53-1003053-029 March 2015

®

Brocade TurboIron 24X SeriesConfiguration GuideSupporting FastIron Software Release 08.0.01

Copyright © 2015 Brocade Communications Systems, Inc. All Rights Reserved.ADX, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, HyperEdge, ICX, MLX, MyBrocade, OpenScript, The Effortless Network, VCS, VDX, Vplane, and Vyatta are registered trademarks, and Fabric Vision and vADX are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of others.

Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.

The authors and Brocade Communications Systems, Inc. assume no liability or responsibility to any person or entity with respect to the accuracy of this document or any loss, cost, liability, or damages arising from the information contained herein or the computer programs that accompany it.

The product described by this document may contain open source software covered by the GNU General Public License or other open source license agreements. To find out which open source software is included in Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd.

Brocade Communications Systems, Incorporated

Document History

Corporate and Latin American HeadquartersBrocade Communications Systems, Inc.130 Holger WaySan Jose, CA 95134 Tel: 1-408-333-8000 Fax: 1-408-333-8101 E-mail: info@brocade.com

Asia-Pacific HeadquartersBrocade Communications Systems China HK, Ltd.No. 1 Guanghua RoadChao Yang DistrictUnits 2718 and 2818Beijing 100020, ChinaTel: +8610 6588 8888Fax: +8610 6588 9999E-mail: china-info@brocade.com

European HeadquartersBrocade Communications Switzerland SàrlCentre SwissairTour B - 4ème étage29, Route de l'AéroportCase Postale 105CH-1215 Genève 15Switzerland Tel: +41 22 799 5640Fax: +41 22 799 5641E-mail: emea-info@brocade.com

Asia-Pacific HeadquartersBrocade Communications Systems Co., Ltd. (Shenzhen WFOE)Citic PlazaNo. 233 Tian He Road NorthUnit 1308 – 13th FloorGuangzhou, ChinaTel: +8620 3891 2000Fax: +8620 3891 2111E-mail: china-info@brocade.com

Title Publication number Summary of changes Date

Brocade TurboIron 24X Series Configuration Guide

53-1003053-02 Updated for a defect fix. March 2015

mailto:china-info@brocade.commailto:info@brocade.comhttp://www.brocade.com/support/oscdhttp://www.brocade.com/support/oscdmailto:emea-info@brocade.commailto:china-info@brocade.com

Brocade TurboIron 24X Series Configuration Guide iii53-1003053-02

iv Brocade TurboIron 24X Series Configuration Guide53-1003053-02

Contents

About This Document

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiii

Device nomenclature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiii

What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiv

Document conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxivText formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxivNotes, cautions, and danger notices . . . . . . . . . . . . . . . . . . . xxxiv

Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv

Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv

Getting technical help or reporting errors . . . . . . . . . . . . . . . . . . . . xxxv

Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvi

Chapter 1 Feature Highlights

Introduction to features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Supported features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Supported management features . . . . . . . . . . . . . . . . . . . . . . . . 1Supported security features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Supported system-level features . . . . . . . . . . . . . . . . . . . . . . . . . 3Supported Layer 2 features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Supported Layer 3 features on TurboIron X Series devices . . . . 7

Supported IPv6 management features . . . . . . . . . . . . . . . . . . . . . . . . 8

Unsupported features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Chapter 2 Getting Familiar with Management Applications

Using the management port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11How the management port works. . . . . . . . . . . . . . . . . . . . . . . . 11CLI Commands for use with the management port. . . . . . . . . . 11

Logging on through the CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13On-line help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Command completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Scroll control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Line editing commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Using and port number with CLI commands. . . . . . . . . . . . . . . . . . .15CLI nomenclature on TurboIron X Series devices . . . . . . . . . . .15Searching and filtering output from CLI commands . . . . . . . . .15Using special characters in regular expressions . . . . . . . . . . . .18Creating an alias for a CLI command . . . . . . . . . . . . . . . . . . . . .19

Brocade TurboIron 24X Series Configuration Guide v53-1003053-02

Logging on through Brocade Network Advisor . . . . . . . . . . . . . . . . .20

Chapter 3 Configuring Basic Software Features

Configuring basic system parameters . . . . . . . . . . . . . . . . . . . . . . . . 21Entering system administration information . . . . . . . . . . . . . . .22Configuring Simple Network Management Protocol (SNMP) parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22Disabling Syslog messages and traps for CLI access . . . . . . . .26Configuring an interface as the source for all Telnet packets . 27Cancelling an outbound Telnet session . . . . . . . . . . . . . . . . . . .28Specifying a Simple Network Time Protocol (NTPv4) server . . .28Setting the system clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29Limiting broadcast, multicast, and unknown unicast traffic. . . 31

Configuring basic port parameters . . . . . . . . . . . . . . . . . . . . . . . . . .34Assigning a port name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35Modifying port speed and duplex mode. . . . . . . . . . . . . . . . . . .35Auto speed detect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36Modifying port duplex mode . . . . . . . . . . . . . . . . . . . . . . . . . . . .36Disabling or re-enabling a port . . . . . . . . . . . . . . . . . . . . . . . . . .36Disabling or re-enabling flow control . . . . . . . . . . . . . . . . . . . . . 37Auto-negotiation and advertisement of flow control . . . . . . . . . 37TurboIron X SeriesConfiguring the Interpacket Gap (IPG) . . . . .38Changing the Gbps fiber negotiation mode . . . . . . . . . . . . . . . .39Modifying port priority (QoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . .39Configuring port flap dampening . . . . . . . . . . . . . . . . . . . . . . . .39Port loop detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42

Chapter 4 Operations, Administration, and Maintenance

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Determining the software versions installed and running on a device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

Determining the flash image version running on the device . .48Determining the image versions installed in flash memory . . .48Flash image verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

Image file types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50

Upgrading software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50Upgrading the boot code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50Upgrading the flash code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Boot code synchronization feature . . . . . . . . . . . . . . . . . . . . . . . 51

Using SNMP to upgrade software . . . . . . . . . . . . . . . . . . . . . . . . . . .52

Changing the block size for TFTP file transfers . . . . . . . . . . . . . . . . .52

Rebooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53

Displaying the boot preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53

vi Brocade TurboIron 24X Series Configuration Guide53-1003053-02

Loading and saving configuration files . . . . . . . . . . . . . . . . . . . . . . .54Replacing the startup configuration with therunning configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55Replacing the running configuration with thestartup configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55Logging changes to the startup-config file . . . . . . . . . . . . . . . . .55Copying a configuration file to or from a TFTP server . . . . . . . .55Dynamic configuration loading . . . . . . . . . . . . . . . . . . . . . . . . . .56Maximum file sizes for startup-config file and running-config .58

Scheduling a system reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59Reloading at a specific time . . . . . . . . . . . . . . . . . . . . . . . . . . . .59Reloading after a specific amount of time. . . . . . . . . . . . . . . . .59Displaying the amount of time remaining before a scheduled reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60Canceling a scheduled reload. . . . . . . . . . . . . . . . . . . . . . . . . . .60

Diagnostic error codes and remedies for TFTP transfers . . . . . . . . .60

Chapter 5 Securing Access to Management Functions

Securing access methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

Restricting remote access to management functions . . . . . . . . . . .65Using ACLs to restrict remote access . . . . . . . . . . . . . . . . . . . . .65Defining the console idle time . . . . . . . . . . . . . . . . . . . . . . . . . .67Restricting remote access to the device to specificIP addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68Restricting access to the device based on IP orMAC address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69Specifying the maximum number of login attemptsfor Telnet access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70Restricting remote access to the device to specific VLAN IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70Designated VLAN for Telnet management sessions to aLayer 2 Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Device management security . . . . . . . . . . . . . . . . . . . . . . . . . . .72Disabling specific access methods. . . . . . . . . . . . . . . . . . . . . . .73

