Avaya Business Policy Switch 2000 Version 1.2 User's Manual
Contents
1. i o meee I I I i l eee EE QUA Teachers offices 2 Student Dormitory and classrooms ieee Legend IH A sil i l EE ES l I I I I Librar I Secure locked area y APA el BS45077A In this configuration example the following security measures are implemented The switch RADIUS based security is used to limit administrative access to the switch through user authentication see RADIUS based network security on page 70 Using the Business Policy Switch 2000 Version 1 2 69 MAC address based security is used to allow up to 448 authorized stations MAC addresses access to one or more switch ports see MAC address based security on page 70 The switch is located in a locked closet accessible only by authorized Technical Services personnel Student dormitory Dormitory rooms are typically occupied by two students and have been prewired with two RJ 45 jacks Only students who are authorized as specified by the MAC address based security feature can access the switch on the secured ports Teachers offices and classrooms The PCs that are located in the teachers offices and in the classrooms are assigned MAC address based security that is specific for each classroom and office location The security feature2. emm ES em emm E port 23 Port X T A port 25 S1 Mos o Business l roca a Policy Switch I ma ness 1 E PT 1 F Port Y qj F port 24 Business Policy Switch 2000 l Business Policy Switch NORTEL oO e 9 9 S 9 33 BE6 g 9810EA In the configuration example shown in Figure 46 the designated monitor port port 23 can be set to monitor traffic in any of the following modes Monitor all traffic received by port X Monitor all traffic transmitted by port X e Monitor all traffic received and transmitted by port X Monitor all traffic received by port X or transmitted by port Y Monitor all traffic received by port X destined to port Y and then transmitted by port Y e Monitor all traffic received transmitted by port X and transmitted received by port Y conversations between port X and port Y Using the Business Policy Switch 2000 Version 1 2 142 Chapter 2 Network configuration As shown in the Port Mirroring Configuration screen example Figure 47 port 23 is designated as the Monitor Port fo
3. Table 3 Business Policy Switch 2000 back panel descriptions 1 AC power receptacle 2 RPSU connector 3 Cascade Module slot Cascade Module slot The Cascade Module slot allows you to attach an optional BayStack 400 ST1 Cascade Module to the switch see Stack configurations on page 98 You can connect up to eight switches into a redundant stack configuration Installation instructions are provided with each BayStack 400 ST1 Cascade Module see Installing the BayStack 400 STI Cascade Module Use a flathead screwdriver to remove the filler panel that covers the Cascade Module slot Figure 5 For more information about cascade modules see Installing the Cascade 400 ST1 Cascade Module See your Nortel Networks sales representative for cascade module ordering information Using the Business Policy Switch 2000 Version 1 2 44 Figure 5 Removing the cascade module filler panel 9744FA Cooling fans Three cooling fans are located on one side of the Business Policy Switch to provide cooling for the internal components See Figure 1 on page 36 When you install the switch be sure to allow enough space on both sides of the switch for adequate air flow See Installing the Business Policy Switch 2000 for detailed information AC power receptacle The AC power receptacle accepts the AC power cord supplied For installation outside of North Am
4. 9813EA Table 7 describes the stack up configuration illustration references Table7 Stack up configuration description 1 Last unit 2 Base unit 3 Cascade Cable part number 303978 A 4 Cascade Cable part number 303979 A Using the Business Policy Switch 2000 Version 1 2 100 Chapter 2 Network configuration Stack down configurations In Figure 15 data flows from the base unit unit 1 to the next switch which is assigned as unit 2 and continues until the last switch in the stack is assigned as unit 8 The physical order of the switches is from top to bottom unit to unit 8 Figure 15 Stack down configuration example 9814EA 208700 B Chapter 2 Network configuration 101 Table 8 describes the stack down configuration illustration references Table 8 Stack down configuration description Base unit Last unit Cascade cable part number 303978 A Cascade max return cable part number 303979 A AJOJN Certain network management station NMS applications assume a stack down configuration for the graphical user interface GUI that represents the stack see Figure 15 Note For this reason No
5. GBIC MDA Warning This is a Class 1 Laser LED product It contains a laser light N source that can injure your eyes Never look into an optical fiber or connector port Always assume that the fiber optic cable or connector is connected to a laser light source Vorsicht Dieses Laser LED Produkt der Klasse 1 enth lt eine N Laserlichtquelle die zu Augenverletzungen f hren kann Sehen Sie nie in einen Lichtwellenleiter oder Glasfaserstecker Port Gehen Sie immer davon aus da das Glasfaserkabel oder der Glasfaserstecker an eine Laserlichtquelle angeschlossen ist Using the Business Policy Switch 2000 Version 1 2 358 Appendix C Media dependent adapters Avertissement Ceci est un appareil Laser DEL de Classe 1 Cet N appareil contient une source lumineuse rayons laser dangereuse pour les yeux Ne regardez jamais directement une fibre optique ou un port de connexion Agissez toujours comme si le c ble de fibres optiques ou le connecteur tait reli une source lumineuse rayons laser Advertencia ste es un producto l ser LED de Clase 1 Contiene una N fuente de luz l ser que puede causar lesiones en los ojos Nunca mire dentro de un cable o de un puerto de conexi n de fibra ptica Asuma siempre que el cable o el connector de fibra ptica est conectado a una fuerte de luz l ser Avvertenza Questo un produtto laser LED di Classe 1 e contiene una N sorge
6. 208700 B Chapter 3 Using the console interface 189 Table 22 describes the VLAN Configuration Menu screen options Table 22 VLAN Configuration Menu Screen options Option Description VLAN Configuration Displays the VLAN Configuration screen see VLAN Configuration screen on page 189 This screen allows you to set up VLAN workgroups MAC Addresses for Allows you to configure MAC source address based VLANs see MAC MAC SA Based VLAN Address Configuration for MAC SA Based VLAN screen on page 196 VLAN Port Displays the VLAN Port Configuration screen see VLAN Port Configuration Configuration screen on page 197 This screen allows you to set up a specific switch port VLAN Display by Port Displays the VLAN Display by Port screen see VLAN Display by Port screen on page 200 VLAN Configuration screen The VLAN Configuration screen Figure 67 allows you to create and assign VLAN port memberships to standalone or stacked unit ports You can create port based and policy based VLANs for the following purposes EEE 802 1Q port based VLANs allow you to explicitly configure switch ports as VLAN port members When you create a port based VLAN you assign a Port VLAN Identifier PVID and specify which ports belong to the VLAN e Policy based VLANs allow you to configure your switch ports as members of a broadcast domain based on the information within a packet
7. Is the Set the correct value Snooping field set for the Snooping field correctly Snooping field set Is the Proxy field set correctly Set the correct value for the Proxy field Key g gt Off page reference O On page reference BS45053A 208700 B Appendix D Quick steps to features 377 Figure 148 Configuring IGMP Snooping 2 of 3 Is the Robust Value field Set the correct value for set correctly the Robust Value field Is the Query Set the correct value for Timer field set the Query Timer field correctly Is the Set Set the correct value for Router Ports field the IGMP version in the set correctly Set Router Ports field i Set the correct value dd ee D for the Proxy field Key g gt Off page reference O On page reference BS45054A Using the Business Policy Switch 2000 Version 1 2 378 Appendix D Quick steps to features Figure 149 Configuring IGMP Snooping 3 of 3 Are all IGMP members Configure all IGMP members configured see IGMP Configuration Rules Yes E Y All VLANs on this port are now configured as IGMP router ports Is the Port a trunk member No All trunk members for that trunk are automatically configured as IGMP Static Router Ports Key gt Off page reference O On page reference BS45055B Conf
8. Note Because multiple STGs are available only in Pure BPS 2000 Stack mode the Spanning Tree VLAN Membership screen does not appear when you work in Hybrid Stack or mixed stack mode To open the Spanning Tree VLAN Membership screen Choose Spanning Tree VLAN Membership or press v from the Spanning Tree Configuration Menu screen 208700 B Chapter 3 Using the console interface 253 Figure 93 Spanning Tree VLAN Membership screen a Spanning Tree VLAN Membership Total VLAN Membership choice 3 Use space bar to display choices STP Group 1 press lt Return gt or lt Enter gt to select E Menu a Press Ctrl R to return to previous menu Press Ctrl C to return to Main A Table 48 describes the Spanning Tree VLAN Membership parameters Table 48 Spanning Tree VLAN Membership parameters Parameter Description STP Group The field allows you to select the number of the spanning tree group STG you want to view To view another STG type that STG ID number and press Enter or press the spacebar on your keyboard to to toggle the STP Group numbers Default Value 1 Range 1 to 8 only created STP Groups display VLAN Displays the total number of VLANs in the specified STP Group as well as the VLAN IDs Membership of the VLAN members Using the Business Policy Switch 2000 Version 1 2 254 Chapter 3 Using the console interface TELNET SNMP Web
9. Port Membership U all ports assigned as untagged members of VLAN 1 Unit 1 VLAN Port Configuration screen on page 197 Port 1 Filter Tagged Frames No Filter Untagged Frames No Filter Unregistered Frames No Port Name Unit 1 Port 1 PVID 1 Port Priority 0 Tagging Untagged Access AutoPVID Disabled BootP Mac Address Type Stack Mac Address Stack Operational Mode screen on page 230 Using the Business Policy Switch 2000 Version 1 2 390 Appendix F Default Settings Table 74 Factory default settings continued Field Default setting Appears in this Cl screen Unit 1 VLAN Display by Port screen on page 200 Port 1 PVID 1 read only Port Name Unit 1 Port 1 read only Unit 1 Port Configuration screen on page 201 Status Enabled for all ports Autonegotiation Enabled for all ports Speed Duplex 100Mbs Half when Autonegotiation is Disabled Trunk 1 to 6 depending on MultiLink Trunk Configuration Menu configuration status screen on page 207 Trunk Members Unit Port Blank field STP Learning Normal Trunk Mode Basic Trunk Status Disabled Trunk Name Trunk 1 to Trunk 6 Traffic Type Rx and Tx MultiLink Trunk Utilization screen on page 211 208700 B Appendix F Default Settings 391 Table 74 Factory default settings continued
10. Displays the Spanning Tree Group Configuration screen see Spanning Tree Group Configuration screen on page 242 Spanning Tree Port Configuration Displays the Spanning Tree Port Configuration screen see Spanning Tree Port Configuration screen on page 245 Display Spanning Tree Switch Settings Allows you to display the Spanning Tree Switch Settings screen see Spanning Tree Switch Settings screen on page 248 Display Spanning Tree VLAN Membership Allows you to display the Spanning Tree VLAN Membership screen see Spanning Tree VLAN Membership screen on page 248 Using the Business Policy Switch 2000 Version 1 2 242 Chapter 3 Using the console interface Note Because multiple STGs are available only in Pure BPS 2000 Stack mode the first and fourth menu items do not appear when you work in Hybrid Stack or mixed stack mode Spanning Tree Group Configuration screen The Spanning Tree Group Configuration screen allows you to create and configure spanning tree groups STGs Multiple STGs up to 8 are available with software version 1 2 and higher The STGs are available only in Pure BPS 2000 Stack mode In Hybrid Stack mode you have only 1 STG which is the default STG1 Note When you change the Stack Operational Mode from Pure BPS 2000 Stack mode to Hybrid Stack mode you lose all STGs above 1 the default STG To open the Spanning Tree Group Con
11. e Before you begin next e Related publications on page 28 e How to get help on page 30 Using the Business Policy Switch 2000 Version 1 2 28 Preface Before you begin This guide is intended for network managers and administrators with the following background e Basic knowledge of networks Ethernet bridging and IP and IPX routing e Familiarity with networking concepts and terminology e Specific knowledge about the networking devices protocols topologies and interfaces that comprise your network e Experience with windowing systems graphical user interfaces GUIs or Web browsers Related publications For more information about using the Business Policy Switch 2000 refer to the following publications e Release Notes for the Business Policy Switch 2000 Version 1 2 part number 210676 D Documents important changes about the software and hardware that are not covered in other related publications e Installing the Business Policy Switch 2000 part number 209319 A Describes how to install the Business Policy Switch 2000 Getting Started with the Business Policy Switch 2000 Management Software Operations part number 209321 A Describes how to install the Java based device level software management application e Reference for the Business Policy Switch 2000 Management Software Version 1 2 part number 209322 B Describes how to use the Java based device level software management appli
12. In this example port 23 becomes the designated Monitor Port for Switch S1 when you press Enter in response to the Yes screen prompt Note The screen data displayed at the bottom of the screen changes to show the new currently active port mirroring configuration after you press Enter The Monitoring Mode field Address A gt Address B indicates that all traffic transmitted by address A to address B will be monitored by the StackProbe attached to Monitor Port 23 Note When you enter MAC addresses in this screen they are also displayed in the MAC Address Table screen see Chapter 3 208700 B Chapter 2 Network configuration 145 Figure 49 Port Mirroring Configuration address based screen example E Port Mirroring Configuration A Monitoring Mode Address A gt Address B Monitor Unit Port E 23 gt Unit Port X Ac Unit Port Y Address A 00 44 55 44 55 22 Address B 00 33 44 33 22 44 Is your port mirroring configuration complete Yes Currently Active Port Mirroring Configuration Monitoring Mode gt Address A or Address B gt Monitor Port 23 Port X 25 Port Y 24 Use space bar to display choices press Return or Enter to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu e P Port mirroring configuration rules The following configuration rules apply to any port mirroring configuration e You cannot c
13. Indicates the total number of packets that were transmitted successfully on this port after more than one collision Excessive Collisions Indicates the total number of packets lost on this port due to excessive collisions Deferred Packets Indicates the total number of frames that were delayed on the first transmission attempt but never incurred a collision Late Collisions Indicates the total number of packet collisions that occurred after a total length of time that exceeded 512 bit times of packet transmission Using the Business Policy Switch 2000 Version 1 2 230 Chapter 3 Using the console interface Table 40 Port Statistics screen fields continued Field Description The following field values appear only when the port selected in the Unit Port field is configured with a Gigabit MDA Pause Frames Transmitted column Indicates the total number of pause frames transmitted on this port Pause frames cause the transmitting port to temporarily suspend the transmission of packets when the receiving port s frame buffer is full Gigabit ports only Received column Indicates the total number of pause frames received on this port Pause frames cause the transmitting port to temporarily suspend the transmission of packets when the receiving port s frame buffer is full Gigabit ports only Stack Operational Mode screen The Stack Operational Mode screen Figure 85 dis
14. Port Trunk Status Link LnkTrap Autonegotiation Speed Duplex 1 Enabled Down On Enabled 15 Enabled Down On Enabled 16 Enabled Down On Enabled 17 Enabled Down On 1 Enabled 18 Enabled Down On Enabled 19 Enabled Down On Enabled 20 Enabled Down On 1 Enabled 21 Enabled Down On Enabled 22 Enabled Up On Enabled 100Mbs Full 23 Enabled Down On 1 Enabled 24 Enabled Down On Enabled Switch Enable On Enable 10Mbs Half Stack Enable On Enable 10Mbs Half Press Ctrl P to display choices for ports 1 14 Use space bar to display choices press Return or Enter to select choice Press Ctrl C to return to Main Menu w Ctrl R to return to previous menu 208700 B Chapter 3 Using the console interface 203 Note When a Gigabit MDA is installed only the Status field for that MDA port is configurable See High Speed Flow Control Configuration screen on page 204 to set the autonegotiation field for the Gigabit MDA port Gigabit MDAs only support 1000 Mb s in full duplex mode Table 29 describes the Port Configuration screen fields Table 29 Port Configuration screen fields Field Description Port Indicates the switch port numbers that correspond to the field values in that row of the screen for example the field values in row 2 apply to switch port 2
15. The BPS 2000 software version 1 2 is compatible with BayStack 450 software version 4 1 When you are using a local console to access the BPS 2000 software version 1 2 features with a Hybrid or mixed stack BPS 2000 and BayStack 450 and 410 switches in the same stack you must plug your local console into a BPS 2000 unit Using the Business Policy Switch 2000 Version 1 2 88 Chapter 2 Network configuration To find out which version of the BPS 2000 software is running use the console interface CI menus or the Web based management system e Cl menus From the main menu of the console choose Systems Characteristics menu The software currently running is displayed in sysDescr e Web based management system Open the System Information page which is under Administration on the main menu The software currently running is displayed in the sysDescription field You can use 256 port protocol and MAC SA based VLANs for the stack with a Pure BPS 2000 stack running software version 1 2 The maximum number of MAC SA based VLANs available is 48 If you are working with a mixed or hybrid stack you can use 64 VLANs for the entire stack When you change from a Pure BPS 2000 Stack mode to a Hybrid Stack mode e If you have up to 64 VLANs on the Pure BPS 2000 Stack they will be retained when you change to a Hybrid Stack e If you have more than 64 VLANs on the Pure BPS 2000 Stack you will lose them all The Hybrid Stack
16. e Incoming and Outgoing f the controlled port is unauthorized frames are not transmitted through the port all frames received on the controlled port are discarded The controlled port s state is set to Blocking e Incoming lIf the controlled port is unauthorized frames received on the port are discarded but the transmit frames are forwarded through the port EAPOL dynamic VLAN assignment If EAPOL based security is enabled on a port and then the port is authorized the EAPOL feature dynamically changes the port s VLAN configuration according to preconfigured values and assigns a new VLAN The new VLAN configuration values are applied according to previously stored parameters based on the user id in the Authentication server The following VLAN configuration values are affected e Port membership e PVID e Port priority Using the Business Policy Switch 2000 Version 1 2 74 When the EAPOL based security is disabled on a port that was previously authorized the port s VLAN configuration values are restored directly from the switch s non volatile random access memory NVRAM The following exceptions apply to dynamic VLAN assignments e The dynamic VLAN configuration values assigned by EAPOL are not stored in the switch s NVRAM e You can override the dynamic VLAN configuration values assigned by EAPOL however be aware that the values you configure are not stored in NVRAM e When EAPOL is enabled on a p
17. on page 47 e Configuration and switch management on page 80 e Supported standards and RFCs on page 83 General description The Business Policy Switch introduces policy enabled networking features to optimize consistent performance and behavior for your network traffic The Differentiated Services DiffServ network architecture offers varied levels of service for different types of data traffic DiffServ lets you designate a specific level of performance on a per packet basis Stacking compatibility You can stack the BPS 2000 up to 8 units high There are two types of stacks e Pure BPS 2000 This stack has only BPS 2000 switches It is sometimes referred to as a pure stack The stack operational mode for this type of stack is Pure BPS 2000 Mode Using the Business Policy Switch 2000 Version 1 2 34 e Hybrid This stack has a combination of BPS 2000 switches and BayStack 450 and or BayStack 410 switches It is sometimes referred to as a mixed stack The stack operational mode for this type of stack is Hybrid Mode When you work with the BPS 2000 in standalone mode you should ensure that the stack operational mode shows Pure BPS 2000 Mode and does not show Hybrid Mode All BPS 2000 switches in the stack must be running the identical version of software and all the BayStack switches must be running the identical version of software When you are working with a mixed stack you must ensure that the Interop
18. 208700 B Appendix A Technical specifications 337 Data rate The data rate is 10 Mb s Manchester encoded or 100 Mb s 4B 5B encoded Interface options Table 65 lists interface options Table 65 Interface options Option Description 10BASE T 100BASE TX RJ 45 8 pin modular connectors for MDI X interface 100BASE FX Fiber SC and MT RJ connectors for switched 100 Mb s 100BASE FX connections over 50 125 and 62 5 125 micron multimode fiber optic cable 2 km 6562 ft maximum distance 1000BASE SX Shortwave SC connectors for shortwave 850 nm fiber optic Gigabit Fiber MDA connections over multimode 550 m 1805 ft fiber optic cable 1000BASE LX Longwave SC connectors for longwave 1300 nm fiber optic Gigabit Fiber MDA connections over single mode 3 km 9843 ft or multimode 550 meter 1805 ft fiber optic cable Safety agency certification The safety certifications follow ULListed UL 1950 IEC 950 EN60950 C22 2 No 950 CUL with all national deviations UL 94 V1 flammability requirements for PC board NOM NOM 019 Using the Business Policy Switch 2000 Version 1 2 338 Appendix A Technical specifications Electromagnetic emissions The module meets the following standards US CFR47 Part 15 Subpart B Class A Canada ICES 003 Issue 2 Class A Australia New Zealand AS NZS 3548 1995 Class A Japan V 3 97 04 1997 Class A Taiwan CNS 13438 Class
19. 208700 B Chapter 5 Sample QoS configuration 319 To manually configure the mapping among 802 1p priority values priority and DSCP mapping you must use with the following QoS Advanced pages e Assigning 802 1p priority queue assignment on page 319 e Verifying DSCP mapping on page 320 e Assigning 802 1p user priority mapping on page 323 e Verifying DSCP queue assignments on page 324 Assigning 802 1p priority queue assignment You assign IEEE 802 1p priority values to a queue for specific queue set This information is used for assigning egress traffic to outbound queues Note If you want to change the traffic class prioritization on a BayStack 450 switch in a mixed stack configuration use the 802 1p Priority Queue Assignment page for queue set 2 To configure 802 1p priority 1 Click the Application QoS QoS Advanced Devices Priority Q Assign menu option The 802 1p Priority Queue Assignment page opens Figure 123 Using the Business Policy Switch 2000 Version 1 2 320 Chapter 5 Sample QoS configuration Figure 123 802 1p Priority Queue Assignment page Application QoS QoS Advanced Devices 802 1p Priority Queue Assignment 802 1p Priority Assignment View By Queue Set fi y EE 802 1p Priority Assignment Table 802 1p Priority Queue CEECEE uu N 2 Inthe Queue Set field in the 802 1p Priority Assignment View By section se
20. 38 The console port default settings are 9600 baud with 8 data bits 1 stop bit and no parity as the communications format with flow control set to enabled Uplink Expansion slot The Uplink Expansion slot allows you to attach optional media dependent adapters MDAs that support a range of media types see Appendixes for more information about MDA types available from Nortel Networks Port connectors The Business Policy Switch uses 10BASE T 100BASE TX RJ 45 8 pin modular port connectors The 10BASE T 100BASE TX port connectors are configured as MDI X media dependent interface crossover These ports connect over straight cables to the network interface card NIC in a node or server similar to a conventional Ethernet repeater hub If you are connecting to an Ethernet hub or Ethernet switch use a crossover cable unless an MDI connection exists on the associated port of the attached device see Appendixes The Business Policy Switch uses autosensing ports designed to operate at 10 Mb s megabits per second or at 100 Mb s depending on the connecting device These ports support the IEEE 802 3u autonegotiation standard which means that when a port is connected to another device that also supports the IEEE 802 3u standard the two devices negotiate the best speed and duplex mode The 10BASE T 100BASE TX switch ports also support half and full duplex mode operation refer to Installing the Business Policy Switch 2000
21. Create Filter Group Configuring actions When you assign actions to filters you specify the type of behavior you want a policy to apply to a flow of IP and IEEE 802 packets Actions applied to filters establish packet specific criteria that determine how a packet is to be processed You specify the actions associated with specific IP and layer 2 filter groups When filters match incoming packets the actions are performed on those packets Actions can be configured to re mark packets to change priorities and loss sensitivity drop precedence or to drop packets In order to use a particular action that action must be assigned to a meter refer to Configuring meters on page 313 To configure an action 1 Click the Application gt QoS gt QoS Advanced gt Actions menu option The Actions page opens Figure 117 Using the Business Policy Switch 2000 Version 1 2 312 Chapter 5 Sample QoS configuration Figure 117 Actions page r Application gt QoS gt QoS Advanced gt Action 4 Action Table Action Action Name ais Update DSCP Set Drop Update m Frame Precedence Priority Action Creation Action Name Transmit Drop Frame Transmit Update DSCP ignore Set Drop Precedence K4 Use Defaults Update 802 1p Priority Use Defaults y Default Use 802 1p Priority from DSCP Mapping Table l In the Action Name field of the Action Creation section enter Generic In the Tran
22. Field Description Speed Duplex Allows you to manually configure any port to support an Ethernet speed of 10 Mb s or 100 Mb s in half or full duplex mode This field is set by default to 1000 Mb s full duplex for Gigabit ports only Default Value 100Mbs Half when Autonegotiation is Disabled Range 10Mbs Half 10Mbs Full 100Mbs Half 100Mbs Full 1 Fiber optic ports can only be set to 100 Mb s Half or 100 Mb s Full High Speed Flow Control Configuration screen The High Speed Flow Control Configuration screen Figure 73 allows you to set the port parameters for installed Gigabit MDAs installed in the Uplink Module slot Note This screen only appears when an optional Gigabit MDA is gt Choose High Speed Flow Control Configuration or press h from the Switch Configuration Menu screen to open the High Speed Flow Control Configuration screen 208700 B Chapter 3 Using the console interface 205 Figure 73 High Speed Flow Control Configuration D High Speed Flow Control Configuration ON Unit 1 Autonegotiation Enabled Flow Control Disabled Preferred Phy Right Active Phy Right Use space bar to display choices press lt Return gt or lt Enter gt to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu E y Table 30 describes the High Speed Flow Control Configuration screen fields Table 30 High Speed Flow Contro
23. In order to use all the Business Policy Switch management features for example downloading software you must connect your console terminal into a Business Policy Switch port within your mixed stack For more information about the console comm port see Chapter 1 Troubleshooting problems If you suspect problems with a newly installed mixed stack configuration start troubleshooting by verifying the following items e A Business Policy Switch is designated as the base unit All other units in the stack have the base unit select switch set to Off e The Business Policy Switch s operational mode is set to Hybrid Stack and the unit has been reset after changing the operational mode Figure 130 e All units in the stack exhibit the same ISVN e All units must be reset when you add a Business Policy Switch to an existing BayStack 450 and 410 switch stack e All Business Policy Switches have the same software version Similarly all BayStack 450 and BayStack 410 switches are operating with updated and compatible software e When the stack is powered up ensure that the Cas Up and Cas Dwn cascade and Base LEDs are green steady not blinking Using the Business Policy Switch 2000 Version 1 2 346 Appendix B Interoperability in a mixed stack configuration 208700 B 347 Appendix C Media dependent adapters This appendix describes the optional media dependent adapters MDAs that are available from Nortel Netw
24. PHB is configurable and the DSCP may be re marked as it passes through a DiffServ network Re marking the DSCP allows for the treatment of packets to be reset based on new network specifications or desired levels of service DiffServ assumes the existence of a Service Level Agreement SLA between DS domains that share a border The SLA defines the profile for the aggregate traffic flowing from one network to the other based on policy criteria As the traffic moves within the DiffServ network policies ensure that traffic marked by the different DSCPs is treated according to that marking QoS classes The BPS 2000 supports the following Nortel Networks QoS classes e Critical and Network classes have the highest priority over all other traffic Premium class is an end to end service functioning similarly to a virtual leased line Traffic in this service class is normally guaranteed an agreed upon peak bandwidth This service class is suitable for real time applications like video and voice over IP The recommended PHB for this service is the Expedited Forwarding EF PHB Using the Business Policy Switch 2000 Version 1 2 278 Chapter 4 Policy enabled networks e Platinum Gold Silver and Bronze classes use the Assured Forwarding PHB These classes are used for real time delay tolerant traffic and non real time mission critical traffic e Standard class is the best effort IP service with an additional optional use of tra
25. Policy Table Action Policy Eter Filter Role Interface Policy Track Name ee Group Combination Direction Order Statistics Policy Creation Policy Name D Filter Group Type IP Fiter Group E Filter Group Pakt H Role Combination allBPSifcs Policy order Ll Meter Practice Track Statistics Yes y 2 Inthe Policy Name field of the Policy Creation area enter IPpolicy This entry is a unique name to identify this target Note You cannot have spaces in the naming field 3 Inthe Filter Group Type choose IP Filter Group This entry is the filter group that will be associated with this policy 4 Inthe Filter Group field choose IPacket This entry is the filter group you created in the IP Classification Group page IP Filter Group Table 5 Inthe Role Combination field choose Webbrowsing 208700 B Chapter 5 Sample QoS configuration 317 This entry is the unique Role Combination that you created 6 Inthe Order field enter 1 Note Nortel Networks recommends that you consider an order numbering strategy for the values in the Order field as you configure policies The policies in the Policy Table are arranged in ascending order according to value in the Order column By establishing a policy ordering scheme in multiples of for example 10 Order 10 Order 20 Order 30 Order 40 and so on you are able to insert policies in the appropriate filter precedence
26. Ports that implement the crossover function internally are known as MDI X ports where X refers to the crossover function Note For the transmitter of one device to connect to the receiver of another device the total number of crossovers must always be an odd number The following sections describe the use of straight through and crossover cables for connecting MDI and MDI X devices 208700 B Appendix E Connectors and pin assignments 383 MDI X to MDI cable connections Business Policy Switch switches use MDI X ports that allow you to connect directly to end stations without using crossover cables Figure 153 Figure 153 MDI X to MDI cable connections Business Policy Switch 2000 End station 1 8 8 1 8 1 8 imn E E Eo 1 14 Esa 107 po 2 2 2 2 204 I O 3 3o o3 3o o4 40 o4 40 o5 50 o5 50 I o 6 60 o6 60 o7 70 o7 70 MDI X port Straight through cable MDI port BS45056A MDI X to MDI X cable connections If you are connecting the Business Policy Switch to a device that also implements MDI X ports use a crossover cable Figure 154 Using the Business Policy Switch 2000 Version 1 2 384 Appendix E Connectors and pin assignments Figure 154 MDI X to MDI X cable connections Business Policy Switch 2000 Switch or hub 1 8 8 1 8 1 8 po 1 104 o 1 104 po 2 B 205 0 2 2064 po 3 305 I o 3 305 04 40 04 40 o5 50
27. Supplicant Timeout field 186 support Nortel Networks 30 Switch Configuration Menu 153 164 165 symmetric mode 206 sysContact field 164 sysDescr field 163 sysLocation field 164 sysName field 164 sysObjectID field 163 sysServices field 163 System Characteristics screen 152 162 System Log screen 269 sysUpTime field 163 T tabular port statistics 61 Tagged BPDU on tagged port field 245 technical publications 30 technical specifications 335 technical support 30 technical terms filtering database identifier FID 106 port priority 106 port VLAN identifier PVID 105 tagged frame 105 tagged member 106 unregistered packet frame 106 untagged frame 106 untagged member 106 user_priority 106 VLAN identifier VID 105 VLAN port members 106 TELNET 56 TELNET Access field 255 TELNET Stack Password Type field 234 TELNET Switch Password Type field 234 TELNET SNMP Web Access Configuration screen 153 254 temporary base unit 97 TFIP server 261 software download 258 TFIP Server IP Address field 260 264 268 Total Octets field 228 traffic prioritization 274 Transmit Period field 186 Trap IP Address fields 161 troubleshooting 39 135 145 cabling 334 config file 53 configuration file 265 defaults 154 mixed stack 35 147 port connections 333 port interface 333 power up sequence 332 QoS 282 288 290 298 313 317 security 56 spanning tree groups 49 198 240 245 stacking 33 95 345 STGs 51 ta
28. The values that you set in the Switch row will affect all switch ports and when the switch is part of a stack the values that you set in the Stack row will affect all ports in the entire stack except the Gigabit MDA ports or fiber optic ports when installed Trunk The read only data displayed in this column indicates the trunks that correspond to the switch ports specified in the Trunk Members fields of the Trunk Configuration screen see MultiLink Trunk Configuration Menu screen on page 207 Status Allows you to disable any of the switch ports You can also use this field to control access to any switch port Default Value Enabled Range Enabled Disabled Link A read only field that indicates the current link state of the corresponding port as follows Up The port is connected and operational Down The port is not connected or is not operational LnkTrap Allows you to control whether link up link down traps are sent to the configured trap sink from the switch Default Value On Range On Off Autonegotiation When enabled sets the corresponding port speed to match the best service provided by the connected station up to 100 Mb s in full duplex mode This field is disabled for all fiber optic ports Default Value Enabled Range Enabled Disabled Using the Business Policy Switch 2000 Version 1 2 204 Chapter 3 Using the console interface Table 29 Port Configuration screen fields continued
29. 208700 B Chapter 3 Using the console interface 255 Table 49 describes the TELNET SNMP Web Access Configuration screen fields Table 49 TELNET SNMP Web Access Configuration screen fields Field Description TELNET Access Allows a user remote access to the management systems through a Telnet session Default Value Enabled Range Enabled Disabled Login Timeout Specifies the amount of time a user has to enter the correct password at the console terminal prompt Default Value 1 minute Range 0 to 10 minutes 0 indicates no timeout Login Retries Specifies the number of times a user can enter an incorrect password at the console terminal prompt before terminating the session Inactivity Timeout Default Value 3 Range 1 to 100 Specifies the amount of time the session can be inactive before it is terminated Default Value 15 minutes Range 0 to 60 minutes 0 indicates no timeout Event Logging Specifies the types of events that will be displayed in the Event Log screen see System Log screen on page 269 Default Value All Range All None Accesses Failures Description All Logs the following Telnet events to the Event Log screen TELNET connect Indicates the IP address and access mode of a Telnet session TELNET disconnect Indicates the IP address of the remote host and the access mode due to either a logout or inactivity Failed TELNET connection attempts
30. 82 Chapter 1 The Business Policy Switch 2000 to detailed management statistics With SNMP management you can configure SNMP traps on individual ports to generate automatically for conditions such as an unauthorized access attempt or changes in a port s operating status Table 5 lists supported SNMP MIBs Table 5 SNMP MIB support COPS support Application Standard MIBs Proprietary MIBs S5 Chassis MIB s5cha127 mib S5 Agent MIB s5age140 mib RMON rfc2819 mib MLT rcMLT Common Open Policy Service rfc 2940 mib Policy Management Policy Info Base pib802 pibFramework piblp pibNtn mibntqos pibNtnEvol SNMPv3 MIBs RFCs 2570 2571 2572 2573 2574 2575 2576 MIB2 rfc1213 mib IF MIB r c2863 mib Etherlike MIB rfc2665 mib Interface Extension MIB s5ifx100 mib Switch Bay Secure s5sbs102 mib IP Multicast IGMP Snooping rcVlanlgmp Proxy System Log MIB bnlog mib S5 Autotopology MIB s5emt104 mib VLAN rcVlan Entity MIB RFC 2737 Spanning Tree RFC1493 Bridge MIB 208700 B Chapter 1 The Business Policy Switch 2000 83 SNMP trap support The Business Policy Switch supports an SNMP agent with industry standard SNMPv1 traps as well as private SNMPv1 trap extensions Table 6 Table 6 Supported SNMP traps Trap name Configurable Sent when RFC 1215 industry standard linkUp Per port A port s link state changes
31. Enter when complete Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu A 208700 B Chapter 3 Using the console interface 163 Table 13 describes the System Characteristics screen fields Table 13 System Characteristics screen fields Field Description Operation Mode Read only field that indicates the operation mode of the unit for example When the unit is part of a stack configuration the read only field indicates the unit is operational in a stack and lists the current unit number of this switch In this example see Figure 54 on page 162 the current unit number is Unit 2 When the unit is not part of a stack configuration operating standalone the read only field indicates the unit is operating as a switch When in this operation mode the Size of Stack and Base Unit fields see following description do not appear Size of Stack This read only field only appears when the switch is participating in a stack configuration This field indicates the number of units configured in the stack configuration 1 to 8 units maximum Base Unit This read only field only appears when the switch is participating in a stack configuration This field indicates the unit number of the switch that is currently operating as the base unit MAC Address The MAC address of the switch or when the switch is participating in a stack configuration the MAC address of the
32. Field Default setting Appears in this Cl screen Monitoring Mode Disabled Port Mirroring Configuration screen on page 213 Monitor Unit Port Zero length string Unit Port X Zero length string Unit Port Y Zero length string Address A 00 00 00 00 00 00 no MAC address assigned Address B 00 00 00 00 00 00 no MAC address assigned Packet Type Both Rate Limiting Configuration screen on page 216 Limit None VLAN 1 IGMP Configuration screen on page 221 Snooping Enabled Proxy Enabled Robust Value 2 Query Time 125 seconds Set Router Ports Version 1 Static Router Ports for all ports Unit 4 Port Statistics screen on page 226 Port 4 Console Port Speed 9600 Baud Console Comm Port Configuration screen on page 231 Console Switch Password Not Required Console Stack Password Not Required Password Console Read Only Switch user Password Console Read Write Switch secure Password Console Read Only Stack user Password Console Read Write Stack secure Using the Business Policy Switch 2000 Version 1 2 392 Appendix F Default Settings Table 74 Factory default settings continued Field Default setting Appears in this Cl screen Note The following two fields only appear when the switch is a participant in a stack configuration New Unit Num
33. Match Priority 2 2 Inthe Filter Group Name field enter layer2filter This entry is a unique identification label to distinguish this filter group from other filter groups Note Do not leave spaces in your naming entry gt 3 Click the Group check box in the Filter Group Table to include the entry in the filter group 4 Enter the Order number 1 This entry establishes the evaluation order of filters in the group 5 Click Submit The new entry is displayed on the Layer 2 Group Modification page Figure 115 Using the Business Policy Switch 2000 Version 1 2 310 Chapter 5 Sample QoS configuration Figure 115 Layer 2 Group Modification page Application gt QoS gt QoS Advanced gt Rules gt Layer2 Group Modification Filter Group Name layer2filter Layer2 Filter Group ia VLAN Tag 802 1p eee nn Match Priority O 1 VLAN 1 Tagged Only IP Match Priority 1 Ignore Ignore Ignore Ignore Igno Match Priority 2 EN 6 Click Back The system returns you to Layer 2 Classification page The new filter group appears in the Layer2 Filter Group Table Figure 116 208700 B Chapter 5 Sample QoS configuration 311 Figure 116 Layer 2 Classification page El Ignore Inspect Source IP Layer4 Port Range Minimum Value b 0 65535 Maximum Value P 0 65535 a Source IP Layer4 Port Range Ul Layer2 Filter Group Table Action Filter Group Name El x layer2filter
34. None Range None Right Left Choosing a high speed flow control mode The high speed flow control feature allows you to control traffic and avoid congestion on the Gigabit full duplex link If the receive port buffer becomes full the Business Policy Switch issues a flow control signal to the device at the other end of the link to suspend transmission When the receive buffer is no longer full the switch issues a signal to resume the transmission You can choose Symmetric or Asymmetric flow control mode Symmetric mode This mode allows both the Gigabit MDA port and its link partner to send flow control pause frames to each other When a pause frame is received by either the Gigabit MDA port or its link partner the port suspends transmission of frames for a number of slot times specified in the control frame or until a pause release control frame is received Both devices on the link must support this mode when it is selected Asymmetric mode This mode allows the link partner to send flow control pause frames to the Gigabit MDA port When a pause frame is received the receiving port suspends transmission of frames for a number of slot times specified in the control frame or until a pause release control frame is received 208700 B Chapter 3 Using the console interface 207 In this mode the Gigabit MDA port is disabled from transmitting pause frames to its link partner Use this mode when the Gigabit MDA port i
35. Other STP Groups Yes Range No or Yes STP Group Allows you to make the STP Group active or inactive State Note that you cannot set the default STG STG1 to InActive Default Value Active for STG1 InActive for STGs 2 to 8 Range Active or InActive Spanning Tree Port Configuration screen The Spanning Tree Port Configuration screen allows you to set the STG participation for each switch port or all ports and to display spanning tree settings for individual switch ports or all switch ports Note If spanning tree participation of any trunk member is changed enabled or disabled the spanning tree participation of all members of that trunk is changed similarly Figure 91 shows sample port displays for the two Spanning Tree Port Configuration screens Choose Spanning Tree Port Configuration or press c from the Spanning Tree Configuration Menu to open the Spanning Tree Port Configuration screen Using the Business Policy Switch 2000 Version 1 2 246 Chapter 3 Using the console interface Figure 91 Spanning Tree Port Configuration a Port choice Trunk STP Group 1 Unit Participation Priority Normal Learning 128 Normal Learning 128 Normal Learning 128 Normal Learning 128 Normal Learning 128 Normal Learning 128 Normal Learning 128 Normal Learning 128 Normal Learning 128 Normal Learning 128 Normal Learning 128 Normal Learning
36. Rate Limiting Configuration screen voc cack ese ceded hon nr my aus 216 IGMP Configuration Menu screen 0 0 00 cee 219 IGMP Configuration SOlGGD ius eese cmm menm ERR ERR RR Rx odd Rura 221 Multicast Group Membership screen 00 0c eee eee eee eee 224 Part Statistics SHES dra eee hs ROR S AAA AR ERR AGE a ER ERS 226 Stack Operational Mode screen 0 230 Console Comm Port Configuration screen 0 eee 231 Identify Unit Numbers iiio s me mmy emm meten mes 237 Renumber Stack Units screen 0 0000 eee 238 Hardware Unit Information Screen iiie hr RR RR 239 Spanning Tree Configuration Menu screen llli llle 240 Spanning Tree Group Configuration screen 0 eee 242 Spanning Tree Port Configuration screen 0 eee 245 Spanning Tree Switch Settings screen 0 0 2 cee 248 Spanning Tree VLAN Membership screen 000 cece eee eae 252 TELNET SNMP Web Access Configuration screen 00000e eu 254 Software Download Screen 56452 sap sara RR 4A RRRRISRRRERRRA 257 LED Indications during the download process o oooccocococcocoo oo 261 Configuration File Menu SCreeN o o ocooocooocc ees 261 Configuration File Download Upload screen 0000 0c eee eee 262 REQUIERES ona dr PE ERR TER AN e de 265 ASCII Configuration File Download screen 0 00 cece eee 266 System Log Screen cc cid dance ta d ERO C RR do RO E ea Rad OR OC EM
37. S2 e ee E ME Spanning Tree Port Configuration Priority Path Cost State Port Trunk Part 1 t 128 10 Forwarding 2 Enabled 128 10 Forwarding Enabled 128 10 Forwarding 4 Enabled 128 10 Forwarding 5 Enabled 128 10 Forv g 6 Enabled 128 10 7 1 Enabled 128 4 8 Enabled 128 10 5 1 Enabled 128 4 10 Enabled 128 10 rv au 1 Enabled 128 4 Forwarding 12 Enabled 128 10 Forwarding More ess Ctri N to display choices for ports 13 26 ess Ctrl R to return to previous menu Press Ctrl C to S2 Port Configuration screen 9809EA Additional tips about the MultiLink Trunking feature When you create a MultiLink Trunk the individual trunk members the specific ports that make up the trunk logically connect and react as a single entity For example if you change spanning tree parameters for any trunk member the spanning tree parameters for all trunk members change 208700 B Chapter 2 Network configuration 139 All configured trunks are indicated in the Spanning Tree Configuration screen The Trunk field lists the active trunks adjacent to the port numbers that correspond to the specific trunk member for that trunk When a trunk is active you can disable spanning tree participation using the Trunk Configuration screen or using the Spanning Tree Configuration screen Whe
38. Table 31 describes the MultiLink Trunk Configuration Menu screen options Table 31 MultiLink Trunk Configuration Menu screen options Option Description MultiLink Trunk Displays the MultiLink Trunk Configuration screen Figure 75 This screen Configuration allows you to configure up to six MultiLink Trunks within a standalone switch or within a stack configuration You can group up to four switch ports together to form each trunk MultiLink Trunk Displays the MultiLink Trunk Utilization screen Figure 76 and Figure 77 This Utilization screen allows you to monitor the bandwidth utilization of the configured trunks MultiLink Trunk Configuration screen The MultiLink Trunk Configuration screen Figure 75 allows you to configure up to six trunks in a standalone switch or stack In a stack configuration trunk members can be distributed between any of the units within the same stack configuration 208700 B Chapter 3 Using the console interface 209 Any mix of up to eight Business Policy Switches and BayStack 450 and BayStack 410 switches can be stacked to provide a total of 224 ports when all MDA slots are configured with the maximum port availability See Appendix B for more information about a mixed stack configuration When the trunks are enabled the trunk members take on default settings necessary for correct operation of the MultiLink Trunking feature These default settings can affect the corr
39. This field determines the length of time a partitioned port remains disabled This field is not operational when the Partition Port on Intrusion Detected field is set to Forever Default 1 second the value 0 indicates forever Range 0 65536 seconds 208700 B Chapter 3 Using the console interface 173 Table 17 MAC Address Security Configuration fields continued Field Description DA Filtering on Intrusion When set to enabled this field isolates the intruding node by filtering Detected discarding packets sent to that MAC address Default Disabled Range Disabled Enabled Generate SNMP Trap on When set to enabled and a MAC intrusion event is detected the software Intrusion issues an SNMP trap message to all registered SNMP trap addresses see SNMP Configuration screen on page 160 Default Disabled Range Disabled Enabled Clear by Ports This field clears the specified port or ports that are listed in the Allowed Source Port s field of the MAC Address Security Table screen see MAC Address Security Table screens on page 181 When you specify a port or ports to be cleared using this field the specific port or ports will be cleared for each of the entries listed in the MAC Address Security Table If you totally clear the allowed Source Port s field leaving a blank field for an entry the associated MAC address for that entry is also cleared Default NONE Range NONE ALL a port number list
40. You can verify the software version and the ISVN in the sysDescr field see Figure 131 in the System Characteristics screen Figure 131 System Characteristics screen e Operation Mode Size Of Stack Base Unit MAC Address Reset Count Power Status Local MDA Type sysDescr SysObjectID sysUpTime sysServices sysContact sysName sysLocation dd Last Reset Type Enter text press Return or Enter when complete Press Ctrl R to return to previous menu UN System Characteristics Stack Unit 1 2 1 00 80 2C 8D 23 DF 16 Management Reset Primary Power None Business Policy Switch 2000 HW AB3 FW Vx x SW v1 0 x x ISVN 1 1 34 6 1 4 1 45 3 40 1 O days 0 11 3 3 Press Ctrl C to return to Main J Refer to Software Download screen on page 257 for software downloading information Using cascade modules Installation instructions are provided with each BayStack 400 ST1 Cascade Module see Installing the BayStack 400 STI Cascade Module The BayStack 400 ST1 Cascade Module does not operate with BayStack 450 or BayStack 410 switches that are configured with BayStack 450 software versions earlier than version V1 1 0 For information about using MDAs refer to Appendix C Media dependent adapters on page 347 208700 B Appendix B Interoperability in a mixed stack configuration 345 Using the console interface Console Comm port
41. for example 1 1 2 6 etc Learn by Ports All source MAC addresses of any packets received on the specified port or ports are added to the MAC Security Table when the Current Learning Mode field is set to Enabled You cannot include any of the port values you have chosen for the secure ports field Default NONE Range NONE ALL a port number list for example 1 1 2 6 etc Current Learning Mode Indicates the current learning mode for the switch ports When this field is set to Learning in Progress all source MAC addresses of any packets received on the specified port or ports are added to the MAC Security Table maximum of 448 MAC address entries allowed If you exceed the limit of 448 entries the system prompts you with an alert message Default Disabled Range Enabled Disabled MAC Address Security Port Configuration screen The MAC Address Security Port Configuration screens Figure 59 and Figure 60 allow you to set or modify your MAC address port security configuration on a per port basis Using the Business Policy Switch 2000 Version 1 2 174 Chapter 3 Using the console interface To open the MAC Address Security Port Configuration screen Choose MAC Address Security Port Configuration from the MAC Address Security Configuration Menu 208700 B Chapter 3 Using the console interface 175 Figure 59 MAC Security Port Configuration screen 1 of 2 a MAC Security Por
42. to create To set this field the VLAN State field value must be Inactive Default Port based Range Port based Protocol based MAC SA based Protocol ID PID Allows you to set the protocol type of your VLAN to set this field the VLAN State field value must be Inactive You can choose from any of 14 predefined supported protocols see Predefined Protocol Identifier PID description on page 194 or you can create your own user defined protocol based VLAN see the User defined PID field description for more information Default None 208700 B Chapter 3 Using the console interface 193 Table 23 VLAN Configuration screen fields continued Field Description Range None IP Ether2 Ipx 802 3 Ipx 802 2 Ipx Snap Ipx Ether2 ApITk Ether2Snap Declat Ether2 DecOth Ether2 Sna 802 2 Sna Ether2 NetBios 802 2 Xns Ether2 Vines Ether2 Ipv6 Ether2 User Defined Rarp Ether2 User Defined PID Allows you to create your own user defined VLAN where you specify the Protocol Identifier PID for the VLAN To set this field the VLAN State field must be set to Inactive Some restrictions apply User Defined Protocol Identifier Description on page 195 Default 0x0000 Range Any 16 bit hexadecimal value for example OXABCD VLAN State Allows you to activate your newly created VLAN The following field values VLAN Type Protocol Id PID or User defined PID must be configured appropriately
43. 0 20 0 2 Rx and Tx 4 25 45 0 45 0 50 0 4 26 25 0 70 0 35 0 3 Rx and Tx 6 13 35 0 35 0 50 0 6 14 30 0 80 0 70 0 4 Rx and Tx 5 19 40 0 35 0 75 0 5 20 25 0 70 0 85 0 More Press Ctrl N to display utilization for trunks 5 6 Use space bar to display choices press lt Return gt or lt Enter gt to select choice eee Ctrl R to return to previous menu Press Ctrl C to return to Main Dum Using the Business Policy Switch 2000 Version 1 2 212 Chapter 3 Using the console interface Figure 77 MultiLink Trunk Utilization screen 2 of 2 P MultiLink Trunk Utilization UN Trunk Traffic Type Unit Port Last 5 Minutes Last 30 Minutes Last Hour 5 Rx and Tx 8 22 45 0 35 0 50 0 8 23 55 0 25 0 70 0 6 Rx and Tx 3 2 65 0 30 0 55 0 Rx and Tx 1 2 45 0 50 0 35 0 Rx and Tx 7 2 25 0 40 0 50 0 Rx and Tx 5 6 75 0 80 0 55 0 k Press Ctrl P to display utilization for trunks 1 4 Use space bar to display choices press lt Return gt or lt Enter gt to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu Jl Table 33 describes the MultiLink Trunk Utilization screen fields Table 33 MultiLink Trunk Utilization screen fields Field Description Trunk Column header for the read only fields in this screen The read only data displayed in this column indicates the trunk 1 to 6 that corresponds to the switch
44. 128 Normal Learning 128 Normal Learning 128 Press Ctrl R to return to previous menu to Main Menu Spanning Tree Port Configuration 1 Path Cost Press Ctrl N to display choices for additional ports Use space bar to display choices Forwarding Forwarding Forwarding Forwarding Forwarding Forwarding Forwarding Forwarding Forwarding Forwarding Forwarding Forwarding Forwarding Forwarding More press Return or Enter to select Press Ctrl C to return 2 Note Because multiple STGs are available only in Pure BPS 2000 Stack mode STP Group does not appear when you work in Hybrid Stack or mixed stack mode 208700 B Chapter 3 Using the console interface 247 Table 46 describes the Spanning Tree Port Configuration screen fields Table 46 Spanning Tree Port Configuration screen fields Field Description STP Group The field allows you to select the number of the spanning tree group STG you want to view To view another STG type that STG ID number and press Enter or press the spacebar on your keyboard to to toggle the STP Group numbers Default Value 1 Range 1 to 8 only created STP Groups display Unit This field only appears if the switch is participating in a stack configuration The field allows you to select the number of the unit you want to view To view another unit type its unit number and press Enter or press the spacebar on your keyboard t
45. 184 Chapter 3 Using the console interface To open the EAPOL Security Configuration screen Choose EAPOL Security Configuration or press e from the Switch Configuration Menu Figure 65 EAPOL Security Configuration screen a Quiet Period Server Timeout M Re authentication Period Transmit Period Supplicant Timeout Maximum Requests EAPOL Security Configuration EAPOL Administrative State Disabled Unit 1 Port 1 Initialize No Administrative Status Force Authorized Operational Status Authorized Administrative Traffic Control Incoming and Outgoing Operational Traffic Control Incoming and Outgoing Re authenticate Now No Re authentication Enabled 3600 seconds 60 seconds 30 seconds 30 seconds 30 seconds 2 mon Use space bar to display choices press Return or Enter to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu Table 21 describes the EAPOL Security Configuration screen options Table 21 EAPOL security configuration screen options Option Description EAPOL Administrative State Allows you to enable or disable EAPOL for your switch or stack When this field is set to disabled the default state the Operational Status for all of the Switch stack ports is set to Authorized no security restriction Default Disabled Range Disabled Enabled Unit Allows you t
46. 2 of VLAN 2 z 16bits 3bits 1bit 12bits Data After SA Outgoing Key untagged packet DA unchanged Priority User priority CFI Canonical format indicator VID VLAN identifier BS45024A The newly tagged frame is read within the switch and sent to the port s high or low transmit queue for disposition 208700 B Chapter 2 Network configuration 129 MultiLink Trunks Note For guidelines on configuring VLANs STGs and MLT refer to Chapter 1 MultiLink Trunks allow you to group up to four switch ports together to form a link to another switch or server thus increasing aggregate throughput of the interconnection between the devices up to 800 Mb s in full duplex mode You can configure up to six MultiLink Trunks The trunk members can reside on a single unit or on multiple units within the same stack configuration as a distributed trunk MultiLink Trunking software detects misconfigured or broken trunk links and redirects traffic on the misconfigured or broken trunk link to other trunk members within that trunk You can use the Trunk Configuration screen with the CI menus the Web based management system the CLI or DM to create switch to switch and switch to server MultiLink Trunk links Figure 39 shows two trunks T1 and T2 connecting Switch S1 to switches S2 and S3 Using the Business Policy Switch 2000 Version 1 2 130 Chapter 2 Network configuration Figure 39 Switch to swit
47. 2 you can retrieve the ASCII configuration file name and configuration server address using BootP With software 1 1 and a stack consisting only of BPS 2000 switches Pure BPS 2000 Stack mode you can perform BootP using the MAC address of the base unit The Business Policy Switch has a unique 48 bit hardware address or MAC address that is printed on a label on the back panel You use this MAC address when you configure the network BootP server to recognize the Business Policy Switch BootP requests A properly configured BootP server enables the switch to automatically learn its assigned IP address subnet mask and the IP address of the default router default gateway Using the Business Policy Switch 2000 Version 1 2 80 Chapter 1 The Business Policy Switch 2000 For information on a stack MAC address see Chapter 2 For more information and an example of a BootP configuration file see Appendixes Configuration and switch management The Business Policy Switch is shipped directly from the factory ready to operate in any IOBASE T or 100BASE TX standard network You must assign an IP address to the switch or stack depending on the mode of operation You can set both addresses by using the console port or BootP which resides on the switch You can manage the switch using e Console interface The console interface CI allows you to configure and manage the switch locally or remotely Access the CI menus and screens local
48. A EN55022 1995 Class A e EN61000 3 2 1995 e EN61000 3 3 1994 Electromagnetic immunity The module meets the EN50082 1 1997 standard Declaration of Conformity The Declaration of Conformity for the BPS 2000 complies with ISO IEC Guide 22 and EN45014 The declaration identifies the product models the Nortel Networks name and address and the specifications recognized by the European community As stated in the Declaration of Conformity the Business Policy Switch 2000 complies with the provisions of Council Directives 89 336 EEC and 73 23 EEC 208700 B 339 Appendix B Interoperability in a mixed stack configuration This appendix presents important interoperability guidelines when you implement a mixed stack configuration A mixed stack consists of a combination of Business Policy Switches and BayStack 450 and or BayStack 410 switches This appendix covers the following topics Compatibility with BayStack 450 switches next e Setting up your mixed stack configuration on page 340 Compatibility with BayStack 450 switches The BPS 2000 software version 1 2 is compatible with BayStack 450 software version 4 1 When you are using a local console to access the BPS 2000 software version 1 2 features with a Hybrid or mixed stack BPS 2000 and BayStack 450 and 410 switches in the same stack you must plug your local console into a BPS 2000 unit To find out which version of the BPS 2000 software is r
49. A Ad UR 269 Using the Business Policy Switch 2000 Version 1 2 12 Contents Chapter 4 Policy enabled networks 200 ee cece eee eee eens 273 A si SET A TEO ET TEE eed 274 Summary of packet classifiers ooooooocccooocoorrrorrrrn ee 274 LITA er SONOS ccc coe bel eae iia bc 275 Differentiated Services DiffServ overview 0000 cee eee eee eee 276 A LaL idabaequ dore eda II 277 Packet classifiers or filters uuo oaa dob educ ward deb Rabat NOU sod trad Rear accru qiios 279 Layer WSS iocus cues seme eee A qx eRe om del RARA 280 A dod ERE OE sp WO bed dob eui E pd FOR ec O 281 Changing IEEE 802 1p priority and drop precedence iss 281 PONG PC P rrr 282 US vM c PERPE 285 luper escri dara aria 286 Metering or traffic policing overview llle 287 Poy DAU Duas doxes dd x ed asd ud a Edad Pu ep S NEA da E em idea 288 Packet How GING QOS 24461 cec eR ERR GO Ed e A Exe RA RU RU Roh x pad 289 Default Cos settings resuocbRSCeOxdde EP DbEdGemdb Race Ro dore Pao puo 290 QoS ponlipuraton gudel sauces qp YEA EHE PERRA e RR Ad eed Rd 290 COPS OVON iue ded otira AR drea s aded d Oe dew Ri dodo pde des 291 Chapter 5 Sample QoS configuration oooooccnocononann o 293 Al caedi caca e od aree d si abdo lose Rus boc dr ad 294 Accepting default mapping values 0 00 cece eee eee 298 setting up filters and filler groups isse airo ee acu dads sada rior 298 Deining sm I
