53-1002242-0320 March 2012

®

TurboIron 24X SeriesConfiguration Guide

Supporting software release 07.3.00

© 2012 Brocade Communications Systems, Inc. All Rights Reserved.

Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, MLX, SAN Health, VCS, and VDX are registered trademarks, and AnyIO, Brocade One, CloudPlex, Effortless Networking, ICX, NET Health, OpenScript, and The Effortless Network are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of their respective owners.

Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.

The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with respect to any loss, cost, liability, or damages arising from information contained in this book or the computer programs that accompany it.

The product described by this document may contain “open source” software covered by the GNU General Public License or other open source license agreements. To find out which open source software is included in Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd.

Brocade Communications Systems, Incorporated

Document History

Corporate and Latin American HeadquartersBrocade Communications Systems, Inc.130 Holger WaySan Jose, CA 95134E-mail: info@brocade.com

Asia-Pacific HeadquartersBrocade Communications Systems China HK, Ltd.No. 1 Guanghua RoadChao Yang DistrictUnits 2718 and 2818Beijing 100020, ChinaTel: +8610 6588 8888Fax: +8610 6588 9999E-mail: china-info@brocade.com

European HeadquartersBrocade Communications Switzerland SàrlCentre SwissairTour B - 4ème étage29, Route de l'AéroportCase Postale 105CH-1215 Genève 15Switzerland Tel: +41 22 799 5640Fax: +41 22 799 5641E-mail: emea-info@brocade.com

Asia-Pacific HeadquartersBrocade Communications Systems Co., Ltd. (Shenzhen WFOE)Citic PlazaNo. 233 Tian He Road NorthUnit 1308 – 13th FloorGuangzhou, ChinaTel: +8620 3891 2000Fax: +8620 3891 2111E-mail: china-info@brocade.com

Title Publication number Summary of changes Date

Brocade TurboIron 24X Series Configuration Guide

53-1002242-03 Removed additional unsupported features

March 2012

Brocade TurboIron 24X Series Configuration Guide

53-1002242-02 Removed unsupported features

January 2012

Brocade TurboIron 24X Series Configuration Guide

53-1002242-01 New document October 2011

Contents

About This Document

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi

Device nomenclature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi

What’s new in this document for release 07.3.00 . . . . . . . . . . . . . xxxiSummary of enhancements in FastIron release 07.3.00 . . . .xxxii

Document conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiiText formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxxiiNotes, cautions, and danger notices . . . . . . . . . . . . . . . . . . . xxxiii

Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiii

Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiii

Getting technical help or reporting errors . . . . . . . . . . . . . . . . . . . xxxiv

Chapter 1 Feature Highlights

Introduction to features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Supported features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Supported management features . . . . . . . . . . . . . . . . . . . . . . . . 1Supported security features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Supported system-level features . . . . . . . . . . . . . . . . . . . . . . . . . 3Supported Layer 2 features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Supported Layer 3 features on TurboIron X Series devices . . . . 7

Supported IPv6 management features . . . . . . . . . . . . . . . . . . . . . . . . 8

Unsupported features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Chapter 2 Getting Familiar with Management Applications

Using the management port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11How the management port works. . . . . . . . . . . . . . . . . . . . . . . . 11CLI Commands for use with the management port. . . . . . . . . . 11

Logging on through the CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13On-line help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13Command completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Scroll control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Line editing commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Brocade TurboIron 24X Series Configuration Guide iii53-1002242-03

Using and port number with CLI commands. . . . . . . . . . . . . . . . . . .15CLI nomenclature on TurboIron X Series devices . . . . . . . . . . .15Searching and filtering output from CLI commands . . . . . . . . .15Using special characters in regular expressions . . . . . . . . . . . . 17Creating an alias for a CLI command . . . . . . . . . . . . . . . . . . . . .19

Logging on through Brocade Network Advisor . . . . . . . . . . . . . . . . .20

Chapter 3 Configuring Basic Software Features

Configuring basic system parameters . . . . . . . . . . . . . . . . . . . . . . . . 21Entering system administration information . . . . . . . . . . . . . . .22Configuring Simple Network Management Protocol (SNMP) parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22Disabling Syslog messages and traps for CLI access . . . . . . . .26Configuring an interface as the source for all Telnet packets . 27Cancelling an outbound Telnet session . . . . . . . . . . . . . . . . . . .28Specifying a Simple Network Time Protocol (SNTP) server . . . .28Setting the system clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29Limiting broadcast, multicast, and unknown unicast traffic. . . 31

Configuring basic port parameters . . . . . . . . . . . . . . . . . . . . . . . . . .34Assigning a port name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35Modifying port speed and duplex mode. . . . . . . . . . . . . . . . . . .35Auto speed detect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36Modifying port duplex mode . . . . . . . . . . . . . . . . . . . . . . . . . . . .36Disabling or re-enabling a port . . . . . . . . . . . . . . . . . . . . . . . . . . 37Disabling or re-enabling flow control . . . . . . . . . . . . . . . . . . . . . 37Auto-negotiation and advertisement of flow control . . . . . . . . .38Configuring the Interpacket Gap (IPG) . . . . . . . . . . . . . . . . . . . .39Changing the Gbps fiber negotiation mode . . . . . . . . . . . . . . . .40Modifying port priority (QoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . .40Configuring port flap dampening . . . . . . . . . . . . . . . . . . . . . . . .40Port loop detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43

Chapter 4 Operations, Administration, and Maintenance

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

Determining the software versions installed and running on a device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

Determining the flash image version running on the device . .49Determining the image versions installed in flash memory . . .50Flash image verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50

Image file types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52

Upgrading software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52Upgrading the boot code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52Upgrading the flash code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52Boot code synchronization feature . . . . . . . . . . . . . . . . . . . . . . .53

Using SNMP to upgrade software . . . . . . . . . . . . . . . . . . . . . . . . . . .53

Changing the block size for TFTP file transfers . . . . . . . . . . . . . . . . .54

Rebooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54

iv Brocade TurboIron 24X Series Configuration Guide53-1002242-03

Displaying the boot preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55

Loading and saving configuration files . . . . . . . . . . . . . . . . . . . . . . .55Replacing the startup configuration with therunning configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56Replacing the running configuration with thestartup configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56Logging changes to the startup-config file . . . . . . . . . . . . . . . . .56Copying a configuration file to or from a TFTP server . . . . . . . . 57Dynamic configuration loading . . . . . . . . . . . . . . . . . . . . . . . . . . 57Maximum file sizes for startup-config file and running-config .60

Scheduling a system reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60Reloading at a specific time . . . . . . . . . . . . . . . . . . . . . . . . . . . .60Reloading after a specific amount of time. . . . . . . . . . . . . . . . . 61Displaying the amount of time remaining before a scheduled reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Canceling a scheduled reload. . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Diagnostic error codes and remedies for TFTP transfers . . . . . . . . . 61

Chapter 5 Monitoring Hardware Components

Hardware support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

Digital optical monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63Supported media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63Media not supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63Supported media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64Media not supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64Configuration limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64Enabling digital optical monitoring . . . . . . . . . . . . . . . . . . . . . . .64Setting the alarm interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65Displaying information about installed media . . . . . . . . . . . . . .65Viewing optical monitoring information . . . . . . . . . . . . . . . . . . .66Syslog messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68

Chapter 6 Configuring IPv6 Connectivity

IPv6 addressing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69IPv6 address types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70IPv6 stateless autoconfiguration . . . . . . . . . . . . . . . . . . . . . . . . 71

IPv6 CLI command support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72

Configuring an IPv6 host address on a Layer 2 switch. . . . . . . . . . .73Enabling IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73Configuring a global or site-local IPv6 address with a manually configured interface ID . . . . . . . . . . . . . . . . . . . . . . . .73

Configuring the management port for an IPv6 automatic address configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Configuring basic IPv6 connectivity on a Layer 3 switch . . . . . . . . . 74Configuring IPv6 on each router interface . . . . . . . . . . . . . . . . . 74