Setting passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Setting a Telnet password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Setting passwords for management privilege levels . . . . . . . . .75Recovering from a lost password . . . . . . . . . . . . . . . . . . . . . . . . 77Displaying the SNMP community string . . . . . . . . . . . . . . . . . . . 77Specifying a minimum password length. . . . . . . . . . . . . . . . . . . 77

Setting up local user accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78Enhancements to username and password . . . . . . . . . . . . . . .78Configuring a local user account . . . . . . . . . . . . . . . . . . . . . . . .82Create password option. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84Changing a local user password . . . . . . . . . . . . . . . . . . . . . . . . .84

Brocade TurboIron 24X Series Configuration Guide vii53-1003053-02

Configuring TACACS/TACACS+ security . . . . . . . . . . . . . . . . . . . . . . .85How TACACS+ differs from TACACS. . . . . . . . . . . . . . . . . . . . . . .85TACACS/TACACS+ authentication, authorization, and accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85TACACS authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86TACACS/TACACS+ configuration considerations . . . . . . . . . . . .89Enabling TACACS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89Identifying the TACACS/TACACS+ servers. . . . . . . . . . . . . . . . . .90Specifying different servers for individual AAA functions . . . . .90Setting optional TACACS/TACACS+ parameters . . . . . . . . . . . . . 91Configuring authentication-method lists for TACACS/TACACS+ 92Configuring TACACS+ authorization . . . . . . . . . . . . . . . . . . . . . .94Configuring TACACS+ accounting . . . . . . . . . . . . . . . . . . . . . . . . 97Configuring an interface as the source for allTACACS/TACACS+ packets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98Displaying TACACS/TACACS+ statistics and configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

Configuring RADIUS security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100RADIUS authentication, authorization, and accounting . . . . .100RADIUS configuration considerations. . . . . . . . . . . . . . . . . . . .103RADIUS configuration procedure . . . . . . . . . . . . . . . . . . . . . . .104Configuring Brocade-specific attributes on the RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104Enabling SNMP to configure RADIUS . . . . . . . . . . . . . . . . . . . .105Identifying the RADIUS server to the device. . . . . . . . . . . . . . .106Specifying different servers for individual AAA functions . . . .106Configuring a RADIUS server per port . . . . . . . . . . . . . . . . . . .106Mapping a RADIUS server to individual ports . . . . . . . . . . . . .107Setting RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . .108Configuring authentication-method lists for RADIUS. . . . . . . .109Configuring RADIUS authorization . . . . . . . . . . . . . . . . . . . . . .111Configuring RADIUS accounting . . . . . . . . . . . . . . . . . . . . . . . .113Configuring an interface as the source for all RADIUS packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114Displaying RADIUS configuration information . . . . . . . . . . . . .114

Configuring authentication-method lists . . . . . . . . . . . . . . . . . . . . .115Configuration considerations for authentication- method lists . . . . . . . . . . . . . . . . . . . . . . . . . . .116Examples of authentication-method lists. . . . . . . . . . . . . . . . .117

Chapter 6 Configuring SSH2 and SCP

SSH version 2 support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119Tested SSH2 clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120Supported features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120Unsupported features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120

AES encryption for SSH2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121

Configuring SSH2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121Recreating SSH keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122Generating a host key pair . . . . . . . . . . . . . . . . . . . . . . . . . . . .122Configuring DSA challenge-response authentication . . . . . . .123

viii Brocade TurboIron 24X Series Configuration Guide53-1003053-02

Setting optional parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125Setting the number of SSH authentication retries . . . . . . . . .126Deactivating user authentication . . . . . . . . . . . . . . . . . . . . . . .126Enabling empty password logins. . . . . . . . . . . . . . . . . . . . . . . .126Setting the SSH port number . . . . . . . . . . . . . . . . . . . . . . . . . .127Setting the SSH login timeout value. . . . . . . . . . . . . . . . . . . . .127Designating an interface as the source for all SSHpackets (Layer 3 code only). . . . . . . . . . . . . . . . . . . . . . . . . . . .127Configuring the maximum idle time for SSH sessions . . . . . .128

Filtering SSH access using ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . .128

Terminating an active SSH connection . . . . . . . . . . . . . . . . . . . . . .128

Displaying SSH connection information . . . . . . . . . . . . . . . . . . . . .128

Using Secure copy with SSH2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130Enabling and disabling SCP . . . . . . . . . . . . . . . . . . . . . . . . . . .130Example file transfers using SCP . . . . . . . . . . . . . . . . . . . . . . .130

Chapter 7 Configuring IPv6 Connectivity

IPv6 addressing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133IPv6 address types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134IPv6 stateless autoconfiguration . . . . . . . . . . . . . . . . . . . . . . .136

IPv6 CLI command support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136

Configuring an IPv6 host address on a Layer 2 switch. . . . . . . . . .137Enabling IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138Configuring a global or site-local IPv6 address with a manually configured interface ID . . . . . . . . . . . . . . . . . . . . . . .138

Configuring the management port for an IPv6 automatic address configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138

Configuring basic IPv6 connectivity on a Layer 3 switch . . . . . . . .138Configuring IPv6 on each router interface . . . . . . . . . . . . . . . .138

IPv6 management (IPv6 host support) . . . . . . . . . . . . . . . . . . . . . .141Restricting SNMP access to an IPv6 node . . . . . . . . . . . . . . . .141Specifying an IPv6 SNMP trap receiver . . . . . . . . . . . . . . . . . .141SNMP V3 over IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141SNTP over IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142Secure Shell, SCP, and IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . .142IPv6 Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142Configuring name-to-IPv6 address resolution using IPv6 DNS resolver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143Defining an IPv6 DNS entry. . . . . . . . . . . . . . . . . . . . . . . . . . . .143Using the IPv6 copy command . . . . . . . . . . . . . . . . . . . . . . . . .143Using the IPv6 ncopy command . . . . . . . . . . . . . . . . . . . . . . . .145IPv6 ping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147Configuring an IPv6 Syslog server . . . . . . . . . . . . . . . . . . . . . .148Viewing IPv6 SNMP server addresses . . . . . . . . . . . . . . . . . . .149Disabling IPv6 on a Layer 2 switch . . . . . . . . . . . . . . . . . . . . . .149

Brocade TurboIron 24X Series Configuration Guide ix53-1003053-02

Clearing global IPv6 information . . . . . . . . . . . . . . . . . . . . . . . . . . .150Clearing the IPv6 cache. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150Clearing IPv6 neighbor information . . . . . . . . . . . . . . . . . . . . .150Clearing IPv6 traffic statistics . . . . . . . . . . . . . . . . . . . . . . . . . .151

Displaying global IPv6 information. . . . . . . . . . . . . . . . . . . . . . . . . .151Displaying IPv6 cache information . . . . . . . . . . . . . . . . . . . . . .151Displaying IPv6 interface information. . . . . . . . . . . . . . . . . . . .152Displaying IPv6 neighbor information. . . . . . . . . . . . . . . . . . . .154Displaying IPv6 TCP information . . . . . . . . . . . . . . . . . . . . . . . .155Displaying IPv6 traffic statistics . . . . . . . . . . . . . . . . . . . . . . . .158

Chapter 8 Securing SNMP Access

SNMP overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163

Establishing SNMP community strings . . . . . . . . . . . . . . . . . . . . . .164Encryption of SNMP community strings . . . . . . . . . . . . . . . . . .164Adding an SNMP community string . . . . . . . . . . . . . . . . . . . . .164Displaying the SNMP community strings . . . . . . . . . . . . . . . . .166Configuring your NMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166Configuring SNMP version 3 . . . . . . . . . . . . . . . . . . . . . . . . . . .167Defining the engine id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167Defining an SNMP group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168Defining an SNMP user account. . . . . . . . . . . . . . . . . . . . . . . .169