50. Change DSCP of matching IP packets If you request changing the DSCP for non IP traffic the request will be ignored 208700 B Chapter 4 Policy enabled networks 281 e Change IEEE 802 1p and drop precedence of matching packets If a layer 2 filter is installed on a trusted port then it cannot change the DSCP of the matching IP traffic or the IEEE 802 1p for all types of traffic If a layer 2 filter is installed on an untrusted port then the associated action must change the DSCP if matching IP traffic IEEE 802 1p and drop precedence of all matching traffic If a layer 2 filter is installed on an unrestricted port you can specify an action to change or ignore either the DSCP if matching IP traffic IEEE 802 1p and drop precedence of the matching traffic Refer to Table 57 for more information on layer 2 traffic either IP or non IP and trusted untrusted or unrestricted ports IP filters IP filters are used to classify IP traffic based on the following criteria e Layer 3 information including IP source and subnet addresses IP destination and subnet addresses DSCP and IP protocols such as TCP UDP e Layer 4 information including TCP UDP port numbers port ranges are not supported by layer 3 filters IP filters have the same actions as layer 2 filters If an IP filter is installed on a trusted port then it cannot change the DSCP of the matching IP traffic or 802 1p user priority If an IP filter is installed on an
51. Copy Configuration Image to Server No Retrieve Configuration Image from Server No Enter text press Return or Enter when complete Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu m p Table 52 describes the Configuration File Download Upload screen fields Using the Business Policy Switch 2000 Version 1 2 264 Chapter 3 Using the console interface Table 52 Configuration File Download Upload screen fields Field Description Configuration Image Filename The file name you have chosen for the configuration file Choose a meaningful file name that will allow you to identify the file for retrieval when required The file must already exist on your TFTP server and must be read write enabled Default Value Zero length string Range An ASCII string of up to 30 printable characters TFTP Server IP Address The IP address of your TFTP load host Default Value 0 0 0 0 no IP address assigned Range Four octet dotted decimal notation where each octet is represented as a decimal value separated by a decimal point Copy Configuration Image to Server Specifies whether to copy the presently configured switch stack parameters to the specified TFTP server default is No Use the spacebar to toggle the selection to Yes Press Enter to initiate the process Default Value No Range Yes No Retrieve Configuration Image from Server Sp
52. Enter HLE LMAROREICRESHE mo 0 00 0O 00 Command Line Allows a properly authorized user to initiate a CLI management session Refer to Interface Reference for the Business Policy Switch 2000 Command Line Interface Release 1 2 for information on using the CLI Logout Allows a user in a Telnet session or a user working at a password protected console terminal to terminate the session 208700 B Chapter 3 Using the console interface 155 IP Configuration Setup screen The IP Configuration Setup screen Figure 52 allows you to set or modify the Business Policy Switch IP configuration parameters Data that you enter in the user configurable fields takes effect as soon as you press Enter To open the IP Configuration Setup screen Choose IP Configuration Setup or press i from the main menu Figure 52 IP Configuration Setup screen C N IP Configuration Setup BootP Request Mode BootP When Needed Configurable In Use Last BootP In Band Stack IP Address 10 30 31 108 10 30 31 108 0 0 0 0 In Band Switch IP Address 10 30 31 106 0 0 0 0 In Band Subnet Mask 255 255 255 0 255 255 255 0 0 0 0 0 Default Gateway 0 0 0 0 0 0 0 0 0 0 0 0 IP Address to Ping 0 0 0 0 Start Ping No Ping Address 10 10 40 3 Stack UpTime 01 07 54 Reset Count 13 Use space bar to display choices press Return or Enter to select choice ee Ctrl R to return to previous menu Pr
53. GBIC models continued Model number Description Part number 1000BASE XD Uses single mode fiber to connect devices over AA1419003 distances up to 50 km 31 mi depending on the quality of the cable 1000BASE ZX Uses single mode fiber to connect devices over AA1419004 distances up to 70 km 43 mi depending on the quality of the cable The ports operate in full duplex mode only The GBICs are available in different case styles Figure 137 One type has two spring tabs at the front of the GBIC the other type has an extractor handle on the front GBICs are shipped with a protective rubber plug in the connectors Leave the plug in place when no cables are connected to the GBIC Figure 137 GBIC case styles GBIC model with GBIC model with extractor tabs extractor handle 9702FA For complete technical specifications on available GBICs refer to Gigabit Interface Converter GBIC Installation Guide Go to the www nortelnetworks com documentation URL Find the product for which you need documentation Then locate the specific category and model or version for your hardware or software product Use Adobe Acrobat Reader to open the manuals and release notes search for the sections you need and print them on most standard printers Installation The 450 1GBIC MDA Host port is covered with a spring loaded filler panel that rotates out of the way as you push the GBIC into place You can install or replace
54. IP packet is untagged the BPS 2000 uses 8 default layer 2 filters to change the DSCP based on the default IEEE 802 1p priority of the ingress untrusted port The BPS 2000 changes the packet DSCP using the 802 1p priority mapping table that matches each one of the eight IEEE 802 1p priorities to the corresponding DSCP The values can be modified by a policy server or by the user The unrestricted ports or the unrestricted class of interface groups have no restrictions That is you can re mark the DSCP or not depending on your configuration Using unrestricted ports allows you to manipulate the DSCP value based on the filter criteria Table 58 describes the default DSCP QoS class IEEE 802 1p and egress queue assignment for packets in each traffic class Table 58 Default mapping of DSCP to QoS class and IEEE 802 1p i Outgoing IEEE Incoming or re marked DSCP QoS class Number of queues 802 1p user hex values 2 4 ae priority CS7 38 Critical 1 1 7 CS6 30 Network EF 2E CS5 28 Premium 6 208700 B Chapter 4 Policy enabled networks 285 Table 58 Default mapping of DSCP to QoS class and IEEE 802 1p continued i T Outgoing IEEE Incoming or re marked DSCP QoS class Number of queues 802 1p user hex values 2 4 Sun priority AF44 22 AF42 24 AF43 26 Platinum 2 2 5 CS4 20 AF31 1A AF32 1C AF33 1E Gold 4 CS3 18 AF21 12
55. Modification page 302 IP manager list 56 254 IVL SVL field 192 L Last Auto Configuration Status field 268 Last Manual Configuration Status field 268 Last Reset Type field 163 Late Collisions field 229 Layer2 Classification Group page 308 Layer2 Classification page 305 Layer2 Filter Creation section 305 Layer2 Filter Group Table section 308 Layer2 Group Modification page 309 Learn by Ports field 173 LEDs descriptions 39 328 display panel 39 328 Link field 203 Link Trap field 203 Local MDA Type field 163 log messages 269 Login Retries field 255 Login Timeout field 255 Logout command 154 Logout screen 154 Lost Packets field 228 MAC address 97 231 MAC Address Configuration for MAC SA Based VLAN screen 196 MAC Address field 163 182 239 MAC Address Security Configuration field 170 MAC Address Security Configuration Menu 169 MAC Address Security Configuration option 165 MAC Address Security Configuration screen 171 MAC Address Security field 172 MAC Address Security Port Configuration field 170 MAC Address Security Port Configuration screen 173 MAC Address Security Port Lists field 170 MAC Address Security Port Lists screen 176 MAC Address Security SNMP Locked field 172 MAC Address Security Table field 170 MAC Address Security Table screen 181 MAC Address State field 196 MAC Address Table screen 165 167 MAC address based network security 70 MAC SA Based VLAN field 196 208700 B Index 4
56. OH 1M 58S I Link Up Trap 4 0D OH 1M 58S I Link Up Trap 5 OD OH 1M 58S I Link Up Trap zero means messages from last reset Press Ctrl N to see more messages Press Ctrl C to return to Main y Table 55 describes the System Log screen fields 208700 B Chapter 3 Using the console interface 271 Table 55 System Log screen fields Field Description Unit This field only appears if the switch is participating in a stack configuration The field allows you to select the unit number of the Business Policy Switch you want to view To view the log messages of another Business Policy Switch type its unit number and press Enter or press the spacebar on your keyboard to toggle the unit numbers Display Messages From This field allows you to select the RAM source your messages are obtained from Choose Non Volatile NVRAM Volatile DRAM or Volatile Non Volatile Use the spacebar to toggle between the options Default Non Volatile Range Non Volatile Volatile Volatile Non Volatile Display configuration complete This field allows you to determine whether the configuration information received from NVRAM DRAM depending on what is selected in the Display Messages From field is complete Use the spacebar to toggle between the options Default No Range No Yes Clear Messages From This field allows you to clear the information messages from DRAM NVRAM or both If you clear D
57. Range No Yes 208700 B Chapter 3 Using the console interface 199 Table 27 VLAN Port Configuration screen fields continued Field Description Filter Unregistered Frames Sets this port to filter discard all received unregistered packets The Business Policy Switch does not support the Yes option Default No Range No Yes Port Name The default port name with associated stack unit number when configured assigned to this port You can change this field to any name that is up to 16 characters long Default Unit x Port x Range Any ASCII string of up to 16 printable characters PVID Associates this port with a specific VLAN For example a port with a PVID of 3 assigns all untagged frames received on this port to VLAN 3 Default 1 Range 1 to 4094 Port Priority Prioritizes the order in which the switch forwards packets received on specified ports see CH1 Default 0 Range 0to7 Tagging Allows you to assign VLAN Port Membership tagging options to this port as follows Untagged Access Any VLAN that this port is a member of will not be 802 1Q tagged Tagged Trunk Any VLAN that this port is a member of will be 802 1Q tagged Restriction If this port is a Gigabit port or a BayStack 410 24T switch port that is a protocol based VLAN member you cannot set this field value to Untagged Access This restriction also applies if this port is a MultiLink trunk member w
58. STG must be independently configured To use more that one STG ensure that the Stack Operational Mode is set to Pure BPS 2000 Stack mode To view and set the Stack Operational Mode refer to Chapter 3 Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 or Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 You have only the single default STG available if you are in Hybrid Stack mode which is for running mixed stacks Using the Business Policy Switch 2000 Version 1 2 50 The STG or bridge group forms a loop free topology that includes one or more virtual LANs VLANs With software version 1 2 the BPS 2000 supports multiple instances 8 of STGs running simultaneously As noted in Increased VLANs the BPS 2000 with software version 1 2 supports a maximum of 256 VLANs With a maximum of 8 STGs on average each STG will have 32 VLANs In the default configuration of the BPS 2000 a single STG with the ID of 1 includes all ports on the switch It is called the default STG Although ports can be added to or deleted from the default STG the default STG STG1 itself cannot be deleted from the system Also you cannot delete the default VLAN VLANI from STGI The tagging for the BPDUs from STG1 or the default STG is user configurable as are tagging settings for all STGs However by default STG1 sends out only untagged BPDUs in order to operate with al
59. Set the Service Type field value to Administrative e Read only access Set the Service Type field value to NAS Prompt For detailed instructions to set up your RADIUS server refer to your RADIUS server documentation MAC address based security The MAC address based security feature allows you to set up network access control based on source MAC addresses of authorized stations You can e Create a list of up to 448 MAC addresses and specify which addresses are authorized to connect to your switch or stack configuration The 448 MAC addresses can be configured within a single standalone switch or they can be distributed in any order among the units in a single stack configuration Specify which of your switch ports each MAC address is allowed to access The options for allowed port access include NONE ALL and single or multiple ports that are specified in a list for example 1 1 4 1 6 2 9 Using the Business Policy Switch 2000 Version 1 2 71 e Specify optional actions to be exercised by your switch if the software detects a security violation The response can be to send a trap turn on destination address DA filtering disable the specific port or any combination of these three options The MAC address based security feature is based on Nortel Networks BaySecure LAN Access for Ethernet a real time security system that safeguards Ethernet networks from unauthorized surveillance and intrusion For inst
60. Stack Unit table full The unit is on the ring but cannot participate in the stack configuration Using the Business Policy Switch 2000 Version 1 2 41 Table 2 Business Policy Switch 2000 LED descriptions continued Label Type Color State Meaning Base Base mode Green On The switch is configured as the stack base unit Off The switch is not configured as the stack base unit or is in standalone mode Blinking Stack configuration error indicates that multiple base units or no base units are configured in the stack Amber On This unit is operating as the stack configuration s temporary base unit This condition occurs automatically if the base unit directly downstream from this unit fails If this happens the following events take place The two units directly upstream and directly downstream from the failed unit automatically wrap their cascade connectors and indicate this condition by lighting their Cas Up and Cas Dwn LEDs see Cas Up and Cas Dwn description in this table If the temporary base unit fails the next unit directly downstream from this unit becomes the new temporary base unit This process can continue until there are only two units left in the stack configuration This automatic failover is a temporary safeguard only If the stack configuration loses power the temporary base unit will not power up as the base unit when power is restore
61. You cannot configure EAPOL based security on ports that are currently configured for Shared segments MultiLink Trunking MAC address based security IGMP Static Router Ports Port mirroring e You can connect only a single client on each port that is configured for EAPOL based security If you attempt to add additional ports to a port that port goes to Blocking mode EAPOL based security uses the RADIUS protocol to authenticate local console Telnet and EAPOL authorized logins Refer to RADIUS based network security on page 70 for more information on using the RADIUS protocol Flash memory storage Switch software image storage The Business Policy Switch uses flash memory to store the switch software image The flash memory allows you to update the software image with a newer version without changing the switch hardware see Chapter 3 An in band connection between the switch and the TFTP load host is required to download the software image Using the Business Policy Switch 2000 Version 1 2 77 Configuration parameters storage All configuration parameters are stored in flash memory These parameters are updated every 10 seconds if a change occurs or whenever a reset command is executed Note Do not power off the switch within 10 seconds of changing any configuration parameters Powering down the switch within 10 seconds of changing configuration parameters can cause the changed conf
62. Zero length string Range 1 to 8 1 to 28 depending on model type Unit Port Y Indicates one of the ports of the specified unit that will be monitored by the designated port monitor when one of the port based monitoring modes is selected When installed as a standalone switch the screen does not display the Unit field designation This port will be monitored according to the value of Port Y in the Monitoring Mode field see Table 35 Default Value Zero length string Range 1 to 8 1 to 28 depending on model type Address A Indicates the MAC addresses that will be monitored by the designated port monitor when one of the address based monitoring modes is selected This port will be monitored according to the value of Address A in the selected Monitoring Mode field see Table 35 Default Value 00 00 00 00 00 00 no MAC address assigned Range 00 00 00 00 00 00 to FF FF FF FF FF FF Address B Indicates the MAC addresses that will be monitored by the designated port monitor when one of the address based monitoring modes is selected This port will be monitored according to the value of Address B in the selected Monitoring Mode field see Table 35 Default Value 00 00 00 00 00 00 no MAC address assigned Range 00 00 00 00 00 00 to FF FF FF FF FF FF Table 35 describes the various monitoring modes available from the Port Mirroring Configuration screen Using the Business Policy Switch 2000 Version 1 2 216 Chapter 3 Using the co
63. about networking concepts protocols and topologies consult the following RFCs RFC 1213 MIB II RFC 1493 Bridge MIB RFC 2863 Interfaces Group MIB RFC 2665 Ethernet MIB RFC 2737 Entity MIBv2 RFC 2819 RMON MIB RFC 1757 RMON RFC 1271 RMON RFC 1157 SNMP RFC 2748 COPS RFC 2940 COPS Clients RFC 3084 COPS Provisioning RFC 2570 SNMPv3 RFC 2571 SNMP Frameworks RFC 2573 SNMPv3 Applications RFC 2574 SNMPv3 USM RFC 2575 SNMPv3 VACM RFC 2572 SNMP Message Processing 208700 B Chapter 1 The Business Policy Switch 2000 85 Using the Business Policy Switch 2000 Version 1 2 86 Chapter 1 The Business Policy Switch 2000 208700 B 87 Chapter 2 Network configuration Use Business Policy Switches to connect workstations personal computers PCs and servers to each other by connecting these devices directly to the switch through a shared media hub connected to the switch or by creating a virtual LAN VLAN through the switch This chapter contains the following important information on configuring networks e Compatibility with BayStack 450 switches next e Network configuration examples on page 88 Business Policy Switch stack operation on page 93 IEEE 802 1Q VLAN workgroups on page 104 IGMP snooping on page 122 e MultiLink Trunks on page 129 e Port mirroring on page 139 Compatibility with BayStack 450 switches
64. allows high performance low cost connections to full duplex and half duplex 10 100 1000 Mb s Ethernet local area networks LANs The Business Policy Switch provides the features detailed in the following sections e Introduced with software version 1 2 CLI management system on page 48 Increased VLANs on page 48 Multiple Spanning Tree Protocol groups on page 49 ASCII configuration file on page 53 IP manager list on page 56 e Introduced with software version 1 1 Policy enabled networks with QoS metering on page 57 Support for the GBIC MDA on page 57 EAPOL based security on page 58 Automatic PVID on page 59 Tabular port statistics on page 61 Ability to ping on page 61 Improved STP Fast Learning Mode on page 61 BootP menu item for a stack of only BPS 2000 switches on page 62 e Introduced with software version 1 0 Policy enabled networking on page 62 Virtual Local Area Networks VLANs on page 63 Security on page 66 Flash memory storage on page 76 MultiLink Trunking on page 77 Port mirroring conversation steering on page 78 Autosensing and autonegotiation on page 78 BootP automatic IP configuration MAC address on page 79 Using the Business Policy Switch 2000 Version 1 2 48 SNMP MIB support on page 81 SNMP trap support on page 83 CLI manage
65. apply to groups of ports interface groups Because a port can belong to only one interface group a port will be classified as trusted untrusted or unrestricted These types are also referred to as interface classes So you have three classes of interface groups Trusted untrusted and unrestricted By default all ports are untrusted You must configure the ports to be trusted Table 57 shows the guidelines the switch uses to re mark various fields based on the type of traffic and class of interface group Table 57 Re marking QoS fields by class of interface group Type of filter Action Trusted Untrusted Unrestricted IP filter or DSCP Cannot re mark Must re mark Re mark or not Layer 2 filter matching IP IEEE 802 1p Uses the DSCP to Must re mark Re mark or not 802 1p table to mark Drop precedence Uses the DSCP to Must re mark Re mark or not 802 1p table to mark Layer 2 filter non IP DSCP Cannot re mark Cannot re mark Cannot re mark IEEE 802 1p Cannot re mark Tagged must re mark Re mark or not Untagged cannot re mark Drop precedence Cannot re mark Tagged must re mark Re mark or not Untagged cannot re mark The Business Policy Switch does not trust the DSCP of IP traffic received from an untrusted port but it does trust the DSCP of IP traffic received from a trusted port Filters installed on trusted ports cannot change the DSCP of the IP
66. as a BayStack 410 or BayStack 450 stack In a mixed stack containing more than one Business Policy Switch If the assigned Business Policy Switch base unit fails the next Business Policy Switch unit in the stack order automatically becomes the new temporary base unit All Business Policy Switch units in the stack will be exhausted as base units successively before assigning a BayStack 410 or BayStack 450 as base unit The base unit change is indicated by the base LED on the temporary base unit s LED display panel turning on amber If the stack s base unit reverts to a BayStack 410 or BayStack 450 switch the stack does not maintain Business Policy Switch features and will continue operation as a BayStack 410 or BayStack 450 stack Compatible software versions Be sure to follow the instructions for the initial setup according to the Installing the Business Policy Switch 2000 guide In a mixed stack the BayStack 450 and BayStack 410 switches must use compatible but device specific software versions to operate with the Business Policy Switch You must ensure that the Interoperability Software Version Numbers ISVN are identical That is the ISVN number for the BayStack 450 switch and BayStack 410 switch must have the same ISVN as the Business Policy Switch If they are not the same the stack does not operate Using the Business Policy Switch 2000 Version 1 2 344 Appendix B Interoperability in a mixed stack configuration
67. can be active at any time If the active Phy port fails the redundant Phy port automatically becomes the active port e The 450 1SX MDA is a single Phy MDA Both models Figure 132 conform to the IEEE 802 3z 1000BASE SX standard and use shortwave 850 nm fiber optic connectors to connect devices over multimode 550 meter fiber optic cable Figure 132 1000BASE SX MDA front panels 450 1SR MDA 1 port redundant 1000BASE SX lO lol Mellel Lih Activity 3 T BS bas BK 450 1SR MDA 1000BASE SX 450 1SX MDA single port 1000BASE SX L m lollo 399 js RX 450 1SX MDA BS45044A Table 67 describes the 1000BASE SX components and LEDs Using the Business Policy Switch 2000 Version 1 2 350 Appendix C Media dependent adapters For installation instructions see Installing an MDA on page 363 Table 67 1000BASE SX MDA components Item Label Description 1 Link Communication link LEDs green On Valid communications link Off The link connection is bad or there is no connection to this port Blinking The corresponding port is management disabled Phy or Phy Select Phy status LEDs green On The corresponding Phy port is active Off The corresponding Phy port is in backup mode or there is no connection
68. community and read write community strings enable or disable the authentication trap and the link Up down trap set the IP address of trap receivers and set the trap community strings System Characteristics Displays the System Characteristics screen see System Characteristics screen on page 162 This screen allows you to view switch characteristics including number of resets power status hardware and software version and MAC address This screen also contains three user configurable fields sysContact sysName and sysLocation When the switch is part of a stack configuration this screen also displays the base unit identification the number of units configured in the stack and the local unit stack number 208700 B Chapter 3 Using the console interface 153 Table 10 Console interface Main Menu options continued Option Description Switch Configuration Displays the Switch Configuration Menu screen see Switch Configuration Menu screen on page 164 This menu provides the following configuration options MAC Address Table MAC Address Based Security EAPOL Security Configuration VLAN Configuration Port Configuration MultiLink Trunk Configuration Port Mirroring Configuration Rate Limiting Configuration IGMP Configuration Display Port Statistics Clear All Port Statistics and Stack Operational Mode Console Comm Port Configuration Displays the Console Comm Port
69. connection can be either an RJ 45 10 100BASE TX MDA or a fiber IOOBASE FX or 1000BASE SX LX MDA with an SC or MT RJ connector Note The MDAs are not hot swappable Power down the switch before installing or removing an MDA To install an MDA into the Uplink Expansion Module slot 1 Unplug the AC power cord from the back of the switch Using the Business Policy Switch 2000 Version 1 2 364 Appendix C Media dependent adapters 2 Loosen the thumb screws and remove the filler panel or previously installed MDA from the Uplink Expansion Module slot Note If you are replacing an installed MDA with another type of MDA see Replacing an MDA with a different model on page 366 208700 B Appendix C Media dependent adapters 365 3 Insert the MDA into the Uplink Expansion Module card guides Figure 140 Make sure the MDA slides in on the card guides Failure to align the MDA to the card guides could damage the pins Figure 140 Installing an MDA 9793FA 4 Press the MDA firmly into the Uplink Expansion Module slot Be sure that the MDA is fully seated into the mating connector Secure the MDA by tightening the thumb screws on the MDA front panel Attach devices to the MDA ports After connecting the port cables continue to follow the instructions in the manual for the switch to connect power and verify the installation Note The IEEE 802 3u specification requires that all ports operating at 1
70. console interface As an alternative method instead you can highlight the field and then enter 2 9 Return The existing field keeps the previous list and adds the new port number 2 9 between ports 2 7 and 3 14 If you choose to add port 2 8 to the existing port number list the field accepts the new port 2 8 but shows the new port number list field as 1 3 2 7 8 3 1 4 Removing a port from an existing port number list To remove a port from the port number list use the minus sign character instead of the plus sign character as described above Copying an existing field into and adjacent field You can use the period character to copy a previously entered field value into the field directly next to it For example to copy the Allowed Source S3 shown in Figure 62 on page 178 into the next field entry 6 1 Enter a MAC address into the next MAC address field 2 Highlight the blank Allowed Source field 3 Enter the period character and click Return The port number list from the previous entry is copied into the new field 208700 B Chapter 3 Using the console interface 181 MAC Address Security Table screens The MAC Address Security Table screens allow you specify the ports that each MAC address is allowed to access You must also include the MAC addresses of any routers that are connected to any secure ports There are 16 available MAC Address Security Table screens Figure 63 that you can
71. eee 162 Switch Configuration Menu screen 20000 cece eee eee 165 MAC Address Table Screen 000 cece eee 168 MAC Address Security Configuration Menu screen 170 MAC Address Security Configuration screen 0 0005 171 MAC Security Port Configuration screen 1 of 2 175 MAC Security Port Configuration screen 2 of 2 175 MAC Address Security Port Lists screens oo ooooooo o 127 MAC Address Security Port Lists screen oo ooo ooooooo o 178 MAC Address Security Table screens oocooocccoccoooooo 181 MAC Address Security Table screen llli 182 EAPOL Security Configuration screen 0000 cee eee 184 VLAN Configuration Menu screen 0 0000 cece eee ee ees 188 VLAN Configuration SCHON canes rra ehem a nee ed x 191 208700 B Figures 19 Figure 68 MAC Address Configuration for MAC SA Based VLAN screen 196 Figure 69 VLAN Port Configuration screen 0 0 eee 198 Figure 70 VLAN Display by Port screen oooccconccnrno eee 200 Figure 71 Port Configuration screen 1 of 2 00 02 202 Figure 72 Port Configuration screen 2 of 2 2 1 2 2 2c eee 202 Figure 73 High Speed Flow Control Configuration o ooocoooooooo 205 Figure 74 MultiLink Trunk Configuration Menu screen luisse 208 Figure 75 MultiLink Trunk Configuration screen oooooccocoocccooooo 209 Fig
72. identification label distinguishes this filter group from other filter groups Note Do not leave spaces in your naming entry 3 Click the Group check box in the Filter Group Table to include the entry in the filter group 4 Enter the Order number 1 This step establishes the evaluation order of filters in the group 5 Click Submit The new entry is displayed on the IP Group Modification page Figure 108 208700 B Chapter 5 Sample QoS configuration 303 Figure 108 IP Group Modification page Application QoS QoS Advanced Rules IP Group Modification Fitter Group Name IPacket IP Filter Group Graun Filter Destination Destination Source Source DSCPIProtocol Destination Source F ID Address Address Mask Address Address Mask L4 Port L4 Port 134 177 69 0 255 255 255 0 134 177 0 0 255 255 0 0 0x20 TCP Ignore Ignore 6 Click Back The system returns you to IP Classification page The new filter appears in the IP Filter Table and the new filter group appears in the IP Filter Group Table Figure 109 and Figure 110 Using the Business Policy Switch 2000 Version 1 2 304 Chapter 5 Sample QoS configuration Figure 109 IP Classification page 1 of 2 Application gt QoS gt QoS Advanced gt Rules gt IP Classification IP Filter Table kaana Destination Destination Source Source P Protocol Destination Source Permit t Address Address Mask Address Address
73. interface group role combination have the same set of filters installed on them When you move a port to another interface group role combination the filters associated with the previous interface group are removed and the filters associated with the new interface group are installed on the port 208700 B Chapter 4 Policy enabled networks 287 When the power is turned on ports are assigned to the default interface group role combination which is named allBPSIfcs So if you install a filter without creating or specifying another interface group that filter will by default be installed in the default interface group which applies to all ports Note You must remove all ports from an interface group in order to delete it You cannot delete an interface group that is referenced by a policy Metering or traffic policing overview QoS traffic policing which operates at ingress provides different levels of service to data streams through user configurable parameters A meter is used to measure the traffic stream against a traffic profile which you create Thus creating meters yields In Profile and Out of Profile traffic Using meters you set a Committed Rate in Kb s 1000 bits per second in each Kb s All traffic within this Committed Rate is In Profile Additionally you set a Maximum Burst Rate that specifies an allowed data burst larger than the Committed Rate for a brief period After you set the Maximum Burst Rat
74. its Maximum Age Time parameter value becomes the Actual Maximum Age Time parameter value for all bridges participating in the spanning tree network See also Maximum Age Time Default Value 20 seconds Range 6 to 40 seconds Bridge Forward Delay Time For the STP Group indicates the Forward Delay parameter value specified by management for this bridge This parameter takes effect only when this bridge becomes the root bridge The Forward Delay parameter value specifies the amount of time that the bridge ports remain in the Listening and Learning states before entering the Forwarding state Note that all bridges participating in the spanning tree network use the root bridge s Forward Delay parameter value See also Forward Delay Default Value 15 seconds 4 to 30 seconds Range Add VLAN Membership Allows you to add a VLAN to the specified spanning tree group Default Value 1 Range 1 to 4094 208700 B Chapter 3 Using the console interface 245 Table 45 Spanning Tree Group Configuration parameters continued Parameter Description Delete VLAN Allows you to delete a VLAN from the specified spanning tree group Membership Default Value Blank Range 1 to 4094 but only configured ones are available NOTE You cannot remove VLAN 1 from STP Group 1 Tagged BPDU Allows you to choose to send either tagged or untagged BPDUs from a tagged port on tagged port Default Value STP Group 1 No
75. lag5 enable member 17 18 add vlans and ports Using the Business Policy Switch 2000 Version 1 2 55 create vlan portbased vlan create 100 name vlan100 type port add Mlts created above to this VLAN vlan members add 100 17 create vlan ip protocol based vlan create 150 name vlan150 type protocol ipEther2 add ports to this VLAN in this case all ports vlan members add 150 ALL vlan ports ALL priority 3 create vlan MACSA based vlan create 90 name MAC90 type macsa add ports to this VLAN in this case all ports vlan members add 90 ALL igmp you could disable proxy on vlan 100 vlan igmp 100 proxy disable change speed of port interface Fastethernet 3 speed 10 duplex half exit change speed of port 4 interface Fastethernet 4 Using the Business Policy Switch 2000 Version 1 2 56 speed auto duplex auto SNMP configuration snmp host 192 168 100 125 private snmp community private Note To add comments to the ASCII configuration file add an exclamation point to the beginning of the line Refer to Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 for complete information on using the CLI commands IP manager list With software version 1 2 you can limit access to the management features of the BPS 2000 by defining the IP addresses allowed access to the switch The features provided by the IP manager
76. list are Definitions of up to 10 allowed IP addresses and masks Options to enable or disable access for Telnet SNMP and the Web based management system Using the Business Policy Switch 2000 Version 1 2 57 You must change the Telnet access field through direct access to the interface you cannot change the Telnet access field through Telnet You must set the Telnet feature after the first power up Note To avoid locking a user out of the switch Nortel Networks recommends that you configure ranges of IP addresses that you allow access When you configure the access you are setting access for the next session The current session any user has open is unaffected For information on configuring the IP manager list refer to Chapter 3 Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 and Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 Policy enabled networks with QoS metering With version 1 1 the BPS 2000 supports the traffic policing or metering feature of IETF Differentiated Services DiffServ Quality of Service QoS architecture Refer to Policy enabled networking on page 62 for a more complete description of policy enabled networks and refer to Chapter 4 for a complete discussion of policy enabled networks Differentiated Services DiffServ and Quality of Service QoS For information on configuring policy enabled n
77. location and still retain the precedence of the remaining policies In the Meter field choose Practice In the Track Statistics field choose Yes Click Submit The new entry is displayed in the Policy Table Using the Business Policy Switch 2000 Version 1 2 318 Chapter 5 Sample QoS configuration Figure 122 Policies page with new entry Application gt QoS gt QoS Advanced gt Policies g Policy E Action olicy Filter Group Filter Role Interface Policy Track E ame Type Group Combination Direction Order Statistics Al x Ippolicy 1 IP Filter Group Packet Webbrowsing Ingress Practice No Policy Creation Policy Name J Filter Group Type e Filter Group y Filter Group Packet y Role Combination allBPSites y Policy Order J Meter Practice y Track Statistics Yes y In summary you configured a QoS policy called ppolicy This policy applies a combination of packet filtering matching criteria and actions to individual interfaces ports in the hardware You specified that this policy will use the IPacket filter group with the elements that you specified Ippolicy will use the Role Combination Webbrowsing and Practice meter Ippolicy specifies the type of behavior you want to apply to a flow of packets Assigning mapping values Note Nortel Networks recommends that you use the default mapping values to ensure end to end QoS connectivity across Nortel Network products
78. mode when operating a hybrid stack Business Policy Switches support up to 64 VLANs port protocol or MAC SA based including VLAN 1 which is always port based With software version 1 2 the switch supports up to 256 VLANs The maximum number of available MAC SA based VLANs is always 48 Note The maximum 256 VLANs is supported only if the Stack Operational Mode is in Pure BPS 2000 Stack mode A standalone BPS 2000 also supports a maximum 256 VLANs The maximum number of MAC SA based VLANS is always 48 A mixed stack that consists of BPS 2000 and BayStack 450 switches has only 64 VLANs If you change from a Pure BPS 2000 Stack to a Hybrid Stack you lose all VLANs When a switch port is configured to be a member of a VLAN it is added to a group of ports workgroup that belong to one broadcast domain You can assign different ports and therefore the devices attached to these ports to different broadcast domains This feature allows network flexibility because you can reassign VLANs to accommodate network moves additions and changes eliminating the need to change physical cabling Using 256 VLANs The BPS 2000 software version 1 2 provides support for 256 VLANs These 256 can be spread among port based protocol based and MAC SA based VLANs maximum of 48 MAC source address based VLANs Using the Business Policy Switch 2000 Version 1 2 66 If you are working with more than 64 VLANs in a Pure BPS 2000 St
79. new DiffServ Codepoint DSCP Re mark the 802 1p field Assign a drop precedence Figure 101 provides a schematic overview of QoS policies Using the Business Policy Switch 2000 Version 1 2 276 Chapter 4 Policy enabled networks Figure 101 Schematic of QoS policy Ports Filter Action Queues ae E LEES Packets E Classifier Meter Marker u Dropper H P O 802 1p r DSCP t Loss Sensitivity 10451EA Differentiated Services DiffServ overview Differentiated services DiffServ is a Quality of Service QoS network architecture that offers varied levels of service for different types of data traffic DiffServ lets you designate a specific level of performance on a packet by packet basis instead of using the best effort model for your data delivery You can give preferential treatment prioritization to applications that require high performance and reliable service such as voice and video over IP To differentiate between traffic flows the DiffServ DS field as defined in RFCs 2474 and 2475 is marked The DS field in the IP header is an octet and the first six bits called the DS codepoint DSCP are used in the DiffServ architecture The DSCP marking dictates the forwarding treatment given to the packet at each hop This marking occurs at the edge of the DiffServ domain and is based on the policy or filter for the p
80. o5 50 6 60 HO 6 16 o 7 70 o 7 70 MDI X port Crossover cable MDI X port BS45057A DB 9 RS 232 D Console Comm Port connector The DB 9 Console Comm Port connector Figure 155 is configured as a data communications equipment DCE connector The DSR and CTS signal outputs are always asserted the CD DTR RTS and RI signal inputs are not used This configuration enables a management station a PC or console terminal to connect directly to the switch using a straight through cable Figure 155 DB 9 Console port connector 4 lle 6 619EA 208700 B Appendix E Connectors and pin assignments 385 Table 73 lists the DB 9 Console connector pin assignments Table 73 DB 9 Console port connector pin assignments Pin Signal Description 1 CD Carrier detect not used 2 TXD Transmit data output 3 RXD Receive data input 4 DTR Data terminal ready not used 5 GND Signal ground 6 DSR Not used 7 RTS Request to send not used 8 CTS Not used 9 RI Ring indicator not used Shell Chassis ground Using the Business Policy Switch 2000 Version 1 2 386 Appendix E Connectors and pin assignments 208700 B 387 Appendix F Default Settings Table 74 lists the factory default settings for the Business Policy Switch 2000 according to the console interface CI screens and fields for the settings Tab
81. of BPS 2000 and BayStack 450 switches has only 64 VLANs Refer to Using 356 VLANs in Chapter 1 for more information on using 256 VLANs You can configure up to 48 MAC SA based VLANs Up to 48 MAC addresses can be used with the existing MAC SA based VLANs Due to hardware limitations it is possible that some MAC address cannot be entered depended on the values of MAC addresses previously entered Using the Business Policy Switch 2000 Version 1 2 188 Chapter 3 Using the console interface When you create VLANs you can assign various ports and therefore the devices attached to these ports to different broadcast domains Creating VLANS increases network flexibility by allowing you to reassign devices to accommodate network moves additions and changes eliminating the need to change physical cabling Note Refer to Chapters 1 and 2 for detailed information about configuring VLANs To open the VLAN Configuration Menu Choose VLAN Configuration or press v from the Switch Configuration Menu screen Figure 66 VLAN Configuration Menu screen d VLAN Configuration Menu VLAN Configuration MAC Addresses for MAC SA Based VLAN VLAN Port Configuration VLAN Display by Port Return to Switch Configuration Menu Use arrow keys to highlight option press lt Return gt or lt Enter gt to select option Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu e
82. of VLAN 1 Range U T and Using the Business Policy Switch 2000 Version 1 2 194 Chapter 3 Using the console interface Predefined Protocol Identifier PID description Table 24 defines the standard protocol based VLANs and PID types that are supported by the Business Policy Switch and BayStack 450 and BayStack 410 switches Table 24 Predefined Protocol Identifier PID PID Name Encapsulation PID Value hex VLAN Type IP Ether2 Ethernet type 2 0800 0806 Standard IP on Ethernet Type 2 frames Ipx 802 3 Ethernet 802 2 FF FF Novell IPX on Ethernet 802 3 frames Ipx 802 2 Ethernet 802 0 EO EO Novell IPX on Ethernet 802 2 frames Ipx Snap Ethernet Snap 8137 8138 Novell IPX on Ethernet SNAP frames Ipx Snap2 Ethernet type 2 8137 8138 Novell IPX on Ethernet Type 2 frames ApITk Ether2 Snap Ethernet type 20r 809B 80F3 AppleTalk on Ethernet Type 2 and Ethernet Ethernet Snap Snap frames Declat Ether2 Ethernet type 2 6004 DEC LAT protocol DecOther Ether2 Ethernet type 2 6000 6003 Other DEC protocols 6005 6009 8038 Sna 802 2 Ethernet 802 2 04 04 IBM SNA on IEEE 802 2 frames Sna Ether2 Ethernet type 2 80D5 IBM SNA on Ethernet Type 2 frames NetBios 802 2 Ethernet type 2 F0 FO NetBIOS protocol Xns Ether2 Ethernet type 2 0600 0807 Xerox XNS Vines Ether2 Ethernet type 2 OBAD Banyan VINES Ipv6 Ether2 Ethernet type 2 86DD IP version 6 User Defined Ethernet type 2 User
83. on both sides of the switch the unit to overheat Note Operating temperature for the switch must not exceed 40 C 104 F Do not place the switch in areas where it can be exposed to direct sunlight or near warm air exhausts or heaters The Activity LED fora The switch is experiencing a See Port connection problems next connected port is off or port connection problem does not blink and you have reason to believe that traffic is present The switch s link partner is not autonegotiating properly The Status LED is off A fatal error was detected by Cycle the power to the switch disconnect and the self test then reconnect the AC power cord If the problem persists replace the switch 208700 B Chapter 6 Troubleshooting 333 Table 60 Corrective actions continued Symptom Probable cause Corrective action The Status LED is A nonfatal error occurred Cycle the power to the switch disconnect and blinking during the self test then reconnect the AC power cord If the problem persists contact the Nortel Networks Technical Solutions Center Port connection problems You can usually trace port connection problems to either a poor cable connection or an improper connection of the port cables at either end of the link To remedy these types of problems make sure that the cable connections are secure and that the cables connect to the correct ports at both ends
84. on configuring VLANs refer to Chapters 2 and 3 Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 Reference for the Business Policy Switch 2000 Management Software Version 1 2 and Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 Multiple Spanning Tree Protocol groups BPS 2000 switches support the Spanning Tree Protocol STP as defined in IEEE 802 1D As defined in the IEEE 802 1D standard the Spanning Tree Protocol detects and eliminates logical loops in a bridged or switched network When multiple paths exist the spanning tree algorithm configures the network so that a bridge or switch uses only the most efficient path If that path fails the protocol automatically reconfigures the network to make another path become active thus sustaining network operations Starting with software version 1 2 the BPS 2000 supports multiple spanning tree groups STGs The BPS 2000 supports a maximum of 8 STGs either all in one standalone switch or across a stack consisting of only BPS 2000 switches Pure BPS 2000 Stack mode Multiple STGs provide multiple data paths which can be used for load balancing and redundancy You enable load balancing between two BPS 2000 switches using multiple STGs by configuring each path with a different VLAN and then assigning each VLAN to a separate STG Each STG is independent Each STG sends its own Bridge Protocol Data Units BPDUs and each
85. on specific ingress ports In each IP packet there is a differentiated services DiffServ field in the packet header that you can mark for specific treatment This field is called the DiffServ code point DSCP The DSCP has a specific value that determines how the packet is treated as it travels through the network As each packet is examined it will be forwarded or dropped depending on whether or not the filter criteria is matched You use the IP Filter Creation section of the Rules gt IP Classification page when defining your IP filters To define an IP filter 1 Click the Application gt QoS gt QoS Advanced gt Rules gt IP Classification menu option The IP Classification page opens Figure 105 and Figure 106 Using the Business Policy Switch 2000 Version 1 2 300 Chapter 5 Sample QoS configuration Figure 105 P Classification page 1 of 2 Application gt QoS gt QoS Advanced gt Rules gt IP Classification IP Filter Group Table Filter Group Name Create Filter Group 2 Inthe Destination Address box click Network Address a Inthe Network Address field enter 134 177 69 0 208700 B Chapter 5 Sample QoS configuration 301 This address is used to match the destination IP address in the packet s IP header b Inthe Subnet Mask field enter 255 255 255 0 3 Inthe Source Address box click Network Address a Inthe Network Address field enter 134 177 0 0 This is the IP
86. opi s2accsehecdeunteediashuabaid daplesadeeaneeasateoakwes dor Safety agency certilicaliDll claserucubbe deed Ho ews debe E Xm a c RE EE a eR RE RS 397 Electromagnetic SMISSIONS c osrmiciric ra a ad ee 338 looeamdnete ND ccc cases sedes dra ie 338 Declaration ar Cong scr cri 338 Appendix B Interoperability in a mixed stack configuration 339 Compatibility with BayStack 450 switches 2 00000 cee eee eee 339 Setting up your mixed stack configuration 060 cece eee eee 340 Configuration requirements 4 00 0cee cee eR Red xxm ROSA RR A 340 Bape Ul epe I TT 341 Merging the Business Policy Switch into a mixed stack 341 Automa EM und apa dotar exor uod S ead oder ace dede ru RUE UU gs o dd dod dices 342 Temporary base UNI ers cect cers cerid ERR eee ee SEIAT SrA 343 Using the Business Policy Switch 2000 Version 1 2 14 Contents Compatible software versions 0000 c eee eee eee 343 Using cascade modules usua duds Sede Ob eee eee BOR GRO Ca E cod NR 344 Using the console Interface ccssece se Rm Rn mes 345 Troubleshooting problems 2i sssses a er e RR REOR REEL ERR 345 Appendix C Media dependent adapters lleesseelleeeeeeee 347 1000BASE SX 450 1SR MDA and 450 1SX MDA 0 00 0c eee 348 1000BASE LX 450 1LR MDA and 450 1LX MDA 0 00 020 eee eee 350 10BASE T 100BASE TX BPS2000 4TX MDA 00 00 e eee eee 35
87. patch cord see 1000BASE LX multimode applications on page 367 Figure 133 1000BASE LX MDA front panels 2 450 1LR MDA 1 port redundant 1000BASE LX 1000BASE LX lO lol mene TX RX TX RX 450 1LX MDA 2 single port 1000BASE LX a 5 lollo 22 Activity D RX 450 1LX MDA BS45045A Table 68 describes the 1000BASE LX MDA components and LEDs 208700 B Appendix C Media dependent adapters 353 For installation instructions see Installing an MDA on page 363 Table 68 1000BASE LX MDA components Item Label Description 1 Link Communication link LEDs green On Valid communications link Off The communications link connection is bad or there is no connection to this port Blinking The corresponding port is management disabled 2 Phy or Phy status LEDs green Phy Select On The corresponding Phy port is active Off The corresponding Phy port is in backup mode or there is no connection to this port 3 Activity Port activity LEDs green Blinking Indicates network activity level for the corresponding port A high level of network activity can cause LEDs to appear to be on continuously 4 1000BASE X SC port connectors 10BASE T 100BASE TX BPS2000 4TX MDA The BPS2000 4TX MDA Figure 134 uses four IOBASE T 100BA
88. policing overview on page 287 e Policy overview on page 288 e Packet flow using QoS on page 289 e Default QoS settings on page 290 e QoS configuration guidelines on page 290 e COPS overview on page 291 Using the Business Policy Switch 2000 Version 1 2 274 Chapter 4 Policy enabled networks Summary Policy enabled networks allow system administrators to prioritize the network traffic thereby providing better service for selected applications Using Quality of Service QoS the system administrators can establish service level agreements SLAs with customers of the network In general QoS helps with two network problems bandwidth and time sensitivity QoS can help you allocate guaranteed bandwidth to the critical applications and you can limit bandwidth for less critical applications Applications such as video and voice must have a certain amount of bandwidth to work correctly using QoS you can provide that bandwidth when necessary Also you can put a high priority on applications that are sensitive to timing out or cannot tolerate delay by assigning that traffic to a high priority queue Nortel Networks uses Differentiated Services DiffServ to provide QoS functionality A DiffServ architecture enables service discrimination of traffic flows or microflows by offering network resources to higher classes at the expense of lower classes of service This architecture allows you to prioritize micr
89. screen examples in this chapter may not appear on your screen depending on the switch options installed However the full menu options are shown in the screen examples and described in the following sections Using the Business Policy Switch 2000 Version 1 2 152 Chapter 3 Using the console interface Figure 51 Console interface main menu va an Use arrow keys to highlight option press lt Return gt or lt Enter gt to select Business Policy Switch 2000 Main Menu IP Configuration Setup SNMP Configuration System Characteristics Switch Configuration Console Comm Port Configuration Identify Unit Numbers Renumber Stack Units Display Hardware Units Spanning Tree Configuration TELNET SNMP Web Access Configuration Software Download Configuration File Display System Log Reset Reset to Default Settings Command Line Interface Logout 2 Table 10 describes the CI main menu options Table 10 Console interface Main Menu options Option Description IP Configuration Setup Displays the IP Configuration Setup screen see IP Configuration Setup screen on page 155 This screen allows you to set or modify IP configuration parameters and to ping other network devices SNMP Configuration Displays the SNMP Configuration screen see SNMP Configuration screen on page 160 This screen allows you to set or modify the SNMP read only
90. tagging after policy based VLAN assignment Policy VLAN 3 Port 1 v lt UO Port 2 Port 3 m Port 4 802 1Q Switch Untagged member 2 of VLAN 3 Outgoing untagged packet unchanged Port 5 C n Tagged member of VLAN 3 CRC Data Tag tenes 8100 Priority VID 3 16 bits 3 bits 1 bits 12 bits After Key Priority User priority CFI Canonical format indicator VID VLAN identifier BS45012B Using the Business Policy Switch 2000 Version 1 2 110 Chapter 2 Network configuration In Figure 23 tagged incoming packets are assigned directly to VLAN 2 because of the tag assignment in the packet Port 5 is configured as a tagged member of VLAN 2 and port 7 is configured as an untagged member of VLAN 2 Figure 23 802 1Q tag assignment PVID 2 Port 1 Port 2 Port 3 TR Tagged packet We o CRC Data Tag SA DA E gt 5 802 1Q Switch 5 Before Port 6 Port 7 Port 8 Untagged member of VLAN 2 BS45013A 208700 B Chapter 2 Network configuration 111 As shown in Figure 24 the tagged packet remains unchanged as it leaves the switch through port 5 which is configured as a tagged member of VLAN 2 However the tagged packet is stripped untagged as it leaves the switch through port 7 whic
91. to up linkDown Per port A port s link state changes to down authenticationFailure System wide There is an SNMP authentication failure coldStart Always on The system is powered on warmStart Always on The oe restarts due to a management reset s5CtrMIB Nortel proprietary traps s5CtrUnitUp Always on A unit is added to an operational stack s5CtrUnitDown Always on A unit is removed from an operational stack s5CtrHotSwap Always on A unit is hot swapped in an operational stack s5CtrProblem Always on An assigned base unit fails s5EtrSbsMacAccess Violation Always on A MAC address violation is detected For information on configuring SNMP using the CI menus refer to Chapter 3 Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 and Reference for the Business Policy Switch 2000 Management Software Version 1 2 Supported standards and RFCs This section lists the standards and RFCs supported by the BPS 2000 Using the Business Policy Switch 2000 Version 1 2 84 Chapter 1 The Business Policy Switch 2000 Standards The following IEEE Standards contain information germane to the Business Policy Switch 2000 RFCs IEEE 802 1D Standard for Spanning Tree Protocol IEEE 802 3 Ethernet IEEE 802 1Q VLAN Tagging IEEE 802 1p Prioritizing For more information
92. traffic The first filter identifies IP traffic and the second filter matches everything else for VLAN 100 Because the first filter is installed on an untrusted port it must change the DSCP IEEE 802 1p priority and drop precedence of the matching IP traffic For trusted ports you also need two layer 2 filters However the actions will not re mark the fields Layer 2 filters that do not match IP traffic pass the traffic through untouched With layer 2 filters that match IP traffic the hardware matches the fields using mapping tables you configure or uses the preset default tables which Nortel Networks recommends Refer to Table 57 for more information on layer 2 traffic either IP or non IP and trusted untrusted or unrestricted ports Note Layer 2 filters should have the same evaluation order or precedence order as shown in this example to ensure that IP traffic will be treated properly BPS 2000 ports are classified into three categories trusted untrusted and unrestricted ports These three categories are also referred to as interface classes In your network trusted ports are usually connected to the core of the DiffServ network and untrusted ports are typically access links that are connected to end stations Unrestricted ports can be either access links or connected to the core network 208700 B Chapter 4 Policy enabled networks 283 The classifications of trusted untrusted and unrestricted actually
93. transmitted to all other stations on the local segment Therefore for any given station on the shared Ethernet the local segment is the collision domain because traffic on the segment has the potential to cause an Ethernet collision The local segment is also the broadcast domain because any broadcast is sent to all stations on the local segment Although Ethernet switches and bridges divide a network into smaller collision domains they do not affect the broadcast domain In simple terms a virtual local area network VLAN provides a mechanism to fine tune broadcast domains Your Business Policy Switch allows you to create three types of VLANs EEE 802 10 port based VLANs A port based VLAN is a VLAN in which the ports are explicitly configured to be in the VLAN When you create a port based VLAN you assign a Port VLAN Identifier PVID and specify which ports belong to the VLAN The PVID is used to coordinate VLANs across multiple switches Using the Business Policy Switch 2000 Version 1 2 64 In software version 1 1 automatic PVID automatically sets the PVID when you configure a port based VLAN The PVID value will be the same value as VLAN The user can also manually change the PVID value The default setting for AutoPVID is Off you must enable this feature e Protocol based VLANs A protocol based VLAN is a VLAN in which you assign your switch ports as members of a broadcast domain based on the protocol information wi
94. tree considerations for MultiLink Trunks and Chapter 1 for spanning tree group configuration guidelines e When a trunk is enabled the trunk spanning tree participation setting takes precedence over that of any trunk member e If you change the VLAN settings of any trunk member the VLAN settings of all members of that trunk change similarly Using the Business Policy Switch 2000 Version 1 2 134 Chapter 2 Network configuration When you set any trunk member to Disabled not active through the Port Configuration screen or through network management the trunk member is removed from the trunk The trunk member has to be reconfigured to rejoin the trunk through the Trunk Configuration screen on the CI menus or another management system A screen prompt precedes this action when you are using CI menus A trunk member cannot be disabled if there are only two trunk members on the trunk You cannot configure a trunk member as a monitor port see Chapter 3 Trunks cannot be monitored by a monitor port however trunk members can be monitored see Port based mirroring configuration All trunk members must have identical IGMP configurations If you change the IGMP snooping configuration for any trunk member the IGMP snooping settings for all trunk members change How the MultiLink Trunk reacts to losing distributed trunk members If your MultiLink Trunk Figure 42 spans separate units in a stack configuration and any o
95. trunk configuration example T1 Business Policy Switch 2000 mE 9805EA Client server configuration using MultiLink Trunks Figure 41 shows an example of how MultiLink Trunking can be used in a client server configuration In this example both servers connect directly to Switch S1 FS2 is connected through a trunk configuration T1 The switch to switch connections are through trunks T2 T3 T4 and T5 Clients accessing data from the servers FS1 and FS2 are provided with maximized bandwidth through trunks T1 T2 T3 T4 and T5 Trunk members the ports making up each trunk do not have to be consecutive switch ports you can select ports randomly as shown by T5 With spanning tree enabled one of the trunks T2 or T3 acts as a redundant backup trunk to Switch S2 With spanning tree disabled you must configure trunks T2 and T3 into separate VLANs for this configuration to function properly For more information on configuration guidelines for spanning tree VLANs and MultiLink Trunking refer to Chapter 1 and IEEE 802 1Q VLAN workgroups Using the Business Policy Switch 2000 Version 1 2 132 Chapter 2 Network configuration Figure 41 Client server configuration example FS1 FS2 Business Policy Switch 2000 Bu
96. until it receives a BootP reply containing an in band IP address If the switch does not receive a BootP reply that contains an in band IP address within 10 minutes the switch uses the last in band IP address it received from a BootP server This IP information is displayed in the Last BootP column If an IP address is not currently in use these actions take effect immediately If an IP address is currently in use these actions take effect only after the switch is reset or power cycled With software 1 1 and a stack consisting only of BPS 2000 switches Pure BPS 2000 Stack mode you can perform BootP using the MAC address of the base unit Using the Business Policy Switch 2000 Version 1 2 160 Chapter 3 Using the console interface SNMP Configuration screen The SNMP Configuration screen Figure 53 allows you to set or modify the SNMP configuration parameters To open the SNMP Configuration screen Choose SNMP Configuration or press m from the main menu Figure 53 SNMP Configuration screen r Enter text M Trap 2 IP Address 0 0 0 0 Trap 3 IP Address 0 0 0 0 Trap 4 IP Address 0 0 0 0 SNMP Configuration Read Only Community String public Read Write Community String private Trap 1 IP Address 0 0 0 0 Community String Community String Community String Community String Authentication Trap Enabled AutoTopology Enabled press lt Return gt or lt E
97. untrusted port then it must change the DSCP IEEE 802 1p and drop precedence of the matching IP traffic If an IP filter is installed on an unrestricted port you configure that interface to change or not either the DSCP IEEE 802 1p and drop precedence of the matching IP traffic as you want Refer to Table 57 for more information on layer 2 traffic either IP or non IP and trusted untrusted or unrestricted ports Changing IEEE 802 1p priority and drop precedence You can change the IEEE 802 1p priority and drop precedence for IP traffic by using either IP or layer 2 filters To change IEEE 802 1p priority and drop precedence for non IP traffic you must use layer 2 filters Using the Business Policy Switch 2000 Version 1 2 282 Chapter 4 Policy enabled networks Ports For example to configure a policy that changes the IEEE 802 1p priority and drop precedence of traffic belonging to VLAN 100 received on untrusted ports that are associated with a specific role combination or interface group you would need the following two filters e A layer 2 filter that changes the DSCP IEEE 802 1p priority and drop precedence of IP traffic in VLAN 100 e A layer 2 filter that changes IEEE 802 1p priority and drop precedence of all types of traffic both IP and non IP in VLAN 100 The layer 2 filter is able to match against multiple layer 3 protocols Otherwise numerous layer 2 filters would be necessary to match against all non IP
