博科交换机配置指导建议手册.ppt

Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Discovery TOI FOS&M-EOS Roadmap,June,2009,For Internal Use Only,2009 Brocade Communications Systems,Inc.All Rights Reserved.,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,For Internal Use Only,2009 Brocade Communications Systems,Inc.All Rights Reserved.,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Discovery TOI FOS&M-EOS Roadmap,June,2009,For Internal Use Only,2009 Brocade Communications Systems,Inc.All Rights Reserved.,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Discovery TOI FOS&M-EOS Roadmap,June,2009,For Internal Use Only,2009 Brocade Communications Systems,Inc.All Rights Reserved.,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Discovery TOI FOS&M-EOS Roadmap,June,2009,For Internal Use Only,2009 Brocade Communications Systems,Inc.All Rights Reserved.,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Discovery TOI FOS&M-EOS Roadmap,June,2009,For Internal Use Only,2009 Brocade Communications Systems,Inc.All Rights Reserved.,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Discovery TOI FOS&M-EOS Roadmap,June,2009,For Internal Use Only,2009 Brocade Communications Systems,Inc.All Rights Reserved.,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Discovery TOI FOS&M-EOS Roadmap,June,2009,For Internal Use Only,2009 Brocade Communications Systems,Inc.All Rights Reserved.,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Discovery TOI FOS&M-EOS Roadmap,June,2009,For Internal Use Only,2009 Brocade Communications Systems,Inc.All Rights Reserved.,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Discovery TOI FOS&M-EOS Roadmap,June,2009,For Internal Use Only,2009 Brocade Communications Systems,Inc.All Rights Reserved.,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Discovery TOI FOS&M-EOS Roadmap,June,2009,For Internal Use Only,2009 Brocade Communications Systems,Inc.All Rights Reserved.,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Discovery TOI FOS&M-EOS Roadmap,June,2009,博科交换机配置指导建议手册,Agenda,Session One Layer 2 Switches,Administration Essentials:Connection,command line and GUI essentials,Network Configuration:Default VLAN,VLANs Trunks and LAG,Redundant Connections:Spanning tree,RSTP,MSTP,Base Layer 3:VEs and VLANs,Routing Ports,Static Routes,Session Two Layer 3 Switches,Dynamic Routing:RIP and OSPF,Redundant Routing interfaces:VRRP and VRRP-E,ISP Border routing:BGP,Traffic Control:ACLs,Additional Slides,Additional Theory Slides(If required),Additional Material useful for some students but outside the BCNE subjects(eg Rate-Limiting),THANK YOU,Section 1.1,Layer 2 Switches,Administration Essentials,DB-9 male interface.,VT-100 terminal-,straight-through,cable,(female to female not a null-modem).,The VT-100 configuration is:,9600 Baud,8 Data Bits,Parity=,None,Stop Bits=,1,Flow Control=,None,For MODEM Cross-Over cable,(typically a DB-9F to DB-9F cable),Console Port,SW-FastIron,enable,No password has been assigned yet.,SW-FastIron#,show chassis,SW-FastIron#,configure terminal,SW-FastIron(config)#,show chassis,Interface Level,Fixed Configuration products specify the Port number(FastIron Simulator),SW-FastIron(config)#,int eth 1,(eth 1=ethernet port#1)SW-FastIron(config-if-1)#,Chassis products specify the Slot/Port(BigIron Simulator),SW-FastIron(config)#,int eth 2/1,(eth 2/1=Chassis slot#2,ethernet port#1),Stackable products specify the Stack-Number/Unit-Number/Port,SW-FastIron(config)#,int eth 1/2/1,(eth 1/2/1=Stack-number#1,Unit-number#2,ethernet port#1),CLI Basics(Part 1/2),Move