sb11 Sb11a Ibp CG

Configuration Guide
PRIMERGY BX900 Blade Server Systems

Ethernet Connection Blade Module
IBP version
English
PRIMERGY BX900 Blade Server Systems
Ethernet Connection Blade Module
Configuration Guide
IBP version
Edition February 2009

Comments… Suggestions… Corrections…
The User Documentation Department would like to
know your opinion of this manual. Your feedback helps
us optimize our documentation to suit your individual needs.
Feel free to send us your comments by e-mail to manuals@ts.fujitsu.com.
Copyright and Trademarks

Copyright © 2009 Fujitsu Technology Solutions GmbH.
All rights reserved.
Delivery subject to availability; right of technical modifications reserved.
All hardware and software names used are trademarks of their respective manufacturers
© 2009 Fujitsu Technology Solutions 2

Content
1 Configuration Guide Overview .................................................................................. 5
2 Configuring Management........................................................................................... 6
2.1 Configuring In-band Management IP setting ................................................................ 7
2.2 Configuring oob IP setting........................................................................................... 10
2.3 Configuring default gateway setting ............................................................................ 12
2.4 Upload Firmware Image and Configuration File ......................................................... 14
3 Overview Uplink and downlink ................................................................................ 16
4 Packet handling in different group types ............................................................... 17
5 Configuring Uplink Sets ........................................................................................... 22

5.1 Creating Uplink Sets ................................................................................................... 22
5.2 Configuring Link State................................................................................................. 24
5.3 Configuring Backup Port ............................................................................................. 25
6 Configuring Port Groups.......................................................................................... 26
7 Configuring VLAN Groups ....................................................................................... 28
8 Configuring Service LAN ......................................................................................... 30
9 Configuring Service VLAN ....................................................................................... 31
10 Combining Port Groups and Service (V)LAN ......................................................... 32
11 Configuring downlink LAG ...................................................................................... 36

11.1 Configuring Link Aggregation with LACP .................................................................... 36
11.2 Configuring Static Link Aggregation............................................................................ 38
11.3 Configuring Load Balance of Link Aggregation........................................................... 40
12 Private Network ......................................................................................................... 42
13 Configuring QoS ....................................................................................................... 44

13.1 Configuring priority control .......................................................................................... 44
13.2 Configuring priority control rewrite .............................................................................. 46
13.2.1 IP Precedence value rewrite ....................................................................................... 46
13.2.2 Change queue of packets in VLAN ............................................................................. 49
14 Configuring IGMP/MLD Snooping ........................................................................... 51
15 Configuring IEEE 802.1X Authentication ................................................................ 52

15.1 Using Local User Name/ Password ............................................................................ 52
15.2 Using Remote RADIUS Server ................................................................................... 54
16 Configuring Port Mirroring....................................................................................... 56
17 Configuring SNMP Agent ......................................................................................... 57
18 Configuring System Log .......................................................................................... 59

Revision History
Revision Date Editor Remark

0.1 2/18/2009 Moore C. J. Lee 1st Draft

1 Configuration Guide Overview
This guide describes the PRIMERGY BX900 Ethernet Connection Blade specific functions that
you might encounter. Basically, the guide describes how to configure your switch or how to
configure software features on your switch. It also provides detailed information about
commands that have been created or changed for use by the Ethernet Connection Blade.
This document provides the following guidelines:
Configuring Management
Configuring Uplink Sets
Configuring Port groups
Configuring VLAN groups
Configuring service LAN
Configuring service VLAN
Combining Port groups and service (V)LAN
Configuring Downlink LAG
Configuring Private Network
Configuring QoS
Configuring IGMP/MLD snooping
Configuring IEEE 802.1X Authentication
Configuring Port Mirroring
Configuring SNMP Agent
Configuring System Log
Mode Prompt
privileged EXEC mode (BX900-CB1)#
Configuration mode (BX900-CB1)(Config)#
Interface mode (BX900-CB1)(Interface BX900-CB1/0/1)#
Interface range mode (BX900-CB1)(if-range)#

2 Configuring Management
The BX900 Ethernet Connection Blade could be managed via two kinds of method. One is to
use console redirection from management blade, the other is to use IP network connection.
Two management interfaces for IP network connection, in-band and out-of-band management
interfaces, are provided for users to access and to manage the Ethernet Connection Blade.
Both of these two management interfaces could be configured to get the IP address via use
DHCP at a time, but not simultaneously.
The BX900 Ethernet Connection Blade supports only one default gateway in the system. User
could assign the default gateway for in-band management or out-of-band management
interface, but not simultaneously. If the gateway for the in-band management is set it is only
valid for the in-band management. If the user tries to set also the gateway for the out-of-band
management there will be an error message saying that the gateway for the in-band
management is already set and it is therefore not allowed to configure a second one. If the
gateway for the out-of-band management is set it is only valid for the out-of-band
management. Again an appropriate error message will be shown if it is tried to configure the
in-band management gateway. If user configure one of these two management ports to get the
IP address from DHCP server, the default gateway got from DHCP server will be overridden
the existed one. That is, the default gateway will always be valid for the management port
which is configured to use DHCP if the IP and default gateway are assigned by DHCP server
successfully.
This chapter will describe how to configure IP address for the in-band and out-of-band
management interfaces and how to configure the default gateway for the system on the BX900
Ethernet Connection Blade.

2.1 Configuring In-band Management IP setting
This section will describe how to configure the in-band management IP setting.
Beginning in privileged EXEC mode, follow these steps to configure management IP setting for
in-band management interface:
Command Purpose
Step 1 configure Enter global configuration mode.
Step 2 ip address protocol To set IP management interface to use
<bootp|dhcp|none> bootp, dhcp or none.
Step 3 ip address <ipaddress> <netmask> To set a fixed IP address and net mask for
[<vlanId>] management interface.
Step 4 exit Return to privileged EXEC mode.
Step 5 show ip interface Verify the configuration.
To configure a fixed IP address for the in-band management interface, use ip address
protocol none global configuration command. To set an IP address and net mask for
in-band management interface, use ip address global configuration command. To display
IP setting of in-band management interface, use show ip interface privileged EXEC
command.
In this example, in-band management interface is set to use IP address 192.168.2.1and

net mask 255.255.255.0. With this configuration, any untagged packets with the
destination IP of Ethernet Connection Blade will be allowed to access the Ethernet
Connection Blade.
(BX900-CB1)#configure
(BX900-CB1)(Config)#ip address protocol none
Changing protocol mode will reset ip configuration.
Are you sure you want to continue? (y/n)y
(BX900-CB1)(Config)#ip address 192.168.2.1 255.255.255.0
(BX900-CB1)(Config)#exit
(BX900-CB1)#show ip interface
IP address and netmask: 192.168.2.1 255.255.255.0,
and address mode: User specified.
InBand Mgmt Granted Ports: BX900-CB1/0/1, BX900-CB1/0/2, BX900-CB1/0/3,

BX900-CB1/0/4, BX900-CB1/0/5, BX900-CB1/0/6,
BX900-CB1/0/7, BX900-CB1/0/8, BX900-CB1/0/9,
BX900-CB1/0/10, BX900-CB1/0/11, BX900-CB1/0/12,
BX900-CB1/0/13, BX900-CB1/0/14, BX900-CB1/0/15,

BX900-CB1/0/16, BX900-CB1/0/17, BX900-CB1/0/18,
BX900-CB1/0/19, BX900-CB1/0/20, BX900-CB1/0/21,
BX900-CB1/0/22, BX900-CB1/0/23, BX900-CB1/0/24,
BX900-CB1/0/25, BX900-CB1/0/26, BX900-CB1/0/27,
BX900-CB1/0/28, BX900-CB1/0/29, BX900-CB1/0/30,
BX900-CB1/0/31, BX900-CB1/0/32, BX900-CB1/0/33,
BX900-CB1/0/34, BX900-CB1/0/35, BX900-CB1/0/36,
BX900-CB1/0/37, BX900-CB1/0/38, BX900-CB1/0/39,
BX900-CB1/0/40, BX900-CB1/0/41, BX900-CB1/0/42,
BX900-CB1/0/43, BX900-CB1/0/44, BX900-CB1/0/45,
BX900-CB1/0/46, BX900-CB1/0/47, BX900-CB1/0/48
InBand Mgmt Denied Ports: -
(BX900-CB1)#
In this example, assign a VLAN ID for the in-band management interface. With this
configuration, the received tagged packets with the same VLAN ID will be allowed to
access the Ethernet Connection Blade. Otherwise, the packets will be dropped.
(BX900-CB1)(Config)#ip address 192.168.2.1 255.255.255.0 100
(BX900-CB1)#show ip interface
IP address and netmask: 192.168.2.1 255.255.255.0 on VLAN 100,
and address mode: User specified.
InBand Mgmt Granted Ports: BX900-CB1/0/1, BX900-CB1/0/2, BX900-CB1/0/3,