98. values for the selected STP Group STP Group 1 is the default STP group To open the Spanning Tree Switch Settings screen Choose Spanning Tree Switch Settings or press d from the Spanning Tree Configuration Menu screen 208700 B Chapter 3 Using the console interface 249 Figure 92 Spanning Tree Switch Settings a M Spanning Tree Switch Settings STP Group 1 Bridge Priority 8000 Designated Root 8000000342F6DE21 Root Port Unit 2 Port 2 Root Path Cost 30 Hello Time 2 seconds Maximum Age Time 20 seconds Forward Delay 15 seconds Bridge Hello Time 2 seconds Bridge Maximum Age Time 20 seconds Bridge Forward Delay 15 seconds Use space bar to display choices press lt Return gt or lt Enter gt to select E choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu 2 Note Because multiple STGs are available only in Pure BPS 2000 Stack mode STP Group does not appear when you work in Hybrid Stack or mixed stack mode Using the Business Policy Switch 2000 Version 1 2 250 Chapter 3 Using the console interface Table 47 describes the Spanning Tree Switch Settings parameters Table 47 Spanning Tree Switch Settings parameters Parameter Description STP Group The field allows you to select the number of the spanning tree group STG you want to view To view another STG type that STG ID number and press Enter
99. very simplified introduction to the many ways to prioritize packets using QoS In simple terms the methods of prioritizing packets depend on the DSCP and the 802 1 priority level and drop precedence The QoS class basically directs which group of packets receives the best network throughput which group of packets receives the next best throughput and so on The level of service for each packet is determined by the configurable DSCP The available levels of QoS classes are currently named Premium Platinum Gold Silver Bronze and Standard The level of service for each packet is determined by the configurable DSCP Filters and filter groups basically sort the packets by various configurable parameters These parameters include VLAN ID IP source and subnet address IP protocol and many others The filter groups are associated with policies and policies are organized into a hierarchy The policy with the highest precedence is evaluated first The filters and filter groups are associated with interface groups in that packets from a specific port will have the same filters as all others in the particular interface group role combination Using the Business Policy Switch 2000 Version 1 2 290 Chapter 4 Policy enabled networks Meters operating at ingress keep the sorted packets within certain parameters You configure a committed rate of traffic allowing a certain size for a temporary burst as In Profile traffic All other traf
100. wad ade es 304 IP Classification page 2 Of 2 22 ccccccaecceaacaaeecaaeceugess 304 Layer 2 Classification page 1 of 2 2 0 2c eee 306 Layer 2 Classification page 2 of 2 0 0 cece eee 306 Layer 2 Classification page 000s 308 Laysi2 Group AA 44 OPEN cd RP Jo eens 309 Layer 2 Group Modification page sss 310 Layer 2 Classification PAYO secco RR mmn 311 POM Meee ME 312 Action page with new entry in Action Table o oo 313 NSIS PAGS si AA AAA SR CE 314 Meter page with new entry in Meter Table o oo 315 POICIES 2 tos ordre o e A a a e dd ekani einek 316 Policies page With new entry 2 00 cee eee ees 318 802 1p Priority Queue Assignment page 2000 eee eeee 320 DSUP Mapping page usecseserxakseszseRuax d Ae EE x eaa d RR 321 DSCP Mapping BAJ uus ax d uen dd aes Ecepg e ui deo epa a ad lea 322 DSGP Mapping page eaeque sucesadecduemeu daran RR 323 802 1p Priority Mapping page lssleesee eene 324 DSCP Queue Assignment page 20 0c cece eee eee 325 LED display pangl aii suesa suus cR a da sehen deeds 328 Stack Operational Mode screen 0 00 ccc eee 342 System Characteristics screen 000 00 e eee eee 344 1000BASE SX MDA front panels 2000 0c eee eee eee 349 1000BASE LX MDA front panels lille 352 BPSPDUO 4TX MDA front panel 42 2 au Ro radar 354 100BASE FX MDA front panels isissao eso
101. 0 fd 77 a4 4c 3 4 00 60 fd 77 ab 84 4 Renumbering stack units will cause an automatic Reset to Current Settings to occur across the entire stack The current configuration will be adapted to the new numbering scheme Check the stack configuration after the reset to confirm the desired configuration is set Are you sure you want to renumber switches with the new settings No Use space bar to display choices press Return or Enter to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu M 208700 B Chapter 3 Using the console interface 239 Table 43 describes the Renumber Stack Units screen options Table 43 Renumber Stack Units screen options Option Description Current Unit Number Read only fields listing the current unit number of each of the configured stack units The entries in this column are displayed in order of their current physical cabling with respect to the base unit and can show nonconsecutive unit numbering if one or more units were previously moved or modified The entries can also include unit numbers of units that are no longer participating in the stack not currently active MAC Address Read only field listing the MAC address of the corresponding unit listed in the Current Unit Number field New Unit Number User settable field showing the current unit number of each unit in the stack You can change any of th
102. 00 B Chapter 2 Network configuration 127 IGMP snooping configuration rules The IGMP snooping feature operates according to specific configuration rules When configuring your switch for IGMP snooping consider the following rules that determine how the configuration reacts in any network topology e A port that is configured for port mirroring cannot be configured as a static router port e fa MultiLink Trunk member is configured as a static router port all of the MultiLink trunk members are configured as static router ports Also if a static router port is removed and it is a MultiLink Trunk member all MultiLink trunk members are removed as static router port members automatically e Static router ports must be port members of at least one VLAN e Ifa port is configured as a static router port it is configured as a static router port for all VLANs on that port The IGMP configuration is propagated through all VLANs of that port e Ifa static router port is removed the membership for that port is removed from all VLANSs of that port The IGMP snooping feature is not STP dependent The IGMP snooping feature is not Rate Limiting dependent e The snooping field must be enabled for the proxy field to have any valid meaning e Static router ports are configured per VLAN and per IGMP Version Note Because IGMP snooping is set up per VLAN all IGMP changes gt are implemented according to the VLAN configuration for
103. 00 Mb s use only Category 5 unshielded twisted pair UTP cabling Using the Business Policy Switch 2000 Version 1 2 366 Appendix C Media dependent adapters Replacing an MDA with a different model When replacing an installed MDA with another type of MDA complete the following steps to clear the switch NVRAM 1 Power down the switch Remove the AC power cord from the power source Remove the installed MDA Loosen the thumbscrews and remove the MDA Cycle the switch power Power up the switch and wait for the Nortel Networks logo screen to appear approximately 10 seconds then power down the switch Install the replacement MDA Be sure to firmly tighten the two thumbscrews on the MDA front panel Power up the switch 208700 B Appendix C Media dependent adapters 367 1000BASE LX multimode applications For 1000BASE LX multimode applications the longwave gigabit transceivers must be mode conditioned externally via a special offset SMF MMF patch cord The offset SMF MMF patch cord allows the same transceiver to be used for both multimode and single mode fiber See your Nortel Networks sales representative for more information about the SMF MMF patch cord The 1000BASE LX transceiver is designed to mechanically accommodate the single mode ferrules used on one end of the special offset SMF MMF patch cord Multimode ferrules must not be used because they can bind and cause damage to the transceiver Do not
104. 000 100 Watt DC DC Converter Installation and Reference Guide part number 209132 B Describes installation and removal procedures for the 100 watt DC to DC converter for your Business Policy Switch 2000 Using the Business Policy Switch 2000 Version 1 2 30 Preface Reference Note Gigabit Ethernet Physical Layer Considerations part number 201540 B Provides information about gigabit transmission over fiber optic cable and mode conditioning Release Notes for Optivity Quick2Config for the Business Policy Switch 2000 2 2 1 part number 310621 A Documents important Quick2Config changes that are not covered in other related publications Configuring Business Policy Switches with Optivity Quick2Config 2 2 part number 311208A Describes how to configure the BPS 2000 using Quick2Config Installing and Administering Optivity Quick2Config 2 2 part number 207809 B Describes how to install Quick2Config You can print selected technical manuals and release notes free directly from the Internet Go to the www nortelnetworks com documentation URL The product family for the BPS 2000 is Data and Internet Find the product for which you need documentation Then locate the specific category and model or version for your hardware or software product Use Adobe Acrobat Reader to open the manuals and release notes search for the sections you need and print them on most standard printers Go to Adobe Systems at the www adobe
105. 01 Table 28 VLAN Display by Port screen fields Field Description Unit Allows you to select a switch in your stack To view another switch type its switch number and press Enter or press the spacebar to toggle the switch numbers Port Allows you to select the number of the port you want to view To view another port type its port number and press Enter or press the spacebar on your keyboard to toggle the port numbers PVID Read only field that indicates the PVID setting for the specified port Port Name Read only field that indicates the port name assigned to the specified port VLANs Column header for the read only fields listing the VLANs associated with the specified port VLAN Name Column header for the read only fields listing the VLAN Names associated with the specified port Port Configuration screen The Port Configuration screen Figures 71 and 72 allows you to configure specific switch ports or all switch ports You can enable or disable the port status of specified switch ports set the switch ports to autonegotiate for the highest available speed of the connected station or set the speed for selected switch ports autonegotiation is not supported on fiber optic ports You can disable switch ports that are trunk members however the screen prompts for verification of the request before completing the action Choosing Yes disables the port and removes it from the trunk Note
106. 01 main menu console interface 151 management 48 80 Management VLAN field 192 Maximum Age Time field 251 Maximum Requests field 187 media dependent adapters MDAs 57 347 363 1000BASE LX MDAs 350 1000BASE SX MDAs 348 100BASE FX MDAs 355 IOBASE T 100BASE TX MDAs 353 Meter page 314 Meter Table 314 MIBs 81 84 mixed stack 35 87 147 339 multicast 122 Multicasts field 228 MultiLink Trunk Configuration Menu 207 MultiLink Trunk Configuration screen 166 207 208 MultiLink Trunking 132 configuration example 129 configuration rules 133 description 77 feature 77 port mirroring 140 spanning tree 135 Multiple Collisions field 229 multiple spanning tree groups 49 N network 61 network configuration configuring power workgroups and a shared media hub 92 desktop switch 89 segment switch 89 stacking 92 New Unit Number field 239 Next Stack Operational Mode field 231 Number of addresses field 169 NVRAM 269 O Operational Mode field 163 Operational Status field 185 Operational Traffic Control field 186 Optivity Policy Services 291 Oversized Packets field 229 P Packets field 228 Participation field 247 Partition Port on Intrustion Dectection field 172 Partition Time field 172 Path Cost field 248 per hop behavior 276 ping 61 157 Ping Address field 157 Policies page 315 Policy Table 315 policy enabled networking 62 actions 288 COPS 291 DiffServ 62 276 filters 279 metering 57 287 p
107. 1023 byte packets transmitted successfully on this port 1024 1518 bytes Received column Indicates the total number of 1024 byte to 1518 byte packets received on this port Transmitted column Indicates the total number of 1024 byte to 1518 byte packets transmitted successfully on this port Frame Errors Indicates the total number of valid size packets that were received but discarded because of CRC errors and improper framing Undersized Packets Indicates the total number of packets received on this port with fewer than 64 bytes and with proper CRC and framing also known as short frames or runts Oversized Packets Indicates the total number of packets received on this port with more than 1518 bytes and with proper CRC and framing also known as oversized frames Filtered Packets Indicates the number of packets filtered not forwarded by this port Flooded Packets Indicates the total number of packets flooded forwarded through this port because the destination address was not in the address database FCS Errors Indicates the total number of valid size packets that were received with proper framing but discarded because of cyclic redundancy check CRC errors Collisions Indicates the total number of collisions detected on this port Single Collisions Indicates the total number of packets that were transmitted successfully on this port after a single collision Multiple Collisions
108. 19 meters 287 313 order 280 out of profile traffic 287 313 policing 313 policy 288 315 317 ports 282 286 297 precedence 280 317 queues 285 role combinations 286 295 297 sample configuration 294 Statistics 315 traffic policing 287 trusted untrusted unrestricted ports 282 Web based management system 293 Wizard 293 QoS Wizard pages 293 Quality of Service 273 Quiet Period field 186 R RADIUS Shared Secret field 237 RADIUS UPD Port field 237 RADIUS based network security 70 183 rate limiting broadcast and multicast storms 218 208700 B Index 403 configuration 216 Rate Limiting Configuration screen 166 217 Read Only Community String field 161 Read Write Community String field 161 Re authenticate Now field 186 Re authentication field 186 Re authentication Period field 186 Renumber Stack Units screen 238 request mode choosing 157 Reset Count field 157 163 Reset screen 153 Reset to Default Settings screen 154 Retrieve Configuration File from Server field 268 Retrieve Configuration Image from Server field 264 RFCs 84 RJ 45 port connector illustration 381 pin assignments 382 Root Path Cost field 250 Root Port field 250 S sample ASCII config file 54 sample QoS configuration 294 scripting with CLI 48 Secondary RADIUS Server field 237 security EAPOL based network security 71 IP manager list 56 MAC address based network security 70 management access 254 RADIUS based network se
109. 3 100BASE FX BPS2000 2FX MDA and BPS2000 4FX MDA ooococcooocoo o 355 SAM SESS as qu dE bier sad AAA Xx d pda oq dor ar 360 INSTA zsdasesaacedearAceiitieRQCe3sA LE sed C GxGeXZpcd pp qd T ETNOS 361 Fiemoving an Installed GBIC issus sme vate samen emm xem 362 Cabling Specifications for GBICS e scoocpicrana ax xrac dene hoi c Re ics 363 ISTMO AID qe mere 363 Replacing an MDA with a different model leeren 366 1000BASE LX multimode applications llsses lessen 367 Appendix D Quick steps to features 00 0 cece eee 369 Canfiguiinao S02 10 VLANG 24 026 rr ised XE Aa ee ESS 369 Configuring M ltiLink TRUNKS 42s g niena pew Re a ew ee ee 373 Sanguino PIT MINONO exorcista arras caia 374 Configura IGMP SmODBID sesxueexketexRECEEEERERP inian AA 375 Configuring authentication process for EAPOL based security 378 Appendix E Connectors and pin assignments oooocooccocn oo 381 RJ 45 10BASE T 100BASE TX port connectors llsllsllsllslss 381 MDI and MDI X SUBES os curta sci wwii sot DAA ADA cR EE ARA edu M dice 382 MDI X ta MDI cable COnNSCHIONS i3 2 ces qoe XR EE RR HRUR URGERE nct s 383 MDI X to MDI X cable connections 2 cee eae enhn 383 DB 9 RS 232 D Console Comm Port connector 0 0 0c eee eee 384 208700 B Contents 15 Appendix F a ro me TE Lr 387 Appendix G Sample BootP Configuration File oooooomommo mmoo 395 MON ii A AA A
110. 44 33 55 66 55 82 HELLE a Ss 22 55 33 44 33 22 83 2 S S iS 44 22 33 55 44 22 s4 Ca NE M 22 33 44 55 33 44 83 o ee Screen 1 More Press Ctrl N to display next screen Enter MAC Address XX XX XX XX XX XX press lt Return gt or lt Enter gt when complete Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu zd Table 20 describes the MAC Address Security Table screen fields Table 20 MAC Address Security Table Screen Fields Field Description Find an Address Allows you to search for a specific MAC address that is used in any of the MAC Address Security Table screens MAC Address Allows you to specify up to 448 MAC addresses that are authorized to access the switch You can specify the ports that each MAC address is allowed to access using the Allowed Source field see next field description The specified MAC address does not take effect until the Allowed Source field is Set to some value a single unit port number or a port list value that you previously configured in the MAC Address Security Port Lists screen You can clear an existing MAC address field by entering zero 0 in the field and pressing Enter Default no address assigned Range A range of 6 Hex Octets separated by dashes multicast and broadcast addresses are not allowed 208700 B Chapter 3 Using the console interface 183 Table 20 MAC Address Security Table Screen Fields continue
111. 5 LICENSEE ACKNOWLEDGES THAT LICENSEE HAS READ THIS AGREEMENT UNDERSTANDS IT AND AGREES TO BE BOUND BY ITS TERMS AND CONDITIONS LICENSEE FURTHER AGREES THAT THIS AGREEMENT IS THE ENTIRE AND EXCLUSIVE AGREEMENT BETWEEN NORTEL NETWORKS AND LICENSEE WHICH SUPERSEDES ALL PRIOR ORAL AND WRITTEN AGREEMENTS AND COMMUNICATIONS BETWEEN THE PARTIES PERTAINING TO THE SUBJECT MATTER OF THIS AGREEMENT NO DIFFERENT OR ADDITIONAL TERMS WILL BE ENFORCEABLE AGAINST NORTEL NETWORKS UNLESS NORTEL NETWORKS GIVES ITS EXPRESS WRITTEN CONSENT INCLUDING AN EXPRESS WAIVER OF THE TERMS OF THIS AGREEMENT 208700 B Contents 1 5 A nn 27 PES vou DEO errada rr ARA 28 Related PUDIERA AAA 28 a O 30 Chapter 1 The Business Policy Switch 2000 200 e eee eee o 33 General descHplloni cicsccccseeee ches RE XE Ca bee FoR eee AR 33 Slacking CAM Pen otra Se dnd den CU QR da oe eA d ag diat 33 Software version 1 2 compatibility with BayStack 450 switches 35 ias AA RA REG OE RR ERR EDOM SPAR KOA 36 TELS U E T cen a een tt Me oi ha ec 36 Console PON usas ra A a beeen quede NE ed dea es 37 UDIRE ON SIO auus tees A ns Abba A pea as 38 POM CONMIGO cc gd deen ia a 38 LED display panel corras Rin A A A 39 BECE DERI a ioi these ded ed e dtr Rosa lio oa da 43 Castada Module BIB omae te e rud PIE S Cb d dedo Reds 43 Coola AUS Sada ees er eee ea Se cee AA 44 AC power r ceptacle once cd det kad Od eee hed ROT DOR ek ad deel ac 44 Redund
112. 512 seconds Set Router Ports Selects the IGMP version according to the IGMPv1 Version 1 or IGMPv2 Version 2 standard see RFC 2236 Use this field in conjunction with the Static Router Ports field see next field description to select the IGMP version to set You can also use this field to view which static router ports are set to Version 1 or to Version 2 Use the space bar to toggle between the two versions and view the static router ports settings This field affects all VLANs for example if you change the value of the Set Router Ports field on the VLAN specified in the screen s VLAN field ALL VLANs are affected Default Value Version 1 Range Version 1 Version 2 Using the Business Policy Switch 2000 Version 1 2 224 Chapter 3 Using the console interface Table 38 IGMP Configuration screen fields continued Field Description Static Router Ports Allows a user to assign switch ports to any port that has a path to a multicast router When the unit is part of a stack configuration the screen displays the unit numbers of the switches configured in the stack along with the corresponding ports The configured ports do not filter any IP Multicast traffic The Static Router Ports fields are displayed in six port groups for example 1 6 7 12 13 18 The number of ports displayed depends on the switch model or type of optional MDA that is installed in the Uplink Module slot This field
113. 74 Factory default settings continued Field Default setting Appears in this Cl screen Allowed Source Mask 10 user configurable fields First field 0 0 0 0 no IP address assigned Remaining nine fields 255 255 255 255 any address is allowed Image Filename Zero length string TFTP Server IP Address 0 0 0 0 no IP address assigned Start TFTP Load of New Image No Software Download screen on page 257 Configuration Image Filename Zero length string Configuration File Download Upload screen on page 262 TFTP Server IP Address 0 0 0 0 no IP address assigned Copy Configuration Image to Server No Retrieve Configuration Image from Server No ASCII Configuration Filename Zero length string ASCII Configuration File Download screen on page 266 TFTP Server IP Address 0 0 0 0 no IP address assigned Retrieve Configuration file from Server No Last Manual Configuration Status Passed Last Auto Configuration Status Passed Auto Configuration on Reset Disabled 208700 B 395 Appendix G Sample BootP Configuration File This appendix provides a sample BootP configuration file The BootP server searches for this file called bootptab or BOOTPTAB TXT depending on your operating system which contains the site specific information including IP addresses needed to perform the softw
114. 78 COPS 273 291 COPS PR 291 Copy Configuration Image to Server field 264 Create STP Group field 243 Create VLAN field 191 crossover cable 383 Current Learning Mode field 173 Current Stack Operational Mode field 231 Current Unit Number field 239 customer support 30 D DA Filtering on Intrustion Detected field 173 DB 9 console comm port connector 384 Declaration of Conformity 338 Default Gateway field 157 default settings 154 387 208700 B Index 399 Deferred Packets field 229 Delete STP Group field 243 Delete VLAN field 191 Delete VLAN Membership field 245 Designated Root field 250 Differentiated Services 273 DiffServ 273 Display Messages From field 271 Display Port Statistics screen 166 Display Spanning Tree Switch Settings screen 241 Display Spanning Tree VLAN Membership screen 241 Display System Log screen 153 Display Create MAC Address field 196 DRAM 269 drop precedence 281 283 311 DSCP 283 299 311 319 DiffServ codepoint 276 DSCP Mapping page 321 DSCP Queue Assignment page 324 E EAPOL Administrative State field 184 EAPOL Security Configuration screen 166 183 EAPOL based network security 58 71 configuration rules 75 Entry field 178 errors 61 event log 269 Event Logging field 255 Excessive Collisions field 229 F fans 39 FCS Errors field 229 features 47 Filter Group Name 301 308 Filter Group Table 301 308 Filtered Packets field 229 Find an Address
115. 94 Chapter 2 Network configuration e Stack configurations on page 98 e Redundant cascade stacking feature on page 102 Note If you are implementing a mixed stack with the Business Policy Switch and BayStack 450 and BayStack 410 switches refer to Appendixes for configuration and interoperability information BayStack 400 ST1 Cascade Module The front panel components of the BayStack 400 ST1 Cascade Module are shown in Figure 12 Component descriptions follow the figure Figure 12 BayStack 400 ST1 Cascade Module front panel components Unit Select G9 Base Cascade A In S A a 3 gt P arem 9 4 BayStack 400 ST1 Cascade Module 1 Blank connectors unused 2 Cascade A Out connector 3 Unit Select switch 4 Cascade A In connector BS0031B Cascade A Out connector Provides an attachment point for connecting this unit to another unit via the cascade cable A return cable from another unit s Cascade A Out connector to this unit s Cascade A In connector completes the stack connection see the example shown in Figure 13 208700 B Chapter 2 Network configuration 95 Unit Select switch The Unit Select switch up Base determines the base unit for the stack configuration see Base unit The Unit Select switch status is displayed on the Business Policy Switch LED display panel When the Unit Select switch is in the Base up position all other Unit Select switches in
116. A In the above configuration all of the switch ports are set to participate as VLAN port members This arrangement allows the switch to establish the appropriate broadcast domains within the switch Figure 29 Refer to Chapter 1 for additional guidelines on configuring VLANs and spanning tree groups Using the Business Policy Switch 2000 Version 1 2 116 Chapter 2 Network configuration Figure 29 VLAN broadcast domains within the switch S1 VLAN 3 VLAN 2 VLAN 1 VLAN 1 PVID 1 Senec VLAN 2 PVID VLAN 3 PVID 2 3 BS45019A For example to create a broadcast domain for each VLAN shown in Figure 29 configure each VLA PVID VLAN associ e Ports 8 6 and 1 The PVID VLA N with a port membership and each port with the appropriate ation 1 are untagged members of VLAN 1 N association for ports 6 and 11 is PVID 1 e Ports 2 4 10 and 8 are untagged members of VLAN 2 The PVID VLAN association for ports 2 4 and 10 is PVID 2 e Ports 2 4 10 8 6 and 11 are untagged members of VLAN 3 e The PVID VLAN association for port 8 is PVID 3 The following steps show how to use the VLAN configuration screens to configure the VLAN 3 broadcast domain shown in Figure 29 208700 B Chapter 2 Network configuration 117 To configure the VLAN port membership for VLAN 1 1 Select Switch Configuration fro
117. AA 397 Using the Business Policy Switch 2000 Version 1 2 16 Contents 208700 B Figures 17 Figures Figure 1 Business Policy Switch 2000 22 0sss eun e e rd rs 36 Figure 2 Business Policy Switch 2000 front panel 2 0 00000 37 Figure 3 Business Policy Switch 2000 LED display panel 39 Figure 4 Business Policy Switch 2000 back panel 0 0000 43 Figure5 Removing the cascade module filler panel 44 Figure6 VLAN broadcast domains within the switch o o o oo ooo 60 Figure 7 Business Policy Switch 2000 security feature 2 68 Figure 8 Business Policy Switch used as a desktop switch 89 Figure9 Business Policy Switch used as a segment switch 90 Figure 10 Configuring power workgroups and a shared media hub 92 Figure 11 Fail safe stack example 00 cee eee eee 93 Figure 12 BayStack 400 ST1 Cascade Module front panel components 94 Figure 13 Connecting cascade cables 0 rst tnk eee eee 95 Figure 14 Stack up configuration example sss 99 Figure 15 Stack down configuration example 0 00 0c eee eee eee 100 Figure 16 Redundant cascade stacking feature oooooooccooommoo 103 Figure 17 Port based VLAN example 0 0c eee eee eee eens 105 Figure 18 Default VLAN settings ccccdaavadaKdea asad ARA 107 Figure 19 P
118. AF22 14 AF23 16 Silver 3 3 CS2 10 AF11 A AF12 C AF13 E Bronze 2 CS1 8 DE 0 CSO 0 Standard 4 0 As displayed in Table 58 the traffic service class determines the IEEE 802 1p priority that determines the egress queue of the traffic Non IP traffic can be in the same IP service class if the non IP packets are assigned the same IEEE 802 1p priority When the power is turned on all ports are considered untrusted You can change the power up defaults using the Web based management interface See Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 Queue sets The cascade port has a set of 2 queues that are serviced using an absolute priority discipline Filters are installed only on cascade ports that are connected to BayStack 450 units in the stack BPS 2000 ports are associated with two types of queue sets e Queue set 1 has four queues The first queue is serviced in an absolute priority fashion The other three queues are serviced in a WRR fashion Queue set 2 has two queues that are serviced in an absolute priority fashion Using the Business Policy Switch 2000 Version 1 2 286 Chapter 4 Policy enabled networks There are 2 sets of external ports The first set contains 24 10 100 Mb s ports Each port in this set has a set of 4 queues The first queue holds the highest priority and is serviced in an absolute priority fashion meaning that this queue is serviced fi
119. Access Configuration screen The TELNET SNMP Web Access Configuration screen Figure 94 allows a user at a remote console terminal to communicate with the Business Policy Switch as if the console terminal were directly connected to it You can have up to 4 or 10 if you are running software version 1 2 or higher active Telnet sessions at one time To open the TELNET SNMP Web Access Configuration screen Choose TELNET SNMP Web Access Configuration or press t from the main menu Figure 94 TELNET SNMP Web Access Configuration screen TELNET Login Timeout 1 minute Login Retries 3 Inactivity Timeout 15 minutes Event Logging All Allowed Source IP Address 1 0 0 0 0 2 255 255 255 255 3 255 255 255 255 4 255 255 255 255 B 255 255 255 255 6 255 255 255 255 Y 255 255 255 255 8 255 255 255 255 9 255 255 255 255 10 255 255 255 255 Press Ctrl R to return to previous menu TELNET SNMP WEB Access Configuration Access Use List TELNET Enabled No SNMP Enabled No WEB Enabled No Allowed Source Mask 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 Use space bar to display choices press Return or Enter to select choice Press Ctrl C to return to Main Menu
120. BPS 2000 None 400 ST1 vel 2 00 Unit 2 BPS 2000 None 400 ST1 Vid 200 Press Ctrl R to return to previous menu Press Ctrl C to return to Main NS Spanning Tree Configuration Menu screen Note Before configuring spanning tree groups refer to Chapters 1 and 2 for guidelines and interactions with VLANs and MLT The Spanning Tree Configuration Menu screen Figure 89 allows you to view spanning tree parameters and configure multiple spanning tree groups STGs Note You must use either the Command Line Interface CLI or Device Manager DM if you want to configure individual port values for path cost and priority To open the Spanning Tree Configuration Menu screen Choose Spanning Tree Configuration or press p from the main menu Chapter 3 Using the console interface 241 Figure 89 Spanning Tree Configuration Menu Spanning Tree Configuration Menu k to Main Menu ES Spanning Tree Group Configuration Spanning Tree Port Configuration Display Spanning Tree Switch Settings Display Spanning Tree VLAN Membership Return to Main Menu Use arrow keys to highlight option press Return or Enter to select option Press Ctrl R to return to previous menu Press Ctrl C to return A Table 44 describes the Spanning Tree Configuration Menu screen options Table 44 Spanning Tree Configuration Menu screen options Option Description Spanning Tree Group Configuration
121. BPS 2000 switches In a stack consisting only of BPS 2000 switches you can perform BootP using the MAC address of the base unit Refer to BootP automatic IP configuration MAC address on page 79 for more information on BootP and MAC addresses You must use the console interface CI menus to choose this option Refer to Chapter 3 for information on using the base unit MAC address for BootP Policy enabled networking The BPS 2000 enables system administrators to implement classes of service and assign priority levels to different types of traffic You can configure policies that monitor the characteristics of traffic for example its source destination and protocol and perform a controlling action on the traffic when certain user defined characteristics are matched Differentiated Services DiffServ is a network architecture that lets service providers and enterprise network environments offer varied levels of service for different types of data traffic Instead of using the best effort service model to ensure data delivery DiffServ s Quality of Service QoS lets you designate a specific level of performance on a packet by packet basis If you have applications that require high performance and reliable service such as voice and video over IP you can use DiffServ to give preferential treatment to this data over other traffic With BPS 2000 software version 1 1 you can use traffic policing or metering with QoS The Busi
122. Configuration or press v from the VLAN Configuration Menu screen Using the Business Policy Switch 2000 Version 1 2 370 Appendix D Quick steps to features Figure 141 Configuring 802 1Q VLANs 1 of 3 VLAN Configuration screen Select the appropriate value for the Create VLAN field Key gt Off page reference O On page reference Select the appropriate value for the VLAN Type field Select the appropriate PID value for the PID field Is VLAN Type Port Based user defined Is VLAN Type Protocol Based Activate VLAN State Enter the user defined PID value 9875EA 208700 B Appendix D Quick steps to features 371 Figure 142 Configuring 802 1Q VLANs 2 of 3 Configure Port Members as Tagged Port VLAN Member Untagged Port Member Port members or Not a Member of VLAN see VLAN Configured Configuration Rules for more information Press Ctrl R to return to previous menu Choose VLAN Port Configuration or press c to open the VLAN Port Configuration screen Set the Port field as appropriate for your configuration Is PVID correct Set PVID Key gt Off page reference O On page reference BS45047D Using the Business Policy Switch 2000 Version 1 2 372 Appendix D Quick steps to features Figure 143 Configuring 802 1Q VLANs 3 of 3 Is VLAN tag correct Se
123. Configuration screen see Console Comm Port Configuration screen on page 231 This screen allows you to configure and modify the console Comm port parameters including the console port speed and password settings for the switch and stack operation Spanning Tree Configuration Displays the Spanning Tree Configuration Menu see Spanning Tree Configuration Menu screen on page 240 This menu provides the following options Spanning Tree Group Configuration Spanning Tree Port Configuration Display Spanning Tree Switch Settings and Display Spanning Tree VLAN Membership TELNET SNMP Web Access Configuration Displays the TELNET SNMP Web Access Configuration screen see TELNET SNMP Web Access Configuration screen on page 254 This screen allows you to set your switch to enable a user at a remote console terminal to communicate with the Business Policy Switch as if the console terminal were directly connected to it You can have up to 10 active Telnet sessions running at one time in either a standalone switch or a stack configuration You can use the Command Line Interface CLI DM or Web based management system or these menus with a Telnet session This screen also allows you to set the switch to allow up to 10 IP addresses to access the switch using either these management systems or SNMP access Software Download Displays the Software Download screen see Software Download screen on page 257
124. DSCP Queue Assignment DSCP Assignment View By Queue Set fi y uu DSCP Assignment Table DSCP_ Queue 0x0 0x1 0x2 0x3 0x4 0x5 0x6 0x7 0x8 0x9 xA OxB Oxc OxD OxE OxF 0x10 CO ROC ROC qgqgrRqoqhah hh 2 Choose Queue Set 1 3 Click Submit 4 View the queue assignment Using the Business Policy Switch 2000 Version 1 2 326 Chapter 5 Sample QoS configuration 208700 B 327 Chapter 6 Troubleshooting This chapter describes how to isolate and diagnose problems with your Business Policy Switch and covers the following topics Interpreting the LEDs Diagnosing and correcting the problem Normal power up sequence Port connection problems The chapter topics lead you through a logical process for troubleshooting the Business Policy Switch For example because LEDs provide visual indications of certain problems see Chapter 1 to understand the various states Table 59 that your switch LEDs can exhibit during normal operation For more help in determining the problem Diagnosing and correcting problems describes symptoms and corrective actions Table 60 you can perform to resolve specific problems Subsequent sections give step by step procedures to correct the problems Interpreting the LEDs Figure 129 shows the Business Policy Switch LED display panel Table 59 describes the LEDs Using the Business Policy Switch 2000 Version 1 2 328 Chapter 6 Tr
125. DSCP value is changed Nortel Networks recommends that you use the default configurations and by choosing Use Defaults in the Set Drop Precedence and Update Priority fields in the QoS Advanced gt Action page the DSCP value will be used to update IEEE 802 1p user priority and drop precedence based on values in the DSCP mapping table 6 Click Submit The new entry appears in the Interface Group Table 7 Click the modify icon of the new role combination to assign interfaces The Interface Group Assignment page opens Figure 104 Figure 104 Interface Group Assignment page Application gt QoS gt QoS Advanced gt Devices gt Interface Group Assignment QoS Interface Group Port Assignment Role Combination allBPSlfcs Input 802 Classification Input IP Classification Interface Class Untrusted Capabilities Port Membership Port 123 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 262i Unit 1 E M EM Iv Iv Iv Ie Iv I Iv I Iv Iv Iv E Iv E Iv Iv Iv Iv Iv Iv Fu EN as The Interface Group Assignment page displays the name of the interface group role combination the capabilities and the interface class or type of interface in the group a Click the ports you want to add to the specified interface group b Click Submit Using the Business Policy Switch 2000 Version 1 2 298 Chapter 5 Sample QoS configuration Note If you delete a role combination you must remove all
126. E Certain software releases may require you to download two images the boot code image and the agent image For proper operation of the switch the new boot code image must be downloaded before the agent image is downloaded Default Value Zero length string of New Image Range An ASCII string of up to 30 printable characters TFTP Server IP The IP address of your TFTP load host Address Default Value 0 0 0 0 no IP address assigned Range Four octet dotted decimal notation where each octet is represented as a decimal value separated by a decimal point Start TFTP Load Specifies whether to start the download of the switch software image default is No Use the spacebar to toggle the selection to Yes Press Enter to initiate the software download process NOTE The software download process can take up to 60 seconds to complete or more if the load host path is congested or there is a high volume of network traffic To ensure that the download process is not interrupted do not power down the switch for approximately 10 minutes No Yes No Default Value Range 208700 B Chapter 3 Using the console interface 261 LED Indications during the download process The software download process automatically completes without user intervention The process erases the contents of flash memory and replaces it with a new software image Be careful not to interrupt the download process until after i
127. Enter text press lt Return gt or lt Enter gt when complete Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu M af Figure 96 Software Download screen for Hybrid Stack mode di Software Download N BPS 2000 Image Filename BPS 2000 Diagnostics Filename 450 Image Filename TFTP Server IP Address 10 170 119 5 Start TFTP Load of New Image No Enter text press Return or Enter when complete d Ctrl R to return to previous menu Press Ctrl C to return to Main did Using the Business Policy Switch 2000 Version 1 2 260 Chapter 3 Using the console interface Table 50 describes the Software Download screen fields Table 50 Software Download screen fields Field Description BPS 2000 Image The Business Policy Switch software image load file name Filename NOTE Certain software releases may require you to download two images the boot code image and the agent image For proper operation of the switch the new boot code image must be downloaded before the agent image is downloaded Default Value Zero length string Range An ASCII string of up to 30 printable characters BPS 2000 The Business Policy Switch diagnostics file name Diagnostics Filename Default Value Zero length string Range An ASCII string of up to 30 printable characters 450 Image The BayStack 450 software image load file name Displays in a mixed stack environment Filename NOT
128. F 9E 9E FD Unit 2 Port 24 00 60 08 95 A6 F5 Unit 2 Port 24 00 60 97 22 54 7C Unit 2 Port 24 00 80 2D 08 0B 5F Unit 2 Port 24 00 80 2D 22 4E 01 Unit 2 Port 24 00 80 2D 22 93 F6 Unit 2 Port 24 Press Ctrl P to see previous display Press Ctrl N to see more addresses Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu m A Table 15 describes the MAC Address Table screen fields Table 15 MAC Address Table screen fields Field Description Aging Time Specifies how long a learned MAC address remains in the switch s forwarding database If an entry is inactive for a period of time that exceeds the specified aging time the address is removed Default Value 300 seconds Range 10 to 1 000 000 seconds 208700 B Chapter 3 Using the console interface 169 Table 15 MAC Address Table screen fields continued Field Find an Address Allows the user to search for a specific MAC address Description Default Value 00 00 00 00 00 00 no MAC address assigned Range 00 00 00 00 00 00 to FF FF FF FF FF FF Select VLAN ID Enter the VLAN ID number you want to display the MAC addresses for Default Value 1 Range 1 4094 Number of addresses Displays the total number of MAC addresses currently learned by the specified VLAN This number updates dynamically when you press Ctrl P or Ctrl N to scroll through the list MAC Address Security Configur
129. Force Authorized Force Unauthorized Auto Force Authorized means the specified unit port authorization status is always authorized Force Unauthorized means the specified unit port authorization status is always Unauthorized Auto means the specified unit port authorization status depends on the EAP authentication results Operational Status A read only field that shows the current authorization status for the specified unit port This read only field does not appear when the Unit Port field value is set to All Default Authorized Range Authorized Unauthorized Administrative Traffic Allows you to choose whether EAPOL authentication is set for incoming and Conirol outgoing traffic or for incoming traffic only For example if you set the specified unit port field value to Incoming and Outgoing and the EAPOL authentication fails then both incoming and outgoing traffic on the specified unit port is blocked Default Incoming and Outgoing Using the Business Policy Switch 2000 Version 1 2 186 Chapter 3 Using the console interface Table 21 EAPOL security configuration screen options continued Option Description Range Incoming and Outgoing Incoming Only Operational Traffic Control A read only field that indicates the current administrative traffic control configuration for the specified unit port see preceding field description This read only field does not appear when the Unit Port field v
130. Indicates the IP address of the remote host whose IP address is not on the list of allowed addresses or indicates the IP address of the remote host that did not supply the correct password None Indicates that no Telnet events will be logged in the Event Log screen Accesses Logs only Telnet connect and disconnect events in the Event Log screen Failures Logs only failed Telnet connection attempts in the Event Log screen Using the Business Policy Switch 2000 Version 1 2 256 Chapter 3 Using the console interface Table 49 TELNET SNMP Web Access Configuration screen fields continued Field Description TELNET Access Specifies if Telnet access is allowed and only to those on the list Default Value Access Enabled Use List Yes Range Access Enabled Disabled Use List Yes No SNMP Access _ Specifies if SNMP access is allowed and only to those on the list SNMP access includes the DM system Default Value Access Enabled Use List Yes Range Access Enabled Disabled Use List Yes No WEB Access Specifies if access to the Web based management system is allowed and only to those on the list Default Value Access Enabled Use List Yes Range Access Enabled Disabled Use List Yes No Allowed Source IP Address Specifies up to 10 user assigned host IP addresses that are allowed Telnet access to the management systems Default Value 0 0 0 0 no IP address assigned Range Fo
131. MAC Address Security Configuration screen The MAC Address Security Configuration screen Figure 58 allows you to enable or disable the MAC address security feature and to specify the appropriate system responses to any unauthorized network access to your switch Choose MAC Address Security Configuration from the MAC Address Security Configuration Menu to open the MAC Address Security Configuration screen Figure 58 MAC Address Security Configuration screen T MAC Address Security Configuration N MAC Address Security Disabled MAC Address Security SNMP Locked Disabled Partition Port on Intrusion Detected Disabled DA Filtering on Intrusion Detected Disabled Generate SNMP Trap on Intrusion Disabled MAC Security Table Clear by Ports Learn by Ports Current Learning Mode Disabled Use space bar to display choices press lt Return gt or lt Enter gt to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu Ee y Using the Business Policy Switch 2000 Version 1 2 172 Chapter 3 Using the console interface Table 17 describes the MAC Address Security Configuration screen fields Table 17 MAC Address Security Configuration fields SNMP Locked Field Description MAC Address Security When this field is set to enabled the software checks source MAC addresses of packets that arrive on secure ports against MAC addresses listed i
132. Mas uu L4 Port L4 Port IP Filter Creation IP Filter Group Table Action Filter Group Name Create Filter Group 208700 B Chapter 5 Sample QoS configuration 305 Defining a layer 2 filter You configure layer 2 filters by defining IEEE 802 based parameters and selective layer 3 and layer 4 parameters Layer 2 filter groups are defined by specifying the layer 2 filter to be included in the given filter group To configure a layer 2 filter 1 Click the Application gt QoS gt QoS Advanced gt Rules gt Layer 2 Classification menu option The Layer2 Classification page opens Figure 111 and Figure 112 Using the Business Policy Switch 2000 Version 1 2 306 Chapter 5 Sample QoS configuration Figure 111 Layer 2 Classification page 1 of 2 Application gt QoS gt QoS Advanced gt Rules gt Layer2 Classification Layer2 Filter Table i VLAN 802 1p Destination IP Destination IP Source IP Source IP Action instance vLAN r AN etherTypel 02 7 scp IP Protocol 4 port Min L4 Port Max L4 Port Min L4 Port Ma Layer2 Filter Creation VLAN ignore y VLAN Tag ignore y El Ignore EtherType Preconfigured Netmap TCP z O User Defined e g 08137 El Ignore 202 1p Priority O Priority Clo Fh C2 ri Cs Cis ri riz DSCP Ignore E IP Protocol ignore El Ignore e C Inspect Destination IP Layer4 Port Range Destination IP Layer4 Port Range Minimum Value Jo 085535 Maximum
133. Menu screen on page 169 Detected MAC Address Security Disabled SNMP Locked Partition Port on Intrusion Disabled Partition Time 0 seconds the value 0 indicates forever on page 181 DA Filtering on Intrusion Detected Disabled Generate SNMP Trap on Intrusion Disabled Clear by Ports NONE Learn by Ports NONE Current Learning Mode Not Learning Trunk blank field MAC Address Security Port Configuration screen on page 173 Security Disabled Port List blank field MAC Address Security Port Lists screens on page 176 Find an Address blank field MAC Address Security Table screens MAC Address Jj no address assigned Allowed Source blank field MAC SA based VLAN The least active MAC SA based VLAN will be displayed MAC Address Configuration for MAC SA Based VLAN screen on page 196 Display Create MAC Address 00 00 00 00 00 00 208700 B Appendix F Default Settings 389 Table 74 Factory default settings continued Field Default setting Appears in this Cl screen Create VLAN 1 VLAN Configuration screen on page 189 Delete VLAN blank field VLAN Name VLAN VLAN number Management VLAN Yes VLAN 1 IVL SVL IVL VLAN Type Port based Protocol ID PID None User Defined PID 0x0000 VLAN State Inactive Subnet Addr 0 0 0 0 Subnet Mask 0 0 0 0
134. Octets Lost Packets Packets 64 bytes 65 127 bytes 128 255 bytes 256 511 bytes 512 1023 bytes 1024 1518 bytes FCS Errors Undersized Packets Oversized Packets Filtered Packets Flooded Packets Frame Errors counters o to Main Menu Port Statistics Unit 2 OOoOOoOoooococoococoocoooc coocosoco Use space bar to display choices or enter text Press Ctrl R to return to previous menu Port 1 Transmitted Packets Multicasts Broadcasts Total Octets Packets 64 bytes 65 127 bytes 128 255 bytes 256 511 bytes 512 1023 bytes 1024 1518 bytes Collisions Single Collisions Multiple Collisions Excessive Collisions Deferred Packets Late Collisions OOoOooooc0ooc0oocococococoo Press Ctrl Z to zero Press Ctrl C to e Table 40 describes the Port Statistics screen fields Note In a stacked configuration the Port Statistics screen appears in a slightly different format when the port selected in the Unit Port field is configured with a Gigabit MDA Using the Business Policy Switch 2000 Version 1 2 228 Chapter 3 Using the console interface Table 40 Port Statistics screen fields Field Description Unit Only appears if the switch is participating in a stack configuration The field allows you to select the number of the unit you want to view or configure To view or configure another unit type its unit number and press Enter or press the s
135. P Mel ccna dase a Gained AAA AAA 299 Creating an IP Filter Group Table entry 0 00000 c eee eee 301 Denna a ayer 2 BE idea casina eq cte QU d tica qe a A a eee 305 Creating a Layer2 Filter Group Table entry 0 0 00 e eee 308 Donc Acunn cpu en Y 9 eoe ad HE Ads 311 STA O EMME Sse eck ds a ge ch tise ie dod xe eoi don dle aos qaod dd do qx Co deed doge 313 Conigurng DONES PEORES 315 Assigning mapping values iisso spark Rhe he REESE EREROSER Y e RR E Xd 318 Assigning 802 1p priority queue assignment 0 0 eee eee 319 208700 B Contents 13 Marityindg DSGP MADRID acc cssc eedeteieretws AA Spp 320 Assigning 802 1p user priority mapping ce eee ee eee 323 Verifying DSCP queue assignments 000 0c cece eee 324 Chapter 6 Troubleshooting cassa 4606500065646 0e FA raS RARA 327 ME the LEDS cca gat ae eee ee ad eke Eee A 327 Diagnosing and correcting problems icsawesusasssaakek axe RAO AG 3 AER S 331 Normal power up sequence 20 c eee eee 332 Pori conection DroDIEMS a a oath da 333 Autonegotiaton Modes 2 2 2ccs deen axe m ax ERO e oe e adea 333 POU IDIBHaee Lu vou Ge equ twetesebe d doque ARAS 334 Appendix A Technical specifications isi a nn ra Ra Rm ERR RA AERA 335 EMWISMIMCHIS 2ueetessebestepqd uid ES rare 335 E A raea aea POS MEE a e Bees 335 uix LIM IOMA eee A AAA EAR 336 Performance specifications e cerrara ra xm x xox A E AA 336 Ronacu METTE 337 Monnc
136. Part No 208700 B September 2001 4401 Great America Parkway Santa Clara CA 95054 Using the Business Policy Switch 2000 Version 1 2 NORTEL NETWORKS Copyright 2001 Nortel Networks All rights reserved Printed in the USA September 2001 The information in this document is subject to change without notice The statements configurations technical data and recommendations in this document are believed to be accurate and reliable but are presented without express or implied warranty Users must take full responsibility for their applications of any products specified in this document The information in this document is proprietary to Nortel Networks NA Inc Trademarks Nortel Networks is a trademark of Nortel Networks Accelar Autotopology BaySecure BayStack Business Policy Switch 2000 Nortel Networks the Nortel Networks logo Optivity Optivity Policy Services Passport and StackProbe are trademarks of Nortel Networks Microsoft Windows Windows NT and XP are registered trademarks of Microsoft Corporation Acrobat Reader and Adobe are registered trademarks of Adobe Systems Incorporated Java is a registered trademark of Sun Microsystems Inc All other trademarks and registered trademarks are the property of their respective owners Statement of Conditions In the interest of improving internal design operational function and or reliability Nortel Networks NA Inc reserves the right to make changes to the pro
137. Policy based VLANs can localize broadcast traffic and assure that only the policy based VLAN ports are flooded with the specified packets When you configure ports as VLAN port members they become part of a set of ports that form a broadcast domain for a specific VLAN You can assign switch ports whether standalone or stacked unit ports as VLAN port members of one or more VLANs Note Refer to Chapter 1 and guidelines for configuring spanning tree gt groups for more information on configuring VLANs Using the Business Policy Switch 2000 Version 1 2 190 Chapter 3 Using the console interface You can add or remove port members from a VLAN in accordance with the IEEE 802 1Q tagging rules Refer to Chapter 2 for a description of important terms used with 802 1Q VLANs You can also use this screen to create and to delete specific VLANs to assign VLAN names and to assign any VLAN as the management VLAN To open the VLAN Configuration screen Choose VLAN Configuration or press v from the VLAN Configuration Menu screen 208700 B Chapter 3 Using the console interface 191 Figure 67 VLAN Configuration screen a VLAN Configuration UN Create VLAN 1 VLAN Type Port Based Delete VLAN Protocol Id PID None VLAN Name VLAN 1 User Defined PID 0x0000 Management VLAN Yes Now 1 VLAN State Active IVL SVL IVL Port Membership 1 6 7 12 13 18 19 24 Unit 1 TUUU
138. RAM messages existing NVRAM messages are copied into DRAM After a system reset all existing NVRAM messages are copied to DRAM Use the spacebar to toggle between the options Default None Range None NVRAM DRAM NVRAM Using the Business Policy Switch 2000 Version 1 2 272 Chapter 3 Using the console interface 208700 B 273 Chapter 4 Policy enabled networks This chapter provides an overview of Differentiated Services Quality of Service QoS network architecture The BPS 2000 provides a Web based management interface a Command Line Interface CLD and the graphical user interface Device Manager DM to configure QoS Refer to Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 and Reference for the Business Policy Switch 2000 Management Software Version 1 2 for detailed information In addition to these management systems policies can be configured using SNMP and Common Open Policy Services COPS The complexities of QoS are discussed in the remainder of this chapter which includes information about the following topics e Summary on page 274 e Differentiated Services DiffServ overview on page 276 e QoS classes on page 277 e Packet classifiers or filters on page 279 e Ports on page 282 e Interface groups on page 286 e Metering or traffic
139. Range Retrieve Configuration File from Server Specifies whether to retrieve the stored switch stack ASCII configuration file from the specified TFTP server default is No If you choose Yes the download process begins immediately and when completed causes the switch stack to be configured according to the CLI commands in the file Use the spacebar to toggle the selection to Yes Press Enter to initiate the process Default Value No Range Yes No Last Manual Configuration Status The system displays if the last manual configuration passed or failed Default Value Passed Range Passed Failed Last Auto Configuration Status The system displays if the last automatic configuration passed or failed Default Value Passed Range Passed Failed Auto Configuration on Reset Allows you to choose to Disabled Use Configured or Use BootP Disabled Auto configuration on reset is disabled e Use Configured Use manually configured ASCII configuration filename and TFTP server address for auto configuration on reset Use BootP Retrieve ASCII configuration filename and optionally server address using BootP when BootP is enabled and perform auto configuration on reset using these parameters Note Refer to Appendix H for a sample BootP configuration file Disabled Disabled Use Configured Use BootP Default Value Range 208700 B Chapter 3 Using the console interface 269 Syst
140. SE TX RJ 45 8 pin modular port connectors to attach Ethernet devices Table 68 describes the BPS2000 4TX MDA components and LEDs Using the Business Policy Switch 2000 Version 1 2 354 Appendix C Media dependent adapters Figure 134 BPS2000 4TX MDA front panel DERIO 100 L3 L3 LJ Osiy BPS2000 4TX MDA 9792EA The RJ 45 ports are configured as media dependent interface crossover MDI X connectors These ports connect over straight cables to the network interface card NIC in a node or server similar to a conventional Ethernet repeater hub If you are connecting to another Ethernet hub or switch use a crossover cable unless an MDI connection exists on the associated port of the attached device The BPS2000 4TX MDA can operate at either 10 Mb s or 100 Mb s The speed is determined through autonegotiation with its connecting device For installation instructions see Installing an MDA on page 363 208700 B Appendix C Media dependent adapters 355 100BASE FX BPS2000 2FX MDA and BPS2000 4FX MDA A Warning Fiber optic equipment can emit laser or infrared light that can injure your eyes Never look into an optical fiber or connector port Always assume that fiber optic cables are connected to a light source A Vorsicht Glasfaserkomponenten k nnen Laserlicht bzw Infrarotlicht abstrahlen wodurch Ihre Augen gesch digt werden k n
141. Table mmm VLAN VLAN Tag EtherType ped DSCP IP Protocol ne Renee EE X D Match Priority O 1 VLAN 1 Tagged Only IP Match Priority 1 Ignore Ignore Ignore Ignore Match Priority 2 Layer2 Filter Creation VLAN fignore y VLAN Tag Ignore y El Ignore EtherType E Preconfigured Netmap TCP y User Defined e g 038137 El Ignore 8021p Priority O Priority Clo Cr O2 Ca Cs Cis Cle Pj DSCP Ignore hd IP Protocol Ignore El Ignore Inspect Destination IP Layer Port Range Destination IP Layer4 Port Range Minimum Value Jo 0 08895 Maximum Value Je 0 85535 El Ignore Creating a Layer2 Filter Group Table entry Now you can create a layer 2 filter group in the Layer2 Filter Group Table section of the Layer2 Classification page To create a layer 2 filter group entry 1 Click Create Filter Group in the Layer2 Filter Group Table section of the Layer 2 Classification page Figure 111 and Figure 112 The Layer2 Group page opens Figure 114 208700 B Chapter 5 Sample QoS configuration 309 Figure 114 Layer2 Group page Application gt QoS gt QoS Advanced gt Rules gt Layer2 Group Filter Group Name Layer2 Filter Group VLAN Tac 802 1p Destination Destination Source Source Group VLAN ee EtherType rear DSCP Protocol L4 Port L4 Port L4 Port L4 Port Required Priority d 1 Min Max Min Max 0 0 Match Priority O ru VLAN 1 Tagged Only IP Match Priority 1 Ignore Ignore Ignore Ignore
142. The 10BASE T 100BASE TX RJ 45 ports can connect to 10 Mb s or 100 Mb s Ethernet segments or nodes Note Use only Category 5 copper unshielded twisted pair UTP cable connections when connecting 10BASE T 100BASE TX ports Using the Business Policy Switch 2000 Version 1 2 39 See Appendixes for more information about the RJ 45 port connectors LED display panel Figure 3 shows the Business Policy Switch LED display panel See Table 2 for a description of the LEDs Figure 3 Business Policy Switch 2000 LED display panel Business Policy Switch 2000 Cas 4 1 3 5 y 9 ii 13 45 17 19 21 23 EH EE NEN NEN HEE HE Ee NN NH NN NH EN 10 100 s EH EE NEN EH EN NEN NEN NH NH om Activity Status Dwn 2 4 6 8 10 12 14 16 18 20 22 24 Em EAM EH EH HHH NN E NN NN NN NN Em 10 100 RPSU Base m Em um EH EH NEN EM E E E E EN NN NN S NH Activity 9714EA Table 2 Business Policy Switch 2000 LED descriptions Label Type Color State Meaning Pwr Power status Green On DC power is available to the switch s internal circuitry Off No AC power to switch or power supply failed Status System status Green On Self test passed successfully and switch is operational Blinking A nonfatal error occurred during the self test This includes nonworking fans Off The switch failed the self test Using the Business Policy Switch 2000 Version 1 2 40 Table 2 Business Polic
143. The Autonegotiation fields the Speed fields and the Duplex fields are independent of MultiLink Trunking rate limiting VLANs IGMP Snooping and the STP To open the Port Configuration screen Choose Port Configuration or press p from the Switch Configuration Menu screen Using the Business Policy Switch 2000 Version 1 2 202 Chapter 3 Using the console interface Figure 71 Port Configuration screen 1 of 2 a Port Configuration Unit 1 Port Trunk Status Link LnkTrap Autonegotiation Speed Duplex 1 Enabled Down On Enabled 2 Enabled Down On 1 Enabled 3 Enabled Down On Enabled 4 Enabled Down On 1 Enabled 5 Enabled Up On Enabled 100Mbs Half 6 Enabled Down On Enabled 7 Enabled Down On Enabled 8 Enabled Down On Enabled 9 Enabled Up On Enabled 100Mbs Full 10 Enabled Down Onm5m Enabled 11 Enabled Down On J Enabled 12 Enabled Down Lom J Enabled 13 Enabled Down LOR 1 Enabled 14 Enabled Down On Enabled Press Ctrl N to display choices for additional ports CE Ctrl R to return to previous menu More Use space bar to display choices press Return or Enter to select choice Press Ctrl C to return to Main Menu 26 Figure 72 Port Configuration screen 2 of 2 UN a Port Configuration Unit 1
144. This screen allows you to revise the Business Policy Switch software image that is located in nonvolatile flash memory NVRAM Configuration File Displays the Configuration File Menu screen see Configuration File Menu screen on page 261 This menu provides the following options Configuration File Download Upload and ASCII Configuration File Download Display System Log Displays the System Log screen see System Log screen on page 269 Reset Resets the switch with the current configuration settings This option is followed by ascreen prompt that precedes the action Enter Yes to reset the switch enter No to abort the option If the switch is participating in a stack configuration additional prompts allow you to choose to reset a specific unit in the stack or the entire stack When you select this option the switch resets runs a self test then displays the Nortel Networks logo screen Press Ctrl Y to access the Business Policy Switch main menu Using the Business Policy Switch 2000 Version 1 2 154 Chapter 3 Using the console interface Table 10 Console interface Main Menu options continued Option Description Reset to Default Settings Resets the switch to the factory default configuration settings This option is followed by a screen prompt that precedes the action Enter Yes to reset the switch to the factory default configuration settings enter No to abort
145. UPD Port The user datagram protocol UDP port for the RADIUS server Default 1645 Range 0 to 65536 RADIUS Shared Secret Your special switch security code that provides authentication to the RADIUS server Default Null string which will not authenticate Range Any contiguous ASCII string that contains at least 1 printable character up to a maximum of 35 Identify Unit Numbers When you choose Identify Unit Numbers from the main menu the console returns the message Port LEDs lit on the front panel of the switch correspond to its unit number Using the Business Policy Switch 2000 Version 1 2 238 Chapter 3 Using the console interface Renumber Stack Units screen The Renumber Stack Units screen Figure 87 allows you to renumber the units configured in the stack When selected this option identifies the unit number of each unit in the stack configuration by lighting the corresponding number of 100 Mb s port LEDs on each unit for approximately 10 seconds For example unit 3 will display three LEDs Note This menu option and screen appears only when the switch is participating in a stack configuration To open the Renumber Stack Units screen Choose Renumber Stack Units or press n from the main menu Figure 87 Renumber Stack Units screen Renumber Stack Units Current Unit Number MAC Address New Unit Number 1 00 60 fd 77 a6 0c L X J L 32 00 60 fd 77 a5 f0 2 3 00 6
146. UU UUUUUU UUUUUU UUUUUU Unit 2 UUUUUU UUUUUU UUUUUU UUUUUU KEY T Tagged Port Member U Untagged Port Member Not a Member of VLAN Use space bar to display choices press Return or Enter to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu Ss y Table 23 describes the VLAN Configuration screen fields Table 23 VLAN Configuration screen fields Field Description Create VLAN Allows you to set up or view configured VLAN workgroups Enter the number of the new VLAN you want to create or view then press Return The Port Membership fields indicate the corresponding VLAN workgroup configuration if configured Dashes indicate no VLAN Members are configured Alternatively you can use the space bar to toggle through the various configured VLAN workgroups You can create up to 255 different VLANs except VLAN 1 Default 1 Range 2 to 4094 Delete VLAN Allows you to delete specified VLANs except the assigned management VLAN See Management VLAN field Enter the number of the VLAN you want to delete then press Return or use the space bar to toggle through the selection until you reach the VLAN you want to delete then press Return Using the Business Policy Switch 2000 Version 1 2 192 Chapter 3 Using the console interface Table 23 VLAN Configuration screen fields continued Field Description The specified VLAN is
