HP Networking Training · Agenda Vlans Increasing Capacity Spanning Tree Enabling Convergence...

© 2006 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice.

HP Networking Training

Disclaimer

HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO

THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be

liable for errors contained herein or for incidental or consequential damages in connection with the

furnishing, performance, or use of this material.

The only warranties for HP Networking products and services are set forth in the express warranty

statements accompanying such products and services. Nothing herein should be construed as

constituting an additional warranty. ProCurve Networking shall not be liable for technical or editorial

errors or omissions contained herein.

Hewlett-Packard assumes no responsibility for the use or reliability of its software on equipment that

is not furnished by Hewlett-Packard.

© Copyright 2009 Hewlett-Packard Development Company,

L.P. The information contained herein is subject to change

without notice.

2

Agenda

Vlans

Increasing Capacity

Spanning Tree

Enabling Convergence

Wireless MSM configurations

Trouble shooting (pending time)

HP Networking Switch Basics (pending time)

Note; This training is based around Heritage ProCurve Products

Rev. 6.11 3


VLANs

Module:

What is a Vlan

The logical grouping of ports on a physical switch or group of physical switches to form Virtual LANs

Rev. 6.11 5

VLAN 206 users

VLAN 307 users

Each VLAN is a separate

broadcast domain

Traffic within each Vlan is

isolated from traffic generated

within the other Vlan

Rev. 6.11 6

VLAN allocations

• IT: 1-9, Admin: 10-19, Business: 20-29, Computer Science: 30-39, Engineering: 40-49

• Initially, first allocated value will be used

IP addressing scheme

• 2nd octet for usedas site identifier

• 3rd octet maps toVLAN ID

• 4th octet forhost numbers

– 1 to 49 for servers

– 50 to 150 for clients

Separate broadcast domain for each VLAN

Switch layout and VLAN assignments

7

. . .

. . .

. . .

. . .

School of Computer Science

School of Engineering

School of

Business

Administration IT

School of

Computer

Science

VLAN 10

10.1.10.0/24

VLAN 1 10.1.1.0/24

VLAN 5 10.1.5.0/24

VLAN 20

10.1.20.0/24

VLAN 30

10.1.30.0/24

VLAN 40

10.1.40.0/24

School of

Computer

Science

IT_switch

Edge_1

Edge_2

Edge_3

Rev. 6.11 7

IEEE 802.1Q tag

DestinationMAC address

SourceMAC address

Rest oforiginal packet

VLAN ID(12 bits)C

F I

Priority (3 bits)

VLAN Protocol ID (16 bits)

• All VLAN 20 traffic that the switch forwards through an uplink port will have a tag that contains the VLAN ID

• The packet headers sent by the host (10.1.20.51) in VLAN 20 anddestined for an IT server (10.1.1.26) would look like this:

Destination MAC Source MAC

0004e1-5e1100 080046-4f11ca 8100 000 0 014 0800 … 10.1.20.51 10.1.1.26

VLAN ID

Type

VLAN tag

Layer 3 (IP) headerLayer 2 (Ethernet) header

Source IP Destination IP

17

binary

VLAN tag(4 bytes)

Rev. 6.11 8

Port VLAN assignments example

• Ports connecting users in the same department are untagged members of the same VLAN

• Traffic forwarded through untagged ports does not carry IEEE 802.1Q tag

VLAN 206 users

VLAN 307 users

Edge_1(config)# vlan 20

Edge_1(vlan-20)# untagged a1-a3,a7-a9

Edge_1(vlan-20)# vlan 30

Edge_1(vlan-30)# untagged a23-a24,b1-b3,b7-b8

11

• For a given VLAN, the port IDs do not have to be contiguous

• In the case of a switch with multiple modules, the VLAN can span modules

Each VLAN is a separate

broadcast domain

Traffic within each department

is isolated from traffic

generated within the other

Floor 2 switch

School of C.S.

School of Business

Rev. 6.11 9

Untagged VLAN port membership

The switch:

• Maintains separate forwarding table for:

– VLAN 1, the default VLAN

– Each user VLAN (e.g., 5, 10, 20, 30 or 40)

• Uses the VLAN designations to determine the broadcast domain boundaries

• Uses the Layer 2 destination address of each packet to forward traffic, keeping it within the source VLAN

A port can be an untagged member of at most one VLAN

• When a port is assigned as an untagged member of a VLAN, it is automatically removed from the default VLAN (VLAN 1) or any other VLAN in which it is untagged

12

Rev. 6.11 10

IP addressing example

• Computers in the same VLAN must have IP addresses in the same subnet or address range

• To enable users to access resources outside of their local network, the VLAN must include a router interface

• In this case, the router interface is on the IT switch

13

VLAN 206 users

IT switch

Example: Six computers in VLAN 20IP addresses: 10.1.20.50 to 10.1.20.55Subnet mask: 255.255.255.0 (24 bits)Default gateway: 10.1.20.1

School of Business

Floor 2 switch

Rev. 6.11 11

Extending VLAN boundary across switches

• Assign the uplink as a member of VLANs 20 and 30 to include one or more ports on other switches

• Uplink‘s membership in VLAN 1 allows remote management

• To enable the switch to differentiate between user VLAN (20 and 30) traffic and management traffic, the uplink port is defined as a tagged member:

15


Edge_1(vlan-20)# tagged d4

Edge_1(vlan-20)# vlan 30

Edge_1(vlan-30)# tagged d4

VLAN 206 users

Uplink used for transporting traffic for user VLANs 20 and 30 and also the management VLAN, VLAN 1

VLAN 307 users

IT switch

Floor 2 switch

Rev. 6.11 12

Viewing status of VLAN ports

• To see a list of all VLANs defined on the switch, use show vlans

command

• To display the ports associated with a particular VLAN, specifyVLAN ID:

Edge_1# show vlans 20

Status and Counters – VLAN Information – Ports – VLAN 20

802.1Q VLAN ID : 20

Name : VLAN20

Status : Static

Port Information Mode Unknown VLAN Status

A1 Untagged Learn Up






D4 Tagged Learn Up

16

Floor 2 switch

Rev. 6.11 13

IEEE 802.1Q tag


SourceMAC address


VLAN ID(12 bits)C

F I

Priority (3 bits)


• All VLAN 20 traffic that the switch forwards through an uplink port will have a tag that contains the VLAN ID

• The packet headers sent by the host (10.1.20.51) in VLAN 20 anddestined for an IT server (10.1.1.26) would look like this:

Destination MAC Source MAC

0004e1-5e1100 080046-4f11ca 8100 000 0 014 0800 … 10.1.20.51 10.1.1.26

VLAN ID

Type

VLAN tag

Layer 3 (IP) headerLayer 2 (Ethernet) header

Source IP Destination IP

17

binary

VLAN tag(4 bytes)

Rev. 6.11 14

Defining VLANs on IT switch

Tagged member ofVLANs 30, 40

Tagged membersof VLAN 5

Servers in address range:

10.1.5.0/24

19

• IT department‘s switch is directly connected to:

– Switches on the other three floors, and

– Switches that connect to servers accessible to all departments

• The commands that enable this connectivity are:

IT_switch(config)# vlan 10

IT_switch(vlan-10)# untagged a1-a3

IT_switch(vlan-10)# vlan 20

IT_switch(vlan-20)# tagged c3


By default, all ports are untagged members of VLAN 1

Tagged . . . VLAN 30

Tagged . . . VLANs 20, 30

Untagged members of VLAN 10

IT_switch(vlan-30)# tagged c1-c3


IT_switch(vlan-40)# tagged c1


IT_switch(vlan-5)# tagged d1-d2

Untagged membersof VLAN 5

Rev. 6.11 15

Forwarding within VLAN 20

Edge_1# show mac vlan 20

Status and Counters – Address table – VLAN 20

MAC address Located on port

080046-4f11ca A1

080046-4f2d1f A2

080046-4f11ac A3

. . .

