S- K- and 7100-Series Configuration Guide
>
Connectivity Fault Management Configuration
>
Single MD Configuration Example
> Configuring Device maCE2:1
Published May 2016
prev
|
next
Print this page
Email this topic
Feedback
View PDF
Download EPUB
Legal Notices
About this Guide
How to Use this Guide
Related Publications
Text Conventions
Commonly Used Acronyms
Feature Platform Support Labeling
Getting Help
Providing Feedback to Us
Getting Started
Device Management Methods
Initial Configuration
Advanced Configuration Overview
Using the CLI
CLI Conventions
Getting Help with CLI Syntax
Using Context-Sensitive Help
Performing Keyword Lookups
Displaying Scrolling Screens
Abbreviating and Completing Commands
Using the Spacebar Auto Complete Function
Configuring CLI Properties
Example CLI Properties Configuration
CLI Properties Display Commands
Image Configuration and File Management
Configuration and Image File Management on Your System
Automated Deployment
Saving a Configuration
Executing a Configuration
Deleting a Configuration Restore-Point or File
Downloading a File from an FTP, TFTP, or SCP Server
Downloading a Firmware Image via the Serial Port
Uploading a Configuration File
Setting the Boot Firmware Image
Running a Configuration Script
Linecard Phantom Configuration (K-Series)
Configuration and Image File Display Commands
High Availability Firmware Upgrade (HAU) Configuration
Using High Availability Firmware Upgrade in Your Network
Implementing HAU
High Availability Upgrade Preconditions
System Limitations During a High Availability Upgrade
HAU Configuration Overview
Configuring System Boot Image and Mode
Configuring HAU Default Mode
Configuring HAU Groups
Configuring a Delay Between HAU Group Upgrades
Disabling a Configured HAU
Forcing Early Completion of a Running HAU
High Availability Firmware Upgrade in a Virtual Switch Bonded System
S-Series Slotted Chassis Firmware Upgrade in a Virtual Switch Bonded System
SSA or 7100-Series Firmware Upgrade in a Virtual Switch Bonded System
Configuring HAU
Terms and Definitions
S- and K-Series Virtual Switch Bonding (VSB) Configuration
Using Virtual Switch Bonding in Your Network
Implementing VSB
VSB Configuration Overview
VSB Chassis Configuration
VSB Interconnect Link Configuration
Link Failure Response (LFR) Configuration
VSB System MAC address Configuration
Licensing (S-Series)
Globally Enabling and Disabling the VSB System
LACP Local Preference Configuration
High Availability Firmware Upgrade
Applying a VSB Configuration File to a Replacement VSB Chassis
Configuring VSB
Terms and Definitions
7100-Series Virtual Switch Bonding (VSB) Stacking Configuration
Using Virtual Switch Bonding in Your Network
Implementing VSB Stacking
VSB Configuration Overview
VSB Chassis Configuration
VSB Interconnect Link Configuration
Link Failure Response (LFR) Configuration
Example A: LFR Tie Breaker
Example B: Failed Chassis
Example C: Failed Chassis That Takes the Stack Down
Example D: Assigning LFR Priorities
VSB System MAC address Configuration
Licensing
Globally Enabling and Disabling the VSB System
High Availability Firmware Upgrade
Applying a VSB Configuration File to a Replacement VSB Chassis
Adding a Chassis to an Existing VSB Stacking System
A Failed Chassis in an VSB Stacking System
Configuring VSB
Terms and Definitions
Port Configuration
Port Configuration Overview
Port String Syntax Used in the CLI
Console Port Parameters
Administratively Enabling a Port
Ingress Filtering
Port Alias
Force Linkdown
Default Port Speed
The QSFP Port (S-Series)
Changing the QSFP Port Speed
Port Duplex
Jumbo Frames
Auto-Negotiation and Port Advertised Ability
Port MDI/MDIX
Port Flow Control
Configuring Link Traps and Link Flap Detection
Port Broadcast Suppression
Port Priority
Port Priority to Transmit Queue Mapping (S-, K-Series)
Transmit Queue Monitoring (7100-Series)
Energy Efficient Ethernet (EEE) (S-, 7100-Series)
Configuring Ports
Terms and Definitions
Port Mirroring Configuration
How to Use Port Mirroring in Your Network
Implementing Port Mirroring
Overview of Port Mirroring Configurations
LAG Mirrors
IDS Mirrors (S-, K-Series)
VLAN Mirrors
Avoiding Bottlenecks
Policy Mirrors (S-, K-Series)
Configuring Port Mirrors
Reviewing Port Mirroring
Reviewing Policy Mirror Destinations
Setting Port or VLAN Mirroring
Setting Enhanced Port Mirroring (S-, K-Series)
Setting Policy Mirror Destinations (S-, K-Series)
Deleting Mirrors
Remote Mirroring Using a Layer 2 GRE Tunnel
Example: Configuring and Monitoring Port Mirroring (S-, K-Series)
Example: Configuring an IDS Mirror (S-, K-Series)
Example: Configuring a Policy Mirror Destination (S-, K-Series)
System Configuration
Chassis Compatibility Mode (S-Series)
System Properties Overview
System Properties Example
User Management Overview
User Management Example
Setting the Authentication Login Method
Using WebView
Management Authentication Notification MIB Overview
Configuring Management Authentication Notification MIB
Management Authentication Notification MIB Configuration Examples
License Overview
Configuring a License
License Examples
SNTP Overview
Unicast Polling Mode
Broadcast Listening Mode
SNTP Authentication
Authentication Mode
Authentication Key
Authentication Trust Flag
Configuring SNTP
SNTP Configuration Examples
Telnet Overview
Configuring Telnet
Telnet Examples
Secure Shell Overview
SSH Client Authentication
Password Authentication
Public Key Authentication (S-, K-Series)
Configuring Secure Shell
Secure Shell Configuration Examples
Domain Name Server (DNS) Overview
Configuring DNS
DNS Configuration Example
DHCP Overview
IPv4 DHCP Supported Server Options
DHCP Server
Configuring Client Class
DHCP Configuration Example
DHCPv6 Overview
DHCPv6 Server Option Information Configuration Example
IPv6 DHCP Relay Source and Destination Interfaces
Configuring DHCP
Node Alias Overview
Configuring Node Alias
Setting Node Alias State and Max Entries
MAC Address Settings Overview
Age Time
Multicast MAC Address VLAN Port Limit
Network Load Balanced (NLB) Servers Configured for Multicast
Static MAC Address Entry
Unicast as Multicast
