brocade basic switch setup
DESCRIPTION
ICX series basic configurationThe basic steps from out of the box to a running and manageable Brocade ICX series network switchTRANSCRIPT
-
Basic Switch Setup
1
-
Basic Switch Setup
2
-
Basic Switch Setup
3
Basic Switch Setup
Upgrading the Switch Copy the boot code from the TFTP server into flash memory. To do so, enter a command such as the following at the Privileged EXEC level of the CLI. FastIron# copy tftp flash bootrom You should see output similar to the following. FWS648POE Router# Flash Memory Write (8192 bytes per dot)........................... (Boot Flash Update)Erase.........Write............. TFTP to Flash Done Copy the flash code from the TFTP server into flash memory. To do so, use the copy command at the Privileged EXEC level of the CLI. FastIron# copy tftp flash primary | secondary You should see output similar to the following. FWS648POE Router# Flash Memory Write (8192 bytes per dot) ........................ ....................................................................... ....................................................................... ..... TFTP to Flash Done Once you have completed the upgrade, you must reboot the device to complete the upgrade process. Use one of the following commands:
FastIron# reload
This command boots from the default boot source, which is the primary flash area by default.
FastIron# boot system flash primary | secondary Copy configuration files to the Switch The following commands are used to copy configuration files to the switch.
FastIron# copy startup-config tftp Use this command to upload a copy of the startup configuration file from the Layer 2 Switch or Layer 3 Switch to a TFTP server.
FastIron# copy running-config tftp Use this command to upload a copy of the running configuration file from the Layer 2 Switch or Layer 3
-
Basic Switch Setup
4
Switch to a TFTP server.
FastIron# copy tftp startup-config Use this command to download a copy of the startup configuration file from a TFTP server to a Layer 2 Switch or Layer 3 Switch. Securing access to the switch Example:
FastIron(config)# enable super-user-password FastIron(config)# enable telnet password
Example: This example sets the Telnet timeout to ten minutes.
FastIron(config)# telnet timeout 10 Example: This example sets the console timeout to ten minutes.
FastIron(config)# console timeout 10 Example: To suppress the connection rejection message sent by the device to a denied Telnet client, enter the following command at the global CONFIG level of the CLI:
FastIron(config)# telnet server suppress-reject-message Syntax: [no] telnet server suppress-reject-message Example: If you want to remove the password encryption, you can disable encryption by entering the following command:
FastIron(config)# no service password-encryption
Syntax: [no] service password-encryption Adding Login Banners
FastIron(config)# banner exec # (Press Return) Enter TEXT message, End with the character '#'. Warning Notification!!! This system is to be used by authorized users only for company work. Activities conducted on this system may be monitored and/or recorded with no expectation of privacy. All possible abuse and criminal activity may be handed over to the proper law enforcement officials for investigation and prosecution. Use implies consent to all of the conditions stated within this Warning Notification. #
-
Basic Switch Setup
5
EXAMPLE: FastIron(config)# banner incoming $ (Press Return) Enter TEXT message, End with the character '$'. Remote TELNET session from above host. $
EXAMPLE: This example enables Telnet Authentication which forces Telnet connections to use the local user database and forces the Web management and Privileged EXEC and CONFIG levels of the CLI to use the local user database for authentication.
FastIron(config)# enable telnet authentication FastIron(config)# aaa authentication web-server default local FastIron(config)# aaa authentication enable default local
EXAMPLE: This example will setup four separate user accounts and assign them with the proper access privileges. The device will then force all Telnet, Web, and Privilege EXEC and CONFIG access to authenticate against the devices local user accounts. Paul - System Administrator with all rights Jane - System Administrator with all rights (backup to Paul) Andy - Desktop Support with port configuration access only Brad - Unix Administrator with read only access rights First, create the accounts with the associated privilege levels.
FastIron(config)# username paul privilege 0 password pauls_password FastIron(config)# username jane privilege 0 password janes_password FastIron(config)# username andy privilege 4 password andys_password FastIron(config)# username brad privilege 5 password brads_password
The privilege parameter specifies the privilege level for the account. You can specify one of the following:
0 - Super User level (full read-write access) 4 - Port Configuration level 5 - Read Only level
The default privilege level is 0. Next associate the local user database authentication to Telnet and Web management and Privileged EXEC and CONFIG levels of the CLI to use the local user database for authentication.
FastIron(config)# enable telnet authentication FastIron(config)# aaa authentication web-server default local FastIron(config)# aaa authentication enable default local
Web management authentication can be disabled by the following command
FastIron(config)# web-management allow-no-password Web management authentication can be enabled by the following command
-
Basic Switch Setup
6
FastIron(config)# no web-management allow-no-password
EXAMPLE: This example configures five separate Access Lists for use with each remote access method. Using Brocades default implicit deny, only the hosts that are permitted to use each remote access method are specified in the access list.
