NetIronUnified_05200b_ConfigGuide

53-1002372-01September 26, 2011 Brocade MLX Series and NetIron FamilyConfiguration GuideSupporting Multi-Service IronWare Unified NetIron R05.2.00bCopyright 2011 Brocade Communications Systems, Inc. All Rights Reserved.Brocade, the B-wing symbol, DCX, Fabric OS, and SAN Health are registered trademarks, and Brocade Assurance, Brocade NET Health, Brocade One, CloudPlex, MLX, VCS, VDX, and When the Mission Is Critical, the Network Is Brocade are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned are or may be trademarks or service marks of their respective owners.Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that accompany it.The product described by this document may contain open source software covered by the GNU General Public License or other open source license agreements. To find out which open source software is included in Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd.Brocade Communications Systems, IncorporatedDocument HistoryCorporate and Latin American HeadquartersBrocade Communications Systems, Inc.130 Holger Way San Jose, CA 95134Tel: 1-408-333-8000 Fax: 1-408-333-8101 E-mail: [email protected] Asia-Pacific HeadquartersBrocade Communications Systems China HK, Ltd.No. 1 Guanghua RoadChao Yang DistrictUnits 2718 and 2818Beijing 100020, ChinaTel: +8610 6588 8888Fax: +8610 6588 9999E-mail: [email protected] HeadquartersBrocade Communications Switzerland SrlCentre SwissairTour B - 4me tage29, Route de l'AroportCase Postale 105CH-1215 Genve 15Switzerland Tel: +41 22 799 5640Fax: +41 22 799 5641E-mail: [email protected] Asia-Pacific HeadquartersBrocade Communications Systems Co., Ltd. (Shenzhen WFOE)Citic PlazaNo. 233 Tian He Road NorthUnit 1308 13th FloorGuangzhou, ChinaTel: +8620 3891 2000Fax: +8620 3891 2111E-mail: [email protected] Publication number Summary of changes DateBrocade MLX Series and NetIron Family Configuration Guide 53-1002372-01 Multi-Service IronWare Unified NetIron 05.2.00b ReleaseSeptember 26, 2011 Brocade MLX Series and Brocade NetIron Family Configuration Guide iii53-1002372-01ContentsAbout This DocumentAudience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .lxiiiSupported devices for Multi-Service IronWare R05.2.00b . . . . . . lxiiiSupported features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .lxivUnsupported features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . lxxivUnsupported features for Brocade MLX series and Brocade NetIron XMR devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .lxxivUnsupported features for Brocade NetIron CES and Brocade NetIron CER devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .lxxivSummary of enhancements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . lxxvSummary of enhancements and configuration notes for Brocade R05.2.00b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . lxxvSummary of enhancements and configuration notes for Brocade R05.2.00 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .lxxviiiDocument conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xcText formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xcNotes, cautions, and danger notices . . . . . . . . . . . . . . . . . . . . . xcNotice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xciRelated publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xciGetting technical help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xciE-mail and telephone access . . . . . . . . . . . . . . . . . . . . . . . . . . . xciChapter 1 Getting Started with the Command Line InterfaceLogging on through the CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2On-line help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Command completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Scroll control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Line editing commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3EXEC commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Global level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5CONFIG commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Single user in CONFIG mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Multi-user conflict during deletion of group configuration (or stanza). . . . . . . . . . . . . . . . . . . . . . . . . . . 9Navigating among command levels . . . . . . . . . . . . . . . . . . . . . . 10CLI command structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Searching and filtering output. . . . . . . . . . . . . . . . . . . . . . . . . . . 11Allowable characters for LAG names . . . . . . . . . . . . . . . . . . . . . 15iv Brocade MLX Series and Brocade NetIron Family Configuration Guide53-1002372-01CLI parsing enhancement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Syntax shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Saving configuration changes. . . . . . . . . . . . . . . . . . . . . . . . . . . 16Chapter 2 Securing Access to Management FunctionsSecuring access methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Restricting remote access to management functions . . . . . . . . . . . 24Using ACLs to restrict remote access . . . . . . . . . . . . . . . . . . . . . 24Defining the console idle time . . . . . . . . . . . . . . . . . . . . . . . . . . 27Restricting remote access to the device to specific IP addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Defining the Telnet idle time . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Specifying the maximum login attempts for Telnet access. . . . 30Restricting remote access to the device to specific VLAN IDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Enabling specific access methods . . . . . . . . . . . . . . . . . . . . . . . 31Setting passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Setting a Telnet password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Setting passwords for management privilege levels. . . . . . . . . 34Recovering from a lost password . . . . . . . . . . . . . . . . . . . . . . . . 36Displaying the SNMP community string . . . . . . . . . . . . . . . . . . . 37Disabling password encryption. . . . . . . . . . . . . . . . . . . . . . . . . . 37Specifying a minimum password length. . . . . . . . . . . . . . . . . . . 37Setting up local user accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Configuring a local user account . . . . . . . . . . . . . . . . . . . . . . . . 38Enabling strict password enforcement . . . . . . . . . . . . . . . . . . . . . . . 40Configuring the strict password rules. . . . . . . . . . . . . . . . . . . . . 40Password history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Setting passwords to expire . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Login lockout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Requirement to accept the message of the day . . . . . . . . . . . . 42Web interface login lockout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Creating an encrypted all-numeric password . . . . . . . . . . . . . . . . . . 43Granting access by time of day . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Configuring SSL security for the Web Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Enabling the SSL server on a Brocade device . . . . . . . . . . . . . . 44Importing digital certificates and RSA private key files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Generating an SSL certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . 45Configuring TACACS or TACACS+ security . . . . . . . . . . . . . . . . . . . . . 45How TACACS+ differs from TACACS. . . . . . . . . . . . . . . . . . . . . . . 45TACACS or TACACS+ authentication, authorization, and accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46TACACS or TACACS+ configuration considerations . . . . . . . . . . 49Enabling SNMP traps for TACACS . . . . . . . . . . . . . . . . . . . . . . . . 50Identifying the TACACS or TACACS+ servers. . . . . . . . . . . . . . . . 50Brocade MLX Series and Brocade NetIron Family Configuration Guide v53-1002372-01Specifying different servers for individual AAA TACACS functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Setting optional TACACS or TACACS+ parameters . . . . . . . . . . . 52Configuring authentication-method lists for TACACS or TACACS+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Configuring TACACS+ authorization . . . . . . . . . . . . . . . . . . . . . . 55Configuring TACACS+ accounting . . . . . . . . . . . . . . . . . . . . . . . . 58Configuring an interface as the source for all TACACS or TACACS+ packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Displaying TACACS or TACACS+ statistics and configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Configuring RADIUS security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61RADIUS authentication, authorization, and accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61RADIUS configuration considerations. . . . . . . . . . . . . . . . . . . . . 65RADIUS configuration procedure . . . . . . . . . . . . . . . . . . . . . . . . 66Configuring Brocade-specific attributes on the RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Enabling SNMP traps for RADIUS . . . . . . . . . . . . . . . . . . . . . . . . 68Identifying the RADIUS server to the Brocade device . . . . . . . . 69Specifying different servers for individual AAA functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69Setting RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70Configuring authentication-method lists for RADIUS. . . . . . . . . 71Configuring RADIUS authorization . . . . . . . . . . . . . . . . . . . . . . . 73Configuring RADIUS accounting . . . . . . . . . . . . . . . . . . . . . . . . . 74Configuring an interface as the source for all RADIUS packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Displaying RADIUS configuration information . . . . . . . . . . . . . . 76Configuring AAA on the console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78Configuring AAA authentication-method lists for login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78Configuring authentication-method lists . . . . . . . . . . . . . . . . . . . . . . 