Instruction/ maintenance manual of the product 6200 SERIES Dell
Go to page of 176
www .dell.com | support.dell.com Dell™ PowerConnect™ 6200 Series Configuration Guide Model: PC6224, PC6248, P C6224P , PC6248P , and PC6224F.
Notes, Cautions, and Warnings NOTE: A NOTE i ndic ates import ant inf orma tion th at he lps you make bet ter us e of your computer . CAUTION: A CAUTION in dicates pot ential damage to hardware or loss of data if in structions a re not f ollowed.
3 Contents 1 About this Document . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Organiz ation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Additiona l Documentatio n . . . . . . . . . . . . . . . . . . . . . . . .
4 3 Switching Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 29 Vir t u a l L A Ns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 VLA N Config uration Example . . . . . . . . . . . . . . . . . . . . . . . . 30 CLI Exa mples .
5 sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Overv iew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 sFlow Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 CLI Exa mples .
6 5 Device Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 802.1x Ne twork Acce ss Control . . . . . . . . . . . . . . . . . . . . . . . . 106 802. 1x Network Acces s Control Exa mples . . . . . . . . . . . . . . . . 106 802.1 X Authentic ation and VLANs .
7 6I P v 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 Overv iew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 Interfac e Configu ration . . . . . . . . . . . . . . . . . . . . . . . . .
8 9 Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 1 Auto Co nfig . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 Overv iew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
About th is Document 9 1 About this Do cument This configuration guide prov ides examples of how to use the Dell™P owe rConnect™ 6200 Series switch in a ty pical network.
10 About this Docume nt Additional Do cumentation The following document ation provides additional information about P owerConnect 6200 Series softwa re: •T h e CLI Command Reference for your Dell P.
System Configurat ion 11 2 System Configuration This section provide s configuration scenarios for the following features: •" T r a c e r o u t e " o n p a g e 1 2 • "C onfigura tio.
12 System C onfigu rati on T rac eroute Use T ra ceroute to di scove r the route s that packets take when tra veling on a hop -by-ho p basis to their destination through the network.
System Configurat ion 13 --More-- or (q)uit 20 64.233.174.99 250 ms 240 m s 250 ms Hop Count = 20 Last TTL = 30 Test atte mpt = 90 Test Success = 90 Configuration Scripting Configuration scripting allows you to generate a text-f ormatt ed script file that shows the curr ent system configuration.
14 System C onfigu rati on CLI Examp les The following are e xamples of the comma nds used for configurations scripting. Exam ple # 1: Viewing the Scri pt O ptio ns console#script ? apply Applies configuration script to the sw itch. delete Deletes a configuration script file fr om the switch.
System Configurat ion 15 Example #4: Cop ying the Active Co nfiguration into a Sc ript Use this command to captur e the running configuration into a script.
16 System C onfigu rati on exit configure logging web-session bridge aging-time 100 exit Configuration script validated. File transfer operation completed succ essfully.
System Configurat ion 17 CLI Examp les The following are e xamples of the commands used in the outbo und telnet feature. Exam ple #1: Conne ctin g to Anot her System by Usin g T eln et console#telnet 192.
18 System C onfigu rati on CLI Examp les The following are e xamples of the commands used in the SNTP fea ture. Exam ple #1: Viewing S NTP Opt ion s (Dell PC62XX Routing)(Config) #sntp ? console(config)#sntp ? authenticate Require authentication for received Ne twork Time Protocol (NTP) traffic from servers.
System Configurat ion 19 Exam ple #3: Viewing S NTP I nforma tion console#show sntp ? configuration Show the conf iguration of the Simple Network Time Protocol (SNT P).
20 System C onfigu rati on Syslog Overview Syslog: • Al low s y ou to sto re syst em m es sage s a nd /or err ors . • Can store to local files on the switch or a remote server running a syslog daem on. • P rovides a meth od of collecting mess age logs from many systems .
System Configurat ion 21 Web Session Logging : disabled SNMP Set Command Logging : disabled 0 Messages were not logged. Buffer Log: <189> JAN 01 03:57:58 10.27.65.86-1 TR APMGR[216282304]: traputil.c(908) 31 %% Instance 0 has elected a new STP root: 8000:00ff:f2a3:8888 <189> JAN 01 03:57:58 10.
22 System C onfigu rati on alert Immediate act ion needed critical Critical cond itions debug Debugging mes sages emergency System is unu sable error Error conditi ons info Informational messages noti.
System Configurat ion 23 Storm Control A traffic storm occurs when incoming pack ets flood the LAN result ing in network performance degradation. The St orm Control featur e protects against this condition. The switch soft ware pro vides broadcast, multicast, and unicast storm r ecovery for individual interfaces.
24 System C onfigu rati on Example #1: Set Broadcast Storm Control for an Interface console#configure console(config)#interface ethernet 1/g17 console(config-if-1/g17)#storm-control broadcast ? <cr> Press enter t o execute the command. level Configure sto rm-control thresholds.
System Configurat ion 25 Cable Diagno stics This section de scribes: • "Copper P ort Cable T est" on page 25 • "F iber P ort Cable T est" on page 27 NOTE: Cable Diag nostic s is support ed on SFP/XFP ports but not on the Sta ckin g/CX- 4/SFP +/10Gb aseT po rts.
26 System C onfigu rati on Exam ple #1: Cabl e T est for Copp er Po rts console#test copper-port tdr 1/g1 Cable Status.......................... ......