FastIron(config)# access-list 10 permit host 10.1.0.25 FastIron(config)# access-list 10 permit 10.2.1.0 0.0.0.255 FastIron(config)# access-list 10 permit 10.2.3.0 0.0.0.255 FastIron(config)# access-list 10 permit 10.2.5.0.0/24 FastIron(config)# access-list 11 permit host 10.1.0.25 FastIron(config)# access-list 11 permit host 10.3.1.15 FastIron(config)# access-list 12 permit host 10.3.0.27 FastIron(config)# access-list 12 permit host 10.3.1.15 FastIron(config)# access-list 13 permit host 10.5.0.1 FastIron(config)# access-list 13 permit host 10.5.1.2 FastIron(config)# access-list 14 permit host 10.5.0.3 FastIron(config)# access-list 14 permit host 10.5.1.4 FastIron(config)# ssh access-group 10 FastIron(config)# telnet access-group 11 FastIron(config)# web access-group 12 FastIron(config)# snmp-server community public ro 13 FastIron(config)# snmp-server community private rw 14
EXAMPLE: This example creates two Layer 3 port-based VLANs and restricts the Telnet and Web management clients to a Port Based VLAN with the ID of 10 and restricts access from SNMP and TFTP clients to a port- based VLAN with the ID of 40.
FastIron(config)# vlan 10 by port FastIron(config)# untagged e1 to 2 FastIron(config)# router-interface ve 10 FastIron(config)# vlan 40 by port FastIron(config)# untagged e4 to 5 FastIron(config)# router-interface ve 40 FastIron(config)# telnet server enable vlan 10 FastIron(config)# web-management enable vlan 10 FastIron(config)# snmp-server enable vlan 40 FastIron(config)# tftp client enable vlan 40
Creating A Stack This example creates a stack
FastIron# config t FastIron(config)# stack enable FastIron(config)# exit FastIron#
Next enter the following command
-
Basic Switch Setup
7
FastIron# stack secure-setup FastIron# Discovering the stack topology... Current Discovered Topology - RING Available UPSTREAM units Hop(s) Type Mac Address 1 FLS624 0012.f239.2d40 2 FLS624 0012.f2d5.2100 Available DOWNSTREAM units Hop(s) Type Mac Address 1 FLS624 0012.f2d5.2100 2 FGS624 0012.f239.2d40 Do you accept the topology (RING) (y/n)?: y
To show the stack topology FastIron# show stack alone: standalone, D: dynamic config, S: static ID Type Role Mac Address Pri State Comment 1 S FLS648 active 00e0.52ab.cd00 128 local Ready 2 D FLS624 standby 0012.f2d5.2100 60 remote Ready 3 D FGS624 member 0012.f239.2d40 0 remote Ready
Creating a Trunk To configure a trunk group consisting of two groups of two ports each, enter commands such as the following.
FastIron(config)#trunk ethernet 1/1 to 1/2 ethernet 3/3 to 3/4 Trunk will be created in next trunk deploy FastIron(config)#write memory FastIron(config)#trunk deploy
Enabling OSFP Routing To configure OSPF on the switch the following commands can be used. The switch must support L3 feature (Premium software), and a Virtual Interface must exist on the VLAN(s) that will be part of the routing domain.
FastIron(Config)# vlan 1 router-interface ve 1 FastIron(Config)# interface ve 1 ip address 10.35.16.1 255.255.252.0 FastIron(Config)# router ospf area 0.0.0.0
-
Basic Switch Setup
8
redistribution static FastIron(Config)# interface ve 1 ip ospf area 0.0.0.0
Adding a default route to the route table
FastIron(Config)# ip route 0.0.0.0 0.0.0.0 10.35.24.203 To enable learning of default RIP routes on a global basis, enter the following command.
FastIron(config-ospf-router)#learn-default To show the routing table
FastIron# sho ip route To show ospf routing information
FastIron#show ip ospf
Enabling RIP Routing To configure RIP on the switch the following commands can be used. The switch must support L3 feature (Premium software), and a Virtual Interface must exist on the VLAN(s) that will be part of the routing domain. To enable RIP globally, enter the following command.
FastIron(config)#router rip To enable RIP on an interface, enter commands such as the following.