79Configuration considerations for authentication-method lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80Examples of authentication-method lists. . . . . . . . . . . . . . . . . . 81Chapter 3 Configuring Basic ParametersEnabling and disabling interactivity for scripts . . . . . . . . . . . . . . . . . 86Entering system administration information. . . . . . . . . . . . . . . . . . . 87Configuring Simple Network Management (SNMP) traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Specifying an SNMP trap receiver . . . . . . . . . . . . . . . . . . . . . . . 88Specifying a single trap source. . . . . . . . . . . . . . . . . . . . . . . . . . 89Setting the SNMP trap holddown time . . . . . . . . . . . . . . . . . . . . 89Disabling SNMP traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Disabling Syslog messages and traps for CLI access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91vi Brocade MLX Series and Brocade NetIron Family Configuration Guide53-1002372-01Configuring SNMP ifIndex. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92On Brocade NetIron CES and Brocade NetIron CER only . . . . . 92On Brocade NetIron XMR and Brocade MLX series only. . . . . . 92SNMP scalability optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Configuring SNMP throughput optimization. . . . . . . . . . . . . . . . 93Configuring SNMP load throttling . . . . . . . . . . . . . . . . . . . . . . . . 94Configuring optical monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95Displaying media information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96Optics compatibility checking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Disabling transceiver type checking. . . . . . . . . . . . . . . . . . . . . . 97Designating an interface as the packet source . . . . . . . . . . . . . . . . 98Configuring an interface as the source for all Telnet packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98Cancelling an outbound Telnet session . . . . . . . . . . . . . . . . . . . 99Configuring an interface as the source for all SSH packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99Configuring an interface as the source for all SNTP packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99Configuring an interface as the source for all TFTP packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100Configuring an interface as the source for all TACACS or TACACS+ packets . . . . . . . . . . . . . . . . . . . . . . . . . . .100Configuring an interface as the source for all RADIUS packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100Specifying a Simple Network Time Protocol (SNTP) server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Configuring the device as an SNTP server . . . . . . . . . . . . . . . . . . .103Displaying SNTP server information . . . . . . . . . . . . . . . . . . . . .104Setting the system clock. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105DST change notice for networks using US time zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106Creating a command alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106Removing an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Displaying a list of all configured alias . . . . . . . . . . . . . . . . . . . 107Limiting broadcast, multicast, or unknown unicast rates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Limiting broadcasts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Limiting multicasts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108Limiting unknown unicasts . . . . . . . . . . . . . . . . . . . . . . . . . . . .108Configuring CLI banners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108Setting a message of the day banner. . . . . . . . . . . . . . . . . . . .108Setting a privileged EXEC CLI level banner . . . . . . . . . . . . . . .109Displaying a message on the console when an incoming Telnet session Is detected. . . . . . . . . . . . . . . . . . . . .109Configuring terminal display. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Checking the length of terminal displays . . . . . . . . . . . . . . . . . 110Enabling or disabling routing protocols . . . . . . . . . . . . . . . . . . . . . . 110Brocade MLX Series and Brocade NetIron Family Configuration Guide vii53-1002372-01Displaying and modifying default settings for system parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111 Enabling or disabling layer 2 switching . . . . . . . . . . . . . . . . . . . . . 116Configuring static MAC addresses . . . . . . . . . . . . . . . . . . . . . . . . . 117Changing the MAC age time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118Configuring static ARP entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118Configuring system max values . . . . . . . . . . . . . . . . . . . . . . . . . . . .118Configuring CAM size for an IPv4 multicast group . . . . . . . . . . . . .123Configuring CAM size for an IPv6 multicast group . . . . . . . . . . . . .124Configuring profiles with a zero-size IPv4 or IPv6 ACL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125Maintaining system-max configuration withavailable system resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125Configuration time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125Bootup time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126L2 elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127L3 elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128VPLS elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128Miscellaneous elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128Monitoring dynamic memory allocation . . . . . . . . . . . . . . . . . . . . .129Switch fabric fault monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130Displaying switch fabric information. . . . . . . . . . . . . . . . . . . . .130Displaying switch fabric module information. . . . . . . . . . . . . . 131Powering a switch fabric link on or off manually . . . . . . . . . . .132Powering a switch fabric module off automatically on failure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132Switch fabric log messages. . . . . . . . . . . . . . . . . . . . . . . . . . . .132Switch fabric utilization monitoring . . . . . . . . . . . . . . . . . . . . . . . . .133Verifying an image checksum. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134Displaying information for an interface for an Ethernet port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135Displaying the full port name for an Ethernet interface . . . . .135Displaying statistics information for an Ethernet port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138Monitoring Ethernet port statistics in real time. . . . . . . . . . . .138Displaying recent traffic statistics for an Ethernet port . . . . .143Configuring SNMP to revert ifType to legacy values . . . . . . . . . . . .144Configuring snAgentConfigModuleType to return original values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145Preserving interface statistics in SNMP . . . . . . . . . . . . . . . . . . . . .145Disabling CAM table entry aging . . . . . . . . . . . . . . . . . . . . . . . . . . .146viii Brocade MLX Series and Brocade NetIron Family Configuration Guide53-1002372-01Chapter 4 Configuring Interface ParametersAssigning a port name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148Assigning an IP address to a port . . . . . . . . . . . . . . . . . . . . . . . . . .149Modifying port speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149Modifying port mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150Auto Negotiation Speed Limit . . . . . . . . . . . . . . . . . . . . . . . . . .150Disabling or re-enabling a port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151Disabling Source Address Learning on a port. . . . . . . . . . . . . . . . . 151Changing the default Gigabit negotiation mode . . . . . . . . . . . . . . .152Changing the negotiation mode . . . . . . . . . . . . . . . . . . . . . . . .152Disabling or re-enabling flow control . . . . . . . . . . . . . . . . . . . . . . . .152Specifying threshold values for flow control . . . . . . . . . . . . . .153Modifying port priority (QoS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153Setting IP VPN packets with a TTL value of 1 to be dropped . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153Port transition hold timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154Port flap dampening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154Configuring port link dampening on an interface . . . . . . . . . .155Configuring port link dampening on a LAG . . . . . . . . . . . . . . .155Re-enabling a port disabled by port link dampening. . . . . . . .155Displaying ports configured with port link dampening . . . . . .156Port loop detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157Strict mode and Loose mode . . . . . . . . . . . . . . . . . . . . . . . . . . 157Recovering disabled ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157Disable duration and loop detection interval. . . . . . . . . . . . . . 157Enabling loop detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158Configuring a global loop detection interval . . . . . . . . . . . . . .159Configuring the device to automatically re-enable ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159Clearing loop-detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159Displaying loop-detection information . . . . . . . . . . . . . . . . . . .160Syslog message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160Mirroring and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161Configuration guidelines for monitoring traffic . . . . . . . . . . . . 161Assigning a mirror port and monitor ports . . . . . . . . . . . . . . . . 