Brocade TurboIron 24X Series Configuration Guide v53-1002242-03

IPv6 management (IPv6 host support) . . . . . . . . . . . . . . . . . . . . . . . 76Restricting SNMP access to an IPv6 node . . . . . . . . . . . . . . . . . 77Specifying an IPv6 SNMP trap receiver . . . . . . . . . . . . . . . . . . . 77SNMP V3 over IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77SNTP over IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Secure Shell, SCP, and IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77IPv6 Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78Configuring name-to-IPv6 address resolution using IPv6 DNS resolver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78Defining an IPv6 DNS entry. . . . . . . . . . . . . . . . . . . . . . . . . . . . .79Using the IPv6 copy command . . . . . . . . . . . . . . . . . . . . . . . . . .79Using the IPv6 ncopy command . . . . . . . . . . . . . . . . . . . . . . . . . 81IPv6 ping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83Configuring an IPv6 Syslog server . . . . . . . . . . . . . . . . . . . . . . .84Viewing IPv6 SNMP server addresses . . . . . . . . . . . . . . . . . . . .84Disabling IPv6 on a Layer 2 switch . . . . . . . . . . . . . . . . . . . . . . .85

Clearing global IPv6 information . . . . . . . . . . . . . . . . . . . . . . . . . . . .85Clearing the IPv6 cache. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85Clearing IPv6 neighbor information . . . . . . . . . . . . . . . . . . . . . .86Clearing IPv6 traffic statistics . . . . . . . . . . . . . . . . . . . . . . . . . . .86

Displaying global IPv6 information. . . . . . . . . . . . . . . . . . . . . . . . . . . 87Displaying IPv6 cache information . . . . . . . . . . . . . . . . . . . . . . . 87Displaying IPv6 interface information. . . . . . . . . . . . . . . . . . . . .88Displaying IPv6 neighbor information. . . . . . . . . . . . . . . . . . . . .89Displaying IPv6 TCP information . . . . . . . . . . . . . . . . . . . . . . . . . 91Displaying IPv6 traffic statistics . . . . . . . . . . . . . . . . . . . . . . . . .94 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95

Chapter 7 Configuring Spanning Tree Protocol (STP) Related Features

STP overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

Configuring standard STP parameters. . . . . . . . . . . . . . . . . . . . . . . .99STP parameters and defaults . . . . . . . . . . . . . . . . . . . . . . . . . . .99Enabling or disabling the Spanning Tree Protocol (STP) . . . . .101Changing STP bridge and port parameters . . . . . . . . . . . . . . .102STP protection enhancement . . . . . . . . . . . . . . . . . . . . . . . . . .103Displaying STP information . . . . . . . . . . . . . . . . . . . . . . . . . . . .105

Configuring STP related features . . . . . . . . . . . . . . . . . . . . . . . . . . .112802.1W Rapid Spanning Tree (RSTP) . . . . . . . . . . . . . . . . . . . .112802.1W Draft 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150Single Spanning Tree (SSTP) . . . . . . . . . . . . . . . . . . . . . . . . . . .154

PVST/PVST+ compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156Overview of PVST and PVST+ . . . . . . . . . . . . . . . . . . . . . . . . . .157VLAN tags and dual mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158Configuring PVST+ support . . . . . . . . . . . . . . . . . . . . . . . . . . . .159Displaying PVST+ support information . . . . . . . . . . . . . . . . . . .159Configuration examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160

PVRST compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163

vi Brocade TurboIron 24X Series Configuration Guide53-1002242-03

BPDU guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163Enabling BPDU protection by port. . . . . . . . . . . . . . . . . . . . . . .163Re-enabling ports disabled by BPDU guard . . . . . . . . . . . . . . .164Displaying the BPDU guard status . . . . . . . . . . . . . . . . . . . . . .164Example console messages . . . . . . . . . . . . . . . . . . . . . . . . . . .165

Root guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165Enabling STP root guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166Displaying the STP root guard . . . . . . . . . . . . . . . . . . . . . . . . . .166

802.1s Multiple Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . .166Multiple spanning-tree regions . . . . . . . . . . . . . . . . . . . . . . . . .166Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168Configuring MSTP mode and scope . . . . . . . . . . . . . . . . . . . . .168Configuring additional MSTP parameters . . . . . . . . . . . . . . . .169

Chapter 8 Configuring Basic Layer 2 Features

Enabling or disabling the Spanning Tree Protocol (STP). . . . . . . . .179Modifying STP bridge and port parameters . . . . . . . . . . . . . . .179

Changing the MAC age time and disabling MAC address learning180Disabling the automatic learning of MAC addresses . . . . . . .180Displaying the MAC address table . . . . . . . . . . . . . . . . . . . . . .181

Configuring static MAC entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181Multi-port static MAC address. . . . . . . . . . . . . . . . . . . . . . . . . .182

Configuring VLAN-based static MAC entries . . . . . . . . . . . . . . . . . .183

Enabling port-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183Assigning IEEE 802.1Q tagging to a port . . . . . . . . . . . . . . . . .184

Defining MAC address filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184Configuration notes and limitations . . . . . . . . . . . . . . . . . . . . .185Command syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185Enabling logging of management trafficpermitted by MAC filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186

Displaying and modifying system parameter default settings . . . .187Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . .188Displaying system parameter default values . . . . . . . . . . . . . .188Modifying system parameter default values . . . . . . . . . . . . . .189

Egress buffer thresholds for QoS priorities . . . . . . . . . . . . . . . . . . .190Cut-Through Switching Support. . . . . . . . . . . . . . . . . . . . . . . . .191Default settings for egress buffer thresholds . . . . . . . . . . . . .191Disabling and re-enabling the default settingsfor egress buffer thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . .191Setting the egress buffer threshold for all QoSpriorities on a port or group of ports . . . . . . . . . . . . . . . . . . . .192Setting the egress buffer threshold for a specific QoS priority on a port or group of ports . . . . . . . . . . . . . . . . . .192

Link Fault Signaling (LFS) for 10G . . . . . . . . . . . . . . . . . . . . . . . . . .193

Jumbo frame support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194

Brocade TurboIron 24X Series Configuration Guide vii53-1002242-03

Chapter 9 Configuring Metro Features

Topology groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195Master VLAN and member VLANs . . . . . . . . . . . . . . . . . . . . . .195Control ports and free ports . . . . . . . . . . . . . . . . . . . . . . . . . . .196Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . .196Configuring a topology group . . . . . . . . . . . . . . . . . . . . . . . . . .196Displaying topology group information . . . . . . . . . . . . . . . . . . .197

Metro Ring Protocol (MRP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201MRP rings without shared interfaces (MRP Phase 1) . . . . . . .201MRP rings with shared interfaces (MRP Phase 2). . . . . . . . . .202Ring initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204How ring breaks are detected and healed . . . . . . . . . . . . . . . .207Alarm RHP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210Master VLANs and customer VLANs. . . . . . . . . . . . . . . . . . . . .211Configuring MRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213Using MRP diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215Displaying MRP information . . . . . . . . . . . . . . . . . . . . . . . . . . .216MRP CLI example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218

Virtual Switch Redundancy Protocol (VSRP) . . . . . . . . . . . . . . . . . .220Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222Layer 2 and Layer 3 redundancy . . . . . . . . . . . . . . . . . . . . . . .222Master election and failover . . . . . . . . . . . . . . . . . . . . . . . . . . .222VSRP-Aware security features . . . . . . . . . . . . . . . . . . . . . . . . . .227VSRP parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227Configuring basic VSRP parameters. . . . . . . . . . . . . . . . . . . . .230Configuring optional VSRP parameters . . . . . . . . . . . . . . . . . .231Displaying VSRP information. . . . . . . . . . . . . . . . . . . . . . . . . . .240VSRP fast start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243VSRP and MRP signaling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244

Chapter 10 Configuring Uni-Directional Link Detection (UDLD)

