
Class Name Type Reference Class Name
------------------------------- ----- -------------------------------
class1 All
(BX900-CB1)#show policy-map
Interface...................................... BX900-CB1/0/1
Direction...................................... In
Operational Status............................. Down
Policy Name.................................... policy1
Interface Summary:
(BX900-CB1)#
Beginning in privileged EXEC mode, follow these steps to configure change queue on specific
interface:
Command Purpose
Step 1 configure Enter global configuration mode
Step 2 diffserv Enable DiffServ Admin mode.
Step 3 class-map match-all Create a DiffServ class with a class-map
class-map-name name.
Step 4 match cos <0-7> Configure a match condition based on a
CoS value..
Step 5 exit Return to global configuration mode.
Step 6 policy-map policy-name in Create a DiffServ policy with a policy-map
name.
Step 7 class class-map-name Attach the DiffServ class to this policy.
Step 8 assign-queue <0-6> Set queue ID to which traffic class is
assigned.
Step 9 exit Return to policy-map configuration mode.
Step 10 exit Return to global configuration mode.
Step 11 interface interface-id Specify the interface, and enter interface
configuration mode. The interface can be a
physical Layer 2 interface or a port channel
(logical interface).
Step 12 service-policy in policy-map-name Specify the policy which will be applied to
this interface.
Step 13 exit Return to global configuration mode.
Step 14 exit Return to privileged EXEC mode.
Step 15 show policy-map Verify the configuration.
policy-map-name
To configure change queue to interface, use the diffserv global configuration command.
To display the policy configuration, use show policy-map privileged EXEC command. To
display the class configuration, use show class-map privileged EXEC command.
In this example, DiffServ is configured on interface 0/1 to change queue which the received
packets in ingress port use in egress port:
(BX900-CB1)#configure
(BX900-CB1)(Config)#diffserv
(BX900-CB1)(Config)#class-map match-all class2
(BX900-CB1)(Config-classmap)#match cos 2
(BX900-CB1)(Config-classmap)#exit
(BX900-CB1)(Config)#policy-map policy2 in
Class
Class Name Type Reference Class Name
------------------------------- ----- -------------------------------
class1 All
class2 All
(BX900-CB1)#show policy-map
(BX900-CB1)#
Beginning in privileged EXEC mode, follow these steps to configure IGMP/MLD Snooping on
specific uplink set:
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 igmpsnooping uplinkSetName Enable IGMP/MLD snooping for the specific
uplink set and its associated groups.
Step 3 exit Return to privileged mode.
Step 4 show igmpsnooping Display IGMP/MLD snooping information.
(BX900-CB1)#configure
(BX900-CB1)(Config)#igmpsnooping default
(BX900-CB1)(Config)#exit
(BX900-CB1)#show igmpsnooping
(BX900-CB1)#
Beginning in privileged EXEC mode, follow these steps to configure IEEE 802.1X
authentication:
Command Purpose
Step 1 configure Enter global configuration mode
Step 2 dot1x system-auth-control Enable IEEE 802.1X authentication
support on the switch
Step 3 exit Return to global configuration mode.
Step 4 show dot1x summary interface-id Show detailed status for specified port
In this example, we configure all interfaces to force-authorized mode but interface 0/6 to
auto authentication mode. Then check the authenticated state for the interface 0/6.
Operating Reauthentication
Interface Control Mode Control Mode Enabled Port Status
--------- ------------------ ------------------ ---------------- ------------
BX900-CB1/0/6 auto auto FALSE Authorized
Beginning in privileged EXEC mode, follow these steps to configure IEEE 802.1X
authentication:
Command Purpose
Step 1 configure Enter global configuration mode
Step 2 radius-server host auth Create a radius server for IEEE 802.1X
ip-addr/hostname authentication
Step 3 radius-server key auth Give s radius share key to a radius
ip-addr/hostnam <0/7> key-value server
Step 4 authentication login list-name radius Create a authentication list for radius
Step 5 dot1x system-auth-control Enable IEEE 802.1X authentication
support on the switch
Step 6 dot1x default-login list-name Assign an authentication list to IEEE
802.1X default login for non-configured
users
Step 7 exit Return to global configuration mode.