BX900-CB1/0/4, BX900-CB1/0/5, BX900-CB1/0/6,
BX900-CB1/0/7, BX900-CB1/0/8, BX900-CB1/0/9,
BX900-CB1/0/10, BX900-CB1/0/11, BX900-CB1/0/12,
BX900-CB1/0/13, BX900-CB1/0/14, BX900-CB1/0/15,
BX900-CB1/0/16, BX900-CB1/0/17, BX900-CB1/0/18,
BX900-CB1/0/19, BX900-CB1/0/20, BX900-CB1/0/21,
BX900-CB1/0/22, BX900-CB1/0/23, BX900-CB1/0/24,
BX900-CB1/0/25, BX900-CB1/0/26, BX900-CB1/0/27,
BX900-CB1/0/28, BX900-CB1/0/29, BX900-CB1/0/30,
BX900-CB1/0/31, BX900-CB1/0/32, BX900-CB1/0/33,
BX900-CB1/0/34, BX900-CB1/0/35, BX900-CB1/0/36,

BX900-CB1/0/37, BX900-CB1/0/38, BX900-CB1/0/39,
BX900-CB1/0/40, BX900-CB1/0/41, BX900-CB1/0/42,
BX900-CB1/0/43, BX900-CB1/0/44, BX900-CB1/0/45,
BX900-CB1/0/46, BX900-CB1/0/47, BX900-CB1/0/48
InBand Mgmt Denied Ports: -
(BX900-CB1)#

2.2 Configuring oob IP setting
This section will describe how to configure the out-of-band (oob) management IP setting.
Beginning in privileged EXEC mode, follow these steps to configure management IP setting for
out-of-band management interface:
Command Purpose
Step 2 oob protocol To set IP management interface to use
<bootp|dhcp|dhcp6|none> bootp, dhcp, dhcpv6 or none.
Step 3 oob ip <ipaddr> <netmask> To set a fixed IP address and net mask for
management interface.
Step 5 show oob Verify the configuration.
To configure to get IP address via DHCP protocol for the out-of-band management
interface, use oob protocol dhcp global configuration command. To set an IP address
and net mask for out-of-band management interface, use oob ip global configuration
command. To display IP setting of out-of-band management interface, use show oob
privileged EXEC command.
In this example, out-of-band management interface is configured to get the IP address via
DHCP protocol.
(BX900-CB1)(Config)#oob protocol dhcp
(BX900-CB1)#show oob
IP Address..................................... 172.16.2.125
Subnet Mask.................................... 255.255.255.0
Default Gateway................................ 172.16.2.254
IPv6 Address................................... FE80::21E:68FF:FE85:F760/64
OOB interface Configured Protocol.............. DHCP
Burned In MAC Address.......................... 00:1E:68:85:F7:60
(BX900-CB1)#

In this example, out-of-band management interface is configured with a fixed IP address
192.168.2.1 and a net mask 255.255.255.0.
(BX900-CB1)(Config)#oob protocol none
(BX900-CB1)(Config)#oob ip 192.168.2.1 255.255.255.0
IP Address..................................... 192.168.2.1
Subnet Mask.................................... 255.255.255.0
Default Gateway................................ 0.0.0.0
OOB interface Configured Protocol.............. None
(BX900-CB1)#

2.3 Configuring default gateway setting
This section will describe how to configure the default gateway for the system.
Beginning in privileged EXEC mode, follow these steps to configure default gateway from
out-of-band management interface:
Command Purpose
Step 2 oob protocol To set IP management interface to use
<bootp|dhcp|dhcp6|none> bootp, dhcp, dhcpv6 or none.
Step 3 oob ip <ipaddr> <netmask> To set a fixed IP address and net mask for
Step 4 oob gateway <gateway> To set the default gateway address.
Step 6 show oob Verify the configuration.
To configure the default gateway for the out-of-band management interface, use oob
gateway global configuration command. To display IP setting of out-of-band management
interface, use show oob privileged EXEC command.
In this example, out-of-band management interface is configured with a fixed IP address

10.1.20.1 and default gateway 10.1.20.254.
(BX900-CB1)(Config)#oob protocol none
(BX900-CB1)(Config)#oob ip 10.1.20.1 255.255.255.0
(BX900-CB1)(Config)#oob gateway 10.1.20.254
IP Address..................................... 10.1.20.1
Subnet Mask.................................... 255.255.255.0
Default Gateway................................ 10.1.20.254
OOB interface Configured Protocol.............. None
(BX900-CB1)#

Beginning in privileged EXEC mode, follow these steps to configure default gateway from
in-band management interface:
Command Purpose
Step 2 ip address protocol To set IP management interface to use
<bootp|dhcp|none> bootp, dhcp, or none.
Step 3 ip address <ipaddr> <netmask> To set a fixed IP address and net mask for
Step 4 ip default-gateway <gateway> To set the default gateway address.
Step 6 show ip redirects Verify the configuration.
To configure the default gateway for the in-band management interface, use ip
default-gateway global configuration command. To display IP setting of in-band
management interface, use show ip redirects privileged EXEC command.
In this example, in-band management interface is configured with a fixed IP address

192.168.2.1 and default gateway 192.168.2.254.
(BX900-CB1)(Config)# ip address 192.168.2.1 255.255.255.0
(BX900-CB1)(Config)#ip default-gateway 192.168.2.254
(BX900-CB1)#show ip redirects
ip default gateway 192.168.2.254
(BX900-CB1)#
The gateway of in-band and out-of-band (oob) management interface can’t be set
! at the same time. If the gateway of oob has been set, you have to remove it before
you configure the gateway of in-band management interface.

2.4 Upload Firmware Image and Configuration File
This section will describe how to upload the FW and configuration file from Ethernet
Connection Blade.
Beginning in privileged EXEC mode, follow these steps to upload firmware from Ethernet
Connection Blade:
Command Purpose
Step 1 copy image <filename> <url> To upload firmware specified in
<filename> to the <url> address where
<url>={xmodem | tftp://ipaddr/path/file |
ftp://user:pass@ipaddr/path/file}
To upload a firmware, use copy image privileged EXEC command.
In this example, a firmware will be uploaded via TFTP protocol to a TFTP server with IP
address 192.168.2.100.
Before performing the upload operation, you have to configure an IP address for
! your Ethernet Connection Blade via DHCP protocol or manually.
(BX900-CB1)#copy image sb11a-sw-r-0.30.0213.biz tftp://192.168.2.100/sb11a-sw-r-0.30.0213.img
Mode........................................... TFTP
Set TFTP Server IP............................. 192.168.2.100
TFTP Path...................................... ./
TFTP Filename.................................. sb11a-sw-r-0.30.0213.img
Data Type...................................... Code
Management access will be blocked for the duration of the transfer

Are you sure you want to start? (y/n)y
TFTP code transfer starting
File transfer operation completed successfully.

(BX900-CB1)#

Beginning in privileged EXEC mode, follow these steps to upload configuration from Ethernet
Connection Blade:
Command Purpose
Step 1 copy startup-config <filename> To upload configuration file specified in
<url> <filename> to the <url> address where
<url>={xmodem | tftp://ipaddr/path/file |
ftp://user:pass@ipaddr/path/file}.
To upload a firmware, use copy startup-config privileged EXEC command.
In this example, a configuration file will be uploaded via TFTP protocol to a TFTP server
with IP address 192.168.2.100.
Before performing the upload operation, you have to configure an IP address for
! your Ethernet Connection Blade via DHCP protocol or manually.
(BX900-CB1)#copy startup-config default.cfg tftp://192.168.2.100/backup_config.cfg
Mode........................................... TFTP
Set TFTP Server IP............................. 192.168.2.100
TFTP Path...................................... ./
TFTP Filename.................................. backup_config.cfg
Data Type...................................... Config File
Management access will be blocked for the duration of the transfer

Are you sure you want to start? (y/n)y
File transfer operation completed successfully.
(BX900-CB1)#

3 Overview Uplink and downlink
The ports (EXT37~EXT48 for SB11a, EXT37-EXT46 for SB11) connected to the external
network are called uplink port/external port, and the ports (INT1~INT36) connected to the NICs
of server blades are called downlink port/internal port. In SB11a, it provides 12 external ports
(8 RJ-45 ports and 4 SFP ports) and 36 downlink ports. In SB11, it provides 10 external ports
(8 RJ-45 ports and 2 SFP+ ports) and 36 downlink ports.
Uplink ports
Each uplink port is configured as a member of a LAG in default; it provides the external access
connection for Server Blade System. The configuration of uplink ports eliminates the need for
the Spanning Tree Protocol to prevent network loops and also provides a redundant function
for the external connection to improve network reliability.
In addition, the L2 failover feature is also provided for the uplink ports. With Network Adaptor
Teaming configured on the server blade Ethernet NIC, the servers can maintain redundant
links to multiple Ethernet Connection Blades within the Blade Server System to provide
enhanced reliability. The L2 failover feature allows the Ethernet Connection Blade to disable
the server-blade ports when all of its uplink ports are inactive. This causes the Network
Adaptor Teaming software to failover to the other Ethernet Connection Blade(s) in the Blade
Server System.
Downlink ports
Downlink port provides a network connection with 1Gbps full-duplex speed for the server
blades. The downlink ports could be configured as a member of a LAG to combine server
blade NICs connected to same Ethernet Connection Blade to provide a higher network
bandwidth for a server blade.

