Brocade FastIron Ethernet Switch Platform and Layer 2 Swit Manual do Utilizador

53-1003086-0430 July 2014FastIron Ethernet SwitchPlatform and Layer 2SwitchingConfiguration GuideSupporting FastIron Software Release 08.0.10d

Displaying a port VLAN membership... 425Displaying a port dual-mode VLAN membership...

VSRP interval timersThe VSRP Hello interval, Dead interval, Backup Hello interval, and Hold-down interval timers areindividually configurable. You als

VSRP parameters (Continued)TABLE 21 Parameter Description Default For moreinformationTimer scale The value used by the software to calculate allVSRP

VSRP parameters (Continued)TABLE 21 Parameter Description Default For moreinformationVRID IP address A gateway address you are backing up.Configurin

VSRP parameters (Continued)TABLE 21 Parameter Description Default For moreinformationBackup Hello stateand intervalThe amount of time between Hello

Configuring basic VSRP parametersTo configure VSRP, perform the following required tasks:• Configure a port-based VLAN containing the ports for which

To re-enable the protocol, enter the following command.device(config)#router vsrpSyntax: [no] router vsrpSince VRRP and VRRP-E do not apply to Layer 2

Configuring authenticationIf the interfaces on which you configure the VRID use authentication, the VSRP packets on thoseinterfaces also must use the

Syntax: [no] vsrp-aware vrid vridnumber no-auth port-list portrangevrid number is a valid VRID (from 1 to 255).no-auth specifies no authentication as

Syntax: [no] ip-address ip-addrChanging the backup priorityWhen you enter the backup command to configure the device as a VSRP Backup for the VRID, yo

NOTEAn MRP ring is considered to be a single hop, regardless of the number of nodes in the ring.To change the TTL for a VRID, enter a command such as

Preface● Document conventions...11● Brocade resources

Changing the backup hello state and interval settingBy default, Backups do not send Hello messages to advertise themselves to the Master. You canenabl

The default track priority for all track ports is 5. You can change the default track priority or override thedefault for an individual track port.• T

Syntax: [no] non-preempt-modeSuppressing RIP advertisement from backupsNormally, for Layer 3 a VSRP Backup includes route information for a backed up

Displaying VSRP informationYou can display the following VSRP information:• Configuration information and current parameter values for a VRID or VLAN•

CLI display of VSRP VRID or VLAN information (Continued)TABLE 22 Field Descriptionstate This device VSRP state for the VRID. The state can be one of

CLI display of VSRP VRID or VLAN information (Continued)TABLE 22 Field Descriptionpriority The device preferability for becoming the Master for the

Displaying the active interfaces for a VRIDOn a VSRP-aware device, you can display VLAN and port information for the connections to theVSRP devices (M

This command shuts down all the ports that belong to the VLAN when a failover occurs. All the ports willhave the specified VRID.To configure a single

FIGURE 17 Two data paths from host on an MRP ring to a VSRP-linked deviceIf a VSRP failover from master to backup occurs, VSRP needs to inform MRP of

FIGURE 19 New path establishedThere are no CLI commands used to configure this process.Metro FeaturesFastIron Ethernet Switch Platform and Layer 2 Swi

Convention Descriptionvalue In Fibre Channel products, a fixed value provided as input to a commandoption is printed in plain text, for example, --sho

VSRP and MRP signaling120 FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide53-1003086-04

UDLD and Protected Link Groups● Supported UDLD and protected link group features... 121● UDLD overvi

FIGURE 20 UDLD exampleNormally, a Brocade device load balances traffic across the ports in a trunk group. In this example,each Brocade device load bal

• To configure UDLD on a trunk group, you must enable and configure the feature on each port of thegroup individually. Configuring UDLD on a trunk gro

Changing the Keepalive intervalBy default, ports enabled for UDLD send a link health-check packet once every 500 ms. You canchange the interval to a v

CLI display of UDLD information (Continued)TABLE 24 Field DescriptionKeepalive Retries The number of times a port will attempt the health check befo

CLI display of detailed UDLD information (Continued)TABLE 25 Field DescriptionLocal Port The port number on this Brocade device.Remote Port The port

This command clears the Packets sent, Packets received, and Transitions counters in the show linkkeepalive ethernet [slotnum /]portnum display.Protect

• This feature is supported with tagged and untaggedports.• This feature is supported with trunk ports.• The protected link groups feature is not supp

that port. Since the above configuration consists of a statically configured active port, the active portpre-empts other ports in the protected link g

Brocade resourcesVisit the Brocade website to locate related documentation for your product and additional Brocaderesources.You can download additiona

Configured mdi mode AUTO, actual MDIX Member of 3 L2 VLANs, port is tagged, port state is protected-link-inactive BPDU guard is Disabled, ROOT pro

Link Aggregation● Supported link aggregation features... 131● Overview of li

Overview of link aggregationThis chapter describes how to configure Link Aggregation Groups (LAG). Beginning with FastIron08.0.00a, you can use a sing

• Layer 3 requirements:The LAG is rejected if any of the secondary LAG port has any Layer 3 configurations, such as IPv4or IPv6 address, OSPF, RIP, RI

Configuration notes for FastIron devices in a traditional stackIn a Brocade traditional stack system, a LAG may have port members distributed across m

FIGURE 23 Example of 2-port LAGThe following figure shows an example of two devices connected over a 4 port LAG where the ports oneach end of the LAG

Maximum number of LAGs (Continued)TABLE 27 Model Maximum number of LAGs Valid number of ports ina groupStatic LACPFSX 800FSX 160031 (Supported on fi

a) A static LAG is created containing the port list specified in the trunk command. This LAG isthen automatically deployed.b) The lowest-numbered port

NOTELayer 2 and Layer 3 AppleTalk traffic is not load-balanced. Layer 3 routed IP or IPX traffic also is notload balanced. These traffic types will ho

LAG hashing on stacking productsThis configuration is required when multicast routing is configured on a tunnel interface and if the IPmulticast packe

• Brocade Supplemental Support augments your existing OEM support contract, providing directaccess to Brocade expertise. For more information, contact

Creating a Link Aggregation Group (LAG)Before setting-up ports or configuring any other aspects of a LAG, you must create it as shown in thefollowing:

device(config)#lag lag3 static id 123Error: LAG id 123 is already used. The next available LAG id is 2.NOTEIf you upgrade from an earlier version to a

Trunk Type: hash-based Hardware failover mode: all-ports Creating a keepalive LAGTo create a keep-alive LAG, enter the following.device(co

To designate the primary port for the static LAG "blue", use the following command.device(config)# lag blue staticdevice(config-lag-blue)# p

Configuring an LACP timeoutIn a dynamic or keep-alive LAG, a port's timeout can be configured as short (3 seconds) or long (90seconds). After you

Syntax: [no] deploy [ passive ]When the deploy command is executed:For dynamic LAGs, LACP is activated on all LAG ports. When activating LACP, use act

Syntax: [no] enable { ethernet stack/slot/port [ to stack/slot/port ] [ ethernet stack/slot/port ] | port-name name }Use the ethernet option with the

NOTEIn an operational dynamic LAG, removing an operational port causes port flapping for all LAG ports.This may cause loss of traffic.Monitoring an in

Allowable characters for LAG namesWhen creating a LAG name, you can use spaces in a file or subdirectory name if you enclose thename in double quotes.