147. Value Je 0 65535 Figure 112 Layer 2 Classification page 2 of 2 El Ignore Inspect Source IP Layer4 Port Range Minimum Value o 0 65535 Maximum Value P 0 55535 m a Source IP Layer4 Port Range Layer2 Filter Group Table mmm Filter Group Name Create Filter Group 2 Inthe VLAN field choose VLAN 1 This filter matches packets in VLAN 1 3 Inthe VLAN Tag field choose Tagged Only packets that have an IEEE 802 1p tag match this layer 2 filter 4 Inthe EtherType field click Ignore 208700 B Chapter 5 Sample QoS configuration 307 10 All EtherTypes are ignored In the 802 1p Priority field click Priority and 0 1 2 Only packets that have IEEE 802 1p user priority 0 1 2 will match this filter In the DSCP field accept the default Ignore Any values that are in the DSCP field are ignored In the Protocol field select Ignore All IP protocols are matched against the packet s IP protocol field In the Destination IP Layer4 Port Range field click Ignore In the Source IP Layer4 Port Range field click Ignore Any values for the packet s layer 4 source port are ignored Click Submit The new entry is displayed in the Layer2 Filter Table Using the Business Policy Switch 2000 Version 1 2 308 Chapter 5 Sample QoS configuration Figure 113 Layer 2 Classification page Application gt QoS gt QoS Advanced gt Rules gt Layer2 Classification Layer2 Filter
148. a das Glasfaserkabel oder der Glasfaserstecker an eine Laserlichtquelle angeschlossen ist Avertissement Ceci est un appareil Laser DEL de Classe 1 Cet appareil contient une source lumineuse rayons laser dangereuse pour les yeux Ne regardez jamais directement une fibre optique ou un port de connexion Agissez toujours comme si le cable de fibres optiques ou le connecteur tait reli une source lumineuse rayons laser Advertencia ste es un producto l ser LED de Clase 1 Contiene una fuente de luz l ser que puede causar lesiones en los ojos Nunca mire dentro de un cable o de un puerto de conexi n de fibra ptica Asuma siempre que el cable o el connector de fibra ptica est conectado a una fuerte de luz l ser Avvertenza Questo un produtto laser LED di Classe 1 e contiene una sorgente luminosa a laser che pu danneggiare gli occhi Non guardare mai all interno di una port a fibra ottica o di una porta connettore Dare sempre per scontato che il cavo di fibra ottica o il connettore siano collegati ad una sorgente luminosa a laser DOXEZ 747 EBA Be PT AD Alt aoa EC Ls pe al du docu FR PAMELA EAN COX KX TAM F A AN ESE Sas op 208700 B Appendix C Media dependent adapters 349 There are two 1000BASE SX shortwave gigabit MDA models e The 450 1SR MDA is a single MAC MDA with a separate redundant Phy backup Phy port Only one Phy port
149. a GBIC in an operating 450 1GBIC MDA without turning off power to the switch Using the Business Policy Switch 2000 Version 1 2 362 Appendix C Media dependent adapters Note The MDAs are not hot swappable Power down the switch before installing or removing an MDA To install a GBIC 1 Remove the GBIC from its protective packaging 2 Insert the GBIC into the Host port on the MDA Figure 138 GBICs are keyed to prevent improper insertion If the GBIC resists pressure do not force it Remove it turn it over and reinsert it Figure 138 Installing a GBIC 9825FA 3 Press on the front of the GBIC until it snaps into place 4 Remove the rubber plug to connect cables Removing an Installed GBIC To remove an installed GBIC 1 If the GBIC has spring tabs press in on the tabs on each side of the GBIC as you pull the GBIC out of the MDA s Host port Figure 139 208700 B Appendix C Media dependent adapters 363 Figure 139 Removing a GBIC g 9826FA 2 If the GBIC has an extractor handle grasp the handle and pull firmly to remove the GBIC from the MDA s Host port Cabling Specifications for GBICs For more information about supported GBICs and for details about cabling specifications refer to the Gigabit Interface Converter GBIC Installation Guide part number 208723 A Installing an MDA The Uplink Expansion Module slot on the Business Policy Switch accommodates a single MDA The
150. able 70 450 1GBlc MDA description Item Label Description 1 Link Communication link LEDs green On Valid communications link Off The communications link connection is bad or there is no connection to this port Blinking The corresponding port is management disabled 2 Phy Phy status LEDs green On The corresponding Phy port is active Off The corresponding Phy port is in backup mode or there is no connection to this port 3 Activity Port activity LEDs green Blinking Indicates network activity level for the corresponding port A high level of network activity can cause LEDs to appear to be on continuously GBIC Host port refer to Installing GBICs on page 360 Installing GBICs This section describes how to install the gigabit interface converters GBICs to the 450 1GBIC MDA s Host port The optional GBIC versions shown in Table 71 are currently available to support the 450 1GBIC MDA Table 71 Available GBIC models Model number Description Part number 1000BASE SX Uses shortwave 850 nm fiber optic connectors to AA1419001 connect devices over multimode 550m 1805 ft fiber optic cable 1000BASE LX Uses longwave 1300 nm fiber optic connectors to AA1419002 connect devices over single mode 5 km 3 1 mi or multimode 550m 1805 ft fiber optic cable 208700 B Appendix C Media dependent adapters 361 Table 71 Available
151. ack and you change to a Hybrid Stack you lose all VLANs However if you have up to 64 VLANs in the Pure BPS 2000 Stack and you change to a Hybrid Stack you will retain all the VLANs To have more than 64 VLANs available you must be operating in Pure BPS 200 Stack mode you cannot be in Hybrid mode The 256 VLANs are supported on either a standalone BPS 2000 with software version 1 2 or across a Pure BPS2000 Stack with software version 1 2 Before you begin configuring more than 64 VLANs you must ensure that you are operating in Pure BPS 2000 Stack mode and not in Hybrid Stack mode For information on viewing and setting the stack operational mode refer to Chapter 3 Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 or Reference for the Business Policy Switch 2000 Management Software Version 1 2 Refer to Chapter 2 Network configuration for more information on VLANs For information on configuring VLANs using the CI menus refer to Chapter 3 To configure this feature using the Web based management system refer to Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 To use Device Manager DM to configure VLANs refer to Reference for the Business Policy Switch 2000 Management Software Version 1 2 And to configure this feature using CLI commands refer to Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 Security The Bus
152. ack initialization The base unit s MAC address with a software offset is used for the stack MAC address For example if the base unit s MAC address is 00 00 82 99 44 00 and the stack software offset is 1F then the stack MAC address becomes 00 00 82 99 44 1F If another unit in the stack is assigned as the base unit the MAC address of the new base unit with offset now applies to the stack configuration The original stack IP address still applies to the new base unit Temporary base unit If an assigned base unit fails the next unit in the stack order automatically becomes the new temporary base unit This change is indicated by the base LED on the temporary base unit s LED display panel turning on amber For detailed information about the base LED see Chapter 1 This automatic failover is a temporary safeguard only If the stack configuration loses power the temporary base unit will not power up as the base unit when power is restored For this reason you should always assign the temporary base unit as the base unit set the Unit Select switch to Base until the failed unit is repaired or replaced Note If you do not reassign the temporary base unit as the new base unit and the temporary base unit fails the next unit directly downstream from this unit becomes the new temporary base unit This process can continue until there are only two units left in the stack configuration Using the Business Policy Swi
153. address to match against the packet s source IP address b Inthe Subnet Mask field enter 255 255 0 0 4 Inthe DSCP field choose 0x20 from the list This value matches packets with a DSCP of 0x20 32 decimal value If you choose Ignore the DSCP value in the packet is ignored 5 Inthe Protocol field choose TCP from the list When you select TCP you specify that only TCP packets be matched If you select Ignore all IP protocols are matched In the Destination Layer 4 Port field click Ignore In the Source Layer 4 Port field click Ignore Click Submit The new entry appears in the IP Filter Table Creating an IP Filter Group Table entry Now you can create an IP filter group in the IP Filter Group Table section of the IP Classification page To create an IP filter group entry 1 Click Create Filter Group in the IP Filter Group Table section of the IP Classification page The IP Classification Group page opens Figure 107 Using the Business Policy Switch 2000 Version 1 2 302 Chapter 5 Sample QoS configuration Figure 107 IP Classification Group page Application gt QoS gt QoS Advanced gt Rules gt IP Classification Group Filter Group Name IP Filter Group Table e m Source Tn Destination Destination Source Destination Source rj 134 177 69 0 255 255 255 0 134 177 0 0 255 255 0 0 0x20 TCP Ignore Ignore True ED A 2 Inthe Filter Group Name field enter IPacket This unique
154. affects all VLANs for example if you assign a port as a static router port in this screen the port becomes a static router port for the VLAN specified in the screen s VLAN field and also for any other VLAN where this port is a member Default Value Range X Multicast Group Membership screen The Multicast Group Membership screen allows you to view configured IP Multicast group addresses for specific VLANs The screen displays the IP Multicast group addresses associated with ports that are configured within a standalone switch or a stack of switches The displayed addresses are dynamic and can change as clients join or leave the various IP Multicast groups To open the Multicast Group Membership screen Choose Display Multicast Group Membership or press d from the IGMP Configuration Menu screen 208700 B Chapter 3 Using the console interface 225 Figure 83 Multicast Group Membership screen r Multicast Group Address Press Ctrl R to return t Main Menu e Multicast Group Membership VLAN 1 Port Unit 1 Port 1 Unit 1 Port Unit 1 Port 1 Unit 1 Port 1 Unit 1 Port 1 Unit 1 Port I o previous menu Press Ctrl C to return to ES T Table 39 describes the Multicast Group Membership screen options Table 39 Multicast Group Membership screen options Option Description VLAN Allows you to view multicast group addresses on specified VLANs You can use t
155. al e Ifthe switch receives a BootP reply that contains an in band IP address the switch uses this new in band IP address e Ifthe switch does not receive a BootP reply the switch cannot be managed using the in band IP address set from the console terminal 208700 B Chapter 3 Using the console interface 159 If an IP address is not currently in use these actions take effect immediately If an IP address is currently in use these actions take effect only after the switch is reset or power cycled BootP Disabled Allows the switch to be managed only by using the IP address set from the console terminal When selected this mode operates as follows e The switch does not broadcast BootP requests regardless of whether an IP address is set from the console terminal e The switch can be managed only by using the in band switch IP address set from the console terminal These actions take effect after the switch is reset or power cycled even if an IP address is not currently in use BootP or Last Address Allows the switch to be managed even if a BootP server is not reachable When selected this mode operates as follows e When the IP data is entered from the console terminal the data becomes the in band address of the switch and BootP requests are not broadcast The switch can be managed using this in band IP address When the in band IP address is not set from the console terminal the switch broadcasts BootP requests
156. alue is set to All Default Incoming and Outgoing Range Incoming and Outgoing Incoming Only Re authenticate Now Allows you to activate EAPOL authentication for the specified unit port immediately without waiting for the Re Authentication Period to expire Default No Range No Yes Re authentication Allows you to repeat EAPOL authentication for the specified unit port according to the time interval value configured in the Re Authentication Period field see next field description Default Enabled Range Enabled Disabled Re authentication Period When the Re Authentication field value see preceding field is set to enabled this field allows you to specify the time period between successive EAPOL authentications for the specified unit port Default 3600 seconds Range 1 to 604800 seconds Quiet Period Allows you to specify the time period between any single EAPOL authentication failure and the start of anew EAPOL authentication attempt Default 60 seconds Range 0 to 65535 seconds Transmit Period Allows you to specify how long the switch waits for the supplicant to respond to EAP Request Identity packets Default 30 seconds Range 1 to 65535 seconds Supplicant Timeout Allows you to specify how long the switch waits for the supplicant to respond to all EAP packets except EAP Request Identity packets Default 30 seconds Range 1 to 65535 seconds 208700 B Chapter 3 Using th
157. alues in a form Use the spacebar to highlight the value Press Enter e To clear a string field Position the cursor in the string field Press Ctrl K e To return to the previous menu press Ctrl R Using the Business Policy Switch 2000 Version 1 2 150 Chapter 3 Using the console interface e To go to the next screen in a series press Ctrl N e To return to the main menu at any time press Ctrl C e Press Backspace to delete entered text e Options that appear in brackets for example Enabled are user settable options Screen fields and descriptions Figure 50 shows a map of the CI screens The remainder of this chapter describes the CI screens and their fields beginning with the main menu Figure 50 Map of console interface screens MAC Address Security Config MAC Address Security Port Config MAC Address Security Port Lists MAC Address Security Table Main Menu IP Configuration Setup MAC Address Table SNMP Configuration MAC Address Security Config System Characteristics EAPOL Security Configuration Switch Configuration _ VLAN Configuration VLAN Configuration Console Comm Port Configuration dll Config MAC Ada for MAE POEM VEAN Identify Unit Numbers igh Speed Flow Control Config VLAN Port Configuration a MultiLink Trunk Config VLAN Display by Port Renumber Stack Units 9 Port Mirroring Configuration Display Hardware Unit
158. an configure up to 64 VLANs in Hybrid mode e All ports that are involved in port mirroring must have memberships in the same VLANs If a port is configured for port mirroring the port s VLAN membership cannot be changed e Ifa port is a trunk group member all trunk members are added or deleted from the VLAN e All ports involved in trunking and port mirroring must have the same VLAN configuration If a port is on a trunk with a mirroring port the VLAN configuration cannot be changed VLANs are not dependent on Rate Limiting settings e faportis an IGMP member on any VLAN and is removed from a VLAN the port s IGMP membership is also removed e Ifa port is added to a different VLAN and it is already configured as a static router port the port is configured as an IGMP member on that specific VLAN For more information about configuring VLANs refer to Chapter 1 for additional guidelines on configuring VLANs and spanning tree groups and Chapter 3 See also the Appendixes for configuration flowcharts that can help you use this feature IGMP snooping Business Policy Switches can sense Internet Group Management Protocol IGMP host membership reports from attached stations and use this information to set up a dedicated path between the requesting station and a local IP Multicast router After the pathway is established the Business Policy Switch blocks the IP 208700 B Chapter 2 Network configuration 123 Multi
159. an encapsulation mechanism known as EAP over LANs EAPOL The Authenticator PAE encapsulates the EAP message into a RADIUS packet before sending the packet to the Authentication Server The Authenticator facilitates the authentication exchanges that occur between the Supplicant and the Authentication Server by encapsulating the EAP message to make it suitable for the packet s destination Using the Business Policy Switch 2000 Version 1 2 73 The Authenticator determines the controlled port s operational state After the RADIUS server notifies the Authenticator PAE about the success or failure of the authentication it changes the controlled port s operational state accordingly The Authenticator PAE functionality is implemented for each controlled port on the switch At system initialization or when a supplicant is initially connected to the switch s controlled port the controlled port s state is set to Blocking During that time EAP packets are processed by the authenticator When the Authentication server returns a success or failure message the controlled port s state is changed accordingly If the authorization is successful the controlled port s operational state is set to Forwarding Otherwise the controlled port s state depends on the Operational Traffic Control field value in the EAPOL Security Configuration screen The Operational Traffic Control field can have one of the following two values
160. ant power supply unit RPSU and uninterruptible power sippy e soda kok we draps aloe Gl Loe ci ii 46 PONES danesa rss iaa aeene shee a 47 CLI management system s srcorrrrrgrrarar dar rra ea dre 48 Eh VLAN acis a di de TS 48 Multiple Spanning Tree Protocol groups 0 0c cee eee eee 49 STG configuration guidelines 24 5 eic 4 cess age 444 YER RE RR tiid 51 Spanning Tree Fast Learning 0 000 c cece eee ee tees 53 PSC Gonigurstom NI Vcc e Penne a e Re rer mtem x nc on 53 Using the Business Policy Switch 2000 Version 1 2 8 Contents Sample ASCII configuration file llle 54 A A dedi diode on eke etg eee eek iod dign 56 Policy enabled networks with QoS metering oocoooccccccnccoo 57 Support for the GBIG MDA isssseluRku e re Rb RARE REL ERA a ERR ed 57 FAPOL pasad BOQUITA urea 58 Automate PYID occ cece cheer rr AAA SR REN EE 59 Ho ges pps cuc aa a AAA 61 AQUIFIO PING Cirsa rada rar aida ad eae dace 61 Improved STP Fast Learning Mode iliis eee eee 61 BootP menu item for a stack of only BPS 2000 switches 62 Palicy enabled networking ssaa cccnceew en cee tee eee eee eee hme v 62 Virtual Local Area Networks VLANS 000 ce eee eee eee 63 MES cuiaaxedecde ieee des naked eee RUE EHE d dup cine V 65 A MC EUEEIDEETPTEPT 66 RADIUS based network security llli 70 MAC address based security oooooccococcococno eee 70 EAPOLDasad SSQUI N s
161. are download and configuration You can modify this sample BootP configuration file or create one of your own A sample BootP configuration file follows The following is a sample of a BootP configuration file that was extracted from a Nortel Networks EZ LAN network management application Note that other BootP daemons can use a configuration file with a different format Legend first field ht ha td ip hd H HHH HHH HH HHH HH HOH db db Gb Gb db Before using your switch BootP facility you must customize your BootP configuration file with the appropriate data Blank lines and lines beginning with are ignored hostname hardware type host hardware address template host points to similar host entry host IP address bootfile home directory bf bootfile EZ dt device type EZ fv firmware version EZ av agent version cs TFTP server address for ASCII config file optional Fields are separated with a pipe symbol Forward slashes are required to indicate that an entry is continued to the next line Using the Business Policy Switch 2000 Version 1 2 396 Appendix G Sample BootP Configuration File Caution Omitting a Forward slash when the entry is continued to the next line can cause the interruption of the booting process or the incorrect image file to download Always include forward slashes where needed Important Note If a leading zero 0 is used in the IP address it is calculate
162. articular microflow or an aggregate flow Within the DiffServ network the marked packets are placed in a queue according to their marking which in turn determines the per hop behavior PHB of that packet For example if a video stream is marked so that it receives the highest priority then it is placed in a high priority queue As those packets traverse the DiffServ network the video stream is forwarded before any other packets To ensure that the traffic stream conforms to the bandwidth assigned policing within the network is necessary 208700 B Chapter 4 Policy enabled networks 277 DiffServ Concepts DiffServ is described in IETF RFCs 2474 and 2475 This architecture is flexible and allows for either end to end QoS or intradomain QoS by implementing complex classification and mapping functions at the network boundary or access points Within a DiffServ domain the packet treatment is regulated by this classification and mapping The DiffServ basic elements are implemented within the network and include e Packet classification functions e A small set of per hop forwarding behaviors e Traffic metering marking and policing Traffic is classified as it enters the DS network and is then assigned the appropriate PHB based on that classification Within the IP packet the 6 bits in the DSCP are marked to identify how the packet should be treated at each subsequent network node This mapping of DS codepoints to per hop behavior
163. ate Instead of dropping all traffic that exceeds this threshold traffic policing allows you to configure a Committed Burst Rate to exceed the threshold Committed Rate for a brief period of time without being dropped Using the Business Policy Switch 2000 Version 1 2 314 Chapter 5 Sample QoS configuration Note You must create a meter using the Meter page even if the traffic is not being metered choose No Meter Data The actions are defined using the meters so you must configure the Meter page to configure QoS To configure a meter 1 Click the Application gt QoS gt QoS Advanced gt Meters menu option The Meters page opens Figure 117 Figure 119 Meters page r Application gt QoS gt QoS Advanced gt Meter Action Data Specification Committed Rate Committed Burst Size In Profile Out of Profile F Kbps Bytes Action Action Meter Creation Name IS Data Specification No Meter Data e Committed Rate Kbps Maximum Burst Rate l Kbps Duration oox In Profile Action Generic y Out of Profile Action ooox l Meter Table Committed Burst Size a In the Name field of the Meter Creation section enter Practice In the Data Specification field choose No Meter Data In the In Profile Action field choose Generic Click Submit a 5 WO N The new entry is displayed in the Meter Table Figure 118 208700 B Chapter 5 Sample QoS configuratio
164. ath Cost Default Value 128 Range 0 to 255 Using the Business Policy Switch 2000 Version 1 2 248 Chapter 3 Using the console interface Table 46 Spanning Tree Port Configuration screen fields continued Field Description Path Cost This read only field is a bridge spanning tree parameter that determines the lowest path cost to the root Default Value 10 or 100 1 for Gigabit port Path Cost 1000 LAN speed in Mb s The higher the LAN speed the lower the path cost See also Priority Range 1 to 65535 State This read only field indicates the current port state within the spanning tree network Each port can transition to various states as determined by the Participation field setting For example when the Participation field is set to disabled the port does not participate in spanning tree and transitions to the Forwarding state the default When the Participation field is set to Normal Learning or Fast Learning the port transitions from the Disabled state through the Blocking Listening and Learning states before entering the Forwarding state Default Value Topology dependent Range Disabled Blocking Listening Learning Forwarding Note You can remove a port from the specified STP Group by toggling gt the Participation field to Disabled Spanning Tree Switch Settings screen The Spanning Tree Switch Settings screen Figure 92 allows you to view spanning tree parameter
165. ation Menu screen The MAC Address Security Configuration Menu screen Figure 57 allows you to specify a range of system responses to unauthorized network access to your switch The system response can range from sending a trap to disabling the port The network access control is based on the MAC addresses of the authorized stations You can specify a list of up to 448 MAC addresses that are authorized to access the switch You can also specify the ports that each MAC address is allowed to access The options for allowed port access include NONE ALL and single or multiple ports that are specified in a list for example 1 4 6 9 etc You must also include the MAC address of any router connected to any secure ports When the switch software detects a security violation the response can be to send a trap turn on destination address DA filtering disable the specific port or any combination of these three options To open the MAC Address Security Configuration screen Choose MAC Address Security Configuration from the Switch Configuration Menu Using the Business Policy Switch 2000 Version 1 2 170 Chapter 3 Using the console interface Figure 57 MAC Address Security Configuration Menu screen A Main Menu S MAC Address Security Configuration Menu MAC Address Security Configuration MAC Address Security Port Configuration MAC Address Security Port Lists MAC Address Security Table Return to Sw
166. ation to as many as four Business Policy Switches in the event that any of the switch power supplies fail The BayStack 10 Power Supply Unit has a powerful modular redundant and uninterruptible power supply UPS functionality in a single chassis It provides scalable power redundancy and protection to your networking equipment The modules fit into the right hand side of the rear of the chassis The UPS and associated battery pack module fit into the front of the chassis For further information refer to Installation and Reference for the BayStack 10 Power Supply Unit part number 208296 C Contact your Nortel Networks sales representative for more information 100 Watt DC DC Converter The 100 Watt DC DC Converter operates in conjunction with the Nortel Networks BayStack 10 Power Supply Unit and 200 Watt AC DC Power Supply Module The 100 Watt DC DC Converter provides a plug and play redundant power supply unit for the Business Policy Switch 2000 as well as other products available from Nortel Networks Contact your Nortel Networks sales representative for information about the Nortel Networks products that use the 100 Watt DC DC Converter For further information about the 100 Watt DC DC Converter refer to Installation and Reference for the 100 Watt DC DC Converter Module part number 209132 B Using the Business Policy Switch 2000 Version 1 2 47 Features The Business Policy Switch 2000 provides wire speed switching that
167. b s per user 26 users each with dedicated 100 Mb s bandwidth Server bottleneck 10 Mb s bandwidth Server with dedicated 100 Mb s bandwidth Network center bottleneck 10 Mb s bandwidth Network center with dedicated 100 Mb s full duplex bandwith 200 mb s bidirectional 9795EA Segment switch application Figure 9 shows a Business Policy Switch used as a segment switch to alleviate user contention for bandwidth and eliminate server and network bottlenecks Before segmentation 88 users had a total bandwidth of only 10 Mb s available After segmentation 92 users have 40 Mb s four times the previous bandwidth while adding 22 dedicated 100 Mb s connections This configuration can be extended to add more segments without degrading performance Using the Business Policy Switch 2000 Version 1 2 90 Chapter 2 Network configuration Figure 9 Business Policy Switch used as a segment switch Before 10BASE T hubs Server To Network Center Up to 88 users Key 10 Mb s 100 Mb s wm 200 Mb s 88 users share 10 Mb s 10 88 Mb s per user Server bottleneck 10 Mb s bandwidth Network center bottleneck 10 Mb s bandwidth Total of 88 users After Business Policy Switch 2000 q EE ESSERI Up to 23
168. before configuring any trunks to avoid configuration errors 4 Consider how the existing spanning tree will react to the new trunk configuration see Spanning tree considerations for MultiLink Trunks and Chapter 1 for spanning tree group configuration guidelines 5 Consider how existing VLANs will be affected by the addition of a trunk MultiLink Trunking configuration rules The MultiLink Trunking feature is deterministic that is it operates according to specific configuration rules When creating trunks consider the following rules that determine how the MultiLink Trunk reacts in any network topology e Any port that participates in MultiLink Trunking must be an active port set to Enabled via the Port Configuration screen or through network management e All trunk members must have the same VLAN configuration before the Trunk Configuration screen s Trunk Status field can be set to Enabled using CI menus see Chapter 3 e When an active port is configured in a trunk the port becomes a trunk member when you set the Trunk Status field to Enabled The spanning tree parameters for the port then change to reflect the new trunk settings e All trunk members must be in the same spanning tree group and can belong to only one spanning tree group e Ifyou change the spanning tree participation of any trunk member to Enabled or Disabled the spanning tree participation of all members of that trunk changes similarly see Spanning
169. before this field can be set to active After you set the VLAN State field value to Active you cannot change the VLAN State VLAN Type Protocol Id or User defined PID field values unless you delete the VLAN If you delete a VLAN all configuration parameters that are associated with that VLAN are also deleted Default Inactive Range Inactive Active Port Membership Allows you to assign VLAN port memberships to standalone or stacked unit ports The ports can be configured in one or more VLANs To set this field you must set the VLAN State field to Active Certain restrictions apply for Gigabit and BayStack 410 ports see Gigabit ports restriction on page 197 This field is dependent on the Tagging field value in the VLAN Port Configuration screen see the Tagging field description in VLAN Port Configuration screen fields on page 198 For example When the Tagging field is set to Untagged Access you can set the Port Membership field as an untagged port member U or as a non VLAN port member When the Tagging field is set to Tagged Trunk you can set the Port Membership field as a tagged port member T or as a non VLAN port member The Port Membership fields are displayed in six port groups for example 1 6 7 12 13 18 The number of ports displayed depends on the switch model or type of optional MDA installed in the Uplink Module slot Default U All ports are assigned as untagged members
170. ber Current stack order Renumber Stack Units screen on page 238 Renumber units with new setting No Group 1 Spanning Tree Group Configuration screen on page 242 Bridge Priority 8000 Bridge Hello Time 2 seconds Bridge Maximum Age Time 20 seconds Bridge Forward Delay 15 seconds Add VLAN Membership 4 Tagged BPDU on tagged port STP Group 1 No Other STP Groups Yes STP Group State STP Group 1 Active Other STP Groups InActive STP Group 4 Spanning Tree Port Configuration screen on page 245 Participation Normal Learning Priority 128 Path Cost 10 or 100 STP Group 1 Spanning Tree Switch Settings Screen on page 248 STP Group 1 Spanning Tree VLAN Membership Screen on page 252 TELNET Access Enabled TELNET SNMP Web Access Configuration screen on page 254 Login Timeout 1 minute Login Retries 3 Inactivity Timeout 15 minutes 208700 B Appendix F Default Settings 393 Table 74 Factory default settings continued Field Default setting Appears in this Cl screen Event Logging All Allowed Source IP Address 10 user configurable fields First field 0 0 0 0 no IP address assigned Remaining nine fields 255 255 255 255 any address is allowed Using the Business Policy Switch 2000 Version 1 2 394 Appendix F Default Settings Table
171. c 1 ii of the Rights in Technical Data and Computer Software clause of DFARS 252 227 7013 for agencies of the Department of Defense or their successors whichever is applicable 6 Use of Software in the European Community This provision applies to all Software acquired for use within the European Community If Licensee uses the Software within a country in the European Community the Software Directive enacted by the Council of European Communities Directive dated 14 May 1991 will apply to the examination of the Software to facilitate interoperability Licensee agrees to notify Nortel Networks of any such intended examination of the Software and may procure support and assistance from Nortel Networks 7 Term and termination This license is effective until terminated however all of the restrictions with respect to Nortel Networks copyright in the Software and user manuals will cease being effective at the date of expiration of the Nortel Networks copyright those restrictions relating to use and disclosure of Nortel Networks confidential information shall continue in effect Licensee may terminate this license at any time The license will automatically terminate if Licensee fails to comply with any of the terms and conditions of the license Upon termination for any reason Licensee will immediately destroy or return to Nortel Networks the Software user manuals and all copies Nortel Networks is not liable to Licensee for damages in any f
172. can reassign VLANs to accommodate network moves additions and changes eliminating the need to change physical cabling 208700 B Chapter 2 Network configuration 105 Figure 17 Port based VLAN example 9798EA IEEE 802 1Q tagging Business Policy Switches operate in accordance with the IEEE 802 1Q tagging rules Important terms used with the 802 1Q tagging feature are VLAN identifier VID the 12 bit portion of the VLAN tag in the frame header that identifies an explicit VLAN When other types of VLANs are enabled this default value can be overridden by the values enabled in the management interfaces Refer to Chapter 3 Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 and Reference for the Business Policy Switch 2000 Management Software Version 1 2 for information on overriding the default values Port VLAN identifier PVID a classification mechanism that associates a port with a specific VLAN For example a port with a PVID of 3 PVID 3 assigns all untagged frames received on this port to VLAN 3 With software version 1 1 you can automatically assign the PVIDs Tagged frame the 32 bit field VLAN tag in the frame header that identifies the frame as belonging to a specific VLAN Untagged frames are marked tagge
173. cascade up connector In order to maintain the integrity of the stack this unit has bypassed its upstream neighbor and has wrapped the stack backplane onto an alternate path Amber Blinking Incompatible software revision or unable to obtain a unit or ID Renumber Stack Unit table full The unit is on the ring Green but cannot participate in the stack configuration Cas Dwn Stack mode Off The switch is in standalone mode Green On The switch is connected to the downstream unit s Cascade A Out connector Amber On This unit has detected a problem with the switch connected to the cascade down connector In order to maintain the integrity of the stack this unit has bypassed its downstream neighbor and has wrapped the stack backplane onto an alternate path Amber Blinking Incompatible software revision or unable to obtain a unit or ID Renumber Stack Unit table full The unit is on the ring Green but cannot participate in the stack configuration Using the Business Policy Switch 2000 Version 1 2 330 Chapter 6 Troubleshooting Table 59 Business Policy Switch LED descriptions continued Label Type Color State Meaning Base Base mode Green On The switch is configured as the stack base unit Off The switch is not configured as the stack base unit or is in standalone mode Blinking Stack configuration error indicates that multiple base units or no base units are con
174. cast stream from exiting any other port that does not connect to another host member thus conserving bandwidth The following section describes how Business Policy Switches provide the same benefit as IP Multicast routers but in the local area IGMP is used by IP Multicast routers to learn about the existence of host group members on their directly attached subnets see RFC 2236 The IP Multicast routers get this information by broadcasting IGMP queries and listening for IP hosts reporting their host group memberships This process is used to set up a client server relationship between an IP Multicast source that provides the data streams and the clients that want to receive the data Figure 35 shows how IGMP is used to set up the path between the client and server As shown in this example the IGMP host provides an IP Multicast stream to designated routers that forward the IP Multicast stream on their local network only if there is a recipient The client server path is set up as follows 1 The designated router sends out a host membership query to the subnet and receives host membership reports from end stations on the subnet 2 The designated routers then set up a path between the IP Multicast stream source and the end stations 3 Periodically the router continues to query end stations on whether or not to continue participation 4 As long as any client continues to participate all clients including nonparticipating end stations o
175. cation 208700 B Preface 29 Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 part number 209570 B Describes how to use the Web based management tool to configure switch features Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 part number 212160 A Describes how to use Command Line Interface CLI commands to configure and manage the BPS 2000 Installing Media Dependent Adapters MDA s part number 302403 D Describes how to install optional MDAs in your Business Policy Switch 2000 Gigabit Interface Converter GBIC Installation Guide part number 208723 A Describes how to install optional GBICs into the optional MDA in your Business Policy Switch 2000 Installing the BayStack 400 ST1 Cascade Module part number 304433 B Describes how to connect up to eight switches into a stack configuration by installing optional BayStack 400 ST1 Cascade Modules BayStack 10 Power Supply Unit Installation Instructions part number 208558 B Describes installation power up power down and fan replacement procedures Release Notes for the BayStack 10 Power Supply Unit part number 208560 B Documents important changes about the RPSU UPS that are not covered in other related publications Installation and Reference for the BayStack RPSU UPS part number 208296 C Describes how to install the optional RPSU UPS to your Business Policy Switch 2
176. ccess to the Cl Thereafter you will need to specify the correct password at the console terminal prompt See Console Read Only Switch Password and Console Read Write Switch Password for more information Default Value None Range None Local Password RADIUS Authentication Using the Business Policy Switch 2000 Version 1 2 234 Chapter 3 Using the console interface Table 42 Console Comm Port Configuration screen fields continued Field Description Console Stack Password Type Enables password protection for accessing the console interface Cl of any participating switch in a stack configuration through a console terminal If you set this field to Required you can use the Logout option to restrict access to the Cl of any stack unit Thereafter you will need to specify the correct password at the console terminal prompt when accessing the stack See Console Read Only Stack Password and Console Read Write Stack Password for more information Default Value None Range None Local Password RADIUS Authentication TELNET Switch Password Type Enables password protection for accessing the console interface Cl of a standalone switch through a Telnet session If you set this field to Required you can use the Logout option to restrict access to the Cl Thereafter you will need to specify the correct password at the console terminal prompt See Console Read Only Switch Password and Console Read Write Sw
177. cept the stack passwords You can change the default passwords for read only access and read write access to a private password 208700 B Chapter 3 Using the console interface 235 Table 42 Console Comm Port Configuration screen fields continued Field Description Default Value secure Range Any ASCII string of up to 15 printable characters Caution If you change the system supplied default passwords be sure to write the new passwords down and keep them in a safe place If you forget the new passwords you cannot access the console interface In that case contact Nortel Networks for help Achtung Wenn Sie die fiir das System standardmaBig eingestellten PaBw rter ndern notieren Sie sich die neuen PaBw rter und bewahren Sie sie an einem sicheren Ort auf Falls Sie die neuen PaBw rter vergessen k nnen Sie nicht mehr auf die Konsolenschnittstelle zugreifen Wenden Sie sich in diesem Fall an Nortel Networks um Unterst tzung zu erhalten Attention Si vous changez les mots de passe par d faut du syst me assurez vous de bien noter vos nouveaux mots de passe et de les conserver dans un endroit s r Si vous perdez vos nouveaux mots de passe vous ne pourrez plus acc der votre interface Le cas ch ant veuillez contacter Nortel Networks D Precauci n Si modifica las contrase as predeterminadas asignadas por el sistema aseg rese de anotar las nuevas contra
178. ch 2000 E i j EN ELE i Station B 9801EA As shown in Figure 27 with STP enabled only one connection between Switch S1 and Switch S2 is forwarding at any time Communications failure occurs between VLAN 2 of 1 and VLAN 2 of S2 blocking communications between Stations A and B The STP selects the link connecting VLAN 1 on Switches S1 and S2 as the forwarding link based on port speed duplex mode and port priority Because the other link connecting VLAN 2 is in Blocking mode stations on VLAN 2 in Switch S1 cannot communicate with stations in VLAN 2 on Switch S2 With multiple links only one link will be forwarding Shared servers Business Policy Switches allow ports to exist in multiple VLANs for shared resources such as servers printers and switch to switch connections It is also possible to have resources exist in multiple VLANs on one switch as shown in Figure 28 In this example clients on different broadcast domains share resources The broadcasts from ports configured in VLAN 3 can be seen by all VLAN port members of VLAN 3 208700 B Chapter 2 Network configuration 115 Figure 28 Multiple VLANs sharing resources Business licy Switch 2900 v2 v2 Key VLAN 1 PVID 1 VLAN 2 PVID 2 zr VLAN 3 PVID 3 9803E
179. ch Password field is set to Local Password for Telnet for Console or for Both this field allows read write password access to the Cl of any participating switch in a stack configuration Users can log in to the Cl using the correct password see default and can change any parameter except the switch password You can change the default passwords for read only access and read write access to a private password Default Value secure Range Any ASCII string of up to 15 printable characters Caution you change the system supplied default passwords be sure to write the new passwords down and keep them in a safe place If you forget the new passwords you cannot access the console interface In that case contact Nortel Networks for help Achtung Wenn Sie die f r das System standardm ig eingestellten PaBw rter ndern notieren Sie sich die neuen PaBw rter und bewahren Sie sie an einem sicheren Ort auf Falls Sie die neuen PaBw rter vergessen k nnen Sie nicht mehr auf die Konsolenschnittstelle zugreifen Wenden Sie sich in diesem Fall an Nortel Networks um Unterst tzung zu erhalten Attention Si vous changez les mots de passe par d faut du syst me assurez vous de bien noter vos nouveaux mots de passe et de les conserver dans un endroit s r Si vous perdez vos nouveaux mots de passe vous ne pourrez plus acc der a votre interface Le cas ch ant veuillez contacter Nortel Networks Pr
180. ch trunk configuration example Business Policy Switch S1 rem oo CYY Y Y CRC o 1 gus CERE Sri EE Lp T2 Business Policy Switch 9804EA You can configure each of the trunks shown in Figure 39 with up to four switch ports to provide up to 800 Mb s aggregate bandwidth through each trunk in full duplex mode As shown in this example when traffic between switch to switch connections approaches single port bandwidth limitations creating a MultiLink Trunk can supply the additional bandwidth required to improve the performance Figure 40 shows a typical switch to server trunk configuration In this example file server FS1 uses dual MAC addresses using one MAC address for each network interface card NIC For this reason FS1 does not require a trunk assignment FS2 is a single MAC server with a four port NIC and is set up as trunk configuration T1 208700 B Chapter 2 Network configuration 131 Figure 40 Switch to server
181. cipline Kbps Allocation Order Bytes 1 Priority Queuing D Relative 1 64000 1 2 Weighted Fair Queuing bn Br D Relative 2 48000 8 Weighted Fair Queuing 0 0 30 D Relative 2 40000 4 Weighted Fair Queuing 0 0 20 D Relative 2 32000 2 1 Priority Queuing 0 0 100 D Relative 1 38400 2 Priority Queuing 0 0 100 D Relative 2 153600 Interface Group Table Role Combination Capabilities Interface Class Entry Storage EI X Input 802 Classification El x alIBPSlfcs Input IP Classification Untrusted Read Only Display Interface ID Table Interface Group Creation Role Combination Interface Class Untrusted y The Interface Group Creation section of this page allows you to define groups of interfaces You can view your interface configurations in the read only Interface Queue Table and the Interface Group Table 4 Use the Interface Group Creation section to create a new Role Combination In the Role Combination field enter Webbrowsing Remember this is an example You can enter any string in this field Note Do not use spaces in the naming field gt 208700 B Chapter 5 Sample QoS configuration 297 5 In the Interface Class field choose untrusted By selecting untrusted incoming DSCP values will be changed Refer to Chapter 4 for more information on trusted untrusted and unrestricted interfaces classes By using system defaults or manual configurations you configure whether the
182. ck with a Pure BPS 2000 stack running software version 1 2 The maximum number of MAC SA based VLANs is 48 If you are working with a mixed or hybrid stack you can use 64 VLANs for the entire stack When you change from a Pure BPS 2000 Stack mode to a Hybrid Stack mode e If you have up to 64 VLANs on the Pure BPS 2000 Stack they will be retained when you change to a Hybrid Stack e If you have more than 64 VLANs on the Pure BPS 2000 Stack you will lose them all The Hybrid Stack will return to the default VLAN configuration Also a mixed or hybrid stack does not support multiple Spanning Tree Groups STG You have a single instance of STG when working with a mixed stack Accessing the Cl menus and screens You can access the CI menus and screens locally through a console terminal attached to your Business Policy Switch remotely through a dial up modem connection or in band through a Telnet session see Chapter 1 You can connect your console cable into any unit in a Business Policy Switch only stack Pure BPS 2000 Stack mode for a unified stack interface For the mixed stack Hybrid Stack mode management functions to become fully operational you must connect your console terminal into a Business Policy Switch port within your mixed stack Note If you have a properly configured BootP server in your network it detects the IP address you will not need to configure the IP address For information about SNMP see your net
183. com URL to download a free copy of the Adobe Acrobat Reader How to get help If you purchased a service contract for your Nortel Networks product from a distributor or authorized reseller contact the technical support staff for that distributor or reseller for assistance 208700 B Preface 31 If you purchased a Nortel Networks service program contact one of the following Nortel Networks Technical Solutions Centers Technical Solutions Center Telephone 33 4 92 966 968 800 4NORTEL or 800 466 7835 61 2 9927 8800 800 810 5000 Europe Middle East and Africa North America Asia Pacific China l i An Express Routing Code ERC is available for many Nortel Networks products and services When you use an ERC your call is routed to a technical support person who specializes in supporting that product or service To locate an ERC for your product or service go to the www12 nortelnetworks com URL and click ERC at the bottom of the page Using the Business Policy Switch 2000 Version 1 2 32 Preface 208700 B 33 Chapter 1 The Business Policy Switch 2000 This chapter introduces the Business Policy Switch 2000 and covers the following topics e General description next e Stacking compatibility on page 33 e Software version 1 2 compatibility with BayStack 450 switches on page 35 e Physical description on page 36 e Features
184. configuration method you can then customize traffic treatment using the QoS Advanced configuration process Refer to Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 for a sample QoS Wizard configuration Using the Business Policy Switch 2000 Version 1 2 294 Chapter 5 Sample QoS configuration It is important that you refer to Using Web based Management for the Business Policy Switch 2000 for details to access the Web based management interface directory and page navigation information and field descriptions Note Nortel Networks recommends that you configure filter and interface parameters in the order in which the screens are presented in this example This chapter provides a sample configuration using the Web based management interface QoS gt QoS Advanced Web pages You must define filters before you define filter groups and you must define actions before you define the meters The policy must be defined last after the other parameters are configured This chapter covers the following topics using the QoS Advanced Web pages e Creating interface groups next e Accepting default mapping values on page 298 e Setting up filters and filter groups on page 298 e Configuring actions on page 311 e Configuring meters on page 313 e Configuring policies on page 315 e Assigning mapping values on page 318 Note You cannot modify configured
185. configure anke 5 61085 oko 949p C HOH TRA HOES ne ded 132 MultiLink Trunking configuration rules oooocoorororrommoo 133 How the MultiLink Trunk reacts to losing distributed trunk members 134 Spanning tree considerations for MultiLink Trunks lille 135 Additional tips about the MultiLink Trunking feature leues 138 POM UIFFOUDEE cocer rada os ERRARE SENE 139 Port based mirroring configuration i222 eue re Rao oor Rick Ros 140 Address based mirroring configuration liliis 143 Port mirroring configuration rules cece eee ele 145 Chapter 3 Using the console interface oooooooommmmmmmmnmmmm m o 147 Compatibility with BayStack 450 switches 00000 cece ees 147 Accessing the Cl menus and screens 0000 c eee eee eee 148 Using the Cl menus and SeIeenis cuicos ee aces a A b ncn 149 Navigating the Cl menus and screens 0020 cece eee eee eee 149 Screen fields and descriptions ssi odas cede reba vedere dda ERE dads 150 Pore AY dn eT NR T TET TTE Aa 151 IP Configuration Setup Sre araro suec ce om mc eek m nox em nea 155 Choosing a BootP request mode 0 ccc eens 157 SNMP COmIgraga ECON auoqes auos dee RR RG OG RON RR as 160 System Characteristics screen illie es 162 Switch Configuration Menu screen 0000 cece eee eee 164 MAC Address Table screen ooooccccccccccc eee 167 MAC Address Security Configuration Me
186. connect multimode cables directly into the 10000BASE LX MDA transceiver Instead connect a special offset SMF MMF patch cord into the transceiver and then connect the multimode cable into the SMF MMF patch cord For more information about gigabit transmission over fiber optic cable and mode conditioning refer to the following publication Reference Note Gigabit Ethernet Physical Layer Considerations Part number 201540 B This publication is available at the www nortelnetworks com documentation URL The product family for the BPS 2000 is Data and Internet Using the Business Policy Switch 2000 Version 1 2 368 Appendix C Media dependent adapters 208700 B 369 Appendix D Quick steps to features If you are a system administrator with experience configuring Business Policy Switch 2000 VLANs MultiLink Trunking Port Mirroring IGMP Snooping and EAPOL authentication processes use the flowcharts on the following pages as quick configuration guides The flowcharts refer you to the configuration rules appropriate for each feature The flowcharts cover the following features e 802 1Q VLANs page 369 e MultiLink Trunking page 373 Port Mirroring page 374 IGMP Snooping page 375 e EAPOL Authentication page 378 Configuring 802 1Q VLANs To create or modify an 802 1Q VLAN follow the flowcharts in Figure 141 Figure 142 and Figure 143 To open the VLAN Configuration screen Choose VLAN
187. connection is bad or there is no connection to this port Link Link status Green On Valid communications link established Off The communications link connection is bad or there is no connection to this port Blinking The corresponding port is management disabled Activity Port activity Green or Amber Blinking Indicates network activity for the corresponding port A high level of network activity can cause the LEDs to appear to be on continuously 208700 B Chapter 6 Troubleshooting 331 Diagnosing and correcting problems Before you perform the problem solving steps in this section cycle the power to the Business Policy Switch disconnect and then reconnect the AC power cord then verify that the switch follows the normal power up sequence Warning To avoid bodily injury from hazardous electrical current never remove the top cover of the device There are no user serviceable components inside Vorsicht Um Verletzungsgefahr durch einen elektrischen Stromschlag auszuschlieBen nehmen Sie niemals die obere Abdeckung vom Ger t ab Im Ger teinnern befinden sich keine Komponenten die vom Benutzer gewartet werden k nnen Avertissement Pour viter tout risque d lectrocution ne jamais retirer le capot de l appareil Cet appareil ne contient aucune pi ce accessible par l utilisateur Advertencia A fin de evitar da os personales por
188. connectors to attach devices over 62 5 125 or 50 125 micron multimode fiber optic cable e The BPS2000 4FX MDA uses four longwave 1300 nm MT RJ connectors to attach devices over 62 5 125 or 50 125 micron multimode fiber optic cable Figure 135 100BASE FX MDA front panels O Bona NE OOO Dady BPS2000 4FX MDA J 100BASE FX RT z2 9791EA Both models conform to the IEEE 802 3u 100B ASE FX standard and can be used for fiber based 100 Mb s connections 2 km maximum distance to other compatible Fast Ethernet devices Single mode fiber cable is not supported Table 69 describes the 100BASE FX components and LEDs 208700 B Appendix C Media dependent adapters 357 For installation instructions see Installing an MDA on page 363 Table 69 100BASE FX MDA components Item Label Description 1 Link LINK status LED green On Indicates 100 Mb s LINK activity Off Indicates no LINK activity 2 Activity Activity LED green On Indicates active traffic Receiving or transmitting A high level of network activity can cause LEDs to appear to be on continuously Off Indicates no active traffic 3 100BASE FX port connectors e BPS2000 2FX uses SC connectors e BPS2000 4FX uses MT RJ connectors
189. corrientes el ctricas peligrosas no desmonte nunca la cubierta superior de este dispositivo Los componentes internos no son reparables por el usuario Avvertenza Per evitare lesioni fisiche dovute a scariche pericolose di corrente non rimuovere mai il coperchio superiore del dispositivo I componenti interni non possono essere manipolati dall utente Ib Bb amp ES AG B SALATE OO TANIA AO EB8B7 1 3 ERU CHRU A ROTES ABI 1 HORA IVAR AT MED EEA Using the Business Policy Switch 2000 Version 1 2 332 Chapter 6 Troubleshooting Normal power up sequence In a normal power up sequence the LEDs appear as follows 1 After power is applied to the switch the Pwr Power LED turns on within 5 seconds 2 The switch initiates a self test during which the port LEDs display various patterns to indicate the progress of the self test 3 Upon successful completion of the self test within 10 seconds after power is applied the Status LED turns on 4 The remaining port LEDs indicate their operational status as described in Table 60 Table 60 Corrective actions Symptom Probable cause Corrective action All LEDs are off The switch is not receiving AC Verify that the AC power cord is fastened securely power at both ends and that power is available at the AC power outlet The fans are not operating or Verify that there is sufficient space for adequate the airflow is blocked causing airflow
190. curity 70 Security field 176 Select VLAN ID field 169 Server Timeout field 187 settings default 387 Single Collisions field 229 Size of Stack field 163 SNMP 81 84 SNMP Access field 256 SNMP Configuration screen 152 160 snooping 122 software download process 261 image upgrades 76 interoperability 34 versions 47 239 343 Software Download screen 153 257 259 spanning tree 240 configuration rules 51 133 145 Spanning Tree Configuration Menu 153 240 Spanning Tree FastStart 53 Spanning Tree Group Configuration screen 241 242 spanning tree groups 35 49 240 configuration rules 51 Spanning Tree Port Configuration screen 241 245 Spanning Tree Switch Settings screen 248 Spanning Tree VLAN Membership screen 252 Speed Duplex field 204 stack MAC address 97 stack operational mode 49 65 Stack Operational Mode screen 167 230 stack up down configurations 98 Stack UpTime field 157 stacking 33 40 87 147 151 163 230 339 340 base unit 96 cascade module slot 43 considerations 101 initial installation 96 installation guidelines 101 network example 92 overview 93 redundancy 102 Using the Business Policy Switch 2000 Version 1 2 404 Index stack MAC address 97 stacking considerations 98 temporary base unit 97 standards 84 Start Ping field 157 Start TFTP Load of New Image field 260 State field 248 Status field 203 STGs 240 STP 49 247 250 253 STP Group State field 245 STP Learning field 210
191. cy Services COPS is important as a stateful protocol between a policy server and a network device such as the BPS 2000 COPS is implemented by using the Optivity Policy Services OPS Version 1 2 or later which is a comprehensive network management application OPS provides a centralized management point for DiffServ policies The policy server distributes policies to edge devices and border routers These edge devices police traffic flows by marking packets and applying forwarding behaviors to the packets at the network node Information is transferred using the Common Open Policy Services COPS protocol a query and response protocol that exchanges policy information messages using the Transmission Control Protocol TCP COPS ensures redundancy for devices to contact an alternate policy server should the primary server fail Specifically COPS for Provisioning COPS PR is used to download information COPS is used to communicate with edge devices on the network Some of the benefits of the COPS protocol are e Ituses a client server model for communication between the policy server and the policy clients e Ituses TCP for messaging reducing the resources it requires e The policy server can send configuration information to the policy client as well as remove unneeded configuration information For information about OPS go to the www nortelnetworks com documentation URL Then locate the specific software product in this case Op
192. d Field Description Allowed Source Allows you to specify the ports that each MAC address is allowed to access The options for the Allowed Source field include a single unit port number or a port list value that you have previously configured in the MAC Address Security Port Lists screen Default Blank field Range A single unit port or a port list value for example 1 3 1 6 3 4 S1 S5 etc 1 Multicast address Note that the first octet of any multicast address will always be an odd number EAPOL Security Configuration screen The EAPOL Security Configuration screen Figure 65 allows you to selectively limit access to the switch based on an authentication mechanism that uses Extensible Authentication Protocol EAP to exchange authentication information between the switch and an authentication server Note Before you use the EAPOL Security Configuration screen you must configure your Primary RADIUS Server and RADIUS Shared Secret You will also need to set up specific user accounts on your RADIUS server User names e Passwords e VLAN IDs e Port priority You can set up these parameters directly on your RADIUS server For detailed instructions about configuring your RADIUS server refer to your RADIUS server documentation Note Do not enable EAPOL security on the switch port that is connected to the RADIUS server Using the Business Policy Switch 2000 Version 1 2
193. d For this reason you should always assign the temporary base unit as the base unit set the Unit Select switch to Base until the failed unit is repaired or replaced 10 100 10 100 Mb s port speed indicator Green On The corresponding port is set to operate at 100 Mb s and the link is good Blinking The corresponding port has been disabled by software Amber On The corresponding port is set to operate at 10 Mb s and the link is good Blinking The corresponding port has been disabled by software Off The link connection is bad or there is no connection to this port Using the Business Policy Switch 2000 Version 1 2 42 Table 2 Business Policy Switch 2000 LED descriptions continued Label Type Color State Meaning Link Link status Green On Valid communications link established Off The communications link connection is bad or there is no connection to this port Blinking The corresponding port is management disabled Activity Port activity Green Blinking Indicates network activity for the corresponding port A high level of network activity can cause the LEDs to appear to be on continuously Using the Business Policy Switch 2000 Version 1 2 43 Back panel The switch back panel is shown in Figure 4 Figure 4 Business Policy Switch 2000 back panel 9719EA
194. d with this classification as they leave the switch through a port that is configured as a tagged port Using the Business Policy Switch 2000 Version 1 2 106 Chapter 2 Network configuration Untagged frame a frame that does not carry any VLAN tagging information in the frame header VLAN port members a set of ports that form a broadcast domain for a specific VLAN A port can be a member of one or more VLANs Untagged member a port that has been configured as an untagged member of a specific VLAN When an untagged frame exits the switch through an untagged member port the frame header remains unchanged When a tagged frame exits the switch through an untagged member port the tag is stripped and the tagged frame is changed to an untagged frame Tagged member a port that has been configured as a member of a specific VLAN When an untagged frame exits the switch through a tagged member port the frame header is modified to include the 32 bit tag associated with the PVID When a tagged frame exits the switch through a tagged member port the frame header remains unchanged original VID remains User priority a three bit field in the header of a tagged frame The field is interpreted as a binary number therefore has a value of 0 7 This field allows the tagged frame to carry the user priority across bridged LANs where the individual LAN segments may be unable to signal priority information Port priority the priority l