New and Moved MAC Address Detection
Terms and Definitions
Security Mode Configuration
How to Use Security Mode in Your Network
FIPS Security Mode
Security Profile Mode
Boot Access Security Mode
Security Profile Mode Default Parameter Setting Changes
Security Profile Mode Parameter Range Changes
C2 Security Profile Mode Command Access Changes
C2 Security Profile Mode Read-Write User Mode Changes
C2 Security Profile Mode Read-Only User Mode Changes
Implementing Security Mode
Configuring Security Mode
Security Mode Display Commands
Security Mode Configuration Example
Terms and Definitions
IPsec Protocol Configuration
How to Use IPsec in Your Network
IPsec Implementation Requirements
Required Manual Configuration
Understanding the IPsec Protocol
IKE Map
IKE Proposal
IKE Policy
Source and Destination Address and Port
Encapsulation
SA Lifetime
Transmission Protocol
Encryption Request
Configuring IPsec
IKE Proposal Configuration
IKE Policy Configuration
IKE Map Configuration
IPsec Configuration
IPsec Display Commands
IPsec Configuration Example
Terms and Definitions
Public-Key Infrastructure (PKI) Configuration
Using Public-Key Infrastructure (PKI) in Your Network
Implementing Public-Key Infrastructure
Public-Key Infrastructure Configuration Overview
The X.509 Certificate
Enabling Certificate Revocation Checking
Specifying an OCSP Signature Certificate Authority List
Enabling the Nonce Extension
Configuring an Alternative OCSP Responder
Specifying a Single Authorization Username for the System
Dynamically Extracting the Username from the X.509 Subject Field
Configuring Public-Key Infrastructure
Terms and Definitions
Tracked Object Manager Configuration
Using Tracked Object Manager in Your Network
Tracked Objects
Probes
Scheduling
Probe Session Scheduling
Tracked Object Scheduling
State Probe Configuration
Probe Parameters
Description
Application Content Verification Parameters
Fail Detection Parameters
Pass Detection Parameters
Common Pass/Fail Parameters
Fail Detection Methods
Ping
Server Port Service Verification (S-Series)
Application Content Verification
Preset Default ICMP Probes
Manually Applied Default ICMP Probes
Auto-Applied Default ICMP Probes (S-Series)
Configuring a Probe for Policy Based Routing
Configuring a Probe for Server Load Balancing (S-Series)
Configuring a Probe for TWCB (S-Series)
Configuring a Probe for VRRP
Configuring State Probes
Timing Probe Configuration
Timing Probe Parameters
Configuring a Timing Probe for IP SLA
Procedure
Tracked Object Configuration
Tracked Object Parameters
Procedure
Example
Terms and Definitions
Bidirectional Forwarding Detection (BFD) Configuration
Using Bidirectional Forwarding Detection (BFD) in Your Network
Implementing BFD
BFD Configuration Overview
BFD Probe
BFD Operational Modes
Control Packet
Echo Function
Slow Timer
BFD in an OSPF Context
BFD with Graceful Restart
Configuring BFD
Terms and Definitions
Link-State Configuration
Using the Link-State Application in Your Network
Configuring Link-State
IP SLA Configuration
Using IP SLA in Your Network
Constraints and Limitations
Monitoring Paths
Scheduling Tests
Reported Statistics
Measurements
One-way Delay
System Resources Affected by IP SLA
IP SLA Syslog Messages
Configuring IP SLA
Default Settings
IP SLA Configuration Procedure
Example IP SLA Configuration
IP SLA Display Commands
Power over Ethernet Configuration
How to Use PoE in Your Network
Implementing PoE
Allocation of PoE Power to Modules
When Manual Mode is Configured
Management of PoE Power to PDs
Configuring PoE
Default Settings
PoE Configuration Procedure
Example PoE Configuration (S-Series)
PoE Display Commands
Discovery Protocol Configuration
How to Use Neighbor Discovery in Your Network
Understanding Neighbor Discovery
LLDP-MED
LLDPDU Frames
Neighbor Warning Detection
Configuring LLDP
LLDP Configuration Commands
Basic LLDP Configuration
LLDP Display Commands
Configuring Neighbor Warning Detection
Configuring Enterasys Discovery Protocol
Enterasys Discovery Protocol Configuration Commands
Enterasys Discovery Protocol Show Commands
Configuring Cisco Discovery Protocol
Cisco Discovery Protocol Configuration Commands
Cisco Discovery Protocol Show Commands
Data Center Bridging Configuration
How to Use Data Center Bridging in Your Network
Implementing Data Center Bridging
Enhanced Transmission Selection Configuration
Priority-Based Flow Control Configuration (S-, 7100-Series)
Application Priority Configuration
Congestion Notification (CN) Configuration (S-, 7100-Series)
Implementing Congestion Notification
Enabling Congestion Notification
Congestion Notification Priority Value (CNPV)
Alternate Priority
Congestion Notification Domain Defense
Priority Choice
LLDP
Congestion Point Queue
Congestion Notification Queue Profile
Congestion Notification Configuration Example
Configuring Data Center Bridging
Terms and Definitions
Simple Network Management Protocol (SNMP) Configuration
Using SNMP in Your Network
High-Level Configuration Process
SNMP Concepts
Manager/Agent Model Components
Message Functions
Trap Versus Inform Messages
Access to MIB Objects
Community Name Strings
User-Based
SNMP Support on S- K- and 7100-Series Devices
Versions Supported
SNMPv1 and v2c Network Management Components
SNMPv3 User-Based Security Model (USM) Enhancements
Terms and Definitions
Security Models and Levels
Access Control
Configuring SNMP
Configuration Basics
How SNMP Processes a Notification Configuration
SNMP Defaults
Device Start Up Configuration
Configuring SNMPv1/SNMPv2c
Creating a New Configuration
Adding to or Modifying the Default Configuration
Configuring SNMPv3
Configuring an SNMPv3 Inform or Trap Engine ID
Configuring an SNMP View
Configuring the Optional Mask Parameter
Configuring Secure SNMP Community Names
Example
Reviewing SNMP Settings
Community
Context
Counters
Engineid
Groups
Group Access Rights
Target Parameter Profiles
Target Address Profiles
Notify
Notify Filter
Notify Profile
Users
Views
Spanning Tree Configuration
What Is the Spanning Tree Protocol?
Why Would I Use Spanning Trees in My Network?
How Do I Implement Spanning Trees?