Setting the sFlow sampling rate for a port in a LAGYou can set the sFlow sampling rate for an individual port within a LAG using the sflow-subsampling

About This Document● What’s new in this document... 15● Support

Table 29 describes the information displayed by the show lag brief command.The following example displays the full option of the show lag command.devi

The static option limits the display to static LAGs.The following table describes the information displayed by the show lag command.Show LAG informati

Show LAG information (Continued)TABLE 29 This field... Displays...Link The status of the link which can be one of the following:• up• downState The

Show LAG information (Continued)TABLE 29 This field... Displays...Agg Indicates the link aggregation state of the port. The state can be one of the

Enabling LAG hardware failoverLAG hardware failover reduces the time of packet loss if a LAG member is down, with minimalsoftware intervention, using

Multi-Chassis Trunking● Supported MCT features...155● Mult

jitter, not only on the affected devices locally, but throughout the span topology. With MCT, memberlinks of the trunk are split and connected to two

• For unknown unicast, multicast, and broadcast traffic received on ICL ports, the forwarding behaviordepends on the peer MCT device’s ability to reac

Broadcast, unknown unicast, and multicast (BUM) traffic from a client through a CCEP1. Traffic originates at the client.2. Because the link between th

FIGURE 27 MCT data flow - unicast traffic from CCEPBroadcast, unknown unicast, and multicast (BUM) traffic from a client through a CEP1. Traffic origi

For information about the specific models and modules supported in a product family, refer to thehardware installation guide for that product family.

FIGURE 28 MCT data flow - BUM traffic from a CEPUnicast traffic from a client through a CEP to another CEP or a CCEP1. Traffic originates at the clien

FIGURE 29 MCT data flow - unicast traffic from a CEPPort failure on the cluster device1. A CCEP on the cluster device that received the unicast or BUM

FIGURE 30 MCT data flow with port failureMCT and VLANsMCT relies on the following VLAN types:• Session VLAN: Provides the control channel for CCP. Bro

• Cluster client automatic configuration is designed for generating new clients, not for updating anexisting client.• A single client span across mult

‐ If the trusted ports are off the CCEP, the arp inspection trust or dhcp snoop trustcommand must be used on the CCEPs and ICL ports.‐ DHCP and ARP en

FIGURE 31 Basic MCT configurationMCT configuration considerations• Configuring flow-based MAC address learning and MCT on the same device is not suppo

cluster. To avoid conflicts, ensure that the Cluster ID and the Cluster RBridge ID are unique withinan MCT configuration and cannot be confused with e

maintain aggregate links over multiple port. LACP PDUs are exchanged between ports on each deviceto determine if the connection is still active. The L

Step 3: Configure the clusterCluster local configuration uses the cluster ID and RBridgeID for the local switch or router.Syntax: [no] cluster [ clust

device-1(config-cluster-SX-client-1)#rbridge-id 200device-1(config-cluster-SX-client-1)#client-interface ether 1/5device-1(config-cluster-SX-client-1)

Basic Layer 2 Features● Supported basic Layer 2 features... 17● About

Use the following command to enable or disable cluster client automatic configuration on a range ofports.Syntax: [no] client-auto-detect Ethernet x [

lower RBridgeID becomes the master. If the client can be accessed only from one of theMCT devices, the cluster device on which it is reachable becomes

MCT cluster devices can operate in two modes. Both peer devices should be configured in the samemode.Loose mode (default): When the CCP goes down, the

• If no packets are received from the peer device for a period of three seconds, the peer is considereddown.• If a keep-alive VLAN is not configured a

Cluster Remote MAC (CR): MAC addresses that are learned via MDUP messages from the peerdevice (CL on the peer). The MAC addresses are always programme

MAC show commandsTo display all local MAC address entries for a cluster, use the show mac cluster command.device# show mac cluster 1000Total Cluster E

Clearing MCT VLAN-specific MAC addressesTo clear MCT VLAN-specific MAC addresses in the system, enter a command such as the following.device# clear ma

NOTEThe LAG IDs are only significant locally and need not match on the two ends of a LAG.The LACP system ID in the MCT-supporting device normally come

STP/RSTPConfiguring STP on MCT VLANs at MCT cluster devices is not recommended. By default, thespanning tree is disabled in the MCT VLANs. If the netw

Uplink switchUplink switch capability is supported on MCT VLANs. ICLs and CCEPs can be configured as uplink-switch ports. Both cluster devices should

Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800FSX 1600ICX 7750Multi-port static MAC address 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 Yes 08.0.

• All control and data traffic is received on the ICL. The traffic is forwarded out of a CCEP only if theremote CCEP is down; otherwise, it is dropped

Forwarding entries for PIM-SM and PIM6-SM multicast snoopingTable 30 and Table 31 list the forwarding entries for PIM-SM and PIM6-SM multicast snoopin

NOTEWhen multiple ports from the same server are connected to an ICX 6650, the port on the ICX 6650connected to the PXE-capable port on the server is

Layer 3 behavior with MCTThe following table lists the type of Layer 3 support available with MCT. Note that routing protocols arenot supported on the

Layer 3 Feature Support with MCT (Continued)TABLE 32 Feature Sub-feature Session VLAN VE MemberVLAN VEDesign Philosophyproxy-arp No Yesredirect

FIGURE 32 Configuration for Layer 3 unicastDevice AMCT Configuration!vlan 10 by port tagged ethe 3/1 router-interface ve 10!interface ve 10

icl L3icl ethernet 3/1 peer 10.1.1.2 rbridge-id 102 icl L3icl deploy client s1 rbridge-id 300 client-interface ethernet 3/3 deploy !VRRP-E Con

Switch S1!lag "1" static id 1 ports ethernet 3 ethernet 4 primary-port 3 deploy!vlan 100 by port tagged ethe 3 to 4 router-interface ve 10

• If the ARP request reaches A directly, A replies through the same port on which it learned S1'sMAC address.• If the request comes through B, S1

Configuration considerations• MCT devices must obtain complete routing information using static routes for Layer 3 forwarding onMCT VLANs.• For MCT de

About port regionsThis section describes port regions on FastIron switches.FastIron X Series device port regionsPorts on the FastIron X Series devices

VRRP-E short-path forwarding and revertible optionAt the VRRP-E VRID configuration level, use the following command to enable short-path forwarding.de

Displaying state machine informationUse the show cluster client command to display additional state machine information, including thereason a local C

Rbridge ID of the peer 100Session state of the peer OPERATIONALNext message ID to be send

IPG MII 96 bits-time, IPG GMII 96 bits-time MTU 1500 bytes, encapsulation Ethernet CCEP for client c149_150 in cluster id 1 300 second input rate

7/5 (age=10), 7/3 (age=10), 7/5 has 1 src: 10.0.0.2(10) 7/3 has 1 src: 11.0.0.2(10) device# show ip multicast pimsm-snooping vlan

source: 7/3 has 1 src: 11.0.0.5(age, ref_count, owner flag, pruned flag)owner flag: 0x0: local, 0x1 remote cep, 0x2 remote ccepvlan 100, has 1 caches.

FIGURE 34 Single level MCT configurationClient 1 - ConfigurationIf client 1 is a Brocade switch in Figure 34 on page 196, you can configure it as foll

ports ethe 1/1/1 to 1/1/3 ethe 3/1/1 to 3/1/3 primary-port 1/1/1 deploy!AGG-A (R1) - ConfigurationThis section presents the configuration for the AGG

ports ethe 1/17 to 1/19 primary-port 1/17 deploy!lag lag_agg_b_3 dynamic id 104 ports ethe 1/21 to 1/23 primary-port 1/21 deploy!vlan 2 name session-

FIGURE 35 Two-level MCT configurationNOTEIn a two-level MCT configuration using dynamic LAGs, ensure that the upper and lower clusters havedifferent C

© 2014, Brocade Communications Systems, Inc. All Rights Reserved.Brocade, the B-wing symbol, Brocade Assurance, ADX, AnyIO, DCX, Fabric OS, FastIron,

ICX 6430 device port regions• A 24-port Gbps module has one port region. The four SFP ports on the device also belong to thissingle port region.• A 48

ports ethe 2/1 to 2/2 primary-port 2/1 deploy!lag lag_agg_a_2 dynamic id 104 ports ethe 1/1 to 1/3 primary-port 1/1 deploy!lag lag_agg_a_3 dynamic id

lag lag_agg_b_3 dynamic id 108 ports ethe 1/21 to 1/23 primary-port 1/21 deploy!lag lag_agg_b_4 dynamic id 109 ports ethe 1/15 to 1/16 primary-port 1/

tagged ethe 11/25 to 11/36 router-interface ve 6 spanning-tree!vlan 1905 by port tagged ethe 1/1 to 1/2 ethe 15/1 to 15/2 !hostname R3hitless-failov

client AGG_Clusterrbridge-id 1801client-interface ethe 1/1deployMCT configuration with VRRP-E exampleFigure 36 shows a sample MCT configuration with V

