Вы находитесь на странице: 1из 459

RackSwitch G8124/G8124-E

Application Guide

RackSwitch ™ G8124/G8124-E Application Guide

RackSwitch G8124/G8124-E

Application Guide

RackSwitch ™ G8124/G8124-E Application Guide

Note: Before using this information and the product it supports, read the general information in the Safety information and Environmental Notices and User Guide documents on the IBM Documentation CD and the Warranty Information document that comes with the product.

First Edition (April 2012)

© Copyright IBM Corporation 2012 US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

Contents

. Who Should Use This Guide .

Preface

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

17

17

What You’ll Find in This Guide

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

17

Additional References.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

19

Typographic Conventions

.

.

.

.

.

.

.

.

.

.

.

20

How to Get Help .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

21

Part 1:. Getting Started.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

23

Chapter 1. Switch Administration

.

Administration Interfaces

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

25

26

. Command Line Interface .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

26

Browser-Based Interface .

.

.

.

.

.

.

.

.

.

.

.

26

Establishing a Connection .

.

.

.

.

.

.

.

.

.

.

.

27

Using the Switch Management Ports

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

27

Using the Switch Data Ports.

. Using Secure Shell .

Using Telnet

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

29

30

30

. Using a Web Browser .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

31

Using Simple Network Management Protocol .

.

.

.

.

.

.

.

.

.

.

.

34

BOOTP/DHCP Client IP Address Services.

. Global BOOTP Relay Agent Configuration .

. Domain-Specific BOOTP Relay Agent Configuration .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

35

35

36

DHCP Option 82 .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

36

DHCP Snooping .

.

.

.

.

.

.

.

.

.

.

.

37

Switch Login Levels

Setup vs. the Command Line .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

38

39

Chapter 2. Initial Setup.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

41

Information Needed for Setup.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

41

Default Setup

. Setup Part 1: Basic System Configuration .

.

. Stopping and Restarting Setup Manually

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

42

42

43

Setup Part 2: Port Configuration.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

45

Setup Part 3: VLANs .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

46

Setup Part 4: IP Configuration

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

47

IP Interfaces .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

47

Loopback Interfaces.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

48

Default Gateways .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

49

IP Routing.

. Setup Part 5: Final Steps

.

. Optional Setup for Telnet Support .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

50

51

52

Chapter 3. Switch Software Management .

.

.

.

.

.

.

.

.

.

.

.

.

.

53

Loading New Software to Your Switch

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

54

Loading Software via the IBM N/OS CLI .

.

.

.

.

.

.

.

.

.

.

.

.

.

54

Loading Software via the ISCLI

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

55

Loading Software via BBI.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

56

The Boot Management Menu .

.

.

.

.

.

.

.

.

.

.

.

57

Part 2:. Securing the Switch

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

61

Chapter 4. Securing Administration .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

63

Secure Shell and Secure Copy .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

64

Configuring SSH/SCP Features on the Switch

.

.

.

.

.

.

.

.

.

.

.

.

.

64

Configuring the SCP Administrator Password.

.

.

.

.

.

.

.

.

.

65

Using SSH and SCP Client Commands .

.

.

.

.

.

.

.

.

.

.

.

.

.

65

SSH and SCP Encryption of Management Messages

.

.

.

.

.

.

.

.

67

. SSH/SCP Integration with Radius Authentication

Generating RSA Host Key for SSH Access

. SSH/SCP Integration with TACACS+ Authentication .

SecurID Support .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

67

67

67

68

. End User Access Control .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

69

Considerations for Configuring End User Accounts

.

.

.

.

.

.

.

.

.

69

Strong Passwords

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

69

User Access Control

.

.

.

.

.

.

.

.

.

70

Listing Current Users

Logging into an End User Account .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

70

71

Chapter 5. Authentication & Authorization Protocols .

.

.

.

.

.

.

.

.

73

RADIUS Authentication and Authorization.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

74

How RADIUS Authentication Works

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

74

Configuring RADIUS on the Switch.

.

.

.

.

.

.

.

.

.

74

RADIUS Authentication Features in IBM N/OS .

.

.

.

.

.

.

.

.

.

.

75

Switch User Accounts

.

.

.

.

.

.

.

.

.

.

.

.

.

.

76

RADIUS Attributes for IBM N/OS User Privileges

TACACS+ Authentication

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

76

77

How TACACS+ Authentication Works.

.

.

.

.

.

.

.

.

.

77

TACACS+ Authentication Features in IBM N/OS

.

.

.

.

.

.

.

.

.

.

77

Command Authorization and Logging .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

79

Configuring TACACS+ Authentication on the Switch .

.

.

.

.

.

.

.

.

79

LDAP Authentication and Authorization.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

81

Chapter 6. Access Control Lists.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

83

Summary of Packet Classifiers .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

84

Summary of ACL Actions .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

86

Assigning Individual ACLs to a Port .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

86

ACL Order of Precedence .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

87

ACL Metering and Re-Marking .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

87

ACL Port Mirroring

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

88

Viewing ACL Statistics .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

88

ACL Logging

. Enabling ACL Logging.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

88

89

Logged Information .

.

.

.

.

.

.

.

.

.

89

Rate Limiting Behavior

.

.

.

.

.

.

.

.

.

89

Log Interval

ACL Logging Limitations .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

90

90

ACL Configuration Examples.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

91

. Using Storm Control Filters

.

VLAN Maps

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

93

95

Part 3:. Switch Basics .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

97

Chapter 7. VLANs .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

99

VLANs

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

99

VLANs and Port VLAN ID Numbers

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

99

VLAN Numbers

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

99

PVID Numbers .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.100

VLAN Tagging

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.101

VLAN Topologies and Design Considerations

.

.

.

.

.

.

.

.

.

.

.

.

.105

Multiple VLANs with Tagging Adapters

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.105

VLAN Configuration Example .

.

.

Private VLANs

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.107

.108

Private VLAN Ports .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.108

Configuration Guidelines .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.109

Configuration Example .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.109

Chapter 8. Ports and Trunking

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.111

Trunking Overview .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.112

Static Trunks

Static Trunk Requirements .

.

.

.

.

.

.