4 Packet handling in different group types
In IBP firmware version, it defines several groups, including Port groups, VLAN groups,
Service LAN, and Service VLAN. They provide different characteristics of handling packets.
Each group should combine an uplink set for its external connection. Packet handling in
different group types will be introduced in this chapter.
Port Groups
The downlink ports of Ethernet Connection Blade can be combined into Port Groups. Up to 36
port groups are available for the Ethernet Connection Blade with IBP firmware version. Each
Port Group could contain internal server ports (INT1-INT36).
All ports in a Port Group have the same configuration and are a member of a unique,
untagged/tagged VLAN. The packets are forwarded as it is received on Ethernet Connection
Blade, that is, tagged packets received from the server blades are forwarded include their tags
to all ports of the Port Group and untagged packets received from the server blades are
forwarded untagged to all ports of the Port Group. We call this as the VLAN transparent.
In addition, communication between Port Groups is not possible, nor is traffic from one group
visible in another group.
VLAN groups
The major difference to the traditional Port Group feature is that the grouping is defined on
VLAN base. It is similar to the port-based VLAN. Note that even though having identical VLAN
IDs, the VLANs in different VLAN port groups are different VLANs.
The incoming untagged packets received from the server blades will be tagged with the user
defined group VLAN tag and forwarded to the Uplink Set of the VLAN port group. The packets
leave the uplink(s) as tagged packets, the VLAN tag is not removed at the uplink(s). If the
server blade is sending tagged packets, they are dropped, except the tag is identical to the
defined Service VLAN ID. In this case it is handled according the Service VLAN definition,
forwarded to the Service VLAN Uplink Set.
The incoming tagged packets received at the uplink ports of VLAN port group are forwarded to
the downlink (server blade); according to their group VLAN tag definition. The tag is removed
at the downlink port, so that the server blades are receiving untagged packets. Packets tagged
with VLAN IDs other than defined by VLAN groups are dropped at the uplink(s), except those
tagged with the Service VLAN ID. They are handled according to Service VLAN group
definition.
Within the set of VLAN Port Groups sharing the same Uplink Set, one VLAN can be optionally
defined as “native VLAN”. This changes the tagging behavior at the uplink port for this native
VLAN ID. Incoming untagged packets are not dropped, but are tagged with the native VLAN ID
and forwarded to all the downlinks of this VLAN group. Incoming packets tagged with the
native VLAN ID are dropped at the uplink. Tagged packets with a VLAN ID that does not match
the VLAN ID of any other VLAN Port Group defined for this uplink set will be dropped. All

outgoing packets for this VLAN group will leave the Ethernet Connection Blade untagged, and
the native VLAN tag is stripped.
Service LAN
The Service LAN receives tagged packets from the server blade, but the tags are stripped
when they leave the uplink (external port). Incoming untagged packets received at the
uplink/external port are tagged and send to the corresponding downlinks (server blade) as
tagged packets. Incoming tagged packets at uplink/external ports are dropped.
Service VLAN
The Service VLAN receives tagged packets with Service VLAN ID from the server blade, and
forwards them to uplink/external port as tagged packets. Incoming tagged packets with
Service VLAN ID received at the uplink/external port are sent to the corresponding downlinks/
server blade as tagged packets.
Different Service VLANs may share the same Uplink Set. If the port which is member of the
Service VLAN, receives tagged packets with the Service VLAN ID (SVID), those received
tagged packets will be forwarding based on Service VLAN. The Service VLANs with different
VLAN IDs may overlap in internal ports. The Service VLANs with disjoint uplink sets may have
identical SVID. The Service VLAN only defines the internal ports to form a group and it can
define its external connection by combining Uplink Sets.
Note that (VLAN) Port Group and Service (V)LAN may overlap on the internal ports
(downlinks). The untagged packets received from the server blade or uplink ports should obey
the rule of the (VLAN) Port Group.

The packet handling for each group is summarized as the following tables.
Tagged packets Untagged packets

Port Group Tagged packets received from the Untagged packets received from
server blades are forwarded incl. their the server blades are forwarded
tags to all ports of the Port Group. untagged to all ports of the Port
Group.
VLAN Port Tagged packets received from the Untagged packets received from
Group server blades are dropped, even if the the server blades are tagged with
received VLAN ID is identical to the Port the Port Group’s VLAN ID.
Group’s VLAN ID. Packets sent to the server blades
are stripped and sent untagged.
VLAN Port Tagged packets received from the Untagged packets received from
Group with server blades are dropped, even if the the server blades are tagged with
native VLAN received VLAN ID is identical to the Port the Port Group’s VLAN ID.
Group’s VLAN ID. Packets sent to the server blades
are stripped and sent untagged.
Service LAN Packets tagged with the VLAN ID of the Untagged packets could not be
Service LAN are forwarded to all ports “Service LAN packets”. Untagged
of the Service LAN. The tagged packets packets are handled according to
are sent to the internal ports incl. the the Port Group or VLAN Port
VLAN tag. At the external ports the Group definition.
tagged packets are stripped and leave
untagged.
Service VLAN Packets tagged with the VLAN ID of the Untagged packets could not be
Service VLAN are forwarded to all ports “Service VLAN packets”.
of the Service VLAN. The tagged Untagged packets are handled
packets are sent to the internal ports according to the Port Group or
incl. the VLAN tag. At the external ports VLAN Port Group definition.
the tagged packets leave including their
tags.
Table: Packet handling for the downlink/internal ports

Tagged packets Untagged packets
Port Group Tagged packets received at the external Untagged packets received at the
ports are forwarded incl. their tags to all external ports are forwarded
ports of the Port Group. untagged to all ports of the Port
Group.
VLAN Port Tagged packets received at the external Untagged packets received at the
Group ports are forwarded to all ports of the external ports are dropped.
VLAN Port Group, which matches the
VLAN ID of the tag.
VLAN Port Tagged packets received at the external Untagged packets received at the
Group with ports are forwarded to all ports of the external ports are tagged with the
native VLAN VLAN Port Group, which matches the VLAN ID of the native VLAN and
VLAN ID of the tag. forwarded to all ports of the VLAN
Exception: Received packets tagged with Port Group, which matches the
the native VLAN ID are dropped. native VLAN ID.
Service LAN Tagged packets received at the external Untagged packets received at the
ports are dropped. external ports are tagged with the
VLAN ID of the Service LAN and
forwarded to all ports of the
Service LAN, incl. their tags.
Service VLAN Packets received at the external ports, Untagged packets could not be
which are tagged with the Service VLAN “Service VLAN packets”.
ID are forwarded to all ports of the Untagged packets are handled
Service VLAN. The handling of packets according to the Port Group or
with other tags depends on the Port VLAN Port Group definition.
Group or VLAN Port Group definitions.
Table: Packet handling for the uplink/external ports

The possible combinations of overlapped uplink sets and overlapped downlink ports for each
group types are listed as follow:
Uplink set:
VLAN Port VLAN Port Service
Port Group Service LAN
Group Group (native) VLAN
Port Group X X X X V
VLAN Port
N/A V V X V
Group
VLAN Port
Group N/A N/A X X V
(native)
Service
N/A N/A N/A X X
LAN
Service
N/A N/A N/A N/A V
VLAN
Downlink ports:
VLAN Port
VLAN Port
Port Group Group Service LAN Service VLAN
Group
(native)
Port Group X X X V V
VLAN Port
N/A X X V V
Group
VLAN Port
N/A N/A X V V
Group (native)
Service LAN N/A N/A N/A V V
Service VLAN N/A N/A N/A N/A V
Legend:
X: not allowed
V: allowed, based on different VLAN ID
N/A: don’t care, duplicate information