!vlan 1000 name ICL-Session-VLAN by port tagged ethe 5/1 to 5/2 router-interface ve 1000!vlan 1001 name MCT-Keep-Alive by port tagged ethe 5/3 !interf

deploy client S1-SW rbridge-id 777 client-interface ethe 4/1 deploy !SX800B - VRRP-E configurationThis example presents the VRRP-E configurati

FIGURE 37 Multicast snooping over MCTThe following example shows the configuration for multicast snooping for the MCT1 cluster device inthe previous f

ip address 10.1.1.2 255.255.255.0!cluster SX 3000rbridge-id 2session-vlan 3000keep-alive-vlan 3001icl SX-MCT ethernet 7/3peer 10.1.1.3 rbridge-id 3 ic

The following example shows the global configuration for multicast snooping for the MCT2 clusterdevice in Figure 37 .!vlan 100 by porttagged ethe 3/3u

FIGURE 38 Sample network topology - Using STP in an MCT configurationRouter-1 configuration!lag "1" static id 1 ports ethernet 1/1 ethernet

You can also enable and disable spanning tree on a port-based VLAN and on an individual port basis,and enable advanced STP features. Refer to Spanning

AGG-B (R2) - Configuration!lag "1" static id 1 ports ethernet 1/17 ethernet 1/19 primary-port 1/17 deploylag "1" static id 2 ports

Example 1: Configure the Per-VLAN Spanning Tree on the MCT ClientsExternal connections between clients other than the links in an MCT cluster can caus

Client-1 configurationClient-1(config)# spanning-tree single 802-1wClient-1(config)# show 802-1w vlan 1905Single spanning tree is enabled. use "s

Client-1(config)# mstp instance 1 vlan 1905Client-1(config)#Client-2 configurationClient-2(config)# mstp scope allEnter MSTP scope would remove STP an

Example 3: Configure Multiple Spanning Tree (MSTP) on the MCT Clients214 FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide53

GVRP● Supported GVRP features... 215● GVRP overview...

• Learn about VLANs from other Brocade devices and configure those VLANs on the ports that learnabout the VLANs. The device listens for GVRP Protocol

• Dynamic core and fixed edge• Dynamic core and dynamic edge• Fixed core and dynamic edge• Fixed core and fixed edgeDynamic core and fixed edgeIn this

Dynamic core and dynamic edgeGVRP is enabled on the core device and on the edge devices. This type of configuration is useful ifthe devices in the edg

configuration and reload the software. The maximum number you can specify is listed in theMaximum column of the show default values display.• The defa

Changing the MAC age time and disabling MAC address learningTo change the MAC address age timer, enter a command such as the following.device(config)#

GVRP configurationTo configure a device for GVRP, globally enable support for the feature, then enable the feature onspecific ports. Optionally, you c

Enabling GVRPTo enable GVRP, enter commands such as the following at the global CONFIG level of the CLI.device(config)#gvrp-enabledevice(config-gvrp)#

Disabling VLAN learningTo disable VLAN learning on a port enabled for GVRP, enter a command such as the following at theGVRP configuration level.devic

NOTEThe actual interval is a random value between the Leaveall interval and 1.5 * the Leaveall time or themaximum Leaveall time, whichever is lower.NO

Converting a VLAN created by GVRP into a statically-configured VLANYou cannot configure VLAN parameters on VLANs created by GVRP. Moreover, VLANs and

Displaying GVRP configuration informationTo display GVRP configuration information, enter a command such as the following.device#show gvrpGVRP is enab

CLI display of summary GVRP information (Continued)TABLE 34 Field DescriptionSpanning Tree The type of STP enabled on the device.NOTEThe current rel

4093 FORBIDDEN 4094 FORBIDDENThis display shows the following information

CLI display of summary VLAN information for GVRP TABLE 36 Field DescriptionNumber of VLANs inthe GVRP DatabaseThe number of VLANs in the GVRP databa

CLI display of summary VLAN information for GVRP (Continued)TABLE 37 Field DescriptionTimer to Delete Entry Running Whether all ports have left the

MAC address learning configuration notes and feature limitations• This command is not available on virtual routing interfaces. Also, if this command i

CLI display of GVRP statistics (Continued)TABLE 38 Field DescriptionJoin Empty Received The number of Join Empty messages received.Join In Received

Clearing GVRP statisticsTo clear the GVRP statistics counters, enter the clear gvrp statistics all command.device#clear gvrp statistics allThis comman

Enter the following commands on edge device B.device> enabledevice#configure terminaldevice(config)#vlan 20 device(config-vlan-20)#untag ethernet 2

device(config-gvrp)#enable ethernet 1/24 ethernet 6/24 ethernet 8/17device(config-gvrp)#block-learning ethernet 1/24 ethernet 6/24 ethernet 8/17These

Fixed core and fixed edge234 FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide53-1003086-04

Port mirroring and Monitoring● Supported port mirroring and monitoring features... 235● Port mirr

Port mirroring can be used as a diagnostic tool or debugging feature, especially for preventing attacks.Port mirroring can be managed locally or remot

Configuration notes for port mirroring and monitoringRefer to the following guidelines when configuring port mirroring and monitoring:• If you configu

device(config-if-e1000-1/1/3)# acl-mirror-port ethernet 2/1/48device(config-if-e1000-1/1/3)# ip access-group 102 in• Because of hardware limitations o

device(config)#mirror-port ethernet 1/1/1 device(config)#lag automationdevice(config-lag-automation)#monitor ethe-port-monitored 1/1/2 ethernet 1/1/1

The default and maximum configurable MAC table sizes can differ depending on the device. Todetermine the default and maximum MAC table sizes for your

Configuring mirroring for ports on the same stack member in a traditional stack exampleIn this example, the mirror ports are assigned to different mon

• SX-FI-2XG• SX-FI-8XGOn all other interface modules, you can select traffic to be mirrored using only a permit clause.Destination mirror portYou can

ACL 101 is mirrored to port 4/3 even though a destination port has not explicitly been defined for trafficfrom port 1/1.device(config)#interface ether

device(config-lag-test)#ports ethernet 1/1/1 to 1/1/2device(config-lag-test)#primary-port 1/1/1device(config-lag-test)#deploydevice(config-if-e-1/1/1)

MAC address filter-based mirroringNOTEThe MAC address filter-based mirroring feature is not supported on FastIron X Series devices.This feature allows

3. Applying the MAC address filter to an interfaceApply the MAC address filter to an interface using the mac-filter-group command.device(config)#inter

Displaying VLAN-based mirroring statusThe show vlan command displays the VLAN-based mirroring status.device#show vlanTotal PORT-VLAN entries: 4Maximum

• SX-FI-2XG• SX-FI-8XG• SX-FI48GPPNOTEEgress VLAN-based mirroring is not currently supported on the stacking platforms.The FastIron X Series of module

ACL and rate limiting effects TABLE 40 ACL profile Ingress result Egress resultIngress ACL on port Packets ingress mirrored at expected(sent) ratePa

VLAN-based mirroring behavior: Tagged versus untagged ports (Continued)TABLE 42 Ingress tag type Egress tag type VLAN-based mirroring direction Mirr

You can configure a maximum of 2048 static MAC address drop entries on a Brocade device.Use the CLI command show running-config to view the static MAC

Displaying VLAN-based mirroring statusThe show vlan command displays the VLAN-based mirroring status.device(config-if-e1000-5/2)#show vlan 10Total POR

