L3 – Routing

Report
Ethernet Routing Switches
Stackable
Version 2.0.0
Last updated: Mar 2011
Objectives
At the end of the training, you should be able to
 Understand the difference between the ERS families
 Understand basic setup for ERS Switches
 Know your way around Device Manager (EDM) and a little
CLI
 Build a small converged network solution and have some
fun!
Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy.
Agenda
 Getting started
– Which ERS
– Standalone or Stack
 Management
– EDM and CLI
– Configuring Management
 Layer 2 – VLANs
– Creating VLANS
– Access or TAG
 Layer 3 – Routing
– IP interfaces
– DHCP Relay
 QoS
–
–
Roles
Typical settings
 Energy Saver
Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy.
Getting Started
Ideal as:
 Access Switch for Large Enterprises: high-performance Gigabit-to-the-
Desktop
 Aggregation (Distribution) Switch
 Core Switching solution for small Enterprises
ERS 5000
 Top-of-Rack/Horizontal Stacking for the Data Centre
 Where 10GbE is required today
Ideal as:
 Access Switch for mid-to-large Enterprise
 Environments with either FE or GbE connectivity at the Edge, or both
ERS 4500
 Where 10GbE Uplinks will become important
Ideal as:
 Access Switch for Branch Office or smaller Enterprise Campus: when Fast
Ethernet-only is appropriate
 Low-intensity convergence deployments
ERS 2500
 Standard offering for the Small to Medium Enterprise
Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy.
4
Ethernet Routing Switch 2500 Series
 Workhorse solution to empower
Convergence
– 10/100 to the Desktop
– Power-over-Ethernet & QoS
 Enable the Converged Branch
 Highly-available local Stacking &
connections to the Core
– high speed local switching & Layer  Scalable, pay-as-you-grow
3 Routing
– entry-level FAST 32
 Comprehensive QoS & access
control capabilities
 Integrated Access Control
– 802.1X with Extensions
– 802.1AB auto discovery for
network & devices
 Delivers flexibility to the Network
Edge
©2010 Avaya, Inc. All rights reserved.
5
Features of the ERS 2500 Series
 4 Switch options
– 2526T & 2526T-PWR – 24 10/100
 802.3af-compliant PoE
– Auto-sensing 10/100
Desktop ports, plus 2 active
– Auto-discovery of PoE devices
Uplinks, PoE option
– 2550T& 2550T-PWR – 48 10/100
– Dynamic power management
Desktop ports, plus 2 active
 Endpoint access control
Uplinks, PoE option
– 802.1X SHSA, Guest VLAN,
 Uplink options of SFP, 1000T, or
10/100/1000T
RADIUS Authentication
 PoE available on 50% of Desktop
ports – Green..!
 32Gbps Stacking architecture
– Up to 384 10/100 ports
 Wire-speed local switching &
 DiffServ & 802.1p Prioritisation
 Traffic Marking & Re-Marking
 Port Mirroring & Rate Limiting
 802.3ad Link Aggregation (6 links)
integrated Stacking
©2010 Avaya, Inc. All rights reserved.
6
Hardware
26-port Switches
 2526T
 2526T-PWR
50-port Switches
 2550T
 2550T-PWR
©2010 Avaya, Inc. All rights reserved.
7
Flexible Advanced Stacking Architecture
 Class-leading Stacking – the ERS 2500
Series implements FAST 32
–
4Gbps of Stacking capacity per
Switch & up to 32Gbps for a Stack
of 8
ERS 2500 Series
with FAST 32
4Gbps Stacking per Switch
& up to 32Gbps
 Scales up to 384 Ports of 10/100 Desktop
plus up to 16 Ports for 10/100/1000
Combo Uplinks
 Auto Unit Replacement software &
configuration control
–
Virtual Hot Swap
 Consolidated Management via a single IP
Address
 Low-cost Stack cabling
 Pre-enabled or field-upgradeable
Up to 8 Switches
& 400 Ports
Uses low-cost Cat 5E
UTP for Stacking
©2010 Avaya, Inc. All rights reserved.
8
Getting Started
Standalone or Stacking
The ERS 2500 delivers 3 flexible options to meet customer needs
Use ERS 2500s as single units
• Ideal for smaller sites
Standalone
• Budget-friendly option
Flexible option to move to stacking
• No need to purchase additional hardware
• Stacking is enabled via a software license
Standalone
Stacked
• Grow your network when/if YOU want to
Scalability from Day 1
• Units with stacking pre-enabled are available
• Ready to stack immediately
Stack Enabled
9
• No need for a stacking license
Ethernet Routing Switch 2500 Series
Stacking Implementation
 ERS 2500s use the rear 1000BaseTX ports as stacking ports
– Rear ports offer the flexibility to be used as either normal Gigabit ports or as
stacking ports.
– Gigabit grade (Cat5E/Cat6) RJ-45 cabling is used to create the stacking ring
– Stack up to 8 units high for 384 10/100 user ports and 16 Gigabit ports
10
Ethernet Routing Switch 2500 Series
Stacking Functionality and Rear Ports
– “Stacking Mode” must be configured on the rear ports before switches
–
–
–
–
are connected together in a stack (there is no “auto-detection”).
The Base unit must have Unit Select switch set to ON (one switch only)
Each ERS2500 switch ships with a 46cm (1.5 foot) stack cable (black
Cat5E cable).