0004e1-5e1100 D4

VLAN 20


IT_switch(vlan-20)# ip addr

10.1.20.1/24

MAC address:0004ea-5e1100

18

IT switch

Default gateway for hosts is 10.1.20.1

Floor 2 switch

Rev. 6.11 16

IT switch is responsible for forwarding IP traffic between directly connected VLANs

This requires two items to be configured:

• IP routing must be enabled:

• An IP address must be assigned to each VLAN on the IT switch for which it will perform IP forwarding

– The IP address must be within the range of the hosts in that VLAN

– The IP hosts in the VLAN must have the router‘s IP interface defined as their default gateway

Forwarding between VLANs

20

IT_switch(config)# ip routing

Rev. 6.11 17

Determining VLAN interface IP addresses

This port leads to hosts in the networks:10.1.20.0/24, 10.1.30.0/24 and 10.1.1.0/24

• Choose an IP address for each router interface based on the address range to be assigned to the hosts in the connected VLAN

• Default gateway for IP hosts in each VLAN should be set to the ―router interface‖ IP address

21

VLAN ID Port MembersAddress Range

of HostsRouter Interface

IP Address

VLAN 1 Untagged a1-d4 10.1.1.0/24 10.1.1.1/24

VLAN 5 Tagged d1, d2 10.1.5.0/24 10.1.5.1/24

VLAN 20 Tagged c3 10.1.20.0/24 10.1.20.1/24

VLAN 30 Tagged c3 10.1.30.0/24 10.1.30.1/24

These two ports lead to hosts in the networks: 10.1.5.0/24 and 10.1.1.0/24

IT switch Floor 1

Rev. 6.11 18

• At the VLAN configuration context:

Assigning IP addresses to VLAN interfaces

There are two ways to assign IP addresses to VLAN interfaces from the CLI:

• At the global configuration context:

22


IT_switch(vlan-10)# ip address 10.1.10.1/24


IT_switch(vlan-20)# ip address 10.1.20.1/24

IT_switch(config)# vlan 10 ip address 10.1.10.1/24

IT_switch(config)# vlan 20 ip address 10.1.20.1/24

IP addresses can also be assigned to VLAN interfaces from the menu and web interfaces

Rev. 6.11 19

Viewing IP addresses

To view IP address information at the CLI, use the show ip

command:

IT_switch# show ip

Internet (IP) Service

IP Routing : Enabled

Default TTL : 64

VLAN : IP Config IP Address Subnet Mask

------------- + ------------- -------------- ----------------

DEFAULT_VLAN : Manual 10.1.1.1 255.255.255.0

VLAN10 : Manual 10.1.10.1 255.255.255.0

VLAN20 : Manual 10.1.20.1 255.255.255.0

25

Rev. 6.11 20

Layer 2 or Layer 3 forwarding?

A switch is sometimes called a ―routing switch‖ because it performs both Layer 2 and Layer 3 forwarding

Determines whether to forward a given frame using Layer 2 or Layer 3 information based on the destination MAC address in the frame‘s header

• Layer 2 forwarding is performed for frames whose destination MAC address is different from the switch‘s MAC address

• Layer 3 forwarding is performed for frames whose destination MAC address is the same as the switch‘s MAC address

27

Rev. 6.11 21

Layer 2 forwarding betweenhosts in the same VLAN

IP: 10.1.1.1/24

MAC: 0004ea-5e1100

Computer Science

Database server

IP: 10.1.30.26/24

MAC: 080046-4F11CA

Computer Science

Backup server

IP: 10.1.30.11/24

MAC: 080046-4F01D3

Edge_2

3rd floor

Edge_1 receives the frame through port D4, submits it to Layer 2 forwarding table lookup, and forwards it through port B2 to the backup server.

IT_switch submits the frame to the Layer 2 forwarding table lookup because the destination MAC address is different from its own MAC address.

The switch forwards the frame through port C3.

IT_switch

1st floor

2

3 Edge_1

2nd floor

28

Edge_2‘s Layer 2 forwarding table indicates that the frame‘s destination MAC address (080046-45F01D3)is reached through port D4.

1

VLAN 30

VLAN 30

VLAN 30

VLAN 30

Rev. 6.11 22

Tag manipulation in Layer 2 forwarding

Computer Science

Database server

10.1.30.26/24

Computer Science

Backup server

10.1.30.11/24

Edge_2

3rd floor

IT_switch receives the tagged frame through port C2 and forwards it through port C3.

Both ports are tagged members of VLAN 30, so tag is retained.

Edge_2 receives frame through port B5, an untagged member of VLAN 30.

Forwarding table lookup returns port D4, a tagged member of VLAN 30

Edge_2 adds 4-bytetag to the frame identifying VLAN 30.

IT_switch

1st floor

1

2

3

Edge_1

2nd floor

30

1522 bytes

1518 bytes

Edge_1 receives tagged frame through port D4 and forwards it through port B2, an untagged member of VLAN 30, so tag is stripped before forwarding the frame.

4

1518 bytes

untagged

tagged

tagged

tagged

untagged

tagged

1522 bytes

Rev. 6.11 23

Layer 3 forwarding betweenhosts in different VLANs

VLAN 40 interface

IP: 10.1.40.1/24

MAC: 0004ea-5e1100

Computer Science

IP: 10.1.30.50/24

GW: 10.1.30.1

MAC: 080046-07015A

Engineering

Simulation server

IP: 10.1.40.15/24

MAC: 080046-02148C

Edge_2

3rd floor

IT_switch creates a new Layer 2 header with destination MAC address 080046-02148c and forwards it through port C4.

Client determines that destination host is on a different network and resolves MAC address to that of its default gateway, 004ea-5e1100.

IT_switch recognizes its MAC address in destination field, removes Layer 2 header, submits the IP packet to Layer 3 route table lookup, and determines that router interface 10.1.40.1 leads to destination network.

IT_switch

1st floor

1

2

3

Edge_3

4th floor

31

VLAN 30

VLAN 40

VLAN 30

VLAN 40

VLAN 30 interface

IP: 10.1.30.1/24

MAC: 0004ea-5e1100

Edge_3 receives the frame through port D4, submits it to Layer 2 forwarding table lookup, and forwards it through port A1.

4

Rev. 6.11 24

Tag manipulation in Layer 3 forwarding

VLAN 10 interface

IP: 10.1.40.1/24

Computer Science

IP: 10.1.30.50/24

GW: 10.1.30.1

Edge_2

3rd floor

Before forwarding frame through port C4, IT_switch adds 4-byte tag to frame to identify VLAN 40.

IT_switch receives the tagged frame, removes Layer 2 header, and submits IP packet for Layer 3 route table lookup.

IT_switch

1st floor

3

4

Edge_3

4th floor

33

VLAN 30 interface

IP: 10.1.30.1/24

Edge_2 receives a frame through port B16, an untagged member of VLAN 30.

1

Engineering

Simulation server

IP: 10.1.40.15/24

MAC: 080046-02148C

1518 bytes

untagged

tagged

tagged

tagged

untagged

tagged

Edge_2 adds 4-byte tag to the frame identifying VLAN 30, forwards on port D4.

2

1522 bytes

Before forwarding frame through untagged port A1, Edge_3 strips tag from frame.