161Displaying mirror and monitor port configuration . . . . . . . . . .162ACL-based inbound mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163Considerations when configuring ACL-basedinbound mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163Configuring ACL-based inbound mirroring . . . . . . . . . . . . . . . .164 10G WAN PHY fault and performance management. . . . . . . . . . .167Wait for all cards feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171Link fault signaling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172Displaying and clearing remote fault counters . . . . . . . . . . . . . . . . 173Brocade MLX Series and Brocade NetIron Family Configuration Guide ix53-1002372-01Limits and restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174Local fault event detection and counters . . . . . . . . . . . . . . . . . . . . 174Displaying and clearing local fault counters . . . . . . . . . . . . . . 174Displaying Network Processor statistics . . . . . . . . . . . . . . . . . . . . . 175Relationships between some counters . . . . . . . . . . . . . . . . . . 178Clearing the NP statistics counters . . . . . . . . . . . . . . . . . . . . . 179Chapter 5 Enabling the Foundry Discovery Protocol (FDP) and Reading Cisco Discovery Protocol (CDP) PacketsUsing FDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181Configuring FDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182Displaying FDP information. . . . . . . . . . . . . . . . . . . . . . . . . . . .183Clearing FDP and CDP information. . . . . . . . . . . . . . . . . . . . . .186Reading CDP packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186Enabling interception of CDP packets globally . . . . . . . . . . . .187Enabling interception of CDP packets on an interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187Displaying CDP information. . . . . . . . . . . . . . . . . . . . . . . . . . . .187Clearing CDP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189Chapter 6 Using Packet Over SONET ModulesOverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191Configuring POS interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192Adding an IP address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193Changing the interface state. . . . . . . . . . . . . . . . . . . . . . . . . . .193Changing the encapsulation type . . . . . . . . . . . . . . . . . . . . . .193Specifying a clock source . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193Changing the loopback path . . . . . . . . . . . . . . . . . . . . . . . . . . .201Changing the CRC length. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202Disabling or re-enabling keepalive messages and setting the keepalive message interval . . . . . . . . . . . . . . . . . .202Changing the bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203Changing the POS overhead . . . . . . . . . . . . . . . . . . . . . . . . . . .203Changing the frame type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204Enabling or disabling scrambling . . . . . . . . . . . . . . . . . . . . . . .205Configuring Synchronization Status Messaging (SSM) . . . . . .205Setting the maximum frame size globally for POS modules . .206Bi-directional APS on POS modules . . . . . . . . . . . . . . . . . . . . . . . . . 207Configuring bi-directional APS on POS modules . . . . . . . . . . .209Configuration commands only on the Protect port . . . . . . . . .211Configuring POS threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . .212Displaying POS information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212Displaying information for APS . . . . . . . . . . . . . . . . . . . . . . . . .213Displaying information for APS detail . . . . . . . . . . . . . . . . . . . .213Displaying information for APS group . . . . . . . . . . . . . . . . . . . . 214Displaying information for APS interface . . . . . . . . . . . . . . . . . 214Displaying interface parameters. . . . . . . . . . . . . . . . . . . . . . . . 215Displaying the full port name for a POS interface . . . . . . . . . .215x Brocade MLX Series and Brocade NetIron Family Configuration Guide53-1002372-01Displaying POS timing information . . . . . . . . . . . . . . . . . . . . . .219Displaying POS alarms and error conditions . . . . . . . . . . . . . .221Traffic manager statistics display . . . . . . . . . . . . . . . . . . . . . . . . . .224Displaying TM statistics from one queue or all queues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .224Displaying TM statistics from the multicast queue . . . . . . . . .225Displaying TM statistics from the CPU queue . . . . . . . . . . . . .226Displaying TM statistics from the CPU copy queue . . . . . . . . .226Clearing POS queue level statistics . . . . . . . . . . . . . . . . . . . . .228Chapter 7 Using a Redundant Management ModuleHow management module redundancy works . . . . . . . . . . . . . . . .230Management module redundancy overview . . . . . . . . . . . . . .230Management module switchover . . . . . . . . . . . . . . . . . . . . . . .231Switchover implications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232Management module redundancy configuration . . . . . . . . . . . . . .233Changing the default active chassis slot . . . . . . . . . . . . . . . . .233Managing management module redundancy . . . . . . . . . . . . . . . . .233File synchronization between active and standby management modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233Manually switching over to the standby management module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .236Rebooting the active and standby management modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .236Monitoring management module redundancy . . . . . . . . . . . . . . . . 237Determining management module status . . . . . . . . . . . . . . . . 237Monitoring the status change of a module . . . . . . . . . . . . . . .238Displaying temperature information. . . . . . . . . . . . . . . . . . . . .239Displaying switchover information . . . . . . . . . . . . . . . . . . . . . . . . . .239Flash memory and Auxiliary Flash card file management commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240Verifying available flash space on the management module before an image is copied. . . . . . . . . . . . . . . . . . . . . . . . . . 241Management focus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242Flash memory file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243Auxiliary flash card file system . . . . . . . . . . . . . . . . . . . . . . . . .244Wildcards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245Formatting a flash card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245Determining the current management focus. . . . . . . . . . . . . .246Switching the management focus . . . . . . . . . . . . . . . . . . . . . .246Displaying a directory of the files . . . . . . . . . . . . . . . . . . . . . . . 247Displaying the contents of a file . . . . . . . . . . . . . . . . . . . . . . . .249Displaying the hexadecimal output of a file. . . . . . . . . . . . . . .250Creating a subdirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .250Removing a subdirectory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252Renaming a file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253Changing the read-write attribute of a file . . . . . . . . . . . . . . . .253Deleting a file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254Brocade MLX Series and Brocade NetIron Family Configuration Guide xi53-1002372-01Recovering (undeleting) a file . . . . . . . . . . . . . . . . . . . . . . . .255Appending a file to another file. . . . . . . . . . . . . . . . . . . . . . . . .256Copying files using the copy command . . . . . . . . . . . . . . . . . .256Copying files using the cp command . . . . . . . . . . . . . . . . . . . .261Loading the software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .262Saving configuration changes. . . . . . . . . . . . . . . . . . . . . . . . . .263File management messages. . . . . . . . . . . . . . . . . . . . . . . . . . .264Chapter 8 Brocade NetIron XMR and Brocade MLX Series link aggregationLAG formation rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268Forming a LAG from POS ports . . . . . . . . . . . . . . . . . . . . . . . . .270LAG load sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271Hash based load sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271Per packet server LAG load sharing . . . . . . . . . . . . . . . . . . . . . 274Migrating from a pre-03.7.00 LAG or LACP configuration . . . . . . .275Configuring a LAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276Creating a Link Aggregation Group (LAG) using the LAG ID option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276Deploying a LAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282Commands available under LAG once it is deployed . . . . . . .283Configuring ACL-based mirroring. . . . . . . . . . . . . . . . . . . . . . . .283Disabling ports within a LAG . . . . . . . . . . . . . . . . . . . . . . . . . . .284Enabling ports within a LAG . . . . . . . . . . . . . . . . . . . . . . . . . . .284Adding a Port to Currently Deployed LAG . . . . . . . . . . . . . . . . .284Deleting a Port from a Currently Deployed LAG. . . . . . . . . . . .285Monitoring an individual LAG port . . . . . . . . . . . . . . . . . . . . . .285Assigning a name to a port within a LAG . . . . . . . . . . . . . . . . .286Enabling sFlow forwarding on a port in a LAG . . . . . . . . . . . . .286Setting the sFlow sampling rate for a port in a LAG . . . . . . . .287Configuring a dynamic LAG within a VRF . . . . . . . . . . . . . . . . .287Displaying LAG information . . . . . . . . . . . . . . . . . . . . . . . . . . . .288Displaying LAG statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292Displaying LACP information for a specified LAG name or LAG ID.293Error messages displayed for LACP information when specifying a LAG name or LAG ID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .296Clearing LACP counter statistics for a specified LAG name or LAG ID296Chapter 9 Brocade NetIron CES and Brocade NetIron CER Link AggregationLAG formation rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297LAG load sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299Hash based load sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299Deploying a LAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300Commands available under LAG once it is deployed . . . . . . .300Configuring ACL-based mirroring. . . . . . . . . . . . . . . . . . . . . . . .301Disabling ports within a LAG . . . . . . . . . . . . . . . . . . . . . . . . . . .301Enabling ports within a LAG . . . . . . . . . . . . . . . . . . . . . . . . . . .302xii Brocade MLX Series and Brocade NetIron Family Configuration Guide53-1002372-01Monitoring an individual LAG port . . . . . . . . . . . . . . . . . . . . . .302Naming a port in a LAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .302Enabling sFlow forwarding on a port in a LAG . . . . . . . . . . . . .303Setting the sFlow sampling rate for a port in a LAG . . . . . . . .303Static LAG Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . .303Displaying LAG information . . . . . . . . . . . . . . . . . . . . . . . . . . . .305Displaying LAG statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .308Chapter 10 VLANsTagged, untagged, and dual mode ports . . . . . . . . . . . . . . . . . 