Additional cables of 1.5m (5’) and 3m (10’) are also be available for
separate purchase from Avaya and are like “stack return” cables.
Customers are permitted to use their own cables and longer lengths up
to 100m (at customer’s risk, not “officially” supported by GNTS).
MODE:
Port 27
Port 28
Standalone ->
Stacking -> Cascade Down Cascade Up
Base
Unit Select
11
Ethernet Routing Switch 4500 Series
 Scalable solution to empower
Convergence
– 10/100 or 10/100/1000 to the
Desktop, Fixed 100FX & SFP
options
– Power-over-Ethernet & QoS
– fail-safe FAST 320
– high-speed local switching & Layer
3 Routing
 Integrated Access Control
– 802.1X with extensions
 Delivers 99.999% reliability to the
Network Edge
 Enable the Converged Desktop
 Comprehensive access control
options
 High-availability locally & to the Core
 Scalable, pay-as-you-grow
 Can mix FE and GE Switches in a
stack
10/100/1000 &
10/100 Switches 10G Switches
1
Features of the ERS 4500 Series
 11 Switch options
– 4526FX
– 4526T & 4526T-PWR
– 4550T & 4550T-PWR
– 4524GT & 4524GT-PWR
– 4526GTX & 4526GTX-PWR
– 4548GT & 4548GT-PWR
 High density solution:
– 400/384 ports of 10/100 or
 802.3af-compliant PoE
– Auto-sensing 10/100/1000
– Auto-discovery of PoE devices
– Dynamic power management
 End-point access control
– 802.1X plus extensions (SHMA,
MHMA, Guest VLAN, etc)
10/100/1000 with PoE & 10GbE
 Automatic Unit Replacement
options
 Traffic Policing, DiffServ & 802.1p
– SFP & FX options
Prioritisation
 184Gbps of local switching & 40Gbps
Stacking throughput per Switch
 IP Filtering, Policies, & Offset
 Redundant Power option
1
Hardware
Fast Ethernet Switches
4526FX
4526T & 4526T-PWR
4550T & 4550T-PWR
Gigabit Ethernet Switches
4524GT & 4524GT-PWR
4526GTX & 4526GTX-PWR
4548GT & 4548GT-PWR
1
Flexible Advanced Stacking Technology
 Evolution of redundant self-healing stacking
first introduced in 1998
 Support for up to 8 units in a stack
– Can mix any ERS4500 switch in the stack
– Maximum 400 10/100 ports in a stack
– Maximum 384 10/100/1000 ports in a stack
– Up to 32 SFP GBICs in a stack for uplinks
Return Cable creates
resilient configuration
 Built-in Hi-Stack stacking ports come standard on the switch
– Stacking cable (46cm / 18”) included with each switch
– Loopback stacking cable for resilient stacking must be purchased separately
 True resilient stack IP Management
 Load-balancing and fail-over protection with Distributed MLT and 802.3ad
 Automatic Unit Replacement Functionality to automatically reconfigure any
replaced unit
15
Grow as you Stack from 1 to 8 units as one reliable managed entity
Agenda
 Getting Started
 Management
– EDM and CLI
– Configuring management
 L2- VLANs
 L3 - Routing
 QOS
 Energy Saver
16
Enterprise Device Manager - EDM
Feature Overview
 EDM is a new embedded web based management system.
– EDM uses Web2.0 and J2EE framework – more up to date
– Improved workflows, selections and GUI configuration completeness
 EDM REPLACES both JDM and WebUI graphical configuration and
element interfaces.
– Integrated into the agent code of the switch, no longer requiring the right
version of JDM to support chosen platforms.
 HTTP and HTTPS browser support
– Tested and supported by: IE 7.0 and FireFox 3.0 and above.
New on ERS 2500 4.3 / 4500 v5.4 / 5x00 v6.2
17
Enterprise Device Manager - EDM
Main Screens
 EDM Landing Page – Switch Summary
– Navigation Tree – “Configuration” folder already open with sub folders
18
Enterprise Device Manager - EDM
Main Screens - II
 EDM – Device Physical View tab
– can launch pull-down menu off ports
19
Enterprise Device Manager - EDM
Main Screens - III
 EDM – Edit > Chassis > Chassis
– General switch system information
20
Enterprise Device Manager - EDM
Main Screens - IV
 EDM – Configuration > VLAN > VLANs
– VLAN creation – white cells can be edited
21
Enterprise Device Manager - EDM
Main Screens -V
 EDM – QoS > QoS Devices
– NOTE: EDM opens new selections in new Tabs in the main view
22
Enterprise Device Manager - EDM
EDM Help Files
 The help files for EDM are not integrated into the switch agent code
and are downloaded to the switch when required by the agent.
– Help file must be located on TFTP server or USB drive.
 EDM Help file configuration in CLI
– CLI commands:
edm help-file-path <path> [tftp address <ip>]
show edm help-file-path
Set Help file path (config)
(config)# edm help-file-path /help tftp address 10.16.5.222
Show Help file path
(config)# show edm help-file-path
TFTP Server Address 10.16.5.222 /help
23
Enterprise Device Manager - EDM
EDM Help file configuration - EDM
 EDM – Help File location configuration
– EDM uses TFTP to access Help File documents
Setup the help files
location on TFTP server
Install the help files one directory below the root on the TFTP server
24
Enterprise Device Manager - EDM
HELP Screens
 EDM – MultiLink Trunks Help (example)
–
NOTE: when you click on Help – the related documentation is TFTP’d to the switch.