195. d 260 802 1p Priority Mapping page 323 802 1p Priority Queue Assignment page 319 A access IP manager list 56 TELNET SNMP Web 254 Action Creation Field 311 Action Table 311 Actions page 311 Active Phy field 206 Actual Hello Interval 250 Add VLAN Membership field 244 Administrative Status field 185 Administrative Traffic Control field 185 Aging Time field 168 Allowed Source field 183 Allowed Source IP Address field 256 Allowed Source Mask field 256 Ascii 262 ASCII configuration file 53 ASCII Configuration File Download screen 262 266 ASCII Configuration Filename field 268 assymmetric mode 206 authentication 71 183 Authentication Trap field 161 Auto Configuration on Reset field 268 automatic PVID 59 200 autonegotiation description 79 modes 333 troubleshooting 333 Autonegotiation field 203 205 AutoPVID field 200 autosense description 78 Autotopology field 161 B base unit 96 97 Base Unit field 163 BayStack 450 1 GBIC MDA 57 BootP 62 Always mode 158 automatic configuration on reset 268 BOOTPTAB TXT file 395 Disabled 159 Last Address setting 159 Last BootP field 156 Request Mode field 156 sample configuration file 395 Stack BootP Mac Address Type 231 When Needed mode 158 BPS 2000 Diagnostics Filename field 260 BPS 2000 Image Filename field 260 Bridge Forward Delay field 251 Bridge Forward Delay Time field 244 Using the Business Policy Switch 2000 Version 1 2 398 Index Brid
196. d as an octal number If the leading character is x upper or lower case it is calculated as a hexadecimal number For example if an IP address with a base 10 number of 45 is written as 045 in the BOOTPTAB TXT file the Bootp protocol assigns 037 to the client Global entries are defined that specify the parameters used by every device Note that hardware type ht is specified first in the global entry The following global entry is defined for an Ethernet device Note that this is where a client s subnet mask sm and default gateway gw are defined O 3E 3E HE 3E db dE dE dB GE GB GE dE GE dE dE db dE dE db GE GE lobal1 ht ethernet hd c opt images sm 255 255 255 0 gw 192 0 1 0 The following sample entry describes a BootP client bayl ht ethernet ha 0060 d000000 ip 192 0 0 1 hd c ezlan images bf bps2000 txt Where host name bayl hardware type Ethernet MAC address 00 60 FD 00 00 00 IP address 192 0 0 0 home directory of boot file c lezlanlimages ASCII config file bps2000 txt When ASCII configuration download is configured to perform auto configuration on reset using BootP the filename must be specified using the bf keyword If the ASCII configuration file is not resident on the BootP server the server address can be specified using the cs keyword 208700 B 397 Index Numbers 256 VLANs 48 450 Image Filename fiel
197. d member PVID 2 Port 1 Port2 Port3 Pa of VLAN 2 Lo 802 1Q Switch 5 CRC Data Tag SA a a Port 6 Port7 Port 8 C penta an Untagged member d CRC 8100 Priority VID 22 of VLAN 2 16 bits 3 bits 1 bits 12 bits Data After Outgoing SA untagged packet pA Key unchanged Priority User priority CFI Canonical format indicator VID VLAN identifier BS45012A In Figure 21 untagged incoming packets are assigned to VLAN 3 policy VLAN 3 PVID 2 Port 5 is configured as a tagged member of VLAN 3 and port 7 is configured as an untagged member of VLAN 3 208700 B Chapter 2 Network configuration 109 Figure 21 Policy based VLAN assignment Port 1 Port 2 Port 3 Port 4 Policy VLAN 3 PVID 2 Untagged packet Su CRC Data SA DA Before 802 1Q Switch Port 5 Port 6 Port 7 Port 8 Tagged member of VLAN 3 Untagged member of VLAN 3 BS45011B As shown in Figure 22 the untagged packet is marked tagged as it leaves the switch through port 5 which is configured as a tagged member of VLAN 3 The untagged packet remains unchanged as it leaves the switch through port 7 which is configured as an untagged member of VLAN 3 Figure 22 802 1Q
198. de conexi n de fibra ptica Asuma siempre que el cable o el connector de fibra ptica est conectado a una fuerte de luz l ser Avvertenza Questo un produtto laser LED di Classe 1 e contiene una sorgente luminosa a laser che pu danneggiare gli occhi Non guardare mai all interno di una port a fibra ottica o di una porta connettore Dare sempre per scontato che il cavo di fibra ottica o il connettore siano collegati ad una sorgente luminosa a laser A Se cdid72Alvb W LEDSgS Cd ARIES GAIA DDD LEAR ENTE HIPANBEOIAIY FA HS DZAFERI MUTTER HIP TIN 7 TIERNA IN WIC LS SIC RES NTIS ODODE RAGE LT EZ There are two 1000BASE LX longwave gigabit MDA models e The 450 1LR MDA is a single MAC MDA with a separate redundant Phy backup Phy port Only one Phy port can be active at any time If the active Phy port fails the redundant Phy port automatically becomes the active port e The 450 1LX MDA is a single Phy MDA Using the Business Policy Switch 2000 Version 1 2 352 Appendix C Media dependent adapters Both models Figure 133 conform to the IEEE 802 3z 1000BASE LX standard and use longwave 1300 nm fiber optic connectors to connect devices over single mode 3 kilometer or multimode 550 meters fiber optic cable Note The optical performance of this transceiver cannot be guaranteed when connected to a multimode fiber plant without the use of the special offset SMF MMF mode conditioning
199. defined 16 User defined protocol based VLAN see Ethernet 802 2 or bit value Predefined Protocol Identifier PID Ethernet Snap description below for more information RARP Ether2 Ethernet type 2 8035 Reverse Address Resolution Protocol RARP RARP is a protocol used by some old diskless devices to obtain IP addresses by providing the MAC layer address When you create a VLAN based on RARP you can limit the RARP broadcasts to the ports that lead to the RARP server 208700 B Chapter 3 Using the console interface 195 User Defined Protocol Identifier Description In addition to the standard predefined protocols user defined protocol based VLANS are supported For user defined protocol based VLANs you specify the protocol identifier PID for the VLAN Any frames that match the specified PID in any of the following ways are assigned to that user defined VLAN e The ethertype for Ethernet type 2 frames The PID in Ethernet SNAP frames The DSAP or SSAP value in Ethernet 802 2 frames The following PIDs Table 25 are reserved and are not available for user defined PIDs Table 25 Reserved PIDs PID Value hex Comments 04 04 Sna 802 2 FO FO NetBIOS 802 2 AAAA SNAP 0 05DC Overlaps with 802 3 frame length 0600 0807 Xns Ether2 OBAD Vines Ether2 4242 IEEE 802 1D BPDUs 6000 6009 8038 Dec 0800 0806 Ip Ether2 incl
200. deleted as soon as you press Return The software does not prompt you to reconsider this action If you delete a VLAN all configuration parameters that are associated with that VLAN are deleted also You cannot delete VLAN 1 By default all switch ports are assigned as untagged members of VLAN 1 with all ports configured as PVID 1 See Chapter 1 for more information Default Blank Range 2 to 4094 VLAN Name Allows you to assign a name field to configured VLANs Default VLAN VLAN number Range Any ASCII string of up to 16 printable characters Management VLAN Allows you to assign any VLAN as the management VLAN VLAN 1 is the default management VLAN for the switch To set this field the VLAN State field value must be Active Default No Range Yes No IVL SVL Allows you to select either Shared VLAN Learning SVL multiple VLANs using a single forwarding database or Independent VLAN Learning IVL each VLAN using a unique forwarding database To set this field the VLAN State field value must be Inactive IVL is a Business Policy Switch only feature The IVL option is enabled only in Pure BPS 2000 Stack mode The SVL option is enabled in the Hybrid Stack mode See Stack Operational Mode screen on page 230 Default SVL in a mixed stack or in a pure Business Policy Switch stack IVL in a pure Business Policy Switch stack Range IVL SVL VLAN Type Allows you to select the type of VLAN port based protocol based or MAC SA based
201. ducts described in this document without notice Nortel Networks NA Inc does not assume any liability that may occur due to the use or application of the product s or circuit layout s described herein USA Requirements Only Federal Communications Commission FCC Compliance Notice Radio Frequency Notice Note This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy If it is not installed and used in accordance with the instruction manual it may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case users will be required to take whatever measures may be necessary to correct the interference at their own expense European Requirements Only EN 55 022 Statement This is to certify that the Nortel Networks Business Policy Switch 2000 is shielded against the generation of radio interference in accordance with the application of Council Directive 89 336 EEC Article 4a Conformity is declared by the application of EN 55 022 Class A CISPR 22 Warning This is a Class A product In a domestic environment this product may cause radio interference in w
202. e El oB D Not Loss Sensitive Standard El OxC 2 Not Loss Sensitive Bronze El 0xD 0 Not Loss Sensitive Standard El OxE 2 Not Loss Sensitive Bronze El OxF 0 Not Loss Sensitive Standard El oxo 3 Not Loss Sensitive Silver El 0x11 0 Not Loss Sensitive Standard El 0x12 3 Loss Sensitive Silver Bll Ox13 0 Not Loss Sensitive Standard Assigning 802 1p user priority mapping Now you want to map the 802 1p priority to a specific DSCP To configure IEEE 802 1p user priority to DSCP mapping 1 Click the Application gt QoS gt QoS Advanced gt Devices gt Priority Mapping menu option The 802 1p Priority Mapping page opens Figure 127 Using the Business Policy Switch 2000 Version 1 2 324 Chapter 5 Sample QoS configuration Figure 127 802 1p Priority Mapping page g Application gt QoS gt QoS Advanced gt Devices gt 802 1p Priority Mapping q 802 1p Priority Mapping Table 0 po 1 lo 2 oa 3 az 4 paa 5 022 6 ze Ye 0x30 m bm 2 Change the DSCP value for 802 1 Priority 2 to 0x0 3 Click Submit Verifying DSCP queue assignments Next view the DSCP queue assignments To view DSCP queue assignments 1 Click the Application QoS QoS Advanced Devices DSCP Q Assign menu option The DSCP Queue Assignment page opens Figure 128 208700 B Chapter 5 Sample QoS configuration 325 Figure 128 DSCP Queue Assignment page Application gt QoS gt QoS Advanced gt Devices gt
203. e the system helps you choose the Duration for this burst Combined these parameters define the In Profile traffic An example of traffic policing is limiting traffic entering a port to a specified bandwidth such as 25 Kb s Committed Rate Instead of dropping all traffic that exceeds this threshold you can configure a Maximum Burst Rate to exceed the threshold Committed Rate for a brief period of time Duration without being dropped Note Burst rate and duration are used to determine burst size Using the Business Policy Switch 2000 Version 1 2 288 Chapter 4 Policy enabled networks You can also configure policies without metering In this case using the Web based management system you choose No Meter Data in the Data Specification field of the Meter page Refer to Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 for more information using the Web based management system to configure QoS parameters on the BPS 2000 Note You must configure the Meter page using the Web based management system even if the traffic is not being metered choose No Meter Data The actions are defined using the meters so you must configure the Meter page to configure QoS Policy overview When network traffic attributes match those specified in a traffic pattern the policy instructs the network device to perform a specified action on each packet that passes through it Among policies t
204. e 19 MAC Address Security Port Lists screen fields 178 Table 20 MAC Address Security Table Screen Fields 182 Table 21 EAPOL security configuration screen options lusus 184 Table 22 VLAN Configuration Menu Screen options oococcoocoooo 189 Table 23 VLAN Configuration screen fields o oooooooooooooo 191 Table 24 Predefined Protocol Identifier PID ooooooommo 194 Table 2s Reser PIDO screen 195 Table 26 MAC Address Configuration for MAC SA Based VLAN screen fields 196 Table 27 VLAN Port Configuration screen fields oooooooooooo 198 Table 28 VLAN Display by Port screen fields 220200005 201 Table 29 Port Configuration screen fields o oo oooooooomooo 203 Using the Business Policy Switch 2000 Version 1 2 24 Tables Table 30 Table 31 Table 32 Table 33 Table 34 Table 35 Table 36 Table 37 Table 38 Table 39 Table 40 Table 41 Table 42 Table 43 Table 44 Table 45 Table 46 Table 47 Table 48 Table 49 Table 50 Table 51 Table 52 Table 53 Table 54 Table 55 Table 56 Table 57 Table 58 Table 59 Table 60 Table 61 Table 62 Table 63 Table 64 High Speed Flow Control Configuration Screen Fields 205 MultiLink Trunk Configuration Menu screen options 208 MultiLink Trunk Configuration screen fields o o o o o 210 MultiLink Trunk Utilization scree
205. e A DU conabor sesionar RR AAXGORARRR RRAWRR A Kd d RR ea 94 Unit SSCL SWIC LP T 95 Cascade A In CONECTION uude tien aden d bo cR RR eed eel d 95 DASS 12 ee dados AS ADA AAA A 96 minal Instoell dio arar id a Hees Ad dos 96 Stack MOISES aue a dl Capp a A AA de 97 Temporary base UN cusuccececeme eem xe Exe Ree eed gc gk 97 Removing a unit from the Stack iss sse eon c kem eem he hd 98 uc AS Ele DEE ala aora terior 98 DUCK up CONNQUISUONG cusese cep rr Aa 98 Stack down conn QU OB ack oid ceeded d beds cx ep E Re eek ick Roca 100 Redundant cascade stacking feature 0 eee ees 102 IEEE B02 10 VLAN workgroups lt eororcsrorrorida rider eiaa hiia ie 104 IEEE DUE OR ieaie a ta a deu dp o a aot ce en ud ede A 105 VLANs spanning multiple switches llli 111 VLANs spanning multiple 802 1Q tagged switches 112 VLANS spanning multiple untagged switches ooooocoooooo 112 Shared Servers PP 114 VLAN workgroup SUMMA e ceo a RN Rec tcu a 120 VLAN Ta MIQUELON TUES 33 dar qd o 3 r3 ERE ARR QE AER ER ER qup dr 122 Ran GORING nequ dpa Oi E CP EU S Tb Fo S E ed Po ede d 122 IGMP snooping configuration rules lille 127 IEEE 802 10 DrOllZIng susce Rr km hk mee RR one do 128 iube MUNKS oo 2 4 oe pede eh y REA RR PR SOR AAA 129 Client server configuration using MultiLink Trunks 0 0005 131 Using the Business Policy Switch 2000 Version 1 2 10 Contents Before you
206. e VLANI from STGI VLANs must be contained within a single STG a VLAN cannot span multiple STGs By confining VLANS within a single STG you avoid problems with spanning tree blocking ports and causing a loss of connectivity within the VLAN When a VLAN spans multiple switches the VLAN must be within the same spanning tree group have the same STG ID across all the switches All VLANs in the same shared database SVL must be assigned to the same STG e All members of a particular MultiLink Trunking MLT group must be assigned to the same STG that is they can belong to one and only one STG e A port that is not a member of any VLAN cannot be added to any STG The port must be added to a VLAN and that VLAN added to the desired STG e Tagged ports can belong to more than one STG but untagged ports can belong to only one STG e When a tagged port belongs to more than one STG the egress BPDUs are tagged to distinguish the BPDUs of one STG from those of another STG Using the Business Policy Switch 2000 Version 1 2 52 Because some STP compliant devices do not support tagging you can configure whether to send tagged or untagged BPDUs even from tagged ports with the BPS 2000 with software version 1 2 The VLAN ID for the tagged BPDUs will be 4000 STG ID An untagged port cannot span multiple STGs When you add a port to a VLAN that belongs to an STG the port is also added to the STG However if the port you are add
207. e console interface 187 Table 21 EAPOL security configuration screen options continued Option Description Server Timeout Allows you to specify how long the switch waits for the RADIUS server to respond to all EAP packets Default 30 seconds Range 1 to 65535 seconds Maximum Requests Allows you to specify the number of times the switch attempts to resend EAP packets to a supplicant Default 2 attempts Range 1 to 10 attempts VLAN Configuration Menu screen With software version 1 2 the VLAN Configuration Menu screen Figure 66 allows you to select the appropriate screen to configure up to 256 VLANs VLAN 1 is port based by default You can configure the remaining 255 VLANs to be of any appropriate combination of types although you have a maximum of 48 MAC SA based VLANs You can configure as many as 255 protocol based VLANs with up to 14 different protocols The number of different protocols you can configure depends on the number of hexadecimal values PID values associated with the protocol type Some protocol types use more than one PID value Refer to Predefined Protocol Identifier PID description on page 194 A port may not be a member of more than one protocol based VLAN with the same PID Untagged ports cannot belong to different VLANs of the same protocol type however tagged ports can Note Only standalone or pure stacks of BPS 2000 support 256 VLANs A mixed stack that consists
208. e fields as required You can also delete entries by typing zero 0 or using the space bar to clear the field Default Value Current stack order Range 1to8 Renumber units with new setting Specifies whether to start the renumbering process default is No Use the spacebar to toggle the selection to Yes Renumbering resets the switch with the current configuration values When you select this option the switch resets runs a self test then displays the Nortel Networks logo screen After you press Ctrl Y at the screen prompt the console screen temporarily displays the standalone Business Policy Switch main menu Then within 20 seconds the console screen refreshes and displays the main menu screen for the stack configuration The Unit LEDs display the new numbering order Default Value No Range No Yes Hardware Unit Information screen The Hardware Unit Information screen Figure 88 lists the switch models including any installed MDA and Cascade modules that are configured in your standalone or stack configuration In addition this screen displays the software version running on the hardware To open the Hardware Unit Information screen Choose Display Hardware Units or press h from the main menu Using the Business Policy Switch 2000 Version 1 2 Figure 88 Hardware Unit Information screen E E Hardware Unit Information Switch Model MDA Model Cascade MDA Software Version Unit 1
209. ecauci n Si modifica las contrase as predeterminadas asignadas por el sistema aseg rese de anotar las nuevas contrase as y gu rdelas en un lugar seguro Si olvida las nuevas contrase as no podr acceder al interfaz de la consola En ese caso p ngase en contacto con Nortel Networks para obtener ayuda al respecto 208700 B Chapter 3 Using the console interface 237 Table 42 Console Comm Port Configuration screen fields continued Field Description Attenzione In caso di modifica delle password predefinite nel sistema assicurarsi di annotare le nuove password e di conservarle in un luogo sicuro Nel caso in cui le nuove password vengano dimenticate non sara possibile accedere all interfaccia della console In tal caso contattare la Nortel Networks per avere assistenza EE VATLEMULE TIA LONAI FERETS O MEDIAL FeESEDCREGNI RE E LES ST LUVNAZ FEBNTLEJE YI AVATAR RATE E As coss ld Bay Networks E C ORC ESL Primary RADIUS Server The IP address of the Primary RADIUS server Default 0 0 0 0 no IP address assigned Range Four octet dotted decimal notation where each octet is represented as a decimal value separated by a decimal point Secondary RADIUS Server The IP address of the Secondary RADIUS server Default 0 0 0 0 no IP address assigned Range Four octet dotted decimal notation where each octet is represented as a decimal value separated by a decimal point RADIUS
210. ecifies whether to retrieve the stored switch stack configuration parameters from the specified TFTP server default is No If you choose Yes the download process begins immediately and when completed causes the switch stack to reset with the new configuration parameters Use the spacebar to toggle the selection to Yes Press Enter to initiate the process Default Value No Range Yes No 208700 B Chapter 3 Using the console interface 265 Requirements The following requirements apply to the Configuration File feature e The Configuration File feature can only be used to copy standalone switch configuration parameters to other standalone switches or to copy stack configuration parameters to other stack configurations For example you cannot duplicate the configuration parameters of a unit in a stack configuration and use it to configure a standalone switch e A configuration file obtained from a standalone switch can only be used to configure other standalone switches that have the same firmware revision and model type as the donor standalone switch e A configuration file obtained from a stack unit can only be used to configure other stacks that have the same number of switches firmware version model types and physical IDs as the stack the donor stack unit resides in Reconfigured stacks are configured according to the unit order number of the donor unit For example the configuration file parameters from a dono
211. ect operation of your configured network If you disable a trunk you may need to reconfigure the specific trunk members switch ports to return to the previous switch configuration See Chapter 1 for more information To open the MultiLink Trunk Configuration screen Choose Trunk Configuration or press t from the MultiLink Trunk Configuration Menu screen Figure 75 MultiLink Trunk Configuration screen UN MultiLink Trunk Configuration Trunk Trunk Members Unit Port STP Learning Trunk Mode Trunk Status 1 JI J Jt J Normal Basic Disabled 2 E y TESTER qE Wu Mp E Normal Basic Disabled 3 JI J J Normal Basic Disabled 4 L 7 JI 1I J J Normal Basic Disabled 5 L ME YE CE OL J 33 Normal Basic Disabled 6 Lia if JI lI Jt J Normal Basic Disabled Trunk Trunk Name 1 Trunk 1 2 Trunk 2 3 Trunk 3 4 Trunk 4 5 Trunk 5 6 Trunk 6 Use space bar to display choices press Return or Enter to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Menu J Using the Business Policy Switch 2000 Version 1 2 210 Chapter 3 Using the console interface Table 32 describes the MultiLink Trunk Configuration screen fields Table 32 MultiLink Trunk Configuration screen fields Field Description Trunk Column header for the read only fields in this screen The read only da
212. ed in Chapters 1 and 2 Installing the Business Policy Switch 2000 and Installing the BayStack 400 STI Cascade Module In the following sections you will find specific information about implementing a mixed stack configuration e Configuration requirements next e Automatic failover on page 342 e Troubleshooting problems on page 345 Configuration requirements The configuration requirements described here can help you to implement your mixed stack configuration 208700 B Appendix B Interoperability in a mixed stack configuration 341 Base unit In a mixed stack configuration a Business Policy Switch must be configured as the base unit Unit Select switch set to On on the cascade module All other units in the stack must have their Unit Select switch set to Off The base unit switch is the unique stack switch that you configure with the Unit Select switch on the front panel of the BayStack 400 ST1 Cascade Module If you do not designate a Business Policy Switch as the base unit the stack will not operate Merging the Business Policy Switch into a mixed stack Nortel Networks recommends that you start up your Business Policy Switch initially in a standalone mode and perform preliminary IP configuration tasks before you add it to an existing stack Note When you add a new factory direct unconfigured Business Policy Switch 2000 to your stack the Business Policy Switch acts as the dominant unit base uni
213. ed switches Figure 25 shows VLANs spanning two Business Policy Switches The 802 1Q tagging is enabled on S1 port 2 and on S2 port 1 for VLAN 1 and VLAN 2 Both ports are tagged members of VLAN 1 and VLAN 2 Figure 25 VLANs spanning multiple 802 1Q tagged switches HA pr VLAN 1 3 VLAN 2 _ __ Business S1 Fam 1 EEDA PERA Policy Switch 2000 Both ports are tagged members of VLAN 1 I and VLAN 2 i S2 m f Business L Policy Switch 2000 LS SSS SSS SS SSS SS SSeS ONO 0 aegas aH Because there is only one link between the two switches the Spanning Tree Protocol STP treats this configuration as any other switch to switch connection For this configuration to work properly both switches must support the 802 1Q tagging protocol VLANS spanning multiple untagged switches Figure 26 shows VLANs spanning multiple untagged switches In this configuration Switch S2 does not support 802 10 tagging and you must use a single switch port on each switch for each VLAN For this configuration to work properly you must set spanning tree participation to Disabled the STP is not supported across multiple LANs 208700 B Chapter 2 Network configuration 113 Refer to Chapter 1
214. em Log screen The System Log screen Figure 100 displays or clears messages obtained from system nonvolatile random access memory NVRAM or dynamic random access memory DRAM and NVRAM When the switch is part of a stack configuration the System screen displays only the data for the Business Policy Switch you are connected to through the Console Comm port System Log messages operate as follows e NVRAM messages are retrievable after a system reset e DRAM messages can be viewed while the system is operational All NVRAM and DRAM messages are time stamped e When you restart your system after a reset the DRAM messages are deleted e After a reset all messages stored in NVRAM are copied to DRAM DRAM messages are not copied to NVRAM The messages copied to DRAM are time stamped to zero 0 To open the Event Log screen Choose Display Event Log or press y from the main menu Using the Business Policy Switch 2000 Version 1 2 270 Chapter 3 Using the console interface Figure 100 System Log screen a Display Unit Display Messages From Display configuration complete Clear Messages From Press Ctrl P to see previous display Menu Ne System Log Type I Info S Serious C Critical Time Press Ctrl R to return to previous menu 1 Non Volatile Yes None Idx Time Stamp Type Message 1 OD OH 1M 53S I Warm Start Trap 2 OD OH 1M 58S I Link Up Trap 3 OD
215. ements The following are minimum system requirements for the EAPOL based security feature e At least one of the following supported switches BayStack 350 410 24T 450 switch software version V4 0 or later Business Policy Switch 2000 software version V1 1 or later e RADIUS server Microsoft Windows XP Server e Client software that supports EAPOL Microsoft Windows XP Client You must specify the Microsoft 2001 IAS server or any generic RADIUS server that supports EAP as the primary RADIUS server for these devices You must also configure your BayStack 350 410 24T 450 switches and BPS 2000 for port based VLANs and EAPOL security For information on configuring the BPS 2000 refer to the Chapter 3 Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 Reference for the Business Policy Switch 2000 Management Software Version 1 2 and Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 For information on configuring the BayStack switches go to www nortelnetworks com documentation on the Web and find the switch Scroll down to the documentation you need EAPOL based security configuration rules The following configuration rules apply to your BPS 2000 when using EAPOL based security Before configuring your switch you must configure the Primary RADIUS Server and Shared Secret fields Using the Business Policy Switch 2000 Version 1 2 76 e
216. en fields 0 ccc tees 271 SEMWICE CIASSOS ob ach cH Kad eee ew ERR Oa AAA RRR p SEE 278 Re marking QoS fields by class of interface group 283 Default mapping of DSCP to QoS class and IEEE 802 1p 284 Business Policy Switch LED descriptions 0005 328 Gornrecive actions a ie iain ka maa we Rola gaa LA Cu a RUE we NC 332 Environmental specifications 1223 ape diarreas 335 ElBctresl BSIRIEIBES 2954 3S er dair eux 244 POE dGX SA d Wedd 335 Physical dimensions iua birria AAA a d ACA A 336 Pertormmance specifications occa cncxedieeewrdeen dee ar AR 336 208700 B Tables 25 Table 65 Interace GOONS siria ad AA 1345 anodes 337 Table 66 MDA Models anio art eed dU ORC AE AAA eee 347 Table 67 1000BASE SX MDA components sees 350 Table 68 1000BASE LX MDA components s ssaa aaaea 353 Table 69 100BASE FX MDA components s s s asenaan anae 357 Table 70 450 1GBlc MDA description 00 00 cece eee 360 Table 71 Available GBIC models cvcccinseror deed eee de debe Chaco ou 360 Table 72 RJ 45 port connector pin assignments 200 0 eee eee eee 382 Table 73 DB 9 Console port connector pin assignments 385 Table 74 Factory default settings uucenuiseuu cake e Rai ie Rec ie acie ie 387 Using the Business Policy Switch 2000 Version 1 2 26 Tables 208700 B 27 Preface This guide describes the Nortel Networks Busin
217. ent connected to its ports and generates a consolidated proxy report to the designated router In this way the router receives a single consolidated report from that entire subnet Using the Business Policy Switch 2000 Version 1 2 126 Chapter 2 Network configuration After the switches learn which ports are requesting access to the IP Multicast stream all other ports not responding to the queries are blocked from receiving the IP Multicast Figure 37 Figure 37 Business Policy Switch filtering IP multicast streams 2 of 2 Internet Designated router TuS Host membership m O E E query p Business Policy s1 erem Switch 2000 Business Policy Switch 2000 S3 E LB Ok g al Business Policy S4 EE Switch 2000 SBE Key Multicast stream BS45023C The consolidated proxy report generated by the switch remains transparent to layer 3 of the International Organization for Standardization Open Systems Interconnection ISO OSI model The switch IP address and MAC address are not part of proxy report generation The last reporting IGMP group member in each VLAN represents all of the hosts in that VLAN and IGMP group 2087
218. erability Software Version Numbers ISVN are identical That is the ISVN number for the BayStack 450 switch and BayStack 410 switch must have the same ISVN as the BPS 2000 If the ISVNs are not the same the stack does not operate In sum the stacking software compatibility requirements are as follows e Pure BPS 2000 stack All units must be running the same software version e Pure BayStack 450 stack All units must be running the same software version e Hybrid stack All BPS 2000 units must be running the same software version All BayStack 410 units must be running the same software version All BayStack 450 units must be running the same software version All software versions must have the identical ISVN Refer to Appendix B for complete information on interoperability and compatibility between the BPS 2000 and BayStack switches Using the Business Policy Switch 2000 Version 1 2 35 Software version 1 2 compatibility with BayStack 450 switches The BPS 2000 software version 1 2 is compatible with BayStack 450 software version 4 1 When you are using a local console to access the BPS 2000 software version 1 2 features with a Hybrid or mixed stack BPS 2000 and BayStack 450 and 410 switches in the same stack you must plug your local console into a BPS 2000 unit To find out which version of the BPS 2000 software is running use the console interface CI menus or the Web based management syste
219. erica make sure that you have the proper power cord for your region Any cord used must have a CEE 22 standard V female connector on one end and must meet the IEC 320 030 specifications Table 4 lists specifications for international power cords Using the Business Policy Switch 2000 Version 1 2 45 Table 4 International power cord specifications Country Plug description Specifications Typical plug Continental Europe CEE7 standard VII male plug Harmonized cord HAR marking on the outside of the cord jacket to comply with the CENELEC Harmonized Document HD 21 220 or 230 VAC 50 Hz Single phase 228FA U S Canada Japan 100 or 120 VAC NEMAS 15P male plug de hs UL recognized UL stamped ng e Phase on cord jacket CSA certified CSA label secured to the cord United Kingdom 240 VAC BS1363 male plug with fuse 2 is E e Harmonized cord nge pusse Australia 240 VAC AS3112 1981 Male plug 50 Hz Single phase 230FA Using the Business Policy Switch 2000 Version 1 2 46 Redundant power supply unit RPSU and uninterruptible power supply UPS The redundant power supply connector allows you to connect a backup power supply unit to the Business Policy Switch Nortel Networks provides an optional redundant power supply unit RPSU for this purpose The BayStack 10 Power Supply Unit is a hot swappable power supply unit that provides uninterrupted oper
220. ess Ctrl C to return to Main ae i Table 11 describes the IP Configuration Setup screen fields Note The read only fields in this screen are updated based on the BootP mode specified in the BootP Request Mode field See Choosing a BootP request mode on page 157 for more information Using the Business Policy Switch 2000 Version 1 2 156 Chapter 3 Using the console interface Table 11 IP Configuration Setup screen fields Field Description BootP Request Mode One of four modes of operation for BootP See Choosing a BootP request mode on page 157 for details about the four modes Default Value BootP Disabled Range BootP Disabled BootP When Needed BootP Always BootP or Last Address Configurable Column header for the user configurable IP configuration fields in this screen In Use Column header for the read only fields in this screen The read only data displayed in this column represents IP configuration that is currently in use Last BootP Column header for the read only fields in this screen The read only data displayed in this column represents IP configuration obtained from the last BootP reply received In Band Stack IP Address The in band stack IP address field This field is not required for the operation of the standalone switch Default Value 0 0 0 0 no IP address assigned Range Four octet dotted decimal notation where each octet is represented as a dec
221. ess Policy Switch 2000 features and uses The terms Business Policy Switch 2000 Business Policy Switch and BPS 2000 are used synonymously in this document The Business Policy Switch introduces policy enabled networking features to optimize consistent performance and behavior for your network traffic The Differentiated Services DiffServ network architecture offers varied levels of service for different types of data traffic DiffServ lets you designate a specific level of performance on a per packet basis For more information about configuring policy enabled networking see Chapter 4 Policy enabled networks The Business Policy Switch includes a dedicated Uplink Module slot for attaching optional media dependent adapters MDAs that support a range of media types including Gigabit Ethernet Installation instructions are included with each MDA see your Nortel Networks sales representative for ordering information For more information about the MDAs see Appendix C Media dependent adapters You can use the Business Policy Switch in e A standalone switch configuration e A Business Policy Switch 2000 only stack configuration e A mixed stack configuration consisting of BayStack 450 BayStack 410 and Business Policy Switch 2000 switches The Business Policy Switch 2000 provides fail safe stackability when you install the optional BayStack 400 ST1 Cascade Module This chapter covers the following topics
222. etworks DiffServ and QoS refer to Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 and Reference for the Business Policy Switch 2000 Management Software Version 1 2 Support for the GBIC MDA The BPS 2000 software version 1 1 provides support for the Gigabit Interface Connector GBIC MDA The MDA BayStack 450 1GBIC MDA provides only two priority queues Using the Business Policy Switch 2000 Version 1 2 58 The BayStack 450 1GBIC MDA supports the following GBICs e 1000BASE SX This GBIC uses shortwave 850 nm fiber optic connectors to connect devices over multimode 550 m or 1 805 ft fiber optic cable e 1000BASE LX This GBIC uses longwave 1 300 nm fiber optic connectors to connect devices over single mode 5 km or 3 1 mi or multimode 550 m or 1 805 ft fiber optic cable e 1000BASE XD This GBIC uses single mode fiber to connect devices over distances up to 50 km or 31 mi depending on the quality of the cable e 1000BASE ZX This GBIC uses single mode fiber to connect devices over distances up to 70 km or 43 mi depending on the quality of the cable The ports on this GBIC operate only in full duplex mode For more information on this MDA as well as installation and cabling instructions refer to Installing Media Dependent Adapters MDAs EAPOL based security BPS 2000 software versio
223. evel assigned to untagged frames received on a port This value becomes the user priority for the frame Tagged packets get their user priority from the value contained in the 802 1Q frame header Unregistered packet a tagged frame that contains a VID where the receiving port is not a member of that VLAN Filtering database identifier FID the specific filtering forwarding database within the Business Policy Switch that is assigned to each VLAN The current version of software assigns all VLANs to the same FID when it is running in the Hybrid Operational mode This process is referred to as Shared VLAN Learning SVL in the IEEE 802 1Q specification In the Pure BPS 2000 operational mode a VLAN may either share its filtering database with other VLANs SVL or have its own filtering database which is called independent VLAN learning IVL The default configuration settings for Business Policy Switches have all ports set as untagged members of VLAN 1 with all ports configured as PVID 1 Every VLAN is assigned a unique VLAN identifier VID that distinguishes it from all other VLANs In the default configuration example shown in Figure 18 all incoming packets are assigned to VLAN 1 by the default port VLAN identifier PVID 1 Untagged packets enter and leave the switch unchanged 208700 B Chapter 2 Network configuration 107 Figure 18 Default VLAN settings 802 1Q Switch VLAN 1 fy tye ryt Port1 Port2 Port3 Po
224. f those units or trunked MDAs becomes inactive from a loss of power or unit failure the unaffected trunk members remain operational 208700 B Chapter 2 Network configuration 135 Figure 42 Loss of distributed trunk members Business Policy Switch 2000 fer Unit 1 BPS2000 MDA TTE Unit 2 Unit 3 BPS2000 MDA mms Unit 4 BPS2000 MDA Unit 5 Unit 6 BPS2000 Palmas gt Unit 7 H MDA Accelar 1150 1150R Unit 8 Routing Switch F XLR1102SR gt coma uz VO Modules ORG 9843EA However until you correct the cause of the failure or change the trunk Status field to Disabled you will be unable to modify any of the following parameters for the affected trunk e VLAN configuration e Spanning Tree configuration Port Mirroring configuration e Port configuration e IGMP configuration e Rate Limiting configuration Spanning tree considerations for MultiLink Trunks The spanning tree Path Cost parameter is recalculated based
225. ffic classification that is used at the network boundary to request a better effort treatment for packets that are in profile packets that do not break the service agreements between the user and the service provider Table 56 describes the service classes and the required treatment Table 56 Service classes Traffic category Service class Application type Required treatment critical interactive such as Telnet Web browsing Critical network control Critical Critical network control Highest priority over all other traffic traffic Guaranteed minimum bandwidth Standard network control Network Standard network control Priority over user traffic traffic Guaranteed minimum bandwidth Real time delay Premium Interhuman Absolute bounded priority over intolerant fixed communications requiring user traffic No packet loss for bandwidth interaction such as VoIP in profile traffic Virtual leased line with lowest amount of latency Provisioned for peak rate Real time delay tolerant Platinum Interhuman Higher priority scheduling low variable bandwidth communications requiring providing guaranteed minimum interaction with additional provisioned bandwidth minimal delay Such as Competes for additional low cost VoIP bandwidth Real time delay tolerant Gold Single human High priority scheduling high variable bandwidth communication with no providing guaranteed minimum interac
226. fic is configured as Out of Profile traffic If you do not wish to configure In Profile traffic you must still configure the Out of Profile traffic Actions determine how the traffic is treated The overall total of all the interacting QoS factors on a group of packets is a policy You configure policies that monitor the characteristics of the traffic and perform a controlling action on the traffic when certain user defined characteristics are matched Default QoS settings The Business Policy Switch is shipped with limited default QoS information Defaults include a default interface group default user priority to queue mappings for each queue set and default DSCP to user priority mappings QoS configuration guidelines You can install filters that will act on traffic destined for the switch itself such as ICMP Echo Requests ping and SNMP messages If the associated action is to drop the traffic you can lock yourself out of the switch However traffic destined for the switch and received through a port on the base unit of a stack is not dropped even if filters targeting the traffic are installed and drop has been specified This behavior prevents you from completely isolating yourself from the switch Consider this behavior when you configure filters and when you allocate ports for the purposes of configuring and or monitoring the switch 208700 B Chapter 4 Policy enabled networks 291 COPS overview Common Open Poli
227. field 169 182 flash memory for software image upgrades 76 Flooded Packets field 229 Flow Control field 205 Forward Delay field 251 Frame Errors field 229 front panel 36 G GBICs 347 360 Generate SNMP Trap on Intrustion field 173 gigabit interfaces 57 gigabit ports 206 H Hardware Unit Information screen 239 Hello Interval 244 250 251 Hello Time field 250 High Speed Flow Control Configuration screen 166 204 hybrid stack 35 87 147 339 Identify Unit Numbers screen 237 IEEE 802 1p 128 281 283 311 319 IEEE 802 10 tagging important terms 105 IEEE 802 3u standard 79 IGMP 122 configuration rules 127 IGMP Configuration screen 165 166 In Use field 156 Inactivity Timeout field 255 256 Using the Business Policy Switch 2000 Version 1 2 400 Index In Band IP Address field 156 In Band Subnet Mask field 157 Initialize field 185 Interface Configuration page 295 Interface Group Assignment page 297 Interface Queue Table 295 interoperability issues base unit 341 cascade modules 344 compatible software versions 343 configuration requirements 340 merging into a mixed stack 341 setting up your configuration 340 temporary base unit 343 using the console interface 345 IP Address to Ping field 157 IP Classification Group page 301 IP Classification page 299 IP Configuration screen 152 155 IP Configuration Setup screen 152 IP Filter Creation section 299 IP Filter Group Table section 301 IP Group
228. figuration screen Choose Spanning Tree Group Configuration or press g from the Spanning Tree Configuration Menu screen Figure 90 shows the Spanning Tree Group Configuration screen 208700 B Chapter 3 Using the console interface 243 Figure 90 Spanning Tree Group Configuration i Spanning Tree Group Configuration Use space bar to display choices choice Press Ctrl R to return to previous menu to Main Menu Nec Create STP Group 1 Delete STP Group Bridge Priority 8000 Bridge Hello Time 2 seconds Bridge Max Age Time 20 seconds Bridge Forward Delay Time 15 seconds Add VLAN Membership 1 Delete VLAN Membership Tagged BPDU on tagged port No STP Group State Active press lt Return gt or lt Enter gt to select E Press Ctrl C to return P Table 45 describes the Spanning Tree Group Configuration parameters Table 45 Spanning Tree Group Configuration parameters Parameter Description Create STP Allows you to create a spanning tree group Group Default Value 1 Range 1to8 Delete STP Allows you to delete a spanning tree group Group Default Value Blank Range 1 to 8 only created STP Groups are available Using the Business Policy Switch 2000 Version 1 2 244 Chapter 3 Using the console interface Table 45 Spanning Tree Group Configuration parameters continued Parameter Description Bridge Prior
229. figured in the stack Amber On This unit is operating as the stack configuration s temporary base unit This condition occurs automatically if the base unit directly downstream from this unit fails If this happens the following events take place The two units directly upstream and directly downstream from the failed unit automatically wrap their cascade connectors and indicate this condition by lighting their Cas Up and Cas Dwn LEDs see Cas Up and Cas Dwn description in this table If the temporary base unit fails the next unit directly downstream from this unit becomes the new temporary base unit This process can continue until there are only two units left in the stack configuration This automatic failover is a temporary safeguard only If the stack configuration loses power the temporary base unit will not power up as the base unit when power is restored For this reason you should always assign the temporary base unit as the base unit set the Unit Select switch to Base until the failed unit is repaired or replaced 10 100 10 100 Mb s port speed indicator Green On The corresponding port is set to operate at 100 Mb s and the link is good Blinking The corresponding port has been disabled by software Amber On The corresponding port is set to operate at 10 Mb s and the link is good Blinking The corresponding port has been disabled by software Off The link
230. for additional guidelines on configuring VLANs and spanning tree groups Figure 26 VLANs spanning multiple untagged switches VLAN 1 VLAN 2 S1 Business Policy Switch 2000 S2 Non 802 1Q tagging switch m 9800EA When the STP is enabled on these switches only one link between each pair of switches will be forwarding traffic Because each port belongs to only one VLAN at a time connectivity on the other VLAN is lost Exercise care when configuring the switches to ensure that the VLAN configuration does not conflict with spanning tree configuration To connect multiple VLANs across switches with redundant links you must disable the STP on all participating switch ports Figure 27 shows possible consequences of enabling the STP when using VLANs between untagged non 802 1Q tagged switches Using the Business Policy Switch 2000 Version 1 2 114 Chapter 2 Network configuration Figure 27 Possible problems with VLANs and Spanning Tree Protocol Station A C Business MS Policy Switch 2000 C pa 4 2 VLAN1 TVLAN 2 No Communications Forwarding Blocking Business omy Policy Swit
231. ft Electrical Table 62 lists power electrical parameters for the Business Policy Switch Table 62 Electrical parameters Parameter Electrical specification Input Voltage 100 to 240 VAC 47 to 63 Hz Input Power 150 W maximum Consumption Input Volt 200 VA maximum Amperes Rating Using the Business Policy Switch 2000 Version 1 2 336 Appendix A Technical specifications Physical dimensions Table 62 Electrical parameters continued Input current 1 5 A 100 VAC 6 A 240 VAC output Maximum thermal 500 BTU hr Table 63 lists physical dimensions Table 63 Physical dimensions Parameter Specifications Height 7 04 cm 2 77 in Width 43 82 cm 17 25 in Depth 38 35 cm 15 1 in Weight 4 8 kg 10 60 Ib Performance specifications Table 64 lists performance specifications Table 64 Performance specifications Parameter Specifications Frame Forward Rate 64 byte packets Up to 3 2 million packets per second pps maximum learned unicast traffic Performance 64 byte packets Port Forwarding Filtering For 10 Mb s 14 880 pps maximum For 100 Mb s 148 810 pps maximum Address Database Size 16 000 entries at line rate 32 000 entries without flooding Addressing 48 bit MAC address Frame Length 64 to 1518 bytes IEEE 802 1Q Untagged 64 to 1522 bytes IEEE 802 1Q Tagged
232. ge Hello Time field 244 251 Bridge Max Age Time field 244 Bridge Maximum Age Time field 251 Bridge Priority field 244 250 Broadcasts field 228 C cable connections 382 cascade module 94 Clear All Port Statistics screen 167 Clear by Ports field 173 Clear Messages From field 271 Collisions field 229 Comm Port Data Bits field 232 Comm Port Parity field 232 Comm Port Stop Bits field 232 Command Line Interface screen 154 Common Open Policy Services 273 Community String field 161 config file 54 Configurable field 156 Configuration 262 configuration 48 80 configuration file 265 Configuration File Download Upload option 262 Configuration File Download Upload screen 262 Configuration File Menu 261 Configuration File option 153 Configuration Image Filename field 264 configuration rules EAPOL 75 IGMP 127 145 MultiLink Trunking 51 127 133 145 port mirroring 133 145 spanning tree 51 133 145 spanning tree groups 51 stacking 341 VLANs 51 133 145 connectivity 61 connectors 381 RJ 45 port connector 381 console 56 console interface CI main menu 151 menus using 149 Console Password field 233 234 Console Port Speed field 232 Console Read Only Password field 234 236 Console Read Write Password field 234 236 console comm port configuration screen 231 illustration 384 pin assignments 385 Console Comm Port Configuration options 153 Console Comm Port Configuration screen 153 conversation steering
233. gging 50 VLANs 48 49 65 122 187 245 Trunk field 210 208700 B Index 405 Trunk Members field 210 Trunk Name field 210 Trunk Status field 210 tutorial IEEE 802 10 tagging 105 TEEE 802 1Q VLAN workgroups 104 U Undersized Packets field 229 Unit Select switch 95 Uplink Expansion slot 38 user priority 128 User Defined PID field 193 User Defined Protocol Identifier Description PID 195 V VLAN Configuration Menu 166 187 VLAN Configuration screen 189 VLAN Display by Port screen 200 VLAN Membership field 253 VLAN Name field 192 VLAN Names field 201 VLAN State field 193 VLAN Type field 192 VLANs 48 104 Configuration Menu 166 188 configuration rules 51 122 133 145 default settings 106 EAPOL 73 examples 120 IVL 64 MAC SA based 64 network example 87 number of 65 187 number of protocols 187 port based 63 ports 189 protocol based 64 187 shared servers 114 spanning tree groups 87 147 339 stacking 35 SVL 64 W WEB Access field 256 Web based management 56 Using the Business Policy Switch 2000 Version 1 2
234. gulations of the Canadian Department of Communications Using the Business Policy Switch 2000 Version 1 2 4 Reglement sur le brouillage radio lectrique du ministere des Communications Cet appareil num rique Business Policy Switch 2000 respecte les limites de bruits radio lectriques visant les appareils num riques de classe A prescrites dans le R glement sur le brouillage radio lectrique du minist re des Communications du Canada 208700 B Nortel Networks NA Inc Software License Agreement NOTICE Please carefully read this license agreement before copying or using the accompanying software or installing the hardware unit with pre enabled software each of which is referred to as Software in this Agreement BY COPYING OR USING THE SOFTWARE YOU ACCEPT ALL OF THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT THE TERMS EXPRESSED IN THIS AGREEMENT ARE THE ONLY TERMS UNDER WHICH NORTEL NETWORKS WILL PERMIT YOU TO USE THE SOFTWARE If you do not accept these terms and conditions return the product unused and in the original shipping container within 30 days of purchase to obtain a credit for the full purchase price 1 License Grant Nortel Networks NA Inc Nortel Networks grants the end user of the Software Licensee a personal nonexclusive nontransferable license a to use the Software either on a single computer or if applicable on a single authorized device identified by host ID for which it
235. h is configured as an untagged member of VLAN 2 Figure 24 802 1Q tagging after 802 1Q tag assignment PVID 2 Port1 Port2 Port 3 eA eN ias lt to S 802 1Q Switch 5 CRC Data Tag DA gt a a Port 6 Port 7 in Untagged member K CRC Recalculated 8100 Priority VID 2 of VLAN 2 16 bits 3bits 1bit 12 bits Data Outgoing After SA untagged packet changed Key DA tag removed Priority User priority Th CFI Canonical format indicator VID VLAN identifier BS45014A VLANs spanning multiple switches You can use VLANs to segment a network within a switch When you connect multiple switches it is possible to connect users of one VLAN with users of that same VLAN in another switch However the configuration guidelines depend on whether both switches support 802 1Q tagging With 802 1Q tagging enabled on a port fora VLAN all frames leaving the port for that VLAN are marked as belonging to that specific VLAN You can assign specific switch ports as members of one or more VLANs that span multiple switches without interfering with the Spanning Tree Protocol Refer to Chapter 1 for additional guidelines on configuring VLANs and spanning tree groups Using the Business Policy Switch 2000 Version 1 2 112 Chapter 2 Network configuration VLANs spanning multiple 802 10 tagg
236. he BootP process will eventually time out if a reply is not received When the process times out the BootP request mode automatically changes to BootP Disabled mode To restart the BootP process change the BootP request mode to any of the three following modes BootP When Needed BootP Always e BooiP or Last Address BootP When Needed Allows the switch to request an IP address if one has not already been set from the console terminal When selected this mode operates as follows e When the IP data is entered from the console terminal the data becomes the in use address of the switch and BootP requests are not broadcast The switch can be managed using this in band IP address e When the in band IP address is not set from the console terminal the switch broadcasts BootP requests until it receives a BootP reply containing an IP address If the switch does not receive a BootP reply that contains an IP address the switch cannot be managed in band If an IP address is not currently in use these actions take effect immediately If an IP address is currently in use these actions take effect only after the switch is reset or power cycled BootP Always Allows the switch to be managed only when configured with the IP address obtained from the BootP server When selected this mode operates as follows e The switch continues to broadcast BootP requests regardless of whether an in band IP address is set from the console termin
237. he BootP MAC address The Base Unit Mac Address option is available only with Pure BPS 2000 Stack options Default Stack Mac Address Range Stack Mac Address Base Unit Mac Address Console Comm Port Configuration screen The Console Comm Port Configuration screen Figure 86 allows you to configure and modify the console comm port parameters and security features of a standalone switch or any participating switch in a stack configuration To open the Console Comm Port Configuration screen Choose Console Comm Port Configuration or press o from the main menu Using the Business Policy Switch 2000 Version 1 2 232 Chapter 3 Using the console interface Figure 86 Console Comm Port Configuration screen a Console Comm Port Configuration ON Comm Port Data Bits 8 Data Bits Comm Port Parity No Parity Comm Port Stop Bits 1 Stop Bit Console Port Speed 2400 Baud Console Switch Password Type None Console Stack Password Type None Telnet Switch Password Type None Telnet Stack Password Type None Console Read Only Switch Password Console Read Write Switch Password Console Read Only Stack Password Console Read Write Stack Password Primary RADIUS Server Secondary RADIUS Server UDP RADIUS Port RADIUS Shared Secret ooo oo oo oo Use space bar to display choices press lt Return gt or lt Enter gt to select choice Press Ctrl R to return to previous menu Press Ctrl C
238. he base unit when power is restored For this reason you should always assign the temporary base unit assign another Business Policy Switch if available as the base unit set the Unit Select switch to Base until the failed unit is repaired or replaced When a failure of the base unit is discovered the Unit Select switch on the temporary base unit should be set to Base Note If you do not reassign the temporary base unit as the new base unit and the temporary base unit fails the next unit directly downstream from this unit becomes the new temporary base unit This process can continue until there are only two units left in the stack configuration For detailed information about temporary base units see Installing the BayStack 400 STI Cascade Module 208700 B Appendix B Interoperability in a mixed stack configuration 343 Temporary base unit In a mixed stack containing only one Business Policy Switch If there is only one Business Policy Switch in your mixed stack configuration and it fails the next upstream BayStack 410 or BayStack 450 switch from the failed base unit will become the temporary base unit and will continue stack operation The base unit change is indicated by the base LED on the temporary base unit s LED display panel turning on amber If the stack s base unit reverts to a BayStack 410 or BayStack 450 switch the stack does not maintain Business Policy Switch features and will continue operation
239. he policy with the lowest order and highest precedence is evaluated first then the policy with the next lowest order and so on For example with an order of 1 to 20 the system begins the evaluation with 1 moves onto 2 and so forth This is important to remember when you configure policies A policy is a network traffic controlling mechanism that monitors the characteristics of the traffic for example its source destination and protocol and performs a controlling action on the traffic when certain user defined characteristics are matched A policy action is the effect a policy has on network traffic that matches the traffic profile of the policy You can assign only one action to a policy The policies tie together e Actions e Meters e Filter groups 208700 B Chapter 4 Policy enabled networks 289 Interface groups The policies by connecting these user defined configurations control the traffic on the switch Ports are assigned to interface groups that are linked to policies The policies determine the traffic treatment of the flows Packet flow using QoS Using DiffServ and QoS you can designate a specific performance level for packets This system allows you to prioritize network traffic However it requires some thought to configure the prioritizations You can specify a number of policies and each policy can match one or many flows supporting complex classification scenarios This section contains a
240. he space bar to view group addresses for any existing IGMP VLAN configurations the maximum number of VLANs that can be displayed is 256 Multicast Group Address Displays all of the IP Multicast group addresses that are currently active on the associated port Port Displays the port numbers that are associated with the IP Multicast group addresses displayed in the IP Multicast group address field Using the Business Policy Switch 2000 Version 1 2 226 Chapter 3 Using the console interface Port Statistics screen The Port Statistics screen Figure 84 allows you to view detailed information about any switch or port in a stacked or standalone configuration The screen is divided into two sections Received and Transmitted so that you can compare and evaluate throughput or other port parameters All screen data is updated approximately every 2 seconds You can use the Port Statistics screen to clear reset to zero port counters for a specific switch or port Alternatively you can use the Clear All Port Statistics option to clear port counters for all switches or ports see Switch Configuration Menu screen on page 164 To open the Port Statistics screen Choose Display Port Statistics or press d from the Switch Configuration Menu screen 208700 B Chapter 3 Using the console interface 227 Figure 84 Port Statistics screen Received Packets Multicasts Broadcasts Total
241. help you use this feature 208700 B 147 Chapter 3 Using the console interface This chapter describes how to configure and manage the Business Policy Switch using the menu driven console interface CI This chapter covers the following topics Compatibility with BayStack 450 switches next e Accessing the CI menus and screens on page 148 e Using the CI menus and screens on page 149 e Main Menu on page 151 Compatibility with BayStack 450 switches The BPS 2000 software version 1 2 is compatible with BayStack 450 software version 4 1 When you are using a local console to access the BPS 2000 software version 1 2 features with a Hybrid or mixed stack BPS 2000 and BayStack 450 and 410 switches in the same stack you must plug your local console into a BPS 2000 unit To find out which version of the BPS 2000 software is running use the console interface CI menus or the Web based management system e Cl menus From the main menu of the console choose Systems Characteristics menu The software currently running is displayed in sysDescr e Web based management system Open the System Information page which is under Administration on the main menu The software currently running is displayed in the sysDescription field Using the Business Policy Switch 2000 Version 1 2 148 Chapter 3 Using the console interface You can use 256 port protocol and MAC SA based VLANs for the sta
242. hes because S1 and S2 are both Business Policy Switches that support 802 1Q tagging see VLANs spanning multiple 802 1Q tagged switches 208700 B Chapter 2 Network configuration 121 Figure 34 VLAN configuration spanning multiple switches C ar I i Business Policy Switch 2000 S2 Non 802 1Q l tagging switch S4 mm MAEM EXIXIADO Untagged ports Both ports are tagged STP disabled members of VLAN 1 i i and VLAN 2 Business Policy Switch 2000 i ae i uus S1 Fasz 7 a ii ar i Non 802 1Q tagging switch S3 zm VLAN 1 PVID 1 ES VLAN 2 PVID 2 TD VLAN 3 PVID 3 9802EA Using the Business Policy Switch 2000 Version 1 2 122 Chapter 2 Network configuration VLAN configuration rules VLANs operate according to specific configuration rules When creating VLANs consider the following rules that determine how the configured VLAN reacts in any network topology e You must be in the Pure BPS 2000 Stack mode and using software version 1 2 to be able to configure between 65 and 256 VLANs You c
243. hich case the user may be required to take appropriate measures 208700 B Achtung Dieses ist ein Ger t der Funkst rgrenzwertklasse A In Wohnbereichen k nnen bei Betrieb dieses Ger tes Rundfunkst rungen auftreten in welchen Fallen der Benutzer f r entsprechende Gegenma nahmen verantwortlich ist Attention Ceci est un produit de Classe A Dans un environnement domestique ce produit risque de cr er des interf rences radio lectriques il appartiendra alors l utilisateur de prendre les mesures sp cifiques appropri es EC Declaration of Conformity This product conforms to the provisions of Council Directive 89 336 EEC and 73 23 EEC The Declaration of Conformity is available on the Nortel Networks World Wide Web site at http libra2 corpwest baynetworks com cgi bin ndCGI exe DocView Japan Nippon Requirements Only Voluntary Control Council for Interference VCCI Statement CORB AURRE SERRA ERER VCCI oH KED YFZ ATRRHRE CT CORRE CHEATS LER HEE ZARIOTCEMHVES TOBARRA OIR AS ZELDBRENSZTEMHBVET Taiwan Requirements Bureau of Standards Metrology and Inspection BSMI Statement Se RAS ZL PAOLA ERED AM TRES ATE CURR HABER ERAN REM aN Canada Requirements Only Canadian Department of Communications Radio Interference Regulations This digital apparatus Business Policy Switch 2000 does not exceed the Class A limits for radio noise emissions from digital apparatus as set out in the Radio Interference Re
244. i iebcededvieeies died pads boda Gbeeessaands 71 Flash MEMORIA dua tera acil ER ACA EE Cul ee eee 76 Switch software image storage llli 76 Configuration parameters storage 6 6 eee 77 Do LAE TONON noie Sc doe drop Uode Re DER DURER ENERO Sca quae dong 77 Port mirroring conversation steering o ooooooronooonmmomnm o 78 Autosensing and autonegotiation 2 0 ee 78 BootP automatic IP configuration MAC address 0000 cece eee 79 Configuration and switch management 0 0 0 c eee e eee eee 80 M lhifield packet classification usua aaa x ica nae acea o ie C kn 81 SNMP WIE SUDDUIT sic ctee ee sad teehee does Shee E ERE d PES PER ee Ed 81 SUMP FAD SUPPOR avisa diria rs 83 Supported standards and RFCS coin cccan cca rr RR RARA 83 cr A EET 84 ILL tesa emi A hs i ao de te tot Na A 84 208700 B Contents 9 Chapter 2 Network confiquraliolhi iuuieahessahassesusescsessrmh sen ees oes 87 Compatibility with BayStack 450 switches 00 00 ccc cece ene ene 87 Network configuration examples 0 00 eee ee eee 88 Desktop switch application borro TUTTI 89 Segment switch application 0 0 2 2 0 0060 89 High density switched workgroup application llle 91 Fail safe stack application cease eee eae dd 92 Business Policy Switch stack operation oooococcooccccoco eee 93 BayStack 400 ST1 Cascade Module o oooooocoocoronmonomoo 94 Cascad