Spanning Tree Protocol● Supported STP features...251● STP

Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800FSX 1600ICX 7750Root Guard 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10Port statisti

Default STP states (Continued)TABLE 43 Device type Default STP type Default STP state Default STP state of new VLANs1Base L3 image default No span D

Default STP port parameters TABLE 45 Parameter Description Default and valid valuesPriority The preference that STP gives this port relative to othe

Enabling or disabling STP globallyUse the following method to enable or disable STP on a device on which you have not configured port-based VLANs.NOTE

Changing STP bridge and port parametersTable 44 on page 253 and Table 45 on page 254 list the default STP parameters. If you need tochange the default

Changing STP port parametersTo change the path and priority costs for a port, enter commands such as the following.device(config)#vlan 10device(config

Enter the no form of the command to disable STP protection on the port.Clearing BPDU drop countersFor each port that has STP Protection enabled, the B

Displaying STP information for an entire deviceTo display STP information, enter the following command at any level of the CLI.device#show spanVLAN 1

Flow-based learning overviewWith regular MAC address learning, when a new MAC address is learned, it is programmed in thesame location (hardware index

CLI display of STP information (Continued)TABLE 46 Field DescriptionPriority Hex This device or VLAN STP priority. The value is shown in hexadecimal

CLI display of STP information (Continued)TABLE 46 Field DescriptionState The port STP state. The state can be one of the following:• BLOCKING - STP

Untagged Ports: (S3) 17 18 19 20 21 22 23 24 Untagged Ports: (S4) 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 Untagged Ports: (S4) 18 19 20 21 22

CLI display of detailed STP information for ports TABLE 47 Field DescriptionActive SpanningTree protocolThe VLAN that contains the listed ports and

CLI display of detailed STP information for ports (Continued)TABLE 47 Field DescriptionPort number andSTP stateThe internal port number and the port

CLI display of detailed STP information for ports (Continued)TABLE 47 Field DescriptionActive Timers The current values for the following timers, if

You also can display the STP states of all ports by entering the show interface brief command such asthe following, which uses the brief parameter.dev

MAC aging interval is 5 minutes, the aging interval changes temporarily to the value of the forwarddelay (for example, 15 seconds) in response to an S

To exclude a contiguous (unbroken) range of ports from Fast Span, enter commands such as thefollowing.device(config)#fast port-span exclude ethernet 1

NOTEWhen the wiring closet switch (Brocade device) first comes up or when STP is first enabled, the uplinkports still must go through the standard STP

NOTEGlobal MAC addresses have priority over dynamic flow-based MAC addresses. To ensure that globalMAC addresses are in sync across all packet process

Configuring a Fast Uplink Port GroupTo configure a group of ports for Fast Uplink Span, enter the following commands:device(config)# fast uplink-span

STP instance owned by VLAN 2Global STP (IEEE 802.1D) Parameters:VLAN Root Root Root Prio Max He- Ho- Fwd Last Chg Bridge ID I

Unique roles are assigned to ports on the root and non-root bridges. Role assignments are based onthe following information contained in the Rapid Spa

The topology in the following figure contains four bridges. Switch 1 is the root bridge since it has thelowest bridge priority. Switch 2 through Switc

Assignment of ports on Switch 3Port2 on Switch 3 directly connects to the Designated port on the root bridge; therefore, it assumes theRoot port role.

FIGURE 41 Topology with edge portsHowever, if any incoming RST BPDU is received from a previously configured Edge port, 802.1Wautomatically makes the

Point-to-point portsTo take advantage of the 802.1W features, ports on an 802.1W topology should be explicitlyconfigured as point-to-point links using

If a port on one bridge has a Designated role and that port is connected to a port on another bridge thathas an Alternate or Backup role, the port wit

802.1W state machines attempt to quickly place the ports into either a forwarding or discarding state.Root ports are quickly placed in forwarding stat

FIGURE 43 Proposing and proposed stage• Sync - Once the Root port is elected, it sets a sync signal on all the ports on the bridge. The signaltells th

Syntax: [no] mac-learning-flow-basedUse the no form of the command to disable flow-based MAC address learning. When disabled, alldynamically-learned M

FIGURE 44 Sync stage• Synced - Once the Designated port changes into a discarding state, it asserts a synced signal.Immediately, Alternate ports and B

FIGURE 45 Synced stage• Agreed - The Root port sends back an RST BPDU containing an agreed flag to its peer Designatedport and moves into the forwardi

FIGURE 46 Agree stageAt this point, the handshake mechanism is complete between Switch 100, the root bridge, and Switch200.Switch 200 updates the info

Handshake when a root port has been electedIf a non-root bridge already has a Root port, 802.1W uses a different type of handshake. For example,in the

FIGURE 48 New root bridge sending a proposal flag• Sync and Reroot - The Root port then asserts a sync and a reroot signal on all the ports on thebrid

FIGURE 49 Sync and reroot• Sync and Rerooted - When the ports on Switch 200 have completed the reroot phase, they asserttheir rerooted signals and con

FIGURE 50 Sync and rerooted• Synced and Agree - When all the ports on the bridge assert their synced signals, the new Root portasserts its own synced

FIGURE 51 Rerooted, synced, and agreedThe old Root port on Switch 200 becomes an Alternate Port as shown in the following figure. Otherports on that b

FIGURE 52 Handshake completed after election of new root portRecall that Switch 200 sent the agreed flag to Port4/Switch 60 and not to Port1/Switch 10

Convergence at start upIn the following figure, two bridges Switch 2 and Switch 3 are powered up. There are point-to-pointconnections between Port3/Sw

To display all of the packet processors that have a particular flow-based MAC address, use the showmac-address vlan command.device#show mac-address vl

FIGURE 54 Simple Layer 2 topologyThe point-to-point connections between the three bridges are as follows:• Port2/Switch 1 and Port2/Switch 2• Port4/Sw

currently being received by the current Root port (Port4). Therefore, Port3 retains the role of Alternateport.Ports 3/Switch 1 and Port5/Switch 1 are

FIGURE 56 Link failure in the topologySwitch 1 sets its Port2 into a discarding state.At the same time, Switch 2 assumes the role of a root bridge sin

Next, the following happens:• Port3/Switch 2, the Designated port, sends an RST BPDU, with a proposal flag to Port3/Switch 3.• Port2/Switch 2 also sen

Port5/Switch 2 then sends an RST BPDU with an agreed flag to Switch 5 to confirm that it is the newRoot port and the port enters a forwarding state. P

FIGURE 58 Active Layer 2 path in complex topologyPropagation of topology changeThe Topology Change state machine generates and propagates the topology

FIGURE 59 Beginning of topology change noticeSwitch 2 then starts the TCN timer on the Designated ports and sends RST BPDUs that contain theTCN as fol

FIGURE 60 Sending TCN to bridges connected to Switch 2Then Switch 1, Switch 5, and Switch 6 send RST BPDUs that contain the TCN to Switch 3 and Switch

FIGURE 61 Completing the TCN propagationCompatibility of 802.1W with 802.1D802.1W-enabled bridges are backward compatible with IEEE 802.1D bridges. Th

FIGURE 62 802.1W bridges with an 802.1D bridgeOnce Switch 20 is removed from the LAN, Switch 10 and Switch 30 receive and transmit BPDUs in theSTP for

ContentsPreface...11Do

NOTEThe second command is optional and also creates the VLAN if the VLAN does not already exist. Youcan enter the first command after you enter the se

To enable 802.1W for all ports in a port-based VLAN, enter commands such as the following.device(config)#vlan 10device(config-vlan-10)#spanning-tree 8

NOTEIf you change the 802.1W state of the primary port in a trunk group, the change affects all ports in thattrunk group.To disable or enable 802.1W o

The priority value parameter specifies the priority of the bridge. You can enter a value from 0 - 65535.A lower numerical value means the bridge has a

ExampleSuppose you want to enable 802.1W on a system with no active port-based VLANs and change thehello-time from the default value of 2 to 8 seconds