UDLD overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . .248Enabling UDLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248Changing the Keepalive interval . . . . . . . . . . . . . . . . . . . . . . . .248Changing the Keepalive retries. . . . . . . . . . . . . . . . . . . . . . . . .249UDLD for tagged ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249Displaying UDLD information . . . . . . . . . . . . . . . . . . . . . . . . . .249Clearing UDLD statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251

viii Brocade TurboIron 24X Series Configuration Guide53-1002242-03

Chapter 11 Configuring Virtual LANs (VLANs)

VLAN overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253Types of VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253Default VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .257802.1Q tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .258Spanning Tree Protocol (STP) . . . . . . . . . . . . . . . . . . . . . . . . . .260Virtual routing interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .261VLAN and virtual routing interface groups . . . . . . . . . . . . . . . .262Dynamic, static, and excluded port membership . . . . . . . . . .263Super aggregated VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .265Trunk group ports and VLAN membership . . . . . . . . . . . . . . . .265

Routing between VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .265Virtual routing interfaces (Layer 3 Switches only) . . . . . . . . . .265Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) . . . . . . . . . . . . . . . . . . . . . .266Dynamic port assignment (Layer 2 Switchesand Layer 3 Switches) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267Assigning a different VLAN ID to the default VLAN . . . . . . . . .267Assigning different VLAN IDs to reserved VLANs 4091 and 4092267Assigning trunk group ports . . . . . . . . . . . . . . . . . . . . . . . . . . .268Configuring port-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . .269Modifying a port-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . .272Enable spanning tree on a VLAN . . . . . . . . . . . . . . . . . . . . . . .273

Configuring IP subnet, IPX network andprotocol-based VLANs . . . 274Configuration example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) . . . . . . . . . . . . . . . . . . . . . . . . . . 276

Configuring uplink ports within a port-based VLAN . . . . . . . . . . . .282Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . .282Configuration syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282

Configuring the same IP subnet address on multipleport-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .283

Configuring VLAN groups and virtual routing interface groups . . .286Configuring a VLAN group . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286Configuring a virtual routing interface group . . . . . . . . . . . . . .288Displaying the VLAN group and virtual routing interface group information . . . . . . . . . . . . . . . . . . . . . . . . . . .289Allocating memory for more VLANs or virtual routing interfaces289

Configuring super aggregated VLANs . . . . . . . . . . . . . . . . . . . . . . .290Configuration note . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293Configuring aggregated VLANs . . . . . . . . . . . . . . . . . . . . . . . . .293Verifying the configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . .294Complete CLI examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .294

Configuring 802.1Q-in-Q tagging . . . . . . . . . . . . . . . . . . . . . . . . . . .297Configuration rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .298Enabling 802.1Q-in-Q tagging . . . . . . . . . . . . . . . . . . . . . . . . . .298Example configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299

Brocade TurboIron 24X Series Configuration Guide ix53-1002242-03

Configuring private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .301Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .302Configuration notes and limitations . . . . . . . . . . . . . . . . . . . . .303Command syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .303CLI example for Figure 71 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .305Enabling broadcast, unregistered multicast orunknown unicast traffic to the private VLAN . . . . . . . . . . . . . .305

Dual-mode VLAN ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .306

Displaying VLAN information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .308Displaying VLANs in alphanumeric order . . . . . . . . . . . . . . . . .308Displaying system-wide VLAN information . . . . . . . . . . . . . . . .309Displaying VLAN information for specific ports . . . . . . . . . . . .310

Chapter 12 Configuring Trunk Groups and Dynamic Link Aggregation

Trunk group overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315Trunk group connectivity to a server. . . . . . . . . . . . . . . . . . . . .316Trunk group rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .316Trunk group configuration examples . . . . . . . . . . . . . . . . . . . . 317Flexible trunk group membership . . . . . . . . . . . . . . . . . . . . . . .318Trunk group load sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .318

Configuring a trunk group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .319CLI syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .320Example 1: Configuring the trunk groups shown in Figure 75321Example 2: Configuring a trunk group that spanstwo Gbps Ethernet modules in a chassis device . . . . . . . . . . .321Example 3: Configuring a multi-slot trunk group with one port per module . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322Example 4: Configuring a trunk group of 10 GbpsEthernet ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322Additional trunking options . . . . . . . . . . . . . . . . . . . . . . . . . . . .322

Displaying trunk group configuration information . . . . . . . . . . . . .327

Dynamic link aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .328Examples of valid LACP trunk groups . . . . . . . . . . . . . . . . . . . .329Configuration notes and limitations . . . . . . . . . . . . . . . . . . . . .329Adaptation to trunk disappearance . . . . . . . . . . . . . . . . . . . . .331Flexible trunk eligibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .331Enabling dynamic link aggregation. . . . . . . . . . . . . . . . . . . . . .332How changing the VLAN membership of a port affectstrunk groups and dynamic keys . . . . . . . . . . . . . . . . . . . . . . . .334Link aggregation parameters . . . . . . . . . . . . . . . . . . . . . . . . . .334

Displaying and determining the status of aggregate links . . . . . . .339Events that affect the status of ports in an aggregate link. . .339Displaying link aggregation and port status information . . . .340Displaying LACP status information . . . . . . . . . . . . . . . . . . . . .342

Clearing the negotiated aggregate links table . . . . . . . . . . . . . . . .342

Configuring single link LACP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .342Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343CLI syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343

x Brocade TurboIron 24X Series Configuration Guide53-1002242-03

Chapter 13 Configuring Rule-Based IP Access Control Lists

ACL overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .345Types of IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .345ACL IDs and entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .345Numbered and named ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . .346Default ACL action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .346

How hardware-based ACLs work . . . . . . . . . . . . . . . . . . . . . . . . . . .347How fragmented packets are processed . . . . . . . . . . . . . . . . .347Hardware aging of Layer 4 CAM entries . . . . . . . . . . . . . . . . . .347

Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347

Configuring standard numbered ACLs. . . . . . . . . . . . . . . . . . . . . . .348Standard numbered ACL syntax . . . . . . . . . . . . . . . . . . . . . . . .348Configuration example for standard numbered ACLs . . . . . . .350

Configuring standard named ACLs . . . . . . . . . . . . . . . . . . . . . . . . .350Standard named ACL syntax . . . . . . . . . . . . . . . . . . . . . . . . . . .350Configuration example for standard named ACLs . . . . . . . . . .352

Configuring extended numbered ACLs . . . . . . . . . . . . . . . . . . . . . .352Extended numbered ACL syntax . . . . . . . . . . . . . . . . . . . . . . . .353Configuration examples for extended numbered ACLs . . . . . .357

Configuring extended named ACLs . . . . . . . . . . . . . . . . . . . . . . . . .358Extended named ACL syntax. . . . . . . . . . . . . . . . . . . . . . . . . . .359Configuration example for extended named ACLs. . . . . . . . . .362

Preserving user input for ACL TCP/UDP port numbers. . . . . . . . . .363

Managing ACL comment text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .363Adding a comment to an entry in a numbered ACL. . . . . . . . .363

Applying an ACL to a virtual interface in a protocol- or subnet-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .364

Enabling ACL logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365

Enabling strict control of ACL filtering of fragmented packets. . . .367

Enabling ACL support for switched traffic in the router image . . .368

Enabling ACL filtering based on VLAN membership or VE port membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .368

Applying an IPv4 ACL to specific VLAN members ona port (Layer 2 devices only) . . . . . . . . . . . . . . . . . . . . . . . . . . .369Applying an IPv4 ACL to a subset of ports on a virtualinterface (Layer 3 devices only) . . . . . . . . . . . . . . . . . . . . . . . .369

Filtering on IP precedence and ToS values . . . . . . . . . . . . . . . . . . .370

QoS options for IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371DSCP matching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .372

ACL-based rate limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373

Using ACLs to control multicast features. . . . . . . . . . . . . . . . . . . . .373

Enabling and viewing hardware usage statistics for an ACL . . . . .373

Displaying ACL information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374