System Configurat ion 27 Examp le #3: S how La st T ime Doma in Refle ctomet ry T ests Use the sho w copper-ports tdr comm and in P rivileged EXEC mode to display the last Time Domain Refle ctometry (T DR) tests o n specifi ed ports. The following examp le displays the last TDR tests on a ll ports.
28 System C onfigu rati on.
Switch ing Confi guration 29 3 Switching Configuration This section provide s configuration scenarios for the following features: • "Virtu al LANs" on page 29 • "V oice VLAN" o.
30 Switch ing C onfigu rati on • The IP -subne t Based VLAN fe ature l ets you map IP addresses to VLANs by specifying a source IP addr ess, net work mask, and the desir ed VLAN ID. • The MAC-based VL AN feature let packets originating from end stat ions become part of a VLAN accor ding to sour ce MAC addr ess.
Switch ing Confi guration 31 CLI Examp les T h e fo ll ow in g e x a m p l e s s h o w ho w t o c r e at e V LA N s , a ss i gn p o r t s t o t h e V L AN s, an d a ss i g n a V LA N a s t he default VLAN to a port.
32 Switch ing C onfigu rati on Example #3: Assign Ports to VLAN3 This ex ample shows how to assign the ports t hat will belong to VLAN 3. Untagged frames wi ll be acce pted on po rts 1/g19 a nd 1/ g20. Note that port 1/g1 8 bel ongs to bo th VLA Ns and t hat po rt 1/g17 c an n eve r belo ng t o VLA N 3.
Switch ing Confi guration 33 Examp le #6: V iew Infor mation About V LAN 2 console#show ip interface vlan 2 Primary IP Address............................ 192.168.10.33/255.255.255.0 Routing Mode.................................. Enable Administrative Mode.
34 Switch ing C onfigu rati on IP Subnet and MAC-B ased VLANs In addition to port-based V LANs, the sw itch also supports VLANs that are bas ed on the IP addr ess or MAC address of a host. W ith IP subnet and MA C-based VLANs , the VLAN membership is determined by the address of the host rather tha n the port to which the host is attached.
Switch ing Confi guration 35 Exam ple # 4: Viewing IP S ubnet a nd MAC -Ba sed V LAN Ass ociati ons console#show vlan association mac MAC Address VLAN ID ----------------- ------- 00FF.F2A3.8886 10 console#show vlan association subnet IP Subnet IP Mask VLAN ID ---------------- ---------------- ------- 192.
36 Switch ing C onfigu rati on CLI Examp le Exam ple #1: Conf iguri ng a Pro tec ted Po rt The comma nds in th is example na me the protected p ort gro up 1 “PP_ T e st” and a ssign po rts 1 and 2 to the group.
Switch ing Confi guration 37 Vo i c e V L A N V oice VLAN enables sw itch ports to ca rry voice tra ffic with a defin ed priority in order to en able the separati on of voice a nd data traffic coming onto the port.
38 Switch ing C onfigu rati on • Wh en a d ot1p prio rity is assoc iated wi th the V oice V LAN port in stea d of a VL AN I D, th en th e prio rity inform ation is p assed onto the VOIP ph one using t he LLD P -M ED m echan ism.
Switch ing Confi guration 39 Exam ple #2: Conf iguri ng Voice VLAN on an Unau then tica ted Port I n s o me n e t w or ks , m u l t i p l e de vi c e s ( f or ex a m p l e , a P C, Pri nt e r , an d p h on e ) a r e c o n n e c te d t o a s in gl e p o r t on t he switch.
40 Switch ing C onfigu rati on IGMP Snooping This sectio n describes the Interne t Group Manage ment P rotocol (IGMP) Snooping feature. IGMP Snooping enables the swi tch to moni tor IGMP tra nsa ctions between ho sts and routers.
Switch ing Confi guration 41 1. Create VLAN 1 00. console#configure console(config)#vlan database console(config-vlan)#vlan 100 2. Enable IGMP snooping on the VLAN.
42 Switch ing C onfigu rati on 9. View information about the IGM P snooping configu ration. console#show ip igmp snooping Admin Mode..................................... Enable Multicast Control Frame Count.................. 0 Interfaces Enabled for IGMP Snooping.
Switch ing Confi guration 43 Multicast Packets Received..................... 626494 Broadcast Packets Received..................... 0 console#show statistics ethernet 1/g10 ... Total Packets Received Without Errors.......... 12 Unicast Packets Received.
44 Switch ing C onfigu rati on Examp le #2: C onfigur e IGMP Sn ooping Q uerier P roperti es The firs t com mand in th is examp le se ts the IG MP Que rier Q uery In terva l time to 1 00. T his me ans that the swit ch waits 100 s econds befor e sending another general query .
Switch ing Confi guration 45 Examp le #5: Show IGMP Sn ooping Qu erier Info rmation f or VLAN 10 console#show ip igmp snooping querier vlan 10 Vlan 10 : IGMP Snooping querier status ---------------------------------------------- IGMP Snooping Querier Vlan Mode.
46 Switch ing C onfigu rati on CLI Examp le The following shows an e xample of configuring the softwar e to support Link Aggr egation (L AG) to a server and to a Layer 3 switch.
Switch ing Confi guration 47 Examp le 1: C reate Nam es for T wo Port- Channels console#configure console(config)#interface port-channel 1 console(config-if-ch1)#description lag_1 console(config-if-ch.