5 Configuring Uplink Sets
In IBP firmware version, the external/uplink ports are defined in so-called Uplink Sets. In the
group definitions in IBP these Uplinks Sets are used to define the external connections. An
“Uplink Set” is defined as a set of 1 to n external (uplink) ports, which is be used in port group
definitions to connect a group of server blades to the customer’s LAN.
As an Uplink Set is created, two link aggregations will be created at the same time. One link
aggregation is for active and the other is for the backup. A port participates to an Uplink Set
and it will become the member of the active link aggregation automatically. User could assign
a port to participate to the backup link aggregation by manually.
In this chapter, it will describe how to configure the Uplink Sets and how to move the ports from
active link aggregation to backup one.
5.1 Creating Uplink Sets

This section will describe how to create Uplink Sets.
Beginning in privileged EXEC mode, follow these steps to create an uplink set and assign port
to this uplink set:
Command Purpose
Step 2 uplink-set uplinkSetName To create a empty uplink set
Step 3 interface interface-id Specify the external physical port that you
want to set to the uplink set, and enter
interface configuration mode.
Step 4 uplink-set uplinkSetName To make this interface to be the member
of the uplink set.
Step 5 exit Return to global configuration mode.
Step 7 show uplink-set [uplinkSetName] Verify the configuration.
To create an uplink set, use uplink-set global configuration command. To assign an

external port to the uplink set, use uplink-set interface configuration command. To display
the uplink set, use show uplink-set privileged EXEC command.
In this example, uplink-set up1 is created and interfaces 0/41 and 0/42 are assigned to this
uplink set.
(BX900-CB1)(Config)#uplink-set up1

(BX900-CB1)(Config)#interface 0/41
(BX900-CB1)(Interface BX900-CB1/0/41)#uplink-set up1
(BX900-CB1)(Interface BX900-CB1/0/41)#interface 0/42
(BX900-CB1)(Interface BX900-CB1/0/42)#uplink-set up1
(BX900-CB1)(Interface BX900-CB1/0/42)#exit
(BX900-CB1)#show uplink-set
Uplink Set Logical External External External Link Port IGMP
Name Interface ports active ports backup ports state Backup snoop LACP
---------- ---------- -------------- -------------- -------------- ----- ------ ----- ----
default BX900-CB1/1/1 BX900-CB1/0/43, BX900-CB1/0/43, - yes no yes no
BX900-CB1/1/2 BX900-CB1/0/44, BX900-CB1/0/44,
BX900-CB1/0/45, BX900-CB1/0/45,
BX900-CB1/0/46, BX900-CB1/0/46,
BX900-CB1/0/47, BX900-CB1/0/47,
BX900-CB1/0/48 BX900-CB1/0/48
up1 BX900-CB1/1/3 BX900-CB1/0/41, BX900-CB1/0/41, - yes no yes no
BX900-CB1/1/4 BX900-CB1/0/42 BX900-CB1/0/42
(BX900-CB1)#

5.2 Configuring Link State
The purpose of this feature is to allow the Ethernet Connection Blade to disable the
server-blade ports when all of its uplink ports are inactive. It could improve the switching time
and realize the “rapid” failover of redundant LAN ports of server blades. This section will
describe how to configure the link state for an uplink set.
Beginning in privileged EXEC mode, follow these steps to enable link state function for an
uplink set and groups:
Command Purpose
Step 2 linkstate uplinkSetName Enable the link state function on specific
uplink set.
Step 6 show linkstate [uplinkSetName] Verify the configuration.
To enable/disable the link state feature, use linkstate/no linkstate global configuration
command. To display the link state setting, use show linkstate privileged EXEC
command.
In this example, link state function is enabled on uplink-set up1.
(BX900-CB1)(Config)#linkstate up1
(BX900-CB1)#show linkstate
Uplink Set name Linkstate
--------------------------------- ---------
default yes
up1 yes
(BX900-CB1)#

5.3 Configuring Backup Port
This section will describe how to configure backup port of uplink set.
Beginning in privileged EXEC mode, follow these steps to set a port to be the backup port:
Command Purpose
Step 2 interface interface-id Specify the external physical port that you
want to set to be a backup port, and enter
Step 3 port-backup To make this interface to be the backup
port.
Step 6 show port-backup [uplinkSetName] Verify the configuration.
To set a port to be the backup port, use port-backup interface configuration command. To
display the port backup, use show port-backup privileged EXEC command.
In this example, uplink-set up1 is created and interfaces 0/41 and 0/42 are the members of
uplink set up1. Try to set interface 0/42 to be the backup port of the uplink set up1.
(BX900-CB1)(Interface BX900-CB1/0/42)#port-backup
(BX900-CB1)(Interface BX900-CB1/0/41)#interface 0/42
(BX900-CB1)#show port-backup up1
Uplink Set name Port Backup External active ports External backup ports
--------------------- ----------------- ---------------------------- ---------------------
up1 no BX900-CB1/0/41 BX900-CB1/0/42
(BX900-CB1)#

6 Configuring Port Groups
The downlink ports of Ethernet Connection Blade can be combined into Port Groups. Port
Groups have the following characteristics:
1. Each Port Group can contain only internal server ports (INT1-INT36).
2. It is not mandatory to include an uplink set. A group without a configured uplink set is used
only for internal communication.
3. Communication between groups is not possible, nor is traffic from one group visible in
another group.
By default there is no traffic between ports of different port groups except over
! Service VLAN and Service LAN.
All ports in a Port Group have the same configuration. Each port in the Port Group is a member
of a unique, untagged/tagged VLAN.
In the port groups, it is VLAN transparent; the packet will be forwarded as it is received on
ingress side, including the VLAN tagging.
Beginning in privileged EXEC mode, follow these steps to create port group and assign ports
to this port group:
Command Purpose
Step 2 port-group portGroupName To create a port group with an assigned
[uplinkSetName] group name and/or an assigned uplink
set.
Step 3 interface interface-id Specify the internal physical port that you
want to set to be a member of the port
group, and enter interface configuration
mode.
Step 4 no port-group Remove this interface from the port group
if it is already configured to a port group.
Step 5 port-group portGroupName To add this interface to the specified port
group.
Step 8 show port-group [portGroupName] Verify the configuration.
To create a port group, use port-group global configuration command. To add/remove an

interface to a port group, use port-group/no port-group interface configuration command.
To display the port group, use show port-group privileged EXEC command.

In this example, port group pg_1 is created without a configured uplink set and interface
0/1 is assigned to be the member of this port group.
(BX900-CB1)(Config)#port-group pg_1
(BX900-CB1)(Interface BX900-CB1/0/1)#no port-group
(BX900-CB1)(Interface BX900-CB1/0/1)#port-group pg_1
(BX900-CB1)#show port-group pg_1
Port Group Name Internal Ports Uplink Set Name External Ports
-------------------------- --------------- ------------------------ ---------------
pg_1 BX900-CB1/0/1 -
(BX900-CB1)#
In this example, port group pg_2 is created with a configured uplink set up1 and interface
0/1 is assigned to be the member of this port group.
(BX900-CB1)(Config)#port-group pg_2 up1
(BX900-CB1)(Interface BX900-CB1/0/2)#port-group pg_2
(BX900-CB1)#show port-group pg_2
-------------------------- -------------------- ------------------------ ----------------------
pg_2 BX900-CB1/0/2 up1 BX900-CB1/0/41
BX900-CB1/0/42
(BX900-CB1)#

7 Configuring VLAN Groups
This chapter will describe how to configure a VLAN group on Ethernet Connection Blade.
Beginning in privileged EXEC mode, follow these steps to create a VLAN group and assign
ports to this VLAN group:
Command Purpose
Step 2 vlan-group vlanGroupName To create a VLAN group with an assigned
<1-4094> uplinkSetName group name, VLAN ID and a configured
uplink set.
Step 3 interface interface-id Specify the internal port that you want to
set to be a member of the VLAN group,
and enter interface configuration mode.
Step 4 no port-group Remove this interface from the port group
if it is already configured to a port group.
Step 5 no vlan-group Remove this interface from the VALN
group if it is already configured to a VLAN
group.
Step 6 vlan-group vlanGroupName To add this interface to the specified
VLAN group.
Step 9 show vlan-group [vlanGroupName] Verify the configuration.
To create a port group, use vlan-group global configuration command. To add/remove an

interface to a VLAN group, use vlan-group/no vlan-group interface configuration
command. To display the VLAN group, use show vlan-group privileged EXEC command.
In this example, VLAN group vlang_1 with VLAN ID 2 is created and it is configured with
uplink set up1 and interface 0/1 is assigned to be the member of this VLAN group.
(BX900-CB1)(Config)#vlan-group vlang_1 2 up1
(BX900-CB1)(Interface BX900-CB1/0/1)#no vlan-group
(BX900-CB1)(Interface BX900-CB1/0/1)#vlan-group vlang_1
(BX900-CB1)#show vlan-group vlang_1