Help Sub-menu on
setting up MLTs
25
Command Line Interface (CLI)
Feature overview
 Serial Console
– 9600
– No parity
– No flow control
– Straight cable
– Ctrl Y to start
 Telnet
 SSH
– Requires ‘secure’ agent image
– i.e. 2500_431025s.img
26
Show running-config Enhancements
Show and Copy commands - CLI
 The default behavior of the ‘show running-config’ command has
changed: it is now displaying only the CLI commands with nondefault parameters.
 The new CLI syntax for ‘show running-module’ is:
# show running-config [verbose][module {[802.1ab] [aaur] [adac] [arp-inspection] [aur] [banner] [core]
[dhcp-relay] [dhcp-snooping] [eap] [interface] [ip] [ip-source-guard] [ipmgr] [ipv6] [l3] [l3-protocols] [lacp]
[logging] [mac-security] [mlt] [poe] [port-mirroring] [qos] [rate-limit] [rmon] [rtc] [snmp] [ssh] [ssl] [stack]
[stkmon] [stp] [vlacp] [vlan]}]
 The new CLI syntax for ‘copy running-config’ is:
# copy running-config tftp [verbose] [module {[802.1ab] [aaur] [adac] [arp-inspection] [aur] [banner] [core]
[dhcp-relay] [dhcp-snooping] [eap] [interface] [ip] [ip-source-guard] [ipmgr] [ipv6] [l3] [l3-protocols] [lacp]
[logging] [mac-security] [mlt] [poe] [port-mirroring] [qos] [rate-limit] [rmon] [rtc] [snmp] [ssh] [ssl] [stack]
[stkmon] [stp] [vlacp] [vlan]}] [address <XXX.XXX.XXX.XXX>] filename <WORD>
Note: optional parameters shown in RED
27
Show running-config Enhancements
Usage examples - CLI
 Display the non-verbose configuration of a switch/stack:
# show running-config
! Embedded ASCII Configuration Generator Script
! Model = Ethernet Routing Switch 2526T (Stack Enabled)
! Software version = v4.3.0.073
!
! Displaying only parameters different to default
!================================================
enable
configure terminal
!
! *** CORE ***
!
!
! *** SNMP ***
!
!
! *** IP ***
!
!
…
!
! *** STACK MONITOR ***
!
NOTE: the output above is for a switch/stack reset to default
 Copy the non-verbose configuration of a switch/stack to a TFTP server:
# copy running-config tftp address 10.100.100.1 filename stack.cfg
28
Show running-config Enhancements
Usage examples – CLI (cont)
 Display the non-verbose configuration for the specified applications:
#show running-config module mlt stp vlan
! Embedded ASCII Configuration Generator Script
! Model = Ethernet Routing Switch 2526T (Stack Enabled)
! Software version = v4.3.0.073
!
! Displaying only parameters different to default
!================================================
enable
configure terminal
!
! *** STP (Phase 1) ***
!
!
! *** VLAN ***
!
!
! *** MLT (Phase 1) ***
!
!
! *** STP (Phase 2) ***
!
!
! *** VLAN Phase 2***
!
!
! *** MLT (Phase 2) ***
!
NOTE: the output above is for a switch/stack reset to default
 Copy non-verbose configuration for the specified applications to a TFTP server:
#copy running-config tftp module mlt stp vlan address 10.100.100.1 filename mlt_stp_vlan.cfg
29
Show running-config Enhancements
Usage examples – CLI (cont)
 Display the verbose configuration of a switch/stack:
# show running-config verbose
! Embedded ASCII Configuration Generator Script
! Model = Ethernet Routing Switch 2526T (Stack Enabled)
! Software version = v4.3.0.073
!
! Displaying all switch parameters
!====================================================
enable
configure terminal
!
! *** CORE ***
!
autosave enable
mac-address-table aging-time 300
autotopology
sntp server primary address 0.0.0.0
sntp server secondary address 0.0.0.0
…
!
! *** STACK MONITOR ***
!
no stack-monitor enable
stack-monitor stack-size 2
stack-monitor trap-interval 60
 Copy the verbose configuration of a switch/stack to a TFTP server:
# copy running-config tftp verbose address 10.100.100.1 filename stack_ver.cfg
30
Show running-config Enhancements
Usage examples – CLI (cont)
 Display the verbose configuration for the specified applications:
# show running-config verbose module mlt stp vlan
! Embedded ASCII Configuration Generator Script
! Model = Ethernet Routing Switch 2526T (Stack Enabled)
! Software version = v4.3.0.073
!
! Displaying all switch parameters
!====================================================
enable
configure terminal
!
! *** STP (Phase 1) ***
!
spanning-tree cost-calc-mode dot1d
spanning-tree port-mode auto
spanning-tree priority 8000
spanning-tree hello-time 2
spanning-tree forward-time 15 max-age 20
no spanning-tree 802dot1d-port-compliance enable
!
! *** VLAN ***
!
vlan ports 1/1-26,2/1-26 tagging unTagAll filter-untagged-frame disable filterunregistered-frames enable priority 0
vlan configcontrol flexible
vlan members 1 1/1-26,2/1-26
vlan ports 1/1-26,2/1-26 pvid 1
vlan igmp unknown-mcast-no-flood disable
vlan igmp 1 snooping disable
…
31
Show running-config Enhancements
Usage examples – CLI (cont)
…
vlan igmp 1 proxy disable robust-value 2 query-interval 125
vlan configcontrol strict
auto-pvid
!