245. if itis returned to Nortel Networks during the warranty period along with proof of the date of shipment This warranty does not apply if the media has been damaged as a result of accident misuse or abuse The Licensee assumes all responsibility for selection of the Software to achieve Licensee s intended results and for the installation use and results obtained from the Software Nortel Networks does not warrant a that the functions contained in the software will meet the Licensee s requirements b that the Software will operate in the hardware or software combinations that the Licensee may select c that the operation of the Software will be uninterrupted or error free or d that all defects in the operation of the Software will be corrected Nortel Networks is not obligated to remedy any Software defect that cannot be reproduced with the latest Software release These warranties do not apply to the Software if it has been i altered except by Nortel Networks or in accordance with its instructions ii used in conjunction with another vendor s product resulting in the defect or iii damaged by improper environment abuse misuse accident or negligence THE FOREGOING WARRANTIES AND LIMITATIONS ARE EXCLUSIVE REMEDIES AND ARE IN LIEU OF ALL OTHER WARRANTIES EXPRESS OR IMPLIED INCLUDING WITHOUT LIMITATION ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE Licensee is responsible for the security of its own data and informatio
246. iguration parameters to be lost MultiLink Trunking Note For information on configuring VLANs STGs and MLTs refer to STG configuration guidelines on page 51 The MultiLink Trunking feature allows you to group multiple ports two to four together when forming a link to another switch or server thus increasing aggregate throughput of the interconnection between two devices up to 800 Mb s in full duplex mode The Business Policy Switch can be configured with up to six MultiLink Trunks The trunk members can be configured within a single unit in the stack or distributed between any of the units within the stack configuration distributed trunking For more information about the MultiLink Trunking feature refer to Chapter 2 Network configuration Using the Business Policy Switch 2000 Version 1 2 78 For information on configuring MultiLink Trunks using the CI menus refer to Chapter 3 To configure this feature using the Web based management system refer to Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 To use Device Manager DM to configure this feature refer to Reference for the Business Policy Switch 2000 Management Software Version 1 2 And to configure this feature using CLI commands refer to Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 book Port mirroring conversation steering The port mirroring feature some
247. iguring authentication process for EAPOL based security To create or modify EAPOL based security parameters follow the flowcharts in Figure 150 and Figure 151 208700 B Appendix D Quick steps to features 379 To open the EAPOL Security Configuration screen Choose EAPOL Security Configuration from the Switch Configuration Menu screen Figure 150 Authenticaton process flowchart 1 of 2 Login screen Authentication successful Access denied See System Administrator Authentication Switch restores VLAN ID and PVID server sent values from NVRAM A gt VLAN ID Switch sets VLAN ID and PVID values to VLAN 1 Port based VLAN Key Switch sets VLAN ID and PVID values L gt Off page reference to preconfigured values stored in the Authentication server O On page reference EAPOL_Authen_Process_new_1 Using the Business Policy Switch 2000 Version 1 2 380 Appendix D Quick steps to features Figure 151 Authenticaton process flowchart 2 of 2 Authentication server sent Port Priority value No Switch restores Port Priority value from NVRAM Is Port Priority value Switch sets Port Prioity value to 0 range 0 to 7 Switch sets Port Priority value to Key preconfigured values stored in the Authentication server L gt Oft page reference O On page reference EAPOL Authen Process new 2 208700 B 381 Appendix E Connectors and pin a
248. imal value between 0 and 255 separated by a decimal point In Band Switch IP Address The in band IP address of the switch This field is not required for the operation of the stack This field cannot use the same IP address used for the stack Default Value 0 0 0 0 no IP address assigned Range Four octet dotted decimal notation where each octet is represented as a decimal value between 0 and 255 separated by a decimal point Note When the IP address is entered in the In Band IP Address field and the In Band Subnet Mask field value is not present the software provides an in use default value for the In Band Subnet Mask field that is based on the class of the IP address entered in the In Band IP Address field 208700 B Chapter 3 Using the console interface 157 Table 11 IP Configuration Setup screen fields continued Field Description In Band Subnet Mask The subnet address mask associated with the in band IP address shown on the screen see In Band Switch IP Address field Network routers use the subnet mask to determine the network or subnet address portion of a host s IP address The bits in the IP address that contain the network address including the subnet are set to 1 in the address mask and the bits that contain the host identifier are set to 0 Default Value 0 0 0 0 no subnet mask assigned Range Four octet dotted decimal notation where each octet is represented as a decima
249. iness Policy Switch security features provide three levels of security for your local area network LAN e RADIUS based security limits administrative access to the switch through user authentication MAC address based security limits access to the switch based on allowed source MAC addresses Using the Business Policy Switch 2000 Version 1 2 67 e EAPOL based security allows the exchange of authentication information between any end station or server connected to the switch and authentication server such as a RADIUS server Figure 7 shows a typical campus configuration using the RADIUS based and MAC address based security features for the Business Policy Switch This example assumes that the switch the teachers offices and classrooms and the library are physically secured The student dormitory may or may not be physically secure Using the Business Policy Switch 2000 Version 1 2 68 Figure 7 Business Policy Switch 2000 security feature RADIUS server To Network Center RADIUS based aaa l l Switch l l security 2 AAA AS as GS eee eee ee ea e eel
250. iness Policy Switches support up to 64 VLANs maximum of 48 MAC source address based VLANs with IEEE 802 10 tagging available per port With software version 1 2 the BPS 2000 supports up to 256 VLANs maximum of 48 MAC source addressed based VLANS Note Only standalone or pure stacks of BPS 2000 support 256 VLANs A mixed stack that consists of BPS 2000 and BayStack 450 switches has only 64 VLANs Refer to Chapter 1 for more information on using 256 VLANs Ports are grouped into broadcast domains by assigning them to the same VLAN Frames received in one VLAN can only be forwarded within that VLAN and multicast frames and unknown unicast frames are flooded only to ports in the same VLAN Setting up virtual LANs VLANs is a way to segment networks to increase network capacity and performance without changing the physical network topology Figure 17 With network segmentation each switch port connects to a segment that is a single broadcast domain When a switch port is configured to be a member of a VLAN it is added to a group of ports workgroup that belong to one broadcast domain The Business Policy Switch allows you to assign ports to VLANs using the console Telnet Web based management CLI or an appropriate SNMP based application such as the Device Manager You can assign different ports and therefore the devices attached to these ports to different broadcast domains This feature allows network flexibility because you
251. ing is an untagged port and is already a member of an STG that port will not be added to an additional STG because an untagged port cannot belong to more that one STG As an example assume that VLANI belongs to STG1 You add an untagged port port 1 that does not belong to any STG to VLANI and port 1 will become part of STGI However if in the example explained above the untagged port 1 already belongs to STG2 then port will not become a member of STGI When you remove a port from VLAN that belongs to an STG that port will also be removed from the STG However if that port belongs to another VLAN in the same STG the port remains in the STG As an example assume that port 1 belongs to VLANI and VLANI belongs to STGI When you remove port 1 from VLANI port 1 is also removed from STGI However if port 1 belongs to both VLAN1 and VLAN2 and both VLANs belong to STG1 removing port 1 from VLANI does not remove port 1 from STG1 because VLAN2 is still a member of STGI An STG cannot be deleted until you disable it Additionally you cannot delete an STG while it contains VLAN members so you must first delete the VLANs from the STG Using the Business Policy Switch 2000 Version 1 2 53 Spanning Tree Fast Learning Spanning Tree Fast Learning is an enhanced port mode supported by the BPS 2000 If you enable Spanning Tree Fast Learning on a port with no other bridges the port is brought up more quickly following the switch i
252. is enabled or disabled on the port level or switch level Default Disabled Range Disabled Enabled MAC Address Security Port Lists screens The MAC Address Security Port Lists screens allow you to create port lists that can be used as allowed source port lists for a specified MAC address in the MAC Address Security Table screen You can create as many as 32 port lists using up to five MAC Address Security Port Lists screens see Figure 61 208700 B Chapter 3 Using the console interface 177 Figure 61 MAC Address Security Port Lists screens Screen 1 MAC Address Security Port Lists Port List Screen 2 MAC Address Security Port Lists Port List Screen 3 MAC Address Security Port Lists Port List Screen 4 MAC Address Security Port Lists Port List Screen 5 MAC Address Security Port Lists Port List Press Ctrl P to display previous screen Enter unit port 1 NONE 1 ALL 2 3 4 7 9 press Return or Enter when done Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu To open the MAC Address Security Lists screen Choose MAC Address Security Lists from the MAC Address Security Configuration Menu The options for allowed port access include NONE ALL and ports that are specified in a list for example 1 1 2 6 etc Refer to Port List syntax for more information Using the Business P
253. it port number list is composed of one or more list items each of which can be a single number or a range of numbers where the numbers represents one or more ports If a list item is preceded by a number and then a slash the number represents a stack unit For example 1 1 7 2 1 7 2 9 3 1 4 4 12 is a valid unit port number list see entry S1 in Figure 62 on page 178 It represents the following port order e Unit I ports 1 to 7 e Unit 2 ports 1 to 7 and port 9 e Unit 3 ports 1 to 4 e Unit 4 port 12 Accelerator keys for repetitive tasks You can use certain keystrokes as accelerator keys to help speed up repetitive tasks For example suppose you want to modify the Port List field in the MAC Address Security Port List screen Figure 62 on page 178 You can modify the port list in any of the following ways Adda new port to an existing port number list e Remove a port from an existing port number list e Copy an existing field into an adjacent field Adding a new port to an existing port number list In the example shown in Figure 62 on page 178 S3 shows the Port List field values as 1 3 2 7 3 1 4 If you want to add another port for example port 2 9 to the existing port number list you could highlight the field and then type another port list including the new port number 1 3 2 7 2 9 3 1 4 Return This method can be cumbersome Using the Business Policy Switch 2000 Version 1 2 180 Chapter 3 Using the
254. itch Configuration Menu Use arrow keys to highlight option press Return or Enter to select option Press Ctrl R to return to previous menu Press Ctrl C to return to P Table 16 describes the MAC Address Security Configuration Menu options Table 16 MAC Address Security Configuration Menu Options Option Description MAC Address Security Configuration Displays the MAC Address Security Configuration screen see MAC Address Security Configuration Menu screen on page 169 This screen allows you to Enable or Disable the MAC Address Security feature MAC Address Security Port Configuration Displays the MAC Address Security Port Configuration screen see MAC Address Security Port Configuration screen on page 173 This screen allows you to Enable or Disable MAC Security for each port MAC Address Security Displays the MAC Address Security Port Lists screen see MAC Address Port Lists Security Port Lists screens on page 176 This screen allows you to create port lists that can be used as an allowed source port list for a MAC address in the MAC Address Security Table screen MAC Address Security Displays the MAC Address Security Table screen see MAC Address Table Security Table screens on page 181 This screen allows you to specify the MAC addresses that are allowed to access the switch 208700 B Chapter 3 Using the console interface 171
255. itch Password descriptions for more information Default Value None Range None Local Password RADIUS Authentication TELNET Stack Password Type Enables password protection for accessing the console interface Cl of any participating switch in a stack configuration through a Telnet session If you set this field to Required you can use the Logout option to restrict access to the Cl of any stack unit Thereafter you will need to specify the correct password at the console terminal prompt when accessing the stack See Console Read Only Stack Password and Console Read Write Stack Password for more information Default Value None Range None Local Password RADIUS Authentication Console Read Only Switch Password When the Console Switch Password field is set to Required for Telnet for Console or for Both this field allows read only password access to the Cl of a standalone switch Users can access the Cl using the correct password see default but cannot change parameters or use the Reset option or Reset to Default option Default Value user Range An ASCII string of up to 15 printable characters Console Read Write Switch Password When the Console Switch Password field is set to Required for Telnet for Console or for Both this field allows read write password access to the Cl of a standalone switch Users can log in to the Cl using the correct password see default and can change any parameter ex
256. items including interfaces interface groups maps filters filter groups actions meters and policies You must first delete the current item and then enter a new one with the modifications Creating interface groups To create an interface group 1 In the Web based management interface click the Application gt QoS gt QoS Advanced menu option 208700 B Chapter 5 Sample QoS configuration 295 The QoS Advanced menu option expands to display e Devices e Rules e Actions e Meters e Policies e Agent 2 Click Devices The Devices menu option expands Figure 102 to display e Interface Config e Priority Q Assign e Priority Mapping e DSCP Q Assign DSCP Mapping Figure 102 Web based management menu page NORTEL E NETWORKS Access RW gt MultiLink Trunk V aos P QoS Wizard V QoS Advanced V Devices Interface Config Priority Q Assign Priority Mapping DSCP Q Assign P DSCP Mapping Y Rules IP Classification Layer2 Classificati Actions Policies 3 Click Interface Config The Interface Configuration page opens Figure 103 Using the Business Policy Switch 2000 Version 1 2 296 Chapter 5 Sample QoS configuration Figure 103 Interface Configuration page Application gt QoS gt QoS Advanced gt Devices gt Interface Configuration R Interface Queue Table r4 Queue Extended USE Bandwidth Service Size General Discipline Bandwidth Bandwidth ID Dis
257. ith a Gigabit port or a BayStack 410 24T switch port that is a protocol based VLAN member Setting this field value on any port to Tagged Trunk causes incoming untagged packets to be assigned to the PVID VLAN They will no longer be classified based on the information within the packet even if they are members of a policy based VLAN Default Untagged Access Range Untagged Access Tagged Trunk Using the Business Policy Switch 2000 Version 1 2 200 Chapter 3 Using the console interface Table 27 VLAN Port Configuration screen fields continued Field Description AutoPVID Automatically associates this PVID specific VLAN Default Disabled Range Enabled Disabled VLAN Display by Port screen The VLAN Display by Port screen Figure 70 allows you to view VLAN characteristics associated with a specified switch port Choose VLAN Display by Port or press d from the VLAN Configuration Menu screen to open the VLAN Display by Port screen Figure 70 VLAN Display by Port screen a VLAN Display by Port N Unit pod 3 Port a PVID ni Port Name Unit 1 Port 1 VLANs VLAN Name VLANs VLAN Name T VLAN 1 Use space bar to display choices press lt Return gt or lt Enter gt to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu Se y Table 28 describes the VLAN Display by Port screen fields 208700 B Chapter 3 Using the console interface 2
258. its in the stack is determined by the position of the base unit within the stack This is important for management applications that view the physical ordering of the units within the stack Some characteristics of the base unit are described in the following sections Initial installation During the initial installation of the stack the software automatically determines the physical order of all units in the stack according to the position of the base unit within the stack Thereafter the individual units maintain their original unit numbering even if you change the position of one or more units in the stack Refer to Chapter 3 for information on renumbering the units using the console interface CI menus and to Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 for renumbering the units using the Web based management system For example when you initially power up the stack the base unit becomes unit 1 and the unit that the base unit connects to via the Cascade A Out cable becomes unit 2 and the next unit is unit 3 and so on until the maximum stack configuration up to 8 units is reached If you change the base unit to another unit in the stack the new base unit keeps its original unit number in the stack 208700 B Chapter 2 Network configuration 97 Stack MAC address When the switch is participating in a stack configuration a stack MAC address is automatically assigned during the st
259. ity For the STP Group indicates the management assigned priority value of the bridge ID in hexadecimal notation which is the most significant byte of the bridge ID The STA uses this parameter to determine the root bridge or designated bridge For example the bridge with the lowest bridge ID becomes the root bridge with Bridge Priority values 0x8000 0 to OxFFFF Default Value Range Bridge Hello Time For the STP Group indicates the Hello Interval the amount of time between transmissions of BPDUs specified by management for this bridge This parameter takes effect only when this bridge becomes the root bridge Note that although you can set the Hello Interval for a bridge using bridge management software once the spanning tree computation process is complete all bridges participating in the spanning tree network use the root bridge s Hello Interval parameter value If any bridge becomes the root bridge its Hello Interval parameter value becomes the Actual Hello Interval parameter value for all bridges participating in the spanning tree network See also Hello Time Default Value 2 seconds Range 1 to 10 seconds Bridge Max Age Time For the STP Group specifies the maximum age in seconds that a Hello message can attain before it is discarded This parameter specified by management for this bridge takes effect only when the bridge becomes the root bridge Note that if this bridge becomes the root bridge
260. l Configuration Screen Fields Field Description Unit Allows you to select the unit number when stacking is configured to view or configure To view or configure another unit type its unit number and press Enter or press the spacebar to toggle the unit numbers the system only displays a screen for units that are configured with a Gigabit MDA Autonegotiation When enabled the port only advertises support for 1000 Mb s operation in full duplex mode Default Value Enabled Range Enabled Disabled Flow Control Allows you to control traffic and avoid congestion on the Gigabit MDA port Two modes are available see Choosing a high speed flow control mode for details about the two modes The Flow Control field cannot be configured unless you set the Autonegotiation field value to Disabled Default Value Disabled Range Disabled Symmetric Asymmetric Using the Business Policy Switch 2000 Version 1 2 206 Chapter 3 Using the console interface Table 30 High Speed Flow Control Configuration Screen Fields continued Field Description Preferred Phy Note The following two fields only appear when a single MAC MDA 450 1LR MDA or 450 1SR MDA with a separate redundant Phy port is installed Allows you to choose a preferred Phy port the other Phy port reverts to backup Default Value Right Range Right Left Active Phy Indicates the operational Phy port Default Value
261. l devices that support only one instance of STP The default tagging of STG2 through STGS is tagged Note When you change the Stack Operational Mode from Pure BPS 2000 Stack mode to Hybrid Stack mode you lose all STGs above 1 the default STG All other STGs except the Default STG must be created by the user To become active each STG must be enabled by the user after creation Each STG will be assigned an ID number from 2 to 8 the Default STG is assigned the ID number 1 You assign ports or VLANs to an active STG However a port that is not a member of a VLAN will not be allowed to join an STG When you not longer need a particular STG disable and delete that particular one The procedure is to disable the STG delete all VLAN and port memberships and then delete the STG Using the Business Policy Switch 2000 Version 1 2 51 STG configuration guidelines This section provides important information on configuring STGs e An STG must be created in the following order Create the STG Add the existing VLAN and port memberships Enable the STG When you create a VLAN that VLAN automatically belongs to STG 1 the default STG If you want the VLAN in another STG you must move the VLAN by assigning it to another STG e You move a newly created VLAN to an existing STG by following this order Create the VLAN Delete the VLAN from STG1 Add the VLAN to an existing STG e You cannot delete or mov
262. l value between 0 and 255 separated by a decimal point Default Gateway The IP address of the default gateway Default Value 0 0 0 0 no IP address assigned Range Four octet dotted decimal notation where each octet is represented as a decimal value between 0 and 255 separated by a decimal point IP Address to The IP address of the network device you want to ping This field is not required for the Ping operation of the stack This field cannot use the same IP address used for the stack Default Value 0 0 0 0 no IP address assigned Range Four octet dotted decimal notation where each octet is represented as a decimal value between 0 and 255 separated by a decimal point Start Ping Pings the selected network device when you choose Yes Default Value No Range No Yes Ping Address Displays last IP address you pinged Stack UpTime Displays how long the stack has been up in 00 00 00 format which is hours minutes seconds Reset Count Displays how many times the stack has been reset Choosing a BootP request mode The BootP Request Mode field in the IP Configuration screen allows you to choose which method the switch uses to broadcast BootP requests BootP When Needed BootP Always BootP Disabled Using the Business Policy Switch 2000 Version 1 2 158 Chapter 3 Using the console interface BootP or Last Address Note Whenever the switch is broadcasting BootP requests t
263. le 74 Factory default settings Field Default setting Appears in this Cl screen BootP Request Mode BootP Disabled IP Configuration Setup screen on page 155 In Band Stack IP Address 0 0 0 0 no IP address assigned In Band Switch IP Address 0 0 0 0 no IP address assigned In Band Subnet Mask 0 0 0 0 no subnet mask assigned Default Gateway 0 0 0 0 no IP address assigned no IP address assigned Read Only Community String public SNMP Configuration screen on page 160 Read Write Community String private Trap IP Address 0 0 0 0 Community String Zero length string Authentication Trap Enabled Link Up Down Trap Enabled sysContact Zero length string System Characteristics screen on page 162 sysName Zero length string sysLocation Zero length string Using the Business Policy Switch 2000 Version 1 2 388 Appendix F Default Settings Table 74 Factory default settings continued Field Default setting Appears in this Cl screen Aging Time Find an Address Port Mirroring Address A 300 seconds 00 00 00 00 00 00 no MAC address assigned 00 00 00 00 00 00 no MAC address assigned MAC Address Table screen on page 167 Port Mirroring Address B 00 00 00 00 00 00 no MAC address assigned MAC Address Security Disabled MAC Address Security Configuration
264. lect 1 This value is the queue set you want to modify 3 Click Submit The 802 1p Priority Assignment Table is updated with the queue set you requested 4 Change the value of Priority 5 from 2 to 1 Note Clicking Submit in the 802 1p Priority Assignment Table section results in a system reset Verifying DSCP mapping Next verify the mapping of the DSCP to an IEEE 802 1p priority drop precedence and service class 208700 B Chapter 5 Sample QoS configuration 321 Click the Application gt QoS gt QoS Advanced gt Devices gt DSCP Mapping menu option The DSCP Mapping page opens Figure 124 Figure 124 DSCP Mapping page Application gt QoS gt QoS Advanced gt Devices gt DSCP Mapping m TN Tanie T 0x0 0 a Loss Sensitive Standard El Ox 0 Not Loss Sensitive Standard El 0x2 0 Not Loss Sensitive Standard El 0x3 0 Not Loss Sensitive Standard El Ox4 0 Not Loss Sensitive Standard El 0x5 0 Not Loss Sensitive Standard El 0x5 0 Not Loss Sensitive Standard El 0x7 0 Not Loss Sensitive Standard El 0x8 2 Not Loss Sensitive Bronze El 0x9 0 Not Loss Sensitive Standard El OxA 2 Loss Sensitive Bronze El 0xB 0 Not Loss Sensitive Standard El 0xc 2 Not Loss Sensitive Bronze El OxD 0 Not Loss Sensitive Standard El OxE 2 Not Loss Sensitive Bronze El OxF O Not Loss Sensitive Standard El 0x0 3 Not Loss Sensitive Silver El 0x11 0 Not Loss Sensitive Standard El 0x2 3 Loss Sensitive Silver Fl 013 0 No
265. logically locks each wall jack to the specified station and prevents unauthorized access to the switch should someone attempt to connect a personal laptop PC into the wall jack The printer is assigned as a single station and is allowed full bandwidth on that switch port It is assumed that all PCs are password protected and that the classrooms and offices are physically secured Library The wall jacks in the library are set up so that the PCs can be connected to any wall jack in the room This arrangement allows the PCs to be moved anywhere in the room The exception is the printer which is assigned as a single station with full bandwidth to that port It is assumed that all PCs are password protected and that access to the library is physically secured Using the Business Policy Switch 2000 Version 1 2 70 RADIUS based network security The RADIUS based security feature allows you to set up network access control using the Remote Authentication Dial In User Services RADIUS security protocol The RADIUS based security feature uses the RADIUS protocol to authenticate local console and Telnet logins You will need to set up specific user accounts user names and passwords and Service Type attributes on your RADIUS server before the authentication process can be initiated To provide each user with appropriate levels of access to the switch set the following username attributes on your RADIUS server e Read write access
266. ly through a console terminal attached to your Business Policy Switch remotely through a dial up modem connection or in band through a Telnet session For information about the console interface refer to Chapter 3 e Web based management You can manage the network from the World Wide Web Access the Web based graphical user interface GUI through the HTML based browser located on your network The GUI allows you to configure monitor and maintain your network through Web browsers You can also download software using the Web For information about Web based management refer to Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 e Java based Device Manager Device Manager is a Java based set of graphical network management applications used to configure and manage a Business Policy Switch Refer to Reference for the Business Policy Switch 2000 Management Software Operations Software Version 1 2 for more information e Command Line Interface CLI software version 1 2 208700 B Chapter 1 The Business Policy Switch 2000 81 With software version 1 2 and higher the CLI is used to automate general management and configuration of the BPS 2000 Use the CLI through a Telnet connection or through the serial port on the console Refer to Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 for complete information on using the CLI e Any generic SNMP based
267. m e Cl menus From the main menu of the console choose Systems Characteristics menu The software currently running is displayed in sysDescr e Web based management system Open the System Information page which is under Administration on the main menu The software currently running is displayed in the sysDescription field You can use 256 port protocol and MAC SA based VLANs for the stack with a Pure BPS 2000 stack running software version 1 2 The maximum number of MAC SA based VLANs available is 48 If you are working with a mixed or hybrid stack you can use 64 VLANs for the entire stack When you change from a Pure BPS 2000 Stack mode to a Hybrid Stack mode e If you have up to 64 VLANs on the Pure BPS 2000 Stack they will be retained when you change to a Hybrid Stack e If you have more than 64 VLANs on the Pure BPS 2000 Stack you will lose them all The Hybrid Stack will return to the default VLAN configuration Also a mixed or hybrid stack does not support multiple Spanning Tree Groups STG You have a single instance of STG when working with a mixed stack Using the Business Policy Switch 2000 Version 1 2 36 Physical description Figure 1 depicts the front and side views of the Business Policy Switch Figure 1 Business Policy Switch 2000 9713FA Front panel Figure 2 shows the front panel configuration for the Business Policy Switch 2000 Descriptions of the front panel components follo
268. m the Business Policy Switch Main Menu or press w 2 From the Switch Configuration Menu select VLAN Configuration or press v 3 From the VLAN Configuration Menu select VLAN Configuration or press v The default VLAN Configuration screen opens Figure 30 Figure 30 Default VLAN Configuration screen example C N VLAN Configuration Create VLAN 1 Vlan Type Port Based Delete VLAN Protocol Id PID None VLAN Name Default VLAN User Defined PID 0x0000 Management VLAN Yes Now 1 VLAN State Active IVL SVL IVL Port Membership L 6 7 12 13 18 19 24 Unit 1 UUUUUU UUUUUU UUUUUU UUUUUU KEY T Tagged Port Member U Untagged Port Member Not a Member of VLAN Use space bar to display choices press Return or Enter to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Me M The VLAN Configuration screen settings shown in Figure 30 are default settings with all switch ports classified as untagged members of VLAN 1 Figure 31 shows the VLAN Configuration screen after it is configured to support the VLAN 3 broadcast domain shown in Figure 29 VLAN Name is optional Using the Business Policy Switch 2000 Version 1 2 118 Chapter 2 Network configuration Ports 2 4 6 8 10 and 11 are now untagged members of VLAN 3 as shown in Figure 29 on page 116 Figure 31 VLAN Configuration screen example c VLAN C
269. ment system With software version 1 2 the BPS 2000 offers a Command Line Interface CLI management system You can issue CLI commands through the serial port of the switch or through a Telnet session The SNMPv3 and RMON features are not supported You can work with the CLI interactively when you use the CLI command to configure the switch command by command You can also work with the CLI all at once when you use the CLI command to configure the network Refer to Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 for complete information on accessing the CLI and all commands Increased VLANs The BPS 2000 software version 1 2 provides support for 256 virtual local area networks VLANs These 256 VLANs can be spread among port based protocol based and MAC source address based VLANs maximum of 48 MAC source address based VLANs Finally the 256 VLANs can be on a standalone BPS 2000 with software version 1 2 or across a Pure BPS 2000 Stack with software version 1 2 If you are working with more than 64 VLANs in a Pure BPS 2000 Stack and you change to a Hybrid Stack you lose all VLANs However if you have up to 64 VLANs in the Pure BPS 2000 Stack and you change to a Hybrid Stack you will retain all the VLANs Using the Business Policy Switch 2000 Version 1 2 49 Refer to Virtual Local Area Networks VLANSs on page 63 for a more complete description of VLANs For information
270. n 1 As shown in Figure 16 unit 3 becomes nonoperational This result can be due to a failed unit or simply because the unit was powered down 2 Unit 2 and unit 4 directly upstream and downstream from unit 3 sense the loss of link signals from unit 3 a Units 2 and 4 automatically loop their internal stack signals A and B b The Cas Up LED for unit 2 and the Cas Dwn LED for unit 4 turn on amber to indicate that the stack signals are looped 3 The remaining stack units remain connected Although the example shown in Figure 16 shows a failed unit causing the stack to loop signals at the points of failure A and B the system reacts the same way ifa cable is removed 208700 B Chapter 2 Network configuration 103 Figure 16 Redundant cascade stacking feature Cascade A Cascade A Out In 9815EA Table 9 describes the redundant cascade stacking illustration references Table 9 Redundant cascade stacking descriptions Base unit 1 2 Last unit 3 Cascade cable part number 303978 A 4 Cascade max return cable part number 303979 A Using the Business Policy Switch 2000 Version 1 2 104 Chapter 2 Network configuration IEEE 802 1Q VLAN workgroups Note For guidelines on configuring VLANs STGs and MLT refer to Chapter 1 Bus
271. n 1 1 provides support for security based on the Extensible Authentication Protocol over LAN EAPOL which uses the EAP as described in the IEEE Draft P802 1X to allow you to set up network access control on internal LANs Refer to Security on page 66 for complete information on EAPOL based security For information on configuring EAPOL based security using the Console Interface CI menus refer to Chapter 3 To configure this feature using the Web based management system refer to Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 To use Device Manager DM to configure EAPOL based security refer to Reference for the Business Policy Switch 2000 Management Software Version 1 2 And to configure this feature using CLI commands refer to Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 Using the Business Policy Switch 2000 Version 1 2 59 Automatic PVID With software version 1 1 the BPS 2000 provides the Automatic PVID feature for configuring virtual local area networks VLANs Refer to Virtual Local Area Networks VLANSs on page 63 for more complete information on VLANs Refer to Chapter 3 for information on configuring Automatic PVID using the Console Interface CI menus Refer to Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 for information on configuring this feature using the Web based management system A
272. n 315 Figure 120 Meter page with new entry in Meter Table Application gt QoS gt QoS Advanced gt Meter Meter Table Action Data Specification Committed Rate Committed Burst Size In Profile Out of Profile F Kbps Bytes Action Action X Practice 1 No Meter Data Generic N A Meter Creation Name Data Specification no Meter Data y Committed Rate 2 Kbps Maximum Burst Rate Kops Duration pow m In Profile Action 2 Generic E Out of Profile Action feoooox l Committed Burst Size In summary you have configured a new meter named Practice This meter specifies no meter data and the in profile action Generic for packets that match a filter associated with this meter Configuring policies Now you are ready to configure a policy A policy is an interface group a group of filters filter set and the associated meter and action Policies are applied according to the precedence order that you assign in the QoS Advanced gt Policies page Policies are not modifiable If you want to change a policy you must delete the entry in the Policy Table and reenter the information To configure a policy Using the Business Policy Switch 2000 Version 1 2 316 Chapter 5 Sample QoS configuration 1 Click the Application gt QoS gt QoS Advanced gt Policies menu option The Policies page opens Figure 121 Figure 121 Policies page Application gt QoS gt QoS Advanced gt Policies 4
273. n a trunk is not active the spanning tree participation setting in the Trunk Configuration screen does not take effect until you set the Trunk Status field to Enabled The trunk is also viewed by management stations as a single spanning tree port The spanning tree port is represented by the trunk member with the lowest port number For example if ports 13 14 15 and 16 are trunk members of trunk T1 the management station views trunk T1 as spanning tree port 13 For more information on configuring MultiLink Trunking VLANs and spanning tree groups refer to Chapter 1 for guidelines on configuring spanning tree groups For more information about using the MultiLink Trunking feature see Chapter 3 See also Appendixes for configuration flowcharts that can help you use this feature Port mirroring You can designate one of your switch ports to monitor traffic on any two specified switch ports port based or to monitor traffic to or from any two specified addresses that the switch has learned address based Note A probe device such as the Nortel Networks StackProbe or equivalent must be connected to the designated monitor port to use this feature contact your Nortel Networks sales agent for details about the StackProbe The following sections provide sample configurations for both monitoring modes available with the Port Mirroring feature Using the Business Policy Switch 2000 Version 1 2 140 Chapter 2 Network c
274. n and for maintaining adequate procedures apart from the Software to reconstruct lost or altered files data or programs Using the Business Policy Switch 2000 Version 1 2 4 Limitation of liability IN NO EVENT WILL NORTEL NETWORKS OR ITS LICENSORS BE LIABLE FOR ANY COST OF SUBSTITUTE PROCUREMENT SPECIAL INDIRECT INCIDENTAL OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES RESULTING FROM INACCURATE OR LOST DATA OR LOSS OF USE OR PROFITS ARISING OUT OF OR IN CONNECTION WITH THE PERFORMANCE OF THE SOFTWARE EVEN IF NORTEL NETWORKS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN NO EVENT SHALL THE LIABILITY OF NORTEL NETWORKS RELATING TO THE SOFTWARE OR THIS AGREEMENT EXCEED THE PRICE PAID TO NORTEL NETWORKS FOR THE SOFTWARE LICENSE 5 Government Licensees This provision applies to all Software and documentation acquired directly or indirectly by or on behalf of the United States Government The Software and documentation are commercial products licensed on the open market at market prices and were developed entirely at private expense and without the use of any U S Government funds The license to the U S Government is granted only with restricted rights and use duplication or disclosure by the U S Government is subject to the restrictions set forth in subparagraph c 1 of the Commercial Computer Software Restricted Rights clause of FAR 52 227 19 and the limitations set out in this license for civilian agencies and subparagraph
275. n fields o o o o 212 Port Mirroring Configuration screen fields 214 Mioratoring modes cs aad bee Peed a ERR 216 Rate Limiting Configuration screen fields o oo o o o 219 IGMP Configuration Menu screen options 0005 221 IGMP Configuration screen fields o oo oooooooomooo 222 Multicast Group Membership screen options 2 225 Port Statistics screen fields 0 000 cece eee 228 Stack Operational Mode screen fields oooooooo 231 Console Comm Port Configuration screen fields 232 Renumber Stack Units screen options 20000 eens 239 Spanning Tree Configuration Menu screen options 241 Spanning Tree Group Configuration parameters 243 Spanning Tree Port Configuration screen fields 247 Spanning Tree Switch Settings parameters 20005 250 Spanning Tree VLAN Membership parameters 253 TELNET SNMP Web Access Configuration screen fields 255 Software Download screen fields 000 cece eee eee 260 Configuration File Menu screen options 0 000000000 262 Configuration File Download Upload screen fields 264 Parameters not saved to the Configuration File 266 ASCII Configuration File Download screen fields 268 System Log scre
276. n for Pure BPS 2000 Stack mode 259 Figure 96 Software Download screen for Hybrid Stack mode 259 Figure 97 Configuration File Menu screen 0 eee ee eee 262 Figure 98 Configuration File Download Upload screen 20 0005 263 Figure 99 ASCII Configuration File Download screen 0 20 0005 267 Figure 100 System Log Seres seis aee50eed eeeiwhvses bai daedeus vores 270 Figure 101 Schematic of QoS policy 2 c sce cece ede ewe xg ng ke am ad nae 276 Figure 102 Web based management menu page 20 eee eee eee 295 Using the Business Policy Switch 2000 Version 1 2 20 Figures Figure 103 Figure 104 Figure 105 Figure 106 Figure 107 Figure 108 Figure 109 Figure 110 Figure 111 Figure 112 Figure 113 Figure 114 Figure 115 Figure 116 Figure 117 Figure 118 Figure 119 Figure 120 Figure 121 Figure 122 Figure 123 Figure 124 Figure 125 Figure 126 Figure 127 Figure 128 Figure 129 Figure 130 Figure 131 Figure 132 Figure 133 Figure 134 Figure 135 Figure 136 Figure 137 Interface Configuration page 02 cee o 296 Interface Group Assignment page 0 0 cece eee eee eee 297 IP Classification page 1 Of 2 oca eee doses E mmm mnes 300 IP Classification page 2 Of 2 2 2 ek eee 300 IP Giaesiication GIOUD page nn c lt eecceaeex ranas 302 IP Group Modification page 22 cess RR RR ren 303 IP Classification page 1 Of 2 iussus sa xe gu obese
277. n that subnet receive the IP Multicast stream Note Although the nonparticipating end stations can filter the IP Multicast traffic the IP Multicast traffic still exists on the subnet and consumes bandwidth IP Multicast can be optimized in a LAN by using IP Multicast filtering switches such as the Business Policy Switch As shown in Figure 35 a non IP Multicast filtering switch causes IP Multicast traffic to be sent to all segments on the local subnet Using the Business Policy Switch 2000 Version 1 2 124 Chapter 2 Network configuration Figure 35 IP Multicast propagation with IGMP routing Host membership IGMP query Host Designated router 1 Host membership query Internet a Designated router 2 Non IP Multicast filtering switch c Jp Multicast stream Host b Non IP Multicast membership filtering switch report ei 1 Host membership report BS45021B The Business Policy Switch can automatically set up IP Multicast filters so the IP Multicast traffic is only directed to the participating end nodes see Figure 36 In Figure 36 switches S1 to S4 represent a LAN connected to an IP Multicast router The router periodically sends Host Membership Q
278. n the MAC Address Security Table for allowed membership If the software detects a source MAC address that is not an allowed member the software registers a MAC intrusion event Default Disabled Range Disabled Enabled MAC Address Security When this field is set to enabled the MAC address security screens cannot be modified using SNMP SNMP includes the DM management system Default Disabled Range Disabled Enabled Partition Port on Intrusion Detected This field value determines how the switch reacts to an intrusion event When an intrusion even is detected see MAC Address Security field description the specified switch port is set to Disabled partitioned from other switch ports When the field is set to Disabled the port remains enabled even if an intrusion event is detected Enabled the port becomes disabled then automatically resets to enabled depending on the value set in the Partition Time field Forever the port becomes disabled and remains disabled partitioned The Partition Time field cannot be used to automatically to reset the port to Enabled if you set this field to Forever You can always manually set the port s status field to enabled using the Port Configuration screen see Port Configuration screen on page 201 Default Disabled Range Disabled Enabled Forever Partition Time This field appears only when the Partition Port on Intrusion Detected field is set to enabled
279. nd refer to Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 for information on configuring Automatic PVID with CLI commands Finally refer to Reference for the Business Policy Switch 2000 Management Software Version 1 2 for information on configuring this feature using DM For example to create a broadcast domain for each VLAN shown in Figure 6 configure each VLAN with a port membership and each port with the appropriate PVID VLAN association Using the Business Policy Switch 2000 Version 1 2 60 Figure 6 VLAN broadcast domains within the switch S1 VLAN 3 VLAN 2 VLAN 1 Key VLAN 1 PVID 1 VLAN 2 PVID 2 VLAN 3 PVID 3 BS45019A In Figure 6 the ports have the following PVID VLAN associations e Ports 8 6 and 11 are untagged members of VLAN 1 The PVID VLAN association for ports 6 and 11 is PVID 1 e Ports 2 4 10 and 8 are untagged members of VLAN 2 The PVID VLAN association for ports 2 4 and 10 is PVID 2 e Ports 2 4 10 8 6 and 11 are untagged members of VLAN 3 The PVID VLAN association for port 8 is PVID 3 Using the Business Policy Switch 2000 Version 1 2 61 Refer to Chapter 3 for information on configuring Automatic PVID using the Console Interface CI menus Refer to Using Web based Management for the Busine
280. nen Schauen Sie niemals in einen Glasfaser LWL oder ein Anschluteil Gehen Sie stets davon aus daf das Glasfaserkabel an eine Lichtquelle angeschlossen ist Avertissement L quipement fibre optique peut mettre des rayons laser ou infrarouges qui risquent d entrainer des l sions oculaires Ne jamais regarder dans le port d un connecteur ou d un c ble fibre optique Toujours supposer que les c bles fibre optique sont raccord s une source lumineuse Advertencia Los equipos de fibra ptica pueden emitir radiaciones de l ser o infrarrojas que pueden da ar los ojos No mire nunca en el interior de una fibra ptica ni de un puerto de conexi n Suponga siempre que los cables de fibra ptica est n conectados a una fuente luminosa Avvertenza Le apparecchiature a fibre ottiche emettono raggi laser o infrarossi che possono risultare dannosi per gli occhi Non guardare mai direttamente le fibre ottiche o le porte di collegamento Tenere in considerazione il fatto che i cavi a fibre ottiche sono collegati a una sorgente luminosa A SABLA EA PHARM BATS OED ED pA NRARY A Wh heARSIAE ZY CS FAW TT VMI TBA NTA EOL ROTC FAW PE Se DIG Ss nf 4 9 amp EU AUN Using the Business Policy Switch 2000 Version 1 2 356 Appendix C Media dependent adapters There are two 100BASE FX models Figure 135 e The BPS2000 2FX MDA uses two longwave 1300 nm SC
281. ness Policy Switch 2000 Up to 28 users o Up to 28 users Pree E C F L fan fa s BEEEED ce Up to 28 users Accelar switch Key Up to 28 users Up to 28 users Up to 28 users n Up to 28 users 100 Mb s Business 9842EA Policy Switch stack operation BPS 2000 switches configured with Business Policy Switch software version 1 0 provide fail safe stackability when you install the optional BayStack 400 ST1 Cascade Module You can connect up to eight Business Policy Switches and BayStack 450 switches to provide uninterrupted connectivity for up to 224 ports see Fail safe stack application The entire stack is manageable as a single unit Installation instructions are provided with the BayStack 400 ST1 Cascade Module see your Nortel Networks sales representative for ordering information This section discusses the following stacking topics e BayStack 400 ST1 Cascade Module on page 94 e Base unit on page 96 Using the Business Policy Switch 2000 Version 1 2
282. ness Policy Switch 2000 uses DiffServ to manage network traffic and resources The information that is required to support DiffServ and multi field classification is transferred using the Common Open Policy Services COPS protocol COPS is a query and response protocol that exchanges policy information messages using the Transmission Control Protocol TCP All configuration can be performed using SNMP the CLI and the Web based interface The BPS2000 switch can interoperate with the Nortel Networks Optivity Policy Server using Common Open Policy Services COPS Using the Business Policy Switch 2000 Version 1 2 63 Refer to Chapter 4 Chapter 4 Policy enabled networks For information on configuring QoS using the Console Interface CI menus refer to Chapter 3 To configure this feature using the Web based management system refer to Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 To use Device Manager DM to configure QoS refer to Reference for the Business Policy Switch 2000 Management Software Version 1 2 And to configure this feature using CLI commands refer to Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 Virtual Local Area Networks VLANs Note For information on configuring VLANs STGs and MLTs refer to STG configuration guidelines on page 51 In a traditional shared media network traffic generated by a station is
283. network management software You can use any generic SNMP based network management software to configure and manage a Business Policy Switch e Nortel Networks Optivity network management software Optivity consists of views most of which are maps that illustrate the interconnections between the segments rings and nodes of your network The views allow you to quickly and easily analyze network performance and fault conditions on the individual segments and specific areas in your network Through the views Optivity can also alert you when a problem has occurred in a specific location For further information about Optivity contact your Nortel Networks sales representative Multifield packet classification Specify multifield packet classification based on header fields of data link network and transport layer protocols as you configure your policy criteria Filters are populated with information needed to classify packets and determine the set of actions that need to be applied to classified packets See Chapter 4 Policy enabled networks for more information SNMP MIB support The Business Policy Switch supports an SNMP agent with industry standard MIBs as well as private MIB extensions which ensures compatibility with existing network management tools The switch supports the MIB II RFC 1213 Bridge MIB RFC 1493 and the RMON MIB RFC 1757 which provide access Using the Business Policy Switch 2000 Version 1 2
284. nfiguration Menu screen di IGMP Configuration Menu E IGMP Configuration Display Multicast Group Membership Return to Switch Configuration Menu Use arrow keys to highlight option press Return or Enter to select option Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu e Table 37 describes the IGMP Configuration Menu screen options 208700 B Chapter 3 Using the console interface 221 Table 37 IGMP Configuration Menu screen options Option Description IGMP Configuration Displays the IGMP Configuration screen see IGMP Configuration screen on page 221 This screen allows you to set up IGMP VLAN configurations Display Multicast Group Membership Displays the Multicast Group Membership screen see Multicast Group Membership screen on page 224 This screen allows you to view all IP Multicast addresses that are active in the current LAN IGMP Configuration screen Figure 82 shows an example of the IGMP Configuration screen in a stacked configuration When installed as a standalone switch the screen does not display the Unit field designation In this example switch ports 8 and 14 of unit 1 ports 2 and 6 of unit 2 and port 16 of unit 4 are set to receive transmit multicast from the local multicast router The configured ports are VLAN port members of VLAN 5 To open the IGMP Configuration screen Choose IGMP Config
285. ng in the spanning tree network See also Hello Time Bridge Maximum Age Time For STP Group specifies the maximum age in seconds that a Hello message can attain before it is discarded This parameter specified by management for this bridge takes effect only when the bridge becomes the root bridge Note that if this bridge becomes the root bridge its Maximum Age Time parameter value becomes the Actual Maximum Age Time parameter value for all bridges participating in the spanning tree network See also Maximum Age Time Bridge Forward Delay For STP Group indicates the Forward Delay parameter value specified by management for this bridge This parameter takes effect only when this bridge becomes the root bridge Using the Business Policy Switch 2000 Version 1 2 252 Chapter 3 Using the console interface Table 47 Spanning Tree Switch Settings parameters continued Parameter Description The Forward Delay parameter value specifies the amount of time that the bridge ports remain in the Listening and Learning states before entering the Forwarding state Note that all bridges participating in the spanning tree network use the root bridge s Forward Delay parameter value See also Forward Delay Spanning Tree VLAN Membership screen The Spanning Tree VLAN Membership screen Figure 93 allows you to view which VLANs belong to the selected STP Group STP Group 1 is the default STP group
286. ng values for the two Rate Limiting Configuration screens Note If a port is configured for rate limiting and it is a MultiLink Trunk member all trunk member ports implement rate limiting Also if a trunk member is implementing rate limiting and the port is disabled from rate limiting all trunk members are disabled from rate limiting 208700 B Chapter 3 Using the console interface 217 To open the Rate Limiting Configuration screen Choose Rate Limiting Configuration or press 1 from the Switch Configuration Menu screen Figure 79 Rate Limiting Configuration screen 1 of 2 a Rate Limiting Configuration N Unit pa Port Packet Type Limit Last 5 Minutes Last Hour Last 24 Hours 1 Both None 56 0 22 0 23 0 2 Multicast 30 0 27 0 55 0 3 Both None 25 0 24 0 67 0 4 Both 10 72 0 33 0 55 0 5 Broadcast 10 35 0 54 0 78 0 6 Multicast 10 96 0 45 0 87 0 7 Both 10 86 0 67 0 60 0 8 Both 58 0 44 0 70 0 9 Multicast None 11 0 87 0 65 0 10 Both None 27 0 89 0 44 0 Id Both None 15 0 66 0 66 0 12 Both None 12 0 98 0 99 0 13 Both None 44 0 33 0 89 0 14 Both None 34 0 45 0 76 0 More Press Ctrl N to display choices for additional ports Use space bar to display choices press lt Return gt or lt Enter gt to select choice Press Ctrl R to return to previous menu Pre
287. nitialization or a spanning tree change The port goes through the normal blocking and learning states before the forwarding state but the hold times for these states is the bridge hello timer 2 seconds by default instead of the bridge forward delay timer 15 seconds by default If the port sees a BPDU it will revert to regular behavior With BPS 2000 software version 1 1 and higher the port set with Fast Learning can forward data immediately as soon as the switch learns that the port is enabled Fast Learning is intended for access ports where only one device is connected to the switch as in workstations with no other spanning tree devices It may not be desirable to wait the usual 30 to 35 seconds for spanning tree initialization and bridge learning Note Use Spanning Tree Fast Learning with caution This procedure is contrary to that specified in the IEEE 802 1D standard for Spanning Tree Protocol STP in which a port enters the blocking state following the initialization of the bridging device or from the disabled state when the port is enabled through configuration ASCII configuration file Beginning with software version 1 2 the BPS 2000 can download a user editable ASCII configuration file from a TFTP server You can load the ASCII configuration file automatically at boot time or on demand using the management systems console menus or CLI Once downloaded the configuration file automatically configures the switch or
288. nsole interface Table 35 Monitoring modes Field Description Port based Disabled Default value for this feature gt Port X Monitor all traffic received by Port X Port X gt Monitor all traffic transmitted by Port X lt gt Port X Monitor all traffic received and transmitted by Port X gt Port X or Port Y gt Monitor all traffic received by Port X or transmitted by Port Y gt Port X and Port Y gt Monitor all traffic received by Port X destined to Port Y and then transmitted by Port Y lt gt Port X and Port Y lt gt Monitor all traffic received transmitted by Port X and received transmitted by Port Y Address based Disabled Default value for this feature Address A gt any Address Monitor all traffic transmitted from Address A to any address any Address gt Address A Monitor all traffic received by Address A from any address lt gt Address A Monitor all traffic received by or transmitted by Address A Address A gt Address B Monitor all traffic transmitted by Address A to Address B Address A lt gt Address B Monitor all traffic between Address A and Address B conversation between the two stations Rate Limiting Configuration screen The Rate Limiting Configuration screen allows you to limit the forwarding rate of broadcast and multicast packets Figures 79 and 80 show sample rate limiti
289. nte luminosa a laser che pu danneggiare gli occhi Non guardare mai all interno di una port a fibra ottica o di una porta connettore Dare sempre per scontato che il cavo di fibra ottica o il connettore siano collegati ad una sorgente luminosa a laser A Se 47 y EEN BACA LP oe DIET HI TANG AR Ae EP ASIA EBC S ESV HEF FAWN FHT MISSES IUTW SZ EOL BOT BS This section describes the 450 1GBIC MDA The 450 1GBIC MDA Figure 136 provides a single host port for supported Gigabit Interface Converters GBICs The GBICs are hot swappable input output enhancement components that are designed for use with Nortel Networks products to allow Gigabit Ethernet ports to link with fiber optic networks 208700 B Appendix C Media dependent adapters 359 For instructions on installing the 450 1GBIC MDA see Installing an MDA on page 363 For instructions on installing GBICs to your 450 1GBIC MDA s Host port see Installing GBICs on page 360 Figure 136 450 1GBIC MDA front panel 450 1GBIC MDA um Ph m Actvty 450 1GBIC MDA GBIC model with extractor tabs GBIC model with extractor handle emm SC connector BS450102A Table 70 describes the 450 1GBIC MDA front panel components Using the Business Policy Switch 2000 Version 1 2 360 Appendix C Media dependent adapters T
290. nter gt when complete Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu y 208700 B Chapter 3 Using the console interface 161 Table 12 describes the SNMP Configuration screen fields Table 12 SNMP Configuration screen fields Field Description Read Only Community String The community string used for in band read only SNMP operations Read Write Community String Default Value public Range Any ASCII string of up to 32 printable characters The community string used for in band read write SNMP operations Default Value private Range Any ASCII string of up to 32 printable characters Trap 1 IP Address Number one of four trap IP addresses Successive trap IP address fields are numbered 2 3 and 4 Each trap address has an associated community string see Community String Default Value 0 0 0 0 no IP address assigned Range Four octet dotted decimal notation where each octet is represented as a decimal value separated by a decimal point Community String The community string associated with one of the four trap IP addresses see Trap 1 IP Address Default Value Zero length string Range Any ASCII string of up to 32 printable characters Authentication Trap Determines whether a trap will be sent when there is an SNMP authentication failure Default Value Enabled Range Enabled Disabled Autotopology Allows you to enable or di
291. nu screen lusus 169 MAC Address Security Configuration screen 000 0c eee eee eee 171 MAC Address Security Port Configuration screen 200000e eee 173 MAC Address Security Port Lists screens 0oooooooocorooormoooo 176 POM Mealy Lcd dade d xu o dup A AA Rud qd dear 178 Accelerator keys for repetitive tasks 2 00000 e eee eee 179 MAC Address Security Table screens oocococccccco eee 181 EAPOL Secunty Configuration Screen iieciuse hase a RR RRER rant TERRE 183 VLAN Configuration Menu screen 2 600 se8 RR RR hn 187 VLAN Gonfguralion SEO uu iu aeu hdd o Yd xe dod Ob aw aid Ros 189 MAC Address Configuration for MAC SA Based VLAN screen 196 208700 B Contents 11 VLAN Port Configuration screen 22 4 0 e0e0 54 Rh tue 197 VLAN Display by Port screen conouxa dees deeded eae A dad ewes 200 Part Configuration SCION ccc cccid cere eee eee XO RC CRGO eRe eee 201 High Speed Flow Control Configuration screen 0 00 eee ee 204 Choosing a high speed flow control mode 0 000 eee eee 206 SIMIMENCIMOOS 2c ars irc rs beeen shee beeen eae beds 206 PERMISOS y cee ba Leh ee Eh hehe as hee eS 206 MultiLink Trunk Configuration Menu screen 0000 0 cece eee eee 207 MultiLink Trunk Configuration screen 06000 cece eee 208 M ltiLink Trunk Utilization Screen one eee a ee 211 Port Mirroring Configuration Screen 6 0 0c cee eee 213
292. o Main Menu Use arrow keys to highlight option press Return or Enter to select option Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu M P Table 14 describes the Switch Configuration Menu screen options Table 14 Switch Configuration Menu screen options Option Description MAC Address Table Displays the MAC Address Table screen see MAC Address Table screen on page 167 This screen allows you to view all MAC addresses and their associated port or trunk that the switch has learned or to search for a particular MAC address to see if the switch has learned the address MAC Address Security Displays the MAC Address Security Configuration menu see MAC Configuration Address Security Configuration Menu screen on page 169 This screen allows you to set up the MAC address security feature and provides the following options MAC Address Security Configuration MAC Address Security Port Configuration MAC Address Security Port Lists and MAC Address Security Table This menu allows you to enable and disable security features on the port and trunk levels Using the Business Policy Switch 2000 Version 1 2 166 Chapter 3 Using the console interface Table 14 Switch Configuration Menu screen options continued Option Description EAPOL Security Configuration Displays the EAPOL Security Configuration menu see EAPOL Security Configura
293. o select the unit number when stacking is configured to view or configure To view or configure another unit type its unit number and press Enter or press the spacebar to toggle the unit numbers If you set this field value to All other screen field values you modify apply to a stack ports 208700 B Chapter 3 Using the console interface 185 Table 21 EAPOL security configuration screen options continued Option Description Default 1 Range 1 2 3 4 5 6 7 8 ALL Port Allows you to select a specified unit s see preceding Unit field port number to view or configure To view or configure another port type its port number and press Enter or press the spacebar to toggle the port numbers If you set this field value to All other screen field values you modify apply to all ports for the specified unit The All value is also useful when you want to apply modified field values to most of but not all of your switch s ports For example if you want to apply modified field values to 23 of your switch s 24 ports it may be easier to apply the All value in the Port field and then reconfigure the single port back to its original values Default 1 Range 1 to 28 ALL Initialize Allows you to activate EAPOL authentication for the specified unit port Default No Range No Yes Administrative Status Allows you to set the EAPOL authorization status for the specified unit port Default Force Authorized Range