VLAN Native
VLAN port group name ID Internal ports UplinkSet name External ports VLAN
-------------------- ------- ----------------- -------------- -------------------- ------
vlang_1 2 BX900-CB1/0/1 up1 BX900-CB1/0/41, no
BX900-CB1/0/42
(BX900-CB1)#
The downlink ports are just allowed to be the member of port group and VLAN
! group at a time. If you want to assign a downlink port to another port group or
VLAN group, you have to remove it from current group first.
To configure a native VLAN group, follow these steps do:
Command Purpose
Step 2 vlan-group-nativeVLAN To set the specified VLAN group with
vlanGroupName native VLAN option.
Step 4 show vlan-group [vlanGroupName] Verify the configuration.
To set native VLAN option for a VLAN group, use vlan-group-nativeVLAN global
configuration command. To display the VLAN group, use show vlan-group privileged
EXEC command.
In this example, set VLAN group vlang_1 to a native VLAN group.
(BX900-CB1)(Config)#vlan-group-nativeVLAN vlang_1
(BX900-CB1)#show vlan-group vlang_1
VLAN Native
VLAN port group name ID Internal ports UplinkSet name External ports VLAN
-------------------- ------- ----------------- -------------- -------------------- ------
vlang_1 2 BX900-CB1/0/1 up1 BX900-CB1/0/41, yes
BX900-CB1/0/42
(BX900-CB1)#

8 Configuring Service LAN
This chapter will describe how to configure a Service LAN on the Ethernet Connection Blade.
Beginning in privileged EXEC mode, follow these steps to create a Service LAN and assign
ports to this Service LAN:
Command Purpose
Step 2 svc-lan svcLanName <1-4094> To create a Service LAN with an assigned
uplinkSetName group name, VLAN ID and a configured
uplink set.
set to be a member of the Service LAN,
Step 4 svc-lan svcLanName To add this interface to the specified
Service LAN.
Step 7 show svc-lan [svcLanName] Verify the configuration.
To create a Service LAN, use svc-lan global configuration command. To add/remove an

interface to/from the Service LAN, use svc-lan/no svc-lan interface configuration
command. To display the Service LAN, use show svc-lan privileged EXEC command.
In this example, Service LAN slan_1 with VLAN ID 100 is created and it is configured with
uplink set up2 for its external connection. The interface 0/2 is added to this Service LAN.
(BX900-CB1)(Config)#svc-lan slan_1 100 up2
(BX900-CB1)(Interface BX900-CB1/0/2)# svc-lan slan_1
(BX900-CB1)#show svc-lan slan_1
Service LAN name VLAN ID Internal ports Uplink Set name External ports
-------------------- ------- -------------- -------------------- --------------
slan_1 100 BX900-CB1/0/2 up2 BX900-CB1/0/43,
BX900-CB1/0/44
(BX900-CB1)#

9 Configuring Service VLAN
This chapter will describe how to configure a Service VLAN on the Ethernet Connection Blade.
Beginning in privileged EXEC mode, follow these steps to create a Service VLAN and assign
ports to this Service VLAN:
Command Purpose
Step 2 svc-vlan svcVlanName <1-4094> To create a Service VLAN with an
uplinkSetName assigned group name, VLAN ID and a
configured uplink set.
set to be a member of the Service VLAN,
Step 4 svc-vlan svcVlanName To add this interface to the specified
Service VLAN.
Step 7 show svc-vlan [svcVlanName] Verify the configuration.
To create a Service VLAN, use svc-vlan global configuration command. To add/remove

an interface to/from the Service VLAN, use svc-vlan/no svc-vlan interface configuration
command. To display the Service VLAN, use show svc-vlan privileged EXEC command.
In this example, Service VLAN svlan_1 with VLAN ID 200 is created and it is configured
with uplink set up3 for its external connection. The interface 0/3 is added to this Service
VLAN.
(BX900-CB1)(Config)#svc-vlan svlan_1 200 up3
(BX900-CB1)( Config)#interface 0/3
(BX900-CB1)(Interface BX900-CB1/0/3)# svc-vlan svlan_1
(BX900-CB1)#show svc-vlan svlan_1
Service VLAN name VLAN ID Internal ports Uplink Set name External ports
-------------------- ------- -------------- -------------------- --------------
svlan_1 200 BX900-CB1/0/3 up3 BX900-CB1/0/45,
BX900-CB1/0/46
(BX900-CB1)#

10 Combining Port Groups and Service
(V)LAN
This chapter describes how to configure the Port group and Service (V)LAN with overlapped
uplink set or downlink ports. Please refer to Chapter 4 for the possible combinations of
overlapped uplink sets and overlapped downlink ports for each group types.
Overlapped on downlink ports

In this example, a Port group pg_overlap is created with uplink set uplink_1. Interfaces 0/1 ~
0/12 are set to the member of this port group. Service VLAN svlan_overlap with VLAN ID
4094 is created and it is configured with uplink set uplink_2 as its external connection.
Interfaces 0/10 ~ 0/12 are assigned to be the member of this Service VLAN.
The tagged packet with VLAN ID 4094 received on interfaces 0/10 ~ 0/12 will be forwarded to
uplink_2. The tagged packet with VLAN ID rather than 4094 received on interface 0/10 ~ 0/12
will be forwarded to uplink_1. Any packets received on 0/1 ~ 0/9 will be forwarded to
uplink_1.
(BX900-CB1)(Config)#port-group pg_overlap uplink_1
(BX900-CB1)(Config)#interface range 0/1 – 0/12
(BX900-CB1)(if-range)#no port-group
(BX900-CB1)(if-range)#port-group pg_overlap
(BX900-CB1)(if-range)#exit
(BX900-CB1)(Config)#svc-vlan svlan_overlap 4094 uplink_2
(BX900-CB1)(if-range)#svc-vlan svlan_overlap
(BX900-CB1)#show port-group pg_overlap
-------------------------- -------------------- ------------------------ ----------------------
pg_overlap BX900-CB1/0/1 uplink_1 BX900-CB1/0/41
BX900-CB1/0/2 BX900-CB1/0/42
BX900-CB1/0/3
BX900-CB1/0/4
BX900-CB1/0/5
BX900-CB1/0/6
BX900-CB1/0/7

BX900-CB1/0/8
BX900-CB1/0/9
BX900-CB1/0/10
BX900-CB1/0/11
BX900-CB1/0/12
(BX900-CB1)#show svc-vlan svlan_overlap

-------------------- ------- -------------- -------------------- --------------
svlan_overlap 4094 BX900-CB1/0/10 uplink_2 BX900-CB1/0/45,
BX900-CB1/0/11 BX900-CB1/0/46
BX900-CB1/0/12
(BX900-CB1)#

Overlapped on Uplink Set
In this example, a Port group pg_overlap is created with uplink set uplink_1. Interfaces 0/1 ~
0/12 are set to the member of this port group. Service VLAN svlan_overlap with VLAN ID
4094 is created and it is configured with uplink set uplink_1 as its external connection.
Interfaces 0/20 ~ 0/24 are assigned to be the member of this Service VLAN.
The tagged packet with VLAN ID 4094 received on uplink_1 will be forwarded to interfaces
0/20 ~ 0/24. The tagged packet with VLAN ID rather than 4094 received on uplink_1 will be
forwarded to interfaces 0/1 ~ 0/12. The untagged packet received on uplink_1 will be also
forwarded to interfaces 0/1 ~ 0/12.
(BX900-CB1)(Config)#port-group pg_overlap uplink_1
(BX900-CB1)(if-range)#no port-group
(BX900-CB1)(if-range)#port-group pg_overlap
(BX900-CB1)(Config)#svc-vlan svlan_overlap 4094 uplink_1
(BX900-CB1)(if-range)#svc-vlan svlan_overlap
(BX900-CB1)#show port-group pg_overlap
-------------------------- -------------------- ------------------------ ----------------------
pg_overlap BX900-CB1/0/1 uplink_1 BX900-CB1/0/41
BX900-CB1/0/2 BX900-CB1/0/42
BX900-CB1/0/3
BX900-CB1/0/4
BX900-CB1/0/5
BX900-CB1/0/6
BX900-CB1/0/7
BX900-CB1/0/8
BX900-CB1/0/9
BX900-CB1/0/10
BX900-CB1/0/11
BX900-CB1/0/12