Defining SNMP views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170

SNMP version 3 traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171Defining an SNMP group and specifying whichview is notified of traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171Defining the UDP port for SNMP v3 traps . . . . . . . . . . . . . . . .172Trap MIB changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173Specifying an IPv6 host as an SNMP trap receiver . . . . . . . . .173

Displaying SNMP Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174Displaying the Engine ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174Displaying SNMP groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174Displaying user information. . . . . . . . . . . . . . . . . . . . . . . . . . . . 174Interpreting varbinds in report packets . . . . . . . . . . . . . . . . . .175

SNMP v3 Configuration examples . . . . . . . . . . . . . . . . . . . . . . . . . .175Simple SNMP v3 configuration . . . . . . . . . . . . . . . . . . . . . . . . .175More detailed SNMP v3 configuration . . . . . . . . . . . . . . . . . . . 176

Chapter 9 Enabling the Foundry Discovery Protocol and Reading Cisco Discovery Protocol Packets

Using FDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177Configuring FDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177Displaying FDP information . . . . . . . . . . . . . . . . . . . . . . . . . . . .178Clearing FDP and CDP information. . . . . . . . . . . . . . . . . . . . . .181

x Brocade TurboIron 24X Series Configuration Guide53-1003053-02

Reading CDP packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182Enabling interception of CDP packets globally . . . . . . . . . . . .182Enabling interception of CDP packets on an interface . . . . . .182Displaying CDP information. . . . . . . . . . . . . . . . . . . . . . . . . . . .182Clearing CDP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184

Chapter 10 Configuring LLDP

Terms used in this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187

LLDP overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188Benefits of LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189

General operating principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189Operating modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189LLDP packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190TLV support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190

MIB support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193

Syslog messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194

Configuring LLDP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194Configuration notes and considerations . . . . . . . . . . . . . . . . .194Enabling and disabling LLDP. . . . . . . . . . . . . . . . . . . . . . . . . . .195Changing a port LLDP operating mode . . . . . . . . . . . . . . . . . .195Specifying the maximum number of LLDP neighbors . . . . . . .196Enabling LLDP SNMP notifications and syslog messages . . .197Changing the minimum time between LLDP transmissions . .198Changing the interval between regular LLDP transmissions .199Changing the holdtime multiplier for transmit TTL . . . . . . . . .199Changing the minimum time between port reinitializations . .199LLDP TLVs advertised by the device . . . . . . . . . . . . . . . . . . . . .200Displaying LLDP statistics and configuration settings. . . . . . .205LLDP configuration summary . . . . . . . . . . . . . . . . . . . . . . . . . .205LLDP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206LLDP neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207LLDP neighbors detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208LLDP configuration details . . . . . . . . . . . . . . . . . . . . . . . . . . . .210

Resetting LLDP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211

Clearing cached LLDP neighbor information. . . . . . . . . . . . . . . . . .211

Chapter 11 Monitoring Hardware Components

Hardware support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213

Digital optical monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213Supported media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213Media not supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214Supported media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214Media not supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214Configuration limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214Enabling digital optical monitoring . . . . . . . . . . . . . . . . . . . . . .214Setting the alarm interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215Displaying information about installed media . . . . . . . . . . . . .215

Brocade TurboIron 24X Series Configuration Guide xi53-1003053-02

Viewing optical monitoring information . . . . . . . . . . . . . . . . . .216Syslog messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218

Chapter 12 Using Syslog

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .221

Displaying Syslog messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222Enabling real-time display of Syslog messages . . . . . . . . . . . .222Enabling real-time display for a Telnet or SSH session . . . . . .222Show log on all terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223

Configuring the Syslog service . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223Displaying the Syslog configuration . . . . . . . . . . . . . . . . . . . . .223Disabling or re-enabling Syslog. . . . . . . . . . . . . . . . . . . . . . . . .227Specifying a Syslog server . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227Specifying an additional Syslog server . . . . . . . . . . . . . . . . . . .227Disabling logging of a message level . . . . . . . . . . . . . . . . . . . .228Changing the number of entries the local buffer can hold . . .228Changing the log facility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228Displaying Interface names in Syslog messages. . . . . . . . . . .229Displaying TCP or UDP port numbers in Syslog messages . . .230Clearing the Syslog messages from the local buffer . . . . . . . .230

Appendix 13 Network Monitoring

Basic management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231Viewing system information . . . . . . . . . . . . . . . . . . . . . . . . . . .231Viewing configuration information . . . . . . . . . . . . . . . . . . . . . .232Viewing port statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232Viewing STP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234Clearing statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234Traffic counters for outbound traffic. . . . . . . . . . . . . . . . . . . . .235

RMON support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238Maximum number of entries allowed in theRMON control table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238Statistics (RMON group 1). . . . . . . . . . . . . . . . . . . . . . . . . . . . .238History (RMON group 2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240Alarm (RMON group 3). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241Event (RMON group 9) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241sFlow support for IPv6 packets. . . . . . . . . . . . . . . . . . . . . . . . .242Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . .243Configuring and enabling sFlow . . . . . . . . . . . . . . . . . . . . . . . .244Displaying sFlow information . . . . . . . . . . . . . . . . . . . . . . . . . .249

Configuring a utilization list for an uplink port . . . . . . . . . . . . . . . .251Command syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252Displaying utilization percentages for an uplink . . . . . . . . . . .252

xii Brocade TurboIron 24X Series Configuration Guide53-1003053-02

Chapter 14 Configuring Basic Layer 2 Features

Enabling or disabling the Spanning Tree Protocol (STP). . . . . . . . .255Modifying STP bridge and port parameters . . . . . . . . . . . . . . .256

Changing the MAC age time and disabling MAC address learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256

Disabling the automatic learning of MAC addresses . . . . . . .256Displaying the MAC address table . . . . . . . . . . . . . . . . . . . . . .257

Configuring static MAC entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . .257Multi-port static MAC address. . . . . . . . . . . . . . . . . . . . . . . . . .258

Configuring VLAN-based static MAC entries . . . . . . . . . . . . . . . . . .259

Enabling port-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259Assigning IEEE 802.1Q tagging to a port . . . . . . . . . . . . . . . . .260

Defining MAC address filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .261Configuration notes and limitations . . . . . . . . . . . . . . . . . . . . .261Command syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .261Enabling logging of management trafficpermitted by MAC filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263

MAC address filter override for 802.1X-enabled ports . . . . . . . . . .264MAC address filter override configuration notes . . . . . . . . . . .264MAC address filter override configuration syntax . . . . . . . . . .264

Displaying and modifying system parameter default settings . . . .265Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . .265Displaying system parameter default values . . . . . . . . . . . . . .266Modifying system parameter default values . . . . . . . . . . . . . .267

Egress buffer thresholds for QoS priorities . . . . . . . . . . . . . . . . . . .267Cut-Through Switching Support. . . . . . . . . . . . . . . . . . . . . . . . .269Default settings for egress buffer thresholds . . . . . . . . . . . . .269Disabling and re-enabling the default settingsfor egress buffer thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . .269Setting the egress buffer threshold for all QoSpriorities on a port or group of ports . . . . . . . . . . . . . . . . . . . .270Setting the egress buffer threshold for a specific QoS priority on a port or group of ports . . . . . . . . . . . . . . . . . .270

Link Fault Signaling (LFS) for 10G . . . . . . . . . . . . . . . . . . . . . . . . . . 271

Jumbo frame support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272

Chapter 15 Configuring Metro Features

Topology groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273Master VLAN and member VLANs . . . . . . . . . . . . . . . . . . . . . .273Control ports and free ports . . . . . . . . . . . . . . . . . . . . . . . . . . . 274Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 274Configuring a topology group . . . . . . . . . . . . . . . . . . . . . . . . . .275Displaying topology group information . . . . . . . . . . . . . . . . . . . 276