294. o toggle the unit numbers Port Indicates the switch port numbers that correspond to the field values in that row of the screen for example the field values in row 2 apply to switch port 2 Note that the values in the Switch row affect all switch ports and when the switch is part of a stack the values in the Stack row affect all ports in the entire stack Trunk The read only data displayed in this column indicates the trunks that correspond to the switch ports specified in the Trunk Members fields of the Trunk Configuration screen see MultiLink Trunk Configuration Menu screen on page 207 Participation Allows you to configure any or all of the switch ports for spanning tree participation When an individual port is a trunk member see Trunk field changing this setting for one of the trunk members changes the setting for all members of that trunk You should consider how this can change your network topology before you change this setting see Chapters 1 and 2 The Fast Learning parameter is the same as Normal Learning except that the state transition timer is shortened to 2 seconds Default Value Normal Learning Range Normal Learning Fast Learning Disabled Priority This read only field is a bridge spanning tree parameter that prioritizes the lowest path cost to the root When one or more ports have the same path cost spanning tree selects the path with the highest priority lowest numerical value See also P
295. of the link Port connection problems are also traceable to the autonegotiation mode or the port interface Autonegotiation modes Port connection problems can occur when a port or station is connected to another port or station that is not operating in a compatible mode for example connecting a full duplex port on one station to a half duplex port on another station The Business Policy Switch negotiates port speeds according to the IEEE 802 3u autonegotiating standard The switch adjusts autonegotiates its port speed and duplex mode to match the best service provided by the connected station up to 100 Mb s in full duplex mode as follows e If the connected station uses a form of autonegotiation that is not compatible with the IEEE 802 3u autonegotiating standard the Business Policy Switch cannot negotiate a compatible mode for correct operation e Ifthe autonegotiation feature is not present or not enabled at the connected station the Business Policy Switch may not be able to determine the correct duplex modes Using the Business Policy Switch 2000 Version 1 2 334 Chapter 6 Troubleshooting In both situations the Business Policy Switch autosenses the speed of the connected station and by default reverts to half duplex mode If the connected station is operating in full duplex mode it cannot communicate with the switch To correct this mode mismatch problem 1 Use the Port Configuration screen to disable a
296. oflows or aggregate flows and provides Quality of Service QoS that is scalable Briefly with DiffServ you use policies to direct traffic by assigning packets to certain queues The system marks the DiffServ DS field of IP packets to define how the packet is treated as it moves through the network You classify traffic so that together the policies and the DS fields direct the traffic prioritization You can specify a number of policies and each policy can match one or many flows supporting complex classification scenarios Summary of packet classifiers The BPS 2000 classifies packets based on various parameters e IP packets source address mask destination address mask IP protocol type such as TCP UDP DSCP value Layer 4 source port number 208700 B Chapter 4 Policy enabled networks 275 Layer 4 destination port number Ingress port number e Layer 2 packets VLAN ID number IEEE 802 1q tag presence EtherType which is the Layer 3 protocol type such as AppleTalk IEEE 802 1p user priority values Ingress port number For EtherType IP DSCP value IP protocol type such as TCP UDP TCP UDP source port range TCP UDP destination port range Summary of actions The BPS 2000 filters collectively direct the system to initiate the following actions on a packet depending on your configuration e Pass or Drop e Re mark the packet when Pass is selected Re mark a
297. oices press lt Return gt or lt Enter gt to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu No we Table 34 describes the Port Mirroring Configuration screen fields Table 34 Port Mirroring Configuration screen fields Field Description Monitoring Mode Allows a user to select any one of six port based monitoring modes or any one of five address based monitoring modes see Table 35 Selecting any one of the six port based modes activates the port X and port Y screen fields where a user can choose up to two ports to monitor Selecting any one of the five address based modes activates the Address A and Address B screen fields where a user can specify MAC addresses to monitor Default Value Disabled Range See Table 35 Monitor Unit Port Indicates the port number of the specified unit that is designated as the monitor port Default Value Zero length string Range 1 to 8 1 to 28 depending on model type 208700 B Chapter 3 Using the console interface 215 Table 34 Port Mirroring Configuration screen fields continued Field Description Unit Port X Indicates one of the ports of the specified unit that will be monitored by the designated port monitor when one of the port based monitoring modes is selected This port will be monitored according to the value of Port X in the Monitoring Mode field see Table 35 Default Value
298. olicing 57 policy 288 queues 285 Port Configuration screen 166 201 port connectors 381 porterrors 61 Port field 203 228 247 Port List field 178 port list syntax 178 Using the Business Policy Switch 2000 Version 1 2 402 Index port lists 183 Port Membership field 193 port mirroring 139 address based 143 configuration rules 133 145 coversation steering 78 monitoring modes 216 Nortel Networks StackProbe 78 port based 140 Port Mirroring Configuration screen 166 213 Port Name field 201 Port Statistics screen 226 power cords 45 power status 39 Power Status field 163 power up sequence 332 Predefined Protocol Identifier PID 194 Preferred Phy field 206 Primary RADIUS Server field 237 prioritization 293 prioritizing traffic 128 274 Priority field 247 product support 30 Protocol ID PID field 192 proxy 122 publications hard copy 30 related 28 84 PVID field 201 Q QoS 273 action 288 311 313 Advanced pages 294 BayStack 450 switch 319 classes 277 classifiers 298 committed rate 287 313 configuration 293 data specification 314 default mapping values 298 DSCP 298 filter group precedence 301 308 filter groups 279 302 309 filters 279 298 IEEE 802 1p 298 in profile traffic 287 313 interface class 282 295 297 interface groups 286 295 297 IP filter groups 299 301 IP filters 279 299 layer 2 filter groups 305 308 layer 2 filters 279 305 management 293 mapping vlaues 3
299. olicy Switch 2000 Version 1 2 178 Chapter 3 Using the console interface Figure 62 MAC Address Security Port Lists screen MAC Address Security Port Lists Entry Port List S1 1 1 7 2 1 7 2 9 3 1 4 4 12 S2 2 1 7 2 9 4 3 5 S3 1 3 2 7 3 1 4 S4 4 12 S5 1 NONE 2 NONE 3 NONE 4 NONE S6 1 ALL 2 ALL 3 ALL 4 ALL 87 3 ALL More Press Ctrl N to display next screen PortT Enter unit port 1 NONE 1 ALL 2 3 4 7 9 Press Return or Enter when done Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu Ne P Table 19 describes the MAC Address Security Port Lists screen fields Table 19 MAC Address Security Port Lists screen fields Field Description Entry This field indicates the port list number S1 to S32 that corresponds to the values you set in the Port List field Port List This field allows you to create a port list that you can use as an Allowed Source in the MAC Address Security Table screen Port list syntax When you enter a port list in a stack configuration you must specify either a unit port list NONE or ALL In a stack configuration ALL indicates all of the stack port whereas in a standalone scenario ALL indicates all of the switch ports Note NONE and ALL must be entered in uppercase characters as shown in the screen prompt 208700 B Chapter 3 Using the console interface 179 A un
300. on the aggregate bandwidth of the trunk For example Figure 43 shows a four port trunk T1 with two port members operating at 100 Mb s and two at 10 Mb s Trunk T1 provides an aggregate bandwidth of 220 Mb s The Path Cost for T1 is 4 Path Cost 1000 Using the Business Policy Switch 2000 Version 1 2 136 Chapter 2 Network configuration Figure 43 LAN speed in Mb s Another three port trunk T2 is configured with an aggregate bandwidth of 210 Mb s with a comparable Path Cost of 4 When the Path Cost calculations for both trunks are equal the software chooses the trunk with the larger aggregate bandwidth T1 to determine the most efficient path Also the trunk cannot span multiple spanning tree groups Path Cost arbitration example 3 al Gl 3 Path Cost T1 4 GH GE S1 ema Bases Poy Sch 0 Business oo Policy Switch 2000 oJ o o o 8 100 Mb s 100 Mb s 100 Mb s 100 Mb s Path Cost T2 4 10 Mb s 10Mb s 10 Mb s Y Tti lt gt cr re Aggregate Band
301. onfiguration Create VLAN 3 Vlan Type Port Based Delete VLAN Protocol Id PID None VLAN Name test VLAN User Defined PID 0x0000 Management VLAN Yes Now 1 VLAN State Active IVL SVL IVL Port Membership 1 6 7 12 13 18 19 24 Unit 1 U U U U UU ssaa cese KEY T Tagged Port Member U Untagged Port Member Not a Member of VLAN Use space bar to display choices press lt Return gt or lt Enter gt to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Me To configure the PVID port VLAN identifier for port 8 1 From the VLAN Configuration screen press Ctrl R to return to the VLAN Configuration Menu 2 From the VLAN Configuration Menu select VLAN Port Configuration or press c The default VLAN Port Configuration screen opens Figure 32 The VLAN Port Configuration screen settings shown in Figure 32 are default settings 208700 B Chapter 2 Network configuration 119 Figure 32 Default VLAN Port Configuration screen example a VLAN Port Configuration Unit Port Filter Tagged Frames Filter Untagged Frames Filter Unregistered Frames Port Name PVID Port Priority Tagging AutoPVID all ports 1 1 No No No Port 1 0 Use space bar to display choices press Return or Enter to select choice Press Ctrl R to return to previous menu Press Ctrl C to return
302. onfiguration e Port based mirroring e Address based mirroring A sample Port Mirroring Configuration screen accompanies each network configuration example Note that the displayed screens do not show all of the screen prompts that precede some actions For example when you configure a switch for port mirroring or when you modify an existing port mirroring configuration the new configuration does not take effect until you respond Yes to the following screen prompt Is your port mirroring configuration complete Port based mirroring configuration Figure 46 shows an example of a port based mirroring configuration where port 23 is designated as the monitor port for ports 24 and 25 of Switch S1 Although this example shows ports 24 and 25 monitored by the monitor port port 23 any of the trunk members of T1 and T2 can also be monitored In this example Figure 46 shows port X and port Y as members of Trunk T1 and Trunk T2 Port X and port Y are not required to always be members of Trunk T1 and Trunk T2 Note Trunks cannot be monitored and trunk members cannot be configured as monitor ports see MultiLink Trunking configuration rules Figure 46 shows the Port Mirroring Configuration screen setup for this example 208700 B Chapter 2 Network configuration 141 Figure 46 Port based mirroring configuration example StackProbe Monitor port o o O p
303. onfigure a monitor port as a trunk member or IGMP member e A monitor port cannot be used for normal switch functions e When you configure a port as a monitor port the port is automatically disabled from participating in the spanning tree When you reconfigure the port as a standard switch port no longer a monitor port the port is enabled for spanning tree participation e When you create a port based port mirroring configuration be sure that the monitor port and both of the mirrored ports port X and port Y have the same configuration Use the VLAN Configuration screen to configure the VLAN see Chapter 3 Using the Business Policy Switch 2000 Version 1 2 146 Chapter 2 Network configuration e VLAN configuration settings for any ports configured for port based mirroring cannot be changed Use the Port Mirroring Configuration screen to disable port mirroring or reconfigure the port mirroring ports then change the VLAN configuration settings e For port based monitoring of traffic use one of the following modes for monitoring broadcast IP Multicast or unknown DA frames Monitor all traffic received by port X Monitor all traffic transmitted by port X Monitor all traffic received and transmitted by port X Monitor all traffic received by port X or transmitted by port Y For more information about using the Port Mirroring feature see Chapter 3 See also Appendixes for configuration flowcharts that can
304. or press i from the Switch Configuration Menu screen Figure 145 Configuring Port Mirroring 1 of 2 Port Mirroring Configuration screen Is Monitoring Mode Set Monitoring Mode field field set Is Monitor Port field set Set Monitor Port field see Port Mirroring Configuration Rules Monitor Port set for port based mode gt Are Ports X and Y fields configured No Configure Ports X and Y fields see Port Mirroring Configuration Rules Ji g gt Off page reference O On page reference BS45051A 208700 B Appendix D Quick steps to features 375 Figure 146 Configuring Port Mirroring 2 of 2 Are Address A and B Configure Addresses configured Enable Port Mirroring Port Mirroring Enabled Don gt Off page reference O On page reference BS45052A Configuring IGMP Snooping To create or modify IGMP Snooping ports follow the flowcharts in Figures Figure 147 to Figure 149 To open the IGMP Configuration screen Choose IGMP Configuration or press g from the Switch Configuration Menu screen Using the Business Policy Switch 2000 Version 1 2 376 Appendix D Quick steps to features Figure 147 Configuring IGMP Snooping 1 of 3 IGMP Configuration screen Are VLANs created port members configured Go to VLAN flowchart Create VLANs configure port members as required
305. or press the spacebar on your keyboard to to toggle the STP Group numbers Default Value 1 Range 1 to 8 only created STP Groups display Bridge Priority For STP Group indicates the management assigned priority value of the bridge ID in hexadecimal notation which is the most significant byte of the bridge ID Spanning tree uses this parameter to determine the root bridge or designated bridge For example the bridge with the lowest bridge ID becomes the root bridge with Bridge Priority values compared first followed by the hardware addresses Designated For STP Group indicates the bridge ID of the root bridge as determined by spanning Root tree Root Port For STP Group indicates the switch port number that offers the lowest path cost to the root bridge Root Path Cost For STP Group indicates the path cost to the root bridge Hello Time For STP Group indicates the Actual Hello Interval the amount of time between transmissions of configuration Bridge Protocol Data Units BPDUs that the root bridge is currently using Note that all bridges participating in the spanning tree network use the root bridge s Hello Interval parameter value See also Bridge Hello Time 208700 B Chapter 3 Using the console interface 251 Table 47 Spanning Tree Switch Settings parameters continued Parameter Description Maximum Age Time For STP Group indicates the Maximum Age Time paramete
306. orks The MDAs can support high speed connections to servers shared Fast Ethernet hubs or backbone devices Note The MDAs are not hot swappable Power down the switch before installing or removing an MDA Table 66 describes available MDA models Table 66 MDA models Interface type Model Refer to 1000BASE SX 450 1SR MDA page 348 Shortwave gigabit fiber 450 1SX MDA 1000BASE LX 450 1LR MDA page 350 Longwave gigabit fiber 450 1LX MDA 10BASE T 100BASE TX UTP BPS2000 4TX MDA page 353 100BASE FX Multimode fiber BPS2000 2FX MDA page 355 BPS2000 4FX MDA GBIC 450 1GBIC MDA page 355 Nortel Networks is constantly adding new models and features to existing product lines for a full range of MDAs that are available from Nortel Networks see your Nortel Networks sales representative Using the Business Policy Switch 2000 Version 1 2 348 Appendix C Media dependent adapters 1000BASE SX 450 1SR MDA and 450 1SX MDA A Warning This is a Class 1 Laser LED product It contains a laser light source that can injure your eyes Never look into an optical fiber or connector port Always assume that the fiber optic cable or connector is connected to a laser light source A Vorsicht Dieses Laser LED Produkt der Klasse 1 enth lt eine Laserlichtquelle die zu Augenverletzungen f hren kann Sehen Sie nie in einen Lichtwellenleiter oder Glasfaserstecker Port Gehen Sie immer davon aus d
307. orm solely by reason of the termination of this license 8 Export and Re export Licensee agrees not to export directly or indirectly the Software or related technical data or information without first obtaining any required export licenses or other governmental approvals Without limiting the foregoing Licensee on behalf of itself and its subsidiaries and affiliates agrees that it will not without first obtaining all export licenses and approvals required by the U S Government i export re export transfer or divert any such Software or technical data or any direct product thereof to any country to which such exports or re exports are restricted or embargoed under United States export control laws and regulations or to any national or resident of such restricted or embargoed countries or 1i provide the Software or related technical data or information to any military end user or for any military end use including the design development or production of any chemical nuclear or biological weapons 9 General If any provision of this Agreement is held to be invalid or unenforceable by a court of competent jurisdiction the remainder of the provisions of this Agreement shall remain in full force and effect This Agreement will be governed by the laws of the state of California Should you have any questions concerning this Agreement contact Nortel Networks 4401 Great America Parkway P O Box 58185 Santa Clara California 95054 818
308. ort and you configure values other than VLAN configuration values those values are applied and stored in NVRAM You set up your Authentication server RADIUS server for EAPOL dynamic VLAN assignments The Authentication server allows you to configure user specific settings for VLAN memberships and port priority When you log on to a system that has been configured for EAPOL authentication the Authentication server recognizes your user ID and notifies the switch to assign preconfigured user specific VLAN membership and port priorities to the switch The configuration settings are based on configuration parameters that were customized for your user ID and previously stored on the Authentication server To set up the Authentication server set the following Return List attributes for all user configurations refer to your Authentication server documentation e VLAN membership attributes Tunnel Type value 13 Tunnel Type VLAN Tunnel Medium Type value 6 Tunnel Medium Type 802 Tunnel Private Group Id ASCII value 1 to 4094 this value is used to identify the specified VLAN e Port priority vendor specific attributes Vendor Id value 562 Nortel Networks vendor Id Attribute Number value 1 Port Priority Using the Business Policy Switch 2000 Version 1 2 75 Attribute Value value 0 zero to 7 this value is used to indicate the port priority value assigned to the specified user System requir
309. ort based VLAN assignment 02 eee eee eee ees 108 Figure 20 802 10 tagging after port based VLAN assignment 108 Figure 21 Policy based VLAN assignment ocisraroranrana ron raro RR n 109 Figure 22 802 10 tagging after policy based VLAN assignment 109 Figure 23 B02 10 Tadassighment vaciconvarra cia een dense 110 Figure 24 802 1Q tagging after 802 1Q tag assignment 111 Figure 25 VLANs spanning multiple 802 1Q tagged switches 112 Figure 26 VLANs spanning multiple untagged switches 113 Figure 27 Possible problems with VLANs and Spanning Tree Protocol 114 Figure 28 Multiple VLANs sharing resources 00 0c eee eee eee 115 Figure 29 VLAN broadcast domains within the switch o 116 Figure 30 Default VLAN Configuration screen example llus 117 Figure 31 VLAN Configuration screen example 0000 cece eens 118 Figure 32 Default VLAN Port Configuration screen example 119 Using the Business Policy Switch 2000 Version 1 2 18 Figures Figure 33 Figure 34 Figure 35 Figure 36 Figure 37 Figure 38 Figure 39 Figure 40 Figure 41 Figure 42 Figure 43 Figure 44 Figure 45 Figure 46 Figure 47 Figure 48 Figure 49 Figure 50 Figure 51 Figure 52 Figure 53 Figure 54 Figure 55 Figure 56 Figure 57 Figure 58 Figure 59 Figure 60 Figure 61 Figure 62 Figure 63 Fig
310. ote authentication to internal LAN clients Using the Business Policy Switch 2000 Version 1 2 72 The following example illustrates how the BPS 2000 configured with the EAPOL based security feature reacts to a new network connection e The switch detects a new connection on one of its ports The switch requests a user ID from the new client EAPOL encapsulates the user ID and forwards it to the RADIUS server The RADIUS server responds with a request for the user s password e The new client forwards an encrypted password to the switch within the EAPOL packet The switch relays the EAPOL packet to the RADIUS server Ifthe RADIUS server validates the password the new client is allowed access to the switch and the network Some components and terms used with EAPOL based security are e Supplicant the device applying for access to the network e Authenticator software with the sole purpose of authorizing a supplicant that is attached to the other end of a LAN segment e Authentication Server a RADIUS server that provides authorization services to the Authenticator e Port Access Entity PAE a software entity associated with each port that supports the Authenticator or Supplicant functionality In the preceding example the Authenticator PAE resides on the switch e Controlled Port any switch port with EAPOL based security enabled The Authenticator communicates with the Supplicant using
311. oubleshooting Figure 129 LED display panel Business Policy Switch 2000 Cas 4 1 3 5 T 9 11 13 15 47 19 21 23 E E NEN E HE HHE E NN NN NN NN 10 100 Pm m EH EE EH E E E E E NN NN S NH Activity Status Dwn 2 4 6 8 10 12 14 16 18 20 22 24 EH EN Em EH EE NEN NH HE E NH NN NH NN EH 10 100 RPSU Base m Em E ER EE E E E E E NH NN NN NN S EH Activity 9714EA Table 59 Business Policy Switch LED descriptions Label Type Color State Meaning Pwr Power status Green On DC power is available to the switch s internal circuitry Off No AC power to switch or power supply failed Status System status Green On Self test passed successfully and switch is operational Blinking A nonfatal error occurred during the self test This includes nonworking fans Off The switch failed the self test RPSU RPSU status Green On The switch is connected to the RPSU and can receive power if needed Off The switch is not connected to the RPSU or RPSU is not supplying power Cas Up Stack mode Off The switch is in standalone mode 208700 B Chapter 6 Troubleshooting 329 Table 59 Business Policy Switch LED descriptions continued Label Type Color State Meaning Green On The switch is connected to the upstream unit s Cascade A In connector Amber On This unit has detected a problem with the switch connected to the
312. pacebar on your keyboard to toggle the unit numbers Port Allows you to select the number of the port you want to view or reset to zero To view another port type its port number and press Enter or press the spacebar on your keyboard to toggle the port numbers Packets Received column Indicates the total number of packets received on this port including bad packets broadcast packets and multicast packets Transmitted column Indicates the total number of packets transmitted successfully on this port including broadcast packets and multicast packets Multicasts Received column Indicates the total number of good multicast packets received on this port excluding broadcast packets Transmitted column Indicates the total number of multicast packets transmitted successfully on this port excluding broadcast packets Broadcasts Received column Indicates the total number of good broadcast packets received on this port Transmitted column Indicates the total number of broadcast packets transmitted successfully on this port Total Octets Received column Indicates the total number of octets of data including data in bad packets received on this port excluding framing bits but including FCS octets Transmitted column Indicates the total number of octets of data transmitted successfully on this port including FCS octets Lost Packets Received column Indicates the total number of packets lost disca
313. packets received on these ports These filters specify an action that must change the IEEE 802 1p and drop precedence of the matching packets based on the incoming DSCP using a table that matches each one of the 64 DSCP values to the corresponding IEEE 802 1p priority The values can be modified by a policy server or by the user Using the Business Policy Switch 2000 Version 1 2 284 Chapter 4 Policy enabled networks If a packet is received from a trusted port and either it does not match any of the filters installed by the user on this port or it does match a filter but is not dropped the BPS 2000 uses a default layer 2 filter to change the packet IEEE 802 1p and drop precedence based on the DSCP of the packet Filters that you install on untrusted ports must specify an action to change the DSCP IEEE 802 1p priority and drop precedence of IP traffic received from these ports For non IP traffic the filters must specify an action to update the IEEE 802 1p priority and drop precedence but not update the DSCP If a packet is received from an untrusted port and it does not match any one of the filters installed by the user on the port the BPS 2000 uses default layer 2 filters to change the packet DSCP IEEE 802 1p priority and drop precedence as follows e Ifthe packet is tagged the BPS 2000 uses a layer 2 filter to change the DSCP IEEE 802 1p to 0 and drop precedence to 1 so that the packet can get best effort treatment e If an
314. pecified percentage of the total available bandwidth The percentage you set refers to the total available bandwidth not to a percentage of current traffic Table 36 describes the Rate Limiting Configuration screen fields 208700 B Chapter 3 Using the console interface 219 Table 36 Rate Limiting Configuration screen fields Field Description Port Indicates the switch port numbers that correspond to the field values in that row of the screen for example the field values in row 2 apply to switch port 2 Note that the values applied in the Switch or Stack row last 2 rows affect all standalone switch ports or all switch ports in a stack Packet Type Allows you to select the packet types for rate limiting or viewing Default Value Both Range Both Multicast Broadcast Limit Sets the percentage of port bandwidth allowed for forwarding the packet types specified in the Packet Type field When the threshold is exceeded any additional packets specified in the Packet Type field are discarded Default Value None Range None 10 9 8 7 6 5 4 3 2 1 Last 5 Minutes This read only field indicates the percentage of packets of the type specified in the Packet Type field received by the port in the last 5 minutes This field provides a running average of network activity and is updated every 15 seconds Note that this field indicates the receiving port s view of network activity rega
315. plays the current configuration mode for the Business Policy Switch or mixed stack configuration When the stack is reset the operational mode settings do revert to the default settings Figure 85 Stack Operational Mode screen a Stack Operational Mode Current Stack Operational Mode Pure BPS 2000 Stack Next Stack Operational Mode Pure BPS 2000 Stack Stack BootP Mac Address Type Stack Mac Address Use space bar to display choices press lt Return gt or lt Enter gt to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu e 208700 B Chapter 3 Using the console interface 231 Table 41 describes the Stack Operational Mode screen fields Table 41 Stack Operational Mode screen fields Field Description Current Stack Operational Mode A read only field that indicates the current mode of your stack This field identifies a stack that contains only Business Policy Switches or a stack that contains a variety of switches Default Pure BPS 2000 Stack Range Hybrid Stack Pure BPS 2000 Stack Next Stack Operational Mode Allows you to set the configuration modes of your stack Press the spacebar to toggle between Hybrid Stack and Pure BPS 2000 Stack options Reboot the system to implement the change Default Pure BPS 2000 Stack Range Hybrid Stack Pure BPS 2000 Stack Stack BootP Mac Address Type Allows you to set the location for t
316. ports in the Interface Group Assignment page first A role combination cannot be deleted if it is referenced by an installed meter Accepting default mapping values If you choose to accept the default values for IEEE 802 1p priority and DSCP values skip this section and precede to Setting up filters and filter groups Note Nortel Networks recommends that you use the default mapping values to ensure end to end QoS connectivity across Nortel Network products To manually configure mapping values refer to Assigning mapping values on page 318 Setting up filters and filter groups Filters allow you to classify packets by various parameters For more information on these parameters refer to Chapter 4 Filters are combined into filter groups Filter groups are then associated with an interface group You configure filter specifications The QoS Advanced gt Rules gt IP Classification page or the QoS Advanced gt Rules gt Layer 2 Classification page allows you to enter matching conditions for an individual filter You set up special conditions for packet processing In order for packets to be processed a packet has to match all the fields you specify 208700 B Chapter 5 Sample QoS configuration 299 Note When you choose the value Ignore the system matches all fields for that parameter Defining an IP filter You create IP filters for IP packets that are to be forwarded through the BPS 2000
317. ports specified in the Port field Traffic Type Allows you to choose the traffic type to be monitored for percent of bandwidth utilization see Range Default Value Rx and Tx Range Rx and Tx Rx Tx Unit Port Lists the trunk member ports that correspond to the trunk specified in the Trunk column The Unit extension to the Port column name only appears when the switch unit is part of a stack configuration It indicates that the ports in this row are associated with the specified unit number configured in the Unit field Last 5 Minutes This read only field indicates the percentage of packets of the type specified in the Traffic Type field utilized by the port in the last 5 minutes This field provides a running average of network activity and is updated every 15 seconds 208700 B Chapter 3 Using the console interface 213 Table 33 MultiLink Trunk Utilization screen fields continued Field Last 30 Minutes Description This read only field indicates the percentage of packets of the type specified in the Traffic Type field utilized by the port in the last 30 minutes This field provides a running average of network activity and is updated every 15 seconds Last Hour This read only field indicates the percentage of packets of the type specified in the Traffic Type field utilized by the port in the last 60 minutes This field provides a running average of network activity and i
318. r ports 24 and 25 in Switch S1 Note The Unit value in the Unit Port field is not configurable when the switch is operating standalone For detailed information about the Port Mirroring screen fields see Chapter 3 The Monitoring Mode field gt Port X or Port Y gt indicates that all traffic received by port X or all traffic transmitted by port Y is currently being monitored by the StackProbe attached to Monitor Port 23 The screen data displayed at the bottom of the screen shows the currently active port mirroring configuration Figure 47 Port Mirroring Configuration port based screen example Port Mirroring Configuration UN Monitoring Mode gt Port X or Port Y gt Monitor Unit Port 23 Unit Port X 25 Unit Port Y 24 Address A 00 00 00 00 00 00 Address B 00 00 00 00 00 00 Port mirroring configuration has taken effect Currently Active Port Mirroring Configuration Monitoring Mode gt Port X or Port Y gt Monitor Port 23 Port X 25 Port Y 24 Use space bar to display choices press lt Return gt or lt Enter gt to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu 208700 B Chapter 2 Network configuration 143 Address based mirroring configuration Figure 48 shows an example of an address based mirroring configuration where port 23 the designated monitor port for Switch S1 is monitoring traffic occur
319. r unit with physical ID x are used to reconfigure the unit with physical ID x e The configuration file also duplicates any settings that exist for any MDA that is installed in the donor switch If you use the configuration file to configure another switch that has the same MDA model installed the configuration file settings will also apply to and override the existing MDA settings Using the Business Policy Switch 2000 Version 1 2 266 Chapter 3 Using the console interface Table 53 describes Configuration File parameter information Table 53 Parameters not saved to the Configuration File These parameters are not saved Used in this screen See page In Band Stack IP Address IP Configuration Setup 155 In Band Switch IP Address In Band Subnet Mask Default Gateway Console Read Only Switch Password Console Comm Port Configuration 231 Console Read Write Switch Password Console Read Only Stack Password Console Read Write Stack Password Configuration Image Filename Configuration File Download Upload 262 TFTP Server IP Address ASCII Configuration File Download screen The ASCII Configuration File Download screen Figure 99 allows you to download an ASCII configuration file containing CLI commands from a TFTP server to configure the switch or stack Choose ASCII Configuration File Download from the Configuration File Menu to open the ASCII Configuration File Do
320. r value that the root bridge is currently using This value specifies the maximum age that a Hello message can attain before it is discarded Note that the root bridge s Maximum Age Time parameter value becomes the actual Maximum Age Time parameter value for all bridges participating in the spanning tree network See also Bridge Maximum Age Time Forward Delay For STP Group indicates the Forward Delay parameter value that the root bridge is currently using This value specifies the amount of time that the bridge ports remain in the Listening and Learning states before entering the Forwarding state Note that the root bridge s Forward Delay parameter value becomes the actual Forward Delay parameter value for all bridges participating in the spanning tree network See also Bridge Forward Delay Bridge Hello Time For STP Group indicates the Hello Interval the amount of time between transmissions of BPDUs specified by management for this bridge This parameter takes effect only when this bridge becomes the root bridge Note that although you can set the Hello Interval for a bridge using bridge management software once the spanning tree computation process is complete all bridges participating in the spanning tree network use the root bridge s Hello Interval parameter value If any bridge becomes the root bridge its Hello Interval parameter value becomes the Actual Hello Interval parameter value for all bridges participati
321. rded when the capacity of the port receive buffer was exceeded Transmitted column Indicates the total number of packets lost discarded when the capacity of the port transmit buffer was exceeded Packets 64 bytes Received column Indicates the total number of 64 byte packets received on this port Transmitted column Indicates the total number of 64 byte packets transmitted successfully on this port 65 127 bytes Received column Indicates the total number of 65 byte to 127 byte packets received on this port Transmitted column Indicates the total number of 65 byte to 127 byte packets transmitted successfully on this port 208700 B Chapter 3 Using the console interface 229 Table 40 Port Statistics screen fields continued Field Description 128 255 bytes Received column Indicates the total number of 128 byte to 255 byte packets received on this port Transmitted column Indicates the total number of 128 byte to 255 byte packets transmitted successfully on this port 256 511 bytes Received column Indicates the total number of 256 byte to 511 byte packets received on this port Transmitted column Indicates the total number of 256 byte to 511 byte packets transmitted successfully on this port 512 1023 bytes Received column Indicates the total number of 512 byte to 1023 byte packets received on this port Transmitted column Indicates the total number of 512 byte to
322. rdless of the rate limiting setting Last Hour This read only field indicates the percentage of packets of the type specified in the Packet Type field received by the port in the last hour This field provides a running average of network activity and is updated every 5 minutes Note that this field indicates the receiving port s view of network activity regardless of the rate limiting setting Last 24 Hours This read only field indicates the percentage of packets of the type specified in the Packet Type field received by the port in the last 24 hours This field provides a running average of network activity and is updated every hour Note that this field indicates the receiving port s view of network activity regardless of the rate limiting setting 1 Rate limiting is disabled if this field is set to None This allows you to select and view the percentage of specific packet types present in the network without inadvertently limiting the forwarding rate IGMP Configuration Menu screen The IGMP Configuration Menu screen Figure 81 allows you to select the appropriate screen to optimize IP Multicast packets in a bridged Ethernet environment see Chapter 1 Using the Business Policy Switch 2000 Version 1 2 220 Chapter 3 Using the console interface To open the IGMP Configuration Menu screen Choose IGMP Configuration or press g from the Switch Configuration Menu screen Figure 81 IGMP Co
323. ring between address A and address B Figure 48 Address based mirroring configuration example Address A StackProbe Monitor port Q em OE port 23 S1 je kesse GIG gm EA AAA p T2 Q Sj 5 to S3 Pea ce f esses ee rss 9 20 El AAAA AT Address B BS45033A In this configuration the designated monitor port port 23 can be set to monitor traffic in any of the following modes Monitor all traffic transmitted from address A to any address Monitor all traffic received by address A from any address Monitor all traffic received by or transmitted by address A Monitor all traffic transmitted by address A to address B Using the Business Policy Switch 2000 Version 1 2 144 Chapter 2 Network configuration Monitor all traffic between address A and address B conversation between the two stations Figure 49 shows the Port Mirroring Configuration screen setup for this example
324. rst until all the queued packets are transmitted The other three queues are serviced using a WRR scheduler The second set contains the MDA front panel ports There are two types of MDAs The Gigabit MDA has 1 uplink with 2 queues that are serviced in an absolute priority fashion However each port on the BPS2000 4TX MDA BSP2000 4FX MDA and BPS2000 2FX MDA has a set of 4 queues The first queue holds the highest priority and is serviced in an absolute priority fashion meaning that this queue is serviced first until all the queued packets are transmitted The other three queues are serviced using a WRR scheduler You cannot change the characteristics of these queue sets such as the service discipline packet or buffer thresholds and queue weights for WRR scheduler You can change the default IEEE 802 1p to queue mapping and the default DSCP to IEEE 802 1p mapping using the Web based management interface SNMP the CLI or DM Note that the IEEE 802 1p to queue mapping for an interface port depends on the number of queues available at that interface This number depends on the queue set associated with the interface Interface groups Every port should be assigned to an interface group which is used to apply policies to traffic received by this port And each port can belong to only one interface group The Web based interface for Advanced QoS uses the term Interface Configurations for this function All ports that have the same
325. rt Configuration screen Choose VLAN Port Configuration or press c from the VLAN Configuration Menu screen Using the Business Policy Switch 2000 Version 1 2 198 Chapter 3 Using the console interface Figure 69 VLAN Port Configuration screen a Main Menu Unit 1 Port 1 Filter Tagged Frames No Filter Untagged Frames No Filter Unregistered Frames No Port Name Unit 1 Port 1 PVID 3 Port Priority Lo Tagging Tagged Trunk AutoPVID all ports Disabled Use space bar to display choices press Return or Enter to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to VLAN Port Configuration A Table 27 describes the VLAN Port Configuration screen fields Table 27 VLAN Port Configuration screen fields Field Description Unit Allows you to select a switch in your stack To view another switch type its switch number and press Enter or press the spacebar to toggle the switch numbers Port Allows you to select the number of the port you want to view or configure To view another port type its port number and press Enter or press the spacebar to toggle the port numbers Filter Tagged Frames Allows you to set this port to filter discard all received tagged packets Default No Range No Yes Filter Untagged Frames Sets this port to filter discard all received untagged frames Default No
326. rt4 Ports Port 6 Port7 Port8 PVID 1 PS DA CRC SA Incoming Outgoing Data untagged Data untagged packet packet unchanged SA CRC DA Key l By default All ports are assigned PVID 1 All ports are untagged members of VLAN 1 BS45010A When you configure VLANs you configure the switch ports as tagged or untagged members of specific VLANs see Figure 19 through Figure 24 In Figure 18 untagged incoming packets are assigned directly to VLAN 2 PVID 2 Port 5 is configured as a tagged member of VLAN 2 and port 7 is configured as an untagged member of VLAN 2 Using the Business Policy Switch 2000 Version 1 2 108 Chapter 2 Network configuration Figure 19 Port based VLAN assignment PVID 2 Port1 Port2 Port 3 Tagged member S of VLAN 2 Untagged packet T CRC Data SA DA 5 802 1Q Switch 5 Before Port6 Port7 Port8 Untagged member of VLAN 2 BS45011A As shown in Figure 20 the untagged packet is marked tagged as it leaves the switch through port 5 which is configured as a tagged member of VLAN 2 The untagged packet remains unchanged as it leaves the switch through port 7 which is configured as an untagged member of VLAN 2 Figure 20 802 1Q tagging after port based VLAN assignment Tagge
327. rtel Networks recommends that you always configure the top unit in the stack as the base unit In any stack configuration the following applies e When you apply power to the stack the base unit initializes and the entire stack powers up as a single logical unit within 45 seconds e You can attach an RS 232 communications cable to the console port of any switch in the stack e You can downline upgrade the entire stack from any switch in the stack from the console interface a Telnet session the Web based management interface or any generic SNMP based network management software e You can access and manage the stack using a Telnet connection the Web based management interface or any generic SNMP management tool through any switch port that is part of the stack configuration e When stacking three or more switches use the longer l meter cascade max return cable part number 303979 A to complete the link from the last unit in the stack to the base unit Using the Business Policy Switch 2000 Version 1 2 102 Chapter 2 Network configuration Redundant cascade stacking feature Business Policy Switches allow you to connect up to 8 units into a redundant cascade stack If any single unit fails or if a cable is accidently disconnected other units in the stack remain operational without interruption Figure 16 shows an example of how a stack configuration reacts to a failed or powered down unit in the stack configuratio
328. ructions on configuring the MAC address based security feature refer to Chapter 3 Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 Reference for the Business Policy Switch 2000 Management Software Version 1 2 and Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 EAPOL based security BPS 2000 software version 1 1 provides support for security based on the Extensible Authentication Protocol over LAN EAPOL which uses the EAP as described in the IEEE Draft P802 1X to allow you to set up network access control on internal LANs For information on configuring EAPOL based security using the Console Interface CI menus refer to Chapter 3 To configure this feature using the Web based management system refer to Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 To use Device Manager DM to configure EAPOL based security refer to Reference for the Business Policy Switch 2000 Management Software Version 1 2 And to configure this feature using CLI commands refer to Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 book EAP allows the exchange of authentication information between any end station or server connected to the switch and an authentication server such as a RADIUS server The EAPOL based security feature operates in conjunction with a RADIUS based server to extend the benefits of rem
329. s RR RR 356 450 1GBIC MDA front panel oc susc casses e aha 359 GBIC Cee CIES crak eqescemem pee ES UAR Aaaa 361 208700 B Figures 21 Figure 138 instaling a GBS ces desea caiie aie oe 498A OX 24d EY ERE 362 Figure 139 Removing a GBIC concurri nda A acd dee 363 Figure 140 Installing an MDA 22s cccevcr cave m mx mem mmm 365 Figure 141 Configuring 802 1Q VLANs 1 of 3 0 2 cee eee 370 Figure 142 Configuring 802 1Q VLANs 2 0f 3 ooooccoccccccocco ooo 371 Figure 143 Configuring 802 1Q VLANs 3 of 3 ooooococccccoccccooc ooo 372 Figure 144 Configuring MultiLink Trunks 00 00 c eee eee eee 373 Figure 145 Configuring Port Mirroring 1 of 2 2 2 0 cece eee 374 Figure 146 Configuring Port Mirroring 2 of 2 0 0 eee 375 Figure 147 Configuring IGMP Snooping 1 0f 3 00 eee 376 Figure 148 Configuring IGMP Snooping 2 of 3 2c 377 Figure 149 Configuring IGMP Snooping 3 of 3 2 0c 378 Figure 150 Authenticaton process flowchart 1 of 2 000 2 cee eee 379 Figure 151 Authenticaton process flowchart 2 of 2 o ooooo oooomooo 380 Figure 152 RJ 45 8 Pin Modular port connector 0 02 0c ee eee 381 Figure 153 MDI Xto MDI cable connections accessus uat 9 RR RR RR n 383 Figure 154 MDI X to MDI X cable connections 000 c eee eee eee 384 Figure 155 DB 9 Console port connector ooccoccoccccc 384 Using the B
330. s Rate Limiting Configuration MultiLink Trunk Configuration Spanning Tree Configuration amp Config MultiLink Trunk Utilization TELNET SNMP Web Access Configuration Display Port Statistics Software Download Clear All Port Statistics IGMP Configuration Configuration File Stack Operational Mode Display Multicast Group Membership Display Event Log Reset Spanning Tree Group Configuration Spanning Tree Port Configuration Display Spanning Tree Switch Settings Display Spanning Tree VLAN Membership Reset to Default Settings Command Line Interface Logout Configuration File Download Upload Ascii Configuration File Download 1 Only appears when the switch is participating in a stack configuration 2 Only appears when a gigabit MDA is installed in one or more units in a stack configuration 10450EA 208700 B Chapter 3 Using the console interface 151 The CI screens for your specific switch model will show the correct model name in the main menu screen title and the correct number of ports and port types in the Port Configuration screen Note The field values shown in the CI screens in this section are provided as examples only Main Menu This section describes the options available from the CI main menu Figure 51 The CI screens and submenus for these options are described in the following sections Note Some menu options shown in this main menu example and in other
331. s connected to a buffered repeater device MultiLink Trunk Configuration Menu screen The MultiLink Trunk Configuration Menu screen Figure 74 allows you to select the appropriate screen to configure up to six MultiLink Trunks you can group up to four switch ports together to form each trunk You can configure up to six MultiLink Trunks in each stack with trunk members in either a single unit or distributed between units within the stack configuration distributed trunking You can monitor the bandwidth usage for the trunk member ports within each trunk For more information about configuring MultiLink Trunks see Chapters 1 and 2 Note When a trunk is not active Trunk Status field set to Disabled configuration changes do not take effect until you set the Trunk Status field to Enabled To open the MultiLink Trunk Configuration Menu screen Choose MultiLink Trunk Configuration or press t from the Switch Configuration Menu screen Using the Business Policy Switch 2000 Version 1 2 208 Chapter 3 Using the console interface Figure 74 MultiLink Trunk Configuration Menu screen O N MultiLink Trunk Configuration Menu MultiLink Trunk Configuration MultiLink Trunk Utilization Return to Switch Configuration Menu Use arrow keys to highlight option press lt Return gt or lt Enter gt to select option Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu L A
332. s displayed Otherwise that address will be activated in the MAC SA based VLAN MAC Address State Displays current state Active or allows you to delete a MAC address Delete 208700 B Chapter 3 Using the console interface 197 Gigabit ports restriction Gigabit ports and BayStack 410 ports do not have the ability to assign incoming untagged frames to a protocol based VLAN To allow Gigabit ports to participate in protocol based VLANs you must set the Tagging field value in the VLAN Port Configuration screen to Tagged Trunk Incoming untagged frames will be assigned to the PVID VLAN VLAN Port Configuration screen The VLAN Port Configuration screen Figure 69 allows you to configure specified switch ports with the appropriate PVID VLAN association that enables the creation of VLAN broadcast domains see Chapters 1 and 2 for more information about setting up VLAN broadcast domains You can configure specified switch ports to filter discard all received tagged frames untagged frames or unregistered frames see Chapters 1 and 2 Refer to the guidelines for configuring spanning tree groups in Chapter 1 for more information on configuring ports for tagged or untagged frames You can also prioritize the order in which the switch forwards packets on a per port basis see Chapters 1 and 2 Refer to Chapter 4 Policy enabled networks for more information on prioritizing traffic To open the VLAN Po
333. s the Port Mirroring Configuration screen see Port Mirroring Configuration screen on page 213 This screen allows you to designate a single switch port as a traffic monitor for up to two specified ports or addresses Rate Limiting Configuration Displays the Rate Limiting Configuration screen see Rate Limiting Configuration screen on page 216 This screen allows you to limit the forwarding rate of broadcast and multicast packets IGMP Configuration Displays the IGMP Configuration screen see IGMP Configuration screen on page 221 This screen allows you to optimize multicast traffic by setting up IGMP port memberships that filter multicast on a per port basis see Chapter 1 for more information about this feature Display Port Statistics Displays the Port Statistics screen see Port Statistics screen on page 226 This screen allows you to view detailed information about any switch port 208700 B Chapter 3 Using the console interface 167 Table 14 Switch Configuration Menu screen options continued Option Description Clear All Port Statistics Allows you to clear all port statistics This option is followed by screen prompts that precede a choice of the actions If the switch is operating standalone choose one of the following Yes to clear all port statistics for all switch ports No to abort the option Ifthe switch is participating in a stack config
334. s to highlight option press Return or Enter to select option Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu Se F Table 51 describes the Configuration File Menu screen options Table 51 Configuration File Menu screen options Option Description Configuration File Download Upload Displays the Configuration File Download Upload screen see Configuration File Download Upload screen on page 262 Ascii Configuration File Download Displays the ASCII Configuration File Download screen see ASCII Configuration File Download screen on page 266 Configuration File Download Upload screen The Configuration File Download Upload screen Figure 98 allows you to store your switch stack configuration parameters on a TFIP server Certain requirements apply when automatically configuring a switch or stack using this feature see Requirements on page 265 Although most configuration parameters are saved to the configuration file certain parameters are not saved see Table 53 on page 266 208700 B Chapter 3 Using the console interface 263 Choose Configuration File Download Upload from the Configuration File Menu to open the Configuration File Download Upload screen Figure 98 Configuration File Download Upload screen 2 N Configuration File Download Upload Configuration Image Filename TFTP Server IP Address 132 245 164 4
335. s updated every 15 seconds Port Mirroring Configuration screen The Port Mirroring Configuration screen allows you to configure a specific switch port to monitor up to two specified ports or two MAC addresses You can specify port based monitoring or address based monitoring In a stack configuration you can monitor ports that reside on different units within the stack For more information about the port mirroring feature see Chapter 1 Figure 78 shows an example of a Port Mirroring Configuration screen in a stack configuration where port 12 in stack unit 3 is designated as the monitoring port for ports 5 and 6 of stack unit 4 When installed as a standalone switch the screen does not display the Unit field designation To open the Port Mirroring Configuration screen Choose Port Mirroring Configuration or press i from the Switch Configuration Menu screen Using the Business Policy Switch 2000 Version 1 2 214 Chapter 3 Using the console interface Figure 78 Port Mirror Configuration screen E b Port Mirroring Configuration Monitoring Mode gt Port X or Port Y gt Monitor Unit Port 3 12 Unit Port X 4 5 Unit Port Y 4 6 Address A 00 00 00 00 00 00 Address B 00 00 00 00 00 00 Currently Active Port Mirroring Configuration Monitoring Mode gt Port X or Port Y gt Monitor Unit 3 Port 12 Unit X 4 Port X 5 Unit Y 4 Port Y 6 Use space bar to display ch
336. sable the switch participation in Autotopology which allows network topology mapping of other switches in your network Default Value Enabled Range Disabled 1 The Trap IP Address and Community String fields can be set using a MIB table in a Nortel Networks proprietary MIB The status of the row in the MIB table can be set to Ignore If the row status is set to Ignore the fields appear to be set when viewed from the console terminal however no traps will be sent to that address until the row status is set to Valid Using the Business Policy Switch 2000 Version 1 2 162 Chapter 3 Using the console interface System Characteristics screen The System Characteristics screen Figure 54 allows you to view system characteristics and contains three user configurable fields sysContact sysName and sysLocation To open the System Characteristics screen Choose System Characteristics or press s from the main menu Figure 54 System Characteristics screen P M System Characteristics Operation Mode Stack Unit 1 Size Of Stack 2 Base Unit 1 MAC Address 00 80 2C 8D 23 DF Reset Count 16 Last Reset Type Management Reset Power Status Primary Power Local MDA Type None sysDescr Business Policy Switch 2000 HW AB3 FW V1 2 SW v1 2 0 0 ISVN SysObjectID 14 3 6 1 4 1 45 3 40 1 sysUpTime 0 days 0 11 3 sysServices 3 sysContact 4 sysName sysLocation Enter text press Return or
337. sefas y gu rdelas en un lugar seguro Si olvida las nuevas contrase as no podr acceder al interfaz de la consola En ese caso p ngase en contacto con Nortel Networks para obtener ayuda al respecto D Attenzione In caso di modifica delle password predefinite nel sistema assicurarsi di annotare le nuove password e di conservarle in un luogo sicuro Nel caso in cui le nuove password vengano dimenticate non sar possibile accedere all interfaccia della console In tal caso contattare la Nortel Networks per avere assistenza XA BA VSATLEMULE TIA MA D MNADE BPRLOART FEZEBOT ALz7 V T47582r14AI 72tTAC RS LTES STLUVAATZ uode cO amp l Bay Networks E C3 amp amp REA Using the Business Policy Switch 2000 Version 1 2 236 Chapter 3 Using the console interface Table 42 Console Comm Port Configuration screen fields continued Field Description Console Read Only Stack Password When the Console Switch Password field is set to Required for Telnet for Console or for Both this field allows read only password access to the Cl of any participating switch in a stack configuration Users can access the Cl using the correct password see default but cannot change any parameters or use the Reset option or Reset to Default option Default Value user Range An ASCII string of up to 15 printable characters Console Read Write Stack Password When the Console Swit
338. siness Policy Switch 200093 Business Policy Switch 200094 Business Policy Switch 20C S2 oo aioe a os For detailed information about configuring trunks see Chapter 3 9806EA Before you configure trunks When you create and enable a trunk the trunk members switch ports take on certain settings necessary for correct operation of the MultiLink Trunking feature Before you configure your MultiLink Trunk you must consider these settings along with specific configuration rules as follows 1 Read the configuration rules provided in the next section MultiLink Trunking configuration rules 2 Determine which switch ports up to four are to become trunk members the specific ports making up the trunk A minimum of two ports are required for each trunk 208700 B Chapter 2 Network configuration 133 Ensure that the chosen switch ports are set to Enabled using either the Port Configuration screen see Chapter 3 or other network management system Trunk member ports must have the same VLAN configuration 3 All network cabling should be complete and stable
339. smit Drop Frame field choose Transmit In the Update DSCP field choose 47 0x2F This entry changes the DSCP value to the decimal value 47 in the match packet In the Set Drop Precedence field choose Not Loss Sensitive In the Update 802 1p Priority field select Priority 1 Priority 1 specifies a low priority 7 Click Submit The new entry is displayed in the Action Table Figure 118 208700 B Chapter 5 Sample QoS configuration 313 Figure 118 Action page with new entry in Action Table Application gt QoS gt QoS Advanced gt Action Action Table ActionjAction Name aswel eTs Update DSCP SULIT Update E Frame Precedence Priority X Generic 1 Transmit Ox2F Not Loss Sensitive Mark as Priority 1 Action Creation Action Name J Transmit Drop Frame Transmit y Update DSCP Ignore y Set Drop Precedence Use Defaults y Update 802 1p Priority use Defaults y Default Use 802 1p Priority from DSCP Mapping Table EE In summary you have configured a new action named Generic This action specifies a high drop precedence a low user priority and a DSCP value of 0x2F for packets that match a filter associated with this action Configuring meters Metering or QoS traffic policing operates at ingress and provides different levels of service to data streams through user configurable parameters An example would be to limit traffic entering a port to a specified bandwidth such as 25 Kb s Committed R
340. ss Ctrl C to return to Main Menu No E Using the Business Policy Switch 2000 Version 1 2 218 Chapter 3 Using the console interface Figure 80 Rate Limiting Configuration screen 2 of 2 e Rate Limiting Configuration Unit 1 Port Packet Type Limit Last 5 Minutes Last Hour Last 24 Hours 15 Both None 44 0 56 0 0 0 16 Both None 67 0 34 0 0 0 AT Multicast 10 65 0 48 0 45 0 18 Both None 77 0 74 0 60 0 AS Both 10 80 0 89 0 90 0 20 Both None 78 0 83 0 98 0 21 Broadcast None 98 0 88 0 44 0 22 Both None 34 0 93 0 0 0 23 Both None 65 0 82 0 56 0 24 Multicast None 76 0 65 0 50 0 25 Both 5 88 0 67 0 0 0 26 Both None 35 0 45 0 90 0 27 Both None 25 0 48 0 78 0 28 Both None 17 0 77 0 89 0 Switch Both None Stack Both None Press Ctrl P to display choices for ports 1 14 Use space bar to display choices press Return or Enter to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu TN A You can use this screen to view the percentage of either packet type or both packet types received on each port When the volume of either packet type is high placing severe strain on the network often referred to as a storm you can set the forwarding rate of those packet types to not exceed a s
341. ss Policy Switch 2000 Software Version 1 2 for information on configuring this feature using the Web based management system And refer to Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 for information on configuring Automatic PVID with CLI commands Refer to Reference for the Business Policy Switch 2000 Management Software Version 1 2 for information on configuring this feature with DM Tabular port statistics With BPS 2000 software version 1 1 you can view all ports in an entire stack that have an error If a particular port has no errors it will not be displayed Refer to Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 to display tabular port statistics Ability to ping With software version 1 1 you can ping from a BPS 2000 This ability greatly enhances the ease of network management Refer to Chapter 3 for information on using the Console Interface CI menus to ping and to Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 for information on pinging with CLI commands Improved STP Fast Learning Mode A front BPS 2000 port set for Fast Learning Mode for the Spanning Tree Protocol STP is improved in version 1 1 of BPS 2000 software The port can forward data immediately as soon as it detects that the link is on Using the Business Policy Switch 2000 Version 1 2 62 BootP menu item for a stack of only
342. ssignments This appendix describes the Business Policy Switch 2000 port connectors and pin assignments RJ 45 10BASE T 100BASE TX port connectors The RJ 45 port connectors Figure 152 are wired as MDI X ports to connect end stations without using crossover cables See MDI and MDI X devices on page 382 for information about MDI X ports For 10B ASE T connections use Category 3 or higher UTP cable For 100BASE TX connections use only Category 5 UTP cable Figure 152 RJ 45 8 Pin Modular port connector 1 8 Using the Business Policy Switch 2000 Version 1 2 382 Appendix E Connectors and pin assignments Table 72 lists the RJ 45 8 pin modular port connector pin assignments Table 72 RJ 45 port connector pin assignments Pin Signal Description 1 RX Receive Data 2 RX Receive Data 3 TX Transmit Data 4 Not applicable Not applicable 5 Not applicable Not applicable 6 TX Transmit Data 7 Not applicable Not applicable 8 Not applicable Not applicable MDI and MDI X devices Media dependent interface MDI is the IEEE standard for the interface to unshielded twisted pair UTP cable For two devices to communicate the transmitter of one device must connect to the receiver of the other device The connection is established through a crossover function which can be a crossover cable or a port that implements the crossover function internally