48 Switch ing C onfigu rati on ch2 No Configured Ports 3 ch3 No Configured Ports 3 ch4 No Configured Ports 3 ch5 No Configured Ports 3 ch6 No Configured Ports 3 ch7 No Configured Ports 3 ch8 No Config.
Switch ing Confi guration 49 Port Mirrorin g This section describes the P ort Mirroring feature, whic h can serve as a diag nostic tool, debugging tool , or mea ns of fe ndin g off at tacks.
50 Switch ing C onfigu rati on Port Security This sectio n describes the P ort Security feat ure. Overview P ort Security : • Allow s for limi ting the num ber of M AC add resses on a giv en po rt. • P ack ets that have a matchin g MAC addr ess (secur e packets) ar e forwar ded; all other pack ets (uns ecure packets) ar e restricted.
Switch ing Confi guration 51 CLI Examp les The following are e xamples of the commands used in the P ort Security feature. Exam ple # 1: Enab le P ort S ecu rity on a n I nter fac e console(config)#interface ethernet 1/g18 console(config-if-1/g18)#port security ? <cr> Press enter to execute the command.
52 Switch ing C onfigu rati on Link Layer D iscovery Protocol The Link Layer D iscovery Protocol (LLDP) feature allows individual interfaces on the switch to adv ertise major capabili ties and p hysical de scriptions . Networ k managers can view this information and identify system topology and detect ba d configurations on the LAN.
Switch ing Confi guration 53 Examp le #3: Show Global LLDP Param eters console#show lldp LLDP Global Configuration Transmit Interval............................ 30 seconds Transmit Hold Multiplier..................... 8 Reinit Delay...................
54 Switch ing C onfigu rati on Denial of Se rvice Attac k Protec tion This sectio n describes the P owerConnect 6200 Se ries Denial of Service P r otection feature.
Switch ing Confi guration 55 T able 3- 1 describes t he dos-control key w ord s . T abl e 3-1. DoS Control CLI Examp les The commands shown below s how how to enab le DoS protection and view i ts status.
56 Switch ing C onfigu rati on Example #2: V iewing the DoS Configuration Information console#show dos-control SIPDIP Mode.................................... Enable First Fragment Mode............................ Enable Min TCP Hdr Size..............
Switch ing Confi guration 57 The hardw are rate limits DHCP pack ets sent to the CP U from interfaces to 64 Kbps. The DHCP snooping application pro cesses incoming DHCP mess ages. F or DHCPREL EASE and DHCPDEC LINE messages, the a pplication comp ares the r eceive i nterface and V LAN with the client interfac e and VLAN i n the binding s datab ase.
58 Switch ing C onfigu rati on Figure 3-4. DHCP Bind ing The DHCP snoo ping compo nent does not forward server mes sages since they are forwarded in hardware. DHCP snooping forwar ds valid DHCP client messages r eceiv ed on un-truste d interface s to all trusted interfac es within the V LAN.
Switch ing Confi guration 59 CLI Examp les The commands below show exa mples of configuring DHCP Snooping for the switch and for individual interfaces.
60 Switch ing C onfigu rati on console(config)# console(config)#exit Examp le #6 C onfigur e DHCP sn ooping d atabas e Persist ency int erval console(config)#ip dhcp snooping database write-delay 500 .
Switch ing Confi guration 61 Exa mple #10 Sho w DHCP Sno oping confi guratio n on VLANs and Ports show ip dhcp snooping binding DHCP snooping is Enabled DHCP snooping source MAC verification is enable.
62 Switch ing C onfigu rati on ----------- ---------- ---------------- 1/g15 No No 1/g16 No No 1/g17 No No 1/g18 No No 1/g19 No No 1/g20 No No 1/g21 No No 1/g22 No No 1/g23 No No 1/g24 No No 1/xg3 No .
Switch ing Confi guration 63 Exa mple #12 Sho w DHCP Snoopi ng datab ase config uratio ns console#show ip dhcp snooping database agent url: local write-delay: 500 console# Exam ple # 13 S how DHC P Sn.
64 Switch ing C onfigu rati on 1/g3 No 15 1 1/g4 No 15 1 1/g5 No 15 1 1/g6 No 15 1 1/g7 No 15 1 1/g8 No 15 1 1/g9 No 15 1 1/g10 No 15 1 1/g11 No 15 1 1/g12 No 15 1 1/g13 No 15 1 1/g14 No 15 1 1/g15 No.
Switch ing Confi guration 65 ch3 No 15 1 ch4 No 15 1 ch5 No 15 1 ch6 No 15 1 ch7 No 15 1 ch8 No 15 1 ch9 No 15 1 ch10 No 15 1 --More-- or (q)uit console# Example #15 Show D HCP Snooping Per Port Stati.
66 Switch ing C onfigu rati on 1/g11 0 0 0 1/g12 0 0 0 1/g13 0 0 0 1/g14 0 0 0 1/g15 0 0 0 1/g16 0 0 0 1/g17 0 0 0 1/g18 0 0 0 1/g19 0 0 0 1/g20 0 0 0 --More-- or (q)uit 1/g21 0 0 0 1/g22 0 0 0 1/g23 .
Switch ing Confi guration 67 ch13 0 0 0 ch14 0 0 0 ch15 0 0 0 ch16 0 0 0 ch17 0 0 0 --More-- or (q)uit sFlow This sectio n describes the sFlow feature.