(BX900-CB1)#show svc-vlan svlan_overlap
-------------------- ------- -------------- -------------------- --------------
svlan_overlap 4094 BX900-CB1/0/20 uplink_1 BX900-CB1/0/41,
BX900-CB1/0/21 BX900-CB1/0/42
BX900-CB1/0/22
BX900-CB1/0/23
BX900-CB1/0/24
(BX900-CB1)#

11 Configuring downlink LAG
This chapter describes how to configure the Link Aggregation for downlink ports in the
PRIMERGY BX900 Ethernet Connection Blade system. Only the downlink ports are allowed to
be the member of the LAG in this firmware version. It is provided to combine server blade NICs
connected to same Ethernet Connection Blade.
11.1 Configuring Link Aggregation with LACP

This section describes how to configure link aggregation with LACP with 4 links.
Beginning in privileged EXEC mode, follow these steps to configure link aggregation with
LACP:
Command Purpose
Step 2 port-channel name To create a port-channel.
Step 3 interface interface-id Specify the port-channel interface (logical
interface), and enter interface
configuration mode.
Step 4 no staticcapability To disable the static mode of the
port-channel.
Step 6 interface interface-id Specify the downlink interface, and enter
Step 7 channel-group interface-id To join the specified port-channel group.
Step 9 exit Return to privileged EXEC mode
Step 10 show port-channel all Verify the configuration.
To create a port-channel group, use port-channel global configuration command. To

assign an interface to a port-channel group, use channel-group interface configuration
command. To display port-channel group, use show port-channel all privileged EXEC
command.
In this example, a port-channel group downlink-lag1 is created and downlink interfaces

0/1, 0/2, 0/3 and 0/4 are set to the member of this port-channel group.
(BX900-CB1)(Config)#port-channel downlink-lag1
Interface BX900-CB1/1/3 created for port-channel downlink-lag1
(BX900-CB1)(if-range)#channel-group BX900-CB1/1/3

(BX900-CB1)#show port-channel all
Port- Link
Log. Channel Adm. Trap STP Mbr Port Port
Intf Name Link Mode Mode Mode Type LB Ports Speed Active
------ --------------- ------ ---- ---- ------ ---- --- ------ --------- ------
BX900-CB1/1/3 downlink-lag1 Down En. En. En. Dy. SDM BX900-CB1/0/1 Auto False
BX900-CB1/0/2 Auto False
(BX900-CB1)#

11.2 Configuring Static Link Aggregation
This section describes how to configure link aggregation without LACP with 4 links.
Beginning in privileged EXEC mode, follow these steps to configure link aggregation without
LACP:
Command Purpose
Step 2 port-channel name To create a port-channel.
configuration mode.
Step 4 staticcapability To enable the static mode of the
port-channel.
Step 6 interface interface-id Specify the downlink interface, and enter
Step 7 channel-group interface-id To join the specified port-channel group.
To create a port-channel group, use port-channel global configuration command. To

assign an interface to a port-channel group, use channel-group interface configuration
command. To display port-channel group, use show port-channel all privileged EXEC
command.
In this example, a port-channel group downlink-lag1 is created with static property and
downlink interfaces 0/1, 0/2, 0/3 and 0/4 are set to the member of this port-channel group.
(BX900-CB1)(Config)#interface BX900-CB1/1/3
(BX900-CB1)(Interface BX900-CB1/1/3)#staticcapability
(BX900-CB1)(if-range)#channel-group BX900-CB1/1/3

Port- Link
------ --------------- ------ ---- ---- ------ ---- --- ------ --------- ------
BX900-CB1/1/3 downlink-lag1 Down En. En. En. St. SDM BX900-CB1/0/1 Auto False
(BX900-CB1)#

11.3 Configuring Load Balance of Link Aggregation
This section describes how to configure link aggregation with load balance settings.
Beginning in privileged EXEC mode, follow these steps to configure link aggregation with load
balance settings:
Command Purpose
configuration mode.
Step 3 load-balance Set the load balance for the port-channel
<dst-ip/dst-mac/src-dst-ip/src-dst-mac/ group.
src-ip/src-mac>
To set the load balance setting of a port-channel group, use load-balance interface
configuration command. To display port-channel group, use show port-channel all
In this example, a port-channel group downlink-lag1 is set to use source IP and

destination IP for its load balance setting.
(BX900-CB1)(Config)#interface BX900-CB1/1/3
(BX900-CB1)(Interface BX900-CB1/1/3)#load-balance src-dst-ip
Port- Link
------ --------------- ------ ---- ---- ------ ---- --- ------ --------- ------
BX900-CB1/1/3 downlink-lag1 Down En. En. En. St. SDI BX900-CB1/0/1 Auto False

(BX900-CB1)#

12 Private Network
In IBP firmware version, it provides a feature similar to Cisco’s PVLAN. It is called downlink
isolation. In general, the communication between all interfaces in the same port group is
possible. You could make an interface invisible for other member of this port group, and the
packets received on this interface will not be forwarded to the other member of this port group,
but the uplink ports. This chapter will describe how to configure the downlink isolation on the
Ethernet Connection Blade.
Beginning in privileged EXEC mode, follow these steps to configure downlink isolation for an
interface:
Command Purpose
Step 2 interface interface-id Specify the downlink/internal interface,
Step 3 isolate Set the isolation for this interface.
To add/remove the downlink isolation feature on an interface, use isolate/no isolate

interface configuration command. To display the downlink isolation setting, use show
interface status privileged EXEC command.
In this example, the interface 0/1, the member of the port group, is set to use downlink
isolation.
(BX900-CB1)(Interface BX900-CB1/0/1)#isolate
(BX900-CB1)#show interface status 0/1
Interface......................... BX900-CB1/0/1
ifIndex........................... 1
Description.......................
Admin Mode........................ Disable
E-Keying Status................... Connected
Physical Mode..................... Auto
Physical Status...................
Link Status....................... Down

Link Trap......................... Enable
Flow Control Mode................. Disable
Capability Status.................. 1GF
MAC Address....................... 00:1E:68:85:F7:61
Bit Offset Val.................... 1
MDI Status........................ Normal
MDI Config........................ Normal
Isolate........................... Enabled
(BX900-CB1)#

13 Configuring QoS
13.1 Configuring priority control

This section describes how to configure priority control which assigns egress port queue of
different priority to User priority value (CoS) in VLAN tag.
Beginning in privileged EXEC mode, follow these steps to configure priority control on specific
interface:
Command Purpose
Step 1 configure Enter global configuration mode
Step 2 interface interface-id Specify the interface, and enter interface
configuration mode. The interface can be a
physical Layer 2 interface or a port channel
(logical interface).
Step 3 queue trust dot1p Set the trust mode to dot1p.
Step 4 queue cos-map priority-id queue-id Assign a priority ID to specific traffic class
queue to configure dot1p priority mapping.
Step 7 show queue cos-map interface-id Verify the configuration.
To configure priority control and assign priority mapping to an interface, use the CoS
interface configuration command. To display the configuration, use show queue cos-map
In this example, cos-map is configured on interface 0/1 to assigns egress port queue of
different priority to User priority value (CoS) in VLAN tag:
(BX900-CB1)(Interface BX900-CB1/0/1)#queue trust dot1p
(BX900-CB1)(Interface BX900-CB1/0/1)#queue cos-map 0 1
(BX900-CB1)#show queue cos-map 0/1
User Priority Traffic Class

------------- -------------
0 1
1 2
2 0
3 1
4 2
5 2
6 3
7 3
(BX900-CB1)#

13.2 Configuring priority control rewrite
This section describes how to configure priority control rewrite which rewrites priority control
information of packets specified with combination of MAC address, packet format, Ethernet
type, VLAN ID and CoS value.
13.2.1 IP Precedence value rewrite

This section describes how to configure IP precedence value rewrite which rewrites IP
precedence value of packets which has the specified CoS value in the specified port in VLAN.
Beginning in privileged EXEC mode, follow these steps to configure IP precedence value
rewrite on specific interface:
Command Purpose
Step 2 diffserv Enable DiffServ Admin mode.
Step 3 class-map match-all Create a DiffServ class with a class-map
class-map-name name.
Step 4 match cos <0-7> Configure a match condition based on a
CoS value..
Step 6 policy-map policy-name in Create a DiffServ policy with a policy-map
name.
Step 7 class class-map-name Attach the DiffServ class to this policy.
Step 8 mark ip-precedence <0-7> Configure marking action on the specific IP
precedence value.
Step 9 exit Return to policy-map configuration mode.
Step 12 service-policy in policy-map-name Specify the policy which will be applied to
this interface.
Step 15 show class-map Verify the configuration.
Step 16 show policy-map Verify the configuration.
Step 17 show policy-map interface Verify the configuration.
interface-id in
To configure an IP precedence rewrite to interface, use the DiffServ configuration

command. To display the policy configuration, use show policy-map privileged EXEC
command. To display the class configuration, use show class-map privileged EXEC
command.