STP Overview
Rapid Spanning Tree
Multiple Spanning Tree
Per-VLAN Spanning Tree (PVST)
Functions and Features Supported on the S- K- and 7100-Series Devices
Spanning Tree Versions
Maximum SID Capacities
Network Diameter
Port Forwarding
Disabling Spanning Tree
STP Features
SpanGuard and Autounlock
Loop Protect
Updated 802.1t
Restricted Topology Change Notification (TCN)
Restricted Role
Multisource Detection
Understanding How Spanning Tree Operates
Spanning Tree Basics
Electing the Root Bridge
Assigning Path Costs
Paths to Root
Identifying Designated, Alternate, and Backup Port Roles
Assigning Port States
RSTP Operation
MSTP Operation
Common and Internal Spanning Tree (CIST)
MST Region
Multiple Spanning Tree Instances (MSTI)
Multisource Detection
Configuring STP and RSTP
Reviewing and Enabling Spanning Tree
Example
Adjusting Spanning Tree Parameters
Setting Bridge Priority Mode and Priority
Setting a Port Priority
Assigning Port Costs
Adjusting Bridge Protocol Data Unit (BPDU) Intervals
Setting the Maximum Configurable STPs
Setting Restricted TCN and Restricted Role
Enabling the Backup Root Function
Adjusting RSTP Parameters
Defining Point-to-Point Links
Defining Edge Port Status
Configuring MSTP
Example 1: Configuring MSTP for Traffic Segregation
Example 2: Configuring MSTP for Maximum Bandwidth Utilization
Adjusting MSTP Parameters
Monitoring MSTP
Understanding and Configuring SpanGuard
What Is SpanGuard?
How Does It Operate?
Configuring SpanGuard
Reviewing and Setting Edge Port Status
Enabling and Adjusting SpanGuard
Monitoring SpanGuard Status and Settings
Understanding and Configuring Loop Protect
What Is Loop Protect?
How Does It Operate?
Port Modes and Event Triggers
Example: Basic Loop Protect Configuration
Configuring Loop Protect
Enabling or Disabling Loop Protect
Specifying Loop Protect Partners
Setting the Loop Protect Event Threshold and Window
Enabling or Disabling Loop Protect Event Notifications
Setting the Disputed BPDU Threshold
Monitoring Loop Protect Status and Settings
Terms and Definitions
Shortest Path Bridging (SPB) Configuration
Using Shortest Path Bridging (SPB) in Your Network
Implementing Shortest Path Bridging
Shortest Path Bridging VLAN Configuration Overview
SPBV Spanning Tree Configuration
SPVID Pool
Assigning a Base-VLAN to Use SPB
Base-VLAN Configuration
SPB Ports
Configuring Shortest Path Bridging VLAN
Terms and Definitions
Routing as a Service (RaaS) Configuration
Using Routing as a Service (RaaS) in Your Network
Implementing Routing as a Service
Routing as a Service Configuration Overview
Helper Router Configuration
Main Router Configuration
Configuring Routing as a Service
RaaS Configuration Example
Main Router 1 SPB Node A
Main Router 2 SPB Node B
Helper Router 1 SPB Node C
Helper Router 2 SPB Node D
Terms and Definitions
VLAN Configuration
Using VLANs in Your Network
Implementing VLANs
Preparing for VLAN Configuration
Understanding How VLANs Operate
Learning Modes and Filtering Databases
VLAN Assignment and Forwarding
Receiving Frames from VLAN Ports
Forwarding Decisions
Adding a MIB-II Interface Entry to a VLAN
Example of a VLAN Switch in Operation
VLAN Support on Extreme Networks S-, K-, and 7100-Series Switches
Maximum Active VLANs
Configurable Range
VLAN Types
Static and Dynamic VLANs
Port-Based VLANs
Policy-Based VLANs
Dynamic VLAN Support
How Dynamic VLAN Support Works
Configuring VLANs
Default Settings
Configuring Static VLANs
Example Configuration
Creating a Secure Management VLAN
Configuring Dynamic VLANs
Configuring Protocol-Based VLAN Classification
Example Configuration
Configuring IGMP VLAN Snooping
Monitoring VLANs
Terms and Definitions
VLAN Provider Bridges
Configuring Provider Bridges
Customer Bridge Mode
Provider Bridge Mode
Link Aggregation Control Protocol (LACP) Configuration
Using Link Aggregation in Your Network
Implementing Link Aggregation
Link Aggregation Overview
LACP Operation
How a LAG Forms
Attached Ports
Single Port Attached State Rules
LAG Port Parameters
Flow Regeneration (S-, K-Series)
The Out-Port Algorithm
Static Port Assignment
Platform LAG and Physical Port Support
Configuring Link Aggregation
Link Aggregation Configuration Examples
Link Aggregation Configuration Example 1
Configuring the Distribution Switch
Configuring the Edge Switch
Configuring the Fixed Switch
Configuring the Server
Link Aggregation Configuration Example 2
Configuring the Edge Switch
Configuring the Upstream Switch
Terms and Definitions
Policy Configuration
Using Policy in Your Network
Implementing Policy
Policy Overview
Introduction
The Extreme Networks NetSight Policy Manager
Understanding Roles in a Secure Network
The Policy Role
Policy Roles
Defining a Policy Role
Setting a Default VLAN for this Role
Assigning a Class of Service to this Role
Adding Tagged, Untagged, and Forbidden Ports to the VLAN Egress Lists
Applying a Destination Mirror to a Role (S-, K-Series)
Overwriting VLAN Tags Priority and Classification Settings
VLAN-to-Policy Mapping
Applying Policy Using the RADIUS Response Attributes
Applying Policy Using Hybrid Authentication Mode
Device Response to Invalid Policy
Disabling an Ingress Port on First Profile Rule Use (S-, K-Series)
Clearing Policy Rule Usage Statistics (S-, K-Series)
Classification Rules
Configuring Policy Role Traffic Classification Precedence (S-, K-Series)
Policy Applications (S-, K-Series)
Specifying Storage Type
Forward and Drop
Allowed Traffic Rule-Type on a Port (S-, K-Series)
Policy Accounting (S-, K-Series)
Policy Syslog Rule Usage (S-, K-Series)
Quality of Service in a Policy Rules Context
Disabling an Ingress Port Per Policy Rule (S-, K-Series)
Blocking Non-Edge Protocols at the Edge Network Layer
System Resource Allocation Profile (7100-Series)
Policy Capabilities
Captive Portal Redirection (S-, K-Series)
Configuring Policy
Policy Configuration Example
Roles
Policy Domains
Basic Edge