Brocade TurboIron 24X Series Configuration Guide xiii53-1003053-02

Metro Ring Protocol (MRP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279MRP rings without shared interfaces (MRP Phase 1) . . . . . . .279MRP rings with shared interfaces (MRP Phase 2). . . . . . . . . .280Ring initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282How ring breaks are detected and healed . . . . . . . . . . . . . . . .285Alarm RHP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .288Master VLANs and customer VLANs. . . . . . . . . . . . . . . . . . . . .289Configuring MRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291Using MRP diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293Displaying MRP information . . . . . . . . . . . . . . . . . . . . . . . . . . .294MRP CLI example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .296

Virtual Switch Redundancy Protocol (VSRP) . . . . . . . . . . . . . . . . . .298Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300Layer 2 and Layer 3 redundancy . . . . . . . . . . . . . . . . . . . . . . .300Master election and failover . . . . . . . . . . . . . . . . . . . . . . . . . . .300VSRP-Aware security features . . . . . . . . . . . . . . . . . . . . . . . . . .305VSRP parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .305Configuring basic VSRP parameters. . . . . . . . . . . . . . . . . . . . .308Configuring optional VSRP parameters . . . . . . . . . . . . . . . . . .309Displaying VSRP information. . . . . . . . . . . . . . . . . . . . . . . . . . .318VSRP fast start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321VSRP and MRP signaling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322

Chapter 16 Configuring Uni-Directional Link Detection (UDLD)

UDLD overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . .325Enabling UDLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .326Changing the Keepalive interval . . . . . . . . . . . . . . . . . . . . . . . .326Changing the Keepalive retries. . . . . . . . . . . . . . . . . . . . . . . . .326UDLD for tagged ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .327Displaying UDLD information . . . . . . . . . . . . . . . . . . . . . . . . . .327Clearing UDLD statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .329

Chapter 17 Configuring Trunk Groups and Dynamic Link Aggregation

Trunk group overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .331Trunk group connectivity to a server. . . . . . . . . . . . . . . . . . . . .332Trunk group rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .333Trunk group configuration examples . . . . . . . . . . . . . . . . . . . .334Flexible trunk group membership . . . . . . . . . . . . . . . . . . . . . . .334Trunk group load sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .335

Configuring a trunk group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .336CLI syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .336Example 1: Configuring the trunk groups shown in Figure 75 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .337Example 2: Configuring a trunk group that spanstwo Gbps Ethernet modules in a chassis device . . . . . . . . . . .338Example 3: Configuring a multi-slot trunk group with one port per module . . . . . . . . . . . . . . . . . . . . . . . . . . . . .338

xiv Brocade TurboIron 24X Series Configuration Guide53-1003053-02

Example 4: Configuring a trunk group of 10 GbpsEthernet ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .338Additional trunking options . . . . . . . . . . . . . . . . . . . . . . . . . . . .339

Displaying trunk group configuration information . . . . . . . . . . . . .343

Dynamic link aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .344Examples of valid LACP trunk groups . . . . . . . . . . . . . . . . . . . .345Configuration notes and limitations . . . . . . . . . . . . . . . . . . . . .345Adaptation to trunk disappearance . . . . . . . . . . . . . . . . . . . . .347Flexible trunk eligibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347Enabling dynamic link aggregation. . . . . . . . . . . . . . . . . . . . . .348How changing the VLAN membership of a port affectstrunk groups and dynamic keys . . . . . . . . . . . . . . . . . . . . . . . .350Link aggregation parameters . . . . . . . . . . . . . . . . . . . . . . . . . .350

Displaying and determining the status of aggregate links . . . . . . .355Events that affect the status of ports in an aggregate link. . .355Displaying link aggregation and port status information . . . .356Displaying LACP status information . . . . . . . . . . . . . . . . . . . . .358

Clearing the negotiated aggregate links table . . . . . . . . . . . . . . . .358

Configuring single link LACP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .358Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .359CLI syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .359

Chapter 18 Configuring Virtual LANs (VLANs)

VLAN overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .361Types of VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .361Default VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .366802.1Q tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .367Spanning Tree Protocol (STP) . . . . . . . . . . . . . . . . . . . . . . . . . .369Virtual routing interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .370VLAN and virtual routing interface groups . . . . . . . . . . . . . . . . 371Dynamic, static, and excluded port membership . . . . . . . . . .372Super aggregated VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374Trunk group ports and VLAN membership . . . . . . . . . . . . . . . . 374

Routing between VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374Virtual routing interfaces (Layer 3 Switches only) . . . . . . . . . . 374Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) . . . . . . . . . . . . . . . . . . . . . .375Dynamic port assignment (Layer 2 Switchesand Layer 3 Switches) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376Assigning a different VLAN ID to the default VLAN . . . . . . . . . 376Assigning different VLAN IDs to reserved VLANs4091 and 4092 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376Assigning trunk group ports . . . . . . . . . . . . . . . . . . . . . . . . . . .377Configuring port-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . .378Modifying a port-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . .381Enable spanning tree on a VLAN . . . . . . . . . . . . . . . . . . . . . . .382

Configuring IP subnet, IPX network andprotocol-based VLANs . . .383Configuration example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .383

Brocade TurboIron 24X Series Configuration Guide xv53-1003053-02

Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) . . . . . . . . . . . . . . . . . . . . . . . . . .385

Configuring uplink ports within a port-based VLAN . . . . . . . . . . . .391Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . .391Configuration syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .391

Configuring the same IP subnet address on multipleport-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .392

Configuring VLAN groups and virtual routing interface groups . . .395Configuring a VLAN group . . . . . . . . . . . . . . . . . . . . . . . . . . . . .395Configuring a virtual routing interface group . . . . . . . . . . . . . .397Displaying the VLAN group and virtual routing interface group information . . . . . . . . . . . . . . . . . . . . . . . . . . .398Allocating memory for more VLANs or virtual routing interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .398

Configuring super aggregated VLANs . . . . . . . . . . . . . . . . . . . . . . .399Configuration note . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .403Configuring aggregated VLANs . . . . . . . . . . . . . . . . . . . . . . . . .403Verifying the configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . .404Complete CLI examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .404

Configuring 802.1Q-in-Q tagging . . . . . . . . . . . . . . . . . . . . . . . . . . .407Configuration rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .408Enabling 802.1Q-in-Q tagging . . . . . . . . . . . . . . . . . . . . . . . . . .408Example configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .409

Configuring private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .411Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .412Configuration notes and limitations . . . . . . . . . . . . . . . . . . . . .413Command syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .413CLI example for Figure 52 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .415

Dual-mode VLAN ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .415

Displaying VLAN information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .418Displaying VLANs in alphanumeric order . . . . . . . . . . . . . . . . .418Displaying system-wide VLAN information . . . . . . . . . . . . . . . .419Displaying VLAN information for specific ports . . . . . . . . . . . .420

Chapter 19 Configuring Port Mirroring and Monitoring

Mirroring support by platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . .423

Configuring port mirroring and monitoring . . . . . . . . . . . . . . . . . . .423Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .424Monitoring a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .425Monitoring an individual trunk port . . . . . . . . . . . . . . . . . . . . .425

ACL-based inbound mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .426Creating an ACL-based inbound mirror clause. . . . . . . . . . . . .426

MAC filter-based mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .430Configuring MAC filter-based mirroring. . . . . . . . . . . . . . . . . . .430

xvi Brocade TurboIron 24X Series Configuration Guide53-1003053-02

Chapter 20 Configuring IP

Basic configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .433

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .433IP interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .434IP packet flow through a Layer 3 Switch. . . . . . . . . . . . . . . . . .435IP route exchange protocols . . . . . . . . . . . . . . . . . . . . . . . . . . .439IP multicast protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .440IP interface redundancy protocols . . . . . . . . . . . . . . . . . . . . . .440Access Control Lists and IP access policies. . . . . . . . . . . . . . .440