back up the menu tree using“exit”,SW-ServerIron(config-rs-c1)#exit,SW-ServerIron(config)#exit,SW-ServerIron#exit,SW-ServerIron,Use“end”or Cntl-Z to return to“#”prompt,Display the running-config and saved startup-config,SW-ServerIron#write terminal,SW-ServerIron#show running-config,SW-ServerIron#show config,Erase the Startup-Config,SW-ServerIron#erase startup-config,The CLI supports up/down arrow for access to the last commands entered,SW-ServerIron(config)#ping 10.1.1.1,Invalid input-ping 10.1.1.1,Type?for a list,SW-ServerIron(config)#exit,SW-ServerIron#,CLI Basics(Part 2/2),Two Image Storage Areas,Primary and Secondary,View The Flash:,BigIron Router#sh version,BigIron Router#sh flash,Active management module:,Code Flash Type:AMD 29F032B,Size:64*65536=4194304,Unit:2,Boot Flash Type:AMD 29F040,Size:8*65536=524288,Compressed Pri Code size=3485205,Version 07.5.01T53(b2r07501.bin),Compressed Sec Code size=3494253,Version 07.5.02T53(b2r07502.bin),Maximum Code Image Size Supported:3866112(0 x003afe00),Boot Image size=149324,Version 07.02.01(m2b07201.bin),Primary Flash,Secondary Flash,Boot Image,File Management(Part 1/3),Specify where to boot from:,Primary Flash,Secondary Flash,TFTP Server,BootP Server,Where you enter the command also dictates when to load,PRIVELEDGED level INTERMEDIATE reboot/reload,Config Level Load at next scheduled reboot,Or,BigIron#(config)#boo sy f s,BigIron#(config)#wri mem,BigIron#reload at,06:00:00 01-19-04,System,TFTP,Server,Flash Primary,Flash Secondary,RAM,Image Code,Management Module,abbreviated but unique command line,File Management(Part 2/3),From/To TFTP Servers,From/To Primary or Secondary Flash,Exec Privileged Level:,NetIron#copy,tftp,flash,192.22.33.44 vm1r07501.bin secondary,Copies,from,the TFTP server the file“vm1r07501.bin”and stores it,to,the secondary flash area,NetIron#,copy,flash,tftp,192.22.33.44 vm1r07501.bin secondary,Copies the system image from the secondary flash area and stores it to the TFTP server as filename“vm1r07501.bin,TurboIron#copy,flash,flash,?,primary,Copy secondary to primary,secondary,Copy primary to secondary,TurboIron#copy,flash,flash primary,Copies the system image from the secondary flash area to the primary.,SW-FastIron#copy,running-config,tftp,192.22.33.44 new.cfg,Copies,from,the current running config(not the stored config)and writes it,to,the TFTP server as filename“new.cfg”.,NetIron#copy,tftp,flash,192.22.33.44 nib06007.bin boot,Copies the,boot,image from tftp server to the boot memory location of flash.(“boot”is a hidden parameter),RAM,TFTP,Server,Management Module,Flash Primary,Flash Secondary,File Management(Part 3/3),Show commands:,NetIron#show arpRP cache,NetIron#show ip interfaceip interface information,NetIron#show ip cacheIP host/MAC table,NetIron#show ip ospfOSPF information,NetIron#show ip routeIP routes and their status,NetIron#show ip trafficIP(ICMP,UDP,TCP,RIP)traffic statistics,NetIron#show ip dvmrpDVMRP information,Many of the above commands have several branches,An example is:,NetIron#show ip ospf neighbor Neighbor router information,Reference the manual for a complete list of all commands,Show Commands,Clear forwarding and route tables,Switch/Router clear commands:(SW-FastIron,TurboIron,BigIron),TurboIron#clear arpClears ARP table,TurboIron#clear mac-addressClears the MAC forwarding tables,TurboIron#clear statisticsClears all statistic counters.,NetIron#clear loggingClears the system log,Router-only clear commands:(NetIron,TurboIron,BigIron),NetIron#clear ip routeClears IP route tables.,NetIron#clear ip cacheClears