51518 bytes

1522 bytes

Rev. 6.11 25

IP helper address for DHCP clients

Identifies a DHCP server per VLAN

• IP address may be host-specific, subnet-specific, or all ―1‘s‖

Switch acts as DHCP relay agent

• DHCP relay (default) and IP routing must be enabled

IT_switch(vlan-20)# ip helper-address 10.1.1.12

34

VLAN 20

DHCP Server

10.1.1.12

Client sends DHCP request, broadcast to 255.255.255.255

Edge_1

Unicast packet routed by relay agent based on IP helper address

Edge_2

VLAN 20

1

2

Broadcast forwarded by Edge_2 and Edge_1 on ports connecting to VLAN 20

Edge_3

IT_switch

Unicast DHCP response sent to relay agent

34

IP: 10.1.20.93

5

Relay agent sends unicast response to client

DHCP Relay Agent

Rev. 6.11 26

Modifying VLAN port membership

Planning for VLANs

Configuring and verifying VLANs

Modifying VLAN port membership

– Adding tagged or untagged ports to a VLAN

– Removing tagged or untagged ports from a VLAN

37

Rev. 6.11 27

Rules for adding ports to VLANs

When you add a port to a VLAN as an untagged member:

• If it is currently an untagged member of another VLAN, the port‘s membership is simply changed to the new VLAN

• If it is currently a tagged member of one or more VLANs, the port retains those memberships

When you add a port as an tagged member of a VLAN, its status (tagged or untagged) in other VLANs is unaffected

A port may be an untaggedmember of at most one VLAN

38

General Rule

Rev. 6.11 28

Rules for removing ports from VLANs

If a port is a member of only one VLAN:

• Add the port to another VLAN to avoid orphaning the port

39

A port must be a member of at least one VLAN

General Rule

Edge_1(vlan-vid)# no tagged|untagged <port-list>

Edge_1(vlan-vid)# tagged|untagged <port-list>

If a port is a member of multiple VLANs:

• Reverse the command that initially added the port‘s membership to the VLAN it is to be removed from

Rev. 6.11 29

Summary: Modifying VLAN port membership

Observe these rules when adding ports to a VLAN, removing ports from a VLAN, or deleting a VLAN from a switch:

1. A port may be an untagged member of at most one VLAN

2. A port must be a member of at least one VLAN

3. When deleting a VLAN, any ports that are untagged members must be moved to the default VLAN or another VLAN

42


Increasing Capacityand Improving Availability

Module:

Rev. 6.11 31

Increasing switch link capacity

Six 1000Base-T full-duplex servers((6 x 1000Mb) x 2)

full-duplex gigabit fiber links

• Servers in the IT department are connected to 6108 switches

• The full-duplex gigabit link provisioned between each 6108 switch and the 5304xl core switch carries traffic to and from six full-duplex gigabit servers

3

• To increase the capacity of the connection between the core and the 6108 switches, a second link may be aggregated with the existing link


Rev. 6.11 32

Requirements for link aggregation

Link aggregation is also known as ―port trunking‖in HP Networking environments

Links in a port trunk must be coterminous—begin together and end together

Maximum number of links comprising a trunk is 4 or 8, depending on the HP Networking switch family

• Maximum number of trunks per switch also varies based on the HP Networking switch family

4

Rev. 6.11 33

Increasing capacity for server switches


5


• Links A and B are coterminous and can be aggregated

– C and D can also be aggregated

• The links can be of any speed and media type

• Links B and C are not coterminous and cannot be aggregated

– Similarly, A and C, A and D, and B and D cannot be aggregated

AB

CD

Rev. 6.11 34

Layer 2 conversations

Trk1

6

Trk2

• For load-sharing purposes, a conversation is unidirectional, consisting of a source and destination MAC address (SA/DA) pair

• Traffic between any two hosts consists of two conversations:

– Transmissions that originate with Server A and are destined for the Backup Server have the SA/DA pair: 3B-2C… / 00-0F…

– Transmissions that originate with the Backup Server and are destined for Server A have the SA/DA pair: 00-0F… / 3B-2C…

Server AMAC: 3B-2C…

Backup ServerMAC: 00-0F…

Rev. 6.11 35

Multiple Layer 2 conversations

Trk1

8

Trk2

Backup ServerMAC: 00-0F …

• The Backup Server backs up both Server A and Server B

• Each SA/DA pair is a different conversation and therefore could take a different path

Server BMAC: 02-68 …

Server AMAC: 3B-2C …

Rev. 6.11 36

Bi-directional load sharing

Switch A Switch B

Server BMAC: 02-68…

Server A MAC: 3B-2C…



Two separate conversations (3B-2C,00-0F and 02-68,00-0F) travel over different links

Two separate conversations (00-0F,3B-2C and 00-0F,02-68) travel over different links

Core

Switch A Switch BCore

9



Rev. 6.11 37

Multiple conversations hash to the same link

Switch A Switch B





Core

Switch A Switch BCore

9



• Selection of a link within a trunk is not adaptive since it is based on a hash of source and destination MAC addresses

Rev. 6.11 38

broadcast

Trunk groups and broadcasts

Server

Switch B floods the broadcast through non-trunked ports

Switch BSwitch A

Switch A floods the broadcast through all its

ports except the trunk ports

Switch B forwards the broadcast over ONE of the links in the trunk based on

its table entries

12

Trunk

Rev. 6.11 39

broadcast

Redundant links and broadcast storm

Server

Switch BSwitch A

Switch B floods the broadcast over ALL

of the links

Switch A also floods the broadcast over

ALL of the links

13

These redundant links are NOT defined

as a trunk

Rev. 6.11 40

Port trunking methods

HP Port Trunking

• Does not use a protocol to set up the trunk

• Port trunking is compatible with other trunking methods because it is statically defined

Link Aggregation Control Protocol (LACP)

• LACP is defined by IEEE standard 802.3ad

• Both sides may be statically defined, however, LACP also supports a dynamic method for recognizing aggregated links

Both methods use both source and destination addresses for load sharing

14

Rev. 6.11 41

Configuring port trunking

IT_switch(config)# trunk 21,22 trk1 lacp

16

• The trunk command is used to create an HP port trunk or LACP port trunk

• trk1, trk2, etc. are fixed label names for trunks

Edge_1(config)# trunk ?

[ethernet] PORT-LIST Specify the ports that are to be added to/removed from a

trunk.

Edge_1(config)# trunk c1,c2 ?

trk1 Trunk group 1

trk2 Trunk group 2

...

Edge_1(config)# trunk c1,c2 trk1 ?

trunk Do not use any protocol to create or maintain the trunk.

lacp Use IEEE 802.1ad Link Aggregation protocol.

<cr>

Edge_1(config)# trunk c1,c2 trk1 lacp

Edge_1(config)#

Rev. 6.11 42

Impact of port trunking on VLAN status

17

Edge_1# show run

...

vlan 1

name "DEFAULT_VLAN“

untagged A1-A24,B1-B24,C1-C4

ip address 10.1.1.2 255.255.255.0

exit

vlan 10

name "VLAN10“

tagged C1 ...

Edge_1(config)# trunk c1,c2 trk1 lacp

Edge_1# show run

...

vlan 1

name "DEFAULT_VLAN"

untagged A1-A24,B1-B24,C3-C4,Trk1

ip address 10.1.1.2 255.255.255.0

exit

vlan 10

name "VLAN10"

tagged ...