68 Switch ing C onfigu rati on The advantages o f using sFlow ar e: • It is possible to monit or all port s of the switch continuousl y , with no impact on t he distri buted switching perf ormance.
Switch ing Confi guration 69 The mechani sm involv es a counter t hat is decr emen ted w ith each pack et. When th e counter r eaches zero a sample is taken. 5. When a sam ple is taken, the counter indicatin g how many packets to skip before taking the next sample is reset.
70 Switch ing C onfigu rati on Examp le #4: Show the sFlo w config uration f or receive r index 1 console#show sflow 1 destination Receiver Index................................. 1 Owner String................................... site77 Time out.......
Switch ing Confi guration 71 Example #6: Show sFlow polling for receiver index 1 console#show sflow 1 polling Poller Receiver Poller Data Source Index Interval ----------- ------- ------- 1/g1 1 200 1.
72 Switch ing C onfigu rati on.
Rout ing Configu ration 73 4 Routing Co nfiguration This section de scribes configurat ion scenari os and instructions for the following routing features: • "V LAN Routing" o n page 74 •.
74 Rout ing Configu ration VLAN Routing This section prov ides an exampl e of how to config ure P owerConnect 6200 Series so ftware to support VLA N ro u ting . NOTE: The mana gemen t VLAN cannot be config ured as a r outin g inter face. The swi tch may als o be mana ged vi a VLAN r out ing in ter faces .
Rout ing Configu ration 75 console(config-vlan)#vlan 10 console(config-vlan)#vlan 20 console(config-vlan)#exit Exam ple 2 : Co nfig ure the VLAN Mem bers The following co de sequence shows an example of adding ports to the V LANs and assignin g the PVID for each port.
76 Rout ing Configu ration Exa mple 3: Set Up VLAN Routin g for the VLAN s and Assi gn an IP Addre ss The following co de sequence shows how to enable routing for the VLANs and how to configure the IP addr esses and subnet masks for the virtual route r ports.
Rout ing Configu ration 77 V irtual Rout er Redundancy Pr otocol When an end station is statically configured with the addr ess of the rou ter that will handle its routed traffic, a s ingle point of failur e is introduced into th e network. If the rou ter goes down, the en d station is unable to communicate.
78 Rout ing Configu ration Configuring VRRP on the Switch as a Master Router 1 Enable routin g for the s witch. IP forw arding is then ena bled by def ault.
Rout ing Configu ration 79 4 Assign virtual router ID to the interfac e that will pa rticipate in the prot ocol: console(config)#interface vlan 50 console(config-if-vlan50)#ip vrrp 20 5 Specify the IP address that the virtual router function will recognize.
80 Rout ing Configu ration Proxy Ad dress Resolution Protoc ol (ARP) This sectio n describes the P roxy Address Resolution P rotocol ( ARP) featur e. Overview • P roxy ARP allows a router to a nswer ARP requests where the target IP address is n ot t he router itself but a des tinatio n th at t he r outer can reac h.
Rout ing Configu ration 81 Active State................................... Inactive Link Speed Data Rate........................... 10 Half MAC Address.................................... 00FF.F2A3.888A Encapsulation Type............................. Ethernet IP MTU.
82 Rout ing Configu ration A virtual link can be used to connect an ar ea to Area 0 when a direct li nk is not possible. A virtua l link traverses an area between the remote area and Ar ea 0 (see F i gure 4-5). A stub ar ea is an ar ea that does not receive rout es that were learned from a protocol other than OSP F or were statically configur ed.
Rout ing Configu ration 83 External routes ar e those imported into OSPF from other routing pro tocol or processes. OSPF compute s the path cos t differently for external typ e 1 and external type 2 route s.
84 Rout ing Configu ration IPv4 (OSP Fv2) IPv6 (O SPFv3) • Enable routing for the switch : console#config ip routing exit console#config ipv6 unicast-routing exit Enable routing and a ssign IP for VLANs 70, 80 a nd 90. config interface vlan 70 routing ip address 192.
Rout ing Configu ration 85 Examp le 2: Confi guring Stub an d NSSA Areas In t his exam ple , A rea 0 c o nne cts di rect ly t o tw o o the r are as: Are a 1 i s d efin ed as a s tub area and Area 2 is defined as an NS SA area.
86 Rout ing Configu ration Figur e 4-4. OSPF Co nfigu rati on—St ub Are a and N SSA Are a Configure Router A : Router A is a backbone router . It li nks to an ASBR (not define d her e) that routes traff ic outs ide the AS .
Rout ing Configu ration 87 ipv6 address 3000:3:100::/64 eui64 ip ospf area 0.0.0.0 ipv6 ospf exit • Define an OS PF router: ipv6 router ospf router-id 3.3.3.3 exit router ospf router-id 3.3.3.3 exit exit Configure Router B: Rout er B is a ABR that c onnec ts Ar ea 0 t o Ar eas 1 and 2.
88 Rout ing Configu ration • F or IPv4: Defin e an OSPF ro uter . Define Ar ea 1 as a stub. En able OSPF for IPv4 on VLANs 10, 5, and 17 by globally d efining the ra nge of IP addresses associated with ea ch interface, an d then associating those ranges with A reas 1, 0, and 17, respectively .
Rout ing Configu ration 89 Exa mple 3: Conf iguring a V irtual Link In this e xample, Ar ea 0 connects dire ctly to Area 1. A virtual link is defined tha t traverses Area 1 and connects to Area 2. F igur e 4-5 illustrates this example OSPF configurati on.