Brocade TurboIron 24X Series Configuration Guide xi53-1002242-03

Troubleshooting ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374

Chapter 14 Configuring Port Mirroring and Monitoring

Mirroring support by platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375

Configuring port mirroring and monitoring . . . . . . . . . . . . . . . . . . .375Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375Monitoring a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .377Monitoring an individual trunk port . . . . . . . . . . . . . . . . . . . . .377

ACL-based inbound mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .378Creating an ACL-based inbound mirror clause. . . . . . . . . . . . .378

MAC filter-based mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .382Configuring MAC filter-based mirroring. . . . . . . . . . . . . . . . . . .382

Chapter 15 Configuring Quality of Service

Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385Processing of classified traffic . . . . . . . . . . . . . . . . . . . . . . . . .385

QoS queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .388Assigning QoS priorities to traffic . . . . . . . . . . . . . . . . . . . . . . .388Buffer allocation/threshold for QoS queues . . . . . . . . . . . . . .390

Marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .390

Configuring DSCP-based QoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .390Application notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .391Using ACLs to honor DSCP-based QoS . . . . . . . . . . . . . . . . . . .391

Configuring the QoS mappings. . . . . . . . . . . . . . . . . . . . . . . . . . . . .391Default DSCP –> Internal forwarding priority mappings . . . . .391Changing the DSCP –> internal forwarding priority mappings392Changing the internal forwarding priority –> hardware forwarding queue mappings . . . . . . . . . . . . . . . . . . . . . . . . . . .393

Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .394QoS Queuing methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .394Selecting the QoS queuing method . . . . . . . . . . . . . . . . . . . . .395Configuring the QoS queues . . . . . . . . . . . . . . . . . . . . . . . . . . .395

Viewing QoS settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .398

Viewing DSCP-based QoS settings . . . . . . . . . . . . . . . . . . . . . . . . . .398

Chapter 16 Configuring Rate Limiting and Rate Shaping

Rate limiting overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .401

Rate limiting in hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .401How Fixed Rate Limiting works . . . . . . . . . . . . . . . . . . . . . . . . .401Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .402Configuring a port-based rate limiting policy . . . . . . . . . . . . . .402Configuring an ACL-based rate limiting policy . . . . . . . . . . . . .403Displaying the fixed rate limiting configuration . . . . . . . . . . . .403

xii Brocade TurboIron 24X Series Configuration Guide53-1002242-03

Rate shaping overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .404Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .404Configuring outbound rate shaping for a port . . . . . . . . . . . . .404Configuring outbound rate shaping for a specific priority . . . .405Configuring outbound rate shaping for a trunk port . . . . . . . .405Displaying rate shaping configurations . . . . . . . . . . . . . . . . . .405

Chapter 17 Configuring Traffic Policies

About traffic policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .407

Configuration notes and feature limitations . . . . . . . . . . . . . . . . . .407

Maximum number of traffic policies supported on a device . . . . .408Setting the maximum number of traffic policies supportedon a Layer 3 device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .409

ACL-based rate limiting using traffic policies. . . . . . . . . . . . . . . . . .409Support for fixed rate limiting and adaptive rate limiting . . . .410Configuring ACL-based fixed rate limiting. . . . . . . . . . . . . . . . .410Configuring ACL-based adaptive rate limiting . . . . . . . . . . . . .411Specifying the action to be taken for packets that areover the limit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .413

ACL and rate limit counting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .414Enabling ACL statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .414Enabling ACL statistics with rate limiting traffic policies. . . . .415Viewing ACL and rate limit counters . . . . . . . . . . . . . . . . . . . . .416Clearing ACL and rate limit counters . . . . . . . . . . . . . . . . . . . . 417

Viewing traffic policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

Chapter 18 Configuring IP Multicast Traffic Reduction

IGMP snooping overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .419IGMP V1, V2, and V3 snooping support . . . . . . . . . . . . . . . . . .420Queriers and non-queriers . . . . . . . . . . . . . . . . . . . . . . . . . . . .420IGMP snooping enhancements. . . . . . . . . . . . . . . . . . . . . . . . .421Configuration notes and feature limitations . . . . . . . . . . . . . .421

PIM SM traffic snooping overview . . . . . . . . . . . . . . . . . . . . . . . . . .422PIM SM snooping support . . . . . . . . . . . . . . . . . . . . . . . . . . . . .422Application examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .423Configuration notes and limitations . . . . . . . . . . . . . . . . . . . . .424

Brocade TurboIron 24X Series Configuration Guide xiii53-1002242-03

Configuring IGMP snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .425Enabling IGMP snooping globally on the device . . . . . . . . . . .426Configuring the IGMP mode . . . . . . . . . . . . . . . . . . . . . . . . . . .427Configuring the IGMP version . . . . . . . . . . . . . . . . . . . . . . . . . .428Disabling IGMP snooping on a VLAN . . . . . . . . . . . . . . . . . . . .428Disabling transmission and receipt of IGMP packetson a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .429Modifying the age interval for group membership entries . . .429Modifying the query interval (active IGMP snooping mode only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .429Modifying the maximum response time. . . . . . . . . . . . . . . . . .430Configuring report control . . . . . . . . . . . . . . . . . . . . . . . . . . . . .430Modifying the wait time before stopping traffic when receiving a leave message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .430Modifying the multicast cache age time . . . . . . . . . . . . . . . . .431Enabling or disabling error and warning messages . . . . . . . .431Configuring static router ports . . . . . . . . . . . . . . . . . . . . . . . . .431Turning off static group proxy . . . . . . . . . . . . . . . . . . . . . . . . . .431IGMP V3 membership tracking and fast leave . . . . . . . . . . . .432Fast leave for IGMP V2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .432Fast convergence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .433

Configuring PIM SM snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . .433Enabling or disabling PIM SM snooping . . . . . . . . . . . . . . . . . .433Enabling PIM SM snooping on a VLAN . . . . . . . . . . . . . . . . . . .434Disabling PIM SM snooping on a VLAN . . . . . . . . . . . . . . . . . .434

IGMP snooping show commands. . . . . . . . . . . . . . . . . . . . . . . . . . .434Displaying the IGMP snooping configuration . . . . . . . . . . . . . .434Displaying IGMP snooping errors . . . . . . . . . . . . . . . . . . . . . . .435Displaying IGMP group information . . . . . . . . . . . . . . . . . . . . .436Displaying IGMP snooping mcache information . . . . . . . . . . .437Displaying software resource usage for VLANs . . . . . . . . . . . .438Displaying the status of IGMP snooping traffic . . . . . . . . . . . .439

PIM SM snooping show commands. . . . . . . . . . . . . . . . . . . . . . . . .440Displaying PIM SM snooping information. . . . . . . . . . . . . . . . .440Displaying PIM SM snooping information on a Layer 2 switch440Displaying PIM SM snooping information for a specific group or source group pair . . . . . . . . . . . . . . . . . . . . . . . . . . . .441

Clear commands for IGMP snooping . . . . . . . . . . . . . . . . . . . . . . . .442Clearing the IGMP mcache . . . . . . . . . . . . . . . . . . . . . . . . . . . .442Clearing the mcache on a specific VLAN . . . . . . . . . . . . . . . . .442Clearing traffic on a specific VLAN . . . . . . . . . . . . . . . . . . . . . .443Clearing IGMP counters on VLANs . . . . . . . . . . . . . . . . . . . . . .443clear ip multicast counters . . . . . . . . . . . . . . . . . . . . . . . . . . . .443

xiv Brocade TurboIron 24X Series Configuration Guide53-1002242-03

Chapter 19 Configuring IP Multicast Protocols

Overview of IP multicasting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .445IPv4 multicast group addresses . . . . . . . . . . . . . . . . . . . . . . . .445Mapping of IPv4 Multicast group addresses toEthernet MAC addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .446Supported Layer 3 multicast routing protocols . . . . . . . . . . . .446Multicast terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .446