Standard Edge
Premium Edge
Premium Distribution
Data Center
Platform Configuration
Configuring Guest Policy on Edge Platforms
Configuring Policy for the Edge Student Fixed Switch
Configuring PhoneFS Policy for the Edge Fixed Switch
Configuring Policy for the Edge Faculty Fixed Switch
Configuring PhoneES Policy for the Services Edge Switch
Configuring Policy for the Services Edge Switch
Configuring the Distribution Layer Role
Configuring Server[iSCSI] Policy on the 7100-Series Platform
Terms and Definitions
Multicast Configuration
How to Use Multicast in Your Network
Implementing Multicast
Understanding Multicast
Internet Group Management Protocol (IGMP)
Overview
IGMP Support on Extreme Networks Devices
Example: Sending a Multicast Stream
Understanding Distance Vector Multicast Routing Protocol (DVMRP)
Overview
DVMRP Support on Extreme Networks Devices
Understanding PIM
Overview
PIM-SM
PIM Support on Extreme Networks Devices
Anycast-RP
PIM-DM
PIM Terms and Definitions
Configuring Multicast
Configuring IGMP
IGMP Configuration Commands
Basic IGMP Configurations
Example IGMP Configuration
IGMP Display Commands
Configuring DVMRP
DVMRP Configuration Commands
Basic DVMRP Configuration
Example DVMRP Configuration
Displaying DVMRP Information
Configuring PIM
PIM Configuration Commands
Basic PIM-SM Configurations
PIM IPv4 and IPv6 Display Commands
Example PIM Configuration
Example PIM-SSM Configuration
MSDP Configuration
MSDP Overview
Source Active Messages
MSDP Mesh Groups
Configuring MSDP
MSDP Display Commands
Example MSDP Configuration
Configuring Anycast RP in MSDP
Multi-Topology Configuration
Multiple Topology Overview
Configuring a Multicast Topology
Global Mode Topology Configuration
Multicast Topology Configuration
Multi-Topology Display Commands
Multicast Listener Discovery (MLD) Configuration
Using MLD in Your Network
Implementing MLD
Understanding MLD
MLD Support on Extreme Networks Devices
Example: Sending a Multicast Stream
Configuring MLD
MLD Configuration Commands
Basic MLD Configurations
Example MLD Configuration
MLD Display Commands
System Logging Configuration
Using Syslog in Your Network
Syslog On S- K- and 7100-Series Switches
Syslog Overview
Configuring Syslog Message Disposition
Filtering by Severity and Facility
Syslog Components and Their Use
Basic Syslog Scenario
Interpreting Messages
Example
Configuring Syslog
Syslog Command Precedence
About Server and Application Severity Levels
Configuring Syslog Server(s)
Example
Modifying Syslog Server Defaults
Displaying System Logging Defaults
Modifying Default Settings
Reviewing and Configuring Logging for Applications
Displaying Current Application Severity Levels
Modifying Severity Levels and Assigning Syslog Servers for Applications
Enabling Console Logging and File Storage
Displaying to the Console and Saving to a File
Displaying to the Current CLI Session
Displaying a Log File
CLI and SNMP Audit Logging
Syslog Configuration Examples
Enabling a Server and Console Logging
Adjusting Settings to Allow for Logging at the Debug Level
Network Monitoring Configuration
Using Network Monitoring in Your Network
Network Monitoring Overview
Console/Telnet History Buffer
Network Diagnostics
Switch Connection Statistics
Users
RMON
SMON Priority and VLAN Statistics Counting
Configuring Network Monitoring
NetFlow Configuration
Using NetFlow in Your Network
Implementing NetFlow
Understanding Flows
Flow Expiration Criteria
Deriving Information from Collected Flows
Configuring NetFlow on the S- and K-Series
Extreme Networks S- and K-Series Implementation
Configuring the Active Flow Export Timer
Configuring the NetFlow Collector IP Address
Configuring the NetFlow Export Version
Configuring NetFlow Export Version Refresh
Configuring a NetFlow Port
Configuring the NetFlow Cache
Configuring Optional NetFlow Export Data
Displaying NetFlow Configuration and Statistics
Default NetFlow Settings for S- and K-Series Systems
Terms and Definitions
NetFlow Version 5 Record Format
NetFlow Version 9 Templates
Connectivity Fault Management Configuration
How to Use Connectivity Fault Management in Your Network
Connectivity Fault Management Overview
Maintenance Domain (MD)
Maintenance Association (MA)
Maintenance Point (MP)
Maintenance End-Point (MEP)
Maintenance Intermediate Point (MIP)
CFM Configuration Modes
Implementing Connectivity Fault Management
Configuring CFM at the Global System Level
CFM Logging Filtering
VLAN Table Configuration
Activating CFM Configuration
Configuring a Maintenance Domain (MD)
MD Configuration Modes
MD Naming Conventions
Setting SenderID TLV Permission
Enabling Maintenance Intermediate-Points (MIP)
Setting the MD Level
Changing the Maintenance Domain Name
Configuring a Maintenance Association (MA)
Accessing MA Configuration Mode
Enabling the Maintenance Association Configuration
Changing the Maintenance Association Name
Setting the Continuity Check Message (CCM) Interval
Configuring the Maintenance Association MEP List
Configuring the Maintenance Association Components
Setting the Maintenance Association VLAN Service
Enabling the Maintenance Association Component Configuration
Configuring a Maintenance End-Point (MEP)
Accessing MEP Configuration Mode
Configuring the MEP Bridge Port
Configuring the MEP VLAN
Configuring MEP Direction
Setting the Lowest Priority MEP Defect Alarm
Enabling MEP CCMs
Activating the MEP State Machine and the Remote MEP
Modifying the MEP CCM and Linktrace 802.1p Priority
Enabling the Maintenance End-point Configuration
CFM Loopback and Linktrace Protocols
The CFM Loopback Protocol
The CFM Linktrace Protocol
Configuring Connectivity Fault Management
Single MD Configuration Example
Configuring Device maCE1:1
Device maCE1:1 CLI Input
Configuring Device maCE1:2
Device maCE1:2 CLI Input
Configuring Device maCE1:3
Device maCE1:3 CLI Input
Configuring Switch 1
Switch 1 CLI Input
Configuring Device maCE2:1