313Protocol-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314VLAN configuration rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315VLAN ID range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315Tagged VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315VLAN hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315Multiple VLAN membership rules . . . . . . . . . . . . . . . . . . . . . . . 316Dual-mode default VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316Layer 2 control protocols on VLANs . . . . . . . . . . . . . . . . . . . . . 317Virtual interfaces and CPU protection co-existence on VLANs318Configuring port-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318Strictly or explicitly tagging a port . . . . . . . . . . . . . . . . . . . . . . . 319Assigning or changing a VLAN priority . . . . . . . . . . . . . . . . . . . 319Assigning a different ID to the default VLAN . . . . . . . . . . . . . .320Configuring protocol-based VLANs. . . . . . . . . . . . . . . . . . . . . . . . . .320Configuring virtual routing interfaces . . . . . . . . . . . . . . . . . . . . . . .321Integrated Switch Routing (ISR) . . . . . . . . . . . . . . . . . . . . . . . .322VLAN groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .324Configuring a VLAN group . . . . . . . . . . . . . . . . . . . . . . . . . . . . .324Configuring super aggregated VLANs . . . . . . . . . . . . . . . . . . . . . . .326Configuring aggregated VLANs . . . . . . . . . . . . . . . . . . . . . . . . .329Complete CLI examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .330Configuring 802.1q-in-q tagging. . . . . . . . . . . . . . . . . . . . . . . . . . . .333Configuration rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .334Enabling 802.1Q-in-Q tagging . . . . . . . . . . . . . . . . . . . . . . . . . .334Example configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .335Configuring 802.1q tag-type translation . . . . . . . . . . . . . . . . . . . . .336Configuration rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337Enabling 802.1q Tag-type Translation . . . . . . . . . . . . . . . . . . .338Miscellaneous VLAN features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .338Allocating memory for more VLANs or virtual routing interfaces338Configuring uplink ports within a port-based VLAN. . . . . . . . .339Configuring control protocols in VLANs . . . . . . . . . . . . . . . . . .339Hardware flooding for layer 2 multicast and broadcast packets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .339Unknown unicast flooding on VLAN ports . . . . . . . . . . . . . . . . . . . .340Configuring VLAN CPU protection . . . . . . . . . . . . . . . . . . . . . . .340Brocade MLX Series and Brocade NetIron Family Configuration Guide xiii53-1002372-01Command changes to support Gen-2 modules . . . . . . . . . . . . . . . 341Deprecated commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341Existing display command. . . . . . . . . . . . . . . . . . . . . . . . . . . . .343Extended VLAN counters for 8x10G modules . . . . . . . . . . . . . . . . .344Configuring extended VLAN counters . . . . . . . . . . . . . . . . . . . . . . .344Enabling accounting on per-slot basis . . . . . . . . . . . . . . . . . . .344Enabling accounting on switched or routed packets. . . . . . . .345Displaying VLAN counters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .345Clearing extended VLAN counters . . . . . . . . . . . . . . . . . . . . . . . . . . 347Clearing counters for all VLANs. . . . . . . . . . . . . . . . . . . . . . . . . 347Clearing counters for a specific VLAN. . . . . . . . . . . . . . . . . . . .348Clearing VLAN and port counters . . . . . . . . . . . . . . . . . . . . . . .348Clearing VLAN counters on a port with a specific priority . . . .348Clearing extended counters statistics on a port . . . . . . . . . . .348Clearing extended counters statistics on specific slot . . . . . .349IP interface commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .349Displaying IP interface counters . . . . . . . . . . . . . . . . . . . . . . . .349Displaying IP virtual interface counters . . . . . . . . . . . . . . . . . .349Displaying detailed IP virtual interface counters . . . . . . . . . . .350Clearing IP interface counters. . . . . . . . . . . . . . . . . . . . . . . . . . 351Clearing IP virtual interface counters . . . . . . . . . . . . . . . . . . . . 351Transparent VLAN flooding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .352Displaying VLAN information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .353Displaying VLAN information. . . . . . . . . . . . . . . . . . . . . . . . . . .353Displaying VLAN information for specific ports . . . . . . . . . . . .355Displaying VLAN status and port types. . . . . . . . . . . . . . . . . . .355Displaying VLAN group information . . . . . . . . . . . . . . . . . . . . .356Multi-port static MAC address . . . . . . . . . . . . . . . . . . . . . . . . . . . . .357Configuring multi-port static MAC address . . . . . . . . . . . . . . . . . . .357 Limitations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .358Error messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .358Displaying multi-port static MAC address information . . . . . . . . . .359Displaying running configuration . . . . . . . . . . . . . . . . . . . . . . .359Displaying changes in the MAC table . . . . . . . . . . . . . . . . . . . .360SA and DA learning and aging . . . . . . . . . . . . . . . . . . . . . . . . . . . . .360MP switchover and hitless upgrade. . . . . . . . . . . . . . . . . . . . . . . . .360Flooding features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .360Chapter 11 Ethernet Service Instance (ESI) for Brocade NetIron CES and Brocade NetIron CER devicesEthernet Service Instance (ESI) overview . . . . . . . . . . . . . . . . . . . .361Types of ESI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .362Creating an ESI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .363Show VLAN commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .364Displaying a single ESI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365xiv Brocade MLX Series and Brocade NetIron Family Configuration Guide53-1002372-01Tag-type configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .366Displaying tag types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .367Application of a standalone ESI . . . . . . . . . . . . . . . . . . . . . . . . . . . .367Flood domain and VLAN translation. . . . . . . . . . . . . . . . . . . . .367Configuring a flood domain with VLAN translation . . . . . . . . .368Chapter 12 IEEE 802.1ad - Provider Bridges for the Brocade NetIron CES and Brocade NetIron CERAbout IEEE 802.1ad . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371IEEE 802.1ad Provider Bridging limitations . . . . . . . . . . . . . . . 371Port type configuration for Provider Bridging (PB) . . . . . . . . . . 372Configuration steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373Displaying the port type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374Creating an ESI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377PB using untagged members . . . . . . . . . . . . . . . . . . . . . . . . . .378SVLAN translation using flood domain configuration . . . . . . .379Port-based Service Interface Super AggregatedVLANs (SAV) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .380Layer 2 Protocol Forwarding (L2PF) . . . . . . . . . . . . . . . . . . . . .380Chapter 13 IEEE 802.1ah Provider Backbone Bridging (PBB) Networks for the Brocade NetIron CES and the Brocade NetIron CEROverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385Provider Backbone Bridges . . . . . . . . . . . . . . . . . . . . . . . . . . . .385IEEE 802.1ah Provider Backbone Bridging (PBB) . . . . . . . . . .388IEEE 802.1ah configuration options. . . . . . . . . . . . . . . . . . . . .389Displaying tag types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .389Port configuration for IEEE 802.1ah and IEEE802.1ad at each interface . . . . . . . . . . . . . . . . . . . . . . . . . . . .389IEEE 802.1ah Provider Backbone Bridging (PBB)network configuration example. . . . . . . . . . . . . . . . . . . . . . . . .390IEEE 802.1ah configurations . . . . . . . . . . . . . . . . . . . . . . . . . .391ESI configuration display after mappings. . . . . . . . . . . . . . . . .392Integrated IEEE 802.1ad and IEEE 802.1ah. . . . . . . . . . . . . . . . . .393IEEE 802.1ah (PBB) configurations . . . . . . . . . . . . . . . . . . . . .394Interface configuration for Provider Bridge and Provider Backbone Bridge (PBB) networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .395Displaying port- types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .395ISID mapping to VPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .398Tag Type and Ether Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .399Topology Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .400Show commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .400Load balancing traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .401Show commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .402CoS with ISID to ISID endpoints . . . . . . . . . . . . . . . . . . . . . . . .403Adding and removing VLANs and ESIs. . . . . . . . . . . . . . . . . . . . . . .405Valid ESI configuration and interconnection modes . . . . . . . . 