! *** MLT (Phase 1) ***
!
no mlt
mlt 1 name "Trunk #1" disable member NONE
mlt 1 learning normal
mlt 1 loadbalance basic
mlt 2 name "Trunk #2" disable member NONE
mlt 2 learning normal
mlt 2 loadbalance basic
mlt 3 name "Trunk #3" disable member NONE
mlt 3 learning normal
mlt 3 loadbalance basic
mlt 4 name "Trunk #4" disable member NONE
mlt 4 learning normal
mlt 4 loadbalance basic
mlt 5 name "Trunk #5" disable member NONE
mlt 5 learning normal
mlt 5 loadbalance basic
mlt 6 name "Trunk #6" disable member NONE
mlt 6 learning normal
mlt 6 loadbalance basic
!
…
32
Show running-config Enhancements
Usage examples – CLI (cont)
…
! *** STP (Phase 2) ***
!
spanning-tree port-mode normal
interface FastEthernet ALL
spanning-tree port 1/1-26 learning normal
spanning-tree port 2/1-26 learning normal
spanning-tree port 1/1-24 cost 10 priority 80
spanning-tree port 1/25-26 cost 1 priority 80
spanning-tree port 2/1-24 cost 10 priority 80
spanning-tree port 2/25-26 cost 1 priority 80
spanning-tree bpdu-filtering port 1/1-26 timeout 120
no spanning-tree bpdu-filtering port 1/1-26 enable
spanning-tree bpdu-filtering port 2/1-26 timeout 120
no spanning-tree bpdu-filtering port 2/1-26 enable
exit
!
! *** VLAN Phase 2***
!
vlan mgmt 1
!
! *** MLT (Phase 2) ***
!
 Copy the verbose configuration for the specified applications to a TFTP server
#copy running-config tftp verbose module mlt stp vlan address 10.100.100.1 filename
mlt_stp_vlan_ver.cfg
33
Agenda
 Getting Started
 Management
– EDM and CLI
– Configuring management
 L2- VLANs
 L3 - Routing
 QOS
 Energy Saver
34
Initial Switch/Stack Setup
Quick Start
ERS2500> enable
ERS2500# install
Welcome to the 2550T-PWR setup utility.
You will be requested for information to initially configure for the switch.
When finished the information will be applied and stored in the switch NVRAM.
Once the basic parameters are configured, additional configuration can
proceed using other management interfaces. Press ^C to abort at any time.
###############################################################################
Please
Please
Please
Please
Please
Please
Please
Please
provide
provide
provide
provide
provide
provide
provide
provide
the
the
the
the
the
the
the
the
in-band IP Address[10.16.5.4]:
in-band sub-net mask[255.255.255.0]:
Default Gateway[10.16.5.254]:
Read-Only Community String[**********]:
Read-Write Community String[**********]:
Quick Start VLAN <1-4094> [5]:
in-band IPV6 Address/Prefix_length[::/0]:
in-band IPV6 Default Gateway[::]:
###############################################################################
Basic switch parameters have now been configured and saved.
###############################################################################
35
Initial Switch/Stack Setup
Manual via CLI
ERS2500-Rack3# show running-config
! Embedded ASCII Configuration Generator Script
! Model = Ethernet Routing Switch 2550T-PWR
! Software version = v4.3.1.025
!
! Displaying all switch parameters
!====================================================
enable
configure terminal
!
! *** IP ***
!
ip default-gateway 10.16.5.254
ip address stack 0.0.0.0
ip address switch 10.16.5.4
ip address netmask 255.255.255.0
!
! *** VLAN ***
!
vlan mgmt 5
36
Extended IP Manager
Feature Overview
 IP Manager enables administrators to restrict access to network
services such as web, snmp and telnet (for IPv4 & IPv6).
 The IP Manager function which controls management connectivity to
the switch has been extended to support IPv6 and SSH in ERS2500
release v4.3.
 Example section of IP Manager in ACG:
! *** IP Manager ***
!
telnet-access enable
snmp-server enable
web-server enable
ssh-server enable
ipmgr telnet
ipmgr snmp
ipmgr web
ipmgr ssh
ipmgr source-ip 1 0.0.0.0 mask 0.0.0.0
ipmgr source-ip 2 255.255.255.255 mask 255.255.255.255
…
ipmgr source-ip 51 ::/0
ipmgr source-ip 52 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128
…
NOTE: new options are in RED (‘s’ agent image must be loaded to support ssl)
37
Agenda
 Getting Started
 Management
 L2- VLANs
– Creating Vlans
– Access or Tag
 L3 - Routing
 QOS
 Energy Saver
38
VLAN Configuration Control*
VLAN Config Automatic
Control
AutoPVID
Flexible
Strict
Operations
As you
change the
vlan the
PVID
changes
accordingly
VLAN PVID
Set to the
Vlan ID
(default)
As you add a As you add a To change
Vlan the
Vlan the
Vlan the port
PVID
PVID
has to be
changes to
remains set removed
the new vlan to the first
from the
vlan
previous
vlan
Set to the
Set to the
Set to the
Last Vlan ID First Vlan ID Vlan ID
# of VLANs
One only
Multiple
Multiple
One Only
/Access port
*Note: Applies to Untag All and Tag PVID Only ports
Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy.