Device maCE2:1 CLI Input
Configuring Device maCE2:2
Device maCE2:2 CLI Input
Configuring Device maCE2:3
Device maCE2:3 CLI Input
Configuring Switch 2
Switch 1 CLI Input
Multiple MD Configuration Example
Configuring CE Device 1
CE Device 1 CLI Input
Configuring CE Device 2
CE Device 2 CLI Input
Configuring CE Device 3
CE Device 3 CLI Input
Terms and Definitions
Virtual Routing and Forwarding (VRF) Configuration
Using VRF in Your Network
Implementing VRF
VRF Overview
VRFs, Interfaces, and IP Addresses
VRF and Static Route Next Hop Lookup (S-, K-Series)
VRF and Set Policy Next Hop Lookup (S-, K-Series)
VRFs With Overlapping IP Networks (S-Series)
Static NAT-Inside-VRF Configuration
Dynamic NAT-Inside-VRF Configuration
Server Load Balancing (SLB) Services Between VRFs (S-Series)
Forwarding Local UDP Broadcasts To A Different VRF (S-, K-Series)
Configuring VRF
Terms and Definitions
IP Routing Configuration
The Router
Entering Router Configuration
Display Router Configuration
The Routing Interface
IP Routing Addresses
IPv4 Interface Address
IPv4 Router Interface Configuration Example
IPv6 Interface Address
IPv6 Router Interface Configuration Examples
Secondary and Private VLAN
Private VLAN Configuration Example
Non-Forwarding IP Management Interfaces
Non-Forwarding IPv4 Management Interface Examples
Non-Forwarding IPv6 Management Interface Examples
Backward Compatibility Note (S-, K-Series)
Setting a Default Host Management IP Interface
Show Interface Examples
IP Static Routes
Traffic Forwarding IP Static Routes (S-, K-Series)
Traffic Forwarding IPv4 Static Route Examples
Traffic Non-Forwarding IP Static Routes
Traffic Non-Forwarding IP Static Route Examples
IPv6 Neighbor Discovery
Address Configuration Flag (S-, K-Series)
Reachable Time (S-, K-Series)
Other Configuration Flag (S-, K-Series)
Neighbor Solicitation Interval (S-, K-Series)
Router Advertisement Interval (S-, K-Series)
Router Lifetime Value(S-, K-Series)
Router Advertisement Maximum Transmission Unit (S-, K-Series)
Router Advertisement Hoplimit Suppression (S-, K-Series)
Router Advertisement Suppression (S-, K-Series)
Duplicate Address Detection
IPv6 Address Autoconfiguration
Binding an IPv6 Address to a MAC Hardware Address
IPv4 and IPv6 ICMP Configuration (S-, K-Series)
Configuring IPv6 Neighbor Discovery
The ARP Table
Gratuitous ARP
Proxy ARP
ARP/ND Proxy-All
Removing the Multicast ARP Restriction
ARP Configuration Examples
IP Broadcast (S-, K-Series)
Directed Broadcast
Directed Broadcast Configuration Example
UDP Broadcast Forwarding
UDP Broadcast Configuration Examples
DHCP and BOOTP Relay
DHCP Relay Agent Information Options
DHCP/BOOTP Relay Configuration Examples
Router Management and Information Display
IP Debug (S-, K-Series)
Terms and Definitions
Tunneling Configuration
How to Use Tunneling in Your Network
Implementing Tunneling
Tunneling Overview
Tunnel Source and Destination Reachability
Tunnel Interface
IP Address
Tunnel Mode
GRE Keepalive
GRE Keyword
Tunnel Probe
Type of Service (ToS)
Checkspoof
Access-Groups
Virtual Private Port Service
Virtual Private Port Service (VPPS) MTU Handling and Remote Mirroring
Source Address Only Configuration
Layer 2 Tunnel Bridge Port (Virtual Private Ethernet Service)
Split Horizon
VXLAN L2 and L3 Gateway
NetFlow Support for VXLAN-Encapsulated Packets
VXLAN Address Resolution/Neighbor Discovery Protocol (ARP/ND) Proxy
VXLAN Modes Overview
Static Configuration
Open Shortest Part First (OSPF) VNI and LTEP distribution
Tunneling in a NAT Context (S-Series)
Tunneling in a TWCB Context (S-Series)
Configuring Tunneling
Tunnel Configuration Example
Configuration Example Packet Transit Discussion
Configuration Example CLI Input
Terms and Definitions
Layer 3 Virtual Private Network (VPN) Configuration
How to Use Layer 3 VPN in Your Network
L3 VPN using L3 Tunnels or Native MPLS
L3 VPN over SPBV
Implementing Layer 3 VPN using L3 Tunneling
Implementing Layer 3 VPN using Native MPLS Tunneling
Implementing Layer 3 VPN over SPBV
Layer 3 VPN Overview
PE Router Overview
The Virtual Routing and Forwarding (VRF) Instance
The Global VRF
The Route Distinguisher (RD)
The Route Target
The L3 Tunnel
Native MPLS
L3 VPN Using Native MPLS LDP
MPLS LDP Label Advertisement Mode
MPLS LDP Label Retention Mode
MPLS LDP Label Distribution Control
The LDP LSR ID
MPLS LDP Graceful Restart
MPLS LDP Graceful Restart
Multi-protocol Internal BGP
MPLS Label Mode
LDP Label Allocation Filtering
Time-To-Live (TTL) Header Propagation
Configuring Layer 3 VPN
L3 VPN Using L3 Tunnels or Native MPLS Example Configuration
PE Router 1 (PE1)
CLI Input for PE1
PE Router 2 (PE2)
CLI Input for PE2
PE Router 3 (PE3)
CLI Input for PE3
L3 VPN Over SPBV Example Configuration
PE Router 1 (PE1)
CLI Input for PE1
PE Router 2 (PE2)
CLI Input for PE2
PE Router 3 (PE3)
CLI Input for PE3
Terms and Definitions
Routing Information Protocol (RIP) Configuration
Using RIP in Your Network
RIP Overview
Configuring RIP Authentication
Configuring RIP Offset
Configuring RIP
Terms and Definitions
Routing Information Protocol Next Generation (RIPng) Configuration
Using RIPng in Your Network
RIPng Configuration Overview
Configuring RIPng
Terms and Definitions
Open Shortest Path First (OSPFv2) Configuration
Using the OSPF Protocol in Your Network
Implementing OSPF
OSPF Overview
Configuring Basic OSPF Parameters
Configuring an IP Address
Configuring a Routing Instance
Configuring Networks
Basic OSPF Topology
Configuring the Router ID
Configuring the Designated Router
Configuring Router Priority
Configuring the Administrative Distance for OSPF Routes
Configuring OSPF Areas
Configuring Area Range
Configuring a Stub Area
Configuring a Not So Stubby Area (NSSA)
Configuring Area Virtual-Links
Configuring Route Redistribution
Filtering Routes from the OSPF Route Table
Configuring Passive Interfaces
Graceful Restart
Graceful Restart and High Availability (S-, 7100-Series)