Basic IP parameters and defaults – Layer 3 Switches. . . . . . . . . .441When parameter changes take effect . . . . . . . . . . . . . . . . . . .441IP global parameters – Layer 3 Switches. . . . . . . . . . . . . . . . .442IP interface parameters – Layer 3 Switches . . . . . . . . . . . . . .445

Basic IP parameters and defaults – Layer 2 Switches. . . . . . . . . .446IP global parameters – Layer 2 Switches. . . . . . . . . . . . . . . . .446Interface IP parameters – Layer 2 Switches . . . . . . . . . . . . . .447

Configuring IP parameters – Layer 3 Switches . . . . . . . . . . . . . . . .447Configuring IP addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .448Configuring 31-bit subnet masks on point-to-point networks.450Configuring packet parameters . . . . . . . . . . . . . . . . . . . . . . . .452Changing the router ID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .455Specifying a single source interface for Telnet,TACACS/TACACS+, or RADIUS Packets . . . . . . . . . . . . . . . . . . .456Configuring ARP parameters . . . . . . . . . . . . . . . . . . . . . . . . . . .458Configuring forwarding parameters . . . . . . . . . . . . . . . . . . . . .462Disabling ICMP messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . .463Configuring static routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465Configuring a default network route . . . . . . . . . . . . . . . . . . . . .473Configuring IP load sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474Configuring IRDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .477Configuring RARP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .479Configuring UDP broadcast and IP helper parameters . . . . . .481Configuring BootP/DHCP relay parameters . . . . . . . . . . . . . . .483

Configuring IP parameters – Layer 2 Switches . . . . . . . . . . . . . . . .484Configuring the management IP address and specifyingthe default gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .485Configuring Domain Name Server (DNS) resolver. . . . . . . . . .486Changing the TTL threshold . . . . . . . . . . . . . . . . . . . . . . . . . . .487Configuring DHCP Assist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .488

Displaying IP configuration information and statistics . . . . . . . . . .492Changing the network mask display to prefix format . . . . . . .492Displaying IP information – Layer 3 Switches . . . . . . . . . . . . .492Displaying IP information – Layer 2 Switches . . . . . . . . . . . . .506

Chapter 21 Configuring Spanning Tree Protocol (STP) Related Features

STP overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .511

Brocade TurboIron 24X Series Configuration Guide xvii53-1003053-02

Configuring standard STP parameters. . . . . . . . . . . . . . . . . . . . . . .511STP parameters and defaults . . . . . . . . . . . . . . . . . . . . . . . . . .512Enabling or disabling the Spanning Tree Protocol (STP) . . . . .513Changing STP bridge and port parameters . . . . . . . . . . . . . . .514STP protection enhancement . . . . . . . . . . . . . . . . . . . . . . . . . .516Displaying STP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517

Configuring STP related features . . . . . . . . . . . . . . . . . . . . . . . . . . .524802.1W Rapid Spanning Tree (RSTP) . . . . . . . . . . . . . . . . . . . .525802.1W Draft 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .562Single Spanning Tree (SSTP) . . . . . . . . . . . . . . . . . . . . . . . . . . .566

PVST/PVST+ compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .568Overview of PVST and PVST+ . . . . . . . . . . . . . . . . . . . . . . . . . .569VLAN tags and dual mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .570Configuring PVST+ support . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571Displaying PVST+ support information . . . . . . . . . . . . . . . . . . . 571Configuration examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .572

PVRST compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .575

BPDU guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .575Enabling BPDU protection by port. . . . . . . . . . . . . . . . . . . . . . .575Re-enabling ports disabled by BPDU guard . . . . . . . . . . . . . . . 576Displaying the BPDU guard status . . . . . . . . . . . . . . . . . . . . . . 576Example console messages . . . . . . . . . . . . . . . . . . . . . . . . . . .577

Root guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .577Enabling STP root guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .578Displaying the STP root guard . . . . . . . . . . . . . . . . . . . . . . . . . .578

802.1s Multiple Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . .578Multiple spanning-tree regions . . . . . . . . . . . . . . . . . . . . . . . . .578Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .580Configuring MSTP mode and scope . . . . . . . . . . . . . . . . . . . . .580Configuring additional MSTP parameters . . . . . . . . . . . . . . . .581

Chapter 22 Configuring RIP

RIP overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .591ICMP host unreachable message for undeliverable ARPs . . .591

RIP parameters and defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .592RIP global parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .592RIP interface parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . .593

Configuring RIP parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .593Enabling RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .593Configuring metric parameters . . . . . . . . . . . . . . . . . . . . . . . . .594Changing the administrative distance. . . . . . . . . . . . . . . . . . .595Configuring redistribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . .595Configuring route learning and advertising parameters . . . . .598Changing the route loop prevention method . . . . . . . . . . . . . .599Suppressing RIP route advertisement on a VRRP or VRRPE backup interface . . . . . . . . . . . . . . . . . . . . . . . . . . . .600Configuring RIP route filters . . . . . . . . . . . . . . . . . . . . . . . . . . .600

Displaying RIP filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .601

xviii Brocade TurboIron 24X Series Configuration Guide53-1003053-02

Displaying CPU utilization statistics . . . . . . . . . . . . . . . . . . . . . . . . .602

Chapter 23 Configuring OSPF Version 2 (IPv4)

Overview of OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .605OSPF point-to-point Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . .607Designated routers in multi-access networks . . . . . . . . . . . . .608Designated router election in multi-access networks . . . . . . .608OSPF RFC 1583 and 2178 compliance . . . . . . . . . . . . . . . . . .609Reduction of equivalent AS External LSAs . . . . . . . . . . . . . . . .610Support for OSPF RFC 2328 Appendix E . . . . . . . . . . . . . . . . .612Dynamic OSPF activation and configuration . . . . . . . . . . . . . .613

Configuring OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .613Configuration rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .614OSPF parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .614Enable OSPF on the router . . . . . . . . . . . . . . . . . . . . . . . . . . . .615Assign OSPF areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .616Assigning an area range (optional) . . . . . . . . . . . . . . . . . . . . . .620Assigning interfaces to an area . . . . . . . . . . . . . . . . . . . . . . . .620Modify interface defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . .620Change the timer for OSPF authentication changes . . . . . . . .623Block flooding of outbound LSAs on specific OSPF interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .624Assign virtual links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .624Modify virtual link parameters . . . . . . . . . . . . . . . . . . . . . . . . .626Changing the reference bandwidth for the cost on OSPF interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .627Define redistribution filters . . . . . . . . . . . . . . . . . . . . . . . . . . . .629Prevent specific OSPF routes from being installed in the IP route table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .631Modify default metric for redistribution . . . . . . . . . . . . . . . . . .634Enable route redistribution . . . . . . . . . . . . . . . . . . . . . . . . . . . .635Disable or re-enable load sharing. . . . . . . . . . . . . . . . . . . . . . .636Configure external route summarization . . . . . . . . . . . . . . . . .637Configure default route origination. . . . . . . . . . . . . . . . . . . . . .639Modify SPF timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .640Modify redistribution metric type . . . . . . . . . . . . . . . . . . . . . . .640Modify administrative distance. . . . . . . . . . . . . . . . . . . . . . . . .641Configure OSPF group Link State Advertisement(LSA) pacing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .642Modify OSPF traps generated . . . . . . . . . . . . . . . . . . . . . . . . . .642Modify OSPF standard compliance setting . . . . . . . . . . . . . . .643Modify exit overflow interval . . . . . . . . . . . . . . . . . . . . . . . . . . .643Specifying the types of OSPF Syslog messages to log . . . . . .644

Clearing OSPF information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .644Clearing OSPF neighbor information . . . . . . . . . . . . . . . . . . . .644Clearing OSPF topology information . . . . . . . . . . . . . . . . . . . . .645Clearing redistributed routes from the OSPF routing table . . .645Clearing information for OSPF areas . . . . . . . . . . . . . . . . . . . .645