IP host/MAC tables,Clearing Individual Entries,The mac parameter clears only the entries that match the specified address,and mask.,The vlan parameter clears only the entries that match the specified VLAN.,clear mac-address,Removes learned MAC address entries from the MAC address table.,EXAMPLE:,BigIron#clear mac-address ethernet 1/1,Clear Commands,Helpful when trying to verify connectivity,Cannot be entered when in“configure”mode,A few ping commands:,SW-FastIron ping 192.190.10.10,SW-FastIron#ping 192.190.10.10 count 100,SW-FastIron ping 192.190.10.10 size 1200,SW-FastIron#ping 192.190.10.10 ttl 5 c 10 s 200,Issues 10 pings with a time to live of 5 and each ping is 200 bytes long,Use“?”after the address for other options,Syntax:ping|source count timeout ttl size quiet numeric no-fragment verify data brief,Ping Commands,Show CPU Statistics,FastIron(config)#show process cpu,Process Name 5Sec(%)1Min(%)5Min(%)15Min(%)Runtime(ms),ACL,0.00 0.00 0.00 0.00 0,ARP,0.15 0.20 0.19 0.20 134792,BGP,0.00 0.00 0.00 0.00 0,DOT1X,0.00 0.00 0.00 0.00 0,GVRP,0.00 0.00 0.00 0.00 0,ICMP,0.00 0.00 0.00 0.00 3721,IP,0.00 0.00 0.00 0.00 1271,L2VLAN,9.10 12.17 11.12 10.81 8220839,NAT,0.00 0.00 0.00 0.00 0,OSPF,0.00 0.00 0.00 0.00 0,RIP,0.00 0.00 0.00 0.00 129,STP,0.01 0.01 0.01 0.01 11588,VRRP,0.00 0.00 0.00 0.00 0,Broadcast,Storm,BigIron Router#show cpu,2 percent busy,from 81 sec ago,1 sec avg:1 percent busy,5 sec avg:1 percent busy,60 sec avg:1 percent busy,300 sec avg:3 percent busy,Allocating Additional Memory for VLANS and VEs,System maximum number depends on:,Product and Management Module,BigIron(config)#system-max vlan 2048,BigIron(config)#system-max virtual-interface 2048,BigIron(config)#write memory,BigIron(config)#end,BigIron#reload,Management IP Address and Default-Gateway,LAN,IronView,Telnet,IP Add:192.22.33.45,FastIron#con t,FastIron#(Config)ip address 192.168.33.45 255.255.255.0,FastIron#(Config)ip default-gateway 192.168.33.1,BigIron Router#con t,BigIron Router#(Config)int eth 1/1,BigIron Router#(Config)ip address 192.168.33.45 255.255.255.0,Passwords,Factory Default=no Enable passwords,Passwords can be up to 32 characters long,Multiple levels of“Enable”password access,Access depends on which password you use,Super User-Unlimited access,can change all parameters,Configure Port-Change interface level parameters,Read Only-View only,no changing allowed,BigIron(config)#enable super-user-password,SuPswd,BigIron(config)#enable port-config-password,PCPswd,BigIron(config)#enable read-only-password,ROPswd,BigIron enable,PCPswd,orBigIron enable Password:,If the system password is not yet set,the system warns you,BigIron enableNo password has been assigned yet.,Passwords,recovering,You can recover from a forgotten passwords,Requires direct access to the Serial Port and a System Reset,Have terminal session plugged into serial port,then:,Reboot the system,Within 2 seconds,enter b to initiate the boot monitor,BOOT MONITOR,no password,(cannot be abbreviated),BOOT MONITOR,boot system flash primary,This bypasses the system password check,SW-FastIron enableNo password has been assigned yetSW-FastIron#,Reassign Super-User password&save config,SW-FastIron(config)#enab super-user NewPassword(assigns a new password),SW-FastIron(config)#write memory,Also specify passwords for:,Telnet Access,SW-FastIron(config)#enable telnet password,TelNetPswd,Where Passwords can be changed from,SW-FastIron(config)#password-change,serial-port-only,options:,Usernames/Password combinations,Specify Username,Password and Privilege