Vlan Configuration Control
 Automatic :– VLAN Membership: Automatically adds an untagged port to
a new VLAN and automatically removes it from any
previous VLAN membership.
– PVID of the port: is automatically changed to the VID of the
VLAN it joins.
 AutoPVID :– When an untagged port is added to a new VLAN, the port is
added to the new VLAN and the PVID is assigned to the
new VID without removing it from any previous VLAN
memberships. Using this option, an untagged port can have
membership in multiple VLANs
Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy.
Vlan Configuration Control
 Flexible:– Similar to AutoPVID. When this option is used, an untagged
port can belong to an unlimited number of VLANs.
– Any new additions of an untagged port to a new VLAN does
not change the PVID of that port
 Strict:– The factory default, this selection restricts the addition of an
untagged port to a VLAN if it is already a member of another
VLAN.
– To add an untagged port to a new VLAN, a port must be
remove from all other VLANs of which it is a member before
adding it to the new VLAN. The PVID of the port is changed
to the new VID to which it was added.
Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy.
Ethernet Ports modes
Port Mode
# Vlan
Tagging
Access
Depends on
Config Ctrl
No Tagging
Tag All (Trunk)
Multiple
Tag all Vlans
Untag PVID
Multiple
Tag all Vlans except the
PVID (Default vlan)
Tag PVID
Multiple
Tag only the PVID no other
Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy.
L2 - VLANs
Changing VlanConfigControl
Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy.
4
L2 - VLANs
Create VLAN
44
L2 - VLANs
Create VLAN
45
L2 - VLANs
Create VLAN
46
L2 - VLANs
Removing Ports
47
L2 - VLANs
Adding Ports
48
L2 - VLANs
Adding Ports
49
L2 - VLANs
Apply Changes
50
L2 - VLANs
Support for Voice and Data on one port
Select and Right Click
Port 18-24, Select Edit
51
L2 - VLANs
Support for Voice and Data on one port
52
Agenda
 Getting Started
 Management
 L2- VLANs
 L3 – Routing
– IP Interfaces
– DHCP Relay
 QOS
 Energy Saver
53
IP Local and Static Routing
Feature Overview
 Support up to 256 locally configured routing instances.
 Provides static route support
 Supports IP blocking (for different stack failures)
 Allows the switch to be managed through any IP address that has been
assigned to any VLAN interface (not just the management VLAN).
– When IP routing is enabled, the existing Switch / Stack IP address is
assigned to the management VLAN interface.
54
L3 Routing
Enable IP forwarding
55
L3 Routing
Adding an IP interface to a VLAN
56
L3 Routing
Adding an IP interface to a VLAN
57
L3 Routing
Adding an IP interface to a VLAN
58
L3 Routing
Adding an IP interface to a VLAN
59
L3 Routing
Adding an IP interface to a VLAN
60
L3 Routing
Adding an IP interface to a VLAN
61
L3 Routing
Adding an IP interface to a VLAN
62
L3 Routing
IP Local and static Routing
 Managing global IP config to enable / disable IP routing
(config)# ip routing
Enables IP routing globally
(config)# no ip routing
Disables IP routing globally
 Managing VLAN IP routing:
(config)# interface vlan 7
(config-if)# ip address <IP> <mask> [<mac-offset>]
Enables/disables IP routing on a VLAN
– Example:
(config-if)# ip address 172.16.7.1 255.255.255.0 7
(config-if)# no ip address 172.16.7.1 255.255.255.0
63
L3 Routing
IP Local and static Routing
 Creating a static route:
(config)# ip route <IP> <dest-mask> <next-hop> [<cost: 1-65535> | <weight: 165535>] enable
– Example:
(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1 ena
 Change the weight (or cost) of a static route:
– Example:
(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1 weight 40
 Enable / disable / delete a static route:
– Examples:
(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1 enable
(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1 disable
(config)# no ip route 0.0.0.0 0.0.0.0 172.16.1.1
 NOTE: In order for a static route to become active, the
configured next-hop IP address must be reachable.