Brocade TurboIron 24X Series Configuration Guide xix53-1003053-02

Displaying OSPF information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .646Displaying general OSPF configuration information . . . . . . . .646Displaying CPU utilization statistics . . . . . . . . . . . . . . . . . . . . .647Displaying OSPF area information . . . . . . . . . . . . . . . . . . . . . .649Displaying OSPF neighbor information . . . . . . . . . . . . . . . . . . .649Displaying OSPF interface information. . . . . . . . . . . . . . . . . . .651Displaying OSPF route information . . . . . . . . . . . . . . . . . . . . . .653Displaying OSPF external link state information . . . . . . . . . . .655Displaying OSPF link state information . . . . . . . . . . . . . . . . . .656Displaying the data in an LSA . . . . . . . . . . . . . . . . . . . . . . . . . .656Displaying OSPF virtual neighbor information . . . . . . . . . . . . .657Displaying OSPF virtual link information . . . . . . . . . . . . . . . . .657Displaying OSPF ABR and ASBR information . . . . . . . . . . . . . .657Displaying OSPF trap status . . . . . . . . . . . . . . . . . . . . . . . . . . .658

Chapter 24 Configuring BGP4

Overview of BGP4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .660Relationship between the BGP4 route table and the IP route table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .660How BGP4 selects a path for a route . . . . . . . . . . . . . . . . . . . .661BGP4 message types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .663

Basic configuration and activation for BGP4 . . . . . . . . . . . . . . . . .665Note regarding disabling BGP4. . . . . . . . . . . . . . . . . . . . . . . . .665

BGP4 parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .666When parameter changes take effect . . . . . . . . . . . . . . . . . . .667

Memory considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .668Memory configuration options obsoleted by dynamic memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .669

Basic configuration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .669Enabling BGP4 on the router . . . . . . . . . . . . . . . . . . . . . . . . . .669Changing the router ID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .669Setting the local AS number . . . . . . . . . . . . . . . . . . . . . . . . . . .670Adding a loopback interface . . . . . . . . . . . . . . . . . . . . . . . . . . .670Adding BGP4 neighbors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .671Adding a BGP4 peer group . . . . . . . . . . . . . . . . . . . . . . . . . . . .677

Optional configuration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .681Changing the Keep Alive Time and Hold Time . . . . . . . . . . . . .681Changing the BGP4 next-hop update timer . . . . . . . . . . . . . . .682Enabling fast external fallover. . . . . . . . . . . . . . . . . . . . . . . . . .682Changing the maximum number of paths forBGP4 load sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .683Customizing BGP4 load sharing . . . . . . . . . . . . . . . . . . . . . . . .684Specifying a list of networks to advertise. . . . . . . . . . . . . . . . .685Changing the default local preference . . . . . . . . . . . . . . . . . . .686Using the IP default route as a valid next hop fora BGP4 route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .687Advertising the default route. . . . . . . . . . . . . . . . . . . . . . . . . . .687Changing the default MED (Metric) used forroute redistribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .687

xx Brocade TurboIron 24X Series Configuration Guide53-1003053-02

Enabling next-hop recursion . . . . . . . . . . . . . . . . . . . . . . . . . . .688Changing administrative distances . . . . . . . . . . . . . . . . . . . . .691Requiring the first AS to be the neighbor AS . . . . . . . . . . . . . .692Disabling or re-enabling comparison of the AS-Path length . .692Enabling or disabling comparison of the router IDs . . . . . . . .693Configuring the Layer 3 Switch to always compareMulti-Exit Discriminators (MEDs) . . . . . . . . . . . . . . . . . . . . . . .693Treating missing MEDs as the worst MEDs . . . . . . . . . . . . . . .694Configuring route reflection parameters . . . . . . . . . . . . . . . . .694Aggregating routes advertised to BGP4 neighbors . . . . . . . . .698

Modifying redistribution parameters . . . . . . . . . . . . . . . . . . . . . . . .699Redistributing connected routes. . . . . . . . . . . . . . . . . . . . . . . .699Redistributing RIP routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .700Redistributing OSPF external routes. . . . . . . . . . . . . . . . . . . . .700Redistributing static routes . . . . . . . . . . . . . . . . . . . . . . . . . . . .701Disabling or re-enabling re-advertisement of all learned BGP4 routes to all BGP4 neighbors . . . . . . . . . . . . . . . . . . . . .701Redistributing IBGP routes into RIP and OSPF. . . . . . . . . . . . .701

Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .702Filtering specific IP addresses . . . . . . . . . . . . . . . . . . . . . . . . .702Filtering AS-paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .703Filtering communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .707Defining IP prefix lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .709Defining neighbor distribute lists . . . . . . . . . . . . . . . . . . . . . . . 710Defining route maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .711Using a table map to set the rag value. . . . . . . . . . . . . . . . . . .719Configuring cooperative BGP4 route filtering. . . . . . . . . . . . . .719

Configuring route flap dampening . . . . . . . . . . . . . . . . . . . . . . . . . .722Globally configuring route flap dampening . . . . . . . . . . . . . . .723Using a route map to configure route flap dampeningfor specific routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .724Using a route map to configure route flap dampening fora specific neighbor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .725Removing route dampening from a route. . . . . . . . . . . . . . . . .726Removing route dampening from a neighbor routessuppressed due to aggregation . . . . . . . . . . . . . . . . . . . . . . . .726Displaying and clearing route flap dampening statistics . . . .727

Generating traps for BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .729

Brocade TurboIron 24X Series Configuration Guide xxi53-1003053-02

Displaying BGP4 information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .729Displaying summary BGP4 information . . . . . . . . . . . . . . . . . .729Displaying the active BGP4 configuration . . . . . . . . . . . . . . . .731Displaying CPU utilization statistics . . . . . . . . . . . . . . . . . . . . .732Displaying summary neighbor information . . . . . . . . . . . . . . .733Displaying BGP4 neighbor information. . . . . . . . . . . . . . . . . . .735Displaying peer group information . . . . . . . . . . . . . . . . . . . . . . 746Displaying summary route information . . . . . . . . . . . . . . . . . . 747Displaying the BGP4 route table . . . . . . . . . . . . . . . . . . . . . . . . 748Displaying BGP4 route-attribute entries . . . . . . . . . . . . . . . . . .754Displaying the routes BGP4 has placed in theIP route table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .755Displaying route flap dampening statistics . . . . . . . . . . . . . . .756Displaying the active route map configuration . . . . . . . . . . . .757

Updating route information and resetting a neighbor session . . .758Using soft reconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . .758Dynamically requesting a route refresh froma BGP4 neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 761Closing or resetting a neighbor session . . . . . . . . . . . . . . . . . .764Clearing and resetting BGP4 routes in the IP route table . . . .764

Clearing traffic counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .765

Clearing route flap dampening statistics. . . . . . . . . . . . . . . . . . . . .765

Removing route flap dampening . . . . . . . . . . . . . . . . . . . . . . . . . . .765

Clearing diagnostic buffers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .766

Chapter 25 Configuring IP Multicast Traffic Reduction

IGMP snooping overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .767IGMP V1, V2, and V3 snooping support . . . . . . . . . . . . . . . . . .768Queriers and non-queriers . . . . . . . . . . . . . . . . . . . . . . . . . . . .768IGMP snooping enhancements. . . . . . . . . . . . . . . . . . . . . . . . .769Configuration notes and feature limitations . . . . . . . . . . . . . .769