CLI display of 802.1W summary (Continued)TABLE 49 Field DescriptiontxHoldCnt The number of BPDUs that can be transmitted per Hello Interval. The def

CLI display of 802.1W summary (Continued)TABLE 49 Field DescriptionPri The configured priority of the port. The default is 128 or 0x80.Port Path Cos

MachineStates - PIM: CURRENT, PRT: DESIGNATED_PORT, PST: FORWARDING TCM: ACTIVE, PPM: SENDING_RSTP, PTX: TRANSMIT_IDLE Received - RST BPDUs 0, Con

CLI display of show spanning-tree 802.1W (Continued)TABLE 50 Field DescriptionAdminP2PMac Indicates if the point-to-point-mac parameter is configure

802.1W Draft 3 support is disabled by default. When the feature is enabled, if a root port on a Brocadedevice that is not the root bridge becomes unav

FIGURE 64 802.1W Draft 3 RSTP failover to alternate root portIn this example, port 3/3 on Switch 3 has become unavailable. In standard STP (802.1D), i

When you create a MAC address filter, it takes effect immediately. You do not need to reset the system.However, you do need to save the configuration

Spanning tree reconvergence timeSpanning tree reconvergence using 802.1W Draft 3 can occur within one second.After the spanning tree reconverges follo

Enabling 802.1W Draft 3 when single STP is not enabledBy default, each port-based VLAN on the device has its own spanning tree. To enable 802.1W Draft

SSTP defaultsSSTP is disabled by default. When you enable the feature, all VLANs on which STP is enabledbecome members of a single spanning tree. All

The commands shown above override the global setting for STP priority and set the priority to 10 forport 1/1.Here is the syntax for the global STP par

FIGURE 65 STP per VLAN group exampleA master VLAN contains one or more member VLANs. Each of the member VLANs in the STP Groupruns the same instance o

device(config-vlan-2)#vlan 3device(config-vlan-3)#tagged ethernet 1/1 to 1/4device(config-vlan-3)#vlan 4device(config-vlan-4)#tagged ethernet 1/1 to 1

FIGURE 66 More complex STP per VLAN group exampleIn this example, each of the devices in the core is configured with a common set of master VLANs,each

device(config-vlan-1)#spanning-tree priority 1device(config-vlan-1)#tag ethernet 1/1 ethernet 5/1 to 5/3device(config-vlan-1)#vlan 201device(config-vl

Support for Cisco's Per VLAN Spanning Tree plus (PVST+), allows a Brocade device to run multiplespanning trees (MSTP) while also interoperating w

VLAN tags and dual modeThe dual-mode feature enables a port to send and receive both tagged and untagged frames. When thedual-mode feature is enabled

Syntax: [no] mac-movement notification threshold-rate move-count sampling-interval intervalThe move-count variable indicates the number of times a MAC

NOTEIf 802.1W and pvst-mode (either by auto-detection or by explicit configuration) are enabled on atagged VLAN port, 802.1W will treat the PVST BPDUs

PVST+ configuration examplesThe following examples show configuration examples for two common configurations:• Untagged IEEE 802.1Q BPDUs on VLAN 1 an

FIGURE 69 Port Native VLAN 2 for Untagged BPDUsTo implement this configuration, enter the following commands.Commands on the Brocade Devicedevice(conf

that there is no better bridge on the network and sets the ports to FORWARDING. This could cause aLayer 2 loop.The following configuration is correct.

Enabling BPDU protection by portYou enable STP BPDU guard on individual interfaces. The feature is disabled by default.To enable STP BPDU guard on a s

Port 8 NoPort 9 NoPort 10 NoPort 11 NoPort 12 YesPort 13 NoBPDU guard status example configurationsThe following example shows how to configure BPDU g

A console message such as the following is generated after a BPDU guard violation occurs on asystem that is running RSTP.device(config-vlan-1)#RSTP: R

Displaying the STP root guardTo display the STP root guard state, enter the show running configuration or the show span root-protect command.device#sh

NOTEYou cannot enable Designated Protection and Root Guard on the same port.Enabling Designated Protection on a portTo disallow the designated forward

NOTEWhen automatic recovery re-enables the port, the port is not in the error-disabled state, but it canremain down for other reasons, such as the Tx/

Field definitions for the show notification mac-movement threshold-rate command(Continued)TABLE 2 Field DescriptionMAC-Address The MAC address that

Displaying the recovery state for all conditionsUse the show errdisable recovery command to display all the default error disable recovery state foral

Multiple spanning-tree regionsUsing MSTP, the entire network runs a common instance of RSTP. Within that common instance, oneor more VLANs can be indi

Common and Internal Spanning Trees (CIST) - CIST is a collection of the ISTs in each MST regionand the CST that interconnects the MST regions and sing

Syntax: [no] mstp scope allNOTEMSTP is not operational however until the mstp start command is issued as described in Forcing portsto transmit an MSTP

tagged ethe 1 to 2 no spanning tree!vlan 20 by port <----- VLAN 20 configuration tagged ethe 1 to 2 no spanning-tree!mstp

Version : 3 (MSTP mode)Config Digest: 0x9bbda9c70d91f633e1e145fbcbf8d321 Status : StartedInstance VLANs-------- -------------------------------

The revision parameter specifies the revision level for MSTP that you are configuring on the switch. Itcan be a number from 0 and 65535. The default r

Setting the MSTP global parametersMSTP has many of the options available in RSTP as well as some unique options. To configure MSTPGlobal parameters fo

NOTEIf this feature is enabled, it takes the port about 3 seconds longer to come to the enable state.Setting point-to-point linkYou can set a point-to

FIGURE 71 Sample MSTP configurationRTR1 on MSTP configurationdevice(config-vlan-4093)#tagged ethernet 10/1 to 10/2device(config-vlan-4093)#exitdevice(

1000 May 15 01:13:20

Core2 on MSTP configurationdevice(config)#trunk ethernet 3/5 to 3/6 ethernet 3/17 to 3/20device(config)#vlan 1 name DEFAULT-VLAN by portdevice(config-

----------------------------------------------------------------------------Bridge Max RegionalRoot IntPath Designated Root Roo

Output from Show MSTP (Continued)TABLE 52 Field DescriptionPortPath Cost Configured or auto detected path cost for port.P2P Mac Indicates if the por

Displaying MSTP information for CIST instance 0Instance 0 is the Common and Internal Spanning Tree Instance (CIST). When you display informationfor th

Displaying MSTP information for CIST instance 0344 FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide53-1003086-04

VLANs● Supported VLAN features... 345● VLAN overview...

Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800FSX 1600ICX 7750Layer 3 Subnet VLANs (Appletalk, IPsubnet network, and IPX)08.0.01 08.0.01 08.0

• If the port belongs to an IP subnet VLAN, IPX network VLAN, or AppleTalk cable VLAN and thepacket belongs to the corresponding IP subnet, IPX networ

The following figure shows an example of a Brocade device on which a Layer 2 port-based VLAN hasbeen configured.FIGURE 72 Brocade device containing us

• Change a VLAN priority• Enable or disable STP on the VLAN1--Simple port-based VLAN configurationThe following figure shows a simple port-based VLAN

SNMP MAC-notification trap supportThe SNMP MAC-notification trap functionality allows an SNMPv3 trap to be sent to the SNMP managerwhen MAC addresses

STP priority is configured to force FSX-A to be the root bridge for VLANs RED and BLUE. The STPpriority on FSX-B is configured so that FSX-B is the ro

Configuring port-based VLANs on FSX-BEnter the following commands to configure FSX-B.device> endevice# configure terminaldevice(config)# hostname F

Removing a port-based VLANSuppose you want to remove VLAN 5 from the example in Figure 74 on page 350. To do so, use thefollowing procedure.1. Access

Multi-range VLANThe multi-range VLAN feature allows users to use a single command to create and configure multipleVLANs. These VLANs can be continuous