64
L3 Routing
IP Local and Static Routing
# show ip routing
IP Routing is enabled
IP ARP life time is 21600 seconds
# show vlan ip
==============================================================================
Vid ifIndex Address
Mask
MacAddress
Offset Routing
==============================================================================
Primary Interfaces
-----------------------------------------------------------------------------1
10001
172.16.1.50
255.255.255.0
00:1D:42:36:EC:40 1
Enabled
3
10003
172.16.3.1
255.255.255.0
00:1D:42:36:EC:42 3
Enabled
4
10004
172.16.4.1
255.255.255.0
00:1D:42:36:EC:43 4
Enabled
5
10005
172.16.5.1
255.255.255.0
00:1D:42:36:EC:44 5
Enabled
6
10006
172.16.6.1
255.255.255.0
00:1D:42:36:EC:45 6
Enabled
7
10007
172.16.7.1
255.255.255.0
00:1D:42:36:EC:46 7
Enabled
-----------------------------------------------------------------------------% Total of Primary Interfaces: 6
65
L3 Routing
Local and Static Routing
# show ip route
===============================================================================
Ip Route
===============================================================================
DST
MASK
NEXT
COST
VLAN PORT PROT TYPE PRF
------------------------------------------------------------------------------0.0.0.0
0.0.0.0
172.16.1.1
40
1
1/1
S IB
5
10.0.0.0
255.0.0.0
172.16.1.1
10
1
1/1
S IB
5
172.16.1.0
255.255.255.0
172.16.1.50
1
1
---- C DB
0
172.16.3.0
255.255.255.0
172.16.3.1
1
3
---- C DB
0
172.16.4.0
255.255.255.0
172.16.4.1
1
4
---- C DB
0
172.16.5.0
255.255.255.0
172.16.5.1
1
5
---- C DB
0
172.16.6.0
255.255.255.0
172.16.6.1
1
6
---- C DB
0
172.16.7.0
255.255.255.0
172.16.7.1
1
7
---- C DB
0
Total Routes: 8
------------------------------------------------------------------------------TYPE Legend:
I=Indirect Route, D=Direct Route, A=Alternative Route, B=Best Route, U=Unresolv
ed Route, N=Not in HW
66
L3 Routing
IP Routing ARP Management
> Create / remove a static ARP entry:
(config)# ip arp <IP> <MAC> <unit/port> [vid <1 - 4094>]
> Example:
(config)# ip arp 172.16.3.10 00:13:60:c2:62:ee 1/3 vid 3
(config)# no ip arp 172.16.3.10 00:13:60:c2:62:ee 1/3 vid 3
> Enable / Disable ARP response per VLAN:
> Example:
(config-if)# ip arp response
(config-if)# no ip arp response
> Configuring the ARP Aging time:
> Example:
(config)# ip arp timeout 720
67
L3 Routing
IP Routing ARP Management
# show ip arp (or show arp)
===============================================================================
IP ARP
===============================================================================
IP Address
Age (min) MAC Address
VLAN-Unit/Port/Trunk Flags
------------------------------------------------------------------------------172.16.3.255
0
ff:ff:ff:ff:ff:ff VLAN#3
LB
172.16.4.255
0
ff:ff:ff:ff:ff:ff VLAN#4
LB
172.16.5.255
0
ff:ff:ff:ff:ff:ff VLAN#5
LB
172.16.6.255
0
ff:ff:ff:ff:ff:ff VLAN#6
LB
172.16.7.255
0
ff:ff:ff:ff:ff:ff VLAN#7
LB
172.16.1.255
0
ff:ff:ff:ff:ff:ff VLAN#1
LB
172.16.1.14
65
00:15:60:c2:62:4d VLAN#1-1/1
D
172.16.1.50
0
00:1d:42:36:ec:40 VLAN#1
L
172.16.3.10
0
00:13:60:c2:62:ee VLAN#3-1/3
S
172.16.3.1
0
00:1d:42:36:ec:42 VLAN#3
L
172.16.4.1
0
00:1d:42:36:ec:43 VLAN#4
L
172.16.5.1
0
00:1d:42:36:ec:44 VLAN#5
L
172.16.6.1
0
00:1d:42:36:ec:45 VLAN#6
L
172.16.7.1
0
00:1d:42:36:ec:46 VLAN#7
L
172.16.1.1
60
00:13:49:4b:04:74 VLAN#1-1/1
D
172.16.3.0
0
ff:ff:ff:ff:ff:ff VLAN#3
LB
172.16.4.0
0
ff:ff:ff:ff:ff:ff VLAN#4
LB
172.16.5.0
0
ff:ff:ff:ff:ff:ff VLAN#5
LB
172.16.6.0
0
ff:ff:ff:ff:ff:ff VLAN#6
LB
172.16.7.0
0
ff:ff:ff:ff:ff:ff VLAN#7
LB
172.16.1.0
0
ff:ff:ff:ff:ff:ff VLAN#1
LB
Total ARP entries : 21
------------------------------------------------------------------------------Flags Legend:
S=Static, D=Dynamic, L=Local, B=Broadcast
68
Agenda
 Getting Started
 Management
 L2- VLANs
 L3 – Routing
– IP Interfaces
– DHCP Relay
 QOS
 Energy Saver
69
L3 Routing
BootP/DHCP Relay
 In order to obtain an IP address a BootP or DHCP client will
broadcast the request on the local subnet. When routing is
enabled on the VLAN, these broadcasts are not forwarded by
the router.
 This is where the Bootp/DHCP relay is applicable. The relay
agent intercepts these Bootp/DHCP requests and forwards then
to the specified host or broadcast address on another routed
VLAN.
 Up to 10 DHCP/BootP servers may be identified as destinations
to the relay.
70
L3 Routing
DHCP Relay
71
L3 Routing
DHCP Relay
72
L3 Routing
DHCP Relay
73
L3 Routing
DHCP Relay config commands
 Enable / disable DHCP relay globally
(config)# ip dhcp-relay fwd-path <agent-ip> <server-ip> <enable|disable>
– Example:
(config)# ip dhcp-relay fwd-path 172.16.6.1 172.16.4.2 enable
(config)# ip dhcp-relay fwd-path 172.16.6.1 172.16.4.2 disable
 Add / remove a bootp/DHCP server
(config)# ip dhcp-relay fwd-path <agent-ip> <server-ip>[mode <bootp | bootp-dhcp | dhcp>]
– Example:
(config-if)# ip dhcp-relay fwd-path 172.16.6.1 172.16.4.2 mode bootp
(config-if)# no ip dhcp-relay fwd-path 172.16.6.1 172.16.4.2 mode bootp
 IP VLAN DHCP-relay configuration options
–
Examples:
(config)#interface vlan 4
(config-if)#ip dhcp-relay ?