90 Rout ing Configu ration router ospf router-id 3.3.3.3 network 10.2.3.0 0.0.0.255 area 0.0.0. 0 exit exit Configure Router B: Router B is a A BR that dire ctly connects Area 0 to Area 1. In addit ion to the configuration steps described in the prev ious example, we define a virtual link that trav erse s Area 1 to Router C (5.
Rout ing Configu ration 91 routing ip address 10.1.2.1 255.255.255.0 ipv6 address 3000:1:2::/64 eui64 ipv6 ospf ipv6 ospf areaid 1 exit interface vlan 11 routing ip address 10.1.101.1 255.255.255.0 ipv6 address 3000:1:101::/64 eui64 ipv6 ospf ipv6 ospf areaid 2 exit ipv6 router ospf router-id 5.
92 Rout ing Configu ration Routing Inform ation Protocol Routing Information Pr otocol (RIP) is one of the proto cols which may be used by routers to ex change network topology informat ion. It is characterized as an “interior ” gateway protocol, and is typically used in small to medium-sized networks.
Rout ing Configu ration 93 CLI Examp les The configuration co mmands used in the following example enabl e RIP on ports vlan 2 and vlan 3 as shown in the network illustrated in F igur e 4-6.
94 Rout ing Configu ration Exam ple #3. Enab le RIP for the Switch The next sequence enables RIP for the swit ch. The route preference defaults to 15. console#config router rip enable exit exit Exam ple # 4. Enab le RI P fo r the VLA N Ro utin g I nterfa ces This command sequence enables RIP for VLAN 2 and VLAN 3.
Rout ing Configu ration 95 Route Preferenc es Y ou can use route preference assignment to control how the router chooses which routes to use when alternativ es exis t.
96 Rout ing Configu ration Exam ple 1 : Co nfig ure Admini st rativ e Pr efere nce s The following commands configure the administrative pr eference for the RIP and OSPF : console#Config router rip di.
Rout ing Configu ration 97 Using E qual Cost Multipath The equal cost multipath (ECMP) feat ure allows a ro uter to use mor e than one next hop to forward packets to a given destination prefix. I t can be used to promote a mor e optimal use of network r esources and bandwidth .
98 Rout ing Configu ration Routing protocols can also be configur ed to compute ECMP routes. F or example, r eferring t o F igure 4-8, if OSPF were configur ed in on both links connecting Router A and Router B, and if Router B advertised its connectio n to 20.
Rout ing Configu ration 99 Loopback Interfaces P owerConnect 6200 Se ries softwar e provide s for th e creation, deletion, and management of loopback interfaces.
100 Rout ing Configu ration IP MTU................................ ......... 1500 Bandwidth............................. ......... 100000 kbps Destination Unreachables.
Rout ing Configu ration 101 T able 4-1. Default Port s - UDP P ort Numb ers Impli ed By Wild card The sw itch li mits the number of r elay en tries t o four ti mes the maximum n umber of VLAN rou ting interfaces (512 relay entries).
102 Rout ing Configu ration The re lay agent only rela ys packets t hat meet the following conditions: • The des tination MAC ad dress must be the all-one s broadcast ad dres s (FF :FF :FF :FF :FF :FF). • The des tination IP addr ess must b e the limit ed broadcast address (2 55.
Rout ing Configu ration 103 Exam ple 5: Ena bl e IP Help er on a VL AN Rou ting In terf ace to a Serv er (DHC P and DN S) T o relay DHCP and DNS pack ets to 192.168.30.1 , use the follo wing commands: console(config-if-vlan100)#ip helper-address 192.168.
104 Rout ing Configu ration Exam ple 7 : Sh ow IP He lper Conf igura tion s The following command shows IP Helper configurations: console#show ip helper-a IP helper is enabled Interface UDP Port Di scard Hit Count Server Address -------------------- ----------- ----- ----- ---------- ------------------ vlan 100 domain No 0 192.
Devi ce S ecur it y 105 5 Device S ecurity This section de scribes co nfiguration scenarios for the following featur es: • "802 .1x Ne twork Access C ontro l" on page 106 • "802.
106 Device Se curity 802.1x Network Access Control P ort-b ased network access control allows the op eration of a system’s port(s) to be cont rolled to ensure that access to i ts services is permit ted only by systems that ar e authorized to do so .
Devi ce S ecur it y 107 Figure 5-1. Switch wit h 802.1x Net work Access Co ntrol If a user , or supplicant, at tempts to communicate via the switch on any interface e xcept i nterface 1/g1, the system challenges t he supplicant for login credentia ls.
108 Device Se curity Exam ple #2: MAC -Base d Aut hentic atio n Mod e The P ow erConnect 62 00 Series switches sup port MAC-based 802.1X authentica tion. This feature allows multiple hosts to authenticat e on a single port. The hos ts are di stinguished by thei r MAC addr esses.
Devi ce S ecur it y 109 802.1X Authentication and VLANs The P owe rConnect 6200 Series swi tches allow a port to be placed into a particular VLAN based on the re sult of type of 802.1X authentication a client uses when it accesses the switch. The R ADIUS server or IEEE 802.
110 Device Se curity VL A N a n d t h e p o r t i s mo v ed t o t h e a u t h o r iz ed s ta t e , a l l o w in g a c c e s s t o t h e c l i e n t . H o w e ve r , i f t he po r t i s in MAC-based 80 2.1X au thentic ation mode, i t will not mov e to the au thorized state.