Changing global IP multicast parameters . . . . . . . . . . . . . . . . . . . .447Changing dynamic memory allocation for IP multicast groups447Changing IGMP V1 and V2 parameters . . . . . . . . . . . . . . . . . .447

PIM Dense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .449Initiating PIM multicasts on a network . . . . . . . . . . . . . . . . . . .450Pruning a multicast tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .450Grafts to a multicast Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . .452PIM DM versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .452Configuring PIM DM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .453Failover time in a multi-path topology . . . . . . . . . . . . . . . . . . .456Modifying the TTL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .456

PIM Sparse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .457PIM Sparse switch types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .458RP paths and SPT paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .459Configuring PIM Sparse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .459Anycast RP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .464Displaying PIM Sparse configuration informationand statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .468

Passive multicast route insertion. . . . . . . . . . . . . . . . . . . . . . . . . . .480

Multicast Source Discovery Protocol (MSDP) . . . . . . . . . . . . . . . . .480Peer Reverse Path Forwarding (RPF) flooding . . . . . . . . . . . . .482Source active caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .482Configuring MSDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .483Designating an interface IP address as the RP IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .484Filtering MSDP source-group pairs . . . . . . . . . . . . . . . . . . . . . .484MSDP mesh groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .487Displaying MSDP information . . . . . . . . . . . . . . . . . . . . . . . . . .494Clearing MSDP information. . . . . . . . . . . . . . . . . . . . . . . . . . . .498

Using ACLs to control multicast features. . . . . . . . . . . . . . . . . . . . .499Using ACLs to limit static RP groups . . . . . . . . . . . . . . . . . . . . .499Using ACLs to limit PIM RP candidate advertisement . . . . . . .501

Tracing a multicast route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .502

Displaying the multicast configuration for another multicast router503

Brocade TurboIron 24X Series Configuration Guide xv53-1002242-03

IGMP V3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .504Default IGMP version. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .505Compatibility with IGMP V1 and V2 . . . . . . . . . . . . . . . . . . . . .505Globally enabling the IGMP version . . . . . . . . . . . . . . . . . . . . .506Enabling the IGMP version per interface setting . . . . . . . . . . .506Enabling the IGMP version on a physical port withina virtual routing interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . .506Enabling membership tracking and fast leave . . . . . . . . . . . .507Setting the query interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . .507Setting the group membership time. . . . . . . . . . . . . . . . . . . . .508Setting the maximum response time . . . . . . . . . . . . . . . . . . . .508Displaying IGMP V3 information on Layer 3 Switches. . . . . . .508Clearing IGMP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .512

Chapter 20 Configuring LLDP

Terms used in this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .515

LLDP overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .516Benefits of LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .516

General operating principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517Operating modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517LLDP packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .518TLV support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .518

MIB support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .521

Syslog messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .521

Configuring LLDP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .522Configuration notes and considerations . . . . . . . . . . . . . . . . .522Enabling and disabling LLDP. . . . . . . . . . . . . . . . . . . . . . . . . . .523Changing a port LLDP operating mode . . . . . . . . . . . . . . . . . .523Specifying the maximum number of LLDP neighbors . . . . . . .524Enabling LLDP SNMP notifications and syslog messages . . .525Changing the minimum time between LLDP transmissions . .526Changing the interval between regular LLDP transmissions .526Changing the holdtime multiplier for transmit TTL . . . . . . . . .527Changing the minimum time between port reinitializations . .527LLDP TLVs advertised by the device . . . . . . . . . . . . . . . . . . . . .527Displaying LLDP statistics and configuration settings. . . . . . .533LLDP configuration summary . . . . . . . . . . . . . . . . . . . . . . . . . .533LLDP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .534LLDP neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .535LLDP neighbors detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .536LLDP configuration details . . . . . . . . . . . . . . . . . . . . . . . . . . . .538

Resetting LLDP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .539

Clearing cached LLDP neighbor information. . . . . . . . . . . . . . . . . .539

Chapter 21 Configuring IP

Basic configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .541

xvi Brocade TurboIron 24X Series Configuration Guide53-1002242-03

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .541IP interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .542IP packet flow through a Layer 3 Switch. . . . . . . . . . . . . . . . . .542IP route exchange protocols . . . . . . . . . . . . . . . . . . . . . . . . . . .547IP multicast protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .547IP interface redundancy protocols . . . . . . . . . . . . . . . . . . . . . .548Access Control Lists and IP access policies. . . . . . . . . . . . . . .548

Basic IP parameters and defaults – Layer 3 Switches. . . . . . . . . .548When parameter changes take effect . . . . . . . . . . . . . . . . . . .549IP global parameters – Layer 3 Switches. . . . . . . . . . . . . . . . .549IP interface parameters – Layer 3 Switches . . . . . . . . . . . . . .553

Basic IP parameters and defaults – Layer 2 Switches. . . . . . . . . .554IP global parameters – Layer 2 Switches. . . . . . . . . . . . . . . . .554Interface IP parameters – Layer 2 Switches . . . . . . . . . . . . . .555

Configuring IP parameters – Layer 3 Switches . . . . . . . . . . . . . . . .555Configuring IP addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .556Configuring packet parameters . . . . . . . . . . . . . . . . . . . . . . . .558Changing the router ID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .561Specifying a single source interface for Telnet,TACACS/TACACS+, or RADIUS Packets . . . . . . . . . . . . . . . . . . .562Configuring ARP parameters . . . . . . . . . . . . . . . . . . . . . . . . . . .564Configuring forwarding parameters . . . . . . . . . . . . . . . . . . . . .568Disabling ICMP messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . .570Configuring static routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571Configuring a default network route . . . . . . . . . . . . . . . . . . . . .580Configuring IP load sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . .581Configuring IRDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .584Configuring RARP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .586Configuring UDP broadcast and IP helper parameters . . . . . .588Configuring BootP/DHCP relay parameters . . . . . . . . . . . . . . .590

Configuring IP parameters – Layer 2 Switches . . . . . . . . . . . . . . . .591Configuring the management IP address and specifyingthe default gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .592Configuring Domain Name Server (DNS) resolver. . . . . . . . . .593Changing the TTL threshold . . . . . . . . . . . . . . . . . . . . . . . . . . .594Configuring DHCP Assist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .594

Displaying IP configuration information and statistics . . . . . . . . . .598Changing the network mask display to prefix format . . . . . . .598Displaying IP information – Layer 3 Switches . . . . . . . . . . . . .598Displaying IP information – Layer 2 Switches . . . . . . . . . . . . .612

Chapter 22 Configuring RIP

RIP overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617ICMP host unreachable message for undeliverable ARPs . . . 617

RIP parameters and defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617RIP global parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .618RIP interface parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . .618

Brocade TurboIron 24X Series Configuration Guide xvii53-1002242-03

Configuring RIP parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .619Enabling RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .619Configuring metric parameters . . . . . . . . . . . . . . . . . . . . . . . . .620Changing the administrative distance. . . . . . . . . . . . . . . . . . .621Configuring redistribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . .621Configuring route learning and advertising parameters . . . . .624Changing the route loop prevention method . . . . . . . . . . . . . .625Suppressing RIP route advertisement on a VRRP or VRRPE backup interface . . . . . . . . . . . . . . . . . . . . . . . . . . . .626Configuring RIP route filters . . . . . . . . . . . . . . . . . . . . . . . . . . .626

Displaying RIP filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .627

Displaying CPU utilization statistics . . . . . . . . . . . . . . . . . . . . . . . . .628

Chapter 23 Configuring OSPF Version 2 (IPv4)