If a single multi-range VLAN command contains more than 64 VLANs, the CLI does not add the VLANIDs but instead displays an error message. An example i

Command Explanationspanning-tree Set spanning tree for this VLANstatic-mac-address Configure static MAC for this VLANtagged 802.1Q tagged portuplink-

vlan 21 by porttagged ethe 1/1/1spanning-tree 802-1w!vlan 22 by porttagged ethe 1/1/1spanning-tree 802-1w!vlan 23 by porttagged ethe 1/1/1spanning-tre

In the following example, the first command will change the interface configuration level to the multi-range VLAN mode for the VLANs 4, 5 and 6. In th

VLAN show parameters (Continued)TABLE 53 Command Definitionvsrp Show VSRP commandsLayer 3 protocol-based VLANsIf you want some or all of the ports w

FIGURE 75 Layer 3 protocol VLANs within a Layer 2 port-based VLANIntegrated Switch Routing (ISR)The Brocade Integrated Switch Routing (ISR) feature en

The following example shows enabling SNMP traps for MAC-notification onEthernet interface 1/1/5:device(config)# mac-notification interval 30device(con

another. Normally, to route traffic from one IP subnet, IPX network, or AppleTalk cable VLAN toanother, you would need to forward the traffic to an ex

NOTEIP subnet VLANs are not the same thing as IP protocol VLANs. An IP protocol VLAN sends all IPbroadcasts on the ports within the IP protocol VLAN.

When you configure a port-based VLAN, one of the configuration items you provide is the ports thatare in the VLAN. When you configure the VLAN, the Br

If you configure a VLAN that spans multiple devices, you need to use tagging only if a port connectingone of the devices to the other is a member of m

• In addition to the default tag type 0x8100, you can now configure one additional global tag profilewith a number from 0xffff.• Tag profiles on a sin

Virtual routing interfacesA virtual routing interface is a logical routing interface that Brocade Layer 3 Switches use to route Layer3 protocol traffi

FIGURE 79 Use virtual routing interfaces for routing between Layer 3 protocol VLANsVLAN and virtual routing interface groupsBrocade FastIron devices s

For configuration information, refer to VLAN groups and virtual routing interface group on page 394.Dynamic, static, and excluded port membershipWhen

FIGURE 80 VLAN with dynamic ports--all ports are active when you create the VLANSUBNET Ports in a new protocol VLAN that do not receive traffic for th

FIGURE 81 VLAN with dynamic ports--candidate ports become active again if they receive protocoltrafficStatic portsStatic ports are permanent members o

MAC address notification events and values (Continued)TABLE 4 Event ActionValueDescription Expected action bymanagementsoftwareVLAN and portvaluesRE

Excluded portsIf you want to prevent a port in a port-based VLAN from ever becoming a member of a protocol, IPsubnet, IPX network, or AppleTalk cable

NOTEYou cannot have a protocol-based VLAN and a subnet or network VLAN of the same protocol type inthe same port-based VLAN. For example, you can have

VLAN on the same router. A virtual routing interface can be associated with the ports in only a singleport-based VLAN. Virtual router interfaces must

guaranteed to never have an STP loop. STP will never block the virtual router interfaces within thetagged port-based VLAN, and you will have a fully r

For vlan-id , enter a valid VLAN ID that is not already in use. For example, if you have already definedVLAN 20, do not try to use "20 as the new

1. Access the global CONFIG level of the CLI on FSX-A by entering the following commands.device-A> enableNo password has been assigned yet...device

Configuring IP subnet, IPX network and protocol-based VLANsProtocol-based VLANs provide the ability to define separate broadcast domains for several u

1. To permanently assign ports 1 - 8 and port 25 to IP subnet VLAN 10.1.1.0, enter the followingcommands.device(config-vlan-2)# ip-subnet 10.1.1.0/24

The second STP domain (VLAN 3) requires that half the ports in the domain are dedicated to IPsubnet 10.1.1.0/24 and the other ports are dedicated to I

3. Create the IP and IPX protocol-based VLANs and statically assign the ports within VLAN 2 that willbe associated with each protocol-based VLAN.devic

The tables you can configure, as well as the default values and valid ranges for each table, differdepending on the Brocade device you are configuring

device-B(config-vlan-ipx-proto)# exclude e1 to 4device-B(config-vlan-other-proto)# vlan 3 name IP-Sub_IPX-Net_VLANsdevice-B(config-vlan-3)# untagged e

You can add the VLAN ports as static ports or dynamic ports. A static port is always an active memberof the VLAN. Dynamic ports within any protocol VL

FIGURE 84 Routing between protocol-based VLANsTo configure the Layer 3 VLANs and virtual routing interfaces on the FSX Layer 3 Switch in the abovefigu

device-A(config-vlan-other-proto)# no dynamicdevice-A(config-vlan-other-proto)# exclude ethernet 1 to 4Once you have defined the port-based VLAN and c

accessible using only one path through the network. The path that is blocked by STP is not availableto the routing protocols until it is in the STP FO

device-B(config-vlan-ipx-network)# router-interface ve4device-B(config-vlan-ipx-network)# other-proto name block-other-protocolsdevice-B(config-vlan-o

device-C(config-vlan-other-proto)# interface ve 3device-C(config-vif-3)# ip addr 10.1.10.1/24device-C(config-vif-3)# ip ospf area 0.0.0.0device-C(conf

NOTEYou can disable VLAN membership aging of dynamically added ports. Refer to Disabling membershipaging of dynamic VLAN ports on page 387).Dynamic po

NOTEIn the Switch image, all the ports are dynamic ports by-default, so the dynamic command does notappear in the show running-config command output.

These commands create a port-based VLAN on chassis ports 1/1 - 1/6 named "Mktg-LAN", configurean IP subnet VLAN within the port-based VLAN,

ip addr per intf:24when multicast enabled :igmp group memb.:260 sec igmp query:125 sec hardware drop: enabledwhen ospf enabled :ospf dead:40

Configuring uplink ports within a port-based VLANYou can configure a subset of the ports in a port-based VLAN as uplink ports. When you configureuplin

NOTEThis feature applies only to Layer 3 Switches.NOTEBefore using the method described in this section, refer to VLAN groups and virtual routing inte

FIGURE 86 Multiple port-based VLANs with the same protocol addressEach VLAN still requires a separate virtual routing interface. However, all three VL

routing interface MAC address, the device switches the packet on Layer 3 to the destination host onthe VLAN.NOTEIf the Brocade device ARP table does n

NOTEBecause virtual routing interfaces 2 and 3 do not have their own IP subnet addresses but instead are"following" virtual routing interfac

The first command in this example begins configuration for VLAN group 1, and assigns VLANs 2through 257 to the group. The second command adds ports 1/

Displaying information about VLAN groupsTo display VLAN group configuration information, use the show vlan-group command.device# show vlan-groupvlan-g

VLAN group to use the virtual routing interface group that has the same ID as the VLAN group. You canenter this command when you configure the VLAN gr

The number of VLANs and virtual routing interfaces supported on your product depends on the deviceand, for Chassis devices, the amount of DRAM on the

Super-aggregated VLAN configurationYou can aggregate multiple VLANs within another VLAN. This feature allows you to construct Layer 2paths and channel

Configuring an interval for collecting MAC address movenotifications...

ip-static-route 64 2048 2048 vlan 64 4095 4095 spanning-tree 32 254 2

FIGURE 87 Conceptual model of the super aggregated VLAN applicationEach client connected to the edge device is in its own port-based VLAN, which is li

The following figure shows an example application that uses aggregated VLANs. This configurationincludes the client connections shown in Figure 87 .FI

Configuration notes for aggregated VLANs• This feature is not supported on the 48-port 10/100/1000 Mbps (RJ45) Ethernet POE interfacemodule (SX-FI48GP

device(config-vlan-101)# exitdevice(config)# vlan 102 by portdevice(config-vlan-102)# tagged ethernet 2/1device(config-vlan-102)# untagged ethernet 1/