Configuring Interface Cost
Configuring OSPF with Authentication at the Interface
Configuring Bidirectional Forwarding Detection (BFD) on Interfaces (S-, K-Series)
Configuring OSPF Timers
Configuring the PE-CE Protocol
The OSPF VRF Domain Tag
The OSPF VRF Domain ID
Redistribute BGP into OSPF (S-, 7100-Series)
OSPF Sham Link
Configuring OSPF
Default Settings
Open Shortest Path First Version 3 (OSPFv3) Configuration
Using the OSPFv3 Protocol in Your Network
OSPFv3 and OSPFv2 Differences
OSPFv3 and OSPFv2 Similarities
IPsec for OSPFv3
Implementing OSPFv3
OSPFv3 Configuration Overview
Configuring Basic OSPFv3 Parameters
Configuring a Routing Instance
The IPv6 Link-Local Address
Configuring OSPFv3 on the Routing Interface
Basic OSPF Topology
Example
Configuring the Router ID
Configuring the Designated Router
Configuring Router Priority
Example
Configuring the Administrative Distance for OSPF Routes
Configuring OSPFv3 Areas
Configuring Area Range
Example
Configuring a Stub Area
Example
Configuring a Not So Stubby Area (NSSA)
Example
Configuring Area Virtual-Links
Example
Configuring IPsec Authentication for OSPFv3
Configuring Route Redistribution
Filtering Routes from the OSPF Route Table
Configuring Passive Interfaces
Graceful Restart
Graceful Restart and High Availability (S-, 7100-Series)
Configuring Interface Cost
Configuring Bidirectional Forwarding Detection (BFD) on Interfaces (S-, K-Series)
Configuring OSPFv3 Timers
Configuring the PE-CE Protocol
The OSPF VRF Domain ID
Redistribute BGP into OSPF (S-, 7100-Series)
OSPF Sham Link
OSPFv3 Configuration Details
Default Settings
Intermediate System To Intermediate System (IS-IS) Configuration
Using IS-IS in Your Network
Implementing IS-IS
IS-IS Configuration Overview
Enabling IS-IS Globally
Enabling IS-IS on the Interface
Configuring a Network Entity Title (NET)
Configuring Administrative Distance
Configuring IS-IS Authentication
Configuring Multiple Parallel Routes
Enabling Route Summarization
Configuring Route Redistribution
Configuring IS-IS Timers
Configuring the TLV Metric Style
Configuring IS-IS Priority
Configuring the IS-IS Intermediate System as Overloaded
Configuring the IPv6 Unicast Address Family
Graceful Restart
Configuring IS-IS
Terms and Definitions
RADIUS-Snooping Configuration
Using RADIUS-Snooping in Your Network
Implementing RADIUS-Snooping
RADIUS-Snooping Overview
RADIUS-Snooping Configuration
MultiAuth Configuration
Enabling RADIUS-Snooping
Populating the RADIUS-Snooping Flow Table
Setting the RADIUS-Snooping Timeout
RADIUS-Snooping Management
RADIUS Session Attributes
Configuring RADIUS-Snooping
Configuring RADIUS-Snooping on the Distribution-Tier Switch
Managing RADIUS-Snooping
Displaying RADIUS-Snooping Statistics
RADIUS-Snooping Configuration Example
Configure the Distribution-tier Switch
Managing RADIUS-Snooping on the Distribution-tier Switch
Terms and Definitions
Border Gateway Protocol (BGP) Configuration
Using BGP in Your Network
Implementing BGP
BGP Overview
Injecting Routes Into BGP
Using Redistribution
Using the Network Command
Using AS-Path Regular Expressions
Route Selection Preference
Multi-Exit Discriminator (MED)
Route Aggregation
Source IP Address Update to the Peer
Scalability and the Peer Full Mesh Requirement
Confederations
Route Reflection
Outbound Route Filtering (ORF)
Conditional Advertisement
BGP Soft Reset
Internally Stored Route Reconfiguration
Route-Refresh
Tear Down the BGP Connection
Community and Extended Community Attributes
Community Attribute
Extended Community Attribute
Route Flap Dampening
Graceful Restart
Configuring BGP
Configuring Basic BGP Router Parameters
Configuring BGP Route Injection
Configuring External BGP Basic Peering
Configuring Internal BGP Basic Peering
Configuring Multihop EBGP Basic Peering
Configuring BGP Neighbor Parameters
Configuring Source IP Address Update
Configuring BGP Confederations
Configuring Route Reflection
Configuring Outbound Route Filtering (ORF)
Configuring Conditional Advertisement
Configuring BGP Soft Reset
Configuring Flap Dampening
Router 1
Router 2
Configuring Graceful Restart
BGP Monitoring and Clearing
Terms and Definitions
Network Address Translation (NAT) Configuration
Using Network Address Translation in Your Network
Implementing NAT
NAT Overview
NAT Binding
Static Address Translation
NAT Static Address Translation
NAPT Static Address Translation
Dynamic Address Translations
NAT Dynamic Address Translation
Client1 Walkthrough:
Client2 Walkthrough:
NAPT Dynamic Inside Address Translation
Stateful NAT Firewall
From Inside Network to Outside Network
From Outside Network to Inside Network
NAT Firewall Configuration Example
Cone NAT
Fullcone NAT
(Address) Restricted Cone NAT
Port Restricted Cone NAT
NAT Hairpinning
NAT Translation Protocol Rules
NAT Timeouts
DNS, FTP and ICMP Support
NAT DNS Packet Inspection and Fixup
Enabling NAT
Configuring NAT
Configuring Traditional NAT Static Inside Address Translation
Configuring Traditional NAT Dynamic Inside Address Translation
Managing a Traditional NAT Configuration
Displaying NAT Statistics
NAT Configuration Examples
IPv4 NAT Static Configuration Example
Enable NAT Inside and Outside Interfaces
Enable Static Translation of Inside Source Addresses
IPv6 NAT Static Configuration Example
Enable NAT Inside and Outside Interfaces
Create the Fullcone Access List
Enable Static Translation of Inside Source Addresses
NAT Dynamic Configuration Example
Enable NAT Inside and Outside Interfaces
Define Inside Address Access-Lists
Define Fullcone Access-Lists
Define the NAT Pools for Global Addresses
Enable Dynamic Translation of Inside Source Addresses
Terms and Definitions
Load Sharing Network Address Translation (LSNAT) Configuration
Using LSNAT on Your Network
Implementing LSNAT
LSNAT Overview
LSNAT IP Address Combination Support
IPv4 and IPv6 Address Type Configuration Differences