Edge_1(config)# vlan 10 tagged trk1

Before creating trunk, port C1 is a tagged member of

VLAN 10

Create trunk with ports C1 and C2

After trunk creation, Trk1becomes an untagged

member of the default VLAN

Port C1 is no longer assigned to VLAN 10 and C2 is no

longer assigned to VLAN 1

Trk1 must be assigned as a tagged member of VLAN 10

Rev. 6.11 43

Link aggregation summary

Benefits:

• Increases the capacity of links between switches and links between a switch and a server

• Very fast convergence

• On link failure, conversations assigned to the failed link will be distributed over the remaining links

Provides load sharing as opposed to load balancing

Requires point-to-point coterminous links—must begin together and end together

25

Rev. 6.11 44

Layer 2 redundancy: STP and RSTP

Link aggregation

Layer 2 redundancy: STP and RSTP

– STP and RSTP similarities

– Setting Bridge Priority

– Spanning Tree and VLANs

29

Rev. 6.11 45

Spanning Tree review

Switch_A Switch_B

Spanning Tree Protocol (STP) automatically:

• Elects one switch to be the root

• Detects loops in the topology

• Uses the lowest cost path to the root

31

Rev. 6.11 46

RSTP and STP similarities

Rapid Reconfiguration Spanning Tree Protocol

• In the current IEEE 802.1D standard, RSTP supersedes STP

Both STP and RSTP

• Use Bridge Priority to elect a Root Bridge

• Use BPDU messages to determine best path to Root Bridge

• Specify default port costs based on link speed

RSTP advantages over STP

• Faster convergence

• Ports default to ―edge‖ state, allowing rapid transition to Forwarding State

– Edge state indicates device connecting to port is not a switch

Spanning Tree is turned off by default on HP Networking switches

32

Rev. 6.11 47

Addresses and identifiers

Two identifiers play an important role in determining the active path through the bridged network

• Bridge ID—64-bit (8-byte) field consisting of:

– 16-bit user definable priority value

– 48-bit bridge MAC address

• Port ID—16-bit (2-byte) field consisting of:

– 8-bit user definable priority value

– 8-bit port number

34

BridgePriority

PortPriority

PortNumber

MACAddress

Bridge ID Port ID

16 bits 48 bits 8 bits 8 bits

Rev. 6.11 48

Link costs and path costs

When RSTP is enabled, all ports are assigned a default link cost

• 10 Gigabit—2,000

• 1 Gigabit—20,000

• 100 Mbps—200,000

• 10 Mbps—2,000,000

Root Path Cost

• Cost of the shortest path between a switch and the Root Bridge

Root Port

• Port with the lowest cost path to the Root Bridge

• If multiple ports on a switch have the same lowest cost path, the neighbors‘ Bridge IDs are used as a tiebreaker

35

Rev. 6.11 49

Setting Bridge PriorityBridge Priority 4096

Root

Bridge Priority 8192

Bridge Priority 32768 Bridge Priority 32768

• Bridge Priority for RSTP switches is set in increments of 4096

• To set the Bridge Priority to 4096:

Edge_1(config)# span priority 1

• To set the Bridge Priority at 8192:


• To return Bridge Priority to default setting of 32768:


In this network, each link has a cost

of 20000

Backup Root

36

Edge_1 Edge_2

Edge_3 Edge_4

Rev. 6.11 50

Impact of Bridge Priority setting

37


Root


Bridge Priority 32768 Bridge Priority 32768

Backup Root

• All ports on Edge_1 (Root Bridge) are in Forwarding state

Edge_1 Edge_2

Edge_3 Edge_4

L2L5

L4

L1

L3

• Other switches select Root Port directly adjacent to Root Bridge

• One switch forwards traffic on behalf of each LAN, the Designated Bridge, which is selected based on Bridge ID

• Edge_1 is Designated Bridge for Links 1, 2, and 3

• Edge_2 is Designated Bridge for Links 4 and 5 because it has better priority

DPDP

DP

F F

F

FF

DP DP

F

RP

F

F

RP

RPB B

Rev. 6.11 51

Edge_1(config)# show span

Status and Counters – Spanning Tree Information

Protocol Version : RSTP

STP Enabled : Yes

Force Version : RSTP-operation

Switch Priority : 4096 Hello Time : 2

Max Age : 20 Forward Delay : 15

Topology Change Count : 20

Time Since Last Change : 1 hour

Root MAC Address : 0004ea-5e1100

Root Path Cost : 0

Root Port : This switch is root

Root Priority : 4096

Port Type Cost Priority State : Designated Bridge

---- --------- --------- -------- ---------- + -----------------

...

B4 100/1000T 20000 128 Forwarding : 0004ea-5e1100

...

C1 100/1000T 20000 128 Forwarding : 0004ea-5e1100

...

D4 100/1000T 20000 128 Forwarding : 0004ea-5e1100

Spanning Tree details for Root Bridge

38

Bridge Priorityis set to ―1‖

Root Bridge indicators

Root Bridge is Designated Bridge

for its locally connected links

Rev. 6.11 52

Edge_2(config)# show span

Status and Counters – Spanning Tree Information

Protocol Version : RSTP

STP Enabled : Yes

Force Version : RSTP-operation

Switch Priority : 8192 Hello Time : 2

Max Age : 20 Forward Delay : 15

Topology Change Count : 20

Time Since Last Change : 1 hour

Root MAC Address : 0004ea-5e1100

Root Path Cost : 20000

Root Port : A1

Root Priority : 4096

Port Type Cost Priority State : Designated Bridge

---- --------- --------- -------- ---------- + -----------------

...

A1 100/1000T 20000 128 Forwarding : 0004ea-5e1100

...


...


Spanning Tree details for non-Root Bridge

39

Bridge Priority is set to ―2‖

Root Bridge indicators

Rev. 6.11 53

Why set Bridge Priority?

• All switches have default


• All ports have default Port Priority 128

• All links cost are 20000

MAC: 0001e6-093800MAC: 0001e6-0f1332

MAC: 0004ea-100da3MAC: 0004ea-2a1312

MAC: 0004ea-5e1100 MAC: 0004ea-5e5000

• If Bridge Priority is not administratively-defined, which of these switches will become the Root Bridge?

• How does this affect the active path through the network?

• Root Ports

RootBackup Root

• Designated Ports

40

RP

RP

RP

RP

RP

DP

BDP

DP

DP

DP

DP B

Rev. 6.11 54

RSTP edge ports

• All ports are edge ports by default when RSTP is enabled, which causes rapid transition to Forwarding State

• Ports that are connected to other switches should NOT be treated as edge ports

Edge_1(config)# no span b4,c1,d4 edge-port

Edge_2(config)# no span a1,c1,c4 edge-port

Edge_3(config)# no span a1,a4 edge-port

Edge_4(config)# no span a1,a4 edge-port

Edge_1 Edge_2

Edge_3 Edge_4

End stations End stations

41

L2 L5L4

L1

L3

F

RP

F

F RP

RP

DP DP

Rev. 6.11 55

Configuring and enabling RSTP

Spanning Tree can be configured before it is enabled

• Sample configuration commands:

42

Edge_2(config)# span c12 point-to-point-mac force-false

Edge_2(config)# span Trk1 pri 4

Edge_2(config)# span a1 path-cost 40000

Edge_1(config)# span

Edge_1(config)# span pri 1

Edge_1(config)# no span b4,c1,d4 edge

Enable Spanning Tree when configuration is complete:

Disabling Spanning Tree (no span) does not remove existing

settings from the configuration

Rev. 6.11 56

Combining Spanning Tree and VLANs

When Spanning Tree and VLANs are combined:

• Both RSTP and STP standards specify a single Spanning Tree that resolves loops in a bridged network

• Regardless of the number of VLANs in the bridged network, BPDUs are sent untagged

• Redundant links between switches are blocked

– Network designers must ensure not to isolate VLANs

46

Rev. 6.11 57

Scenario: Spanning Tree and VLANs

Edge_3Edge_4

Edge_2

VID 10

VID 10

VID 10VID 30

VID 20VID 20

VID 20

VID 30

10, 20

10

30

10

20

20

• Three VLANs are distributed across four switches with redundant links

• While it may seem sufficient to define the common point-to-point link between two switches as a tagged member of only the VLANs

that are shared by the switches, the operation of Spanning Tree can result in isolation of VLAN hosts

47

Edge_1

Rev. 6.11 58

Poor design can isolate VLANs

Edge_3Edge_4

VID 10

VID 10

VID 10VID 30

VID 20VID 20

VID 20

VID 30

10, 20

10

30

10

20

20

• Only three of the six links between the switches are required for full

connectivity; three are blocked

• Are any hosts isolated from other hosts in the same VLAN?