343. stack according to the Command Line Interface CLI commands in the file This feature allows the flexibility of generating command configuration files that can be use on several switches or stacks with minor modifications The maximum size for an ASCII configuration file is 100 KBs larger configuration files must be split into multiple files Using the Business Policy Switch 2000 Version 1 2 54 Use a text editor to edit the ASCII configuration the command format is the same as that of the CLI You can initiate the ASCII configuration file download using CLI commands only while connected to the base unit and the ASCII configuration script will execute to completion When you initiate downloading the ASCII configuration file from the console interface the console does not display output For this reason it is important that you review the commands in the file to ensure accuracy and completeness For information on setting the parameters for the ASCII configuration file feature refer to Chapter 3 Sample ASCII configuration file This section shows a sample ASCII configuration file This file is an example only and shows a basic configuration for a standalone BPS 2000 that includes Multi Link Trunking VLANs port speed and duplex and SNMP configurations example script to configure different features from CLI enable configure terminal mlt 3 name lag3 enable member 13 14 mlt 4 name lag4 enable member 15 16 mlt 5 name
344. stack configuration Reset Count A read only field that indicates the number of resets since the operational firmware was first loaded on the switch Default Value 1 Range 0 to 23 1 4 294 967 295 Last Reset Type A read only field that indicates the last type of reset Default Value Power Cycle Power Cycle Software Download Management Reset Management Factory Reset Range Power Status A read only field that indicates the current power source primary RPSU or both Default Value Primary Power Range Primary Power Redundant Power Primary and Redundant Power Local MDA Type A read only field that indicates the MDA type that is configured in this unit sysDescr A read only field that specifies hardware and software versions sysObjectlD A read only field that provides a unique identification of the switch which contains the vendor s private enterprise number sysUpTime A read only field that shows the length of time since the last reset Note that this field is updated when the screen is redisplayed sysServices A read only field that indicates the switch s physical and data link layer functionality Using the Business Policy Switch 2000 Version 1 2 164 Chapter 3 Using the console interface Table 13 System Characteristics screen fields continued Field Description sysContact The name and phone number of the person responsible for
345. t and overwrites certain configuration settings You cannot reset the switch to its previous configurations To recover previous configurations you must reconfigure parameters such as MLT VLAN and conversation steering To add a Business Policy Switch to your stack 1 Change the new Business Policy Switch base unit setting on the BayStack 400 ST1 Cascade Module to Base Ensure that no other unit in the existing stack is selected as the base unit Power up the switch Change the Stack Operational Mode field on the Business Policy Switch to Hybrid Stack Figure 130 5 Perform configuration tasks for e IP address e Subnet mask e Gateway address 6 Reset the switch to save your changes Using the Business Policy Switch 2000 Version 1 2 342 Appendix B Interoperability in a mixed stack configuration 7 Add the newly configured Business Policy Switch to your existing stack Figure 130 Stack Operational Mode screen a E Stack Operational Mode Current Stack Operation Mode Pure BPS 2000 Stack Next Stack Operation Mode Hybrid Stack Stack BootP Mac Address Type Stack Mac Address Use space bar to display choices press Return or Enter to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu Automatic failover The automatic failover is a temporary safeguard only If the stack loses power or is reset the temporary base unit will not power up as t
346. t peut tre endommag Precauci n No interrumpa la alimentaci n del dispositivo durante el proceso de descarga del software Si lo hace puede alterar la imagen de la programaci n firmware Attenzione Non interrompere l alimentazione elettrica al dispositivo durante il processo di scaricamento del software In caso di interruzione l immagine firmware potrebbe danneggiarsi DIO OF OF b EE VD RIPPER VO ELITES T4 A SOBREDO BUCLE BREISE 2y L5r17043 DEBS ANDY EF Using the Business Policy Switch 2000 Version 1 2 258 Chapter 3 Using the console interface To download the software image you need a properly configured Trivial File Transfer Protocol TFTP server in your network and an IP address for the switch or stack if configured To learn how to configure the switch or stack IP address refer to IP Configuration Setup screen on page 155 To open the Software Download screen Choose Software Download or press f from the main menu You can monitor the software download process by observing the LEDs see LED Indications during the download process on page 261 208700 B Chapter 3 Using the console interface 259 Figure 95 Software Download screen for Pure BPS 2000 Stack mode Ve os Software Download BPS 2000 Image Filename BPS 2000 Diagnostics Filename Ey 3 TFTP Server IP Address 0 0 0 0 Start TFTP Load of New Image No
347. t Configuration Port Trunk Security 1 Disabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled 6 Disabled T Disabled 8 Disabled 9 Disabled 10 Disabled 1T Disabled 12 Disabled 13 Disabled 14 Disabled More Press Ctrl N to display choices for additional ports Use space bar to display choices press Return or Enter to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu Figure 60 MAC Security Port Configuration screen 2 of 2 a N MAC Security Port Configuration Port Trunk Security 15 Disabled 16 Disabled 17 Disabled 18 Disabled 19 Disabled 20 Disabled 21 Disabled 22 Disabled 23 Disabled 24 Disabled Switch Enable Stack Enable Press Ctrl P to display choices for ports 1 14 Use space bar to display choices press Return or Enter to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu M P Using the Business Policy Switch 2000 Version 1 2 176 Chapter 3 Using the console interface Table 18 describes the MAC Security Port Configuration screen fields Table 18 MAC Security Port Configuration screen fields Field Description Port Displays a numbered port list Trunk Displays the trunk number if the port is a member of that trunk Default blank field Security This field value determines whether or not security
348. t Loss Sensitive Standard To change the DSCP to an 802 1p priority 1 Click the Application gt QoS gt QoS Advanced gt Devices gt DSCP Mapping menu option The DSCP Mapping page opens Figure 124 2 Click the Modify icon of DSCP 0x1 The DSCP Mapping page opens Figure 125 for DSCP 0x1 Using the Business Policy Switch 2000 Version 1 2 322 Chapter 5 Sample QoS configuration Figure 125 DSCP Mapping page Application gt QoS gt QoS Advanced gt Devices gt DSCP Mapping d DSCP Mapping Modification DSCP Ox1 802 1p Priority fo y Drop Precedence Not Loss Sensitive y Service Class Standard y In the 802 1 User Priority field choose 1 In the Drop Precedence field choose Not Loss Sensitive In the Service Class field choose Standard Click Submit oa fF o The DSCP Mapping page opens with the updated information Figure 126 208700 B Chapter 5 Sample QoS configuration 323 Figure 126 DSCP Mapping page Application gt QoS gt QoS Advanced gt Devices gt DSCP Mapping EN ER abie Exi 0x0 J Loss Sensitive Standard El 0x1 1 Not Loss Sensitive Standard El Ox2 0 Not Loss Sensitive Standard El 03 0 Not Loss Sensitive Standard El 0x4 0 Not Loss Sensitive Standard El 0x5 0 Not Loss Sensitive Standard El De D Not Loss Sensitive Standard El Ox D Not Loss Sensitive Standard El 0x8 2 Not Loss Sensitive Bronze El oe 0 Not Loss Sensitive Standard El OxA 2 Loss Sensitive Bronz
349. t Tagging field on VLAN Port Configuration screen Is filtering correct Set tagged untagged unregistered filters if necessary Is Port Priority correct Set Port Priority See also the Traffic Class Configuration screen if necessary Are all VLANs configured Key gt Off page reference O On page reference BS45048C 208700 B Appendix D Quick steps to features 373 Configuring MultiLink Trunks To create or modify a MultiLink Trunk follow the flowchart in Figure 144 To open the MultiLink Trunk Configuration screen Choose MultiLink Trunk Configuration or press t from the MultiLink Trunk Configuration Menu screen Figure 144 Configuring MultiLink Trunks MultiLink Trunk Configuration screen Are all Configure trunk members trunk members see MultiLink Trunking configured Configuration Rules l k STP Enabled Configure STP field Enable Trunk Status field see MultiLink Trunking Configuration Rules Is trunk Enabled Key gt Off page reference O On page reference BS45050A Using the Business Policy Switch 2000 Version 1 2 374 Appendix D Quick steps to features Configuring Port Mirroring To create or modify port mirroring ports follow the flowcharts in Figure 145 and Figure 146 To open the Port Mirroring Configuration screen Choose Port Mirroring Configuration
350. t mit der Baudrate des Attention Si vous s lectionnez un d bit diff rent de celui de votre terminal vous perdrez le contact avec l interface de votre console d s que vous appuierez sur Entr e Pour restaurer la communication alignez le d bit de votre terminal sur le nouveau d bit de votre port de service Precauci n Si selecciona una velocidad de transmisi n que no coincide con la velocidad de transmisi n del terminal de la consola perder la comunicaci n con el interfaz de la consola al pulsar Intro Si se pierde la comunicaci n ajuste el terminal de la consola para que coincida con el nuevo valor del puerto de servicio corrispondente a quella del terminale della console la comunicazione con l interfaccia della console cadr premendo il tasto Invio Se la comunicazione cade impostare il terminale della console in modo tale che corrisponda alla nuova impostazione della porta di servizio Sa Attenzione Nel caso in cui si scelga una velocita di trasmissione non Hm IVY So Ss FIOM LL HES O TUE TR L heBRGF c Enter eHLEESIC 217 VL T4727r4ACO DBEGESUTCUZU XS cO amp l li amp S LU E A AR FERIA DAI IYY IL F SHFIWERELTCESEL Console Switch Password Type Enables password protection for accessing the console interface Cl of a standalone switch through a console terminal If you set this field to Required you can use the Logout option to restrict a
351. t runs to completion the process can take up to 10 minutes depending on network conditions Note If problems occur during the software download process refer to Chapter 6 During the download process the Business Policy Switch is not operational You can monitor the progress of the download process by observing the LED indications Configuration File Menu screen The Configuration File Menu screen Figure 97 allows you to upload and download the configuration parameters of a BPS 2000 switch or stack to a TFTP server With software version 1 2 or higher you can also download an ASCII configuration file from a TFTP server These options allow you to store your switch stack configuration parameters on a TFIP server You can retrieve the configuration parameters of a standalone switch or an entire stack and use the retrieved parameters to automatically configure a replacement switch or stack You must set up the file on your TFTP server and set the filename read write permission to enabled before you can save the configuration parameters To open the Configuration File Menu screen Choose Configuration File Menu from the main menu Using the Business Policy Switch 2000 Version 1 2 262 Chapter 3 Using the console interface Figure 97 Configuration File Menu screen a Configuration File Menu Configuration File Download Upload Ascii Configuration File Download Return to Main Menu Use arrow key
352. ta displayed in the Trunk column indicates the trunk 1 to 6 that corresponds to the switch ports specified in the user configurable Trunk Members fields Trunk Members Unit Port The Trunk Members column contains fields in each row that can be configured to create the corresponding trunk The Unit value in the Unit Port field is configurable only when the switch unit is part of a stack configuration It indicates that the trunk members in this row are associated with the specified unit number configured in the Unit field Each switch port can only be a member of a single trunk Default Value Blank Range 1 to 8 or 1 to 28 depending on model type STP Learning The STP Learning column contains a single field for each row that when enabled allows the specified trunk to participate in the spanning tree This setting overrides those of the individual trunk members Fast is the same as Normal except that the state transition timer is shortened to two seconds Default Value Normal Range Normal Fast Disabled Trunk Mode The Trunk Mode column contains a single read only field for each row that indicates the default operating mode for the switch Basic Basic mode is the default mode for the switch When in this mode source MAC addresses are dynamically assigned to specific trunk members for flooding and forwarding which allows the switch to stabilize and distribute the data streams of source addresses across the tr
353. tandardized protocol IEEE 802 3u that exists between two IEEE 802 3u capable devices Autonegotiation allows the switch to select the best of both speed and duplex modes Autosensing is used when the attached device is not capable of autonegotiation or is using a form of autonegotiation that is not compatible with the IEEE 802 3u autonegotiation standard In this case because it is not possible to sense the duplex mode of the attached device the Business Policy Switch reverts to half duplex mode When autonegotiation capable devices are attached to the Business Policy Switch the ports negotiate down from 100 Mb s speed and full duplex mode until the attached device acknowledges a supported speed and duplex mode For more information about autosensing and autonegotiation modes see Chapter 6 Troubleshooting on page 327 For information on configuring autonegoitation using the CI menus refer to Chapter 3 To configure this feature using the Web based management system refer to Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 To use Device Manager DM to configure this feature refer to Reference for the Business Policy Switch 2000 Management Software Version 1 2 And to configure this feature using CLI commands refer to Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 book BootP automatic IP configuration MAC address Beginning with software version 1
354. tch 2000 Version 1 2 98 Chapter 2 Network configuration Removing a unit from the stack If a unit is removed from the stack therefore operating in standalone mode the following switch configuration settings revert back to the settings configured before the unit became a member of the stack e JP address e Password console Web Telnet SNMP including DM e Stack operational mode SNMP community strings Stack configurations As shown in Figure 14 the cascade connectors and cables on the BayStack 400 ST1 Cascade Module front panel provide the ability to stack up to 8 switches With BPS 2000 MDAs installed in each switch the stack can accommodate a maximum of 224 switch ports Because stack parameters are associated with the base unit see Base unit the physical stack order depends on the base unit s position and whether the stack is configured stack up or stack down Stack up configurations In Figure 14 data flows from the base unit unit 1 to the next switch which is assigned as unit 2 and continues until the last switch in the stack is assigned as unit 8 The physical order of the switches is from bottom to top unit 1 to unit 8 208700 B Chapter 2 Network configuration 99 Figure 14 Stack up configuration example
355. terface 223 Table 38 IGMP Configuration screen fields continued Field Description Proxy Allows the switch to consolidate IGMP Host Membership Reports received on its downstream ports and to generate a consolidated proxy report for forwarding to its upstream neighbor This field affects all VLANs for example if you disable proxy on the VLAN specified in the screen s VLAN field ALL VLANs are disabled for proxy The Proxy field cannot be disabled unless the Snooping field is enabled Default Value Enabled Range Enabled Disabled Robust Value Allows a user to set the switch to offset expected packet loss on a subnet If packet losses on a subnet are unacceptably high the Robust Value field can be increased to a higher value This field affects only the VLAN specified in the screen s VLAN field for example if you change the robust value on the VLAN specified in the screen s VLAN field other VLANs are not affected Default Value 2 Range 1 to 256 Query Time Allows a user to control the number of IGMP messages allowed on the subnet by varying the Query Interval the Query Interval is the interval between general queries sent by the multicast router This field affects only the VLAN specified in the screen s VLAN field for example if you change the Query Time value field on the VLAN specified in the screen s VLAN field other VLANs are not affected Default Value 125 seconds Range 1 to
356. the option If the switch is participating in a stack configuration additional prompts allow you to choose to reset a specific unit in the stack or the entire stack When you select this option the switch resets runs a self test then displays the Nortel Networks logo screen Press Ctrl Y to access the Business Policy Switch main menu NOTE The following items do NOT reset Stack Operational Mode Reset Count and Reason for Last Reset Caution If you choose the Reset to Default Settings option all of your configured settings will be replaced with factory default settings when you press Enter Achtung Bei Auswahl des Befehls zur R cksetzung auf die Standardeinstellungen werden alle von Ihnen konfigurierten Einstellungen durch die werkseitigen Standardeinstellungen ersetzt wenn Sie die Eingabetaste dr cken Attention Si vous restaurez la configuration usine votre configuration courante sera remplac e par la configuration usine d s que vous appuierez sur Entr e Precaucion Si selecciona el comando Restaurar valores predeterminados todos los valores de configuraci n se sustituir n por las valores predeterminados en f brica al pulsar Intro Attenzione Nel caso in cui si selezioni la reimpostazione dei valori di default tutte le impostazioni configurate verranno sostituite dai default di fabbrica premendo il tasto Invio m FIIL OREI EY hk IZY FERIR 4 4t HW ito023 224 7v aN Oe
357. the specified ports For more information about using the IGMP snooping feature refer to Chapter 1 for additional guidelines on configuring VLANs IGMP and spanning tree groups and Chapter 3 See also Appendix D for configuration flowcharts that can help you use this feature Using the Business Policy Switch 2000 Version 1 2 128 Chapter 2 Network configuration IEEE 802 1p prioritizing For more information on prioritizing traffic refer to Chapter 4 Policy enabled networks You can use the VLAN Configuration screens to prioritize the order in which the switch forwards packets on a per port basis For example if messages from a specific segment are crucial to your operation you can set the switch port connected to that segment to a higher priority level by default all switch ports are set to low priority Untagged packets received by the switch on that port are tagged according to the priority level you assign to the port see Figure 38 Figure 38 Prioritizing packets Before CRC _ ee Port configuration Data parameters Port1 Port2 Port3 P ee DA 802 1Q Switch High Fa Port 5 LO gt 5 gt transmit z CRC Data Tag sa Da L a queue a Low Recalculated Port 6 Port 7 Port 8 Untagged member CRC 8100 Priority 26 CFI VID
358. the stack configuration must be set to Off down Cascade A In connector Provides an attachment point for accepting a cascade cable connection from an adjacent unit in the stack A return cable from this unit s Cascade A Out connector to the adjacent unit s Cascade A In connector completes the stack connection see the example shown in Figure 13 Figure 13 Connecting cascade cables Cascade A Out Cascade A In Redundant Power 5 Cascade Module e E Unit 1 9812EA 1 Base unit 303978 A cascade cable 303978 A cascade cable used for return Using the Business Policy Switch 2000 Version 1 2 96 Chapter 2 Network configuration Base unit Note For stacking three or more units maximum 8 units per stack order the optional 1 meter 39 27 inch cascade max return cable order number AL2018001 The base unit is the unique stack unit that you configure with the Unit Select switch on the front panel of the BayStack 400 ST1 Cascade Module One Business Policy Switch in the stack must be configured as the base unit all other units in the stack must have their Unit Select switch set to Off see Unit Select switch You can assign any single Business Policy Switch as the base unit If you are configuring a mixed stack refer to Appendixes for base unit instructions The physical ordering of all of the other un
359. the switch Default Value Zero length string Range Any ASCII string of up to 56 printable characters sysName A name that uniquely identifies the switch Default Value Zero length string Range Any ASCII string of up to 56 printable characters sysLocation The physical location of the switch Default Value Zero length string Range Any ASCII string of up to 56 printable characters 1 Although this field can be set to up to 255 characters from a Network Management Station NMS only 56 characters are displayed on the console terminal Switch Configuration Menu screen The Switch Configuration Menu screen Figure 55 allows you to set or modify your switch configuration Note The High Speed Flow Control Configuration option only appears when an optional Gigabit MDA is installed Choose Switch Configuration or press w from the main menu to open the Switch Configuration Menu screen Table 14 208700 B Chapter 3 Using the console interface 165 Figure 55 Switch Configuration Menu screen O B Switch Configuration Menu MAC Address Table MAC Address Security Configuration EAPOL Security Configuration VLAN Configuration Port Configuration High Speed Flow Control Configuration MultiLink Trunk Configuration Port Mirroring Configuration Rate Limiting Configuration IGMP Configuration Display Port Statistics Clear All Port Statistics Stack Operational Mode Return t
360. thin the packet Protocol based VLANs can localize broadcast traffic and assure that only the protocol based VLAN ports are flooded with the specified protocol type packets The maximum number of available protocols is 14 e MAC source address SA based VLANs A MAC SA based VLAN is a VLAN in which you assign switch ports as members of a broadcast domain based on the source MAC address information within the packet MAC SA based VLANS can be used to provide a MAC level security scheme to organize and group different users The maximum number of available MAC SA based VLANS is 48 Policy based VLANS are determined by the information within the packet A port can be a member of multiple policy based VLANs The order in which the rules for VLAN classification are applied are 1 Is the packet tagged 2 Does the packet belong in a MAC SA based VLAN 3 Does the packet belong in a protocol based VLAN If none of the criteria applies the packet belongs in the VLAN identified by the PVID of the ingress port See Chapter 2 Network configuration for more information In addition you configure VLANs as e Shared VLAN Learning SVL mode Multiple VLANs use a single forwarding database Using the Business Policy Switch 2000 Version 1 2 65 OR Independent VLAN Learning IVL mode Each VLAN uses a unique forwarding database The IVL mode is only an option when using the Business Policy Switch 2000 you must use the SVL
361. through a policy with interface groups Packets received from any port that is in an interface group are classified with the same filters Using the Business Policy Switch 2000 Version 1 2 280 Chapter 4 Policy enabled networks Each group of filters is associated with actions that are executed when the packet matches the filters in the group The filter group and the associated actions meters and interface groups are referenced by a policy which dictates the overall traffic treatment Filters are associated with an interface group action and metering through a policy There are two levels of precedence that both work from the lowest order to the highest e order of filters in a filter group order of policies Note Among policies any policy with a Layer 2 filter group must have a lower precedence higher order than any policy with an IP filter group Layer 2 filters There are 14 available layer 2 filters in the BPS 2000 The layer 2 filters are used to classify traffic based on the following criteria e Layer 2 information including VLAN ID IEEE 802 1p priority and etherType e Layer 3 information including DSCP and IP protocol such as TCP UDP e Layer 4 information including TCP UDP port ranges Note If a layer 2 filter specifies layer 3 or layer 4 information that filter must match IP traffic only Layer 2 classifiers can be associated with the following actions e Drop matching packets e
362. times referred to as conversation steering allows you to designate a single switch port as a traffic monitor for up to two specified ports or two media access control MAC addresses You can specify port based monitoring where all traffic on specified ports is monitored or address based monitoring where traffic between specified MAC addresses is monitored You can attach a probe device such as a Nortel Networks StackProbe or equivalent to the designated monitor port For more information about the port mirroring feature refer to Chapter 2 Network configuration For information on configuring port mirroring using the CI menus refer to Chapter 3 To configure this feature using the Web based management system refer to Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 To use Device Manager DM to configure this feature refer to Reference for the Business Policy Switch 2000 Management Software Version 1 2 And to configure this feature using CLI commands refer to Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 book Autosensing and autonegotiation The Business Policy Switches are autosensing and autonegotiating devices e The term autosense refers to a port s ability to sense the speed of an attached device Using the Business Policy Switch 2000 Version 1 2 Chapter 1 The Business Policy Switch 2000 79 e The term autonegotiation refers to a s
363. tion such as Web provisioned bandwidth site streaming video Competes for additional bandwidth Non real time mission Silver Transaction processing Medium priority scheduling providing guaranteed minimum provisioned bandwidth Competes for additional bandwidth 208700 B Chapter 4 Policy enabled networks 279 Table 56 Service classes continued Traffic category Service class Application type Required treatment Non real time mission Bronze For example E mail FTP Lower priority scheduling critical non interactive SNMP providing guaranteed minimum provisioned bandwidth Competes for additional bandwidth Non real time Standard Bulk transfer such as large Best effort delivery Uses non mission critical FTP transfers after hours remaining available bandwidth tape backup Packet classifiers or filters Packet classifiers or filters select packets according to a particular content in the packet header such as the source address destination address source port number destination port number and others Packet classifiers identify flows for more processing You can create the following two types of filter groups e Layer 2 filters e IP filters A filter group is an ordered list of filters Filters can be added to or deleted from an existing group Note Layer 2 and IP filters cannot coexist in the same group gt A filter or filter group is associated
364. tion screen on page 183 This screen allows you to set up Extensible Authentication Protocol over LAN EAPOL based security VLAN Configuration Displays the VLAN Configuration Menu see VLAN Configuration Menu screen on page 187 This menu provides the following options VLAN Configuration MAC Addresses for MAC SA Based VLAN VLAN Port Configuration and VLAN Display by Port This menu allows you to create and modify VLANs and to enable the automatic PVID feature Port Configuration Displays the Port Configuration screen see Port Configuration screen on page 201 This screen allows you to configure a specific switch port all switch ports or when in a stack configuration all stack ports High Speed Flow Control Configuration Only appears when an optional Gigabit MDA is installed in the Uplink Module slot When the Gigabit MDA is installed selecting this option displays the High Speed Flow Control Configuration screen see High Speed Flow Control Configuration screen on page 204 MultiLink Trunk Configuration Displays the MultiLink Trunk Configuration Menu see MultiLink Trunk Configuration Menu screen on page 207 This menu provides the following options MultiLink Trunk Configuration and MultiLink Trunk Utilization This menu allows you to create and modify trunks and to monitor the bandwidth utilization of configured trunks Port Mirroring Configuration Display
365. tivity Network Management and IP Services section Using the Business Policy Switch 2000 Version 1 2 292 Chapter 4 Policy enabled networks 208700 B 293 Chapter 5 Sample QoS configuration You can configure QoS using the Common Open Policy Services COPS the CLI the Web based management system SNMP or Device Manager This section presents a sample QoS configuration using the Web based management system using the QoS Advanced pages For more information on configuring QoS with the Web based management system refer to Using Web based Management for the Business Policy Switch 2000 Software Version 1 2 For information on configuring QoS with other management systems refer to Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 and Reference for the Business Policy Switch 2000 Command Line Interface Software Version 1 2 You can configure QoS using the embedded Web based QoS Wizard in the The QoS Wizard allows you to configure simplified policies and common filters to control the behavior of network traffic in your standalone or stack switch configuration In addition you can prioritize a VLAN to receive better service than others Warning Nortel Networks recommends that you use the QoS Wizard N for your initial configuration only Each time the QoS Wizard is initiated all existing configurations are reset to the default values After you complete the initial QoS Wizard
366. to Main Menu Untagged Access Disabled B p it a ii P Figure 33 shows the VLAN Port Configuration screen after it is configured to support the PVID assignment for port 8 as shown in Figure 29 Port Name is optional The PVID VLAN association for VLAN 3 is now PVID 3 Using the Business Policy Switch 2000 Version 1 2 120 Chapter 2 Network configuration Figure 33 VLAN Port Configuration screen example O VLAN Port Configuration N Unit 1 Port 8 Filter Tagged Frames No Filter Untagged Frames No Filter Unregistered Frames No Port Name Student port PVID 3 Port Priority 0 Tagging Untagged Access AutoPVID all ports Disabled Use space bar to display choices press Return or Enter to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu i VLAN workgroup summary This section summarizes the VLAN workgroup examples discussed in the previous sections of this chapter As shown in Figure 34 Switch S1 Business Policy Switch is configured with multiple VLANs e Ports 1 6 11 and 12 are in VLAN 1 e Ports 2 3 4 7 and 10 are in VLAN 2 e Port 8 is in VLAN 3 Because S4 does not support 802 1Q tagging a single switch port on each switch must be used for each VLAN see VLANS spanning multiple untagged switches The connection to S2 requires only one link between the switc
367. to di r to di Enabled 2 Enabled 128 4 Enabled 128 10 Enabled 128 4 Enabled 128 10 Enabled 128 4 Forwardi Enabled 128 10 Forwarding More splay 3 26 dis eturn or Enter to select choice Press Ctrl C to return to Main Menu S2 Port Conf iguration screen 9808EA If Switch S2 s trunk member port 11 is physically disconnected and then reconnected to port 13 the Spanning Tree Port Configuration screen for Switch S1 changes to show port 6 in the Blocking state Figure 45 Using the Business Policy Switch 2000 Version 1 2 138 Chapter 2 Network configuration Figure 45 Example 2 detecting a misconfigured port Spanning Tree Port Configuration Port Trunk Participation E Path Cost State 1 Enabled 128 10 Forwarding 2 1 Enabled 128 4 Forwarding 3 Enabled 128 10 Forwarding 4 1 Enabled 128 4 Forwarding 5 Enabled 128 10 Forwarding Blocki 6 1 Enabled 128 4 Blocking 7 Enabled 128 10 Forwarding ocking a Enabled 128 10 Forwarding 3 Enabled 1 128 10 Forwarding 10 Enabled 128 10 Forwarding 1 Enabled 128 10 Forwarding 12 Enabled 128 10 Forwarding More s 13 26 gt or Enter to select choice Press Ctrl C to return to Main Menu S1 Port Configuration screen 84 om BEEN Policy Switch Business Policy Switch 200
368. to return to Main Menu Se P Table 42 describes the Console Comm Port Configuration screen fields Table 42 Console Comm Port Configuration screen fields Field Description Comm Port Data Bits A read only field that indicates the current console comm port data bit setting Comm Port Parity A read only field that indicates the current console comm port parity setting Comm Port Stop Bits A read only field that indicates the current console comm port stop bit setting Console Port Speed Allows you to set the console comm port baud rate to match the baud rate of the console terminal Default Value 9600 Baud Range 2400 Baud 4800 Baud 9600 Baud 19200 Baud 38400 Baud a Caution If you choose a baud rate that does not match your console terminal baud rate you will lose communication with the configuration interface when you press Enter If communication is lost set your console terminal to match the new service port setting 208700 B Chapter 3 Using the console interface 233 Table 42 Console Comm Port Configuration screen fields continued Field Description Konsolenterminals bereinstimmt geht die Kommunikation mit der Konsolenschnittstelle verloren wenn Sie die Eingabetaste dr cken Stellen Sie in diesem Fall das Konsolenterminal so ein daB es mit der neuen Einstellung der Service Schnittstelle bereinstimmt a Achtung Bei Auswahl einer Baud rate die nich
369. to this port Activity Port activity LEDs green Blinking Indicates network activity level for the corresponding port A high level of network activity can cause LEDs to appear to be on continuously 1000BASE X SC port connectors 1000BASE LX 450 1LR MDA and 450 1LX MDA A Warning This is a Class 1 Laser LED product It contains a laser light source that can injure your eyes Never look into an optical fiber or connector port Always assume that the fiber optic cable or connector is connected to a laser light source Vorsicht Dieses Laser LED Produkt der Klasse 1 enth lt eine Laserlichtquelle die zu Augenverletzungen f hren kann Sehen Sie nie in einen Lichtwellenleiter oder Glasfaserstecker Port Gehen Sie immer davon aus daf das Glasfaserkabel oder der Glasfaserstecker an eine Laserlichtquelle angeschlossen ist 208700 B Appendix C Media dependent adapters 351 Avertissement Ceci est un appareil Laser DEL de Classe 1 Cet appareil contient une source lumineuse a rayons laser dangereuse pour les yeux Ne regardez jamais directement une fibre optique ou un port de connexion Agissez toujours comme si le cable de fibres optiques ou le connecteur tait reli une source lumineuse rayons laser Advertencia ste es un producto l ser LED de Clase 1 Contiene una fuente de luz l ser que puede causar lesiones en los ojos Nunca mire dentro de un cable o de un puerto
370. ts licensors confidential and proprietary intellectual property Licensee shall not sublicense assign or otherwise disclose to any third party the Software or any information about the operation design performance or implementation of the Software and user manuals that is confidential to Nortel Networks and its licensors however Licensee may grant permission to its consultants subcontractors and agents to use the Software at Licensee s facility provided they have agreed to use the Software only in accordance with the terms of this license 3 Limited warranty Nortel Networks warrants each item of Software as delivered by Nortel Networks and properly installed and operated on Nortel Networks hardware or other equipment it is originally licensed for to function substantially as described in its accompanying user manual during its warranty period which begins on the date Software is first shipped to Licensee If any item of Software fails to so function during its warranty period as the sole remedy Nortel Networks will at its discretion provide a suitable fix patch or workaround for the problem that may be included in a future Software release Nortel Networks further warrants to Licensee that the media on which the Software is provided will be free from defects in materials and workmanship under normal use for a period of 90 days from the date Software is first shipped to Licensee Nortel Networks will replace defective media at no charge
371. uding ARP 8035 RARP Ether2 809B 80F3 ApITk Ether2Snap 8100 IEEE 802 1Q for tagged frames 8137 8138 Ipx 80D5 SNA Ether2 86DD Ipv6 Ether2 8808 Ipx 802 3 Ipx 802 3 Ethernet 802 2 Ipx 802 2 Ethernet 802 Using the Business Policy Switch 2000 Version 1 2 196 Chapter 3 Using the console interface MAC Address Configuration for MAC SA Based VLAN screen The MAC Address Configuration for MAC SA Based VLAN screen Figure 68 allows you to configure specific MAC SA based VLANs This screen allows you to select a MAC SA based VLAN Figure 68 MAC Address Configuration for MAC SA Based VLAN screen MAC Address Configuration for MAC SA Based VLAN MAC SA Based VLAN Display Create MAC Address 00 00 00 00 00 00 MAC Address State Delete KEY Select MAC address Use space bar to display choices or enter text Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu Table 26 describes the MAC Address Configuration for MAC SA Based VLAN screen fields Table 26 MAC Address Configuration for MAC SA Based VLAN screen fields Field Description MAC SA Based Allows you to select a MAC SA based VLAN VLAN Default The least valued active MAC SA based VLAN will be displayed Range 2 to 4094 must be a currently active MAC SA based VLAN Display Create Allows you to enter a MAC address If the address is already present in the selected MAC Address MAC SA based VLAN its state i
372. ueries to the LAN and listens for a response from end stations All of the clients connected to switches S1 to S4 are aware of the queries from the router 208700 B Chapter 2 Network configuration 125 One client connected to S2 responds with a host membership report Switch S2 intercepts the report from that port and generates a proxy report to its upstream neighbor S1 Also two clients connected to S4 respond with host membership reports causing S4 to intercept the reports and to generate a consolidated proxy report to its upstream neighbor S1 Figure 36 Business Policy Switch filtering IP multicast streams 1 of 2 Internet Designated router Consolidated BN Host report membership query Business Policy Switch 2000 Business Policy Swtich 2000 3 E Business Policy Host Swtich 2000 membership Host report Ea membership report oF BS45022C Switch S1 treats the consolidated proxy reports from S2 and S4 as if they were reports from any cli
373. unk members Trunk Status The Trunk Status column contains a single field for each row that allows users to enable or disable any of the trunks Default Value Disabled Range Enabled Disabled Trunk Name The Trunk Name column contains a single optional field in each row that can be used to assign names to the corresponding configured trunks The names chosen for this example can provide meaningful information to the user for example S1 T1 to FS2 indicates Trunk 1 in switch S1 connects to File Server 2 208700 B Chapter 3 Using the console interface 211 MultiLink Trunk Utilization screen The MultiLink Trunk Utilization screen Figure 76 and Figure 77 allows you to monitor the percentage of bandwidth used by configured trunk members You can choose the type of traffic to monitor Figure 76 shows an example of bandwidth utilization rates for trunk member ports Because two screens are necessary to show all of the configured trunks up to six the screen prompts you to Press Ctrl N to view trunks five and six m Choose MultiLink Trunk Utilization or press u from the MultiLink Trunk Configuration Menu screen to open the MultiLink Trunk Utilization screen Figure 76 MultiLink Trunk Utilization screen 1 of 2 G MultiLink Trunk Utilization UN Trunk Traffic Type Unit Port Last 5 Minutes Last 30 Minutes Last Hour il Rx and Tx 3 6 90 0 70 0 90 0 3 7 20 0 55 0 80 0 3 9 35 0 45 0 45 0 3 17 85 0 35
374. unning use the console interface CI menus or the Web based management system e Cl menus From the main menu of the console choose Systems Characteristics menu The software currently running is displayed in sysDescr e Web based management system Open the System Information page which is under Administration on the main menu The software currently running is displayed in the sysDescription field Using the Business Policy Switch 2000 Version 1 2 340 Appendix B Interoperability in a mixed stack configuration You can use 256 port protocol and MAC SA based VLANs for the stack with a Pure BPS 2000 stack running software version 1 2 The maximum number available of MAC SA based is 48 If you are working with a mixed or hybrid stack you can use 64 VLANs for the entire stack When you change from a Pure BPS 2000 Stack mode to a Hybrid Stack mode e If you have up to 64 VLANs on the Pure BPS 2000 Stack they will be retained when you change to a Hybrid Stack e If you have more than 64 VLANs on the Pure BPS 2000 Stack you will lose them all The Hybrid Stack will return to the default VLAN configuration Also a mixed or hybrid stack does not support multiple Spanning Tree Groups STG You have a single instance of STG when working with a mixed stack Setting up your mixed stack configuration To set up a mixed stack configuration follow the basic instructions regarding Business Policy Switch configuration detail
375. ur octet dotted decimal notation where each octet is represented as a decimal value separated by a decimal point Allowed Source Mask Specifies up to 10 user assigned allowed source address masks The remote IP address is masked with the Allowed Source Mask and if the resulting value equals the Allowed Source IP address the connection is allowed For example a connection would be allowed with the following settings Remote IP address 192 0 1 5 Allowed Source IP Address 192 0 1 0 Allowed Source Mask 255 255 255 0 Default Value 0 0 0 0 no IP mask assigned Range Four octet dotted decimal notation where each octet is represented as a decimal value separated by a decimal point 208700 B Chapter 3 Using the console interface 257 Software Download screen The Software Download screens Figure 95 and Figure 96 allow you to revise the Business Policy Switch software image that is located in nonvolatile flash memory Caution Do not interrupt power to the device during the software download process If the power is interrupted the firmware image can become corrupted Achtung Unterbrechen Sie die Stromzufuhr zum Ger t nicht w hrend die Software heruntergeladen wird Bei Unterbrechung der Stromzufuhr kann das Firmware Image besch digt werden Attention Ne pas couper l alimentation de l appareil pendant le chargement du logiciel En cas d interruption le programme r siden
376. uration Figure 10 Configuring power workgroups and a shared media hub Business Policy Switch __ __ 2000 F 8 BayStack 303 switch s F alo E 100BASE TX rn l Q hub gt aaa lara ls Server Accelar 1100 switch BayStack 304 Key switch 10 Mb s 100 Mb s m 1000 Mb s Gigabit am 9841EA Fail safe stack application Figure 11 shows an example of eight Business Policy Switches that are stacked together as a single managed unit If any single unit in the stack fails the remaining stack remains operational without interruption As shown in Figure 11 the Passport 1100 switch is used as a backbone switch connecting to the Business Policy Switch with an optional gigabit 1000BASE SX MDA for maximum bandwidth This configuration uses optional BayStack 400 ST1 Cascade Modules to connect the switches in the fail safe stack For an overview of the fail safe stacking feature that is available for the Business Policy Switches see Business Policy Switch stack operation 208700 B Chapter 2 Network configuration 93 Figure 11 Fail F um gor AAA Ll E OA safe stack example Up to 24 users Busi
377. uration choose one of the following Clear all port statistics for a specific unit in the stack Clear all port statistics for the entire stack No to abort the option Stack Operational Mode Displays the stack operational mode screen which provides information about the types of switches in your stack See Stack Operational Mode screen on page 230 for details The Pure BPS 2000 Stack Mode field indicates that your stack contains only Business Policy Switches The Hybrid Stack Mode field indicates that your stack consists of switches other than or in addition to Business Policy Switch es MAC Address Table screen The MAC Address Table screen Figure 56 allows you to view MAC addresses that the switch has discovered or to search for a specific MAC address Choose MAC Address Table or press m from the Switch Configuration Menu screen to open the MAC Address Table screen Figure 56 Using the Business Policy Switch 2000 Version 1 2 168 Chapter 3 Using the console interface Figure 56 MAC Address Table Screen O N MAC Address Table Aging Time 300 seconds Find an Address 00 00 00 00 00 00 Select VLAN ID L Number of addresses 51 00 00 81 65 20 02 Unit 2 Port 24 00 00 81 C1 9B 81 Unit 2 Port 24 00 00 81 C1 F6 81 Unit 2 Port 24 00 03 4B 40 2B F4 Unit 2 Port 24 00 08 C7 02 C4 C0 Unit 2 Port 24 00 08 C7 20 CC AE Unit 2 Port 24 00 08 C7 90 2E E5 Unit 2 Port 24 00 20 A
378. uration or press g from the Switch Configuration Menu screen Using the Business Policy Switch 2000 Version 1 2 222 Chapter 3 Using the console interface Figure 82 IGMP Configuration screen A IGMP Configuration VLAN 1 Snooping Enabled Enabled Robust Value 2 125 seconds Version 1 Query Time Proxy Set Router Ports Static Router Ports 1 6 7 12 13 18 19 24 Unit 1 lt A s 2 pia ett Unit 2 SS eet Heine 9 eee os KEY X IGMP Port Member and VLAN Member Not an IGMP Member Use space bar to display choices press lt Return gt or lt Enter gt to select choice Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu Table 38 describes the IGMP Configuration screen fields Table 38 IGMP Configuration screen fields Field Description VLAN Allows you to set up or view IGMP VLAN configurations on specified VLANs You can use the space bar to toggle to any existing IGMP VLAN configurations the maximum number of VLANs that can be displayed is 256 Default Range 4 1 to 4094 Snooping Allows you to enable or disable IGMP Snooping This field affects all VLANs for example if you disable snooping on the VLAN specified in the screen s VLAN field ALL VLANs are disabled for snooping Default Value Range Enabled Enabled Disabled 208700 B Chapter 3 Using the console in
379. ure 64 Figure 65 Figure 66 Figure 67 VLAN Port Configuration screen example llus 120 VLAN configuration spanning multiple switches 121 IP Multicast propagation with IGMP routing 2 0 124 Business Policy Switch filtering IP multicast streams 1 of 2 125 Business Policy Switch filtering IP multicast streams 2 of 2 126 PHORZING PACKOS lt span 128 Switch to switch trunk configuration example issus 130 Switch to server trunk configuration example 2 05 131 Client server configuration example 00000 eee eee 132 Loss of distributed trunk members 000 eee eee eee eee 195 Path Cost arbitration example leeren 136 Example 1 correctly configured trunk 02000 eee 137 Example 2 detecting a misconfigured port 2 005 138 Port based mirroring configuration example 141 Port Mirroring Configuration port based screen example 142 Address based mirroring configuration example 143 Port Mirroring Configuration address based screen example 145 Map of console interface screens 0 02 e eee 150 Console interface main menu ooococccccc less 152 IP Configuration Setup screen o ooocccccoco eese 155 SNMP Configuration SCIS6N xasecesscotueuc e GE RRRERR AS ee REA 160 System Characteristics screen 0 0 cc
380. ure 76 MultiLink Trunk Utilization screen 1 0f2 oo o oo oooo 211 Figure 77 MultiLink Trunk Utilization screen 20f2 ooo o oo oooo 212 Figure 78 Port Mirror Configuration screen 0 00 cee eee 214 Figure 79 Rate Limiting Configuration screen 1 of 2 00 0000 217 Figure 80 Rate Limiting Configuration screen 2 of 2 oooo o ooooo oo 218 Figure 81 IGMP Configuration Menu screen 00 00 cee ee 220 Figure 82 IGMP Configuration screen iuuucuusocanke rau eee eee XC d 222 Figure 83 Multicast Group Membership screen 20000e cee eeee 225 Figure 84 Port Statistics Screen 124 seed deeeee civ ines dor 227 Figure 85 Stack Operational Mode screen 000 cece eee eee 230 Figure 86 Console Comm Port Configuration screen 0000020e ee 232 Figure 87 Renumber Stack Units screen 00 000 cece eee 238 Figure 88 Hardware Unit Information screen 02 eee eee eee 240 Figure 89 Spanning Tree Configuration Menu 00 cece eee eee 241 Figure 90 Spanning Tree Group Configuration 0000 cee eee eee 243 Figure 91 Spanning Tree Port Configuration 0000 cece eee eee 246 Figure 92 Spanning Tree Switch Settings 0000 eee eee 249 Figure 93 Spanning Tree VLAN Membership screen 0 00005 253 Figure 94 TELNET SNMP Web Access Configuration screen 254 Figure 95 Software Download scree
381. use to create up to 448 MAC address entries 28 per screen Figure 63 MAC Address Security Table screens MAC Address Security Table N Find an Address 00 00 00 00 00 00 y MAC Address Allowed Source MAC Address Allowed Source Screen 1 Y Passa N Press Ctrl N to display next sckeen Enter MAC Address xx xx xx xx x3 xx press Return or Enter when complete Press Ctrl R to return to previous WNnenu 2 MAC Address Security Table MAC Address Security Table Find an Address 00 00 00 00 00 00 MAC Address Allowed Source MAC Address Allowed Source MAC Address Security Table Find an Address 00 00 00 00 00 00 Allowed Source MAC Address Allow Screen 16 MAC Address ed Source Screen 16 Press Ctrl P to display previous screen Enter MAC Address XX XX XX XX XX XX press lt Return gt or lt Enter gt when complete Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu Choose MAC Address Security Table from the MAC Address Security Configuration Menu to open the MAC Address Security Table screen Figure 64 Using the Business Policy Switch 2000 Version 1 2 182 Chapter 3 Using the console interface Figure 64 MAC Address Security Table screen F MAC Address Security Table UN Find an Address MAC Address Allowed Source MAC Address Allowed Source 44 33 22 44 55 44 S1 LM E M a 22
382. users Soap To Network Center Four sets of 23 users each set shares 10 Mb s 10 23 Mb s per user Addition of 22 users each with dedicated 100 Mb s bandwidth Server with dedicated 100 Mb s bandwidth Network center with dedicated 100 Mb s full duplex bandwidth 200 Mb s bidirectional Total of 114 users 9796EA 208700 B Chapter 2 Network configuration 91 High density switched workgroup application Figure 10 shows an example of using a Business Policy Switch with a high speed gigabit connection to a Nortel Networks Passport 1100 switch BayStack 303 and BayStack 304 switches are also shown in this example of a high density switched workgroup As shown in Figure 10 the Passport 1100 switch is used as a backbone switch connecting to the Business Policy Switch with an optional gigabit 1000BASE SX MDA for maximum bandwidth The BayStack 303 and BayStack 304 switches have 100 Mb s connections to the Business Policy Switch a 100BASE TX hub and a 100 Mb s server as well as 10 Mb s connections to DTE data terminal equipment See the Nortel Networks library Web page www nortelnetworks com documentation for online documentation about the Nortel Networks Passport 1100 switch and the BayStack 303 and BayStack 304 switches Using the Business Policy Switch 2000 Version 1 2 92 Chapter 2 Network config
383. usiness Policy Switch 2000 Version 1 2 22 Figures 208700 B 23 Tables Table 1 Business Policy Switch 2000 front panel description 37 Table 2 Business Policy Switch 2000 LED descriptions 39 Table 3 Business Policy Switch 2000 back panel descriptions 43 Table 4 International power cord specifications 00 e eee eee 45 Table 5 SNMP MIB SURDOR S S za Urea Qa date heeia dt DITS SUE dace EN Uds 82 Table 6 Supported SNMP aps iussa kae AGORA XAR RARAS ACCRUE CAR A 83 Table 7 Stack up configuration description oo oooooomooomooo 99 Table 8 Stack down configuration description llle 101 Table 9 Redundant cascade stacking descriptions 103 Table 10 Console interface Main Menu options lessen 152 Table 11 IP Configuration Setup screen fields 0 000 e ee eee 156 Table 12 SNMP Configuration screen fields 00 0c c eee eee 161 Table 13 System Characteristics screen fields oooooooooo o 163 Table 14 Switch Configuration Menu screen options 00005 165 Table 15 MAC Address Table screen fields o0ooooococcoooooo 168 Table 16 MAC Address Security Configuration Menu Options 170 Table 17 MAC Address Security Configuration fields 172 Table 18 MAC Security Port Configuration screen fieldS 176 Tabl
384. utonegotiation for the suspect port see Chapter 3 2 Manually set the Speed Duplex field to match the speed duplex mode of the connected station see Chapter 3 You may have to try several settings before you find the correct speed duplex mode of the connected station If the problem persists Disable the autonegotiation feature at the connected station 2 Manually set the speed duplex mode of the connected station to the same speed duplex mode you have manually set for the Business Policy Switch port Note Nortel Networks recommends that you manually set the Business Policy Switch port to the desired speed duplex mode when you connect to any of the following Nortel Networks products e BayStack 450 product family e BayStack 410 product family Port interface Ensure that the devices are connected using the appropriate crossover or straight through cable see Appendix E 208700 B 335 Appendix A Technical specifications This appendix provides technical specifications for the Business Policy Switch 2000 Environmental Table 61 lists environmental specifications Table 61 Environmental specifications Parameter Operating specification Storage specification Temperature 0 to 40 C 32 to 104 F 25 to 70 C 13 to 158 F Humidity 85 maximum relative humidity 95 maximum relative humidity noncondensing noncondensing Altitude 3024 m 10 000 ft 3024 m 10 000
385. w the figure For descriptions of the back panel Business Policy Switch components see Back panel on page 43 Using the Business Policy Switch 2000 Version 1 2 37 Figure 2 Business Policy Switch 2000 front panel O Business Policy Switch 2000 Business Policy Switch 2000 9712EA Table 1 Business Policy Switch 2000 front panel description Console port Uplink expansion slot 4 2 3 Port connectors 4 LED display panel Console port The console port allows you to access the console interface CI screens and customize your network using the supplied menus and screens see Chapter 3 The console port is a DB 9 RS 232 D male serial port connector You can use this connector to connect a management station or console terminal to the Business Policy Switch by using a straight through DB 9 to DB 9 standard serial port cable You must use a VT100 ANSI compatible terminal for cursor control and to enable cursor and functions keys to use the console port See Installing the Business Policy Switch 2000 for more information Note The console port is configured as a data communications equipment DCE connector Ensure that your RS 232 cable pinouts are configured for DCE connections see Appendixes Using the Business Policy Switch 2000 Version 1 2
386. was originally acquired b to copy the Software solely for backup purposes in support of authorized use of the Software and c to use and copy the associated user manual solely in support of authorized use of the Software by Licensee This license applies to the Software only and does not extend to Nortel Networks Agent software or other Nortel Networks software products Nortel Networks Agent software or other Nortel Networks software products are licensed for use under the terms of the applicable Nortel Networks NA Inc Software License Agreement that accompanies such software and upon payment by the end user of the applicable license fees for such software 2 Restrictions on use reservation of rights The Software and user manuals are protected under copyright laws Nortel Networks and or its licensors retain all title and ownership in both the Software and user manuals including any revisions made by Nortel Networks or its licensors The copyright notice must be reproduced and included with any copy of any portion of the Software or user manuals Licensee may not modify translate decompile disassemble use for any competitive analysis reverse engineer distribute or create derivative works from the Software or user manuals or any copy in whole or in part Except as expressly provided in this Agreement Licensee may not copy or transfer the Software or user manuals in whole or in part The Software and user manuals embody Nortel Networks and i
387. width Aggregate Bandwidth 220 Mb s 210 Mb s S2 mer _ Business Poly Switch 2000 Business ii dl aar Policy Switch 2000 Ela CARA AAA 9807EA The switch can also detect trunk member ports that are physically misconfigured For example in Figure 44 trunk member ports 2 4 and 6 of Switch S1 are configured correctly to trunk member ports 7 9 and 11 of Switch S2 The Spanning Tree Port Configuration screen for each switch shows the port state field for each port in the Forwarding state 208700 B Chapter 2 Network configuration 137 Figure 44 Example 1 correctly configured trunk Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled 128 Press Ctrl N to display choi Use space bar to display Press Ctrl R to return to previous menu ces for ports 13 26 5 press Return or Enter Press Ctrl C to return to Main Menu Forwarding Forwarding Forwarding Forwarding More to select choice S1 Port Configuration screen Business Policy Switch Business Policy Switch 200 S1 MOs Eo Fi eLIrYYYi3 rtYYYvYY ca ca zz THE E Tcr S2 BR o 9 ma EE Port Trunk 1 2 6 7 1 9 1 10 a 1 12
388. will return to the default VLAN configuration Also a mixed or hybrid stack does not support multiple Spanning Tree Groups STG You have a single instance of STG when working with a mixed stack Network configuration examples This section provides four network configuration examples using Business Policy Switches In these examples the packet classification feature can be used to prioritize the traffic of the network to ensure uninterrupted traffic of critical applications e Desktop switch application this page e Segment switch application page 89 e High density switched workgroup application page 91 e Fail safe stack application page 92 208700 B Chapter 2 Network configuration 89 Desktop switch application Figure 8 shows a Business Policy Switch used as a desktop switch where desktop workstations are connected directly to switch ports This configuration provides dedicated 100 Mb s connections to the network center the server and as many as 26 users This configuration uses the optional BPS2000 4TX MDA 10BASE T 100BASE TX MDA Figure 8 Business Policy Switch used as a desktop switch Before After 10BASE T hub Business Policy Switch 2000 To Server Up to 22 users To Server Up to 26 users Network Network Center Center Key 10 Mb s 100 Mb s 22 users share 10 Mb s 10 22 M
389. wnload screen 208700 B Chapter 3 Using the console interface 267 Figure 99 ASCII Configuration File Download screen CO n ASCII Configuration File Download ASCII Configuration Filename TFTP Server IP Address 132 245 164 4 Retrieve Configuration File from Server No Last Manual Configuration Status Passed Last Auto Configuration Status Passed Auto Configuration on Reset Disabled Enter text press Return or Enter when complete Press Ctrl R to return to previous menu Press Ctrl C to return to Main Menu Ns e Table 54 describes the ASCII Configuration File Download screen fields Using the Business Policy Switch 2000 Version 1 2 268 Chapter 3 Using the console interface Table 54 ASCII Configuration File Download screen fields Field Description ASCII Configuration Filename Enter the file name you have chosen for the ASCII configuration file Choose a meaningful file name that will allow you to identify the file for retrieval when required The file must already exist on your TFTP server and must be read write enabled Default Value Zero length string Range An ASCII string of up to 30 printable characters TFTP Server IP Address The IP address of your TFTP load host Default Value 0 0 0 0 no IP address assigned Four octet dotted decimal notation where each octet is represented as a decimal value separated by a decimal point
390. work management documentation You can also manage the BPS 2000 using the command line interface CLD the Web based management system or Device Manager For more information on using these management systems consult the Related Publications in the Preface 208700 B Chapter 3 Using the console interface 149 Using the Cl menus and screens The CI menus and screens provide options that allow you to configure and manage Business Policy Switches Help prompts at the bottom of each menu and screen explain how to enter data in the highlighted field and how to navigate the menus and screens The Console Port default settings are 9600 baud with eight data bits one stop bit and no parity as the communications format with flow control set to disabled Some CI screen options allow you to toggle among several possible values other options allow you to set or modify a parameter Navigating the Cl menus and screens Use the following methods to navigate the CI menus and screens To select a menu option 1 Use the arrow keys to highlight the option name 2 Press Enter The option takes effect immediately after you press Enter Alternatively you can press the key corresponding to the underlined letter in the option name For example to select the Switch Configuration option in the main menu press the w key Note that the text characters are not case sensitive Additional navigation aids follow e To toggle between v
391. y Switch 2000 LED descriptions continued Label Type Color State Meaning RPSU RPSU status Green On The switch is connected to the RPSU and can receive power if needed Off The switch is not connected to the RPSU or RPSU is not supplying power Cas Up Stack mode Off The switch is in standalone mode Green On The switch is connected to the upstream unit s Cascade A In connector Amber On This unit has detected a problem with the switch connected to the cascade up connector In order to maintain the integrity of the stack this unit has bypassed its upstream neighbor and has wrapped the stack backplane onto an alternate path Amber or Green Blinking Incompatible software revision or unable to obtain a unit ID Renumber Stack Unit table full The unit is on the ring but cannot participate in the stack configuration Cas Dwn Stack mode Off The switch is in standalone mode Green On The switch is connected to the downstream unit s Cascade A Out connector Amber On This unit has detected a problem with the switch connected to the cascade down connector In order to maintain the integrity of the stack this unit has bypassed its downstream neighbor and has wrapped the stack backplane onto an alternate path Amber or Green Blinking Incompatible software revision or unable to obtain a unit ID Renumber
Download Pdf Manuals
Related Search