The Server Farm
Server Selection Process
Stickiness
The Real Server
Fail Detection
The Virtual Server
Configuring Direct Access to Real Servers
The Source NAT Pool
The FTP and TFTP Control Port
The Virtual Server, Virtual Port, and Real Server Port
Virtual Server Virtual Port
Real Server Port
Managing Connections and Statistics
Configuring UDP-One-Shot
Configuring LSNAT
Configuring an LSNAT Server Farm
Configuring an LSNAT Real Server
Configuring an LSNAT Virtual Server
Configuring Global Settings
Displaying LSNAT Configuration Information and Statistics
LSNAT Configuration Example
Configuring the serverFarmIPv6 Server Farm and Real Servers
serverFarmIPv6 Server Farm and Real Server CLI Input
Configuring virtualServerIPv6-80 and -25 Virtual Servers
IPv6 Virtual Server CLI Input
Configuring the serverFarmIPv4 Server Farm and Real Servers
serverFarmIPv4 Server Farm and Real Server CLI Input
Configuring virtualServerIPv4-80 and -25 Virtual Servers
IPv6 Virtual Server CLI Input
Terms and Definitions
Transparent Web Cache Balancing (TWCB) Configuration
Using Transparent Web Cache Balancing (TWCB) on Your Network
Implementing TWCB
TWCB Overview
The Server Farm
The Cache Server
Cache Server Weight
Fail Detection
The Web Cache
The Outbound Interface
The Switch and Router
The TWCB Binding
TWCB Source and Destination NAT
TWCB Destination NAT
TWCB Source NAT
Configuring TWCB
Configuring the Server Farm
Configuring the Cache Server
Configuring the Web Cache
Configuring the Outbound Interface
Displaying TWCB Statistics/Information
TWCB Configuration Example
The IPv6 Webcache and Server Farm
The IPv4 Webcache and Server Farm
Configure the s1IPv6Server Server Farm
Configure the s2IPv4Server Server Farm
Configure the cache1 Web Cache
Configure the cache2 Web Cache
Virtual Router Redundancy Protocol (VRRP) Configuration
Using VRRP in Your Network
Implementing VRRP in Your Network
VRRP Overview
Basic VRRP Topology
VRRP Virtual Router Creation
VRRP Master Election
Configuring a VRRP Critical-IP Address
Configuring VRRP Authentication
Enabling Master Preemption
Enabling Fabric Route Mode on the VRRP Backup Router
Enabling Fabric Route Host Mobility (S-, K-Series)
Enabling the VRRP Virtual Router
Configuring VRRP
VRRP Configuration Examples
Basic VRRP Configuration Example
Multiple Backup VRRP Configuration Example
Terms and Definitions
Security Configuration
Using Security Features in Your Network
MAC Locking
Secure Shell
TACACS+
Host Denial of Service (DoS)
Implementing Security
Security Overview
MAC Locking
Secure Shell
TACACS+
Session Authorization and Accounting
Per-Command Authorization and Accounting
Single TCP Connection for All TACACS+ Requests
Host DoS
Setting Logging Event Rates
Configuring Security
Configuring MAC Locking
MAC Locking Configuration Example
Configuring Secure Shell
SSH Configuration Example
Configuring TACACS+
TACACS+ Configuration Example
Configuring Host DoS
Host DoS Configuration Example
Flow Setup Throttling Configuration
Using Flow Setup Throttling in Your Network
Implementing Flow Setup Throttling
Flow Setup Throttling Overview
What is a Flow?
Where is Flow Setup Throttling Configured?
Determining a Port Classification Flow Baseline
Setting the Port Classification
Setting Flow Limits and Associated Actions
Flowlimit Action Precedence
Configuring Flow Setup Throttling
Flow Setup Throttling Configuration Example
Switch 1 Configuration
Single User PC Configuration
Wireless Access Point Configuration
Unspecified Port Configuration
Switch 1 Global Configuration
Switch 2 Chassis Configuration
Server Configuration
Inter-Switch Link Configuration
Switch 2 Global Configuration
Terms and Definitions
Route-Map Manager Configuration
Using Route-Map Manager in Your Network
Implementing Route-Maps
Implementing a Policy Based Route-Map
Implementing a Redistribution Route-Map
Implementing an OSPF Filter Route-Map
Implementing a BGP Route-Map (S-, 7100-Series)
Route-Map Manager Overview
Creating a Route-Map
Configuring Match and Set Clauses
Policy Based Set Clauses
Route-Map Probe
The Redistribution Match Clauses
The Redistribution Set Clause
Assigning a Policy Route-Map to an Interface
Configuring Route-Map Manager
Route-Map Manager Configuration Examples
Policy Based Route-Map Example
Redistribution Route-Map Example
BGP Route-Map Example (S-, 7100-Series)
Terms and Definitions
S- and K-Series L3 and L2 Access Control List Configuration
Using Access Control Lists (ACLs) in Your Network
Implementing ACLs
ACL Overview
L3 ACL Creation
L2 ACL Creation
Creating ACL Rules
L3 Standard ACL Rule Options
L3 Extended and Policy ACL Rule Protocols and Other Options
ACL Rule Logging and Comments
ACL Rule Creation
Managing ACL Rules
Deleting an ACL Rule
Moving an ACL Rule
Replacing an ACL Rule
Inserting an ACL Rule
Applying L3 and L2 ACLs
Applying L3 ACLs to a VRF
Permit Layer 4 Fragmented Packet Behavior
Configuring ACLs
Terms and Definitions
7100-Series Access Control List Configuration
Using Access Control Lists (ACLs) in Your Network
Implementing ACLs
ACL Overview
Creating an ACL
Creating ACL Rules
Managing ACL Rules
Deleting an ACL Rule
Moving an ACL Rule
Replacing an ACL Rule
Inserting an ACL Rule
Applying ACLs
Permit Layer 4 Fragmented Packet Behavior
Configuring ACLs
Terms and Definitions
Quality of Service (QoS) Configuration
Using Quality of Service in Your Network
Implementing Quality of Service
Quality of Service Overview
Flex-Edge (S-, K-Series)
Class of Service (CoS)
CoS Priority and ToS Rewrite
Preferential Queue Treatment for Packet Forwarding
Strict Priority Queuing
Low Latency Queuing
Weighted Fair Queuing
Hybrid Queuing
Enhanced Transmission Selection
Rate Limiting
Rate Shaping
Understanding QoS Configuration on the S- K- and 7100-Series
Determining CoS Port-Type
TxQ
IRL
ORL (S-, K-Series)
Flood Control
Configuring CoS Port Groups
Port-Groups: TxQ Configuration