407Uniqueness requirements for VLANs . . . . . . . . . . . . . . . . . . . .408Brocade MLX Series and Brocade NetIron Family Configuration Guide xv53-1002372-01Chapter 14 Configuring Quality of Service for the Brocade NetIron XMR and Brocade MLX seriesIngress Traffic processing through a device . . . . . . . . . . . . . . . . . . 412Recognizing inbound packet priorities and mappingto internal priority. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413Creating an Ingress decode policy map . . . . . . . . . . . . . . . . . . . . . 414Forcing or merging the priority of a packet . . . . . . . . . . . . . . . . . . . 414Forcing or merging the drop precedence of a packet. . . . . . . . . . . 415Egress Traffic processing exiting a device. . . . . . . . . . . . . . . . . . . . 416Creating an egress encode policy map . . . . . . . . . . . . . . . . . . . . . . 416Backward compatibility with pre-03.8.00 . . . . . . . . . . . . . . . . . . . . 417Commands deprecated in version 03.8.00. . . . . . . . . . . . . . . 417qos-tos trust and qos-tos mark commands . . . . . . . . . . . . . . . 417DSCP-priority mapping commands. . . . . . . . . . . . . . . . . . . . . . 418Default QoS mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419Protocol Packet Prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .423Enhanced control packet prioritization. . . . . . . . . . . . . . . . . . .425Configuring QoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .426Configuring Ingress QoS procedures . . . . . . . . . . . . . . . . . . . .426Configuring Egress QoS procedures . . . . . . . . . . . . . . . . . . . . .426Configuring QoS procedures applicable to Ingressand Egress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .426Configuring Ingress decode policy maps . . . . . . . . . . . . . . . . .427Binding Ingress decode policy maps . . . . . . . . . . . . . . . . . . . .433Configuring a force priority . . . . . . . . . . . . . . . . . . . . . . . . . . . .436Configuring Egress encode policy maps. . . . . . . . . . . . . . . . . .439Binding an Egress encode EXP policy map . . . . . . . . . . . . . . .442Enabling a port to use the DEI bit for Ingressand Egress processing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447Specifying the trust level and enabling marking . . . . . . . . . . .448Packet mapping commands . . . . . . . . . . . . . . . . . . . . . . . . . . .450Configuring support for super aggregate VLANs . . . . . . . . . . .452Configuring port-level QoS commands on LAG ports . . . . . . .452Displaying QoS information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .453Displaying QoS configuration information . . . . . . . . . . . . . . . .453Displaying QoS packet and byte counters . . . . . . . . . . . . . . . .456Weighted Random Early Discard (WRED) . . . . . . . . . . . . . . . . . . . .458Configuring packet drop priority using WRED . . . . . . . . . . . . . . . . .460Displaying the WRED configuration . . . . . . . . . . . . . . . . . . . . .466Scheduling traffic for forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . .467Configuring traffic scheduling. . . . . . . . . . . . . . . . . . . . . . . . . .467Egress port and priority based rate shaping. . . . . . . . . . . . . . . . . . 470Multicast queue size, flow control and rate shaping. . . . . . . . 471Ingress traffic shaping per multicast stream. . . . . . . . . . . . . . 473 . . . . . . . . . . . . . . . . . . . . . . . Implementation considerations473Configuring multicast traffic policy maps. . . . . . . . . . . . . . . . . 474xvi Brocade MLX Series and Brocade NetIron Family Configuration Guide53-1002372-01Binding multicast traffic policy maps . . . . . . . . . . . . . . . . . . . . 475Configuration example for rate shaping IPTV multicast stream476Traffic manager statistics display . . . . . . . . . . . . . . . . . . . . . . . . . . 477Displaying all traffic manager statistics for a device. . . . . . . . 477Displaying traffic manager statistics for a port group. . . . . . . 477Displaying traffic manager statistics for aninterface module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478Displaying traffic manager statistics for NI-MLX-10Gx8-M and NI-MLX-10Gx8-D modules. . . . . . . . . . .480Displaying traffic manager statistics for the 4x10G module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .481Displaying traffic manager statistics for the20x1G module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .482Displaying traffic manager statistics for IPTV multicast queue483Clearing traffic manager statistics . . . . . . . . . . . . . . . . . . . . . .484New network processor counters displayed forpackets to and from traffic manager . . . . . . . . . . . . . . . . . . . .484QoS for NI-MLX-1Gx48-T modules . . . . . . . . . . . . . . . . . . . . . . . . . .485Limitations on TM ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .485Configuring priority queues from 8 to 4 . . . . . . . . . . . . . . . . . .485QoS commands affected by priority queues . . . . . . . . . . . . . . . . . .486Priority-based rate shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . .486Weighted Random Early Discard (WRED). . . . . . . . . . . . . . . . .486Weighted-based scheduling and mixed strict priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .487Error messages for CPU copy queue and traffic manager statistics. . . . . . . . . . . . . . . . . . . . . . . . . .487CPU copy queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .488Traffic manager statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .488Enhanced buffer management for NI-MLX-10Gx8 modules and NI-X-100Gx2 modules. . . . . . . . . . . .488Enhanced Packet Buffer Management . . . . . . . . . . . . . . . . . .488Displaying buffer-pool information . . . . . . . . . . . . . . . . . . . . . .492Configuring Virtual Output Queue (VOQ) queue size . . . . . . . .493Chapter 15 Configuring Quality of Service (QoS) for the Brocade NetIron CES and Brocade NetIron CER SeriesQuality of Service (QoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .495QoS model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .495Packet QoS attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .496Ingress Traffic processing through a device . . . . . . . . . . . . . . . . . .496Recognizing inbound packet priorities and mappingto internal priority. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497Forcing the priority of a packet. . . . . . . . . . . . . . . . . . . . . . . . . . . . .498ACL QoS Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .498Custom decode support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .499Forcing the drop precedence of a packet . . . . . . . . . . . . . . . . . . . .500Configuring QoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .500Brocade MLX Series and Brocade NetIron Family Configuration Guide xvii53-1002372-01Configuring QoS procedures applicable toIngress and Egress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .500Configuring a force priority . . . . . . . . . . . . . . . . . . . . . . . . . . . .501Configuring extended-qos-mode. . . . . . . . . . . . . . . . . . . . . . . .502Configuring port-level QoS commands on LAG ports . . . . . . .503Configuring port-level QoS commands on CPU ports . . . . . . .504Displaying QoS information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .506Displaying QoS Configuration information . . . . . . . . . . . . . . . . 507Displaying QoS packet and byte counters . . . . . . . . . . . . . . . . 507Scheduling traffic for forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . .509Configuring traffic scheduling. . . . . . . . . . . . . . . . . . . . . . . . . .509Egress port and priority based rate shaping. . . . . . . . . . . . . . . . . . 512Example of configuring Prioritized Voice over Data. . . . . . . . . 513Clearing traffic manager statistics . . . . . . . . . . . . . . . . . . . . . . 516New network processor counters displayed. . . . . . . . . . . . . . . 516Chapter 16 Configuring Traffic Policing for the Brocade NetIron XMR and Brocade MLX seriesTraffic policing on the Brocade device. . . . . . . . . . . . . . . . . . . . . . . 517Layer 2 ACL-based rate limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . .531Configuration rules and notes. . . . . . . . . . . . . . . . . . . . . . . . . .531Editing a Layer 2 ACL Table . . . . . . . . . . . . . . . . . . . . . . . . . . . .532Define rate limiting parameters . . . . . . . . . . . . . . . . . . . . . . . .532Binding Layer 2 ACL-based rate limiting policy to a port . . . . .532Specifying rate limiting parameters without a policy map . . .532Display accounting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .533Rate limiting protocol traffic using Layer 2 inbound ACLs . . .533Example of Layer 2 ACL to rate limit broadcast traffic . . . . . .534Rate limiting ARP packets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .534Configuring rate limiting of ARP packets . . . . . . . . . . . . . . . . .534Displaying statistics for ARP rate limiting. . . . . . . . . . . . . . . . .534Clearing Statistics for ARP Rate Limiting . . . . . . . . . . . . . . . . .535Chapter 17 Configuring Traffic Policing for the Brocade NetIron CES and Brocade NetIron CERTraffic policing on Brocade NetIron CES and Brocade NetIron CER devices537Rate limiting BUM packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .545Limitations of the BUM rate limit . . . . . . . . . . . . . . . . . . . . . . .545Configuring per-port rate limiting for BUM traffic . . . . . . . . . .546Displaying BUM rate limit information . . . . . . . . . . . . . . . . . . .546Clearing accounting information for the BUM rate limit . . . . . 