Overview of OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .631OSPF point-to-point Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . .632Designated routers in multi-access networks . . . . . . . . . . . . .633Designated router election in multi-access networks . . . . . . .633OSPF RFC 1583 and 2178 compliance . . . . . . . . . . . . . . . . . .634Reduction of equivalent AS External LSAs . . . . . . . . . . . . . . . .635Support for OSPF RFC 2328 Appendix E . . . . . . . . . . . . . . . . .637Dynamic OSPF activation and configuration . . . . . . . . . . . . . .638

xviii Brocade TurboIron 24X Series Configuration Guide53-1002242-03

Configuring OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .639Configuration rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .639OSPF parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .639Enable OSPF on the router . . . . . . . . . . . . . . . . . . . . . . . . . . . .640Assign OSPF areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .641Assigning an area range (optional) . . . . . . . . . . . . . . . . . . . . . .645Assigning interfaces to an area . . . . . . . . . . . . . . . . . . . . . . . .645Modify interface defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . .645Change the timer for OSPF authentication changes . . . . . . . .648Block flooding of outbound LSAs on specific OSPF interfaces649Assign virtual links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .649Modify virtual link parameters . . . . . . . . . . . . . . . . . . . . . . . . .651Changing the reference bandwidth for the cost on OSPF interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .652Define redistribution filters . . . . . . . . . . . . . . . . . . . . . . . . . . . .654Prevent specific OSPF routes from being installed in the IP route table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .656Modify default metric for redistribution . . . . . . . . . . . . . . . . . .659Enable route redistribution . . . . . . . . . . . . . . . . . . . . . . . . . . . .660Disable or re-enable load sharing. . . . . . . . . . . . . . . . . . . . . . .661Configure external route summarization . . . . . . . . . . . . . . . . .662Configure default route origination. . . . . . . . . . . . . . . . . . . . . .664Modify SPF timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .665Modify redistribution metric type . . . . . . . . . . . . . . . . . . . . . . .665Modify administrative distance. . . . . . . . . . . . . . . . . . . . . . . . .666Configure OSPF group Link State Advertisement(LSA) pacing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .667Modify OSPF traps generated . . . . . . . . . . . . . . . . . . . . . . . . . .667Modify OSPF standard compliance setting . . . . . . . . . . . . . . .668Modify exit overflow interval . . . . . . . . . . . . . . . . . . . . . . . . . . .668Specifying the types of OSPF Syslog messages to log . . . . . .669

Clearing OSPF information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .669Clearing OSPF neighbor information . . . . . . . . . . . . . . . . . . . .669Clearing OSPF topology information . . . . . . . . . . . . . . . . . . . . .670Clearing redistributed routes from the OSPF routing table . . .670Clearing information for OSPF areas . . . . . . . . . . . . . . . . . . . .670

Displaying OSPF information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .671Displaying general OSPF configuration information . . . . . . . .671Displaying CPU utilization statistics . . . . . . . . . . . . . . . . . . . . .672Displaying OSPF area information . . . . . . . . . . . . . . . . . . . . . . 674Displaying OSPF neighbor information . . . . . . . . . . . . . . . . . . . 674Displaying OSPF interface information. . . . . . . . . . . . . . . . . . .676Displaying OSPF route information . . . . . . . . . . . . . . . . . . . . . .678Displaying OSPF external link state information . . . . . . . . . . .680Displaying OSPF link state information . . . . . . . . . . . . . . . . . .681Displaying the data in an LSA . . . . . . . . . . . . . . . . . . . . . . . . . .681Displaying OSPF virtual neighbor information . . . . . . . . . . . . .682Displaying OSPF virtual link information . . . . . . . . . . . . . . . . .682Displaying OSPF ABR and ASBR information . . . . . . . . . . . . . .682Displaying OSPF trap status . . . . . . . . . . . . . . . . . . . . . . . . . . .683

Brocade TurboIron 24X Series Configuration Guide xix53-1002242-03

Chapter 24 Configuring VRRP and VRRPE

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .685Overview of VRRP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .685Overview of VRRPE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .690Configuration note . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .693

Comparison of VRRP and VRRPE. . . . . . . . . . . . . . . . . . . . . . . . . . .693VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .693VRRPE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .693Architectural differences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .693

VRRP and VRRPE parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . .694

Configuring basic VRRP parameters . . . . . . . . . . . . . . . . . . . . . . . .696Configuring the Owner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .697Configuring a Backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .697Configuration rules for VRRP. . . . . . . . . . . . . . . . . . . . . . . . . . .697

Configuring basic VRRPE parameters . . . . . . . . . . . . . . . . . . . . . . .697Configuration rules for VRRPE . . . . . . . . . . . . . . . . . . . . . . . . .698

Note regarding disabling VRRP or VRRPE . . . . . . . . . . . . . . . . . . . .698

Configuring additional VRRP and VRRPE parameters . . . . . . . . . .698

Forcing a Master router to abdicate to a standby router . . . . . . . .705

Displaying VRRP and VRRPE information . . . . . . . . . . . . . . . . . . . .706Displaying summary information . . . . . . . . . . . . . . . . . . . . . . .706Displaying detailed information . . . . . . . . . . . . . . . . . . . . . . . .708Displaying statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .713Clearing VRRP or VRRPE statistics . . . . . . . . . . . . . . . . . . . . . . 714Displaying CPU utilization statistics . . . . . . . . . . . . . . . . . . . . . 714

Configuration examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 716VRRP example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 716VRRPE example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 717

Chapter 25 Configuring BGP4

Overview of BGP4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .719Relationship between the BGP4 route table and the IP route table720How BGP4 selects a path for a route . . . . . . . . . . . . . . . . . . . .721BGP4 message types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .722

Basic configuration and activation for BGP4 . . . . . . . . . . . . . . . . .724Note regarding disabling BGP4. . . . . . . . . . . . . . . . . . . . . . . . .725

BGP4 parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .725When parameter changes take effect . . . . . . . . . . . . . . . . . . .726

Memory considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .728Memory configuration options obsoleted by dynamic memory728

xx Brocade TurboIron 24X Series Configuration Guide53-1002242-03

Basic configuration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .729Enabling BGP4 on the router . . . . . . . . . . . . . . . . . . . . . . . . . .729Changing the router ID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .729Setting the local AS number . . . . . . . . . . . . . . . . . . . . . . . . . . .730Adding a loopback interface . . . . . . . . . . . . . . . . . . . . . . . . . . .730Adding BGP4 neighbors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .730Adding a BGP4 peer group . . . . . . . . . . . . . . . . . . . . . . . . . . . .737

Optional configuration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 741Changing the Keep Alive Time and Hold Time . . . . . . . . . . . . . 741Changing the BGP4 next-hop update timer . . . . . . . . . . . . . . . 742Enabling fast external fallover. . . . . . . . . . . . . . . . . . . . . . . . . . 742Changing the maximum number of paths forBGP4 load sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 743Customizing BGP4 load sharing . . . . . . . . . . . . . . . . . . . . . . . .744Specifying a list of networks to advertise. . . . . . . . . . . . . . . . . 745Changing the default local preference . . . . . . . . . . . . . . . . . . . 746Using the IP default route as a valid next hop fora BGP4 route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 747Advertising the default route. . . . . . . . . . . . . . . . . . . . . . . . . . . 747Changing the default MED (Metric) used forroute redistribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 747Enabling next-hop recursion . . . . . . . . . . . . . . . . . . . . . . . . . . . 748Changing administrative distances . . . . . . . . . . . . . . . . . . . . .751Requiring the first AS to be the neighbor AS . . . . . . . . . . . . . .752Disabling or re-enabling comparison of the AS-Path length . .752Enabling or disabling comparison of the router IDs . . . . . . . .753Configuring the Layer 3 Switch to always compareMulti-Exit Discriminators (MEDs) . . . . . . . . . . . . . . . . . . . . . . .753Treating missing MEDs as the worst MEDs . . . . . . . . . . . . . . .754Configuring route reflection parameters . . . . . . . . . . . . . . . . .754Aggregating routes advertised to BGP4 neighbors . . . . . . . . .758

Modifying redistribution parameters . . . . . . . . . . . . . . . . . . . . . . . .759Redistributing connected routes. . . . . . . . . . . . . . . . . . . . . . . .759Redistributing RIP routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .760Redistributing OSPF external routes. . . . . . . . . . . . . . . . . . . . .760Redistributing static routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 761Disabling or re-enabling re-advertisement of all learned BGP4 routes to all BGP4 neighbors . . . . . . . . . . . . . . . . . . . . . 761Redistributing IBGP routes into RIP and OSPF. . . . . . . . . . . . .762

Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .762Filtering specific IP addresses . . . . . . . . . . . . . . . . . . . . . . . . .762Filtering AS-paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .764Filtering communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .767Defining IP prefix lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .769Defining neighbor distribute lists . . . . . . . . . . . . . . . . . . . . . . .770Defining route maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 771Using a table map to set the rag value. . . . . . . . . . . . . . . . . . .779Configuring cooperative BGP4 route filtering. . . . . . . . . . . . . .780

Brocade TurboIron 24X Series Configuration Guide xxi53-1002242-03

Configuring route flap dampening . . . . . . . . . . . . . . . . . . . . . . . . . .783Globally configuring route flap dampening . . . . . . . . . . . . . . .784Using a route map to configure route flap dampeningfor specific routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .784Using a route map to configure route flap dampening fora specific neighbor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .785Removing route dampening from a route. . . . . . . . . . . . . . . . .786Removing route dampening from a neighbor routessuppressed due to aggregation . . . . . . . . . . . . . . . . . . . . . . . .786Displaying and clearing route flap dampening statistics . . . .788

Generating traps for BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .789

Displaying BGP4 information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .790Displaying summary BGP4 information . . . . . . . . . . . . . . . . . .790Displaying the active BGP4 configuration . . . . . . . . . . . . . . . .792Displaying CPU utilization statistics . . . . . . . . . . . . . . . . . . . . .793Displaying summary neighbor information . . . . . . . . . . . . . . .794Displaying BGP4 neighbor information. . . . . . . . . . . . . . . . . . .796Displaying peer group information . . . . . . . . . . . . . . . . . . . . . .807Displaying summary route information . . . . . . . . . . . . . . . . . .808Displaying the BGP4 route table . . . . . . . . . . . . . . . . . . . . . . . .809Displaying BGP4 route-attribute entries . . . . . . . . . . . . . . . . . .815Displaying the routes BGP4 has placed in theIP route table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .816Displaying route flap dampening statistics . . . . . . . . . . . . . . . 817Displaying the active route map configuration . . . . . . . . . . . .818

Updating route information and resetting a neighbor session . . .819Using soft reconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . .819Dynamically requesting a route refresh froma BGP4 neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .822Closing or resetting a neighbor session . . . . . . . . . . . . . . . . . .825Clearing and resetting BGP4 routes in the IP route table . . . .825

Clearing traffic counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .826

Clearing route flap dampening statistics. . . . . . . . . . . . . . . . . . . . .826

Removing route flap dampening . . . . . . . . . . . . . . . . . . . . . . . . . . .826

Clearing diagnostic buffers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .827

Chapter 26 Securing Access to Management Functions

Securing access methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .829

xxii Brocade TurboIron 24X Series Configuration Guide53-1002242-03

Restricting remote access to management functions . . . . . . . . . .831Using ACLs to restrict remote access . . . . . . . . . . . . . . . . . . . .831Defining the console idle time . . . . . . . . . . . . . . . . . . . . . . . . .833Restricting remote access to the device to specific IP addresses834Restricting access to the device based on IP orMAC address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .835Specifying the maximum number of login attemptsfor Telnet access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .836Restricting remote access to the device to specific VLAN IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .836Designated VLAN for Telnet management sessions to a Layer 2 Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .837Device management security . . . . . . . . . . . . . . . . . . . . . . . . . .838Disabling specific access methods. . . . . . . . . . . . . . . . . . . . . .838

Setting passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .840Setting a Telnet password . . . . . . . . . . . . . . . . . . . . . . . . . . . . .840Setting passwords for management privilege levels . . . . . . . .840Recovering from a lost password . . . . . . . . . . . . . . . . . . . . . . .843Displaying the SNMP community string . . . . . . . . . . . . . . . . . .843Specifying a minimum password length. . . . . . . . . . . . . . . . . .843

Setting up local user accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . .844Enhancements to username and password . . . . . . . . . . . . . .844Configuring a local user account . . . . . . . . . . . . . . . . . . . . . . .848Create password option. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .849Changing a local user password . . . . . . . . . . . . . . . . . . . . . . . .850

Configuring TACACS/TACACS+ security . . . . . . . . . . . . . . . . . . . . . .850How TACACS+ differs from TACACS. . . . . . . . . . . . . . . . . . . . . .851TACACS/TACACS+ authentication, authorization, and accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .851TACACS authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .851TACACS/TACACS+ configuration considerations . . . . . . . . . . .855Enabling TACACS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .855Identifying the TACACS/TACACS+ servers. . . . . . . . . . . . . . . . .856Specifying different servers for individual AAA functions . . . .856Setting optional TACACS/TACACS+ parameters . . . . . . . . . . . .857Configuring authentication-method lists for TACACS/TACACS+858Configuring TACACS+ authorization . . . . . . . . . . . . . . . . . . . . .860Configuring TACACS+ accounting . . . . . . . . . . . . . . . . . . . . . . .863Configuring an interface as the source for allTACACS/TACACS+ packets. . . . . . . . . . . . . . . . . . . . . . . . . . . . .864Displaying TACACS/TACACS+ statistics and configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .865

Brocade TurboIron 24X Series Configuration Guide xxiii53-1002242-03

Configuring RADIUS security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .866RADIUS authentication, authorization, and accounting . . . . .866RADIUS configuration considerations. . . . . . . . . . . . . . . . . . . .869RADIUS configuration procedure . . . . . . . . . . . . . . . . . . . . . . .870Configuring Brocade-specific attributes on the RADIUS server870Enabling SNMP to configure RADIUS . . . . . . . . . . . . . . . . . . . . 871Identifying the RADIUS server to the device. . . . . . . . . . . . . . .872Specifying different servers for individual AAA functions . . . .872Configuring a RADIUS server per port . . . . . . . . . . . . . . . . . . .872Mapping a RADIUS server to individual ports . . . . . . . . . . . . .873Setting RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 874Configuring authentication-method lists for RADIUS. . . . . . . .875Configuring RADIUS authorization . . . . . . . . . . . . . . . . . . . . . .877Configuring RADIUS accounting . . . . . . . . . . . . . . . . . . . . . . . .879Configuring an interface as the source for all RADIUS packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .880Displaying RADIUS configuration information . . . . . . . . . . . . .880

Configuring authentication-method lists . . . . . . . . . . . . . . . . . . . . .881Configuration considerations for authentication- method lists882Examples of authentication-method lists. . . . . . . . . . . . . . . . .883

Chapter 27 Configuring SSH2 and SCP

SSH version 2 support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .885Tested SSH2 clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .885Supported features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .886Unsupported features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .886

AES encryption for SSH2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .886

Configuring SSH2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .887Recreating SSH keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .888Generating a host key pair . . . . . . . . . . . . . . . . . . . . . . . . . . . .888Configuring DSA challenge-response authentication . . . . . . .889

Setting optional parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .891Setting the number of SSH authentication retries . . . . . . . . .892Deactivating user authentication . . . . . . . . . . . . . . . . . . . . . . .892Enabling empty password logins. . . . . . . . . . . . . . . . . . . . . . . .892Setting the SSH port number . . . . . . . . . . . . . . . . . . . . . . . . . .893Setting the SSH login timeout value. . . . . . . . . . . . . . . . . . . . .893Designating an interface as the source for all SSHpackets (Layer 3 code only). . . . . . . . . . . . . . . . . . . . . . . . . . . .893Configuring the maximum idle time for SSH sessions . . . . . .894

Filtering SSH access using ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . .894

Terminating an active SSH connection . . . . . . . . . . . . . . . . . . . . . .894

Displaying SSH connection information . . . . . . . . . . . . . . . . . . . . .894