In this example, DiffServ is configured on interface 0/1 to rewrites IP precedence value of
packets which has the specified CoS value in the specified port in VLAN:
(BX900-CB1)(Config)#diffserv
(BX900-CB1)(Config)#class-map match-all class1
(BX900-CB1)(Config-classmap)#match cos 5
(BX900-CB1)(Config-classmap)#exit
(BX900-CB1)(Config)#policy-map policy1 in
(BX900-CB1)(Config-policy-map)#class class1
(BX900-CB1)(Config-policy-classmap)#mark ip-precedence 2
(BX900-CB1)(Config-policy-classmap)#exit
(BX900-CB1)(Config-policy-map)#exit
(BX900-CB1)(Interface BX900-CB1/0/1)#service-policy in policy1
(BX900-CB1)#show class-map
Class
Class Name Type Reference Class Name
------------------------------- ----- -------------------------------
class1 All
(BX900-CB1)#show policy-map
Policy Name Policy Type Class Members

------------------------------- ----------- -------------------------------
policy1 In class1
(BX900-CB1)#show policy-map interface 0/1 in
Interface...................................... BX900-CB1/0/1
Direction...................................... In
Operational Status............................. Down
Policy Name.................................... policy1
Interface Summary:

Class Name..................................... class1
In Offered Packets............................. 0
In Discarded Packets........................... 0
(BX900-CB1)#

13.2.2 Change queue of packets in VLAN
This section describes how to configure change queue function which changes queue which
the received packets in ingress port use in egress port.
Beginning in privileged EXEC mode, follow these steps to configure change queue on specific
interface:
Command Purpose
Step 2 diffserv Enable DiffServ Admin mode.
Step 3 class-map match-all Create a DiffServ class with a class-map
class-map-name name.
Step 4 match cos <0-7> Configure a match condition based on a
CoS value..
Step 6 policy-map policy-name in Create a DiffServ policy with a policy-map
name.
Step 7 class class-map-name Attach the DiffServ class to this policy.
Step 8 assign-queue <0-6> Set queue ID to which traffic class is
assigned.
Step 9 exit Return to policy-map configuration mode.
Step 12 service-policy in policy-map-name Specify the policy which will be applied to
this interface.
Step 15 show policy-map Verify the configuration.
policy-map-name
To configure change queue to interface, use the diffserv global configuration command.
To display the policy configuration, use show policy-map privileged EXEC command. To
display the class configuration, use show class-map privileged EXEC command.
In this example, DiffServ is configured on interface 0/1 to change queue which the received
packets in ingress port use in egress port:
(BX900-CB1)(Config)#diffserv
(BX900-CB1)(Config)#class-map match-all class2
(BX900-CB1)(Config-classmap)#match cos 2
(BX900-CB1)(Config-classmap)#exit
(BX900-CB1)(Config)#policy-map policy2 in

(BX900-CB1)(Config-policy-map)#class class2
(BX900-CB1)(Config-policy-classmap)#assign-queue 7
(BX900-CB1)(Config-policy-classmap)#exit
(BX900-CB1)(Config-policy-map)#exit
(BX900-CB1)(Interface BX900-CB1/0/1)#service-policy in policy2
(BX900-CB1)#show class-map
Class
Class Name Type Reference Class Name
------------------------------- ----- -------------------------------
class1 All
class2 All
(BX900-CB1)#show policy-map
Policy Name Policy Type Class Members

------------------------------- ----------- -------------------------------
policy1 In class1
policy2 In class2
(BX900-CB1)#show policy-map policy2
Policy Name.................................... policy2

Policy Type.................................... In
Class Name..................................... class2

Assign Queue................................... 7
(BX900-CB1)#

14 Configuring IGMP/MLD Snooping
The IGMP/MLD snooping function is configured from uplink set. All groups use the uplink set
as its external connection will have the same configuration at the same time. This chapter
describes how to configure the IGMP/MLD snooping on a specific uplink set.
Beginning in privileged EXEC mode, follow these steps to configure IGMP/MLD Snooping on
specific uplink set:
Command Purpose
Step 2 igmpsnooping uplinkSetName Enable IGMP/MLD snooping for the specific
uplink set and its associated groups.
Step 3 exit Return to privileged mode.
Step 4 show igmpsnooping Display IGMP/MLD snooping information.
In this example, IGMP/MLD snooping is configured on default uplink set:
(BX900-CB1)(Config)#igmpsnooping default
(BX900-CB1)#show igmpsnooping
Uplink Set name Igmp snooping

--------------------------------- --------------
default yes
(BX900-CB1)#

15 Configuring IEEE 802.1X Authentication
This chapter describes how to configure IEEE 802.1X authentication.
15.1 Using Local User Name/ Password

This section describes how to configure IEEE 802.1X authentication by using local user name
and password.
Beginning in privileged EXEC mode, follow these steps to configure IEEE 802.1X
authentication:
Command Purpose
Step 2 dot1x system-auth-control Enable IEEE 802.1X authentication
support on the switch
Step 4 show dot1x summary interface-id Show detailed status for specified port
To enable/disable IEEE 802.1X authentication for on a switch, use the dot1x

system-auth-control/no dot1x system-auth-control global configuration command. The
default authentication mode of port control is auto. You can specify the mode you want by
using dot1x port-control all mode global configuration command or dot1x port-control
mode interface configuration command. To display the configuration, use show dot1x
summary interface-id privileged EXEC command.
In this example, we configure all interfaces to force-authorized mode but interface 0/6 to
auto authentication mode. Then check the authenticated state for the interface 0/6.
(BX900-CB1)(Config)#dot1x port-control all force-authorized

(BX900-CB1)(Interface BX900-CB1/0/6)#dot1x port-control auto
(BX900-CB1)#show dot1x summary 0/6
Operating Reauthentication
Interface Control Mode Control Mode Enabled Port Status
--------- ------------------ ------------------ ---------------- ------------
BX900-CB1/0/6 auto auto FALSE Authorized

(BX900-CB1)#

15.2 Using Remote RADIUS Server
This section describes how to configure IEEE 802.1X authentication by using remote RADIUS
server.
Beginning in privileged EXEC mode, follow these steps to configure IEEE 802.1X
authentication:
Command Purpose
Step 2 radius-server host auth Create a radius server for IEEE 802.1X
ip-addr/hostname authentication
Step 3 radius-server key auth Give s radius share key to a radius
ip-addr/hostnam <0/7> key-value server
Step 4 authentication login list-name radius Create a authentication list for radius
Step 5 dot1x system-auth-control Enable IEEE 802.1X authentication
support on the switch
Step 6 dot1x default-login list-name Assign an authentication list to IEEE
802.1X default login for non-configured
users
Step 8 show authentication Verify the configuration.
Step 9 show radius Verify the configuration.
To assign a remote radius server for IEEE 802.1X, use radius-server host auth
ip-addr/hostname. To create an authentication list for radius, use authentication login
list-name radius. To assign an authentication list for IEEE 802.1X non-configured users,
use dot1x default-login list-name.
In this example, a radius server 192.168.3.1 will be assigned to authenticate IEEE 802.1X
with share key secret.
(BX900-CB1)(Config)#radius-server host auth 192.168.3.1

(BX900-CB1)(Config)#radius-server key auth 192.168.3.1 0 secret
(BX900-CB1)(Config)#authentication login test-list radius
(BX900-CB1)(Config)#dot1x system-auth-control
(BX900-CB1)(Config)#dot1x default-login test-list
(BX900-CB1)(Config)#dot1x port-control all auto
(BX900-CB1)#show authentication
Authentication Login List Method 1 Method 2 Method 3

------------------------- -------- -------- --------
defaultList local undefined undefined

test-list radius undefined undefined
(BX900-CB1)#show radius
Current Server Host Address.................... 192.168.3.1

Number of Configured Servers................... 1
Number of Retransmits.......................... 4
Timeout Duration............................... 5
RADIUS Accounting Mode......................... Disable
RADIUS Dead Time............................... 255
RADIUS Attribute 4 Mode........................ Disable
RADIUS Attribute 4 Value....................... 0.0.0.0
(BX900-CB1)#