PIM SM traffic snooping overview . . . . . . . . . . . . . . . . . . . . . . . . . . 771PIM SM snooping support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 771Application examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 771Configuration notes and limitations . . . . . . . . . . . . . . . . . . . . .773

xxii Brocade TurboIron 24X Series Configuration Guide53-1003053-02

Configuring IGMP snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .773Enabling IGMP snooping globally on the device . . . . . . . . . . .775Configuring the IGMP mode . . . . . . . . . . . . . . . . . . . . . . . . . . .775Configuring the IGMP version . . . . . . . . . . . . . . . . . . . . . . . . . .776Disabling IGMP snooping on a VLAN . . . . . . . . . . . . . . . . . . . .776Disabling transmission and receipt of IGMP packetson a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .777Modifying the age interval for group membership entries . . .777Modifying the query interval (active IGMP snooping mode only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .777Modifying the maximum response time. . . . . . . . . . . . . . . . . .778Configuring report control . . . . . . . . . . . . . . . . . . . . . . . . . . . . .778Modifying the wait time before stopping traffic when receiving a leave message . . . . . . . . . . . . . . . . . . . . . . . . . . . .778Modifying the multicast cache age time . . . . . . . . . . . . . . . . .779Enabling or disabling error and warning messages . . . . . . . .779Configuring static router ports . . . . . . . . . . . . . . . . . . . . . . . . .779Turning off static group proxy . . . . . . . . . . . . . . . . . . . . . . . . . .779IGMP V3 membership tracking and fast leave . . . . . . . . . . . .780Fast leave for IGMP V2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .780Fast convergence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .781

Configuring PIM SM snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . .781Enabling or disabling PIM SM snooping . . . . . . . . . . . . . . . . . .781Enabling PIM SM snooping on a VLAN . . . . . . . . . . . . . . . . . . .782Disabling PIM SM snooping on a VLAN . . . . . . . . . . . . . . . . . .782

IGMP snooping show commands. . . . . . . . . . . . . . . . . . . . . . . . . . .782Displaying the IGMP snooping configuration . . . . . . . . . . . . . .782Displaying IGMP snooping errors . . . . . . . . . . . . . . . . . . . . . . .783Displaying IGMP group information . . . . . . . . . . . . . . . . . . . . .784Displaying IGMP snooping mcache information . . . . . . . . . . .785Displaying software resource usage for VLANs . . . . . . . . . . . .786Displaying the status of IGMP snooping traffic . . . . . . . . . . . .787

PIM SM snooping show commands. . . . . . . . . . . . . . . . . . . . . . . . .788Displaying PIM SM snooping information. . . . . . . . . . . . . . . . .788Displaying PIM SM snooping information on a Layer 2 switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .788Displaying PIM SM snooping information for a specific group or source group pair . . . . . . . . . . . . . . . . . . . . . . . . . . . .789

Clear commands for IGMP snooping . . . . . . . . . . . . . . . . . . . . . . . .790Clearing the IGMP mcache . . . . . . . . . . . . . . . . . . . . . . . . . . . .790Clearing the mcache on a specific VLAN . . . . . . . . . . . . . . . . .790Clearing traffic on a specific VLAN . . . . . . . . . . . . . . . . . . . . . .791Clearing IGMP counters on VLANs . . . . . . . . . . . . . . . . . . . . . .791

Brocade TurboIron 24X Series Configuration Guide xxiii53-1003053-02

Chapter 26 Configuring IP Multicast Protocols

Overview of IP multicasting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .793IPv4 multicast group addresses . . . . . . . . . . . . . . . . . . . . . . . .794Mapping of IPv4 Multicast group addresses toEthernet MAC addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .794Supported Layer 3 multicast routing protocols . . . . . . . . . . . .794Multicast terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .794

Changing global IP multicast parameters . . . . . . . . . . . . . . . . . . . .795Changing dynamic memory allocation for IP multicast groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .795Changing IGMP V1 and V2 parameters . . . . . . . . . . . . . . . . . .796

PIM Dense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .798Initiating PIM multicasts on a network . . . . . . . . . . . . . . . . . . .798Pruning a multicast tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .799Grafts to a multicast Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . .801PIM DM versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .802Configuring PIM DM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .802Failover time in a multi-path topology . . . . . . . . . . . . . . . . . . .806Modifying the TTL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .806

PIM Sparse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .806PIM Sparse switch types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .807RP paths and SPT paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .808Configuring PIM Sparse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .808Displaying PIM Sparse configuration informationand statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 817

Passive multicast route insertion. . . . . . . . . . . . . . . . . . . . . . . . . . .830

Multicast Source Discovery Protocol (MSDP) . . . . . . . . . . . . . . . . .830Peer Reverse Path Forwarding (RPF) flooding . . . . . . . . . . . . .832Source active caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .832Configuring MSDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .833Designating an interface IP address as the RP IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .834Filtering MSDP source-group pairs . . . . . . . . . . . . . . . . . . . . . .835MSDP mesh groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .838Displaying MSDP information . . . . . . . . . . . . . . . . . . . . . . . . . .844Clearing MSDP information. . . . . . . . . . . . . . . . . . . . . . . . . . . .848

Using ACLs to control multicast features. . . . . . . . . . . . . . . . . . . . .849Using ACLs to limit static RP groups . . . . . . . . . . . . . . . . . . . . .849Using ACLs to limit PIM RP candidate advertisement . . . . . . .851

Tracing a multicast route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .852

Displaying the multicast configuration for another multicast router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .853

xxiv Brocade TurboIron 24X Series Configuration Guide53-1003053-02

IGMP V3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .854Default IGMP version. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .855Compatibility with IGMP V1 and V2 . . . . . . . . . . . . . . . . . . . . .855Globally enabling the IGMP version . . . . . . . . . . . . . . . . . . . . .856Enabling the IGMP version per interface setting . . . . . . . . . . .856Enabling the IGMP version on a physical port withina virtual routing interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . .856Enabling membership tracking and fast leave . . . . . . . . . . . .857Setting the query interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . .857Setting the group membership time. . . . . . . . . . . . . . . . . . . . .858Setting the maximum response time . . . . . . . . . . . . . . . . . . . .858Displaying IGMP V3 information on Layer 3 Switches. . . . . . .858Clearing IGMP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .862

Chapter 27 Configuring VRRP and VRRPE

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .863Overview of VRRP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .864Overview of VRRPE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .868Configuration note . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 871

Comparison of VRRP and VRRPE. . . . . . . . . . . . . . . . . . . . . . . . . . . 871VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 871VRRPE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 871Architectural differences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 871

VRRP and VRRPE parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . .872

Configuring basic VRRP parameters . . . . . . . . . . . . . . . . . . . . . . . . 874Configuring the Owner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .875Configuring a Backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .875Configuration rules for VRRP. . . . . . . . . . . . . . . . . . . . . . . . . . .875

Configuring basic VRRPE parameters . . . . . . . . . . . . . . . . . . . . . . .875Configuration rules for VRRPE . . . . . . . . . . . . . . . . . . . . . . . . . 876

Note regarding disabling VRRP or VRRPE . . . . . . . . . . . . . . . . . . . .876

Configuring additional VRRP and VRRPE parameters . . . . . . . . . . 876

Forcing a Master router to abdicate to a standby router . . . . . . . .883

Displaying VRRP and VRRPE information . . . . . . . . . . . . . . . . . . . .884Displaying summary information . . . . . . . . . . . . . . . . . . . . . . .884Displaying detailed information . . . . . . . . . . . . . . . . . . . . . . . .886Displaying statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .891Clearing VRRP or VRRPE statistics . . . . . . . . . . . . . . . . . . . . . .892Displaying CPU utilization statistics . . . . . . . . . . . . . . . . . . . . .892

Configuration examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .894VRRP example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .894VRRPE example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .895

Brocade TurboIron 24X Series Configuration Guide xxv53-1003053-02

Chapter 28 Configuring Rule-Based IP Access Control Lists

ACL overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .897Types of IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .898ACL IDs and entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .898Numbered and named ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . .899Default ACL action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .899