FastIron(config)#interface ethernet 0/1/1
-
Basic Switch Setup
9
FastIron(config-if-0/1/1)#ip rip v1-only Enabling VRRP To implement a simple VRRP configuration using all the default values, enter commands such as the following. Configuring the Owner
Enable VRRP globally FastIron1(config)#router vrrp Configure an interface FastIron1(config)#inter e 1/6 FastIron1(config-if-1/6)#ip address 192.53.5.1 FastIron1(config-if-1/6)#ip vrrp vrid 1 FastIron1(config-if-1/6-vrid-1)#owner FastIron1(config-if-1/6-vrid-1)#ip-address 192.53.5.1 FastIron1(config-if-1/6-vrid-1)#activate
Configuring a Backup
Enable VRRP globally FastIron2(config)#router vrrp
Configure an interface FastIron2(config)#inter e 1/5 FastIron2(config-if-1/5)#ip address 192.53.5.3 FastIron2(config-if-1/5)#ip vrrp vrid 1 FastIron2(config-if-1/5-vrid-1)#backup FastIron2(config-if-1/5-vrid-1)#advertise backup FastIron2(config-if-1/5-vrid-1)#ip-address 192.53.5.1 FastIron2(config-if-1/5-vrid-1)#activate
Enabling Multicast Routing Some Multicast Terms The following are commonly used terms in discussing multicast-capable routers. These terms are used throughout this chapter:
Node: Refers to a router or Layer 3 Switch. Root Node: The node that initiates the tree building process. It is also the router that sends the multicast packets down the multicast delivery tree.
Upstream: Represents the direction from which a router receives multicast data packets. An upstream router is a node that sends multicast packets.
Downstream: Represents the direction to which a router forwards multicast data packets.
-
Basic Switch Setup
10
A downstream router is a node that receives multicast packets from upstream transmissions.
Group Presence: Means that a multicast group has been learned from one of the directly connected interfaces. Members of the multicast group are present on the router.
Intermediate nodes: Routers that are in the path between source routers and leaf routers. Leaf nodes: Routers that do not have any downstream routers.
Multicast Tree: A unique tree is built for each source group (S,G) pair. A multicast tree is comprised of a root node and one or more nodes that are leaf or intermediate nodes.
The following configurable parameters apply to PIM-DM, PIM-SM, and DVMRP:
Maximum number of PIM groups You can change the maximum number of groups of each type for which the software will allocate memory. By default, FastIron X Series Layer 3 Switches support up to 1024 PIM groups. FastIron CX Series Layer 3 switches support up to 4000 PIM groups.
Maximum number of DVMRP groups You can change the maximum number of groups for which the software will allocate memory. By default, FastIron X Series Layer 3 Switches support up to 1024 DVMRP groups.
Internet Group Membership Protocol (IGMP) V1 and V2 parameters You can change the query interval, group membership time, and maximum response time.
Hardware forwarding of fragmented IP multicast packets You can enable the Layer 3 Switch to forward all fragments of fragmented IP multicast packets in hardware.
Configuring IP Multicast Globally To configure IP Multicast routing on a Brocade switch, Multicast must be enabled globally by entering the following CLI command at the global CLI level.
FastIron(config)#ip multicast-routing Modifying IGMP (V1 and V2) query interval period The IGMP query interval period defines how often a router will query an interface for group membership. To modify the default value for the IGMP (V1 and V2) query interval, enter the following.
FastIron(config)#ip igmp query-interval 120 Globally enabling and disabling PIM To globally enable PIM, enter the following command.
FastIron(config)#router pim Configuring PIM Dense Globally enable PIM, then enable PIM on interface 3, enter the following commands.
FastIron(config)#router pim FastIron(config)#int e 3
-
Basic Switch Setup
11
FastIron(config-if-e1000-3)#ip address 207.95.5.1/24 FastIron(config-if-e1000-3)#ip pim
Syntax: [no] ippim [version 1|2 ] The version 1 | 2 parameter specifies the PIM DM version. The default version is 2. If you have enabled PIM version 1 but need to enable version 2 instead, enter either of the following commands at the configuration level for the interface.
FastIron(config-if-1/1)#ip pim version 2 FastIron(config-if-1/1)#no ip pim version 1
To disable PIM DM on the interface, enter the following command.
FastIron(config-if-1/1)#no ip pim PIM Sparse switch types Switches that are configured with PIM Sparse interfaces also can be configured to fill one or more of the following roles:
PMBR A PIM switch that has some interfaces within the PIM domain and other interface outside the PIM domain. PBMRs connect the PIM domain to the Internet. Note: You cannot configure a Brocade routing interface as a PMBR interface for PIM Sparse in the current software release.