broadcast
clear-counters
min-sec
mode
74
enable DHCP relay broadcast on this vlan
Clear dhcp-relay counters
configure the backup dhcp server minimum wait time
dhcp mode
L3 Routing
DHCP Relay show commands
(config)# show ip dhcp-relay
DHCP relay is enabled
(config)# show ip dhcp-relay fwd-path
=============================================================
DHCP
=============================================================
INTERFACE
SERVER
ENABLE
MODE
------------------------------------------------------------172.16.3.1
172.16.4.255
TRUE
DHCP & BOOTP
172.16.6.1
172.16.4.2
FALSE
DHCP & BOOTP
(config)# show ip dhcp-relay counters
INTERFACE
REQUESTS
REPLIES
------------------------------------------172.16.1.50
0
0
172.16.7.1
0
0
172.16.6.1
0
0
172.16.5.1
0
0
172.16.4.1
0
0
172.16.3.1
16
4
75
Agenda
 Getting Started
 Management
 L2- VLANs
 L3 – Routing
 QOS
– IP Interfaces
– DHCP Relay
 Energy Saver
76
Avaya Ethernet Routing Switch 2500/4500
Intelligent Flexibility
High Priority
Incoming Traffic
Medium Priority
Normal Priority
Low Priority
7
6
5
4
3
2
1
0
Priorities
4
3
Outgoing Traffic
2
1
Hardware Queues
 DiffServ Code Point (DSCP) classification and prioritization
– Prioritizes, marks, remarks, filters and classifies DSCP markings within the
IP packet to ensure different applications are prioritized within the switch
and the network
 802.1p Prioritization
– Provides basic traffic prioritization with 8 802.1p priorities
77
Changing the rules with intelligent flexibility
Advanced QoS
Feature Overview
 QoS functions supported include:
– L2-L4 traffic classification,
– filtering (forward/drop),
– marking/remarking of DSCP,
– Policing/metering and
– egress Shaping.
 QoS configuration fully supported in CLI and EDM (GUI).
 Advanced QoS support across all current stackable
switching families.
78
Advanced QoS
QoS Concepts
 DiffServ and 802.1p are the underlying technology for all QoS
configurations.
 The ERS Series supports the following QoS classes:
– Critical and Network classes have the highest priority over all other traffic.
– Premium class is an end-to-end service functioning similarly to a virtual
leased line. Traffic in this service class is normally guaranteed an agreedupon peak bandwidth. Traffic requiring this service must be shaped at the
network boundary in order to undergo a negligible delay and delay
variance. This service class is suitable for real-time applications, such as
video and voice over IP. The recommended PHB for this service is the
Expedited Forwarding (EF) PHB.
– Platinum, Gold, Silver, and Bronze classes use the Assured Forwarding
(AF) PHB. These classes are used for real-time, delay-tolerant traffic and
non-real-time, mission-critical traffic.
– Standard class is the best-effort IP service with an additional, optional use
of traffic classification that is used at the network boundary to request a
better effort treatment for packets that are in-profile (packets that do not
break the service agreements between the user & the service provider).
79
Advanced QoS
QoS Concepts cont…
 Port-based Quality of Service: policies are applied directly to
individual ports.
 A port-based Quality of Service environment allows for the more
direct application of Quality of Service policies and eliminates the
need to group ports together when assigning policies.
 Role-based Quality of Service: individual ports are first assigned to a
role and that role was assigned a policy. A role is a collection of
ports defined within the same interface group. They share settings.
For example, all ports are defined as untrusted.
 Port-based and role-based policies can be applied to same port;
however the switch administrator is responsible for the proper
division of resources across the individual policies.
 At factory default, ports are assigned to the default interface group
(role combination), which is named allQoSPolicyIfcs.
80
Advanced QoS
Interface Groups
 Interface groups are used in the creation of role-based policies.
 Role-based policies differ from port-based policies in the fact that role-
based policies group ports together to apply a common set of rules to
them.
 Each port can belong to only one interface group.
 When you move a port to another interface group (role combination),
the classification elements associated with the previous interface group
are removed and the classifications elements associated with the new
interface group are installed on the port.
 At factory default, ports are assigned to the default interface group (role
combination), which is named allQoSPolicyIfcs.
 All ports must be removed from an interface group before it is deleted.
An interface group cannot be deleted when it is referenced by a policy.
81
Advanced QoS
Interface Types
 The classifications of trusted, untrusted, and unrestricted actually
apply to groups of ports (interface groups).
 Trusted interfaces — IPv4 traffic received on trusted interfaces is remarked at the layer 2 level, that is, the 802.1p user priority value is
updated based on the DSCP value in the packet at ingress and the
installed DSCP-to-CoS mapping data. The DSCP value is not
updated.
 Untrusted interfaces — IPv4 traffic received on untrusted interfaces
is re-marked at the layer 3 level—that is, the DSCP value is
updated.
 Unrestricted interfaces – Does not change DSCP or 802.1p setting.