547Chapter 18 Configuring Spanning Tree ProtocolIEEE 802.1D Spanning Tree Protocol (STP). . . . . . . . . . . . . . . . . . .550Enabling or disabling STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . .550STP in a LAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551xviii Brocade MLX Series and Brocade NetIron Family Configuration Guide53-1002372-01Default STP bridge and port parameters . . . . . . . . . . . . . . . . .552Changing STP bridge parameters . . . . . . . . . . . . . . . . . . . . . . .553Changing STP port parameters. . . . . . . . . . . . . . . . . . . . . . . . .553Root Guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .553BPDU Guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .556Displaying STP information . . . . . . . . . . . . . . . . . . . . . . . . . . . .559IEEE Single Spanning Tree (SSTP) . . . . . . . . . . . . . . . . . . . . . . . . . .564SSTP defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .564Displaying SSTP information . . . . . . . . . . . . . . . . . . . . . . . . . . .565SuperSpan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .566Customer ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .566BPDU forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .567Preforwarding state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .567Combining single STP and multiple spanning trees . . . . . . . .568Configuring SuperSpan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .572Displaying SuperSpan information . . . . . . . . . . . . . . . . . . . . . . 574PVST or PVST+ compatibility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574Overview of PVST and PVST+ . . . . . . . . . . . . . . . . . . . . . . . . . .575VLAN Tags and dual mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . .575Enabling PVST+ support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576Displaying PVST+ support information. . . . . . . . . . . . . . . . . . . 577Configuration examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577802.1s Multiple Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . .579Configuring STP under an ESI VLAN . . . . . . . . . . . . . . . . . . . . .590Chapter 19 Configuring Rapid Spanning Tree ProtocolBridges and bridge port roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .592Assignment of port roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .593Ports on Switch 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .594Ports on Switch 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .594Ports on Switch 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .594Ports Switch 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .595Edge ports and Edge port roles . . . . . . . . . . . . . . . . . . . . . . . . . . . .595Point-to-point ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .596Bridge port states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .596Edge port and non-Edge port states . . . . . . . . . . . . . . . . . . . . . . . . 597Changes to port roles and states. . . . . . . . . . . . . . . . . . . . . . . . . . . 597State machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 597Handshake mechanisms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .598Convergence in a simple topology . . . . . . . . . . . . . . . . . . . . . . . . . .608Convergence at start up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .609Convergence after a link failure . . . . . . . . . . . . . . . . . . . . . . . . 611Convergence at link restoration . . . . . . . . . . . . . . . . . . . . . . . .612Convergence in a complex RSTP topology. . . . . . . . . . . . . . . . . . . .613Propagation of topology change . . . . . . . . . . . . . . . . . . . . . . . . 616Compatibility of RSTP with 802.1D . . . . . . . . . . . . . . . . . . . . . . . . . 619Brocade MLX Series and Brocade NetIron Family Configuration Guide xix53-1002372-01Configuring RSTP parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . .620RSTP in a LAG. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .620Enabling or disabling RSTP in a port-based VLAN. . . . . . . . . .621Enabling or disabling RSTP on a single spanning tree . . . . . .621Disabling or enabling RSTP on a port . . . . . . . . . . . . . . . . . . . .621Changing RSTP bridge parameters. . . . . . . . . . . . . . . . . . . . . .621Changing port parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . .622Displaying RSTP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .624Configuring RSTP under an ESI VLAN . . . . . . . . . . . . . . . . . . . . . . .627Chapter 20 Metro Ring ProtocolMetro Ring Protocol (MRP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .629MRP rings without shared interfaces (MRP Phase 1) . . . . . . . . . .632Ring initialization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .633How ring breaks are detected and healed . . . . . . . . . . . . . . . . . . .635Topology change notification for multicast traffic . . . . . . . . . .639Master VLANs and member VLANs in a topology group. . . . . . . . . 641Configuring MRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .643Adding an MRP ring to a vlan . . . . . . . . . . . . . . . . . . . . . . . . . .644Changing the hello and preforwarding times. . . . . . . . . . . . . .644Changing the scale timer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .645MRP Phase 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .646Ring interface ownership. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .648Ring interface IDs and types . . . . . . . . . . . . . . . . . . . . . . . . . . .649Selection of the master node for a ring . . . . . . . . . . . . . . . . . .650RHP processing in rings with shared interfaces . . . . . . . . . . .652How ring breaks are detected and healed betweenshared interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .653Normal flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .654Flow when a link breaks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .655Configuring MRP with shared interfaces . . . . . . . . . . . . . . . . .656Tuning MRP timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .657Flushing the mac table following an MRP event . . . . . . . . . . .657Hello time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .657Preforwarding time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .657Setting hello and preforwarding timers appropriately. . . . . . .658Effect of the scale timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .659Using MRP diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .660Enabling MRP diagnostics. . . . . . . . . . . . . . . . . . . . . . . . . . . . .660Displaying MRP diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . .660Displaying MRP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .661Displaying topology group information . . . . . . . . . . . . . . . . . . .661Displaying ring information . . . . . . . . . . . . . . . . . . . . . . . . . . . .661MRP CLI example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .663Commands on Switch A (master node) . . . . . . . . . . . . . . . . . .664Commands on Switch B . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .664xx Brocade MLX Series and Brocade NetIron Family Configuration Guide53-1002372-01Commands on Switch C. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .665Commands on Switch D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .665Configuring MRP under an ESI VLAN. . . . . . . . . . . . . . . . . . . . . . . .666Chapter 21 Ethernet Ring Protection ProtocolEthernet Ring Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .667Ethernet Ring Protection components . . . . . . . . . . . . . . . . . . .668Initializing a new ERN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .672Signal fail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 676Manual switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .678Forced switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .680Double Forced Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .683Dual-end blocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .683Non-revertive mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .683Interconnected rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .683FBD flush optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .685Configuring ERP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .685Sample configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .685Configuring ERP with IEEE 802.1ag. . . . . . . . . . . . . . . . . . . . . . . . .686ERP commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .687Assigning ERP IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .687Naming an Ethernet Ring Node . . . . . . . . . . . . . . . . . . . . . . . .687Configuring the default MAC ID. . . . . . . . . . . . . . . . . . . . . . . . .688Enabling the ERP configuration . . . . . . . . . . . . . . . . . . . . . . . .688Configuring interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .688Assigning the RPL owner role and setting the RPL . . . . . . . . .688Enabling sub-rings for multi-ring and ladder topologies . . . . .690Configuring non-revertive mode . . . . . . . . . . . . . . . . . . . . . . . .690Configuring and clearing a forced switch. . . . . . . . . . . . . . . . .690Configuring and clearing a manual switch. . . . . . . . . . . . . . . .690Configuring dual-end blocking . . . . . . . . . . . . . . . . . . . . . . . . .691Configuring the guard timer . . . . . . . . . . . . . . . . . . . . . . . . . . .691Configuring and clearing the wait to restore timer . . . . . . . . .692Testing the WTR timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .692Configuring and clearing the WTB timer . . . . . . . . . . . . . . . . .692Configuring a hold-off timer . . . . . . . . . . . . . . . . . . . . . . . . . . .693Configuring IEEE 802.1ag support . . . . . . . . . . . . . . . . . . . . . .693Setting the ITU-T G.8032 version number . . . . . . . . . . . . . . . .693Viewing ERP operational status and clearingERP statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .694Viewing ERP operational status and statistics. . . . . . . . . . . . .694Clearing ERP statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .695Chapter 22 Virtual Switch Redundancy Protocol (VSRP)Layer 2 redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .699Brocade MLX Series and Brocade NetIron Family Configuration Guide xxi53-1002372-01Master election and failover . . . . . . . . . . . . . . . . . . . . . . . . . . .699VSRP failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .699VSRP priority calculation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .700MAC address failover on VSRP-aware devices. . . . . . . . . . . . .703Configuring basic VSRP parameters . . . . . . . . . . . . . . . . . . . . . . . .704Configuring optional VSRP parameters . . . . . . . . . . . . . . . . . .704VSRP 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .706Configuring VSRP 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .709Displaying VSRP 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .709Displaying VSRP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 716Displaying VRID information . . . . . . . . . . . . . . . . . . . . . . . . . . . 