16 Configuring Port Mirroring
This chapter describes how to configure port mirroring function.
Beginning in privileged EXEC mode, follow these steps to configure port mirroring:
Command Purpose
Step 2 port-monitor session session-id Enable admin mode.
mode
Step 3 port-monitor session session-id Setting port-monitor source port. The
source interface interface-id [rx| tx] interface can be a physical Layer 2 interface
or a port channel (logical interface).
Step 4 port-monitor session session-id Setting port-monitor destination port.
destination interface interface-id
Step 5 show port-monitor session Verify the configuration.
session-id
To enable/disable a port mirroring session, use port-monitor session session-id mode /

no port-monitor session session-id mode global configuration command. To configure a
source port, use port-monitor session session-id source interface global configuration
command, to configure a destination port, use port-monitor session session-id
destination interface global configuration command. To display port mirroring
configuration, use show port-monitor session session-id privileged EXEC command.
In this example, interface 0/46 is configured to monitor the transmitted and received
packets of interface 0/40 and to monitor the received packets of interface 0/41:
(BX900-CB1)(Config)#port-monitor session 1 mode
(BX900-CB1)(Config)#port-monitor session 1 source interface 0/40
(BX900-CB1)(Config)#port-monitor session 1 source interface 0/41 rx
(BX900-CB1)(Config)#port-monitor session 1 destination interface 0/46
(BX900-CB1)#
(BX900-CB1)#show port-monitor session 1
Session ID Admin Mode Dest.Port Sour.Port Type
---------- ---------- ---------- ------------- -----
1 Enable BX900-CB1/0/46 BX900-CB1/0/40 Rx,Tx
BX900-CB1/0/41 Rx
(BX900-CB1)#

17 Configuring SNMP Agent
This section describes how to configure SNMP agent which informs MIB information of SNMP
host.
Beginning in privileged EXEC mode, follow these steps to configure SNMP agent community:
Command Purpose
Step 2 snmp-server community Create a snmp community. The default
community-name1 access mode is READ-ONLY.
Step 3 snmp-server community Create another snmp community.
community-name2
Step 4 snmp-server community rw Set the access mode of the SNMP
community-name2 community to READ-WRITE access mode..
Step 6 show snmp Verify the configuration.
To configure snmp community, use the snmp-server global configuration command. To

display the snmp configuration, use show snmp privileged EXEC command.
In this example, two snmp communities are created for read and read-write:
(BX900-CB1)(Config)#snmp-server community public

(BX900-CB1)(Config)#snmp-server community private
(BX900-CB1)(Config)#snmp-server community rw private
(BX900-CB1)#show snmp
SNMP Community Name Client IP Address Client IP Mask Access Mode Status
------------------- ----------------- ----------------- ----------- --------
public 0.0.0.0 0.0.0.0 Read Only Enable
private 0.0.0.0 0.0.0.0 Read/Write Enable
(BX900-CB1)#

Beginning in privileged EXEC mode, follow these steps to configure SNMP trap receiver:
Command Purpose
Step 2 snmptrap trap-name ipaddress Create a SNMP trap and specify the client ip
snmpversion <snmpv1|snmpv2> address to receive SNMP traps.
Step 4 show snmptrap Verify the configuration.
To configure snmp trap, use the snmptrap global configuration command. To display the
snmp trap configuration, use show snmptrap privileged EXEC command.
In this example, create and activate the snmp trap for snmp trap receiver:
(BX900-CB1)(Config)#snmptrap public 192.168.2.2 snmpversion snmpv2

(BX900-CB)#show snmptrap
SNMP Trap Name IP Address SNMP Version Status

------------------- ----------------- -------------- --------
public 192.168.2.2 snmpv2 Enable
(BX900-CB)#

18 Configuring System Log
This chapter describes how to configure system log function which sends system logs to
syslog server.
Beginning in privileged EXEC mode, follow these steps to configure system logs to syslog
server:
Command Purpose
Step 2 logging host hostaddress [port] Set the IP address and port number of
[severitylevel] logging host/server which syslog
message to be sent.
Step 3 logging syslog To enable the syslog to configured hosts.
Step 5 show logging Verify the configuration of syslog
Step 6 show logging host Verify the configuration of syslog host
To create a syslog host, use logging host global configuration command. To enable or
disable syslog, use logging syslog global configuration command.
In this example, create a logging host to sent critical messages and enable the syslog
client.
(BX900-CB1)(Config)#logging host 172.16.2.109 514 critical

(BX900-CB1)(Config)#logging syslog
(BX900-CB1)#show logging
Logging Client Local Port : 514

CLI Command Logging : disabled
Console Logging : disabled
Console Logging Severity Filter : alert
Buffered Logging : enabled
Syslog Logging : enabled
Log Messages Received : 94

Log Messages Dropped :0
Log Messages Relayed : 14

(BX900-CB1)#show logging hosts
Index IP Address Severity Port Status

----- ----------------- ----------- ------ -------------
1 172.16.2.109 critical 514 Active

sb11 Sb11a Ibp CG

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

sb11 Sb11a Ibp CG

Încărcat de

Drepturi de autor:

Formate disponibile

Configuration Guide

PRIMERGY BX900 Blade Server Systems

Ethernet Connection Blade Module

Edition February 2009

Copyright and Trademarks

© 2009 Fujitsu Technology Solutions 2

3 Overview Uplink and downlink ................................................................................ 16

4 Packet handling in different group types ............................................................... 17

5 Configuring Uplink Sets ........................................................................................... 22

6 Configuring Port Groups.......................................................................................... 26

7 Configuring VLAN Groups ....................................................................................... 28

8 Configuring Service LAN ......................................................................................... 30

9 Configuring Service VLAN ....................................................................................... 31

10 Combining Port Groups and Service (V)LAN ......................................................... 32

11 Configuring downlink LAG ...................................................................................... 36

12 Private Network ......................................................................................................... 42

13 Configuring QoS ....................................................................................................... 44

14 Configuring IGMP/MLD Snooping ........................................................................... 51

15 Configuring IEEE 802.1X Authentication ................................................................ 52

16 Configuring Port Mirroring....................................................................................... 56

17 Configuring SNMP Agent ......................................................................................... 57

18 Configuring System Log .......................................................................................... 59

© 2009 Fujitsu Technology Solutions 3

Revision Date Editor Remark

© 2009 Fujitsu Technology Solutions 4

This document provides the following guidelines:

© 2009 Fujitsu Technology Solutions 5

© 2009 Fujitsu Technology Solutions 6

In this example, in-band management interface is set to use IP address 192.168.2.1and

InBand Mgmt Granted Ports: BX900-CB1/0/1, BX900-CB1/0/2, BX900-CB1/0/3,

© 2009 Fujitsu Technology Solutions 7

InBand Mgmt Granted Ports: BX900-CB1/0/1, BX900-CB1/0/2, BX900-CB1/0/3,

© 2009 Fujitsu Technology Solutions 8

© 2009 Fujitsu Technology Solutions 9

© 2009 Fujitsu Technology Solutions 10

© 2009 Fujitsu Technology Solutions 11

In this example, out-of-band management interface is configured with a fixed IP address

© 2009 Fujitsu Technology Solutions 12

In this example, in-band management interface is configured with a fixed IP address

© 2009 Fujitsu Technology Solutions 13

To upload a firmware, use copy image privileged EXEC command.

(BX900-CB1)#copy image sb11a-sw-r-0.30.0213.biz tftp://192.168.2.100/sb11a-sw-r-0.30.0213.img

Management access will be blocked for the duration of the transfer

TFTP code transfer starting

File transfer operation completed successfully.

© 2009 Fujitsu Technology Solutions 14

To upload a firmware, use copy startup-config privileged EXEC command.

(BX900-CB1)#copy startup-config default.cfg tftp://192.168.2.100/backup_config.cfg

Management access will be blocked for the duration of the transfer

File transfer operation completed successfully.

© 2009 Fujitsu Technology Solutions 15

© 2009 Fujitsu Technology Solutions 16

© 2009 Fujitsu Technology Solutions 17

© 2009 Fujitsu Technology Solutions 18

Tagged packets Untagged packets

© 2009 Fujitsu Technology Solutions 19

© 2009 Fujitsu Technology Solutions 20

© 2009 Fujitsu Technology Solutions 21

5.1 Creating Uplink Sets

To create an uplink set, use uplink-set global configuration command. To assign an

© 2009 Fujitsu Technology Solutions 22

Uplink Set Logical External External External Link Port IGMP