Edge_2

10, 20

20

10

Active path

48

DP

B

F RP

RP

RPDP

DP

B

BFF

Edge_1

Root

Rev. 6.11 59

Assigning all VLANs to redundant links

Edge_3Edge_4

VID 10

VID 10

VID 10VID 30

VID 20VID 20

VID 20

VID 30

10, 20, 30

10, 20, 30

10, 20, 30

10, 20, 30

10, 20, 30

10, 20, 30

• Assigning all three VLANs to switch-to-switch links assures that all VLANs will be reachable regardless of which links

are blocked

Edge_2

10, 20, 30

10, 20, 30

10, 20, 30

Active path

49

DP

B

F RP

RP

RPDP

DP

B

BFF

Edge_1

Root

Rev. 6.11 60

Summary: STP and RSTP

RSTP provides faster convergence than STP

Bridge ID and Port ID are significant factors in determining the fastest path through a bridged network

• Bridge Priority should be configured manually to ensure proper selection of the Root Bridge

• Port Priority can be configured manually to affect active path selection

RSTP and STP are interoperable by design

Designers must ensure that Spanning Tree operation does not isolate VLAN members

53


Enabling Convergence

Module

Rev. 6.11 62

Prioritizing traffic


– Prioritization tasks

– Classification criteria

– Scheduling (servicing queues)

– Standards for marking traffic

– Rate limiting

– Guaranteed minimum bandwidth

Supporting IP Multicast

2

Rev. 6.11 63

HP Networking University scenario

New applications are planned to be added to the HP Networking University network in the near future:

• Video surveillance cameras in public areas to be upgraded

• Voice over IP to be used for phone system

• Video conferencing capabilities to be extended to the network edge

Switches used to upgrade the network edge must:

• Support traffic prioritization

• Enable power to be carried over Ethernet

• Enable multicast traffic to be forwarded only to intended receivers

3

Rev. 6.11 64

Traffic prioritization tasks

Classification

• Recognize traffic that should be prioritized

• Assign a traffic class (0-7)

Scheduling

• Map traffic classes to queues

• High priority traffic gets a greater percentage of the outbound bandwidth than normal or low priority traffic

Marking

• Indicates within the header how traffic should be handled

• Layer 2 marking—IEEE 802.1p

• Layer 3 marking—IP ToS or DiffServ

4

Rev. 6.11 65

ingress port

0

1

2

3

4

5

6

7

Classification

Classification

Traffic can be classified based on a previously defined characteristic such as VLAN ID, inbound port or IP address

Various HP Networking switches can map traffic to up to 8 traffic classes

5

Rev. 6.11 66

Scheduling—Mapping and queuing

Traffic classes are mapped to queues within the switch

Each queue is allocated a minimum percentage of bandwidth where high priority traffic is allocated the highest percentage

0

1

2

3

4

5

6

7

ClassificationPhysicalQueuing

ingress port

1 (lowest priority)

2 (normal priority)

3 (medium priority)

4 (highest priority)

6

Rev. 6.11 67

MarkingSwitch can indicate a priority level in the frame‘s header

IEEE 802.1p standard specifies up to 8 priority levels that can be marked in the IEEE 802.1Q tag

0

1

2

3

4

5

6

7

ingress port

1 (lowest priority)

2 (normal priority)

4 (highest priority)

egress port

Priority level will be marked on frames forwarded through a tagged port

7

ClassificationPhysicalQueuing

3 (medium priority)

Rev. 6.11 68

Traffic classification by an edge switch

Two conditions may require a switch to classify traffic:

• Hosts are incapable of setting priority for the traffic they generate

• Untrusted hosts set illegitimate priorities

Some switches can classify traffic based on:

• IEEE 802.1Q VLAN ID

• IP address (source or destination)

• TCP or UDP port number

• Value in 802.1p or TOS field

• LAN protocol (Ethernet type field)

• Incoming source port on the switch

Other switches may be able to classify traffic based on incoming source port

8

Rev. 6.11 69

Weighted round-robin queuing

QueuesPercentage of bandwidth 1

2800 2600 4100gl 2 5300xl

4 (high) 55 75 61 45

3 (medium) 28 19 30

2 (normal) 14 5 31 16

1 (low) 3 1 8 8

1 Percentage of bandwidth is based on number of packets2 HP Networking Switch 4100gl supports 3 queues3 Applicable to HP Networking Switch 5400zl, 3500yl and 6200yl

Queue 4

Queue 3

Queue 1

Queue 2

2600

9

Queues

Percentage of bandwidth 1

5400zl 3

8 (high) 20

7 (high) 15

6 (medium) 10

5 (medium) 10

4 (normal) 10

3 (low) 30

2 (low) 3

1 (normal) 2

HP Networking Switch 2600 series example

• If the switch receives traffic mapped to all four queues in a given time period 75% of the bandwidth would be allocated to high priority traffic. Normal priority traffic would use 5% of the bandwidth.

• If all traffic has the same priority level (e.g. normal) in a given time period, 100% of the bandwidth is given to that traffic.

Rev. 6.11 70

Standards for marking traffic

IEEE 802.1p (Layer 2 marking)

• Part of IEEE 802.1Q standard

• Specifies 8 priority levels (0-7) that are identified within the 802.1Q tag

• Relevant within and between VLANs; ports that carry 802.1p prioritization information must be tagged

IETF RFC 2475 - DiffServ (Layer 3 marking)

• Specifies a method for setting priority in a 6-bit field in the IP datagram header

• DiffServ settings are maintained between routed networks, including WAN interfaces

• Up to 64 code points may be defined

– RFCs 2474 and 2475 specify 13 service levels

10

Rev. 6.11 71

Traffic prioritization using 802.1p

A 3-bit field in the 802.1Q tag is reserved for prioritization

Some end stations set priorities for their traffic

HP Networking switches set marker for prioritized traffic forwarded over tagged links

000001010011100101110111

11


SourceMAC address


VLAN ID(12 bits)C

F I

Priority (3 bits)


VLAN tag(4 bytes)

8 possible values

for 3-bit Priority field

Rev. 6.11 72

IP Type of Service

IP datagram header includes an 8-bit Type of Service (ToS) field that was defined to allow a host application to provide handling instructions to a router

Differentiated Services redefines the field

Precedence Type of Service Unused

0 1 2 3 4 5 6 7

Differentiated Services codepoint

Unused

0 1 2 3 4 5 6 7

Original Definition (IP Precedence):

New Definition (Differentiated Services):

X X X 0LD

X X X X X X 0 0

HT

HR

LC

12

Rev. 6.11 73

Classifying traffic based on ingress port

Video surveillance cameras to be installed do not mark traffic with high priority

Edge_3(config)# int 5-8

Edge_3(eth-5-8)# qos priority 6

Edge_3(config)# show run

. . .

int 5

qos priority 6

int 6

qos priority 6

int 7

qos priority 6

int 8

qos priority 6

. . .

To set the priority for a range of ports:

13

Rev. 6.11 74

Marking in IEEE 802.1Q tag

DA SA 0800 <IP header>

DA SA 8100 110 0 03c 0800...

vlan 60

untagged 5-8

tagged 9

14

Because uplink port is a tagged member of VLAN 60,all outbound VLAN 60 traffic carries a tag

This tag contains a high priority marker (110)

802.1Q Priority VLAN ID

Rev. 6.11 75

Retaining priority when forwarding between VLANs

...

vlan 61

tagged a1

ip address 10.1.65.1/24

...

vlan 60

tagged d1

ip address 10.1.60.1/24

...