716Displaying the active interfaces for a VRID . . . . . . . . . . . . . . . 719VSRP fast start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 719VSRP slow start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .721VSRP and Foundry MRP signaling . . . . . . . . . . . . . . . . . . . . . . . . . .722Chapter 23 Configuring VRRP and VRRP-EOverview of VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .727Standard VRRP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .727Enhancements to VRRP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .729Configuring unique virtual MAC addresses per VRID . . . . . . .729Overview of VRRP-E. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .733ARP behavior with VRRP-E. . . . . . . . . . . . . . . . . . . . . . . . . . . . .734Comparison of VRRP and VRRP-E . . . . . . . . . . . . . . . . . . . . . . . . . .735VRRP and VRRP-E parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . .736Configuring parameters specific to VRRP . . . . . . . . . . . . . . . . . . . .739Configuring the VRRP version . . . . . . . . . . . . . . . . . . . . . . . . . .739Configuring the Owner for IPv4. . . . . . . . . . . . . . . . . . . . . . . . .739Configuring the Owner for IPv6. . . . . . . . . . . . . . . . . . . . . . . . . 740Configuring a Backup for IPv4. . . . . . . . . . . . . . . . . . . . . . . . . . 740Configuring a Backup for IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . 741Configuration rules and feature limitationsfor VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 742Configuring parameters specific to VRRP-E . . . . . . . . . . . . . . . . . . 742Configuring IPv4 VRRP-E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 742Configuring IPv6 VRRP-E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 743Configuration rules and feature limitations for VRRP-E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 743Configuring additional VRRP and VRRP-E parameters. . . . . . . . . . 744Authentication type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 744Suppressing RIP advertisements on backup routersfor the backup up interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . 745Hello interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 745Dead interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 746Backup hello message state and interval . . . . . . . . . . . . . . . . 747Track port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 747xxii Brocade MLX Series and Brocade NetIron Family Configuration Guide53-1002372-01Track priority. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 747Backup preempt. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 748Master router abdication and reinstatement. . . . . . . . . . . . . . 748VRRP-extended slow start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 749VRRP-extended scale timer . . . . . . . . . . . . . . . . . . . . . . . . . . . .750Displaying VRRP and VRRP-E information for IPv4. . . . . . . . . . . . .750Displaying summary information . . . . . . . . . . . . . . . . . . . . . . . 751Displaying detailed information . . . . . . . . . . . . . . . . . . . . . . . .752Displaying statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .755Displaying VRRP and VRRP-E information for IPv6. . . . . . . . . . . . .756Displaying summary information . . . . . . . . . . . . . . . . . . . . . . .756Displaying detailed information . . . . . . . . . . . . . . . . . . . . . . . .757Displaying statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .757Displaying configuration information forVRRP and VRRP-E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .758Clearing VRRP or VRRP-E statistics . . . . . . . . . . . . . . . . . . . . . . . . .759Configuration examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .759VRRP example for IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .759VRRP example for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 761VRRP-E example for IPv4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 762VRRP-E example for IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 764VRRP-E Extension for Server Virtualization . . . . . . . . . . . . . . . . . . . 765VRRP-E Extension for server virtualizationconfiguration example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 766Packets from the local subnet of the virtualIP address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 767IPv4 VRF support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 767POS module support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 767Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 767Chapter 24 Topology GroupsMaster VLAN and member VLANs . . . . . . . . . . . . . . . . . . . . . . . . . .770Master VLANs and customer VLANs in Foundry MRP. . . . . . . . . . .770Control ports and free ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .770Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 771Configuring a topology group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 771Adding VPLS VLANs to topology groups . . . . . . . . . . . . . . . . . .772Topology group support within an ESI . . . . . . . . . . . . . . . . . . .773Displaying topology group information . . . . . . . . . . . . . . . . . . . . . . 774Displaying topology group information on a Brocade NetIron XMR or Brocade MLX series device . . . . . . . . . . . . . . . . . . . . . . . . . . . . 774Displaying topology group information on a Brocade NetIron CES device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 776Chapter 25 Multi-Chassis Trunking (MCT)About Multi-Chassis Trunk (MCT) . . . . . . . . . . . . . . . . . . . . . . . . . . .779Brocade MLX Series and Brocade NetIron Family Configuration Guide xxiii53-1002372-01How Multi-Chassis Trunking works . . . . . . . . . . . . . . . . . . . . . .780MCT COMPONENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .782Configuring MCT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .787Optional cluster operation features . . . . . . . . . . . . . . . . . . . . .805Port loop detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .808MCT failover scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 810Show commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811Syslogs and debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .812Clear MAC commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .815MCT configuration examples. . . . . . . . . . . . . . . . . . . . . . . . . . . 817Multi-Chassis Trunk (MCT) for VRRP or VRRP-E . . . . . . . . . . . . . . .834One MCT switch is the VRRP or VRRP-E master routerand the other MCT switch is VRRP or VRRP-Ebackup router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .834Chapter 26 Configuring IPThe IP packet flow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .842ARP cache table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .843Static ARP table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .843IP route table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .844IP forwarding cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .845IP packet queuing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .845Basic IP parameters and defaults . . . . . . . . . . . . . . . . . . . . . . . . . .846When parameter changes take effect . . . . . . . . . . . . . . . . . . .846IP global parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .846IP interface parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .849GRE IP tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 851Considerations in implementing this feature. . . . . . . . . . . . . . 851GRE MTU enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 851Configuring a GRE IP Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . .852Multicast over GRE tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .860Configuring PIM GRE tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . .860Configuring PIM GRE tunnel using the strict RPF check . . . . .860Tunnel statistics for a GRE tunnel or IPv6 manual tunnel . . . . . . .861Reload behavior and the source-ingress CAM partition . . . . .861Operational notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .862Enabling IP tunnel or manual IPv6 statistics . . . . . . . . . . . . . .864Restart global timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .865Configuring the graceful-restart max-hold-timer . . . . . . . . . . .866Graceful-restart protocols-converge-timer . . . . . . . . . . . . . . . .866Configuring IP parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .867Configuring IP addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .867Support for a 31-bit subnet mask on point-to-point networks. . . .870Configuring an IPv4 address with a 31-bit subnet mask . . . .870Enabling hardware forwarding of IP option packetsbased on L3 destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 871Configuring domain name server (DNS) resolver . . . . . . . . . .873Using Telnet and Secure Shell . . . . . . . . . . . . . . . . . . . . . . . . .875xxiv Brocade MLX Series and Brocade NetIron Family Configuration Guide53-1002372-01Changing the encapsulation type for IP packets . . . . . . . . . . .875Setting the maximum frame size globally . . . . . . . . . . . . . . . . 