Using Secure copy with SSH2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .896Enabling and disabling SCP . . . . . . . . . . . . . . . . . . . . . . . . . . .896Example file transfers using SCP . . . . . . . . . . . . . . . . . . . . . . .896

xxiv Brocade TurboIron 24X Series Configuration Guide53-1002242-03

Chapter 28 Configuring 802.1X Port Security

IETF RFC support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .899

How 802.1X port security works . . . . . . . . . . . . . . . . . . . . . . . . . . .899Device roles in an 802.1X configuration . . . . . . . . . . . . . . . . .899Communication between the devices . . . . . . . . . . . . . . . . . . .900Controlled and uncontrolled ports . . . . . . . . . . . . . . . . . . . . . .902Message exchange during authentication . . . . . . . . . . . . . . . .903Authenticating multiple hosts connected to the same port . .905802.1X port security and sFlow . . . . . . . . . . . . . . . . . . . . . . . .907

Configuring 802.1X port security . . . . . . . . . . . . . . . . . . . . . . . . . . .907Configuring an authentication method list for 802.1X . . . . . .908Setting RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . .908Configuring dynamic VLAN assignment for 802.1X ports . . . .912Dynamically applying IP ACLs and MAC filters to802.1X ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .915Enabling 802.1X port security. . . . . . . . . . . . . . . . . . . . . . . . . .919Setting the port control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .919Configuring periodic re-authentication. . . . . . . . . . . . . . . . . . .920Re-authenticating a port manually . . . . . . . . . . . . . . . . . . . . . .921Setting the quiet period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .921Specifying the wait interval and number of EAP-request/identity frame retransmissions . . . . . . . . . . . . . . . . . . . . . . . . .921Specifying the wait interval and number of EAP-request/identity frame retransmissions from the RADIUS server . . . .922Specifying a timeout for retransmission of messages to the authentication server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .923Initializing 802.1X on a port . . . . . . . . . . . . . . . . . . . . . . . . . . .923Allowing access to multiple hosts . . . . . . . . . . . . . . . . . . . . . . .923Configuring VLAN access for non-EAP-capable clients . . . . . .925

Displaying 802.1X information. . . . . . . . . . . . . . . . . . . . . . . . . . . . .926Displaying 802.1X configuration information . . . . . . . . . . . . .927Displaying 802.1X statistics . . . . . . . . . . . . . . . . . . . . . . . . . . .929Clearing 802.1X statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .930Displaying dynamically assigned VLAN information . . . . . . . .931Displaying information about dynamically appliedMAC filters and IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .931Displaying 802.1X multiple-host authentication information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .933

Sample 802.1X configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . .936Point-to-point configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . .937Hub configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .938802.1X Authentication with dynamic VLAN assignment . . . . .939

Using multi-device port authentication and 802.1X securityon the same port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .940

Configuring Brocade-specific attributes on the RADIUS server941Example configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .942

Brocade TurboIron 24X Series Configuration Guide xxv53-1002242-03

Chapter 29 Using the MAC Port Security Feature

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .947Local and global resources . . . . . . . . . . . . . . . . . . . . . . . . . . . .947Configuration notes and feature limitations . . . . . . . . . . . . . .948

Configuring the MAC port security feature . . . . . . . . . . . . . . . . . . .948Enabling the MAC port security feature . . . . . . . . . . . . . . . . . .948Setting the maximum number of secure MAC addressesfor an interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .949Setting the port security age timer . . . . . . . . . . . . . . . . . . . . . .949Specifying secure MAC addresses . . . . . . . . . . . . . . . . . . . . . .949Autosaving secure MAC addresses to thestartup-config file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .950Specifying the action taken when a securityviolation occurs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .950

Clearing port security statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . .952Clearing restricted MAC addresses. . . . . . . . . . . . . . . . . . . . . .952Clearing violation statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . .952

Displaying port security information . . . . . . . . . . . . . . . . . . . . . . . .952Displaying port security settings . . . . . . . . . . . . . . . . . . . . . . . .952Displaying the secure MAC addresses . . . . . . . . . . . . . . . . . . .953Displaying port security statistics . . . . . . . . . . . . . . . . . . . . . . .953Displaying restricted MAC addresses on a port . . . . . . . . . . . .954

Chapter 30 Configuring Multi-Device Port Authentication

How multi-device port authentication works. . . . . . . . . . . . . . . . . .955RADIUS authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .955Authentication-failure actions . . . . . . . . . . . . . . . . . . . . . . . . . .956Supported RADIUS attributes . . . . . . . . . . . . . . . . . . . . . . . . . .956Support for dynamic VLAN assignment . . . . . . . . . . . . . . . . . .957Support for dynamic ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . .957Support for authenticating multiple MAC addresses on an interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .957

Using multi-device port authentication and 802.1X security on the same port . . . . . . . . . . . . . . . . . . . . . . . . . .957

Configuring Brocade-specific attributes on the RADIUS server958

xxvi Brocade TurboIron 24X Series Configuration Guide53-1002242-03

Configuring multi-device port authentication . . . . . . . . . . . . . . . . .959Enabling multi-device port authentication . . . . . . . . . . . . . . . .959Specifying the format of the MAC addresses sent to the RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .960Specifying the authentication-failure action . . . . . . . . . . . . . .960Generating traps for multi-device port authentication . . . . . .961Defining MAC address filters. . . . . . . . . . . . . . . . . . . . . . . . . . .961Configuring dynamic VLAN assignment . . . . . . . . . . . . . . . . . .962Dynamically applying IP ACLs to authenticated MAC addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .964Enabling denial of service attack protection . . . . . . . . . . . . . .966Clearing authenticated MAC addresses . . . . . . . . . . . . . . . . . .967Disabling aging for authenticated MAC addresses . . . . . . . . .967Changing the hardware aging period for blocked MAC addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .968Specifying the aging time for blocked MAC addresses . . . . . .969Specifying the RADIUS timeout action . . . . . . . . . . . . . . . . . . .969Multi-device port authentication password override . . . . . . . .970Limiting the number of authenticated MAC addresses. . . . . . 971

Displaying multi-device port authentication information . . . . . . . . 971Displaying authenticated MAC address information . . . . . . . . 971Displaying multi-device port authentication configurationinformation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .972Displaying multi-device port authentication informationfor a specific MAC address or port . . . . . . . . . . . . . . . . . . . . . .972Displaying the authenticated MAC addresses . . . . . . . . . . . . .973Displaying the non-authenticated MAC addresses . . . . . . . . .973Displaying multi-device port authenticationinformation for a port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 974Displaying multi-device port authentication settings and authenticated MAC addresses . . . . . . . . . . . . . . . . . . . . .975

Chapter 31 Protecting Against Denial of Service Attacks

Protecting against Smurf attacks. . . . . . . . . . . . . . . . . . . . . . . . . . .979Avoiding being an intermediary in a Smurf attack. . . . . . . . . .979Avoiding being a victim in a Smurf attack . . . . . . . . . . . . . . . .980Protection against ICMP attacks. . . . . . . . . . . . . . . . . . . . . . . .980

Protecting against TCP SYN attacks. . . . . . . . . . . . . . . . . . . . . . . . .981Protection against TCP-SYN attacks . . . . . . . . . . . . . . . . . . . . .981TCP security enhancement . . . . . . . . . . . . . . . . . . . . . . . . . . . .982Displaying statistics about packets droppedbecause of DoS attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .983Displaying statistics about packets dropped due toDoS attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .984

Chapter 32 Securing SNMP Access

SNMP overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .985

Brocade TurboIron 24X Series Configuration Guide xxvii53-1002242-03

Establishing SNMP community strings . . . . . . . . . . . . . . . . . . . . . .985Encryption of SNMP community strings . . . . . . . . . . . . . . . . . .986Adding an SNMP community string . . . . . . . . . . . . . . . . . . . . .986Displaying the SNMP community strings . . . . . . . . . . . . . . . . .987Configuring your NMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .988Configuring SNMP version 3 . . . . . . . . . . . . . . . . . . . . . . . . . . .989Defining the engine id . . . . . . . . .