DA SA 8100 110 0 60 0800...

Security monitoring stations

DA SA 8100 110 0 61 0800...

15

Surveillance cameras and security monitoring stations are in different VLANs

Upstream switch retains the priority setting when forwarding between networks

Rev. 6.11 76

Enabling other types of classification

On some switches, traffic classification policies can also be defined within:

• VLAN configuration context to specify a priority value per VLAN

16

Core(config)# qos device-priority 10.10.15.27 pri 6

Example:

Core(config)# qos ?

udp-port Set UDP port based priority.

tcp-port Set TCP port based priority.

device-priority Configure device-based priority.

dscp-map Define mapping between a DSCP (Differentiated-

Services Codepoint) value and 802.1p priority.

protocol Configure protocol-based priority.

type-of-service Configure the Type-of-Service method the device uses

to prioritize IP traffic.

Core(vlan-20)# qos pri 6

• Global configuration level to set a priority level for particular TCP/UDP port numbers, IP addresses, and protocol

Rev. 6.11 77

Resolving conflicting priority settings

When traffic to be classified matches multiple prioritization policies, the switch enforces the following precedence:

• UDP/TCP application type (port number)

• Device priority (destination or source IP address)

• IP Type of Service field

• Protocol (Ethernet Type field)

• VLAN ID

• Incoming source port on the switch

• Incoming 802.1p value

18

Higher

Lower

Preced

en

ce

Rev. 6.11 78




– Limiting multicasts with IGMP

– IGMP terms

– Displaying IGMP information

47

Rev. 6.11 79

Limiting multicasts with IGMP

IP multicast traffic is sent by a server to a destination multicast group address

A host sends an IGMP ―membership‖ message signaling an intention to join the group

Switches configured to support IGMP forward the data stream only toward hosts that have joined the group

• Switches without IGMP support will flood multicast packets through all ports, potentially to unintended recipients

Switches configured to support IGMP send periodic ―query‖ messages to verify at least one member is still active on each attached network

• Hosts confirm their intention to continue receiving the multicast stream using an IGMP ―membership‖ message

A host sends an IGMP ―leave‖ message signaling an intention to stop receiving the multicast stream

49

Rev. 6.11 80

IGMP terms

IGMP host

• End station that runs multicast applications using IGMP

• Sends a ―membership‖ message to signal intention to receive a multicast data stream and a ―leave‖ message to stop receiving

Querier

• IGMP device that sends requests and collects responses, determining the location of multicast data receivers

• Each multicast-enabled broadcast domain has one active querier and possibly a backup querier

Multicast group

• Set of hosts, routers, and/or switches that send or receive multicast data streams to or from the same source(s)

50

Rev. 6.11 81

IGMP Querier

Every LAN that is multicast-enabled must have an IGMP Querier

Each IGMP switch or router can be configured to participate in Querier Election

• It listens for queries and becomes the Querier if it hears none

The Querier sends out Queries based on a Query Interval

• Other IGMP switches and routers listen for Queries and will elect a new Querier if they stop hearing Queries.

If a multicast router is present, it becomes the Querier

• A HP Networking switch can become a Querier for a VLAN if it has an IP address defined for that VLAN

• Without an IP address, the switch can still be configured to participate in IGMP, but cannot become the Querier

51

Rev. 6.11 82

IGMP Membership Report

multicast server

IGMP client

Hosts 2 and 4 send IGMPMembership Reports to ―join‖ the multicast group

Edge_1

Edge_2 Edge_3

IGMP client

• All three switchesare IGMP-enabled

host1 host2 host3 host4

53

Rev. 6.11 83

Data-driven IGMP

multicast server

IGMP client

With Data-driven IGMP, the switches send the multicast data stream only toward group members

Edge_1

Edge_2Edge_3

IGMP client

55

Rev. 6.11 84

IGMP snooping

multicast server

IGMP client

With IGMP snooping, the switches send the multicast data stream toward all hosts initially

Edge_1

Edge_2Edge_3

IGMP client

54

After a time period of not receiving IGMP membershipreports from some hosts, the switch stops sending the multicast stream toward those hosts

Only receives multicast data stream initially

Rev. 6.11 85

IGMP Fast-Leave

multicast server

IGMP client

Edge_1 will stop sending data stream if there is no response to its periodic Host Membership Query

3

2 Edge_3 immediately stops sending toward former client, since no other active clients

Edge_1

Edge_2Edge_3

1 Host sends IGMP LeaveGroup message

56

Rev. 6.11 86

Enabling IGMP support

IGMP is enabled within the context of each VLAN that will support IP multicast traffic:


Edge_1(vlan-20)# ip igmp

A HP Networking switch can act as the querier for any VLAN if it has an IP address assigned:

Edge_1(vlan-20)# ip address 10.10.20.15/24

If an IP address is assigned to the VLAN, but the switch should not participate in querier election, you can disable the feature :

Edge_1(vlan-20)# no ip igmp querier

58


MSM Controller Overview

Module

MSM765zl Module

MSM760 Appliance

88

MSM760 and MSM765zl Controllers

5400zl/8200zl series

http://www.procurve.com/products/switches/HP_ProCurve_8200zl_Switch_Series/overview.htm

MSM Controllers

89

MSM 760 MSM 765 zl

Service Pack Access (Basic) Mobility Mobility Only

Services• WLAN Mgmt

and Control•Guest Access

•WLAN Mgmt and Control

•Guest Access•Roaming

•WLAN Mgmt and Control•Guest Access

•Roaming

Port Speed 10/100/1000 10000

ScalabilityMaximum # of Access Points Supported:

40 expandable to 200

Maximum # of Access Points Supported:

40 expandable to 200

Simultaneous Users Unlimited Unlimited

Simultaneous guest access users

1000 expandable to 2000 1000 expandable to 2000

Warranty 1 year hardware limited warrantyLifetime hardware warranty

5 years on Hard Drive

MSM Controllers (cont).

Rev. 6.11 90

MSM 710

Service Pack Access (Basic) Mobility

Services• WLAN Mgmt

and Control•Guest Access

•WLAN Mgmt and Control

•Guest Access•Roaming

Port Speed 10/100/1000

ScalabilityMaximum # of Access Points Supported:

10

Simultaneous Users Unlimited


100

Warranty 1 year hardware limited warranty

MSM AP exchanges low bandwidth management traffic with controller

High bandwidth traffic between user & host is forwarded locally by MSM AP

HP Networking Architecture?

HOST

MSM Controller

HOST

AP

Controller

ControlData

Control & Data

Data

HP HP NetworkingMSM solution

Other Manufacturers

MSM Edge Switched Service

MSM AP is managed centrally but processes data at the edge• MSM APs get its config, policies & firmware update from controller

• MSM APs reports connections and events to controller

• MSM AP authenticates Wifi nodes directly with the RADIUS server

Key Advantage: • Controller scales easily (for 802.11n) as User traffic does not cross it

• MSM AP continues to work without controller: provides Resiliency

Authentication

Control

Switch MSM Controller

Corporate RADIUS

Data

IP

MSM AP

MSM Edge Switched Service (cont…)

• Wireless user traffic is bridged into local VLAN

• Infrastructure Requires:

− Setting of VLANs at network edge (AP switch ports)

• For Static VLAN or Dynamic VLAN assignment

− Local Routing

− Local DHCP sevices

Switch MSM Controller

Corporate RADIUS

Data

Local VLAN

IP

Architecture for Centralized Guest Service

MSM AP ―tunnels‖ Guest traffic up to the MSM Controller

• Access control occurs at the controller using either the internal or external radius server

• Traffic is routed/NATed (option) onto a vlan local to the Controller

Key advantages:

• Wireless traffic is isolated from wired LAN and is centrally authenticated & Firewalled

Switch

MSM Controller

MSM AP

Control + Authentication + Data

Access controlled guest data

IPRADIUS

Architecture for Centralized Guest Service (cont)

User IP address is assigned (or relayed) by controller

Guests belongs to a local (private) IP Subnet on the controller

User traffic is routed, shaped, tagged & optionally NATed, at the controller

Infrastructure does not require user VLAN settings or DHCP services at the Edge.