Port-Groups: IRL Configuration
Port-Groups: ORL Configuration (S-, K-Series)
Port-Groups: Flood Control Configuration
Configuring CoS Port-Resource
CoS TxQ Port-Resource (Outbound Rate Shapers)
CoS IRL Port-Resource (Inbound Rate Limiter)
CoS ORL Port-Resource (Outbound Rate Limiter) (S-, K-Series)
CoS Flood Control Port-Resource (Flood Limiter)
Configuring CoS Reference Mapping
CoS TxQ Reference Mapping
CoS IRL Reference Mapping Table
CoS ORL Reference Mapping Table (S-, K-Series)
Configuring the CoS Index
Enabling CoS State
Displaying CoS Violations (S-, K-Series)
The QoS CLI Command Flow
QoS Configuration Example (S-, K-Series)
Setting the VoIP Core Policy Profile (Router 1)
Create a Policy Service
Create a Rate-limiter
Create Class of Service for VoIPEdge Policy
Create a Rule
Setting the VoIP Edge Policy Profile (Switch 1)
Create a Policy Service
Create a Rate-limiter
Create Class of Service for VoIPEdge Policy
Create a Rule
Setting the H.323 Call Setup Policy Profile
Create a Policy Service
Create a Rate-limiter
Create Class of Service for H323CallSetup Policy
Create a Traffic Classification Layer Rule
Applying Role and Associated Services to Network Nodes
Router 1
Switch 1
CLI Summaries for This QoS Configuration
Summary of Command Line Input for S- or K-Series Router 1
Summary of Command Line Input for S- or K-Series Switch 1
Terms and Definitions
Anti-Spoofing Configuration
Anti-Spoofing Feature Overview
DHCP Snooping
DHCP Snooping Port Mode
DHCP Snooping MAC Verification
Dynamic ARP Inspection (DAI)
IP Source Guard
Duplicate IP Address Detection
Populating the MAC-to-IP Binding Table
Bindings Created by DHCP Snooping
Bindings Created by DAI or IP Source Guard
Expiration of Bindings
Implementing Anti-Spoofing in Your Network
Using DHCP Snooping Only
Using DAI, IP Source Guard, and Duplicate IP Detection
Anti-Spoofing Configuration
Overview
Port Classes
Managing the Binding Database
Configuration Examples
Code Example
Authentication Configuration
Using Authentication in Your Network
Implementing User Authentication
Authentication Overview
Quarantine
IEEE 802.1x Using EAP
MAC-Based Authentication (MAC)
Port Web Authentication (PWA)
Convergence End Point (CEP)
Auto-Tracking
Multi-User And MultiAuth Authentication
Multi-User Authentication
MultiAuth Authentication
Remote Authentication Dial-In Service (RADIUS)
How RADIUS Data Is Used
The RADIUS Filter-ID
RADIUS Authentication Retransmission Algorithm
RADIUS Authentication Sticky Round Robin Maximum Sessions
RFC 3580
Policy Maptable Response
Configuring Authentication
Configuring Quarantine Agent
Configuring IEEE 802.1x
Configuring MAC-based Authentication
Configuring Port Web Authentication (PWA)
Optionally Enable Guest Network Privileges (S-, K-Series)
Configuring Convergence End Point (CEP)
Creating a CEP Detection Group
Setting MultiAuth Idle and Session Timeout for CEP
Configuring Auto-Tracking
Configuring MultiAuth Authentication
Setting MultiAuth Authentication Mode
Setting MultiAuth Authentication Precedence
Setting MultiAuth Authentication Port Properties
Setting MultiAuth Authentication Timers
Setting MultiAuth Authentication Traps
Setting the MultiAuth Re-Authentication Timeout Action
Displaying MultiAuth Configuration Information
Configuring VLAN Authorization
Configuring RADIUS
Configuring the Authentication Server
Configuring RADIUS Accounting
Authentication Configuration Example
Configuring the Quarantine Agent
Configuring the Auto-Tracking Agent
Setting MultiAuth Configuration On the Switch
Enabling RADIUS On the Switch
Creating RADIUS User Accounts On The Authentication Server
Configuring the Engineering Group 802.1x End-User Stations
Configuring the Engineering Group Siemens CEP Devices
Configuring the Printer Cluster for MAC-Based Authentication
Configuring the Public Area PWA Station
Terms and Definitions
IEEE 802.1x MACsec Authentication
MACsec Overview
System Requirements
Deployment Scenarios
Link Aggregation Control Protocol (LACP) over MACsec
Limitations
Uncontrolled Ports and Controlled Ports
MACsec Event Logging
Configuring IEEE 802.1x MACsec Authentication (S-, 7100-Series)
Setting MACsec Pre-Shared Keys (PSK) on Ports
Setting MACsec Access Control
Enabling MACsec Replay Protection
Setting MKA Lifetime
Enabling the MACsec Key Agreement Protocol (MKA)
Reinitializing Access Control Ports
OpenFlow
OpenFlow Overview
OpenFlow Limitations
General OpenFlow Limitations
OpenFlow Metric Limits
OpenFlow Mode Impact to Other Feature Limits
OpenFlow Packet Processing Limitations
OpenFlow Security
Generating Transport Layer Security (TLS) Private Keys
Transport Layer Security (TLS) Encryption Overview
Installing OVS-PKI
Establishing a Public Key Infrastructure
Creating a Controller Private Key and Certificate
Creating Switch's Private Key and Public Certificate
Configuring SSL/TLS Support
Certificate Revocation Checking Not Supported
Configuring OpenFlow
Glossary
A
B
C
D
E
F
G
H
I
J
L
M
N
O
P
Q
R
S
T
U
V
W
X
Configuring Device maCE2:1
To configure maCE2:1:
Enable CFM in global configuration mode
Limit logging to MA maCE2
Access MD mode for MD mdCE1 using the string-name naming convention
Set the MD level to 5
Enable the MD configuration
Access MA mode for MA maCE2 using the string-name naming convention
Use the default CCM message interval of 1 second (not configured)
Configure the MEP list for the two down MEPs: 201, 202, and 203
Enable the MA configuration
Access the MA-Comp mode for maCE2
Set VLAN 200 as the monitored service
Enable MA-Comp configuration for maCE2
Access MEP configuration for MEP 201
Set the MEP port to tg.1.4
Set the MEP VLAN to 200
Set the MEP direction to down (optional because down is the direction default)
Enable the sending of CCM messages for MEP 201
Set the remote MEP that CCM messages will be sent to 202 and 203
Activate the MEP state machines
Enable the MEP configuration