876Changing the MTU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 876Changing the router ID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .878Recalculating the router ID . . . . . . . . . . . . . . . . . . . . . . . . . . . .879Specifying a single source interface for Telnet, SSH,SNTP, TFTP, TACACS/TACACS+, or RADIUS packets. . . . . . . . .879Configuring an interface as the source for Syslog packets . . . . . .880Configuring ARP parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .880How ARP works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .881Rate limiting ARP packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . .882Changing the ARP aging period. . . . . . . . . . . . . . . . . . . . . . . . .883Enabling proxy ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .883Enabling local proxy ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .884Disabling gratuitous ARP requests for local proxy ARP . . . . . .884Creating static ARP entries . . . . . . . . . . . . . . . . . . . . . . . . . . . .885Changing the ARP timer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .885Changing the ARP pending retry timer . . . . . . . . . . . . . . . . . . .885Dynamic ARP inspection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .886ARP poisoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .886How DAI works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .886Configuring DAI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .887Displaying ARP inspection information. . . . . . . . . . . . . . . . . . .892Clearing ARP inspection counters. . . . . . . . . . . . . . . . . . . . . . .894DHCP snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .894How DHCP snooping works . . . . . . . . . . . . . . . . . . . . . . . . . . . .895System reboot and the binding database . . . . . . . . . . . . . . . .896Configuring DHCP snooping . . . . . . . . . . . . . . . . . . . . . . . . . . .896Clearing the DHCP binding database . . . . . . . . . . . . . . . . . . . .896DHCP option 82 insertion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 897Displaying DHCP snooping status and ports . . . . . . . . . . . . . .898Displaying DAI binding entries. . . . . . . . . . . . . . . . . . . . . . . . . .898Displaying DHCP snooping statistics counters . . . . . . . . . . . .899Clearing DHCP snooping counters . . . . . . . . . . . . . . . . . . . . . .900DHCP snooping configuration example . . . . . . . . . . . . . . . . . .901IP source guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .901Enabling IP source guard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .902Enabling IP source inspection on a VLAN. . . . . . . . . . . . . . . . .902Displaying IP source inspection status and ports . . . . . . . . . .903IP source guard CAM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .903Configuring IP source guard CAM partition . . . . . . . . . . . . . . .904Configuring forwarding parameters . . . . . . . . . . . . . . . . . . . . . . . . .904Configuring the maximum ICMP error message rate . . . . . . . . . . .906Disabling ICMP messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 907Disabling ICMP redirect messages. . . . . . . . . . . . . . . . . . . . . .909Configuring static routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .909Static route configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . .921Naming a static IP route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .924Brocade MLX Series and Brocade NetIron Family Configuration Guide xxv53-1002372-01Configuring a default network route. . . . . . . . . . . . . . . . . . . . .925Configuring IP load sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . .927Configuring IRDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .938Configuring UDP broadcast and IP helper parameters . . . . . . 941Configuring BootP or DHCP forwarding parameters . . . . . . . .943Filtering Martian addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .945Adding, deleting or modifying Martian addresses. . . . . . . . . .946IPv6 Over IPv4 tunnels in hardware. . . . . . . . . . . . . . . . . . . . . . . . .946Configuring a IPv6 IP tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . 947Configuring a manual IPv6 tunnel . . . . . . . . . . . . . . . . . . . . . .948Configuring an automatic 6to4 tunnel . . . . . . . . . . . . . . . . . . .948Displaying IPv6 tunneling information . . . . . . . . . . . . . . . . . . .953Displaying IP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .955Displaying IP interface information. . . . . . . . . . . . . . . . . . . . . .957Displaying interface name in Syslog. . . . . . . . . . . . . . . . . . . . .959Displaying ARP entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .960Displaying the forwarding cache. . . . . . . . . . . . . . . . . . . . . . . .962Dual Active Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .963Displaying the IP route table . . . . . . . . . . . . . . . . . . . . . . . . . . .964Clearing IP routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .968Displaying IP traffic statistics . . . . . . . . . . . . . . . . . . . . . . . . . .969Displaying GRE tunnel information. . . . . . . . . . . . . . . . . . . . . . 971Displaying GRE and manual IPv6 tunnel statistics . . . . . . . . . 971Displaying martian addressing information. . . . . . . . . . . . . . . 975Chapter 27 Layer 2 Access Control ListsConfiguration rules and notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 978General considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 978Configuration considerations for dual inbound ACLS on Brocade NetIron CES and Brocade NetIron CER devices. . . . . . . . . . . . 979Configuration considerations for VPLS, VLL,and VLL-Local endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 979Types of Layer-2 ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 979Creating a numbered Layer-2 ACL table . . . . . . . . . . . . . . . . . . . . .980Filtering and priority manipulation based on802.1p priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .981Inserting and deleting Layer-2 ACL clauses . . . . . . . . . . . . . . .982Increasing the maximum number of clauses perLayer-2 ACL table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .982Binding a numbered Layer-2 ACL table to an interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .982Filtering by MAC address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .982Filtering broadcast traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . .983Using the priority option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .983Using the priority force option. . . . . . . . . . . . . . . . . . . . . . . . . .983Using the priority mapping option. . . . . . . . . . . . . . . . . . . . . . .983Creating a named Layer-2 ACL table . . . . . . . . . . . . . . . . . . . . . . . .983Binding a named Layer-2 ACL table to an interface . . . . . . . .984ACL accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .984xxvi Brocade MLX Series and Brocade NetIron Family Configuration Guide53-1002372-01Enabling and disabling ACL accounting on Brocade NetIron XMR and Brocade MLX series devices . . . . . . . . . . . . . . . . . . . . . . . . . . .984ACL accounting on Brocade NetIron CES and Brocade NetIron CER devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .985Displaying Layer-2 ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .985Displaying Layer-2 ACL statistics on Brocade NetIron XMR and Brocade MLX series devices . . . . . . . . . . . . . . . . . . . . . . . . . . .986Configuring ACL Deny Logging for Layer-2inbound ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .986Displaying Layer-2 ACL statistics on Brocade NetIron CES and Brocade NetIron CER devices . . . . . . . . . . . . . . . . . . . . . . . . . .987Chapter 28 Access Control ListHow the Brocade device processes ACLs . . . . . . . . . . . . . . . . . . . .990General configuration guidelines . . . . . . . . . . . . . . . . . . . . . . .990Configuration considerations for dual inbound ACLS on Brocade NetIron CES and Brocade NetIron CER devices. . . . . . . . . . . .992Configuration considerations for IPv4 outboundACLs on VPLS, VLL, and VLL-Local endpoints . . . . . . . . . . . . .992Disabling outbound ACLs for switching traffic . . . . . . . . . . . . . . . .992Globally enabling outbound ACLS for switching traffic . . . . . .993Enabling outbound ACLS for switching traffic per port . . . . . .993Default ACL action. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .994Types of IP ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .994ACL IDs and entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .994Enabling support for additional ACL statements . . . . . . . . . . .995Configuring numbered and named ACLs. . . . . . . . . . . . . . . . . . . . .995Configuring standard numbered ACLs . . . . . . . . . . . . . . . . . . .996Configuring extended numbered ACLs . . . . . . . . . . . . . . . . . . . 997Configuring standard or extended named ACLs . . . . . . . . . 1006Displaying ACL definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . 1008Modifying ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1009Adding or deleting a comment . . . .

Date post:	17-Oct-2014
Category:	Documents
Upload:	tomek-orlowski
View:	931 times
Download:	5 times

NetIronUnified_05200b_ConfigGuide

Documents