Switch

MSM Controller

MSM AP

Control + Authentication + Data

Access controlled guest data

IP

DHCP

Edge or Centralized Service ?

96

MSM Edge ArchitectureMSM Centralized architecture

(Access controlled traffic)

User traffic is: Bridged on to the VLAN at the APTunneled to controller and Routed on a

VLAN of the Controller

Access Point switch port

is tagged with multiple VLANS requires only one VLAN

IP Subnet of Users Local to AP Local to controller and/or NATed

Authentication of users

Managed by AP Managed by Controller

Guest Users? Open SSID without authentication Full centralized Web Authentication


Unlimited 1000 expandable to 2000

AdministrationMore tasks on infrastructure at AP

(VLANs, DHCP…)Less tasks on Infrastructure

Key advantage Scalability Wireless traffic isolated from rest of LAN


MSM AP Overview

Module

MSM Access Point Models

Single radio Dual radios Triple radios

Model MSM310 (-R) MSM410 MSM422 MSM320 (-R) MSM325* MSM335*

Radio(s) a/b/g a/b/g/n n + a/b/g 2x a/b/g 2 x a/b/g 3 x a/b/g

Enclosure indoor outdoor indoor Indoor indoor outdoor Indoor Indoor

Operating Modes

Client access

Local Mesh

Packet capture

Client accessLocal Mesh Packet Capture

Client access

Local Mesh

Packet capture

Client access

Local Mesh

Packet capture

Client access

Local Mesh

Packet capture

RF security (Sensor)

Client access

Local Mesh

Packet capture

RF security

(Sensor)

Part numbers

J9379A J9383A J9427A J9359A J9364A J9368A J9373A J9357A

98

J9384A HP Networking MSM320 RF Sensor License

•All AP can be powered with standard PoE - 802.3af!

•Operate in both controlled and autonomous mode

•* One Radio can be set as Sensor

99 21 October 2010

Questions

How does an AP associate with a controller?

How does an AP receive its config?

Discovery of controlled MSM APs – Phase 1I. Automatic connection to the controller

• if in the same VLAN, MSM APs discover Controller via UDP Broadcast

• If not in the same VLAN, the IP address of the controller can be sent via Option 43 of DHCP or can be resolved via DNS

MSM ControllerMSM AP

Corporate DHCP Server

Corporate DNS Server

?

......and you can always manually provision a device if required.

Discovery of controlled MSM APs – Phase 2

II. Configuration of AP

• MSM AP is adopted by MSM Controller (Automatically or authenticated using a local or remote radius server)

• Firmware is updated if needed

• Configuration/policies securely downloaded from controller

MSM ControllerMSM AP Authenticate

Check FirmwarePush Config

Discovery of controlled MSM APs – Phase 3

III. AP activates radios/profiles and becomes operational

• MSM Controller uses a secure control tunnel with MSM AP

• Wireless user traffic is directly forwarded to the LAN

MSM Controller

MSM AP

HOST

Control tunnel

103 21 October 2010

Question

How can we provide different setup to different APs?

Configuration of controlled MSM APs AP Groups.

• MSM APs with similar parameters are grouped together:

– Use of Radios (AP,local mesh, sensors)

– Egress VLANS.

– Active services.

– Location.

Group: Floor1

Group: Reception

RADIO 1: 802.11nRADIO 2: 802.11b/g

RADIO 1: 802.11aRADIO 2: 802.11b/g

105 21 October 2010

106 21 October 2010

107 21 October 2010

Question

How do you configure wireless networks for different applications such as Enterprise Users, Voice over IP, Guests?

Virtual Service Community (VSC)

VSC Profile defines:

• Virtual AP parameters: SSID, broadcast

• Encryption, Authentication

• Service quality

• Mobility options

• VLAN usage

• Filters

VSC #Enterprise

Virtual Service Communities

109 21 October 2010

110 21 October 2010

Question

Can we apply selectively a VSC profile to different group of APs?

Configuration of controlled MSM APs

Bind VSCs to Groups & associate VLAN to use for edge traffic

VSC :Visitors

VSC:Cameras

VSC :Enterprise

VSC: Voice

Group - Reception

Group – Floor1

VLAN 40

VLAN 50

Drag & Drop

112 21 October 2010

Default Visitor Interface

―Hidden Node‖ Issue

Limitation of 802.11

• Hidden node

– Node A, in range of the receiver R, is not in range of the sender B, and therefore cannot know that B is transmitting to R

– When both A and B attempt to transmit to R, CSMA/CA does not work. Collision happens and R receives garbage. Nodes end up re-transmitting

113

21 October

2010

R

A

B

R

A

B

Collision

What Does All This Means?

If you try to use a high gain antenna to get more penetration (and hence coverage), it does not necessarily work

114

21 October

2010

Myths and Misconceptions

Myth #1: An AP with longer range is better

– Longer range increases the incidence of hidden node issue

Myth #2: Use AP that has larger coverage so I can use less number of APs

– See myth #1

– No signal overlap therefore no AP redundancy

Myth #3: If my laptop see a strong signal from the AP then wireless coverage is excellent

– The AP may not see a strong signal from your laptop

– See myth #1

115

21 October

2010

Requirement Analysis

Questions to ask (that we usually don‘t ask):

• What is the purpose of the wireless network?

– This determines the number and type of wireless services

• What applications will run over the wireless network?

– This determines the bandwidth, number of wireless clients support and affects AP quantity

• What encryption and authentication will be used?

– This determines the need for Mobility or Access controller

• What are the types of wireless client devices?

– This determines the cell size

• How many concurrent wireless users expected?

– This determines AP quantity

116

21 October

2010

Learning By Experience

Have your own equipment!

Test it out for yourself!

You have to experienced it for yourself!

117

21 October

2010

Mounting of Access Point

Don‘ts

• Do not enclose in a metal enclosure

• Do not mount on a metal beam

• Do not mount near lighting fixtures

• Do not mount near aircon ducts and pipings

• Do not mount on or behind a refrigerator

• Do not mount it in a closet with fire retardant door

• Do not mount it more than two walls away from clients

• Do not mount it such that signal penetrates obliquely through obstruction

118

21 October

2010


MSM 765 Controller Getting Started

Module

MSM 765 License Install

Install the Product License Key

The starting point for this procedure is the Service OS CLI prompt for the MSM765zl you are activating.

1. Install the product license key:

licenses install activation <license key>

Where <license key> is the product license key just provided by the My

HP Networking portal. The key must be entered precisely as received including

the dashes. If possible, copy and paste the string as received.

2. Boot the MSM765zl product:

boot product

3. At prompt:

System will be rebooted.Do you want to continue [y/n]?

Respond with ―y‖.

The product reboots.