How hardware-based ACLs work . . . . . . . . . . . . . . . . . . . . . . . . . . .899How fragmented packets are processed . . . . . . . . . . . . . . . . .899Hardware aging of Layer 4 CAM entries . . . . . . . . . . . . . . . . . .900

Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .900

Configuring standard numbered ACLs. . . . . . . . . . . . . . . . . . . . . . .901Standard numbered ACL syntax . . . . . . . . . . . . . . . . . . . . . . . .901Configuration example for standard numbered ACLs . . . . . . .902

Configuring standard named ACLs . . . . . . . . . . . . . . . . . . . . . . . . .903Standard named ACL syntax . . . . . . . . . . . . . . . . . . . . . . . . . . .903Configuration example for standard named ACLs . . . . . . . . . .904

Configuring extended numbered ACLs . . . . . . . . . . . . . . . . . . . . . .905Extended numbered ACL syntax . . . . . . . . . . . . . . . . . . . . . . . .906Configuration examples for extended numbered ACLs . . . . . .909

Configuring extended named ACLs . . . . . . . . . . . . . . . . . . . . . . . . .911Extended named ACL syntax. . . . . . . . . . . . . . . . . . . . . . . . . . .911Configuration example for extended named ACLs. . . . . . . . . .915

Preserving user input for ACL TCP/UDP port numbers. . . . . . . . . .915

Managing ACL comment text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .916Adding a comment to an entry in a numbered ACL. . . . . . . . .916

Applying an ACL to a virtual interface in a protocol- or subnet-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917

Enabling ACL logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917

Enabling strict control of ACL filtering of fragmented packets. . . .919

Enabling ACL support for switched traffic in the router image . . .920

Enabling ACL filtering based on VLAN membership or VE port membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .920

Applying an IPv4 ACL to specific VLAN members ona port (Layer 2 devices only) . . . . . . . . . . . . . . . . . . . . . . . . . . .921Applying an IPv4 ACL to a subset of ports on a virtualinterface (Layer 3 devices only) . . . . . . . . . . . . . . . . . . . . . . . .922

Filtering on IP precedence and ToS values . . . . . . . . . . . . . . . . . . .922

QoS options for IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .923DSCP matching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .924

ACL-based rate limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .925

Using ACLs to control multicast features. . . . . . . . . . . . . . . . . . . . .925

Enabling and viewing hardware usage statistics for an ACL . . . . .925

Displaying ACL information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .926

xxvi Brocade TurboIron 24X Series Configuration Guide53-1003053-02

Troubleshooting ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .926

Chapter 29 Configuring Traffic Policies

About traffic policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .929

Configuration notes and feature limitations . . . . . . . . . . . . . . . . . .930

Maximum number of traffic policies supported on a device . . . . .931Setting the maximum number of traffic policies supportedon a Layer 3 device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .931

ACL-based rate limiting using traffic policies. . . . . . . . . . . . . . . . . .931Support for fixed rate limiting and adaptive rate limiting . . . .932Configuring ACL-based fixed rate limiting. . . . . . . . . . . . . . . . .932Configuring ACL-based adaptive rate limiting . . . . . . . . . . . . .933Specifying the action to be taken for packets that areover the limit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .935

ACL and rate limit counting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .936Enabling ACL statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .937Enabling ACL statistics with rate limiting traffic policies. . . . .938Viewing ACL and rate limit counters . . . . . . . . . . . . . . . . . . . . .938Clearing ACL and rate limit counters . . . . . . . . . . . . . . . . . . . .939

Viewing traffic policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .939

Chapter 30 Configuring 802.1X Port Security

IETF RFC support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .941

How 802.1X port security works . . . . . . . . . . . . . . . . . . . . . . . . . . .941Device roles in an 802.1X configuration . . . . . . . . . . . . . . . . .941Communication between the devices . . . . . . . . . . . . . . . . . . .942Controlled and uncontrolled ports . . . . . . . . . . . . . . . . . . . . . .944Message exchange during authentication . . . . . . . . . . . . . . . .945Authenticating multiple hosts connected to the same port . .947802.1X port security and sFlow . . . . . . . . . . . . . . . . . . . . . . . .950

Configuring 802.1X port security . . . . . . . . . . . . . . . . . . . . . . . . . . .950Configuring an authentication method list for 802.1X . . . . . .950Setting RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . .951Configuring dynamic VLAN assignment for 802.1X ports . . . .954Dynamically applying IP ACLs and MAC filters to802.1X ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .958Enabling 802.1X port security. . . . . . . . . . . . . . . . . . . . . . . . . .961Setting the port control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .962Configuring periodic re-authentication. . . . . . . . . . . . . . . . . . .963Re-authenticating a port manually . . . . . . . . . . . . . . . . . . . . . .963Setting the quiet period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .964Specifying the wait interval and number of EAP-request/identity frame retransmissions . . . . . . . . . . . . . . . . . . . . . . . . .964Specifying the wait interval and number of EAP-request/identity frame retransmissions from the RADIUS server . . . .965Specifying a timeout for retransmission of messages to the authentication server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .966

Brocade TurboIron 24X Series Configuration Guide xxvii53-1003053-02

Initializing 802.1X on a port . . . . . . . . . . . . . . . . . . . . . . . . . . .966Allowing access to multiple hosts . . . . . . . . . . . . . . . . . . . . . . .966Configuring VLAN access for non-EAP-capable clients . . . . . .968

Displaying 802.1X information. . . . . . . . . . . . . . . . . . . . . . . . . . . . .969Displaying 802.1X configuration information . . . . . . . . . . . . .970Displaying 802.1X statistics . . . . . . . . . . . . . . . . . . . . . . . . . . .972Clearing 802.1X statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .973Displaying dynamically assigned VLAN information . . . . . . . .973Displaying information about dynamically appliedMAC filters and IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 974Displaying 802.1X multiple-host authentication information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .975

Sample 802.1X configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . .979Point-to-point configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . .979Hub configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .981802.1X Authentication with dynamic VLAN assignment . . . . .983

Using multi-device port authentication and 802.1X securityon the same port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .984

Configuring Brocade-specific attributes on the RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .985Example configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .986

Chapter 31 Using the MAC Port Security Feature

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .991Local and global resources . . . . . . . . . . . . . . . . . . . . . . . . . . . .991Configuration notes and feature limitations . . . . . . . . . . . . . .992

Configuring the MAC port security feature . . . . . . . . . . . . . . . . . . .992Enabling the MAC port security feature . . . . . . . . . . . . . . . . . .992Setting the maximum number of secure MAC addressesfor an interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .993Setting the port security age timer . . . . . . . . . . . . . . . . . . . . . .993Specifying secure MAC addresses . . . . . . . . . . . . . . . . . . . . . .993Autosaving secure MAC addresses to thestartup-config file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .994Specifying the action taken when a securityviolation occurs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .995

Clearing port security statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . .996Clearing restricted MAC addresses. . . . . . . . . . . . . . . . . . . . . .996Clearing violation statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . .996

Displaying port security information . . . . . . . . . . . . . . . . . . . . . . . .996Displaying port security settings . . . . . . . . . . . . . . . . . . . . . . . .997Displaying the secure MAC addresses . . . . . . . . . . . . . . . . . . .997Displaying port security statistics . . . . . . . . . . . . . . . . . . . . . . .998Displaying restricted MAC addresses on a port . . . . . . . . . . . .998

xxviii Brocade TurboIron 24X Series Configuration Guide53-1003053-02

Chapter 32 Configuring Multi-Device Port Authentication

How multi-device port authentication works. . . . . . . . . . . . . . . . . .999RADIUS authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .999Authentication-failure actions . . . . . . . . . . . . . . . . . . . . . . . . 1000Supported RADIUS attributes . . . . . . . . . . . . . . . . . . . . . . . . 1000Support for dynamic VLAN assignment . . . . . . . . . . . . . . . . .1001Support for dynamic ACLs . . . . . . . . . . . . . . . . . . . . . . . . . .