NOTEIn these examples, the configurations of the edge devices (A, B, E, and F) are identical. Theconfigurations of the core devices (C and D) also are

Commands for configuring aggregated VLANs on device CBecause device C is aggregating channel VLANs from devices A and B into a single path, you need t

Commands for configuring aggregated VLANs on device FThe commands for configuring device F are identical to the commands for configuring device E. In

FIGURE 89 802.1ad configuration exampleIn the above figure, the untagged ports (to customer interfaces) accept frames that have any 802.1Qtag other th

• FastIron X Series devices support one configured tag-type per device along with the default tag-type of 8100. For example, if you configure an 802.1

FIGURE 90 Example 802.1ad configurationConfiguring 802.1ad tag profilesNOTE802.1ad tag profiles are not supported on FastIron X Series devices.The 802

when bgp enabled :bgp local pref.:100 bgp keep alive:60 sec bgp hold:180 secbgp metric:10 bgp local as:1 bgp clus

• Tag-type and tag-profile cannot be configured at the same time. You will see the message "un-configure the tag-type to set the tag-profile.&quo

FIGURE 91 PVLAN used to secure communication between a workstation and serversThis example uses a PVLAN to secure traffic between hosts and the rest o

• Primary - The primary PVLAN ports are "promiscuous". They can communicate with all the isolatedPVLAN ports and community PVLAN ports in th

FIGURE 93 Example PVLAN network with tagged portsThe following table lists the differences between PVLANs and standard VLANs.Comparison of PVLANs and

Configuration notes for PVLANs and standard VLANs• PVLANs are supported on untagged ports on all FastIron platforms. PVLANs are also supported ontagge

PVLAN support matrix (Continued)TABLE 57 Platform ForwardingTypeTaggedPortUntagged PortISLPortMultiple Promiscuous PortICX-6430 Hardware No Yes No Y

• The vlan-id parameter specifies another PVLAN. The other PVLAN you want to specify mustalready be configured.• The ethernet portnum parameter specif

• community - Broadcasts and unknown unicasts received on community ports are sent to the primaryport and also are flooded to the other ports in the c

CLI example for a general PVLAN networkTo configure the PVLANs shown in Figure 91 on page 411, enter the following commands.device(config)# vlan 901de

device(config-vlan-100)# pvlan type primarydevice(config-vlan-100)# pvlan pvlan-trunk 102 ethernet 1/1/10 to 1/1/11device(config-vlan-100)# pvlan pvla

System parameters in show default values command (Continued)TABLE 5 Parameter Definitionip-route Learned IP routesip-static-arp Static IP ARP entrie

Dual-mode VLAN portsConfiguring a tagged port as a dual-mode port allows it to accept and transmit both tagged traffic anduntagged traffic at the same

FIGURE 94 Dual-mode VLAN port exampleTo enable the dual-mode feature on port 2/11 in the above figure,enter the following commands.device(config)# vla

device(config-if-e1000-2/11)# dual-modedevice(config-if-e1000-2/11)# exitSyntax: [no] dual-modeYou can configure a dual-mode port to transmit traffic

NOTEAn error message is displayed while attempting to configure an existing dual-mode on a port range.Example:Port 1/1/6 has already been configured a

Displaying VLANs in alphanumeric orderBy default, VLANs are displayed in alphanumeric order, as shown in the following example.device# show run...vlan

Uplink Ports: None DualMode Ports: NoneSyntax: show vlans [vlan-id | ethernet [slotnum/]portnum]The vlan-id parameter specifies a VLAN for which yo

Syntax: show vlan brief ethernet [slotnum/]portnumThe slotnum parameter is required on chassis devices.Displaying a port dual-mode VLAN membershipThe

Displaying PVLAN informationTo display the PVLAN configuration with respect to the primary VLAN and its associated secondaryVLANs and to display the m

Displaying PVLAN information428 FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide53-1003086-04

VXLAN● Supported VXLAN features...429● VXLAN gateway overview.

The num parameter specifies the maximum number of routes in the IP route table. The minimum valueis 4096. The maximum value is 524288 (subject to rout

VXLAN gateway overviewVirtual Extensible Local Area Network (VXLAN) is an overlay technology to create a logical Layer 2network on top of an Layer 3 I

Ethernet header, outer IP header, outer UDP header, and VXLAN header. The outer IP header containsthe corresponding source and destination VTEP IP add

Inner frame VLAN taggingIn the VXLAN gateway, by default, the encapsulating VTEP strips the inner VLAN tag of the packetbefore forwarding it to the re

• UDLD, LACP, or Keepalive• Path MTU discovery• Hitless and stacking support is not available for VXLAN feature on Brocade ICX 7750.VXLAN configuratio

Configuring VXLAN434 FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide53-1003086-04

VXLAN-related syslog messagesFollowing are VXLAN-related syslog messages:VXLAN-related syslog messagesTABLE 58 Event Syslog OutputVXLAN L2-Tunnel Up

VXLAN-related syslog messages436 FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide53-1003086-04

Layer 2 Commands● clear notification-mac statistics... 438● errdisab

clear notification-mac statisticsClears the MAC-notification statistics, such as the number of trap messages and number of MAC-notification events sen

errdisable packet-inerror-detectEnables the device to monitor configured ports for inError packets and defines the sampling timeinterval in which the

• If there is any over-subscription on the egress port, either due to speed mismatch or networktopology, the device will buffer the packets and the fo

failoverEnables or disables LAG hardware failover.Enables LAG hardware failover. The no form of this command disables LAG hardware failover.Syntaxfail

force-up ethernetForces the member port of a dynamic LAG to be logically operational even when the dynamic LAG isnot operating. The no form of the com

interface l2-tunnelCreates a Layer 2 tunnel interface.Syntaxinterface l2-tunnel tunnel-idno interface l2-tunnel tunnel-idCommand DefaultThe Layer 2 tu

l2-tunnelConfigures the source and destination of the Layer 2 tunnel.Syntaxl2-tunnel {source {source-ip | source-interface-type source-interface-numbe

l2-tunnel mode vxlan elineConfigures the Layer 2 tunnel encapsulation method as VXLAN UDP encapsulation.Syntaxl2-tunnel mode vxlan elineno l2-tunnel m

mac-notification intervalSpecifies the MAC-notification interval in seconds between each set of generated traps. The no form ofthis command sets the i

packet-inerror-detectEnables the monitoring of a port for inError packets and defines the maximum number of inErrorpackets that is allowed for the por

show interface l2-tunnelDisplays VXLAN Layer 2 tunnel interface details.Syntaxshow interface l2-tunnel tunnel-idParameterstunnel-idSpecifies the tunne

show notification-macDisplays whether the MAC-notification for SNMP traps is enabled or disabled.Syntaxshow notification-macModesPrivileged EXECUsage

show packet-inerror-detectDisplays details related to the monitoring for inError packets for configured ports.Syntaxshow packet-inerror-detectModesPri

Default queue depth limits for FastIron X Series devicesThe following table defines the default maximum queue depth values per port, per traffic class

show span designated-protectDisplays a list of all ports that are disallowed to go into the designated forwarding state.Syntaxshow span designated-pro

snmp-server enable traps mac-notificationEnables the MAC-notification trap whenever a MAC address event is generated on a device or aninterface.The no

spanning-tree designated-protectDisallows the designated forwarding state on a port in STP 802.1d or 802.1w. The no form of thiscommand allows the des

system-max mac-notification-bufferChanges the value of the MAC-notification buffer.Sets the buffer queue size to maintain MAC-notification events. The

vxlan vlanConfigures the VXLAN membership of the port by specifying the VLAN port and VNI for VXLANmapping.Syntaxvxlan vlan vlan-id vni vni-id l2-tunn

Configuring the transmit queue depth limit for a given traffic class onFastIron X Series devicesNOTETo configure transmit queue depth limits for an SX

Buffer profile configurationThe following Interface modules support up to eight buffer profiles:• SX-FI48GPP• SX-FI-24GPP• SX-FI-24HF• SX-FI-2XG• SX-F

For ports that use buffer profile 2, packets with priority 1 are added to the outbound queue as longas the packets do not exceed 299 buffers. When the

Dynamic buffer allocation for FCX and ICX devicesBy default, the traditional stack architecture allocates fixed buffers on a per-priority queue, per-p

Metro Ring Protocol configuration...85Metro Ring Protocol diagnostics...