82
Advanced QoS
QoS Components
IP Element
L2 Element
System Element
• IP address type
• IP flow identifier
• IP source address/mask
• IP destination address/mask
• IP protocol type/IPv6 next-header
• IP DSCP value
• IP L4 source port
• IP L4 dest port
• Source MAC
• Destination MAC
VLAN ID number
• VLAN tag
• EtherType
• IEEE 802.1p
Fully customized classifiers
can be created to match
non-IP-based traffic,
as well as to identify IP-based
traffic using non-typical
fields in Layers 2, 3,
4, and beyond.
Classifier
Classifier Blocks
Policy
83
Advanced QoS
Configuration examples - CLI
 Single Identification IP Elements - Traffic identification Rules &
Classifiers (for Naming rules)
 Destination Layer 4 Port
–
DNS
# qos ip-element 1 protocol 6 dst-port-min 53 dst-port-max 53
# qos classifier 1 set-id 1 name DNS_DST element-type IP element-id 1
–
IPSEC with UDP Wrapper Destination
# qos ip-element 3 protocol 17 dst-port-min 10001 dst-port-max 10001
# qos classifier 3 set-id 3 name IPSEC_UDP_DST element-type IP element-id 3
 Source Layer 4 Port
– SSL
# qos ip-element 2 protocol 6 src-port-min 443 src-port-max 443
# qos classifier 2 set-id 2 name SSL_SRC element-type IP element-id 2
 Destination IP Address
–
Specific server
# qos ip-element 11 dst-ip 47.153.226.20/32
# qos classifier 11 set-id 11 name HTTP&IP element-type IP element-id 11
84
Advanced QoS
Configuration examples - CLI
 Multiple Identification IP Elements - Traffic identification Rules &
Classifiers (for Naming rules)
 Destination IP Address & Layer 4 Port
– Web Traffic to specific server
# qos ip-element 11 dst-ip 47.153.226.20/32 protocol 6 dst-port-min 80 dst-port-max 80
# qos classifier 11 set-id 11 name HTTP&IP element-type IP element-id 11
 Source IP Address & Layer 4 Port
– SSL Traffic from specific server
# qos ip-element 12 src-ip 47.153.226.20/32 protocol 6 src-port-min 443 src-port-max 443
# qos classifier 12 set-id 12 name SSL&IP element-type IP element-id 12
 Important note on layer 4 port ranges:
–
Port range specifications are limited due to the way bit masking operates on
the switches.
– Example: ‘min’ port range set first then becomes the “bit boundary” for the
‘max’ range. If you start the ‘min’ at port 80 (1010000 binary), the next ‘max’
range can be 81 (1010001), or 83 (1010011), or 87 (1010111), or finally - 95
(1011111). IE: bit mask/wildcards are added by column weight upto the first
“1” set in the minimum range value.
85
Advanced QoS
Configuration examples - CLI
 Grouping “like” Classifiers and QoS marking per classifier
– Destination Layer 4 Port Block
# qos classifier-block 11 block-number 10 name L4_DST set-id 11 in-profileaction 6
# qos classifier-block 12 block-number 10 name L4_DST set-id 12 in-profileaction 4
# qos classifier-block 13 block-number 10 name L4_DST set-id 13 in-profileaction 3
– Destination IP Address and Layer 4 port Block
# qos classifier-block 11 block-number 10 name L3&L4_DST set-id 11 inprofile-action 6
# qos classifier-block 12 block-number 10 name L3&L4_DST set-id 12 inprofile-action 4
# qos classifier-block 13 block-number 10 name L3&L4_DST set-id 13 inprofile-action 3
86
Advanced QoS
Configuration examples - CLI
 Applying Classifiers to Interface groups
– InBound Destination IP Address and Layer 4 Port Block
# qos policy 10 name IN_L3&L4_DST if-group SGS clfr-type block clfr-name
L3&L4_DST precedence 10
– OutBound Source IP Address and Layer 4 Port Block
# qos policy 11 name OUT_L3&L4_SRC if-group SGS clfr-type block clfr-name
L3&L4_SRC precedence 11
87
Advanced QoS
Additional Commands - CLI
 Removing Rules - Remove in reverse order
#
#
#
#
no
no
no
no
qos
qos
qos
qos
policy 17
classifier-block 17
classifier 17
ip-element 17
 Showing QoS information
#
#
#
#
show
show
show
show
qos
qos
qos
qos
ip-element
classifier
classifier-blocks
policy
88
Advanced QoS
QoS Configuration – EDM
 EDM ‘QoS Devices’ Screen – Queues, Interface groups / ID’s,
802.1p & DSCP Mapping, Meters and Shapers.
89
Advanced QoS
QoS Configuration – EDM
 EDM ‘QoS Rules’ Screen – IP, L2 & System Classifier Elements,
Classifiers and Classifier Blocks.
Click “Insert” to add a
L2 Classifier Element
90
Advanced QoS
QoS Configuration – EDM
 EDM ‘QoS’ Screen – Actions, Meters, Shapers and Policies.
Pre-defined QoS Actions and service classes
91
Agenda
 Getting Started
 Management
 L2- VLANs
 L3 – Routing
 QOS
 Energy Saver
92
Energy Saver
POE – Access Ports
Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy.
Energy Saver
POE – Access Ports
Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy.
Energy Saver
Energy Saver – Access Ports
Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy.
Energy Saver
Energy Saver – Access Ports
Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy.
Energy Saver
Energy Saver – Access Ports
Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy.
Q&A
98
Thank you
Avaya – Proprietary. Use pursuant to your signed agreement or Avaya policy.
99

similar documents