120

Assign an IP Address to the MSM765zl LAN Port

HP Networking Switch 5406zl#

To set the MSM765zl LAN port IP address:

1. Select the MSM765zl of interest, specifying the slot and index.

services <slot-id> <index>

2. Enable the chosen MSM765zl CLI and select its config context:

config

3. Select the MSM765zl LAN port interface:

interface ip lan

4. Assign it an IP address of 192.168.1.1 and a subnet mask of 255.255.255.0.

ip address 192.168.1.1/24

121

References

Getting started manual

http://www.hp.com/rnd/support/manuals/mscseries.htm

MSM Configuration Examples V1.0 PDF (distributed during class)

http://www.procurve.com

122

http://www.hp.com/rnd/support/manuals/mscseries.htm

http://www.procurve.com/


Basic Network Troubleshooting

Module

Rev. 6.11 124

Device indicators and settings

• Power, fan, module and port LEDs

• LED mode select button

– Link activity, full-duplex, maximum speed, Error

• Switch hardware statistics

– System-wide information

• Event logs

• LAN port, WAN interface, and wireless AP configuration settings, status, and counters

Information resources—Device indicators and settings

14

Console port

Resetand Clear

recessed buttonsStatus LEDs for

fans, power supplies,and switch modules

LED Mode Select button and indicator LEDs

Self-test LED

3400cl example

5300xl example

LED Mode Select button and indicator LEDs

Status LEDs forExpansion module, RPS,

fan, self-test

Rev. 6.11 125

Network topology and connectivity indicators include:

• LLDP information

– Neighbor status and identifying information

• Spanning Tree information

– Bridge topology information and state of each bridge port

• VLAN information

– List of VLANs, port status (tagged/untagged), VLAN state (up/down)

• Layer 2 forwarding tables

– MAC addresses associated with ports and VLANs

• Layer 3 routing tables

– Currently active dynamic and static routes, next hop gateways

Information resources—Network topology and connectivity

15

Rev. 6.11 126

Viewing status of switch hardware

To view system information such as firmware revision, total and free memory and packet buffers, and CPU utilization:

Switch# show cpu

Switch# show module

Switch# show system

To view a list of the location, type, and serial number of modules recognized by the switch:

To view the percentage of load on the CPU during the last one-second, five-second, and one-minute intervals:

16

Rev. 6.11 127

Frequent port state transitions can indicate a problem with cable, port, port module, or client network adapter

Interpreting the Event Log

Event log holds up to 1000 entries

• It is erased when the switch loses power, but retained on reboot (reload or boot)

• To see events since last power cycle:

Switch# show log -a

Listing can be filtered based on the entity that generated the event, for example:

Switch# show log ports

Switch(config)# console events <none|debug|all|not-info|critical>

Severity level of Event Log entries viewed at the console is configurable:

17

Rev. 6.11 128

Viewing port status

To view operational status of all ports:

Switch# show interfaces config

Switch# show interfaces brief

To view configured status of all ports:

• Indicators:

– Administrative state (enabled or disabled)

– Link status (up or down)

– Operational speed/mode, flow control status, and MDI mode

• Indicators:

– Ports configured with non-default settings

– Administrative state (enabled or disabled)

– Configured speed/mode, flow control status, and MDI mode

19

Rev. 6.11 129

Viewing port counters

To view a high level table of counters for all ports:

Switch# show interfaces <port-list>

Switch# show interfaces

• Indicators:

– Link status

– Number of unicast and multicast/broadcast packets transmitted and received

– Number of bytes transmitted and received

– Eight different error counters

– Broadcast packet counts

• Indicators:

– Total bytes and total frames

– Errors and drops

– Flow control status

To view the details of a specified list of ports:

20

Rev. 6.11 130

Resolving Spanning Tree issues

When upper layer protocols (IP, TCP, UDP, HTTP, etc.) cannot communicate and Spanning Tree is enabled:

• Isolate to determine whether crucial links are unintentionally blocked by Spanning Tree

Use the output from show span on each switch to update a

network map with the following information:

• The state of each port connected to a switch-to-switch link

– Blocking and Forwarding

• Root Port and Designated Port

• Non-default Bridge Priority and Port Priority settings

24

Rev. 6.11 131

Resolving VLAN issues

Lack of logical connectivity when physical connection is active can point to a VLAN configuration issue:

• To view a list of configured VLANs:

Switch# show vlan <port-list>

Verify that the VLAN is ‗Up‘

• A VLAN is ‗Up‘ if the link status is up for at least one of its port members

• A VLAN is ‗Down‘ if it has no ports with an ‗Up‘ link status

• To view a list of ports per VLAN (with tagging status)

Switch# show vlan

• To see a list of VLANs per port (without tagging status)

Switch# show vlan <vlan-id>

25

Rev. 6.11 132

Viewing Layer 2 forwarding tables

To view all learned MAC addresses and the port on which each was heard:

Switch# show mac <mac-address>

Switch# show mac <port-list>

Switch# show mac <vlan-id>

Switch# show mac

To view a specific MAC addresses-to-port mapping:

To view MAC addresses heard on a given VLAN:

To view a list of MAC addresses heard on a given port:

26

Rev. 6.11 133

Layer 3 tools and information

For network reachability problems beyond a Layer 3 neighbor:

• First, verify IP routing is enabled, by default it is disabled on switches

• Use ping determine reachability of a destination

– Recognize the difference between ―Network/host unreachable‖ vs. ―Not responding‖ vs. ―Bad IP address‖

• Use traceroute to determine the path traversed from a source to a destination

• Use show arp to see a list of neighbors for which the IP addresses have been resolved to their MAC addresses

• Use show ip route to list the currently active dynamic and static routes

– A static route will be removed if the next hop gateway or port that is used becomes unavailable

To send RIP or OSPF messages to the event log, use debug ip rip|ospf

28

Rev. 6.11 134

Wireless LAN troubleshooting

Wireless LAN issues usually fall into the following areas:

• Clients

• Access points

• Server or network infrastructure

Where is the problem occurring? Client, AP, server?

• Can I reach the management interface or ping the AP from a management station or wired client?

• Is anybody else associated to this access point?

• Am I using the correct SSID?

• Am I using the correct security settings (WEP, WPA)?

• Can I see any radio signal coming from the AP?

32

Rev. 6.11 135

Client troubleshooting

Wireless interface installation issues

• Is the wireless adapter properly installed?

• Are you using the most recent set of drivers?

• Is the radio enabled?

Incorrect WLAN settings

• SSIDs are case sensitive

• Blank SSIDs will associate to any AP with strongest signal

• Radio settings—Ensure radio frequency and speed match the type of the WLAN

Security settings

• Static key issue—WEP, WPA(2)-PSK

• Dynamic—802.1X, WPA(2), 802.11i

• Operating system supplicant compatibility issues

34

Rev. 6.11 136

Access point troubleshooting

Installation issues

• Is the AP card properly installed, if applicable?

• Is the radio enabled?

• Country code set, if applicable?

• Lost passwords or username and password

Incorrect WLAN settings

• SSIDs are case sensitive

• Radio settings—Ensure radio frequency and speed match the type of clients on the WLAN

• Security settings must match WLAN clients

Advanced features

• VLAN IDs or RF settings

Access point hardware

• Antenna issues

• Firmware or configuration files corrupt?

36

Rev. 6.11 137

As the mobility solution becomes more secure, the interdependencies increase, especially if username / password authentication is being used

• AP RADIUS server settings

• EAP protocol type

• Authentication server issues:Active Directory, UNIX, Kerberos

• Connectivity issues between AP and RADIUS server, or RADIUSand Authentication server

Infrastructure troubleshooting

37

AP authenticat

orclientsupplican

t

RADIUSauthentication server

IPnetwork

Rev. 6.11 138

Port mirroring

To get a closer look …

• Traffic from any set of ports may be sent to another port for collection and analysis

• Define the ―mirror‖ port at global configuration level

– Port that receives traffic of ports being monitored

Switch(config)# mirror-port c2

Switch(eth-a12)# monitor

• Enable monitoring within port context configuration level

– Ports whose traffic is copied to the mirror port

– May be a trunked port or a single port

38

• Keep in mind, the mirror port must be made a member of the

same VLAN as the monitored ports

Date post:	17-Jul-2020
Category:	Documents
Upload:	others
View:	3 times
Download:	0 times

HP Networking Training · Agenda Vlans Increasing Capacity Spanning Tree Enabling Convergence...

Documents