Level,(config)#username,BigKahuna,priv,0,password,BKpswd,Privilege level:0=Super-User,4=Port-Config,5=Read-only,A Super-User account(or Super-User enable password)must be set,Passwords are stored in Config File ENCRYPTED(default),or you can turn off encryption,(config)#,no service password-encryption,Username Lists are applied with AAA commands,Passwords,Authentication for the following access types,Syntax:,aaa authentication default ,aaa authentication,what type of access,default,how to validate,aaa authentication,snmp-server,applications-IronView,HPOV,Spectrum,etc.,aaa authentication,web-server,.,Web Browser to Brocade Switches and Routers,aaa authentication,enable,“enable”command to gain Privileged and CONFIG level access,aaa authentication,login,TELNET access to the Brocade Switch/Router,Passwords,-aaa authentication types,Authentication methods,Syntax:,aaa authentication default ,If a,validation method,is NOT configured,use next method,TACACS,TACACS+,RADIUS,Query a TACACS,TACACS+or RADIUS server for username/password,Local,Use locally defined username/password combinations,Line,Use the TELNET access password,Enable,Use the“enable”passwords(super-user,port-config,read-only),Passwords,-aaa authentication methods,Syntax:,aaa authentication what type of access default how to validate,Examples,aaa authentication login default local,For TELNET access(“login”),use the locally defined usernames,aaa authentication enable default radius local,To gain privileged/CONFIG access(“enable”command),query a configured RADIUS server;if not configured,fallback to locally defined usernames,aaa authentication web default radius local enable,The Web Browser will first look at,1.RADIUS usernames,if not configured,2.locally defined usernames,if not configured3.use the“enable”super-user,port-config,and read-only passwords,Passwords,-aaa authentication examples,SNMP required information:,SW-FastIron(config)#ip address 192.22.33.45 255.255.255.0,SW-FastIron(config)#ip default-gateway 192.22.33.1,SW-FastIron(config)#snmp-server contact“Bill Clinton”,SW-FastIron(config)#snmp-server location the_white_house,SW-FastIron(config)#snmp-server host 192.22.33.55 public,SW-FastIron(config)#snmp-server community notsafe ro,SW-FastIron(config)#snmp-server community safe rw,Note:The first two commands are valid for switches only.Routers would assign an IP address at the interface level,not at the global level.,BigIron(config)interface ethernet 1/2,BigIron(config-if-1/2)#ip address 192.22.33.45 255.255.255.0,SNMP Configurations,Enabled with web browser,Username&Password Access,User Name,Password,Read Only,getpublic,Read/Write,set,Only one session can be Read/Write,Multiple Read-only sessions(password protected access),Web Browser GUI Config,You can restrict Web,Telnet and SNMP access to a single management address:,BigIron(config)#web client 209.157.22.39,BigIron(config)#snmp-client 209.157.22.14,BigIron(config)#telnet client 209.157.22.26,BigIron(config)#all-client 209.157.22.69 for all three types,To disable Management completely:,BigIron(config)#no web-management,BigIron(config)#no telnet server,BigIron(config)#no snmp-server,Controlling Access,THANK YOU,Section 1.2,Layer 2 Switches,Port Configuration and Link Aggregation,Specific attributes of each port,Speed,Auto-negotiate(default),Forced to 10 or 100Mbps-Full Duplex/Half Duplex,Examples:,NetIron enable passwordhere,NetIron#config term,NetIron(config)#interface e8,NetIron(config-if-8)#speed-duplex 100-half,NetIron(config-if-8)#speed 10-full,NetIron(config-if-8)#speed auto,NetIron(config-if-8)