NOTEFor FCX devices, when you reset buffer values for the 10 Gbps ports, the buffer values for the rear-panel 10 Gbps and16 Gbps ports are also reset.

Sample configuration for buffer profile with qd-descriptor and qd-buffercommands on FCX and ICXThis sample configuration assumes a four-unit stack wit

egress buffers and descriptors limits to the port and on its queues. This template is then applied to thedevice.NOTEBuffer profiles can be configured

Port type modification resets the profile to its default value. All the port and queue buffers anddescriptors will be set to either 1 Gbps or 10 Gbps

The port-region variable is the device number on which the user-configurable buffer profile is applied.The user-profile-name variable is the name of t

Port buffer and descriptors values on ICX 6610 devices (Continued)TABLE 9 1 Gbps buffers anddescriptors10 Gbps buffers anddescriptors40 Gbps buffers

Port buffer and descriptors values on ICX 6450 devices1 (Continued)TABLE 11 1 Gbps buffers 10 Gbps buffers 1Gbps descriptors 10 Gbps descriptorsTC3

Field definitions for the output of show qd-buffer-profile commandTABLE 12 Field DescriptionUser Buffer Profile The name of the user-configurable bu

If you configure buffers at the port or queue level (using qd commands or buffer profiles), the buffersharing level automatically changes to 1. You ca

ICX 6610 buffer sharing level definitions (Continued)TABLE 14 Buffer sharing level Shared buffer limit Shared buffer total (inkilobytes)Pool 0 shari

Setting the sFlow sampling rate for a port in a LAG... 149IP assignment within a LAG...

Following is an example for ICX 6610 devices.ICX6610-48 Router# show qd-share-level Sharing level: 1-64KB, 2-250KB, 3-375KB, 4-500KB, 5-625KB (default

Buffer profiles for VoIP on FastIron stackable devicesNOTEConfiguring buffer profiles for VoIP traffic is not supported on FastIron X Series and ICX 6

The ingress descriptors are total of 16K buffers. Each buffer is 512 bytes. The 16K buffers are dividedinto 8 cores of 2K each.The egress descriptors

ICX 6650 buffer sharing level definitionsTABLE 17 Shared buffer limitPool 0 –TC0, 1Pool 1 – TC 2,3, 4Pool 2 – TC 5, 6 Pool 3 – TC 7 Shared buffer to

Enabling and disabling remote fault notificationRFN is ON by default. To disable RFN, use the following command.device(config)#interface e 0/1/1device

Viewing the status of LFS-enabled linksThe status of an LFS-enabled link is shown in the output of the show interface and show interfacebrief commands

Packet InError Detection counts an ingress frame that has one or more of the following errors as aninError packet:• Alignment error• CRC error• Oversi

Syslog message for error-disabled port due to inError packetsThe following syslog message is generated when a port is error-disabled because of inErro

Syslog message for error-disabled port due to inError packets68 FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide53-1003086-

Metro Features● Supported metro features... 69● Topology g

Increasing the maximum configurable value of the Leaveall timer... 220Enabling GVRP...

You can use topology groups with the following Layer 2 protocols:• STP/RSTP• MRP• VSRP• 802.1WTopology groups simplify Layer 2 configuration and provi

Topology group configuration considerations• You must configure the master VLAN and member VLANs or member VLAN groups before youconfigure the topolog

NOTEIf you add a new master VLAN to a topology group that already has a master VLAN, the new masterVLAN replaces the older master VLAN. All member VLA

Syntax: show topology-group [ group-id ]This display shows the following information.CLI display of topology group information TABLE 18 Field Descri

FIGURE 1 Metro ring - normal stateThe ring in this example consists of four MRP nodes (Brocade switches). Each node has twointerfaces with the ring. E

loop from occurring while you are configuring MRP on the ring nodes. Once MRP is configured andenabled on all the nodes, you can re-enable the interfa

In this example, two nodes are each configured with two MRP rings. Any node in a ring can be themaster for its ring. A node also can be the master for

FIGURE 4 Interface IDs and typesFor example, in Figure 4 , the ID of all interfaces on all nodes on Ring 1 is 1 and all interfaces on allnodes on Ring

NOTEAny node on an MRP ring that has two shared interfaces cannot be elected as the master node.In Figure 4 on page 77, any of the nodes on Ring 1, ev

MRP uses Ring Health Packets (RHPs) to monitor the health of the ring. An RHP is an MRP protocolpacket. The source address is the MAC address of the m

VLAN tags and dual mode... 319Configuring PVST+ support...

FIGURE 6 Metro ring - from preforwarding to forwardingEach RHP also has a sequence number. MRP can use the sequence number to determine the round-trip

FIGURE 7 Flow of RHP packets on MRP rings with shared interfacesPort 2/1 on Ring 1 master node is the primary interface of the master node. The primar

FIGURE 8 Metro ring - ring breakIf a break in the ring occurs, MRP heals the ring by changing the states of some of the ring interfaces:• Blocking int

• If an RHP reaches the Master node secondary interface, the ring is intact. The secondary interfacechanges to Blocking. The Master node sets the forw

FIGURE 10 Metro ring - ring VLAN and customer VLANsNotice that each customer has their own VLAN. Customer A has VLAN 30 and Customer B has VLAN40. Cus

If you use a topology group:• The master VLAN must contain the ring interfaces. The ports must be tagged, since they will beshared by multiple VLANs.•

device(config-vlan-2-mrp-1)#masterdevice(config-vlan-2-mrp-1)#ring-interface ethernet 1/1 ethernet 1/2device(config-vlan-2-mrp-1)#enableThese commands

secondary interfaces on the Master node. Configuring multiple rings enables you to use all the ports inthe ring. The same port can forward traffic one

NOTEThis command is valid only on the master node.Displaying MRP diagnosticsTo display MRP diagnostics results, enter the following command on the Mas

Displaying topology group informationTo display topology group information, enter the following command.Syntax: show topology-group [group-id]Refer to

IP subnet, IPX network, and protocol-based VLAN configurationexample...

CLI display of MRP ring information (Continued)TABLE 20 Field DescriptionPrefwing time The number of milliseconds an MRP interface that has entered

CLI display of MRP ring information (Continued)TABLE 20 Field DescriptionInterface Type Shows if the interface is a regular port or a tunnel port.RH

device(config-vlan-2-mrp-1)#enabledevice(config-vlan-2-mrp-1)#exitdevice(config-vlan-2)#exitThe following commands configure the customer VLANs. The c

device(config-vlan-40)#exitdevice(config)#topology-group 1device(config-topo-group-1)#master-vlan 2device(config-topo-group-1)#member-vlan 30device(co

FIGURE 11 VSRP mesh - redundant paths for Layer 2 and Layer 3 trafficIn this example, two Brocade devices are configured as redundant paths for VRID 1

When you configure VSRP, make sure each of the non-VSRP Brocade devices connected to the VSRPdevices has a separate link to each of the VSRP devices.V

VSRP failoverEach Backup listens for Hello messages from the Master. The Hello messages indicate that theMaster is still available. If the Backups sto

FIGURE 12 VSRP priorityHowever, if one of the VRID ports goes down on one of the Backups, that Backup priority is reduced. Ifthe Master priority is re

FIGURE 14 VSRP priority biasTrack portsOptionally, you can configure track ports to be included during VSRP priority calculation. In VSRP, atrack port

In Figure 15 , the track port is up. SInce the port is up, the track priority does not affect the VSRPpriority calculation. If the track port goes dow