Devi ce S ecur it y 111 Authentication Server Filter Assignment The P owerConnect 6 200 Series switches allow the external 802.1X Authenticator or RADIUS server to assign Diff Serv policies to users th at au thenticat e to the sw itch. W hen a host (su pplicant) a ttemp ts to connect to the network t hrough a por t, the switch contacts the 802.
112 Device Se curity Ingr ess ACL s support Flow-based Mirroring and A CL L ogging, whic h have the following charact eristics: • Flow-ba sed mirroring is the abil ity to m irror tra ffic that match es a perm it rule to a specific phy sical port or LAG.
Devi ce S ecur it y 113 Egress ACL Limitations Egr ess A CLs have some add itional limitat ions. The follow ing limi tations apply to e gres s AC Ls only : • Egress ACLs support IP P rotocol/Destination, IP Address Source/Destination, L4 Source/Destination port, IP DSCP , IP T oS , and IP precedence match conditions only .
114 Device Se curity IP ACLs IP A CLs classify for Layers 3 a nd 4. Each ACL is a set of up to te n rules a pplie d to inbound tr affic. Each rule specif ies whe ther the c ontents of a given field sh.
Devi ce S ecur it y 115 IP ACL CLI Exampl e The script in this section shows you how to set up an IP ACL with two r ules, one appli cable to TCP traffic and on e to UD P traffi c.
116 Device Se curity Step 1 : C reate an ACL and Define an ACL Rule This command creates a n ACL named list1 and configur es a rule for the ACL. After the mask has been applie d, it permits pack ets carrying TCP traff ic that matche s the specified So urce IP addre ss, and sends these pa ckets to t he specified Destination IP addr ess.
Devi ce S ecur it y 117 Step 4: V iewing the MAC ACL Information console#show mac access-lists Current number of all ACLs: 2 Maximum number of all ACLs: 100 MAC ACL Name Rules Interface(s) Direction -.
118 Device Se curity attributes containing configuration in formation. If the se rver reje cts the user , it r eturns a nega tive r esult. If the server rejects the client or the shared “secrets ” differ , the server returns no result.
Devi ce S ecur it y 119 Figure 5-3. RADIUS Servers in a Network When a user attempts to log in, t he switch prompts for a username an d password. The switch then attempts to communicate with the primary RADIUS server at 10.10.10.10. Up on successful connection with the server , the login credentials are ex changed over an encrypted cha nnel.
120 Device Se curity Example #2: Set the NAS-IP Add ress for the RADIUS Server The NAS-IP address attribute identifies the IP Address of the netwo rk authentication server (NAS) that is requesting authenti cation of the us er . The address should be unique to the NAS withi n the scope of the R ADI US server .
Devi ce S ecur it y 121 Figure 5-4. PowerCo nnect 620 0 Series Switc h with T ACACS+ When a user attempts to log int o the switch, the NAS or switch prompt s for a username and passwor d. The switch attempts t o communicate with the highes t priority configured T A CACS+ server at 10.
122 Device Se curity 802.1x MAC Authentication Bypass ( MAB) MAB is a s upplemental a uthentication mechanism that allow s 802.1x unawar e clients, such a s printers and fax mach ines, to auth entic ate to t he net work usi ng th e clien t MA C addr ess a s an iden tifi er .
Devi ce S ecur it y 123 Figure 5 -5. MAB Operatio n – Authen tications Based on MAC Addres s in Data base CLI Examp les Exam ple 1 : Ena bl e/Dis able MAB T o enable/disable MAB on interface 1/5 , u.
124 Device Se curity Exam ple 2 : Sh ow MAB Con figu rat ion T o show the MAB configuration for inte rface 1/5, us e the follow ing command: console#show dot1x ethernet 1/g5 Administrative Mode.
Devi ce S ecur it y 125 Captive Portal Overview Captive P ortal feat ure is a software implementation that allows client access only o n user verificatio n.
126 Device Se curity In the unknown state, t he CP does n't r edire ct HTTP/S tra ffic to the switch , but que ries the switch t o determine whet her the client is authenticated o r unauthenticated . In the Una uthentic ated sta te, the CP di rects the HT TP/ S traff ic to th e switc h to allo w the client to authent icate with the sw itc h.
Devi ce S ecur it y 127 All new captive portal instances are also assigned to the "Default" group. The administrator ca n create new groups and modi fy the user/group association to only allow a subs et of users access to a specific captive portal instance.
128 Device Se curity In response to the request, the authentic ated user i s removed from the co nnection status ta bles. If the client logout request featur e is not enabled, or the user does not spe.
Devi ce S ecur it y 129 Capt ive Port al S tat isti cs Client sess ion statistics ar e availab le for both guest a nd authenticated use rs.Client statis tics ar e used to enforce the idle timeout and other limits configured for the user and captive portal instance.
130 Device Se curity console#show captive-portal Administrative Mode....................... Enabled Operational Status........................ Enabled Disable Reason............................ Administrator Disabled Captive Portal IP Address.........
Devi ce S ecur it y 131 Example 7: Modify the Default Captive Portal Configuration (Change V erific ation Method to Local) T o change the verification method to local, use the following command: conso.
132 Device Se curity T o create a local user , use the following command: console(Config-CP)#user 1 name user1 console(config-CP)#user 1 password Enter password (8 to 64 characters): ******** Re-enter.