BSR The Bootstrap Router (BSR) distributes RP information to the other PIM Sparse switches within the domain. Each PIM Sparse domain has one active BSR. For redundancy, you can configure ports on multiple switches as candidate BSRs. The PIM Sparse protocol uses an election process to select one of the candidate BSRs as the BSR for the domain. The BSR with the highest BSR priority (a user-configurable parameter) is elected. If the priorities result in a tie, then the candidate BSR interface with the highest IP address is elected.
RP The RP is the meeting point for PIM Sparse sources and receivers. A PIM Sparse domain can have multiple RPs, but each PIM Sparse multicast group address can have only one active RP. PIM Sparse switches learn the addresses of RPs and the groups for which they are responsible from messages that the BSR sends to each of the PIM Sparse switches. To enhance overall network performance, Brocade Layer 3 Switches use the RP to forward only the first packet from a group source to the group receivers. After the first packet, the Layer 3 Switch calculates the shortest path between the receiver and source (the Shortest Path Tree, or SPT) and uses the SPT for subsequent packets from the source to the receiver. The Layer 3 Switch calculates a separate SPT for each source-receiver pair.
Configuring PIM Sparse To configure basic global PIM Sparse parameters, enter commands such as the following on each Layer 3 Switch within the PIM Sparse domain.
FastIron(config)#router pim
Syntax: [no] router pim
-
Basic Switch Setup
12
Note: You do not need to globally enable IP multicast routing when configuring PIM Sparse.
Configuring PIM interface parameters After you enable IP multicast routing and PIM Sparse at the global level, you must enable it on the individual interfaces connected to the PIM Sparse network. To do so, use the following CLI method. To enable PIM Sparse mode on an interface, enter commands such as the following.
FastIron(config)#interface ethernet 2/2 FastIron(config-if-2/2)#ip address 207.95.7.1 255.255.255.0 FastIron(config-if-2/2)#ip pim-sparse
If the interface is on the border of the PIM Sparse domain, you also must enter the following command.
FastIron(config-if-2/2)#ip pim border Note: In addition to the global and interface parameters in the sections above, you need to identify an interface on at least one Layer 3 Switch as a candidate PIM Sparse Bootstrap router (BSR) and candidate PIM Sparse Rendezvous Point (RP).
Configuring BSR To configure the Layer 3 Switch as a candidate BSR and RP, enter commands such as the following.
FastIron(config)#router pim FastIron(config-pim-router)#bsr-candidate ethernet 2/2 30 255 BSR address: 207.95.7.1, hash mask length: 30, priority: 255
This command configures the PIM Sparse interface on port 2/2 as a BSR candidate, with a hash mask length of 30 and a priority of 255. The information shown in italics above is displayed by the CLI after you enter the candidate BSR configuration command. Syntax: [no] bsr-candidateethernet [/] | loopback | ve [] Configuring RPs Enter a command such as the following to configure the Layer 3 Switch as a candidate RP. FastIron(config-pim-router)#rp-candidate ethernet 2/2 Syntax: [no] rp-candidateethernet[/] | loopback | ve The parameter is required on chassis devices. The | loopback | ve parameter specifies the interface.
-
Basic Switch Setup
13
The Layer 3 Switch will advertise the specified interface IP address as a candidate RP: Enter ethernet [/] for a physical interface (port). Enter ve for a virtual interface. Enter loopback for a loopback interface.
By default, this command configures the Layer 3 Switch as a candidate RP for all group numbers beginning with 224. As a result, the Layer 3 Switch is a candidate RP for all valid PIM Sparse group numbers. You can change this by adding or deleting specific address ranges. The following example narrows the group number range for which the Layer 3 Switch is a candidate RP by explicitly adding a range.
FastIron(config-pim-router)#rp-candidate add 224.126.0.0 16 To specify the IP address of the RP (not use the election process) , enter commands such as the following.
FastIron(config)#router pim FastIron(config-pim-router)#rp-address 207.95.7.1
Displaying basic PIM Sparse configuration information To display basic configuration information for PIM Sparse, enter the following command at any CLI level. FastIron#show ip pim sparse Global PIM Sparse Mode Settings Hello interval: 60, Neighbor timeout: 180 Bootstrap Msg interval: 130, Candidate-RP Advertisement interval: 60 Join/Prune interval: 60, SPT Threshold: 1 Interface Ethernet e3/8 TTL Threshold: 1, Enabled Local Address: 207.95.8.1 Interface Ve 1 TTL Threshold: 1, Enabled Local Address: 207.95.6.1 Displaying a list of multicast groups To display a list of the IP multicast groups the Layer 3 Switch is forwarding, enter the following command at any CLI level.
FastIron#show ip pim group Total number of Groups: 2 Index 1 Group 239.255.162.1 Ports e3/11