Step 8 show authentication Verify the configuration.
Step 9 show radius Verify the configuration.
To assign a remote radius server for IEEE 802.1X, use radius-server host auth
ip-addr/hostname. To create an authentication list for radius, use authentication login
list-name radius. To assign an authentication list for IEEE 802.1X non-configured users,
use dot1x default-login list-name.
In this example, a radius server 192.168.3.1 will be assigned to authenticate IEEE 802.1X
with share key secret.
(BX900-CB1)#
Beginning in privileged EXEC mode, follow these steps to configure port mirroring:
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 port-monitor session session-id Enable admin mode.
mode
Step 3 port-monitor session session-id Setting port-monitor source port. The
source interface interface-id [rx| tx] interface can be a physical Layer 2 interface
or a port channel (logical interface).
Step 4 port-monitor session session-id Setting port-monitor destination port.
destination interface interface-id
Step 5 show port-monitor session Verify the configuration.
session-id
In this example, interface 0/46 is configured to monitor the transmitted and received
packets of interface 0/40 and to monitor the received packets of interface 0/41:
(BX900-CB1)#configure
(BX900-CB1)(Config)#port-monitor session 1 mode
(BX900-CB1)(Config)#port-monitor session 1 source interface 0/40
(BX900-CB1)(Config)#port-monitor session 1 source interface 0/41 rx
(BX900-CB1)(Config)#port-monitor session 1 destination interface 0/46
(BX900-CB1)(Config)#exit
(BX900-CB1)#
(BX900-CB1)#show port-monitor session 1
Session ID Admin Mode Dest.Port Sour.Port Type
---------- ---------- ---------- ------------- -----
1 Enable BX900-CB1/0/46 BX900-CB1/0/40 Rx,Tx
BX900-CB1/0/41 Rx
(BX900-CB1)#
Beginning in privileged EXEC mode, follow these steps to configure SNMP agent community:
Command Purpose
Step 1 configure Enter global configuration mode
Step 2 snmp-server community Create a snmp community. The default
community-name1 access mode is READ-ONLY.
Step 3 snmp-server community Create another snmp community.
community-name2
Step 4 snmp-server community rw Set the access mode of the SNMP
community-name2 community to READ-WRITE access mode..
Step 5 exit Return to global configuration mode.
Step 6 show snmp Verify the configuration.
In this example, two snmp communities are created for read and read-write:
SNMP Community Name Client IP Address Client IP Mask Access Mode Status
------------------- ----------------- ----------------- ----------- --------
public 0.0.0.0 0.0.0.0 Read Only Enable
private 0.0.0.0 0.0.0.0 Read/Write Enable
(BX900-CB1)#
Command Purpose
Step 1 configure Enter global configuration mode
Step 2 snmptrap trap-name ipaddress Create a SNMP trap and specify the client ip
snmpversion <snmpv1|snmpv2> address to receive SNMP traps.
Step 3 exit Return to global configuration mode.
Step 4 show snmptrap Verify the configuration.
To configure snmp trap, use the snmptrap global configuration command. To display the
snmp trap configuration, use show snmptrap privileged EXEC command.
In this example, create and activate the snmp trap for snmp trap receiver:
(BX900-CB)#
Beginning in privileged EXEC mode, follow these steps to configure system logs to syslog
server:
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 logging host hostaddress [port] Set the IP address and port number of
[severitylevel] logging host/server which syslog
message to be sent.
Step 3 logging syslog To enable the syslog to configured hosts.
Step 4 exit Return to privileged EXEC mode.
Step 5 show logging Verify the configuration of syslog
Step 6 show logging host Verify the configuration of syslog host
To create a syslog host, use logging host global configuration command. To enable or
disable syslog, use logging syslog global configuration command.
In this example, create a logging host to sent critical messages and enable the syslog
client.