Devi ce S ecur it y 133 Operational Block Interface Interface Description Status Status --------- ---------------------------- ------------ ------------ ----------- 1/g18 Unit: 1 Slot: 0 Port: 18 Gig .
134 Device Se curity.
IPv6 135 6 IPv6 This section includes the following subsections: • "Over view" on page 135 • "Inte rface Co nfiguration" on page 135 Overv iew There ar e many conceptual simila rities between IPv4 and IPv6 network operation.
136 IPv6 • Allo cated from part of the IPv6 uni cast addr ess spac e • Not visible off the local lin k • Not globally un ique Ne xt hop addresses computed by rout ing protocols are usually link-local. During a transi tion period, a global IPv6 Internet b ack bone may not be availab le.
IPv6 137 ip ospf area 0.0.0.0 exit interface vlan 2 routing ipv6 enable ipv6 address 2020:1::1/64 ipv6 ospf ipv6 ospf network point-to-point exit interface tunnel 0 ipv6 address 2001::1/64 tunnel mode ipv6ip tunnel source 20.20.20.1 tunnel destination 10.
138 IPv6 ipv6 address 2020:2::2/64 ipv6 ospf ipv6 ospf network point-to-point exit interface tunnel 0 ipv6 address 2001::2/64 tunnel mode ipv6ip tunnel source 10.10.10.1 tunnel destination 20.20.20.1 ipv6 ospf ipv6 ospf network point-to-point exit interface loopback 0 ip address 2.
Quali ty of Servic e 139 7 Quality of Service This section includes the following subsections: • "Class of S ervice Queuing" on pa ge 139 • "Differentiated Services" on page 143 Class of Service Queuing The Class of Servic e (CoS) f eature lets you giv e preferential treatmen t to certai n types of traf fic over others.
140 Quality of Service CoS Ma pping T able fo r T rusted Ports Mapping is from the designated field values on trusted ports’ incoming p ackets to a traffic cl ass priority (actuall y a CoS tra ffic queue) .
Quali ty of Servic e 141 Figure 7-1. C oS Mapping and Qu eue Configu ration Continuing this example, y ou configured the egress P o rt 1/g8 for strict priority on queue 6, and a set a weighted scheduling scheme for qu eues 5-0.
142 Quality of Service Figur e 7-2. CoS1 /g Confi gurat ion Exa mple S ystem Diagr am Y o u will configure the ingress interface uniquely for all cos-queue and VLAN pa rameters.
Quali ty of Servic e 143 Differentiated Services Differentiated Services (DiffServ) is one te chnique for implemen ting Quality of Service (QoS) policies. Using DiffServ in your network allows you to dir ectly configure the r elevant parameters on the switches and routers rather than using a r esource reserv ation protocol.
144 Quality of Service CLI Examp le This exa mple shows how a network administrator ca n provide equal access to the Internet (or other external netw ork) to diff erent department s within a company . Each of four departments has its own Class B subn et that is allocate d 25% of the a vailable ba ndwidth on the port acces sing the I nternet.
Quali ty of Servic e 145 match srcip 172.16.20.0 255.255.255.0 exit class-map match-all test_dept match srcip 172.16.30.0 255.255.255.0 exit class-map match-all development_dept match srcip 172.
146 Quality of Service Set the CoS queue configuration for the (presumed) egress interface 1/g5 such that each of queues 1, 2, 3 and 4 get a minimum guaranteed bandwidth of 25%. All queues for thi s interface use weighted round robin scheduling by default.
Quali ty of Servic e 147 Figure 7- 4. DiffServ VoIP Exampl e Netw ork Diag ram.
148 Quality of Service Example #2: Configuring DiffServ V oIP Support Enter Glo bal Config mode. Se t que ue 6 on al l ports to use strict pri ority mode.
Multi cast 149 8 Multicast This section provide s configuration scenarios for the following features: • "IGM P Configurat ion" on page 150 •" I G M P P r o x y " o n p a g e 1 .
150 Multi cast When to Enable IP Multicast on the PowerC onnect 6200 Ser ies Switch Use the IP multica st feature on the P o werConn ect 6200 S eries swit ch to route multica st traf fic betw een VLANs on the switch. If all hosts conne cted to the switch are on the same subnet, th ere is no need to configure the IP multicast featur e.
Multi cast 151 IGMP Proxy IGMP pro xy enables a multi cast router to le arn multicast group membe rship information and forwar d multicast pack ets based up on the group membership information. The IGMP P roxy is capabl e of functioning only in certain topologies that do no t requ ire Multicast Routing P rotocols (i .
152 Multi cast Examp le #2: V iew IGMP P roxy Conf iguratio n Data Y ou can use various commands from P rivileged EXEC or User EXEC modes to show IGMP proxy configuration data. • Use the following comma nd to display a summary of th e host interface status paramet ers.
Multi cast 153 CLI Examp le The following example configures two D VMRP i nterfaces. F irst, this example configures an OSPF router 1 and globally en ables IP routing and IP multicast.
154 Multi cast PIM P rotoco l Independent Multicast (PIM) is a standard multicast routing protocol tha t provides scalable inter -domain multicast routing across the Inte rnet , independent of the mechanisms provide d by any particular unicast routing protocol.
Multi cast 155 Exam ple: P IM-S M The following example configur es PIM-SM for IPv4 on a router . F irst, configure a n OSPF 1 router and globally enable IP routing, multica st, IGMP , and PIM-SM. N ext, configure a PIM-SM rendezvous point with an I P address and group range.
T o minimize t he repeated flooding of datagrams and subsequent pruning associated with a pa rticular source-group (S,G) pair , PI M-DM uses a State Refresh message. This message is sent by the router(s) directl y connect ed to the source and is propagated throughout the net work.
Multi cast 157 Multicast Routing and IGMP Snooping In this e xample, p orts 1/g5 and 1/ g10 are me mbers of VLAN 10 0, and port 1/g 15 is a member of VLAN 200.
158 Multi cast 8 Globally enable IGM P snooping, IP m ulticast, IGMP , a nd PIM -DM on the sw itch. console(config)# ip igmp snooping console(config)# ip multicast console(config)# ip igmp console(config)# ip pimdm NOTE: Only one mult ica st ro uting pro tocol (P IM-S M, PI M-DM, or D VMR P) ca n be ena bled glo bally on the switch a t a time.
Multi cast 159 console#s how ip igmp IGMP Admin Mode................................ Enabled IGMP Router-Alert check........................ Disabled IGMP INTERFACE STATUS Interface Interface-Mode Ope.
160 Multi cast.
Utility 161 9 Utility This section de scribes the following feat ures: • "Auto Co nfig" on page 162 • "Nonstop F orwar ding on a Sw itch St ack" on page 1 68.
162 Utility Auto Config Overview Auto Config is a software feature that automatical ly configure s a switch when the dev ice is initialized and no configuration file is found on the switch .
Utility 163 – The hos tname of the TFTP s erver (option 66 or snam e). E ither the T FTP a ddress or name is specified (not both) in m ost n etwo rk configu rations. If a TFTP hostname is given, a DNS server is r equired to translate t he name to an IP address.
164 Utility Once a hostname has been determi ned, the switch then issues a TFTP request for a file named "<hostname> .cfg" file, where <hostname> is the first 32 characters of the switch's h ostname.
Utility 165 Host-Sp ecific Config File Not Fo und If the A uto Config process fa ils to download a co nfiguration fil e, a message is logged. If a final configuration file is not downloaded , as described in T able 9-1, the A uto Config procedure continues to issue TFTP broadcast requests .
166 Utility Depend ency U pon O ther N etwor k Ser vices The Auto Config process depends upon the following network services: • A DHCP or B OOTP serve r must be con figured on the network with appropriate services. • A configurat ion file for the switch mu st be availa ble from a TFTP serve r on the ne twor k.
Utility 167 TFTP Clie nt The TFTP client downloads configur at ion files and sends TFTP requests to the broadc ast IP addr ess (255.255 .255.255). DNS C lient T h e DN S c l i en t re s ol ve s a n I P a d d r e s s t o a h os tn am e a n d re so lv e s a h o s t n am e t o a n I P a d d re ss ( re v e r s e I P addr ess to hostname mapp ing).
168 Utility Nonstop Forwa rding on a Switch Stack Networking device s, such as the P owerCo nnect 6200 Series switches, are often described in terms of three semi-independent functions called the forwarding plane, the control plane, and the management plane.
Utility 169 NOTE: The sw itch ca nnot gu arantee th at a ba ckup un it has e xactly th e same data that the man agement unit has when it fails. For ex ample, the manag ement un it might fail be fore the c heckpoin t servic e gets data to th e backu p if an eve nt occurs sho rtly before a f ailover .
170 Utility Switch Stack MAC Addressing and Stack Desi gn Considerati ons The switch stack uses the MAC addresses 1 assigned to the management uni t. If the ba ckup unit assum es control due to a management unit failure or warm r est art, the backup unit continues to use the original management u nit’s MAC addresses.
Utility 171 Configur ation Exampl es The actual configuration of the feature is simple. NSF is either enabled or disa bled. The examples in this section describ e how the NSF featur e acts in variou s environments and with v arious switch appli cations.
172 Utility Vo I P F igur e 9-2 shows how n onstop forwarding maintain s e xisting voice calls during a management unit failur e. Assume the top unit is the management uni t. Wh en the managem ent unit fails, the call from phone A is immediately dis connected.
Utility 173 Figure 9-3. NSF and DHCP Snoo ping If the management u nit fails, all hosts connected to that unit lose network access until th at unit reboots. The hardwar e on surviving units continues to enforce source filters IPSG inst alled prior to th e failover .
174 Utility Stor age Ac cess Ne two rk Scen ari o F igur e 9-4 illus trates a stack of three P owerConne ct 6200 Series switches connecting two serv ers (iSCSI initiators) to a disk array (iSCSI targets). Ther e are two iSCSI connections as follows: Session A: 10.
Utility 175 Rout ed A cces s Sc enar io F igur e 9-5 shows a s tack of thr ee units se rving as an access router for a set of hosts. T wo L AGs connect the stack to two ag gregation routers. Each LAG is a member of a VLAN rou ting interface. The stack has OSPF and PIM adjacenci es with each of the agg regation routers.
176 Utility.
An important point after buying a device Dell 6200 SERIES (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Dell 6200 SERIES yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Dell 6200 SERIES - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Dell 6200 SERIES you will learn all the available features of the product, as well as information on its operation. The information that you get Dell 6200 SERIES will certainly help you make a decision on the purchase.
If you already are a holder of Dell 6200 SERIES, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Dell 6200 SERIES.
However, one of the most important roles played by the user manual is to help in solving problems with Dell 6200 SERIES. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Dell 6200 SERIES along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center